Authors: Rohan Sinha and Stefan Talmon Published: 24 October 2024
In 2013, a new term entered German political discourse – ‘Völkerrecht des Netzes’, a term translated into English in official documents as ‘International Network Law’. Political parties expressed their wish for or their commitment to an ‘international network law’, and politicians vowed to work for an ‘international network law’. A translation better capturing the meaning of the term would have been ‘International Law of the Internet’ or ‘International Internet Law’ as the idea behind the term was that international law should be used to regulate the Internet, to protect the human rights and fundamental freedoms of citizens in the digital world and to augment opportunities for democratic participation in the global communications network. This led Germany, together with Brazil, to table a draft resolution at the UN General Assembly in December 2013 on ‘The right to privacy in the digital age’. The resolution, which was adopted unanimously, affirmed for the first time that ‘the same rights that people have offline must also be protected online, including the right to privacy.’
In August 2014, the Federal Government published its ‘Digital Agenda’ for the years 2014 to 2017. This document set out the guiding principles of Germany’s digital policy. Under the subject heading ‘Developing “international network law” and the protection of human rights’, the Federal Government stated:
We want to establish clarity about the applicable ‘international network law’ to protect the prevailing fundamental rights and civil liberties in the digital world and augment opportunities for democratic participation in the global communications network. The right to privacy, freedom of information and free speech must also be enforced in the digital age. To this end, we are embarking on a multi-stage process to create recommendations for elements of an ‘international network law’.
In its 2017 report to parliament on the Digital Agenda 2014-2017, the Federal Government did not address the question of the ‘international network law’. But the term did not disappear from political discourse and was included, for example, in the new coalition agreement between the political parties forming the federal government for the 2021-2025 term, where it was stated: ‘We want an international network law.’ The term, however, was never clarified, which triggered a parliamentary interpellation on the meaning of ‘international network law’. In its answers, the Federal Government touched upon various aspects of international law in the digital age.
In response to the question of what it actually meant by the term ‘international network law’ the Federal Government stated:
In the opinion of the Federal Government, ‘international network law’ is a non-technical collective and umbrella term for a large number of international legal rules with relevance for and applicability to cyber issues that are already part of the existing international legal order.
The term ‘international network law’ refers to the entirety of international legal rules and legal principles that establish rights and obligations for subjects of international law in and in relation to cyberspace. In the opinion of the Federal Government, this includes both general provisions of international law that also apply, but do not apply exclusively to cyber issues (for example, fundamental provisions of the Charter of the United Nations, UN), as well as ‘cyber-specific’ international legal provisions, such as the Council of Europe Convention on Cybercrime of 23 November 2001, the so-called Budapest Convention.
Rules and standards that do not form part of the traditional sources of international law are also closely linked to ‘international network law’. These include, inter alia, non-legally binding norms of responsible State behaviour [in cyberspace], such as those developed by the UN working groups on cyber and security (‘Group of Governmental Experts on Advancing responsible State behaviour in cyberspace in the context of international security’ – GGE, and the ‘Open-ended Working Group on developments in the field of information and telecommunications in the context of international security’ – OEWG).
For the Federal Government, there was a need for international regulation of the Internet and cyberspace more generally, but not for a special ‘international network law’. The Government stated:
International interconnectivity in cyberspace is greater than in any other area of society: the close cross-border interweaving of networks, technologies and cyber processes has brought societies and individuals from all over the world closer together and opened up new opportunities for cooperation. At the same time, the state and society are increasingly dependent on the functioning of IT infrastructure. This also entails risks. In the Federal Government’s view, international law as a legally binding normative framework for the behaviour of States and other subjects of international law is essential in order to balance and regulate the opportunities and risks of cyberspace as a global phenomenon for the benefit of all.
International law was described as a means to protect the ‘integrity of the Internet’ and the rights of individuals online. The Federal Government stated:
Rules of international law establish rights and obligations of States and other subjects of international law with regard to cyberspace. They prohibit the use of cyber capabilities to attack the cyber infrastructure and cyber processes of foreign States, as well as their non-cyber-related goods, if this violates the sovereignty of a foreign State, forcibly intervenes in the internal affairs (‘domaine réservé’) of a foreign State (prohibition of intervention) or violates the prohibition of the use of force under international law. In addition, international law protects the integrity of the Internet and cyberspace in that an international instrument such as the Budapest Convention provides for criminal measures to combat acts against the confidentiality, integrity and availability of computer systems, networks and computer data, as well as the misuse of such systems, networks and data.
Although the Federal Government was of the view that legal regulation and protection of the Internet in general were necessary, it did not call for comprehensive regulation of cyberspace at the level of international law or a special ‘international network law’ because cyberspace was not a lawless space, but rather was governed by existing international legal rules, for example, the principle of State sovereignty, the prohibition of intervention and the prohibition of the use of force, as well as important rules of international humanitarian law.
The Federal Government attached particular importance to the fact that human rights also applied in cyberspace, stating:
The human rights enshrined in various international treaties and customary international law must be guaranteed both online and offline. They protect individuals in relation to their participation in the Internet and their actions in cyberspace, but they also protect them from cyber-based attacks. International guarantees of freedom of expression, such as those found in Article 19(2) of the International Covenant on Civil and Political Rights (ICCPR) or Article 10 of the European Convention on Human Rights (ECHR), are central to the freedom of Internet communication. Article 19(2) ICCPR expressly refers to everyone’s right to freedom of expression ‘through […] media of his choice.’ Both Article 19(2) ICCPR and Article 10 ECHR protect (active) expressions of opinion on the Internet, including uploading of Internet content, as well as the (passive) reception of content via the Internet. On the other hand, there is the right to privacy, enshrined in particular in Article 17 ICCPR and Article 8 ECHR. One of the things protected here is private communication. State control over private Internet use and its content can therefore constitute an invasion of privacy. In addition, other human rights guarantees may also apply to cyber issues.
Because of the application of human rights law to the Internet, the Federal Government opposed unjustified Internet blockages or ‘shutdowns’, especially when they were intended to impair legitimate work of political groups in a State or intimidate individual Internet users.
The Federal Government recognised that digitalisation had an effect on existing international law and required its application to new facts and interpretation in light of the special features of cyberspace. The Government stated:
Digitalisation (like other recent social developments) is a pre-legal, factual social process that, as such, cannot change existing international law and its basic structures or influence its normative nature. Nevertheless, digitalisation creates the need to apply existing international law to new situations in the cyber context and to interpret existing international law provisions in light of the special features of cyberspace (high degree of cross-border interdependence, immateriality of cyber processes, anonymity, etc.).
In addition to customary international law and general principles, according to the Federal Government, major international treaties such as the UN Charter, international human rights treaties or the Geneva Conventions on international humanitarian law were applicable both offline and online. Although these treaties predated the spread of digital technologies, questions relating to their application to cyber issues could generally be answered using the established methods of treaty interpretation codified in Articles 31 et seq. of the Vienna Convention on the Law of Treaties. From the Federal Government’s point of view, there was thus no need for a comprehensive, systematic adaptation of existing international treaties in light of the factual peculiarities of cyberspace.
Against this background it is not surprising that the Federal Government rejected the idea of a new comprehensive convention on cyberspace as favoured, for example, by Russia and China. The Federal Government stated:
The Federal Government is not pursuing the idea of a self-contained, comprehensive international treaty to regulate cyberspace or digitalisation. This would give the impression that cyberspace is unregulated. The latter is not the case, as existing international law also applies to cyberspace.
In the Federal Government’s opinion, [calls for the adoption of a comprehensive, new international convention to regulate cyberspace] are based on various motives, including the desire not to align actions in cyberspace with legally binding rules of conduct.
Notwithstanding its opposition to a comprehensive convention on cyberspace, the Federal Government acknowledged that in certain areas, such as cybercrime, artificial intelligence and specific risks to human rights, the rule of law and democracy, there was room for new regulation and special binding international legal instruments. In addition, the Federal Government stated that it was committed to further develop at the United Nations the non-legally binding norms of responsible state behaviour in cyberspace.
The Federal Government’s understanding of ‘international network law’ was informed by the principle of State sovereignty and, in particular, its element of territorial sovereignty; the Internet was not to be considered a ‘global public good’ but a network with territorial roots and limits. The Government stated:
The Federal Government does not use the term ‘global public good’ to describe the Internet in terms of international law. The Federal Government shares the view …. that granting the Internet a special status under international law in the sense of a ‘global commons’ could disregard the physical origin and thus the territorial roots of cyberspace and its components (in particular persons who carry out cyber activities, hardware located on the territory of a State that is used for certain data processing operations etc.). The assumption of such a special status for the Internet could therefore conflict with core rules of international law such as the principle of territorial sovereignty.
For the Federal Government cyberspace is not an extraterritorial space. On the contrary, ‘international network law’ is based on territoriality. The Federal Government explained:
International law, with its rules on the establishment and delimitation of territorial sovereignty or jurisdiction, governs the exercise of a State’s sovereign powers with respect to cyberspace.
The Federal Government believes that the principle of territoriality, which is central to the current international legal order, also plays an important role in the cyber context. Since all cyber activities can ultimately be traced back to the actions of people using physical infrastructure, cyberspace is not a ‘deterritorialised’ space. Among other things, the Federal Government believes that there are no independent ‘cyber borders’ under international law that differ from the physical borders of a State and that would restrict or disregard the territorial scope of State sovereignty.
State sovereignty serves a twofold purpose: it allows States to regulate cyber-activities linked to their territory, and it protects State against malicious cyber-activities by other States. With regard to the former, the Federal Government stated:
The principle of State sovereignty under international law applies to the activities of States in cyberspace. State sovereignty means, inter alia, that a State has the right to legislate, enforce and adjudicate (jurisdiction) both with regard to persons involved in cyber activities and with regard to the cyber infrastructure in its territory (and under certain circumstances beyond). This right is limited only by the relevant rules of international law, including international humanitarian law and international human rights law.
States, by virtue of their sovereignty, exercise jurisdiction over the physical or physically-related components and activities in cyberspace (e.g. hardware on which Internet content is stored, nodes through which electrical impulses ‘transporting’ certain Internet content pass) as well as over persons involved in cyber operations. From an international law perspective, the starting point is the rules on territorial sovereignty or so-called jurisdiction (jurisdiction to prescribe, jurisdiction to enforce and jurisdiction to adjudicate in relation to a particular matter).
It is the task of the State authorities to ensure that non-State entities and persons who are active on the Internet or who provide technology and/or content also act in accordance with the legal provisions applicable to them.
The Federal Government recognised, however, that cyberspace is characterised by a particularly high degree of cross-border interdependency between infrastructure and communication processes. This could make it difficult to delimit the jurisdiction of individual States in relation to cyber processes. In any case, the delimitation of State jurisdiction depended on the circumstances in each particular case.
State sovereignty also operates as a shield against malicious cyber activities by other States. The Federal Government stated:
State sovereignty in cyberspace also means, among other things, that the political independence of a State and its territory are protected against attacks by other States (using cyber means). The Federal Government is of the opinion that cyber operations attributable to States that violate the sovereignty of another State are contrary to international law.
The Federal Government monitors cyber operations directed against Germany or German interests as well as against other States and, if appropriate, examines whether they constitute a violation of the principle of sovereignty under international law (or other applicable rules of international law). The Federal Government reserves the right to respond to cyber operations that violate international law in accordance with the relevant rules of international law (e.g. the right to take countermeasures, right of self-defence).
In principle, the Federal Government believes that cyber operations by States [such as offensive hacking] can violate the principle of sovereignty under international law, for example if they have significant physical effects and cause damage in the territory of another State or significant functional disruptions of cyber infrastructures located in the territory of another State. Cyber operations can also violate the prohibition of intervention under customary international law as well as Article 2(1) of the United Nations Charter, which prohibits coercive interference in the internal affairs (so-called ‘domaine réservé’) of another State.
As becomes clear from the answer of the Federal Government, the term ‘international network law’ is not a legal term of art but a slogan in German political discourse. The term mainly featured in political programmes and domestic political speeches. The term expresses a desire for international legal regulation of the internet. International law is seen as a panacea to protect human rights and fundamental freedoms, democracy and the rule of law also in the digital world. It is yet another aspect of the German aspiration to juridify and constitutionalise international relations. Thus, it comes as no surprise that German legal academia was already considering the next step: ‘From international network law to a Constitution of the Internet’.
The term ‘international network law’ did not gain any traction at the international level or in international legal discourse. It did not even feature in the Federal Government’s very own Position Paper ‘On the Application of International Law in Cyberspace’, a 17-page long paper that constituted Germany’s contribution to the on-going international ‘discussion on the modalities of application of international law in the cyber context.’ This is not surprising, is the term but a non-technical and umbrella term, a catch-all phrase covering all rules and principles applicable in relation to cyberspace. While the term itself is thus of not much interest, the same is not true for the Federal Government’s answers to the parliamentary interpellation on the meaning of the ‘international network law’. In several areas, such as human rights, the answers provided go beyond the scope of the Position Paper and may thus be regarded as a useful complement to that document.
Category: Territorial sovereignty
DOI: 10.17176/20241025-010134-0
