Disinformation Operations Aimed at (Democratic) Elections in the Context of Public International Law: The Conduct of the Internet Research Agency During the 2016 US Presidential Election

Richard Gunther, Paul A. Beck, and Erik C. Nisbet, “Fake News May Have Contributed to Trump's 2016 Victory” (study, Ohio State University, 2018), accessed February 5, 2019, https://www.documentcloud.org/documents/4429952-Fake-News-May-Have-Contributed-to-Trump-s-2016.html.

See e.g. Nils, Melzer, Cyberwarfare and International Law. Geneva: United Nations Institute for Disarmament Research (UNIDIR), 2011; Ugo Pagallo, “Cyber Force and the Role of Sovereign States in Informational Warfare,” Philosophy & Technology 28, no. 3 (2015); Michael N. Schmitt, “Classification of Cyber Conflict,” Journal of Conflict & Security Law 17, no. 2 (2012); Scott J. Shackelford, Scott Russell, and Andreas Kuehn. “Unpacking the International Law on Cybersecurity Due Diligence: Lessons from the Public and Private Sectors,” Chicago Journal of International Law 17, no. 1 (2016).

Jens D. Ohlin, “Did Russian Cyber Interference in the 2016 Election Violate International Law?” Texas Law Review 95 (2017); Jacqueline Van De Velde, “The Law of Cyber Interference in Elections” (paper, Yale Law School, 2017), accessed January 19, 2019, https://law.yale.edu/system/files/area/center/global; Michael N. Schmitt, ”Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018); Duncan Hollis, “The Influence of War; The War of Influence,” Temple Journal of International & Comparative Law 32 (2018); Barrie Sander, “Democracy Under the Influence: Paradigms of State Responsibility for Cyber Influence Operations on Elections,” Chinese Journal of International Law 18 (2019).

Isabelle Hansen and Darren J. Lim, “Doxing Democracy: Influencing Elections Via Cyber Voter Interference,” Contemporary Politics (2018): Doi: 10.1080/13569775.2018.1493629; Ido Kilovaty, “Doxfare: Politically Motivated Leaks and the Future of the Norm on Non-Intervention in the Era of Weaponized Information,” Harvard national Security Journal 9 (2018).

Ashley in his article argues that disinformation operations such as those aimed at the 2016 US presidential election under the current legal framework, escape the reach of existing international law. According to Ashley, therefore, a multilateral treaty is needed to address the limits of acceptable State behavior on social media, when the use is intended to influence foreign populations. See Nicolas C. Ashley, “Taming the Trolls: The Need for an International Legal Framework to Regulate State Use of Disinformation on Social Media,” The Goergtown Law Journal Online 107 (2018).

Duncan Hollis, “The Influence of War; The War of Influence,” Temple Journal of International & Comparative Law 32 (2018); Ashley, “Taming the Trolls: The Need for an International Legal Framework to Regulate State Use of Disinformation on Social Media,” The Georgetown Law Journal Online 107 (2018); Barrie Sander, “Democracy Under the Influence: Paradigms of State Responsibility for Cyber Influence Operations on Elections,” Chinese Journal of International Law 18 (2019).

“Cyber space” can be defined as “[t]he environment formed by physical and non-physical components to store, modify, and exchange data using computer networks.^[8] It is all of the computer networks in the world and everything they connect and control. It is not just the Internet.” See John J. Chung, “Nation-States and Their Operations in Planting of Malware in Other Countries: Is it Legal Under International Law,” University of Pittsburgh Law Review 80 (2018): 41.

“Information space” can be defined as “[t]he sphere of activity connected with the formation, creation, conversion, transfer, use, and storage of information and which has an effect on individual and social consciousness, the information infrastructure, and information itself.” See Daniel Ventre, Information Warfare, 2nd ed. (London: UK ISTE Ltd, and John Wiley & Sons, 2016): 278.

The “information space,” “cyberspace,” and the “electromagnetic (EM) domain” are embedded in the “information environment.” See Daniel Ventre, Information Warfare, 2nd ed. (London: UK ISTE Ltd, and John Wiley & Sons, 2016): 262.

The “information environment” can be defined as “the aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on information. This environment consists of three interrelated dimensions, which continuously interact with individuals, organizations, and systems. These dimensions are known as physical, informational, and cognitive. The physical dimension is composed of command and control systems, key decision makers, and supporting infrastructure that enable individuals and organizations to create effects. The informational dimension specifies where and how information is collected, processed, stored, disseminated, and protected. The cognitive dimension encompasses the minds of those who transmit, receive, and respond to or act on information.” See Joint Chiefs of Staff, Information Operations, JP 3–13 (20 November 2014): ix–x, accessed January 13, 2019, https://www.hsdl.org/?abstract&did=759867.

In general, an “information operation” can be considered as “the employment of information-related capabilities where the primary purpose is to achieve objectives in or through the information environment.” Definition adapted from: NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 564; Joint Chiefs of Staff, Information Operations, JP 3–13, (November 20, 2014): ix, accessed January 13, 2019, https://www.hsdl.org/?abstract&did=759867.

Information operations are situated in the information space in general and borrow from cyberspace. Cyberspace (e.g. social media) presents a force multiplier for information operations, amplifying messages or narratives. See Lawrence T. Greenberg, Seymour E. Goodman, and Kevin J. Soo Hoo, Information Warfare and International Law (Washington, DC: National Defense University Press, 1998): 20.

Ido Kilovaty, “Doxfare: Politically Motivated Leaks and the Future of the Norm on Non-Intervention in the Era of Weaponized Information,” Harvard National Security Journal 9 (2018): 152–155; Jacqueline Van De Velde, “The Law of Cyber Interference in Elections” (paper, Yale Law School, 2017), 17–21, accessed January 19, 2019, https://law.yale.edu/system/files/area/center/global/document/van_de_velde_cyber_interference_in_elections_06.14.2017.pdf.

For another useful typology, see Barrie Sander, “Democracy Under the Influence: Paradigms of State Responsibility for Cyber Influence Operations on Elections,” Chinese Journal of International Law 18 (2019): paras. 8–26 (distinguishing between “cyber tampering operations” [tampering with voting machines, tampering with voter registration] and “cyber influence operations” [doxing operations and information operations including disinformation operations].

According to Hollis, an “influence operation” is the “deployment of resources for cognitive ends that foster or change a target audience's behaviour.” See Duncan Hollis, “The Influence of War; The War of Influence,” Temple Journal of International & Comparative Law 32 (2018): 36.

Isabelle Hansen and Darren J. Lim, “Doxing Democracy: Influencing Elections Via Cyber Voter Interference,” Contemporary Politics (2018): 3, Doi: 10.1080/13569775.2018.1493629.

Information, whether true or false, is used to influence sovereign citizens to function differently. The goal is to influence the consciousness of the masses and thus steer public opinion and/or State politics. As a result this may damage the State and its apparatus. Furthermore, it is the public apparatus that is being targeted rather than privately owned targets. Thus such operations are highly politically motivated. See Jacqueline Van De Velde, “The Law of Cyber Interference in Elections” (paper, Yale Law School, 2017), 8, accessed January 19, 2019, https://law.yale.edu/system/files/area/center/global/document/van_de_velde_cyber_interference_in_elections_06.14.2017.pdf.

Jacqueline Van De Velde, “The Law of Cyber Interference in Elections” (paper, Yale Law School, 2017), 28, accessed January 19, 2019, https://law.yale.edu/system/files/area/center/global/document/van_de_velde_cyber_interference_in_elections_06.14.2017.pdf.

A “doxing operation” is the selective dissemination of true but confidential information. States may choose to spread non-public information that is verifiable with the aim to influence public opinion, establish political pressure and therefore influence internal or external affairs and political processes of another State. The information might have been gathered as intelligence, stolen by a hack, or obtained in some other way. Such information operations are usually carried out in two steps. First, the intruder hacks into the computer system. This also constitutes a widely used technique of modern espionage. Second, the actor behind the data breach leaks that data, often in bulk and to a platform that hosts theses documents. This leak is the unusual part for a State's foreign policy choice and makes doxing much more hostile than simple cyber espionage. See Isabelle Hansen and Darren J. Lim, “Doxing Democracy: Influencing Elections Via Cyber Voter Interference,” Contemporary Politics (2018): 2–4, Doi: 10.1080/13569775.2018.1493629.

“Cyber espionage” can be defined as: “a cyber operation to obtain unauthorized access to sensitive information through covert means.” See The EastWest Institute, Critical Terminology Foundations 2: The Russia–U.S. Bilateral on Cybersecurity, eds. James B. Goodwin III et al. (New York, NY: The EastWest Institute, 2014): 40.

A “propaganda operation” is the selective dissemination of normative arguments. Propaganda operations aim to transport certain ideas or values but may be biased, one sided or even false. Propaganda rarely tells the whole truth and often involves a certain degree of censorship. See Jacqueline Van De Velde, “The Law of Cyber Interference in Elections” (paper, Yale Law School, 2017), 20–21, accessed January 19, 2019, https://law.yale.edu/system/files/area/center/global/document/van_de_velde_cyber_interference_in_elections_06.14.2017.pdf; Philip M. Taylor, Munition of the Mind: A History of Propaganda (Manchester University Press, 2003): 10.

Furthermore, para. 2(c) of the Joint Declaration on Freedom of Expression and Fake News, Disinformation and Propaganda distinguishes between the practice of States spreading “disinformation,” namely “statements which they know or reasonably should know to be false,” and “propaganda,” namely “statements which […] demonstrate a reckless disregard for verifiable information.” See Joint Declaration on Freedom of Expression and “Fake News,” Disinformation and Propaganda. The United Nations (UN) Special Rapporteur on Freedom of Opinion and Expression, the Organization for Security and Co-operation in Europe (OSCE) Representative on Freedom of the Media, the Organization of American States (OAS) Special Rapporteur on Freedom of Expression and the African Commission on Human and Peoples’ Rights (ACHPR) Special Rapporteur on Freedom of Expression and Access to Information (March 3, 2017).

Today, there also exists the term of “computational propaganda” (also known as digital or online propaganda). See Samuel C. Woolley and Philip N. Howard, “Political Communication, Computational Propaganda, and Autonomous Agents,” International Journal of Communication 10 (2016): 4886. See also Sergey Sanovich, “Computational Propaganda in Russia: The Origins of Digital Misinformation” (working paper no. 2017.3, Oxford Internet Institute, Oxford University, Oxford, 2017), accessed February 27, 2019, http://comprop.oii.ox.ac.uk/wp-content/uploads/sites/89/2017/06/Comprop-Russia.pdf.

Government-funded Russian media outlets (in particular RT and Sputnik) conducted such propaganda during the 2016 presidential election. See Marle Baezner and Patrice Robin, “Hotspot Analysis: Cyber and Information Warfare in Elections in Europe” (Center for Security Studies [CSS], ETH Zurich, Zurich, 2017): 10; Office of the Director of National Intelligence (ODNI), Assessing Russian Activities and Intentions in Recent US Elections, ICA 2017-01D (January 6, 2017): 3–4, accessed January 30, 2019, https://www.dni.gov/files/documents/ICA_2017_01.pdf; Jolanta Darczewska et al., “Russian Analytical Digest,” Center for Security Studies (CSS), ETH Zurich, Zurich, 2017: 7.

Jacqueline Van De Velde, “The Law of Cyber Interference in Elections” (paper, Yale Law School, 2017), 19, accessed January 19, 2019, https://law.yale.edu/system/files/area/center/global/document/van_de_velde_cyber_interference_in_elections_06.14.2017.pdf.

Don Fallis, “What is Disinformation,” Library Trends 63, no. 3 (2015): 406, 413.

Ibid ., 415.

“Misinformation” involves wrongful or bad informing. The truth is not communicated accurately and false information is shared. However, this is not done intentionally. See Adeno Addis, “International Propaganda and Developing Countries,” Vanderbilt Journal of Transnational Law 21 (1988): 510; Edson C. Tandoc Jr., Zheng Wei Lim, and Richard Ling, “Defining Fake News,” Digital Journalism 6, no. 2 (2018): 140.

The term “fake news” is not a new term nor is it a new phenomenon. It has a long legacy but only recently developed to such a buzzword through mainstream media and lawmakers’ attention. See Tarlach McGonagle, “Fake News: False Fears or Real Concerns?” Netherlands Quarterly of Human Rights 35, no. 4 (2017): 206.

Disinformation and fake news are often used interchangeably. However, the term fake news is both inadequate and misleading in this context. Inadequate for two reasons: first, because disinformation operations typically involve content that is not completely “fake” but “fabricated information blended with facts”; and second, because disinformation operations often entail practices that extend beyond anything resembling “news” including “automated accounts used for astroturfing, networks of fake followers, fabricated or manipulated videos, targeted advertising, organized trolling, [and] visual memes.” Misleading, because the term “fake news” has been appropriated by certain politicians and their supporters to dismiss media coverage with which they disagree and undermine press freedom. See Rep. of the independent High Level Group on fake news and online disinformation, A Multi-dimensional Approach to Disinformation, European Commission, March, 2018, 10, doi: 10.2759/739290.

See, for instance, Joint Declaration on Freedom of Expression and “Fake News,” Disinformation and Propaganda, The United Nations (UN) Special Rapporteur on Freedom of Opinion and Expression, the Organization for Security and Co-operation in Europe (OSCE) Representative on Freedom of the Media, the Organization of American States (OAS) Special Rapporteur on Freedom of Expression and the African Commission on Human and Peoples’ Rights (ACHPR) Special Rapporteur on Freedom of Expression and Access to Information (March 3, 2017); Volker Barth and Michael Homberg, “Geschichte und Theorie falscher Nachrichten,” Geschichte und Gesellschaft 44 (2018): 619; David Lazer et al., “The Science of Fake News: Addressing Fake News Requires a Multidisciplinary Effort,” Science 359, March 8, 2018, 2.

Jacqueline Van De Velde, “The Law of Cyber Interference in Elections” (paper, Yale Law School, 2017), 20, accessed January 19, 2019, https://law.yale.edu/system/files/area/center/global/document/van_de_velde_cyber_interference_in_elections_06.14.2017.pdf; Isabelle Hansen and Darren J. Lim, “Doxing Democracy: Influencing Elections Via Cyber Voter Interference,” Contemporary Politics (2018): 2, Doi: 10.1080/13569775.2018.1493629.

The European Commission defines disinformation as “verifiably false or misleading information that is created, presented and disseminated for economic gain or to intentionally deceive the public, and may cause public harm.” See Communication – Tackling online disinformation: A European approach, European Commission, COM(2018) 236 final (April 26, 2018), 3–4.

Isabelle Hansen and Darren J. Lim, “Doxing Democracy: Influencing Elections Via Cyber Voter Interference,” Contemporary Politics (2018): 4, Doi: 10.1080/13569775.2018.1493629.

Jacqueline Van De Velde, “The Law of Cyber Interference in Elections” (paper, Yale Law School, 2017), 20, accessed January 19, 2019, https://law.yale.edu/system/files/area/center/global/document/van_de_velde_cyber_interference_in_elections_06.14.2017.pdf; Isabelle Hansen and Darren J. Lim, “Doxing Democracy: Influencing Elections Via Cyber Voter Interference,” Contemporary Politics (2018): 2, Doi: 10.1080/13569775.2018.1493629.

In 1924, the first Labour government in the UK faced a general election. The British Daily Mail newspaper, four days before the election, published a secret letter, the “Zinoviev Letter.” It was purported that Grigori Zinoviev, president of the Communist International (Comintern) organization in Moscow, had called on British communists to mobilize sympathetic forces in the Labour Party to support the ratification of an Anglo-Soviet treaty (including a large loan to the Soviets), as well as fomenting insurrection among the armed forces. The letter made it look like the Labour Party was in bed with communism. This allegedly helped the Conservative Party to return to power and not to ratify the trade agreement with the Soviet Union. Authentic at the time, historians agree that the letter was a forgery. See Phil Tinline, “The Art of the Big Lie: From the Reichstag Fire to Stalin's Show Trials, the Craft of Disinformation is Nothing New,” New Statesman, March 2018, 34; Dan Lomas, “Book Review Essay: The Zinoviev Letter,” International Affairs 95, no. 1 (2019): 201.

The Nazis tried to pin the Reichstag fire on the communists and communists in return pinned it on the Nazis. See Phil Tinline, “The Art of the Big Lie: From the Reichstag Fire to Stalin's Show Trials, the Craft of Disinformation is Nothing New,” New Statesman, March 2018, 34–37.

In the show trials of 1936 Stalin dragged his rivals through this process, accusing them of ludicrous crimes and actions. See Phil Tinline, “The Art of the Big Lie: From the Reichstag Fire to Stalin's Show Trials, the Craft of Disinformation is Nothing New,” New Statesman, March 2018, 34–37.

Phil Tinline, “The Art of the Big Lie: From the Reichstag Fire to Stalin's Show Trials, the Craft of Disinformation is Nothing New,” New Statesman, March 2018, 34, 37.

Don Fallis, “What is Disinformation,” Library Trends 63, no. 3 (2015): 402; Anya Schiffrin, “Disinformation and Democracy: The Internet Transformed Protest but did not Improve Democracy,” Journal of International Affairs 71, no. 1 (2017): 120.

Alina Bargaoanu and Loredana Radu, “Fake News or Disinformation 2.0: Some Insights into Romanians’ Digital Behaviour,” Romanian Journal of European Affairs 18, no. 1 (2018): 26.

Ibid ., 27.

Ibid ., 27.

Ibid ., 27.

Ibid ., 27.

Technology today offers the ability to distort the reality on a different level. Images, audios, and videos of real people saying and doing things they have never done or said can be created. “Deep fakes” are the hyper-realistic digital falsification of images, videos, and audios. Imagine for instance a fake video released shortly before an election of a politician making inflammatory statements. See Bobby Chesney and Danielle Citrone, “Deep Fakes: A Looming Challenge for Privacy, Democracy, and National Security,” (July 14, 2018), California Law Review 107 (2019, forthcoming): 3, available at SSRN: https://ssrn.com/abstract=3213954; James Vincent, “New AI Research Makes It Easier to Create Fake Footage of Someone Speaking,” The Verge, July 12, 2017, https://www.theverge.com/2017/7/12/15957844/ai-fake-video-audio-speech-obama.

Researchers at the University of Washington offer a very prominent example. They created a video of former President Barack Obama that made it appear he was saying things that he had not said in that very context. Combining this with voice recreation technology offers a wide range of applications and the potential misuse of deep fakes. See Bobby Chesney and Danielle Citrone, “Deep Fakes: A Looming Challenge for Privacy, Democracy, and National Security” (July 14, 2018), California Law Review 107 (2019, forthcoming): 6, available at SSRN: https://ssrn.com/abstract=3213954.

Phil Tinline, “The Art of the Big Lie: From the Reichstag Fire to Stalin's Show Trials, the Craft of Disinformation is Nothing New,” New Statesman, March 2018, 34–37.

Marle Baezner and Patrice Robin, “Hotspot Analysis: Cyber and Information Warfare in Elections in Europe” (Center for Security Studies [CSS], ETH Zurich, Zurich, 2017): 10.

Center for European Policy Analysis (CEPA), “Techniques,” accessed January 5, 2019, http://infowar.cepa.org/Techniques.

A “bot” or web robot is an autonomous program that can interact with computer systems or users, designed to spread a message automatically. A bot account is non-human and can for instance tweet and retweet on Twitter based on a set of programmed rules. Enough bots working together can quickly start a trend or take over a trend. See Jarred Prier, “Commanding the Trend: Social Media as Information Warfare,” Strategic Studies Quarterly 11, no. 4 (2017): 54–55.

Jarred Prier, “Commanding the Trend: Social Media as Information Warfare,” Strategic Studies Quarterly 11, no. 4 (2017): 52–53.

Ibid ., 53.

Soroush Vosoughi, Deb Roy, and Sinan Aral, “The Spread of True and False News Online,” SCIENCE, March 8, 2018.

Phil Tinline, “The Art of the Big Lie: From the Reichstag Fire to Stalin's Show Trials, the Craft of Disinformation is Nothing New,” New Statesman, March 2018, 34, 37; Anya Schiffrin, “Disinformation and Democracy: The Internet Transformed Protest but did not Improve Democracy,” Journal of International Affairs 71, no. 1 (2017): 123; David M. Howard, “Can Democracy Withstand the Cyber Age: 1984 in the 21st Century,” Hastings Law Journal 69 (2018): 1371–1372.

Bobby Chesney and Danielle Citrone, “Deep Fakes: A Looming Challenge for Privacy, Democracy, and National Security” (July 14, 2018), California Law Review 107 (2019, forthcoming): 21, available at SSRN: https://ssrn.com/abstract=3213954.

Dov H. Levin, “When the Great Power Gets a Vote: The Effects of Great Power Electoral Interventions on Election Results,” International Studies Quarterly 60 (2016): 189.

Bobby Chesney and Danielle Citrone, “Deep Fakes: A Looming Challenge for Privacy, Democracy, and National Security” (July 14, 2018), California Law Review 107 (2019, forthcoming): 22, available at SSRN: https://ssrn.com/abstract=3213954; Paul Baines and Nigel Jones, “Influence and Interference in Foreign Elections,” The RUSI Journal 163, no. 1 (2018): 14–15.

Marle Baezner and Patrice Robin, “Hotspot Analysis: Cyber and Information Warfare in Elections in Europe” (Center for Security Studies [CSS], ETH Zurich, Zurich, 2017): 9.

Some argue that this was the actual – or at least original – goal of the Russian influence campaign in the 2016 US presidential election. See Jon White, “Dismiss, Distort, Distract, and Dismay: Continuity and Change in Russian Disinformation,” Institute for European Studies: Vrije Universiteit Brussel, May 13, 2016, https://www.ies.be/node/3689.

For a more detailed discussion on threats posed by disinformation operations see Bobby Chesney and Danielle Citrone, “Deep Fakes: A Looming Challenge for Privacy, Democracy, and National Security” (July 14, 2018), California Law Review 107 (2019, forthcoming): 21–29, available at SSRN: https://ssrn.com/abstract=3213954.

A “campaign” can be defined as “a planned group of especially political, business, or military activities that are intended to achieve a particular aim.” See Cambridge Dictionary, s.v. “campaign,” accessed April 1, 2019, https://dictionary.cambridge.org/de/worterbuch/englisch/campaign.

Since 2014 Russia has been researching about the US electoral process including the related equipment and technology. During the presidential election in 2016 Russian intelligence accessed various elements of state or local electoral boards. See Office of the Director of National Intelligence (ODNI), Assessing Russian Activities and Intentions in Recent US Elections, ICA 2017-01D, (January 6, 2017): 3, accessed January 30, 2019, https://www.dni.gov/files/documents/ICA_2017_01.pdf; Massimo Calabresi, “Hacking the Voter: What's Behind Russia's Effort to Influence the US Election,” Time, October 10, 2016: 33.

The Russian intelligence services conducted cyber operations against both major U.S. political parties, and collected information about think tanks, lobbying groups, and other organizations taking part in the process of U.S. policy making. Starting at least in March 2016, the Main Intelligence Directorate (GRU) gained unauthorized access (to “hack”) to the US presidential campaign of Hillary Clinton, including the campaign's chairman John Podesta. By in or around April 2016 the GRU hacked into the computer network of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC). By in or around June 2016 the GRU staged and released tens of thousands of stolen emails and documents. This was done by using fictitious online personas, including “DCLeaks” and “Guccifer 2.0.” This was done to hide the identity of the main perpetrator using a network of computers around the world and paying the infrastructure with crypto currencies. The ODNI Report with “high confidence” found that the GRU used Guccifer 2.0 persona, DCLeaks.com, WikiLeaks, and the media to release the stolen data to the public. See US v. Viktor Borisovich Netyksho, et al. (1:18-cr-215, District of Columbia); Office of the Director of National Intelligence (ODNI), Assessing Russian Activities and Intentions in Recent US Elections, ICA 2017-01D, (January 6, 2017): 2–3, accessed January 30, 2019, https://www.dni.gov/files/documents/ICA_2017_01.pdf.

In July 2018, Special Counsel Robert Mueller indicted twelve Russian nationals for their alleged roles in computer hacking conspiracies aimed at interfering in the 2016 U.S. elections. The indictment charges eleven officers of the GRU (the “Conspirators”) with crimes (e.g. count eleven: “Conspiracy to commit an offense against the United States”) with regard to the hack and leak of the Clinton Campaign, DNC, and DCCC during the 2016 presidential election. See US v. Viktor Borisovich Netyksho, et al. (1:18-cr-215, District of Columbia); Andrew Prokop, “All of Robert Mueller's Indictments and Plea Deals in the Russia Investigation So Far,” Vox, January 25, 2019, https://www.vox.com/policy-and-politics/2018/2/20/17031772/mueller-indictments-grand-jury.

Another term, which is used to describe operations conducted by Russian security services aimed at influencing the course of international affairs are “active measures.” See U.S. Department of Justice, Report on the Investigation into Russia Interference in the 2016 Presidential Election: Volume I of II, Washington D.C. (March 2019): 14, accessed April 19, 2019, https://www.justice.gov/storage/report.pdf.

Jacqueline Van De Velde, “The Law of Cyber Interference in Elections” (paper, Yale Law School, 2017), 10, accessed January 19, 2019, https://law.yale.edu/system/files/area/center/global/document/van_de_velde_cyber_interference_in_elections_06.14.2017.pdf; Office of the Director of National Intelligence (ODNI), Assessing Russian Activities and Intentions in Recent US Elections, ICA 2017-01D, (6 January 2017): 2–4, accessed January 30, 2019, https://www.dni.gov/files/documents/ICA_2017_01.pdf.

A “covert action” is “conduct that is officially unacknowledged by the responsible State, reflecting secrecy on the narrow issue of attribution” and which includes “unacknowledged operations intended too influence events in another country, conducted by any State agency or actor, or other entity acting on behalf of a State.” See Alexandra H. Perina, “Black Holes and Open Secrets: The Impact of Covert Action on International Law,” Columbia Journal of Transnational Law 53 (2015): 511–512.

Scott Shane, “Russia Isn't the Only One Meddling in Elections: We Do It, Too,” The New York Times, February 17, 2018, https://www.nytimes.com/2018/02/17/sunday-review/russia-isnt-the-only-one-meddling-in-elections-we-do-it-too.html; Ishaan Tharoor, “The Long History of the US Interfering with Elections Elsewhere,” Washington Post, October 13, 2016, https://www.washingtonpost.com/news/worldviews/wp/2016/10/13/the-long-history-of-the-u-s-interfering-with-elections-elsewhere/?utm_term=.c7547589f5b0.

Dov H. Levin, “Partisan Electoral Interventions by the Great Powers: Introducing the PEIG Dataset,” Conflict Management and Peace Science 36, no. 1 (2019): 94.

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 32.

Office of the Director of National Intelligence (ODNI), Assessing Russian Activities and Intentions in Recent US Elections, ICA 2017-01D, (January 6, 2017), accessed January 30, 2019, https://www.dni.gov/files/documents/ICA_2017_01.pdf [hereinafter ODNI Report].

The report states that “the Russian government interfered in the 2016 presidential election in a sweeping and systematic fashion.” See U.S. Department of Justice, Report on the Investigation into Russia Interference in the 2016 Presidential Election: Volume I of II, Washington D.C. (March 2019): 1, accessed April 19, 2019, https://www.justice.gov/storage/report.pdf. [hereinafter Mueller Report]. The author notes that the report was only released on April 18 in a redacted form.

“High confidence generally indicates that judgments are based on high-quality information from multiple sources.” See Office of the Director of National Intelligence (ODNI), Assessing Russian Activities and Intentions in Recent US Elections, ICA 2017-01D, (January 6, 2017): 13, accessed January 30, 2019, https://www.dni.gov/files/documents/ICA_2017_01.pdf.

Office of the Director of National Intelligence (ODNI), Assessing Russian Activities and Intentions in Recent US Elections, ICA 2017-01D, (January 6, 2017): ii, accessed January 30, 2019, https://www.dni.gov/files/documents/ICA_2017_01.pdf.

Ibid ., ii.

“A troll is a person submitting provocative statements or articles to an Internet discussion in order to create discord and drag more people into it.” See Marle Baezner and Patrice Robin, “Hotspot Analysis: Cyber and Information Warfare in Elections in Europe” (Center for Security Studies [CSS], ETH Zurich, Zurich, 2017): 17.

Trolls do not limit themselves to their own country, but collaborate with other trolls around the world who have similar views, which further amplifies the disinformation. See Marle Baezner and Patrice Robin, “Hotspot Analysis: Cyber and Information Warfare in Elections in Europe” (Center for Security Studies [CSS], ETH Zurich, Zurich, 2017): 10.

Office of the Director of National Intelligence (ODNI), Assessing Russian Activities and Intentions in Recent US Elections, ICA 2017-01D (January 6, 2017): ii, accessed January 30, 2019, https://www.dni.gov/files/documents/ICA_2017_01.pdf.

Jarred Prier, “Commanding the Trend: Social Media as Information Warfare,” Strategic Studies Quarterly 11, no. 4 (2017): 74.

Richard Gunther, Paul A. Beck, and Erik C. Nisbet, “Fake News May Have Contributed to Trump's 2016 Victory” (study, Ohio State University, 2018), accessed February 5, 2019, https://www.documentcloud.org/documents/4429952-Fake-News-May-Have-Contributed-to-Trump-s-2016.html.

The author acknowledges that the study has not been peer reviewed but it certainly offers an insight on how disinformation may affect voter choices. Another study has suggested that the average level of disinformation was higher in swing states than in uncontested states. See Philip N. Howard et al., “Social Media, News and Political Information During the US Election: Was Polarizing Content Concentrated in Swing States?” (study, Oxford University, 2017), accessed February 27, 2019, https://arxiv.org/ftp/arxiv/papers/1802/1802.03573.pdf.

One of the emails stolen from John Podesta (former chairman of the 2016 Hillary Clinton presidential campaign) was used as the base for a conspiracy theory called Pizzagate. The story caught traction on social media platforms including Twitter, YouTube, Reddit, and 4Chan. It was claimed that Podesta was a paedophile and that he, Hillary Clinton, and a restaurant owner ran a child sex-trafficking ring from the basement of a pizzeria in Washington D.C. A 28-year-old armed man stormed into the pizzeria on a mission to save the children. Even after the arrest of the man, the conspiracy theory of Pizzagate lived on. See Jarred Prier, “Commanding the Trend: Social Media as Information Warfare,” Strategic Studies Quarterly 11, no. 4 (2017): 72–73.

Massimo Calabresi, “Hacking Democracy: Inside Russia's Social Media War on America,” Time, May 29, 2017: 34.

Craig Silverman, “This Analysis Shows How Viral Fake Election News Stories Outperformed Real News on Facebook,” BuzzFeed, November 16, 2016, https://www.buzzfeednews.com/article/craigsilverman/viral-fake-election-news-outperformed-real-news-on-facebook#.wkLAZDD3pa.

Jarred Prier, “Commanding the Trend: Social Media as Information Warfare,” Strategic Studies Quarterly 11, no. 4 (2017): 74.

U.S. Department of Justice, Report on the Investigation into Russia Interference in the 2016 Presidential Election: Volume I of II, Washington D.C. (March 2019): 15, accessed April 19, 2019, https://www.justice.gov/storage/report.pdf; Olivia Solon and Sabrina Siddiqui, “Russia-backed Facebook posts reached 126m Americans during US election,” The Guardian, March 26, 2019, https://www.theguardian.com/technology/2017/oct/30/facebook-russia-fake-accounts-126-million.

U.S. v. Internet Research Agency, et al. (1:18-cr-32, District of Columbia): at 6; Oliver Carroll, “St. Petersburg Troll Farm had 90 Dedicated Staff Working to Influence US Election Campaign,” Independent, October 17, 2017, https://perma.cc/BL34-WK9F.

U.S. v. Internet Research Agency, et al. (1:18-cr-32, District of Columbia): at 6.

Ibid ., at 6; Oliver Carroll, “St. Petersburg Troll Farm had 90 Dedicated Staff Working to Influence US Election Campaign,” Independent, October 17, 2017, https://perma.cc/BL34-WK9F; U.S. Department of Justice, Report on the Investigation into Russia Interference in the 2016 Presidential Election: Volume I of II, Washington D.C. (March 2019): 1, 4, accessed April 19, 2019, https://www.justice.gov/storage/report.pdf.

U.S. v. Internet Research Agency, et al. (1:18-cr-32, District of Columbia): at 17.

“A troll farm or factory is a place running around the clock to produce trolling messages and posts.” See Marle Baezner and Patrice Robin, “Hotspot Analysis: Cyber and Information Warfare in Elections in Europe” (Center for Security Studies [CSS], ETH Zurich, Zurich, 2017): 17.

U.S. v. Internet Research Agency, et al. (1:18-cr-32, District of Columbia); at 3; Office of the Director of National Intelligence (ODNI), Assessing Russian Activities and Intentions in Recent US Elections, ICA 2017-01D, (6 January 2017): 3–4, accessed January 30, 2019, https://www.dni.gov/files/documents/ICA_2017_01.pdf.

U.S. v. Internet Research Agency, et al. (1:18-cr-32, District of Columbia): at 3.

Ibid ., at 6.

Philip N. Howard, Bharath Ganesh, and Dimitra Liotsiou, The IRA, Social Media and Political Polarization in the United States, 2012-2018 (Oxford, UK: Oxford Internet Institute, 2019): 3. The report was prepared by the Oxford Internet Institute at Oxford University with data provided by social media firms to the Senate Select Committee on Intelligence (SSCI).

Oliver Carroll, “St. Petersburg Troll Farm had 90 Dedicated Staff Working to Influence US Election Campaign,” Independent, October 17, 2017, https://perma.cc/BL34-WK9F.

U.S. v. Internet Research Agency, et al. (1:18-cr-32, District of Columbia): at 14.

Philip N. Howard, Bharath Ganesh, and Dimitra Liotsiou, The IRA, Social Media and Political Polarization in the United States, 2012-2018 (Oxford, UK: Oxford Internet Institute, 2019): 3.

Jon Swaine, “Twitter Admits Far More Russian Bots Posted On Election Than It Had Disclosed,” The Guardian, January 20, 2018, https://www.theguardian.com/technology/2018/jan/19/twitter-admits-far-more-russian-bots-posted-on-election-than-it-had-disclosed.

U.S. Department of Justice, Report on the Investigation into Russia Interference in the 2016 Presidential Election: Volume I of II, Washington D.C. (March 2019): 15, accessed April 19, 2019, https://www.justice.gov/storage/report.pdf.

U.S. v. Internet Research Agency, et al. (1:18-cr-32, District of Columbia): at 3.

Ibid ., at 15–16.

Mikayla Bouchard, “The Russia Investigation Is Completed: Here's What It All Means,” The New York Times, May 16, 2018, https://www.nytimes.com/2018/05/16/us/politics/russia-investigation-guide.html.

David Lazer et al., “The Science of Fake News: Addressing Fake News Requires a Multidisciplinary Effort,” Science 359, March 8, 2018, 3.

Massimo Calabresi, “Hacking Democracy: Inside Russia's Social Media War on America,” Time, May 29, 2017: 34. Twitter identified approximately 50,000 bots connected to the Russian government, which tweeted more than a million times in the ten weeks before the U.S. presidential election. See U.S. Department of Justice, Report on the Investigation into Russia Interference in the 2016 Presidential Election: Volume I of II, Washington D.C. (March 2019): 29, accessed April 19, 2019, https://www.justice.gov/storage/report.pdf.

Bence Kollanyi, Philip N. Howard, and Samuel C. Woolley, “Bots and Automation over Twitter During the US Election” (study, Oxford University, 2016), accessed February 27, 2019, http://comprop.oii.ox.ac.uk/wp-content/uploads/sites/89/2016/11/Data-Memo-US-Election.pdf.

Jolanta Darczewska et al., “Russian Analytical Digest,” Center for Security Studies (CSS), ETH Zurich, Zurich, 2017: 7.

Ibid ., 7; Massimo Calabresi, “Hacking Democracy: Inside Russia's Social Media War on America,” Time, May 29, 2017: 32.

For instance: “You know, a great number of black people support us saying that #HillaryClintonIsNotMyPresident”; “Hillary Clinton has already committed voter fraud during the Democrat Iowa Caucus”; “Hillary is a Satan, and her crimes and lies had proved just how evil she is.” See U.S. v. Internet Research Agency, et al. (1:18-cr-32, District of Columbia): at 20.

U.S. v. Internet Research Agency, et al. (1:18-cr-32, District of Columbia): at 4.

The IRA used the false US persona, joshmilton024@gmail.com, to send an email to Campaign Official 1 at that donaldtrump.com email account, which read in part:

Hello [Campaign Official 1], [w]e are organizing a state-wide event in Florida on August 20 to support Mr. Trump. Let us introduce ourselves first. “Being Patriotic” is a grassroots conservative online movement trying to unite people offline. [W]e gained a huge lot of followers and decided to somehow help Mr. Trump get elected. You know, simple yelling on the Internet is not enough. There should be real action. We organized rallies in New York before. Now we're focusing on purple states such as Florida.

See U.S. v. Internet Research Agency, et al. (1:18-cr-32, District of Columbia): at 28.

Ibid ., at 4, 21.

Ibid .; Andrew Prokop, “All of Robert Mueller's Indictments and Plea Deals in the Russia Investigation So Far,” Vox, January 25, 2019, https://www.vox.com/policy-and-politics/2018/2/20/17031772/mueller-indictments-grand-jury.

U.S. Department of Justice, Report on the Investigation into Russia Interference in the 2016 Presidential Election: Volume I of II, Washington D.C. (March 2019): 14, accessed April 19, 2019, https://www.justice.gov/storage/report.pdf.

Press Release, White House, Statement by the President on Actions in Response to Russian Malicious Cyber Activity and Harassment (December 29, 2016), accessed February 9, 2019, https://perma.cc/3XXD-8K5C [hereinafter Obama Press Release].

S.S. Lotus (Fr. v. Turk.), 1927 P.C.I.J. (ser. A) No. 10, at 18 (September 7); Paramilitary Activities in and Against Nicaragua (Nicar. v. U.S.), 1986 I.C.J. 14, para. 269 (June 27); Legality of the Threat or Use of Nuclear Weapons, Advisory Opinion, 1996 I.C.J. 226, para. 21 (July 8).

International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, general commentary, para. 1, U.N. Doc. A/56/10, at 31 (2001).

Ibid ., art. 2.

For a discussion on self-determination and the right to privacy with regard to the 2016 presidential election see Jens D. Ohlin, “Did Russian Cyber Interference in the 2016 Election Violate International Law?” Texas Law Review 95, (2017); Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018); Barrie Sander, “Democracy Under the Influence: Paradigms of State Responsibility for Cyber Influence Operations on Elections,” Chinese Journal of International Law 18 (2019).

The author notes that there is the debate about whether sovereignty is a primary rule of international law or a foundational principle from which the primary rule emanates. The author follows the view that sovereignty is both a principle and a primary rule of international law. This is in accordance with the approach taken by the U.N. Group of Governmental Experts on Developments in the Field of Information and Telecommunications (U.N. GGE) and the International Group of Experts (IGE) that prepared the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. See Rep. of the Group of Governmental Experts on Dev. in the Field of Info. and Telecomm. in the Context of Int'l Security, para. 15, U.N. Doc. A/70/174 (July 22, 2015) [hereinafter U.N. GGE 2015 Report]; NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 11–12, 17. For an opposing view see Gary P. Corn and Robert Taylor, “Sovereignty in the Age of Cyber,” AJIL Unbound 111, (2017): 207–212.

Schmitt and Vihul in their article also concluded that sovereignty for decades has been treated as a primary rule of international law. They surveyed treatment of the matter by international tribunals, States, international organizations, and academics. They could not identify a basis for treating the concept of sovereignty differently in the context of cyberspace. See Michael N. Schmitt and Liis Vihul, “Respect for Sovereignty in Cyberspace,” Texas Law Review 95 (2017).

It needs to be noted that this position does not mean that every cyber operation and/or information operation contravening the target State's domestic law also amounts to a violation of sovereignty (e.g. cyber espionage violating domestic law does not violate international law). Furthermore, sovereignty as a primary rule of international law does not constitute an absolute bar to cyber and/or information operations conducted by other States. See Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 42.

Island of Palmas (Neth. v. U.S.), 2 R.I.A.A. 829, 838 (Perm. Ct. Arb. 1928). See also Corfu Channel (U.K. v. Alb.), 1949 I.C.J. 4, 43 (individual opinion of Judge Alvarez) (April 9).

Sovereignty has also been described as “the supreme authority of every State within its territory.” See Lassa Oppenheim, Oppenheim's International Law, ed. Sir Robert Jennings and Sir Arthur Watts, 9th ed. (London: Longmans, 2008): 564.

The term “cyberspace operation” is an umbrella term. Several scholars (including the International Group of Experts in the Tallinn 2.0) use the term in accordance with the definition of the Department of Defense (DoD) of the US. The DoD defines cyberspace operations as “[t]he employment of cyber capabilities where the primary purpose is to achieve objectives in or through cyberspace.” See U.S. Department of Defense (U.S. DoD), Memorandum for Chiefs of the Military Services: Joint Terminology for Cyberspace Operations (n.d.): 8, accessed January 5, 2019, https://www.hsdl.org/?abstract&did=734860; NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 564.

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 43.

The author notes that there is a difference between internal sovereignty (rights and obligations of a State in domestic affairs) and external sovereignty (rights and obligations of a State in international affairs). This thesis focuses on internal sovereignty only since this is the relevant domain possibly touched in the 2016 US presidential election and more generally by disinformation operations aimed at (democratic) elections.

Military and Paramilitary Activities in and Against Nicaragua (Nicar. v. U.S.), 1986 I.C.J. 14, para. 205 (June 27); NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 18.

Wolff Heintschel von Heinegg, “Territorial Sovereignty and Neutrality in Cyberspace,” International Law Studies 89 (2013): 124.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 11.

The Tallinn Manual 2.0 represents lex lata, the law as (the International Group of Experts believe) it is, as opposed to lex ferenda, the law as it ought to be. See NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 2–3.

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 43; Sean Watts and Theodore Richard, “Baseline Territorial Sovereignty and Cyberspace,” Lewis & Clark Law Review 22, no. 3 (2018): 818.

The Tallinn Manual 2.0 extends the notion of damage to loss of functionality since it should not matter whether targeted systems are physically damaged or simply rendered inoperative. In both cases, the effect is the same, the system no longer works. For example, this includes the Shamoon virus that required repair or replacement of thousands of Saudi Aramco's (Saudi Arabia's oil company) hard drives in 2012. Treating the loss of functionality as the equivalent of physical damage comports with the object and purpose of the rule of sovereignty: to afford the territorial State control over consequential activities on its territory. See NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 20–21.

However, caution needs to be taken with the precise meaning of “loss of functionality.”

Michael N. Schmitt, ”Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 43.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 21.

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 45.

Paramilitary Activities in and Against Nicaragua (Nicar. v. U.S.), 1986 I.C.J. 14, para. 263 (June 27).

Michael N. Schmitt and Liis Vihul, “Sovereignty in Cyberspace: Lex Lata vel Non,” AJIL Unbound 111, (2017): 216.

While State “interference” with other States’ governmental functions recalls the principle of non-intervention, the Tallinn Manual 2.0 clarifies that where an intervention requires coercion, a mere violation of sovereignty does not. See NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 24.

“Usurpation” of inherently governmental functions deals with inherently governmental functions. It differs from intervention because intervention involves the domaine réseré. The concepts overlap but they are not identical. See NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 24.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 21.

Ibid ., 22.

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 45–46.

International Code of Conduct for Information Security (Letter dated 9 January 2015 from the Permanent Representative of China, Kazakhstan, Kyrgyzstan, the Russian Federation, Tajikistan and Uzbekistan to the UN addressed to the Secretary-General), UN Doc. A/69/723 (January 13, 2015), stating that each State pledges:

(3) Not to use information and communications technologies and information and communications networks to interfere in the internal affairs of other States or with the aim of undermining their political, economic and social stability;

(6) To reaffirm the rights and responsibilities of all States, in accordance with the relevant norms and rules, regarding legal protection of their information space and critical information infrastructure against damage resulting from threats, interference, attack and sabotage.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 26.

Ibid ., 26.

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 47.

Ibid ., 47.

The global commons consist of “international waters and airspace, space, and cyberspace.” See U.S. Department of Defense (U.S. DoD), Strategy for Homeland Defense and Civil Support: Version 2.0” (2007): ES – 3, accessed February 11, 2019, https://www.jcs.mil/Portals/36/Documents/Doctrine/concepts/joc_hld.pdf?ver=2017-12-28-162017-823; Beatrice A. Walton, “Duties Owed: Low-Intensity Cyber Attacks and Liability for Transboundary Torts in International Law,” The Yale Law Journal 126 (2017): 1475.

James Crawford and Ian Brownlie, Brownlie's Principles of Public International Law, 8th ed. (2012): 251–252.

Beatrice A. Walton, “Duties Owed: Low-Intensity Cyber Attacks and Liability for Transboundary Torts in International Law,” The Yale Law Journal 126 (2017): 1475.

Paramilitary Activities in and Against Nicaragua (Nicar. v. U.S.), 1986 I.C.J. 14, paras. 202, 205, 251 (June 27).

Oppenheim furthermore states that the prohibition of intervention “is the corollary of every State's right to sovereignty, territorial integrity and political independence.” See Lassa Oppenheim, Oppenheim's International Law, ed. Sir Robert Jennings and Sir Arthur Watts, 9th ed. (London: Longmans, 2008): 428.

Armed Activities on the Territory of the Congo (Dem. Rep. Congo v. Uganda), 2005 I.C.J. 168, paras. 161–165 (December 19); Paramilitary Activities in and Against Nicaragua (Nicar. v. U.S.), 1986 I.C.J. 14, para. 202 (June 27); NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 312.

Despite frequent breaches of the non-intervention norm in State practice, the International Court of Justice has observed that “[it] is not to be expected that in the practice of State the application of the rules in question should have been perfect, in the sense that States should have refrained, with complete consistency, from […] intervention in each other's internal affairs.” See Paramilitary Activities in and Against Nicaragua (Nicar. v. U.S.), 1986 I.C.J. 14, para. 186 (June 27).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 312.

Due to the accepted customary character of the norm of non-intervention, the norm extends to State's actions in cyberspace. See Sean Watts, “Low-Intensity Cyber Operations and the Principle of Non-Intervention,” in Cyber War: Law and Ethics for Virtual Conflicts, ed. Jens D. Ohlin, Kevin Govern, and Claire Finkelstein (Oxford, UK: Oxford University Press, 2018): 253.

Rep. of the Group of Governmental Experts on Dev. in the Field of Info. and Telecomm. in the Context of Int'l Security, at 12, U.N. Doc. A/70/174 (July 22, 2015).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 313.

Terry D. Gill, “Non-Intervention in the Cyber Context,” in Peacetime Regime for State Activities in Cyberspace, ed. Katharina Ziolkowski (Tallinn, Estonia: NATO Cooperative Cyber Defence Centre of Excellence, 2013): 217.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 313–314.

Nationality Decrees Issued in Tunis and Morocco, Advisory Opinion, 1923 P.C.I.J (ser. B) No. 4, at 24 (February 7); NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 314.

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 49.

Paramilitary Activities in and Against Nicaragua (Nicar. v. U.S.), 1986 I.C.J. 14, para. 205 (June 27). See also Friendly Relations Declaration, G.A. Res. 2525 (XXV), princ. 3, U.N. Doc. A/RES/25/2625 (October 24, 1970); Declaration on the Inadmissibility of Intervention and Interference in the Internal Affairs of States, G.A. Res. 36/103, I(b), U.N. Doc. A/RES/36/103 (December 9, 1981).

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 49.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 315.

The Declaration on the Inadmissibility of Intervention and Interference provides certain parameters with respect to permissible State behavior. According to the Declaration States must “refrain from any action or attempt to destabilize the political system” and “refrain fro the promotion, encouragement or support, direct or indirect, of any action which seeks to disrupt the unity or undermine or subvert the political order of other States.” However, it needs to be noted that the Declaration is not necessarily declaratory of customary international law. See Declaration on the Inadmissibility of Intervention and Interference in the Internal Affairs of States, G.A. Res. 36/103, II(e)–(f), U.N. Doc. A/RES/36/103 (December 9, 1981).

Paramilitary Activities in and Against Nicaragua (Nicar. v. U.S.), 1986 I.C.J. 14, para. 205 (June 27).

Ibid ., para. 205.

The author notes that there is a current debate about the scope of the definition of coercion. Traditionally, coercion has been defined narrowly. Oppenheim for example, defines coercion as an act that is “forcible or doctorial, or otherwise coercive, in effect depriving the State intervened against of control over the matter in question.” See Lassa Oppenheim, Oppenheim's International Law, ed. Sir Robert Jennings and Sir Arthur Watts, 9th ed. (London: Longmans, 2008): 432.

In recent years, however, a broader view of coercion has begun to garner support within international scholarship. According to this broader reading, coercion encompasses conduct that disrupts, compromises or weakens the authority of the State. See, for example, Russell Buchan, “The International Legal Regulation of State–Sponsored Cyber Espionage,” in International Cyber Norms: Legal, Policy & Industry Perspectives (Tallinn, NATO CCD COE Publications, 2016): 78 (“conduct which compromises or undermines the authority of the state should be regarded as coercive”).

Support for this approach can also be found in the Friendly Relations Declaration, which provides that no State has “the right to intervene, directly or indirectly, for any reason whatever, in the internal or external affairs of any other State.” See Friendly Relations Declaration, G.A. Res. 2525 (XXV), U.N. Doc. A/RES/25/2625 (October 24, 1970).

According to the Friendly Relations Declaration, “[no] State may use or encourage the use of economic political or any other type of measures to coerce another State in order to obtain from it the subordination of the exercise of its sovereign rights and to secure from it advantage of any kind.” See Friendly Relations Declaration, G.A. Res. 2525 (XXV), princ. 3, U.N. Doc. A/RES/25/2625 (October 24, 1970).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 317.

Ibid ., 318.

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 50.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 318.

Although the International Convention Concerning the Use of Broadcasting in the Cause of Peace, in Article 3, prohibits propaganda that is “likely to harm good international understanding,” the Convention can not be considered as customary international law. See International Convention Concerning the Use of Broadcasting in the Cause of Peace, art. 3, Sept. 23, 1936, L.N.T.S 186, at 301 (entered into force April 2, 1938).

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 50.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 318–319.

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 52.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 319; Pierre Thielbörger and Robin Ramsahye, “Hybrid Warfare: Zwischen Cyber-Attacken und Manipulation von Informationen,” Die Friedens-Warte 90, no. 1/2 (2015): 96.

The argument behind is that non-forcible techniques that are equally intrusive should be equally prohibited. See Ido Kilovaty, “Doxfare: Politically Motivated Leaks and the Future of the Norm on Non-Intervention in the Era of Weaponized Information,” Harvard National Security Journal 9, (2018): 172. McDougal and Feliciano determining whether an act is coercive and therefore could amount to an unlawful intervention, suggest three dimensions of “consequentiality.” These three dimensions include: i) “the importance and number of values affected,” ii) “the extent to which such values are affected,” and iii) “the number of participants whose values are so affected.”^[158] Applied to cyber and/or information operations, their dimensions might consider: “the nature of State interests affected by the cyber and/or information operation, ii) “the scale of effects the operation produces in the target State,” iii) and “the reach in terms of number of actors involuntarily affected by the cyber and/or information operation in question. This approach advocates that considering coercion one needs to look beyond the mere degree of intensity. See Sean Watts, “Low-Intensity Cyber Operations and the Principle of Non-Intervention,” in Cyber War: Law and Ethics for Virtual Conflicts, ed. Jens D. Ohlin, Kevin Govern, and Claire Finkelstein (Oxford, UK: Oxford University Press, 2018): 257; McDougal, Myres S., and Florentino P. Feliciano, “International Coercion and World Public Order: The General Principles of the Law of War,” Yale Law Journal 67 (1958).

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 51.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 320.

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 52.

By aggregating actions or omissions they can result in the internationally wrongful act (e.g. genocide). Therefore, a State can breach an international obligation through a series of (individually not reaching the necessary threshold to infringe the particular obligation, e.g. killing one person is not enough to commit genocide, a systematic element is required) actions or omissions. For a composite act (i.e. an act defined in aggregate as wrongful) the cumulative conduct constitutes the essence of the wrongful act. The composite act is not merely a succession of isolated acts. It reveals itself after the series of acts or omissions have taken place. See International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, paras. 3, 4, and 7 of commentary to art. 15, U.N. Doc. A/56/10, at 31 (2001).

Pierre Thielbörger and Robin Ramsahye, “Hybrid Warfare: Zwischen Cyber-Attacken und Manipulation von Informationen,” Die Friedens-Warte 90, no. 1/2 (2015): 97; Sean Watts, “Low-Intensity Cyber Operations and the Principle of Non-Intervention,” in Cyber War: Law and Ethics for Virtual Conflicts, ed. Jens D. Ohlin, Kevin Govern, and Claire Finkelstein (Oxford, UK: Oxford University Press, 2018): 256.

Oil Platforms (Iran v. U.S.), 1998 I.C.J. 190, Counter-Claim (Order of March 10).

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 51.

Harold H. Koh, “The Trump Administration and International Law,” Washburn Law Journal 56 (2017): 450.

Ido Kilovaty, “Doxfare: Politically Motivated Leaks and the Future of the Norm on Non-Intervention in the Era of Weaponized Information,” Harvard National Security Journal 9 (2018): 172.

Corfu Channel (U.K. v. Alb.), 1949 I.C.J. 4, 44 (individual opinion of Judge Alvarez) (April 9).

S.S. Lotus (Fr. v. Turk.), 1927 P.C.I.J. (ser. A) No. 10, at 88 (Moore, J., dissenting) (September 7); Island of Palmas (Neth. v. U.S.), 2 R.I.A.A. 829, 839 (Perm. Ct. Arb. 1928); Corfu Channel (U.K. v. Alb.), 1949 I.C.J. 4, 22 (April 9).

Note that the principle of due diligence does not include an obligation to take material preventive steps to ensure that a State's territory is not used in violation of this norm. See NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 44; Application of the Convention on the Prevention and Punishment of the Crime of Genocide (Bosn. & Herz. v. Serb. & Montenegro), 2007 I.C.J. 43, para. 431 (February 26).

Island of Palmas (Neth. v. U.S.), 2 R.I.A.A. 829, 839 (Perm. Ct. Arb. 1928); Ian Yuying Liu, “State Responsibility and Cyberattacks: Defining Due Diligence Obligations,” Indonesian Journal of International & Comparative Law 4 (2017): 199–201.

Corfu Channel (U.K. v. Alb.), 1949 I.C.J. 4, 22 (April 9).

The author wants to note that according to the Tallinn Manual 2.0 the duty of due diligence extends extraterritorially. One case in which it applies, is if the State exercises actual control over government cyber infrastructure located abroad (i.e. it is the government which controls the infrastructure). This can be the case if the government operates the infrastructure or if the said infrastructure is on territory, premises, or objects it factually controls. See NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 32–33.

Convention on Biological Diversity art. 3, June 5, 1992, 1760 U.N.T.S. 79 (acknowledging the right of States to exploit their natural resources but also their duty not to cause damage to the environments of other States); United Nations Framework Convention on Climate Change art. 2, May 9, 1992, 1771 U.N.T.S. 107 (recognizing the duty of States to refrain from causing harm to the natural environments of other States); Convention on Long-Range Transboundary Air Pollution art. 2, Nov. 13, 1979, 1302 U.N.T.S. 217 (agreeing to limit and reduce air pollution that emanates from one State and causes harm in another).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 31.

With its argumentation, the Tallinn Manual 2.0 follows the approach adopted by the International Court of Justice in the Nuclear Weapons advisory opinion. See Legality of the Threat or Use of Nuclear Weapons, Advisory Opinion, 1996 I.C.J. para. 39 (8 July).

It needs to be noted that the United Nations Group of Experts (U.N. GGE) advocated that the application of the duty of due diligence with regard to cyber operations has not achieved lex lata status. They stated that States “should” engage in due diligence and not that they “must.” See Rep. of the Group of Governmental Experts on Dev. in the Field of Info. and Telecomm. in the Context of Int'l Security, paras. 13(c), 28(e), U.N. Doc. A/70/174 (July 22, 2015).

However, the U.N. GGE have themselves acknowledged that principles of international law that flow from that of sovereignty are binding in the cyber context. See Rep. of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, U.N. Doc. A/68/98 (June 24, 2013).

Rep. of the Group of Governmental Experts on Dev. in the Field of Info. and Telecomm. in the Context of Int'l Security, para. 27, U.N. Doc. A/70/174 (July 22, 2015).

This is the case for the principle of due diligence. See NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 31.

It also needs to be noted that certain scholars also contest the status of due diligence as a primary rule of international law. For instance, Walton points out that “due diligence appears to exist not as an independent obligation within customary international law, giving rise to state responsibility, but instead as a standard of care owed with respect to certain primary duties in international law.” See Beatrice A. Walton, “Duties Owed: Low-Intensity Cyber Attacks and Liability for Transboundary Torts in International Law,” The Yale Law Journal 126 (2017): 1496.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 32.

Ibid ., 43–44.

Ibid ., 34.

Corfu Channel (U.K. v. Alb.), 1949 I.C.J. 4, 22 (April 9).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 34.

Ibid ., 35.

An example provides international environmental law. In the Trail Smelter arbitral award it was stated that States have an obligation that their territory is not used by private companies who produce cross-border environmental damage. See Trail Smelter (U.S. v. Can.), 3 R.I.A.A. 1905, 1963 (Arb. Trib. 1941).

The victim State needs to establish that a harmful cyber and/or information operation has been launched from the territory of another State. Furthermore, the victim State also needs to establish that the cyber and/or information operation would breach a legal obligation had it been attributable to a State (e.g. prohibited intervention). See Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 54.

The Trail Smelter arbitral award acknowledges that “the real difficulty often arises rather when it comes to determine what, pro subjecta materie, is deemed to constitute an injurious act.” See Trail Smelter (U.S. v. Can.), 3 R.I.A.A. 1905, 1963 (Arb. Trib. 1941).

This standard is adapted following the application of the due diligence duty in international environmental law. In the context of international environmental law usually the damage sustained by the affected State must meet a certain threshold. The Trail Smelter arbitral award holds that “no State has the right to use or permit the use of its territory in such a manner as to cause injury by fumes in or to the territory of another or the properties or person therein, when the case is of serious consequence […].” See Trail Smelter (U.S. v. Can.), 3 R.I.A.A. 1905, 1965 (Arb. Trib. 1941).

In addition to “serious”other terms such as “significant” or “substantial” have been used in the context of international environmental law. See International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Prevention of Transboundary Harm from Activities, Art. 2, para. 4 of commentary, U.N. Doc. A/56/10, at 148 (2001).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 37.

Ibid ., 37–38, 40.

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 55.

James Crawford and Ian Brownlie, Brownlie's Principles of Public International Law, 8th ed. (2012): 543; Corfu Channel (U.K. v. Alb.), 1949 I.C.J. 4, 44–45 (individual opinion of Judge Alvarez) (April 9).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 40.

The author notes that in the Corfu Channel case Albania denied that it had actual knowledge of the minefield laid in its territorial waters. The ICJ nevertheless concluded that in the circumstances Albania “must have known” of the mining and that thereby the knowledge requirement was satisfied. See Corfu Channel (U.K. v. Alb.), 1949 I.C.J. 4, 20 (April 9).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 41.

Corfu Channel (U.K. v. Alb.), 1949 I.C.J. 4, 44 (individual opinion of Judge Alvarez) (April 9); Application of the Convention on the Prevention and Punishment of the Crime of Genocide (Bosn. & Herz. v. Serb. & Montenegro), 2007 I.C.J. 43, para. 432 (February 26).

The author acknowledges that the constructive knowledge standard is somewhat controversial in international law. See NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 41.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 43.

Application of the Convention on the Prevention and Punishment of the Crime of Genocide (Bosn. & Herz. v. Serb. & Montenegro), 2007 I.C.J. 43, paras. 430–431 (February 26); Armed Activities on the Territory of the Congo (Dem. Rep. Congo v. Uganda), 2005 I.C.J. 168, para. 301 (December 19).

International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, Art. 12, paras. 11–12 of commentary, U.N. Doc. A/56/10, at 31 (2001); Application of the Convention on the Prevention and Punishment of the Crime of Genocide (Bosn. & Herz. v. Serb. & Montenegro), 2007 I.C.J. 43, para. 430 (February 26).

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 55.

U.S. v. Internet Research Agency, et al. (1:18-cr-32, District of Columbia): at 6.

Ibid ., at 3; Office of the Director of National Intelligence (ODNI), Assessing Russian Activities and Intentions in Recent US Elections, ICA 2017-01D, (January 6, 2017): 3–4, accessed January 30, 2019, https://www.dni.gov/files/documents/ICA_2017_01.pdf.

Philip N. Howard, Bharath Ganesh, and Dimitra Liotsiou, The IRA, Social Media and Political Polarization in the United States, 2012-2018 (Oxford, UK: Oxford Internet Institute, 2019): 3.

The report was prepared by the Oxford Internet Institute at Oxford University with data provided by social media firms to the Senate Select Committee on Intelligence (SSCI).

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 55; Barrie Sander, “Democracy Under the Influence: Paradigms of State Responsibility for Cyber Influence Operations on Elections,” Chinese Journal of International Law 18, (2019): paras. 46–48.

International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, general commentary, para. 1, U.N. Doc. A/56/10, at 31 (2001); James Crawford and Ian Brownlie, Brownlie's Principles of Public International Law, 8th ed. (2012): 540.

Although the ILC Articles have not (or not yet) been translated into a treaty, they have been much cited and have acquired increasing authority as an expression of the customary law of state responsibility. By 2012, the Articles and accompanying commentary had been cited 154 times by international courts, tribunals, and other bodies. See NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 79.

Ibid ., 80.

International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, art 2, U.N. Doc. A/56/10, at 31 (2001).

Ibid ., art 2.

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 63–66.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 85.

Luke Chircop, “A Due Diligence Standard of Attribution in Cyberspace,” International and Comparative Law Quarterly 67 (2018): 645–646; Christian Payne and Lorraine Finlay, “Addressing Obstacles to Cyber-Attribution: A Model Based on State Response to Cyber-Attack,” The George Washington International Law Review 49 (2017): 559.

International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, art 4(1), U.N. Doc. A/56/10, at 31 (2001).

Ibid ., art 7.

Ibid ., art 31.

Ibid ., art 4(2).

Application of the Convention on the Prevention and Punishment of the Crime of Genocide (Bosn. & Herz. v. Serb. & Montenegro), 2007 I.C.J. 43, para. 392 (February 26).

Ibid ., para. 393.

The Mueller indictment charges eleven officers of the GRU (the “Conspirators”) with crimes (e.g. count eleven: “Conspiracy to commit an offense against the United States”) regarding the hack and leak of the Clinton Campaign, DNC, and DCCC during the 2016 presidential election. See U.S. v. Viktor Borisovich Netyksho, et al. (1:18-cr-215, District of Columbia); Andrew Prokop, “All of Robert Mueller's Indictments and Plea Deals in the Russia Investigation So Far,” Vox, January 25, 2019, https://www.vox.com/policy-and-politics/2018/2/20/17031772/mueller-indictments-grand-jury.

International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, para. 6 of commentary to art. 8, U.N. Doc. A/56/10, at 31 (2001).

Ibid ., para. 6 of commentary to art. 8.

Ibid ., chapeau to Chapter II of Part one, paras 2–3, para. 7 of commentary to art. 8.

Ibid ., art. 8. Article 8 of the Draft Articles on Responsibility of States has also been recognized as customary international law by the International Court of Justice. See Application of the Convention on the Prevention and Punishment of the Crime of Genocide (Bosn. & Herz. v. Serb. & Montenegro), 2007 I.C.J. 43, para. 398 (February 26).

Ibid ., para. 7 of the commentary to art. 8.

Ibid ., para. 2 of commentary to art. 8.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 95–96; Thomas Payne, “Teaching Old Law New Tricks: Applying and Adapting State Responsibly to Cyber Operations,” Lewis & Clark Law Review 20, no. 2 (2016): 705.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 96. See also Paramilitary Activities in and Against Nicaragua (Nicar. v. U.S.), 1986 I.C.J. 14, para. 115 (June 27); Application of the Convention on the Prevention and Punishment of the Crime of Genocide (Bosn. & Herz. v. Serb. & Montenegro), 2007 I.C.J. 43, para. 400 (February 26).

“[I]t is not necessary to show that the persons who performed the acts alleged to have violated international law were in general in a relationship of complete dependence on the respondent State; it has to be proved that they acted in accordance with that States instructions or under its effective control. It must however be shown that this effective control was exercised, or that the States instructions were given, in respect of each operation in which the alleged violations occurred, not generally in respect of the overall actions taken by the persons or groups of persons having committed the violations.” See Application of the Convention on the Prevention and Punishment of the Crime of Genocide (Bosn. & Herz. v. Serb. & Montenegro), 2007 I.C.J. 43, para. 400 (February 26).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 96.

Ibid ., 97.

International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, paras. 7–8 of commentary to art. 8, U.N. Doc. A/56/10, at 31 (2001).

Office of the Director of National Intelligence (ODNI), Assessing Russian Activities and Intentions in Recent US Elections, ICA 2017-01D, (January 6, 2017): ii, accessed January 30, 2019, https://www.dni.gov/files/documents/ICA_2017_01.pdf.

Ibid ., 2.

Andrey Ostroukh, “Putin Tells U.S. to Send Evidence of Vote Meddling,” Reuters, March 3, 2018, https://www.reuters.com/article/us-usa-trump-putin-reaction/putin-tells-u-s-to-send-evidence-of-vote-meddling-idUSKCN1GF0AS.

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 58; David E. Sanger and Martin Fackler, “N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say,” The New York Times, January 18, 2015, https://www.nytimes.com/2015/01/19/world/asia/nsa-tapped-into-north-korean-networks-before-sony-attack-officials-say.html.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 83.

However, the U.N. GGE has encouraged States to provide such evidence when cyber operations are at issue. See Rep. of the Group of Governmental Experts on Dev. in the Field of Info. and Telecomm. in the Context of Int'l Security, para. 15, U.N. Doc. A/70/174 (July 22, 2015).

Office of the Director of National Intelligence (ODNI), Assessing Russian Activities and Intentions in Recent US Elections, ICA 2017-01D, (January 6, 2017): ii, accessed January 30, 2019, https://www.dni.gov/files/documents/ICA_2017_01.pdf.

U.S. v. Internet Research Agency, et al. (1:18-cr-32, District of Columbia): at 6.

Ibid ., at 6.

Ibid ., at 3; Office of the Director of National Intelligence (ODNI), Assessing Russian Activities and Intentions in Recent US Elections, ICA 2017-01D, (January 6, 2017): 3–4, accessed January 30, 2019, https://www.dni.gov/files/documents/ICA_2017_01.pdf.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 96.

For instance, Shackelford and Andres point out the drawbacks of the effective control test (i.e. the standard of effective control is too high in practice). See Scott J. Shackelford and Richard B. Andres, “State Responsibility for Cyber Attacks: Competing Standards for a Growing Problem,” Georgetown Journal of International Law 42, (2011): 987–988.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 81.

For a discussion regarding the burdens, standards, and methods of proof see Marco Roscini, “Evidentiary Issues in International Disputes Related to State Responsibility for Cyber Operations,” in Cyber War: Law and Ethics for Virtual Conflicts, ed. Jens Ohlin, Kevin Govenr, and Claire Finkelstein (Cambridge, UK: Cambridge University Press, 2015). Doi: 10.1093/acprof:oso/9780198717492.001.0001.

The author notes that users have the option of using proxy servers or onion-routing tools such as Tor to mask their IP addresses when acting online. Users can also “spoof” their IP address. Therefore, attributing an action gets more difficult. See Larry Greenemeier, “Seeking Address: Why Cyber Attacks are so Difficult to Trace Back to Hackers,” Scientific American (June 11, 2011), https://www.scientificamerican.com/article/tracking-cyber-hackers/; Delbert Tran, “The Law of Attribution: Rules for Attribution the Source of a Cyber Attack,” The Yale Journal of Law & Technology 20 (2018): 386–391. See also David D. Clark and Susan Landau, “Untangling Attribution,” Harvard Journal of Law and Technology 2 (2011): 531.

For example, the series of alleged Russian cyber-attacks on Estonia in 2007 have been reported to originate from at least 177 countries, and as well from within Estonia itself. See Michael N. Schmitt, “Cyber Operations and the Jus Ad Bellum Revisited,” Villanova Law Review 56, no. 3 (2011): 569–570.

Brian J. Egan, “International Law and Stability in Cyberspace,” Berkeley Journal of International Law 35 (2017): 176.

Peter W. Singer and Allan Friedman, Cybersecurity and Cyberwar: What Everyone Needs to Know (Oxford, UK: Oxford University Press, 2014): 73.

Press Release, White House, Statement by the President on Actions in Response to Russian Malicious Cyber Activity and Harassment (December 29, 2016), accessed February 9, 2019, https://perma.cc/3XXD-8K5C; David E. Sanger, “Obama Strikes Back at Russia for Election Hacking,” The New York Times, December 29, 2016, https://www.nytimes.com/2016/12/29/us/politics/russia-election-hacking-sanctions.html.

Peter Baker, “White House Penalizes Russians over Election Meddling and Cyberattacks,” The New York Times, March 16, 2018, https://www.nytimes.com/2018/03/15/us/politics/trump-russia-sanctions.html.

Laura Smith-Spark and Radina Gigova, “Russia to Expand American Blacklist After New US Sanctions,” CNN, March 16, 2018, https://perma.cc/DY52-LW48.

U.S. Department of State, Section 231 of CAATSA, (n.d.), accessed February 26, 2019, https://www.state.gov/t/isn/caatsa/.

Michael N. Schmitt, “Peacetime Cyber Response and Wartime Cyber Operations Under International Law: An Analytical Vade Mecum,” Harvard National Security Journal 8 (2017).

International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, chapeau to Chapter II of Part three, para. 3 of commentary, U.N. Doc. A/56/10, at 31 (2001).

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 64.

International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, art. 22, U.N. Doc. A/56/10, at 31 (2001).

Ibid ., chapeau to Chapter II of Part three, para. 1 of commentary, U.N. Doc. A/56/10, at 31 (2001); Paramilitary Activities in and Against Nicaragua (Nicar. v. U.S.), 1986 I.C.J. 14, para. 249 (June 27); Gabčíkovo-Nagymaros Project (Hung./Slovk.), 1997 I.C.J. 7, paras. 82–83 (September 25); Case Concerning the Air Service Agreement of 27 March 1946 (U.S. v. Fr.), 18 R.I.A.A. 417, paras. 80–96 (Arb. Trib. 1979).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 112–113.

It needs to be noted that recommendations made and measures imposed by the Security Council pursuant to Chapter VII of the UN Charter do not qualify as countermeasures. The Council's powers render them lawful ab initio. Furthermore, if a treaty includes a requirement to resort to specific means of dispute resolution, this usually bars countermeasures. See NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 114–115.

International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, para. 3 of commentary to art. 49, U.N. Doc. A/56/10, at 31 (2001).

Michael N. Schmitt, ”Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 64.

i) The purpose of the countermeasure is to end the unlawful action or omission of a responsible State, ii) countermeasures may not be taken in response to an internationally wrongful act that has ended, is unlikely to be repeated, and regarding which reparation and assurances or guarantees, where appropriate, have been provided, iii) usually the State invoking countermeasures must notify the responsible State of its intent to do so. However, in certain circumstances where the injured State needs to act immediately in order to preserve its rights and avoid further injury, the injured State may launch “urgent countermeasures” without notification of its intent to do so, vi) countermeasures may not include actions that affect fundamental human rights, amount to prohibited belligerent reprisals, violate a peremptory norm, or amount to the level of an armed attack (in the context of self-defense), v) and countermeasures must be proportionate. See NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 116–125; International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, art. 49–52, U.N. Doc. A/56/10, at 31 (2001).

International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, art. 49(2), art. 53, U.N. Doc. A/56/10, at 31 (2001).

Ibid ., para. 1 of commentary to art. 25.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 135.

Necessity has been cited in many contexts. See, e.g., Legal Consequences of the Construction of a Wall in the Occupied Palestinian Territory, Advisory Opinion, 2004 I.C.J. 136, para. 140 (9 July); Rainbow Warrior (N.Z. v. Fr.), 20 R.I.A.A. 217, para. 78 (Arb. Trib. 1990).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 135; International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, para. 2 of commentary to art. 25, U.N. Doc. A/56/10, at 31 (2001).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 137–138.

Ibid ., 135; International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, para. 15 of commentary to art. 25, U.N. Doc. A/56/10, at 31 (2001).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 136–137.

Gabčíkovo-Nagymaros Project (Hung./Slovk.), 1997 I.C.J. 7, para. 54 (September 25).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 138–139.

International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, art. 25(1)(b), U.N. Doc. A/56/10, at 31 (2001).

Legal Consequences of the Construction of a Wall in the Occupied Palestinian Territory, Advisory Opinion, 2004 I.C.J. 136, para. 140 (9 July); International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, para. 15 of commentary to art. 25, U.N. Doc. A/56/10, at 31 (2001).

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 65.

Ibid ., 66.

Since Hillary Clinton lost the Presidency by 77,744 votes cast in the key states of Pennsylvania, Michigan, and Wisconsin – just 0.6% of the votes cast in those states – even a modest impact of disinformation could have been decisive. See Richard Gunther, Paul A. Beck, and Erik C. Nisbet, “Fake News May Have Contributed to Trump's 2016 Victory” (study, Ohio State University, 2018), accessed February 5, 2019, https://www.documentcloud.org/documents/4429952-Fake-News-May-Have-Contributed-to-Trump-s-2016.html. The author acknowledges that the study has not been peer reviewed but it certainly offers an insight into how disinformation may affect voter choices.

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 339.

Ibid ., 339.

International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Responsibility of States for Internationally Wrongful Acts, para. 6 of commentary to art. 21, U.N. Doc. A/56/10, at 31 (2001).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 342.

Michael N. Schmitt, “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law,” Chicago Journal of International Law 19, no. 1 (2018): 64.

Luke Chircop, “A Due Diligence Standard of Attribution in Cyberspace,” International and Comparative Law Quarterly 67 (2018): 652–653.

Michael N. Schmitt, “Grey Zones in the International Law of Cyberspace,” The Yale Journal of International Law Online 42 (2017): 3, available at SSRN: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3180687.

James Crawford and Ian Brownlie, Brownlie's Principles of Public International Law, 8th ed. (2012): 16.

Ido Kilovaty, “Doxfare: Politically Motivated Leaks and the Future of the Norm on Non-Intervention in the Era of Weaponized Information,” Harvard National Security Journal 9 (2018): 170.

See for example: Beatrice A. Walton, “Duties Owed: Low-Intensity Cyber Attacks and Liability for Transboundary Torts in International Law,” The Yale Law Journal 126 (2017); Ido Kilovaty, “Doxfare: Politically Motivated Leaks and the Future of the Norm on Non-Intervention in the Era of Weaponized Information,” Harvard National Security Journal 9 (2018); Jacqueline Van De Velde, “The Law of Cyber Interference in Elections” (paper, Yale Law School, 2017), 34–35, accessed January 19, 2019, https://law.yale.edu/system/files/area/center/global/document/van_de_velde_cyber_interference_in_elections_06.14.2017.pdf.

Jacqueline Van De Velde, “The Law of Cyber Interference in Elections” (paper, Yale Law School, 2017), 35–37, accessed January 19, 2019, https://law.yale.edu/system/files/area/center/global/document/van_de_velde_cyber_interference_in_elections_06.14.2017.pdf.

For a detailed discussion of the four risks see Eric Talbot Jensen and Sean Watts, “A Cyber Duty of Due Diligence: Gentle Civilizer or Crude Destablizier,” Texas Law Review 95 (2017): 1568 et seq.

Other examples for disinformation operations aimed at elections can be found in Freedom House, Freedom on the Net 2017: Manipulating Social Media to Undermine Democracy (2017), accessed March 7, 2019, https://freedomhouse.org/sites/default/files/FOTN_2017_Final.pdf.

Jacqueline Van De Velde, “The Law of Cyber Interference in Elections” (paper, Yale Law School, 2017), 37, accessed January 19, 2019, https://law.yale.edu/system/files/area/center/global/document/van_de_velde_cyber_interference_in_elections_06.14.2017.pdf.

Jack Goldsmith, “Cybersecurity Treaties: A Sceptical View” (paper, Hoover Institution at Stanford University, 2011), 12, accessed March 6, 2019, http://media.hoover.org/sites/default/files/documents/FutureChallenges_Goldsmith.pdf.

However, like-minded States also drove non-proliferation of weapons of mass destruction first before other nations adopted this norm of international behavior. See James A. Lewis, “Multilateral Agreements to Constraint Cyberconflict,” Arms Control Today 40 (2010): under “The Way Ahead,” accessed March 6, 2019, https://www.armscontrol.org/act/2010_06/Lewis.

Ugo Pagallo, “Cyber Force and the Role of Sovereign States in Informational Warfare,” Philosophy & Technology 28, no. 3 (2015): 416; Jack Goldsmith, “Cybersecurity Treaties: A Sceptical View” (paper, Hoover Institution at Stanford University, 2011), 8, accessed March 6, 2019, http://media.hoover.org/sites/default/files/documents/FutureChallenges_Goldsmith.pdf. Interestingly, Professor Muir has proposed a trilateral cyber treaty between China, Russia, and the United States. See Lawrence L. Muir Jr., “Combatting Cyber-Attacks Through National Interest Diplomacy: A Trilateral Treaty with Teeth,” Washington & Lee Law Review Online 68 (2012).

Jack Goldsmith, “Cybersecurity Treaties: A Sceptical View” (paper, Hoover Institution at Stanford University, 2011), 6, accessed March 6, 2019, http://media.hoover.org/sites/default/files/documents/FutureChallenges_Goldsmith.pdf.

Stephan Moore, “Cyber Attacks and the Beginnings of an International Cyber Treaty,” North Carolina Journal of International Law and Commercial Regulation 39 (2013): 251.

This crucial difference in interests was for instance shown in the proposed International Code of Conduct for Information Security by representatives of China, Russia, Tajikistan, and Uzbekistan in 2011 and 2015. The Code addresses cyber security but also calls on States to reduce the dissemination of information, which undermines other countries' political, economic, and social stability. A big question mark is the different perspectives on human rights in the online domain. See Sarah McKune, “An Analysis of the International Code of Conduct for Information Security,” The Citizen Lab, September 28, 2015, https://citizenlab.ca/2015/09/international-code-of-conduct/.

Irène Couzigou, “Securing Cyber Space: The Obligation of States to Prevent Harmful International Cyber Operations,” International Review of Law, Computers & Technology 32, no. 1 (2018): 54; Jacqueline Van De Velde, “The Law of Cyber Interference in Elections” (paper, Yale Law School, 2017), 37, accessed January 19, 2019, https://law.yale.edu/system/files/area/center/global/document/van_de_velde_cyber_interference_in_elections_06.14.2017.pdf; Louise Arimatsu, “A Treaty for Governing Cyber-Weapons: Potential Benefits and Practical Limitations” (paper presented at the 4th International Conference on Cyber Conflict, NATO CCD COE Publications, Tallinn, 2012); Logan Hamilton, “Beyond Ballot-Stuffing: Current Gaps in International Law Regarding Foreign State Hacking to Influence a Foreign Election,” Wisconsin International Law Journal 35 (2017); Christina Lam, “A Slap on the Wrist: Combatting Russia's Cyber Attack on the 2016 U.S. Presidential Election,” Boston College Law Review 59 (2018).

Scott J. Shackelford, Scott Russell, and Andreas Kuehn, “Unpacking the International Law on Cybersecurity Due Diligence: Lessons from the Public and Private Sectors,” Chicago Journal of International Law 17, no. 1 (2016): 5.

Convention on Cybercrime, Nov. 23, 2001, 2296 U.N.T.S. 167 [hereinafter Budapest Convention].

Jack Goldsmith, “Cybersecurity Treaties: A Sceptical View” (paper, Hoover Institution at Stanford University, 2011), 3, accessed March 6, 2019, http://media.hoover.org/sites/default/files/documents/FutureChallenges_Goldsmith.pdf.

Ibid ., 6.

Louise Arimatsu, “A Treaty for Governing Cyber-Weapons: Potential Benefits and Practical Limitations” (paper presented at the 4th International Conference on Cyber Conflict, NATO CCD COE Publications, Tallinn, 2012): 101.

Jack Goldsmith, “Cybersecurity Treaties: A Sceptical View” (paper, Hoover Institution at Stanford University, 2011), 10–11, accessed March 6, 2019, http://media.hoover.org/sites/default/files/documents/FutureChallenges_Goldsmith.pdf.

Almost all treaties risk becoming out-dated as times and norms change. See Rebecca Crootof, “International Cybertorts: Expanding State Accountability in Cyberspace,” Cornell Law Review 103 (2018): 642.

John Cerone, “A Taxonomy of Soft Law: Stipulating a Definition,” in Tracing the Roles of Soft Law in Human Rights, ed. Lagoutte, Stéphanie, Lagoutte, Thomas Gammeltoft-Hansen, and John Cerone, 15 (Oxford: Oxford University Press, 2016). Doi: 10.1093/acprof:oso/9780198791409.003.0002.

A first group adopts a binary approach, where something is either law or not law. Here, soft law refers to rules of positive law that are recognized as such, but nonetheless may be considered soft in their commands. The softness might be attributable to, for instance, vague language or non-justifiable formulations. See e.g. Prosper Weil, “Towards Relative Normativity in International Law,” American Journal of International Law 77, no. 3 (1983): 414.

A second group rejects the binary approach and sees a broader spectrum of law than what is formulated in Article 38 of the ICJ Statute. This approach views law as more of a continuum (i.e. a spectrum of normativity and behavior-influencing capacity). In the technical sense, soft law may not be legally binding but it is a type of law since it is typically formulated as rules and is intended to, and often does, guide behavior. The softness of a norm, formulation, or instrument could for example be due to specificity, enforceability, justifiability, normativity, or bindingness. See e.g. Gregory C. Shaffer and Mark A. Pollack, “Hard Versus Soft Law in International Security,” Boston College Law Review 52 (2011): 1160; Cristine M. Chinkin, “The Challenge of Soft Law: Development and Change in International Law,” International and Comparative Law Quarterly 38, no. 4 (1989): 851.

A third group does not regard soft law as law at all. A rule is described as “soft” because it is not itself law. However, this rule is still referred to as “law” since it may have an influence on law or may achieve some of the effects that law seeks to achieve. See e.g. Jan Klabbers, “The Redundancy of Soft Law,” Nordic Journal of International Law 65 (1996); John Cerone, “A Taxonomy of Soft Law: Stipulating a Definition,” in Tracing the Roles of Soft Law in Human Rights, ed. Lagoutte, Stéphanie, Lagoutte, Thomas Gammeltoft-Hansen, and John Cerone, 16–17, Oxford: Oxford University Press, 2016. Doi: 10.1093/acprof:oso/9780198791409.003.0002.

Another variation in the usage of the term soft law is that it is also used to describe a category of instruments. In general, it describes instruments that are adopted in an intergovernmental setting and that set fourth rules of behavior or other normative standards, but that are not legally binding. See Jan Klabbers, “The Redundancy of Soft Law,” Nordic Journal of International Law 65 (1996): 168.

Soft law as used to describe these instruments overlaps with the second and third approach. However, it needs to be noted that the usages are not coextensive. See John Cerone, “A Taxonomy of Soft Law: Stipulating a Definition,” in Tracing the Roles of Soft Law in Human Rights, ed. Lagoutte, Stéphanie, Lagoutte, Thomas Gammeltoft-Hansen, and John Cerone, 17 (Oxford: Oxford University Press, 2016). Doi: 10.1093/acprof:oso/9780198791409.003.0002.

John Cerone, “A Taxonomy of Soft Law: Stipulating a Definition,” in Tracing the Roles of Soft Law in Human Rights, ed. Lagoutte, Stéphanie, Lagoutte, Thomas Gammeltoft-Hansen, and John Cerone, 18 (Oxford: Oxford University Press, 2016). Doi: 10.1093/acprof:oso/9780198791409.003.0002.

Ibid ., 18.

Ibid ., 21.

Ibid ., 23.

Ibid ., 24.

The 2015 International Code of Conduct for Information Security contains a norm, which would cover disinformation operations aimed at elections. Paragraph 3 of the Code states that States voluntarily subscribe and pledge: “Not to use information and communications technologies and information and communications networks to interfere in the internal affairs of other States or with the aim of undermining their political, economic and social stability.” See International Code of Conduct for Information Security (Letter dated January 9. 2015 from the Permanent Representative of China, Kazakhstan, Kyrgyzstan, the Russian Federation, Tajikistan, and Uzbekistan to the UN addressed to the Secretary-General), UN Doc. A/69/723 (January 13, 2015).

Sarah McKune, “An Analysis of the International Code of Conduct for Information Security,” The Citizen Lab, September 28, 2015, https://citizenlab.ca/2015/09/international-code-of-conduct/.

EU Code of Practice on Disinformation (Sept. 2018), https://ec.europa.eu/digital-single-market/en/news/code-practice-disinformation.

Rep. of the independent High level Group on fake news and online disinformation, A Multi-dimensional Approach to Disinformation, European Commission, March, 2018, doi: 10.2759/739290.

The Sounding Board, The Sounding Board's Unanimous Final Opinion on the So-Called Code of Practice, September 24, 2018, https://ec.europa.eu/digital-single-market/en/news/code-practice-disinformation.

Barrie Sander, “Democracy Under the Influence: Paradigms of State Responsibility for Cyber Influence Operations on Elections,” Chinese Journal of International Law 18 (2019): para. 7.

Janet Koven, “Bottom-up International Lawmaking: Reflections on the New Haven School of International Law,” The Yale Journal of International Law 32 (2007).

Ricardo Pisillo-Mazzeschi, “The Due Diligence Rule and the Nature of International State

Responsibility,” German Yearbook of International Law 36 (1993): 26–27, 48.

As explained by the International Law Commission, a State “should possess a legal system and sufficient resources to maintain an adequate administrative apparatus to control and monitor [detrimental] activities” for the rights of other States. See International Law Commission, Report on the Work of Its Fifty-Third Session, Draft Articles on Prevention of Transboundary Harm from Activities, Art. 3, para. 17 of commentary, U.N. Doc. A/56/10, at 148 (2001).

Responsibilities and Obligations of States Sponsoring Persons and Entities with Respect to Activities in the Area, Case No. 17, Advisory Opinion of Feb. 1, 2011, ITLOS Reports 10, para. 110.

The ICJ further specified the scope of an obligation of conduct and stated: “it is clear that the obligation in question is one of conduct and not one of result, in the sense that a State cannot be under an obligation to succeed, whatever the circumstances, in preventing the commission of genocide: the obligation of States parties is rather to employ all means reasonably available to them, so as to prevent genocide as far as possible.” See Application of the Convention on the Prevention and Punishment of the Crime of Genocide (Bosn. & Herz. v. Serb. & Montenegro), 2007 I.C.J. 43, para. 430 (February 26).

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, ed. Michael N. Schmitt and Liis Vihul, 2nd ed. (Cambridge, UK: Cambridge University Press, 2017): 48–49.

Article 2 for instance states that “[e]ach Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law.” See Convention on Cybercrime, Nov. 23, 2001, 2296 U.N.T.S. 167, Chapter II, Section 1.

Irène Couzigou, “Securing Cyber Space: The Obligation of States to Prevent Harmful International Cyber Operations,” International Review of Law, Computers & Technology 32, no. 1 (2018): 51.

18 U.S.C. § 1030(a)(1) (1984).

U.S. Department of Justice, Production Company Registers Under the Foreign Agent Registration Act as Agent for the Russian Government Entity Responsible for Broadcasting RT (November 13, 2017), https://www.justice.gov/opa/pr/production-company-registers-under-foreign-agent-registration-act-agent-russian-government.

Congress passed FARA in 1938. The purpose of the Act is to ensure that the American public and lawmakers know the source of information coming from a foreign principal, where that information may be intended to influence U.S. public opinion, policy and laws. See 22 U.S.C. § 611–621 (1938).

Colin Lecher, “Senators Announce New Bill That Would Regulate Online Political Ads,” The Verge, October 19, 2017, https://www.theverge.com/2017/10/19/16502946/facebook-twitter-russia-honest-ads-act.

Daniel Funke, “A Guide to Anti-Misinformation Actions Around the World,” Poynter, (n.d.), accessed March 11, 2019, https://www.poynter.org/ifcn/anti-misinformation-actions/.

Ashley S. Deeks, “Confronting and Adapting: Intelligence Agencies and International Law,” Virginia Law Review 102, no. 3 (2016): 613–614.

Logan Hamilton, “Beyond Ballot-Stuffing: Current Gaps in International Law Regarding Foreign State Hacking to Influence a Foreign Election,” Wisconsin International Law Journal 35 (2017): 198.

Rebecca Crootof, “International Cybertorts: Expanding State Accountability in Cyberspace,” Cornell Law Review 103 (2018): 642; Thomas Payne, “Teaching Old Law New Tricks: Applying and Adapting State Responsibly to Cyber Operations,” Lewis & Clark Law Review 20, no. 2 (2016): 689.

International Law Commission, Report on the Work of Its Seventieth Session, Draft Conclusion on Identification of Customary International Law with Commentaries, Conclusion 8 and Conclusion 9, U.N. Doc. A/73/10, at 122 (2018).

Scott J. Shackelford, Scott Russell, and Andreas Kuehn, “Unpacking the International Law on Cybersecurity Due Diligence: Lessons from the Public and Private Sectors,” Chicago Journal of International Law 17, no. 1 (2016): 5–7.

Luke Chircop, “A Due Diligence Standard of Attribution in Cyberspace,” International and Comparative Law Quarterly 67 (2018): 667–668. See e.g. Estonia 2007 (Russia); Georgia 2007 (Russia); Agent.btz 2008 (United States and Russia); DDoS attacks against the U.S. and South Korea 2009 (United States); Stuxnet 2010 (United States); Google Hack 2010 (China); U.S. Department of Defense Hack 2012 (United States); Sony Hack 2014 (United States); U.S. Office of Personnel Management Hack 2014 (United States and China); DNC Hack 2016 (United States and Russia).

How the influence on custom by the most affected States plays out can be seen in the Legality of the Threat or Use of Nuclear Weapons, Advisory Opinion, 1996 I.C.J. (8 July).

How such a change in custom may develop can be seen in the development of the norms regarding sovereignty in the sea. For hundreds of years the British claimed a three-mile territorial sea. Russia in 1927 claimed twelve miles, which became the norm. Further, President Truman in 1945 issued two proclamations relating to the sea, claiming rights regarding the continental shelf and the contiguous zone. Other States followed the proclamation and the norm was later codified. As a response to the Truman Proclamations, certain South American States declared a 200-mile zone with exclusive fishing rights, which also became customary international law. See Tommy T. B. Koh, “The Origins of the 1982 Convention on the Law of the Sea,” Malaya Law Review 29 (1987): 9–11.

John J. Chung, “Nation-States and Their Operations in Planting of Malware in Other Countries: Is it Legal Under International Law,” University of Pittsburgh Law Review 80 (2018): 66.

Ibid ., 66.

In a quantitative study by Dov H. Levin he found that the US and the USSR/Russia between 1946 and 2000 made 117 electoral interventions. This means that one of every nine competitive elections since World War II has been the target of such an electoral intervention either by the US or the USSR/Russia. See Dov H. Levin, “Partisan Electoral Interventions by the Great Powers: Introducing the PEIG Dataset,” Conflict Management and Peace Science 36, no. 1 (2019): 94.

Martin Libicki, “The Coming of Cyber Espionage Norms” (paper presented at the 9th International Conference on Cyber Conflict, NATO CCD COE Publications, Tallinn, 2017): 12.

On May 23, 2018 the former Attorney General of the UK Jeremy Wright in a speech set out the UK's view on how to apply international law to cyberspace. According to his speech, the UK considers hostile cyber operations to manipulate the electoral system to alter the results of an election in another State (which arguably would include disinformation operations) as a breach of the prohibition on intervention in the domestic affairs of States. In his speech he stated that “[t]he international law prohibition on intervention in the internal affairs of other states is of particular importance in modern times when technology has an increasing role to play in every facet of our lives, including political campaigns and the conduct of elections. As set out by the International Court of Justice in its judgment in the Nicaragua case, the purpose of this principle is to ensure that all states remain free from external, coercive intervention in the matters of government which are at the heart of a state's sovereignty, such as the freedom to choose its own political, social, economic and cultural system. The precise boundaries of this principle are the subject of on-going debate between states, and not just in the context of cyber space. But the practical application of the principle in this context would be the use by a hostile state of cyber operations to manipulate the electoral system to alter the results of an election in another state, intervention in the fundamental operation of Parliament, or in the stability of our financial system. Such acts must surely be a breach of the prohibition on intervention in the domestic affairs of states.” See Attorney General's Office of the UK, Speech by the Attorney General Jeremy Wright on Cyber and International Law in the 21st Century (May 23, 2018), accessed April 4, 2019, https://www.gov.uk/government/speeches/cyber-and-international-law-in-the-21st-century.

On December 29, 2016 former President Obama issued a statement that the Russian interference violated “established international norms of behaviour.” However, neither the Obama administration nor the Trump administration asserted that the actions conducted during the 2016 presidential election violate any primary rule of international law. This raises the question of the legal character regarding the actions aimed at (democratic) elections. See Press Release, White House, Statement by the President on Actions in Response to Russian Malicious Cyber Activity and Harassment (December 29, 2016), accessed February 9, 2019, https://perma.cc/3XXD-8K5C.

See e.g. Rep. of the independent High Level Group on fake news and online disinformation, A Multi-dimensional Approach to Disinformation, European Commission, March, 2018, doi: 10.2759/739290.

See e.g. EEZ development.

That which international law does not prohibit it permits. See S.S. Lotus (Fr. v. Turk.), 1927 P.C.I.J. (ser. A) No. 10, at 18 (September 7); Paramilitary Activities in and Against Nicaragua (Nicar. v. U.S.), 1986 I.C.J. 14, para. 269 (June 27).

Duncan Hollis, “The Influence of War; The War of Influence,” Temple Journal of International & Comparative Law 32 (2018): 46.

Nicolas C. Ashley, “Taming the Trolls: The Need for an International Legal Framework to Regulate State Use of Disinformation on Social Media,” The Georgetown Law Journal Online 107 (2018).

Duncan Hollis, “The Influence of War; The War of Influence,” Temple Journal of International & Comparative Law 32 (2018): 44.

Attorney General's Office of the UK, Speech by the Attorney General Jeremy Wright on Cyber and International Law in the 21st Century (May 23, 2018), accessed April 4, 2019, https://www.gov.uk/government/speeches/cyber-and-international-law-in-the-21st-century.