Lorenzo Maria Pacini
One of the issues that is increasingly attracting the attention of the world of international law and military strategy is how to combine the elements of neutrality with the new domains of hybrid warfare.
One of the issues that is increasingly attracting the attention of the world of international law and military strategy is how to combine the elements of neutrality with the new domains of hybrid warfare.
The conceptual debate regarding the extension of the customary norm of non-intervention can only be resolved through an analysis of state practice and opinio juris. In recent years, numerous senior government officials have expressed their respective states' positions on the application of the principle of non-intervention to cyber operations. However, as the above discussion shows, differences-however subtle-in the language used to describe this norm can lead to significant divergences in terms of applicability.
We will attempt to analyze the wording used in statements by senior representatives of seven states on the principle of non-intervention in cyberspace: the Netherlands, the United Kingdom, the United States, Australia, France, Iran, and China. The geographical scope considered is necessarily limited, as few states have made their positions on this specific issue public. The development of customary law in this area would benefit from a greater number of statements from a wider range of countries, which could help to clarify some of the ambiguities that will be highlighted below.
The Dutch Minister of Foreign Affairs, for example, outlined a restrictive conception of the principle of non-intervention in a letter sent in July 2019 to the Dutch parliament, aimed at clarifying the government's official position on the "international legal order in cyberspace." In general terms, the document defines intervention as 'interference in the internal or external affairs of another state with the aim of coercing it'. It also specifies that these affairs concern matters over which, by virtue of the principle of sovereignty, states have exclusive competence.
This reference to the "exclusive authority" of states, while remaining vague, places the Dutch approach in line with the concept of domaine réservé, i.e., the limited set of activities that are exempt from international law and reserved for state sovereignty. The letter explicitly mentions the holding of elections, the recognition of states, and membership of international organizations as areas of exclusive sovereign competence. The document also adopts a particularly narrow definition of coercion, consistent with that contained in the Tallinn Manual, according to which coercion consists in forcing a state to adopt a certain course of action-active or passive-that it would not otherwise have freely chosen.
Proving that a state would not have taken a certain course of action spontaneously can be complex, and furthermore, the only concrete example of coercion provided is the use of force, which, in addition to offering little additional clarity, suggests that the Netherlands sets a rather high threshold for establishing a violation of the principle.
The then Attorney General of the United Kingdom, Jeremy Wright, outlined the British position on 'cyber and international law in the 21st century' in a speech delivered in May 2018. Wright stated that the principle of non-intervention protects states from 'external and coercive interference in matters of government that are at the core of state sovereignty, such as the freedom to choose one's political, social, economic, and cultural system'. Similar to the Dutch emphasis on "exclusive" sovereign rights, the British reference to "core" areas of sovereignty suggests a relatively narrow interpretation of activities that are fully protected by the prohibition on intervention.
Wright acknowledges that the "precise boundaries" of this principle remain a matter of debate and does not provide a detailed definition of coercion. However, he gives some concrete examples of conduct that, according to the UK, would violate the non-interference rule: the use of cyber operations by a hostile state to manipulate the electoral system and alter its results, interference in the fundamental functioning of Parliament or in the stability of the financial system. The reference to the manipulation of election results, rather than the mere dissemination of disinformation, as well as the focus on the essential functions of Parliament, reinforce the idea that the United Kingdom takes a rather narrow view of the scope of the rule.
The US position on this issue emerges particularly clearly from two official statements: the first made in November 2016 by Brian Egan, Legal Adviser to the State Department under President Obama, and the second by the General Counsel of the Department of Defense under the Trump administration, Paul Ney, in March 2020. Both propose a formulation of the non-intervention rule that is essentially similar to that adopted by the United Kingdom.
Egan states that "this rule of customary international law prohibits states from taking coercive action affecting matters that each state has the right, by virtue of the principle of sovereignty, to determine freely, such as the choice of its political, economic, social, and cultural system." He further defines this principle as a "relatively narrow rule" of customary law. Ney modifies this approach only marginally, describing the "choice of political, economic, or cultural system" as one of the "fundamental functions" of the state. However, he offers greater clarity than Egan on the concept of coercion, noting that since the principle of non-intervention prohibits "actions designed to compel a State in violation of its rights," it does not prohibit activities to which the State concerned voluntarily consents. This contrast between coercion and consent suggests that the US conception is slightly broader than the Dutch emphasis on compulsion to change a specific public policy, coming closer to the Australian idea of loss of control.
Furthermore, the examples of prohibited interventions provided by Egan and Ney indicate that the US interpretation of political interference may be broader than the British one. Egan notes that a cyber operation that "manipulates the election results of another country" or "interferes with another state's ability to hold elections" would constitute a violation of the norm. The latter formulation seems to include a wider range of conduct, potentially including disinformation campaigns. Ney used similar language in his 2020 speech.
Australia set out its position on the principle of non-intervention in a working paper presented in September 2019 to the United Nations Open-ended Working Group on "Developments in the Field of Information and Telecommunications in the Context of International Security."
At first glance, the document suggests a broad interpretation of the norm: it states that prohibited intervention is that which, through coercive means-understood as instruments that effectively deprive another state of its ability to control, decide, or govern matters of an inherently sovereign nature-interferes, directly or indirectly, with matters that a state has the right to determine freely on the basis of the principle of sovereignty. Compared to the Dutch formulation, Australia adopts a broader notion of coercion, emphasizing the loss of control or capacity to govern.
As already noted, it is much easier to prove that an operation has deprived a State of control over certain functions of government than to prove that it has been forced to take an undesired decision. The Australian formulation of the first element of the norm reproduces almost verbatim that of the Nicaragua judgment, focusing on "matters which a State is entitled to decide freely by virtue of the principle of sovereignty." It does not introduce the additional qualifications found in the Dutch ("exclusive") and British ("core") positions. While referring to the same examples of unlawful interventions mentioned by Wright-the alteration of election results, interference in the fundamental functioning of Parliament, and impact on the stability of financial systems-the overall language of the document suggests a conception of the norm that considers a wider range of conduct to be unlawful.
In September 2019, the French Ministry of Defense also published an important document on the application of international law to cyberspace. In it, the principle of non-intervention is formulated in vague but very broad terms: interference through digital means in France's internal or external affairs, i.e., interference that causes or may cause damage to the country's political, economic, social, and cultural system, may constitute a violation of the principle.
It is significant that the document avoids the term 'coercion', replacing it with the much less defined concept of 'damage', which seems to include a much wider range of activities. Furthermore, the scope of sovereign prerogatives is outlined in a particularly broad manner, since any prejudice to the French political, economic, social, or cultural system-and not only to the choice of that system-could constitute a violation. Such wording could be invoked by authoritarian regimes to legitimize censorship practices, arguing that any information coming from outside causes "damage" to their social and cultural system.
It should be noted, however, that the entire statement is mitigated by the use of the verb 'may' in the final clause, indicating that the French position is not definitive and could be subject to further developments. Nevertheless, a literal interpretation of the text would have far-reaching consequences, significantly lowering the threshold of illegality compared, for example, to the Dutch approach.
In July 2020, the General Staff of the Iranian Armed Forces published a Declaration "on international law applicable to cyberspace," which details the Iranian conception of the applicability of the principle of non-intervention. The Declaration defines the scope of sovereign activities in a manner similar to the French position, stating that threats "against the personality of the State or against its political, economic, social, and cultural organs, carried out by cybernetic or other means, are considered unlawful." It also emphasizes, echoing the language of the 1981 Declaration, that states enjoy the "inherent right to the full development of information systems and mass media and their use, without external interference."
Alongside this broad conception of protected sovereign domain, which extensively includes media activities, the Declaration defines coercion in very broad terms, as any form of impediment, denial, or restriction of the exercise of sovereignty. Taken together, these definitions suggest that Iran considers cyber and media governance to be an exclusively sovereign sphere in which states have the right to operate without any "interference." The examples of unlawful intervention provided in the document confirm this broad approach: in addition to "cyber manipulation of elections," it also mentions "engineering public opinion on the eve of elections" and "sending massive and widespread messages to voters to influence election results in other states." This implies that the Iranian military authorities would consider all state actions aimed at disseminating information to the electorate of another country, whether true or misleading, to be illegitimate. Such an interpretation would therefore render most forms of transnational political interference unlawful.
Similar to Australia, China also submitted a working paper to the UN Open-ended Working Group in September 2019. Like the Iranian Declaration, the Chinese document would tend to classify most forms of cyber political interference as unlawful under the principle of non-intervention.
China reaffirms its support for the principle of "non-interference in the internal affairs of other states," calling it one of the pillars of a just and equitable international order in cyberspace. While not offering a direct definition of the norm, the text refers to related concepts that highlight the breadth with which Beijing conceives of unlawful interference. It states that states should exercise jurisdiction over ICT infrastructure, resources, and activities within their territory, and that they have the right to adopt public policies on information and communication technologies in accordance with their national circumstances in order to manage these areas autonomously. This indicates that China, like Iran, considers Internet governance to be a matter of exclusive sovereign competence, free from any external interference.
The document also reiterates that states should refrain from using ICT to interfere in the internal affairs of other countries or to undermine their political, economic, and social stability. The reference to 'stability' considerably broadens the scope of protected activities, as does the term 'undermine', which is much more inclusive than 'coercion' and seems to cover conduct that does not deprive the target state of control or force it to take unwanted decisions. This broad wording is consistent with China's emphasis on 'cyber sovereignty' and policies aimed at restricting the flow of information from outside its national networks.
The approach adopted in these different cases shows us how the principle of non-intervention is increasingly becoming a problem to be solved in order to continue hybrid conflicts, rather than a barrier to the spread of such conflicts.