International cooperation in countering cybercrime is actively developing. Thus, its various forms in criminal prosecution includes mutual legal assistance, cooperation in the field of arrest warrants, law enforcement collaboration, mutual recognition of foreign verdicts, etc.
In view of contradictions and no clear system of ICT regulation or information security stipulations in the international law, working out a new framework is perceived as a bit premature right now. Today, debate is under way in the international law doctrine about the need for a judicial authority whose mandate would include adjudicating cases related to ICT.
Besides, there is a problem that there is a lack of consensus on the fundamental issues of international information security (IIS). For example, we see no uniform understanding of key terms. Moreover, states not only interpret them differently, but also use different terms. There are serious ideological differences on various aspects of ICT use and regulation. No tradeoff has been worked out on whether the existing norms of international law are applicable to ICT or whether new norms need to be developed, and whether there is a requirement for legally binding norms of international law that would be applicable to ICT, or if “soft law” would sufficient enough.
Things may well result in a yet another politicized or ineffective institution. Due to the lack of comprehensive international legal regulation of international information security, creating such a body at the current stage of international law evolution and amid a serious crisis crippling international relations, would be an untimely move.
In the current international environment, the significance of the Information and Communications Technology (ICT) is steadily rising. In this context, international cooperation is gradually moving towards a legal architecture for ICT governance and international information security (IIS) as an integral part of the overall international security framework. One of the key global challenges on this path is cybercrime. In a broader sense, cybercrime can be defined as criminal activity related to the ICT environment. Such are, for instance, crimes that target a PC or a network as well as crimes that rely on a PC or a network as a means for the attack.
According to statistics, global damages from cybercrime in 2022 alone were estimated at around USD 8.4 trillion. However, the cost of cybercrime incidents will expectedly exceed USD 11 trillion this year, while annual global spending on countering cyber offenses could exceed USD 20 trillion by 2026, an increase of almost 150% since 2022.
International cooperation in countering cybercrime is actively developing. Thus, its various forms in criminal prosecution includes mutual legal assistance, cooperation in the field of arrest warrants, law enforcement collaboration, mutual recognition of foreign verdicts, etc. There are four identifiable sources of such cooperation: <
- these are multilateral treaties on international cooperation in combating crime;
- multilateral treaties on criminal prosecution for certain offences;
- similar bilateral treaties;
- national legislation whose provisions may regulate international cooperation mechanisms for combating cybercrime.
Nevertheless, it can be pointed out that “the existing possibilities of legal assistance and international cooperation in fighting cybercrime are woefully insufficient in most cases.”
As for international litigation of ICT security violations, there is a need for a specific international mechanism to address the most grievous cyber offences that pose a threat to international security. Chapter VI of the United Nations Charter establishes the principle of peaceful settlement of disputes. One of the peaceful methods is judicial settlement. As for the application of this principle to ICT, the widespread desire to establish a global court with jurisdiction over transnational crimes in ICT has led to a variety of approaches in domestic and foreign international law doctrine . This issue is particularly relevant nowadays, given a steep rise in the number of cyber offences.
In 2010, the UN General Assembly adopted Resolution 65/230 to address the issue of consolidating the existing judicial mechanisms and/or to propose new national and international judicial or other measures against cybercrime. It instituted the open-ended intergovernmental lexpert group to conduct a comprehensive study of the problem of cybercrime and responses to it at the UN Commission on Crime Prevention and Criminal Justice. Notably, the creation of an international cybercrime court was not on the agenda of the Group’s first meeting in Vienna of January 2011.
The judicial mechanisms existing within the UN system have proven that effective and transparent international justice is possible. This sets the stage for the successful resolutions to issues pertaining to this area. Particularly, it is noted that the establishment of a judicial mechanism “...would guarantee that offenses are not treated differently in different jurisdictions” and “...would provide an opportunity for prosecution in those cases where states are often reluctant to prosecute such misdeeds.”
There are several concepts prevalent in domestic and foreign doctrines, regarding the implementation of judicial proceedings against the misuse of ICTs.
Expanding the Jurisdiction of the International Criminal Court and Creating a Cyberspace Branch
First, the jurisdiction of the International Criminal Court (ICC) could be extended. For example, the idea of delegating cases involving cyberspace to the ICC was voiced at the UN Congress on Crime Prevention and Criminal Justice, organized by the UN Office on Drugs and Crime in Bangkok in 2005: “...it is recommended that the crimes of cyber terrorism and cybercrime be considered with a view to developing an acceptable definition and listing them as crimes within the jurisdiction of the International Criminal Court.”
This option should be pursued by adopting additional provisions to the Rome Statute that would cover ICT and expand the list of crimes under its jurisdiction. In doing so, it is important to reach a global agreement that all nations should ratify the amendments to the Rome Statute. However, this further complicates the process, given that a number of states have not ratified the document yet. One reason is that they view “many of its provisions as contrary to national interests and state sovereignty.” As part of the implementation of this option, it is proposed to create an International Criminal Tribunal for cyberspace, which would be a division of the ICC.
International Criminal Court or Tribunal for Cyberspace
The second option being considered is instituting a special international criminal court or tribunal for cyberspace, which would operate under the Statute of the International Criminal Tribunal for Cyberspace (ICTC).
There is a position that “cyberattacks of the greatest global concern, which intentionally cause significant and comprehensive disruption of critical communications and information infrastructure, should fall under the jurisdiction of the ICTC.” The idea of its creation was proposed by Norwegian judge, international expert in cybercrime, and co-author of the concept of harmonizing computer crime legislation, Stein Schjolberg. In his work, Mr. Schjolberg puts forward the idea of establishing the ICTC. Its mandate would include prosecuting those who commit or order the most serious violations of the international cybercrime laws established under the provisions of the proposed statute, as well as pronouncing sentences on global cyberattack perpetrators. His list includes the following offences:
- acts committed intentionally against computer systems, information systems, data, information or other property protected under relevant international criminal law;
- wrongful acts of destroying, damaging or disabling critical communications and information infrastructure that result in damages to national security, civil defense, public administration and services, public health and safety, banking and financial services.
Creating ad-hoc courts or tribunals
Another option on the table is the creation of ad-hoc courts or tribunals as special temporary judicial mechanisms, established in accordance with the UN Security Council’s decision taken under Chapter VII of the UN Charter, which governs actions against threats to peace, breaches of peace and acts of aggression. The jurisdiction of these tribunals, as proposed, would extend to “the prosecution and punishment of cybercrime and should cover violations of the global treaty or package of treaties on cybercrime, as well as massive and coordinated global cyberattacks on critical information infrastructure.” Regarding the ratio of the jurisdiction of such ad-hoc courts or tribunals to national courts, parallel jurisdiction would be exercised, whereas priority would be given to the ad-hoc court or tribunal.
International Court of Justice on Cyberspace
Finally, there are ideas of establishing an independent International Court of Justice for cyberspace, which would deal with the most serious cybercrimes that pose a threat to the international community in general, and also particular international information security. While the former three options have jurisdiction over personal criminal responsibility for certain acts in the ICT environment,  the fourth option makes a state become a subject of international law.
Today, we can also hear statements from some countries about the need to establish a cyber-UN – a structure whose activities would focus on investigating crimes in ICT. However, this initiative has a certain idiosyncrasy: it has been declared that this institution won’t be inclusive, but rather selective and exclusive. Particularly, the Ukrainian side has stated that “Russia should have no place there.” In other words, the proposed organization will be leveraged to promote the interests of specific states and to discriminate against unwanted nations. Meanwhile, it’s not the political interests of individual states, but the formation of an international legal framework of cooperation to prevent conflicts in ICT that should be the key mission of such an institution.
It is crucial for any initiatives aimed at establishing a global judicial authority for regulating ICT to be equitable and open. In this regard, the UN seems to be the most effective forum, given that such a decision could be made binding on all member states by means of a respective action taken by the UNSC.
Regular Institutional Dialogue
However, there still remains another option. As part of the regular institutional dialogue on information security that is being discussed in the UN Open-ended Working Group (OEWG) on information and communication technology (ICT) security, as well as ICT security 2021-2025, a judicial body could be created. Nevertheless, this issue is not on the agenda yet and is unlikely to emerge in the near future. This is due to the fact that the parties already have disagreements on many issues within the mandate of the OEWG, so any attempts to establish a judicial body may further stall the negotiation process.
Maintaining the status quo
As was mentioned earlier, diverse positions on the issue at hand are pushed due to lack of agreement on basic theoretical foundations. The opposite view that there is no need for the emergence of additional forms of jurisdiction over cyberspace, since successful international cooperation is possible within the already existing framework, also makes some sense.
Is It Time to Form an International Cyber Court?
In view of apparent contradictions and no clear system of ICT regulation or information security stipulations in the international law, working out a new framework is perceived as a bit premature right now.
Today, debate is under way in the international law doctrine about the need for a tribunal whose mandate would include adjudicating cases related to ICT. However, the very nature of cyberspace brings with it certain intricacies. For example, the difficulty of attributing cyberattacks as well as collecting evidence from a technical point of view makes it difficult to establish the involvement of a particular state in any particular cyberattack.
Besides, there is a problem which boils down to the fact that there is a lack of consensus on the fundamental issues of international information security (IIS). For example, we see no uniform understanding of key terms. Moreover, states not only interpret them differently, but also use different terms. There are serious ideological differences on various aspects of ICT use and regulation. No tradeoff has been worked out on whether the existing norms of international law are applicable to ICT or whether new norms need to be developed, and whether there is a requirement for legally binding norms of international law that would be applicable to ICT, or if “soft law” would sufficient enough. In the meantime, a common vision or at least a compromise vision of the legal foundations of ICT, as well as harmonization of legislation, not to mention a global convention, is first and foremost necessary for the implementation of judicial proceedings on the global scale. Despite the fact that many states and regional organizations have developed and adopted a legal framework to combat cybercrime in recent years, there is no harmonization of national legal systems and no international convention to regulate activities in ICT in general and to handle cybercrime in particular. Thus, A.A. Danelyan points out that “there is no comprehensive universal international legal framework for cooperation” in ICT. The politization of ICT problems only makes the above-mentioned challenges even more daunting.
All of these factors threaten to result in a yet another politicized or ineffective institution. Due to the lack of comprehensive international legal regulation of international information security, creating such a body at the current stage of international law evolution and amid a serious crisis crippling international relations, would be an untimely move.
1. The doctrine of international law refers to the system of views and theories held by scholars, the national academic community. Source: www.ilarb.ru/html/news/2013/14062013.html
2. Here, it is important to accommodate the divergent positions of states on the implementation of personal criminal responsibility for cybercrime as well as their political priorities.