CYBER ESPIONAGE AND ELECTRONIC SURVEILLANCE:
BEYOND THE MEDIA COVERAGE
William C. Banksâˆ—
In the twenty-first century it seems that everyone is eavesdropping on
everyone elseâ€”governments and companies, militaries, law enforcement and
intelligence agencies, hackers, criminals, and terrorists. State-sponsored and
private cyber espionage and criminal and foreign-intelligence surveillance
have ramped up in part because the national security threat environment is ever
more complicated and multifaceted, and the ability to meet it is increasingly
dependent on good intelligence, in real time. However, surveillance and
espionage have also increased because the Internet and cyber technology so
readily enable exploitation of intellectual property and other commercially
valuable information. Among its many attributes, the Internet has introduced
new dynamics to the age-old tensions between security and liberty. The
Internet expands our freedom to communicate at the same time it makes us less
secure. It expands our online vulnerabilities while it lowers the visibility of
intrusions. The Internet provides new means for enabling privacy intrusions
and causing national security and economic harm even as it provides
governments with ever more sophisticated tools to keep tabs on bad actors. Yet
in the cat and mouse game between the government agents and suspected
terrorists and criminals, ever newer devices and encryption programs ratchet
up privacy protections in ways that may prevent government access to those
devices and their contents. These devices and programs, in turn, may enable
cyber theft or even destructive terrorist attacks.
Espionage and intelligence collection are part of the national security
apparatus of every state. Cyber espionage involves deliberate activities to
penetrate computer systems or networks used by an adversary for obtaining
information resident on or transiting through these systems or networks. A
pertinent subset is economic espionage, where a state attempts to acquire
secrets held by foreign companies. Of course, states conducted economic
âˆ— Board of Advisers Distinguished Professor, Syracuse University College of Law; Director, Institute for
National Security and Counterterrorism.
514 EMORY LAW JOURNAL [Vol. 66:513
espionage before the Internet, but the availability of cyber exploitation rapidly
and significantly expanded the activity.1
Electronic surveillance intercepts communications between two or more
parties. The intercepts can give insight into what is said, planned, and
anticipated by adversaries. Because such vast quantities of communications
now travel through the Internet, more than humans can comprehend in their
raw form, surveillance often leads to processing and exploitation through
algorithms or other search methods that can query large amounts of collected
data in pursuit of more specific intelligence objectives.2
Traditional state-sponsored surveillance and espionage have been
transformed into high-tech and high-stakes enterprises. Some of the cyber
activity is electronic surveillance for foreign intelligence purposes, mimics
traditional spying, and services a range of what most of us would concede are
legitimate national security objectivesâ€”anticipating terrorist attacks, learning
about the foreign policy plans of adversaries, and gaining advantage in foreign
However, a good deal of the cyber sleuthing involves
economic matters, sometimes extending to include intellectual property theft,
and is undertaken by states or their proxies to secure comparative economic
advantage in trade negotiations, other deals, or for particular companies.4
I. ECONOMIC CYBER ESPIONAGE
Governments and their agents have been exploiting Internet connectivity by
penetrating the electronic networks of foreign companies for nearly a quartercentury.5
Until 2010, companies chose to ignore the problem, more or less.6
Then Google publicly claimed that China had stolen source code and used it to
1 Gerald Oâ€™Hara, Cyber-Espionage: A Growing Threat to the American Economy, 19 COMMLAW
CONSPECTUS: J. COMM. L. & POLâ€™Y 241, 241â€“42 (2010). 2 See Joe Pappalardo, NSA Data Mining: How It Works, POPULAR MECHANICS (Sept. 11, 2013), http://
www.popularmechanics.com/military/a9465/nsa-data-mining-how-it-works-15910146/. 3 Heather Kelly, NSA Chief: Snooping Is Crucial to Fighting Terrorism, CNN (Aug. 1, 2013, 10:35
AM), http://www.cnn.com/2013/07/31/tech/web/nsa-alexander-black-hat/; David E. Sanger, U.S. Cyberattacks
Target ISIS in a New Line of Combat, N.Y. TIMES (Apr. 24, 2016), http://www.nytimes.com/2016/04/25/us/
politics/us-directs-cyberweapons-at-isis-for-first-time.html. 4 See infra notes 5â€“9 and accompanying text. 5 Joel Brenner, The New Industrial Espionage, 10 AM. INT., Winter 2015, at 28, 28â€“29, http://www.theamerican-interest.com/2014/12/10/the-new-industrial-espionage/. 6 Id. at 29.
2017] CYBER ESPIONAGE AND ELECTRONIC SURVEILLANCE 515
spy and to penetrate other companiesâ€™ networks.7
At about the same time,
major economic espionage was carried out against large western oil companies
and traced to a site in China, and another theft lifted security key tokens, which
in turn led to the penetration of other firms, including defense contractors in
the United States.8
In May of 2014, the FBI issued â€œMost Wantedâ€ posters for five Chinese
nationals, members of the Peoplesâ€™ Liberation Army.9
In United States v.
Wang, the five were indicted by a federal grand jury for breaking into
computer systems of American companies and stealing trade secrets for the
benefit of Chinese companies.10 Although there was no chance that the United
States would obtain jurisdiction over the accused so that they could be tried,
the indictments may have been intended to incentivize negotiations with the
Chinese on corporate spying. At first, the Chinese responded by complaining
about U.S. hypocrisy and double standards.11 The Chinese asserted that
American authorities have conducted large-scale, organized cyber-espionage
activities against government officials, companies, and individuals, in China
and many other states.12 The distinction that our government draws between
spying for national security purposes and not spying on companies to give a
competitive edge to oneâ€™s own businesses is not recognized as valid by China,
and they point out that our definition of national security includes obtaining
advantages in trade negotiations and for other international economic purposes,
including enforcing sanctions regimes and detecting bribery.13
Then, in 2015, some seemingly remarkable things happened. Following the
indictment of the Chinese hackers and an executive order promulgated by
President Barack Obama that authorized sanctions against malicious hackers,14
7 Andrew Jacobs & Miguel Helft, Google, Citing Attack, Threatens to Exit China, N.Y. TIMES (Jan. 12,
2010), http://www.nytimes.com/2010/01/13/world/asia/13beijing.html. 8 Nathan Hodge & Adam Entous, Oil Firms Hit by Hackers from China, Report Says, WALL ST. J. (Feb.
10, 2011, 12:01 AM), http://www.wsj.com/articles/SB10001424052748703716904576134661111518864;
Elinor Mills, China Linked to New Breaches Tied to RSA, CNET (June 6, 2011, 4:00 AM), https://www.cnet.
com/news/china-linked-to-new-breaches-tied-to-rsa/. 9 Cyberâ€™s Most Wanted, FBI, https://www.fbi.gov/wanted/cyber (last visited Apr. 25, 2016). 10 Indictment, United States v. Wang, Criminal No. 14-118 (W.D. Pa. May 1, 2014), https://www.justice.
gov/iso/opa/resources/5122014519132358461949.pdf. 11 Jonathan Kaiman, China Reacts Furiously to US Cyber-Espionage Charges, GUARDIAN (May 20,
2014, 8:31 AM), https://www.theguardian.com/world/2014/may/20/china-reacts-furiously-us-cyber-espionagecharges. 12 David E. Sanger, With Spy Charges, U.S. Draws a Line that Few Others Recognize, N.Y. TIMES (May
19, 2014), http://www.nytimes.com/2014/05/20/us/us-treads-fine-line-in-fighting-chinese-espionage.html. 13 Id. 14 Exec. Order No. 13,694, 80 Fed. Reg. 18,077 (Apr. 2, 2015).
516 EMORY LAW JOURNAL [Vol. 66:513
the United States and China reached an agreement on a range of cybersecurity
matters.15 In addition to cooperation on law enforcement matters in
cyberspace, China reversed its prominent policy position and committed not to
engage in commercially-motivated cyber espionage.16 The agreement also
includes implementation and compliance provisions, the violation of which
could lead to sanctions under the Obama administration executive order.17
Although the 2014 indictments had been dismissed as meaningless by
many, the Chinese appear not to have understood their lack of practical
significance and instead viewed them more like sanctions.18 The PLA unit also
may have felt exposed and diminished in its prestige after the indictments.19
Meanwhile, news reports indicate that China began to dismantle its economic
espionage network and started to crack down on PLA hackers who were
moonlighting on the side and selling information to Chinese companies that
was not central to the PLA national security mission.20 A few weeks after the
U.S.â€“China agreement was reached, similar agreements were reached between
China and the United Kingdom and China and Germany.21
Meanwhile, governments are not the only participants in the cybersleuthing. The Islamic State (ISIS) has broadened its recruitment and appeal,
focusing in part on young, tech-savvy persons living far from the battlefields of
Syria and Iraq.22 In October 2015, the United States arrested Kosovar Ardit
Ferizi while he was living in Malaysia and charged him with providing
15 JOHN W. ROLLINS, CONG. RESEARCH SERV., IN10376, U.S.-CHINA CYBER AGREEMENT (2015),
https://www.fas.org/sgp/crs/row/IN10376.pdf. 16 Id. 17 Id. 18 Ellen Nakashima, Following U.S. Indictments, China Shifts Commercial Hacking Away from Military
to Civilian Agency, WASH. POST (Nov. 30, 2015), https://www.washingtonpost.com/world/nationalsecurity/following-us-indictments-chinese-military-scaled-back-hacks-on-american-industry/2015/11/30/fcdb
097a-9450-11e5-b5e4-279b4501e8a6_story.html. 19 Id. 20 Id. 21 Rowena Mason, Xi Jinping State Visit: UK and China Sign Cybersecurity Pact, GUARDIAN (Oct. 21,
2015, 12:13 PM), http://www.theguardian.com/politics/2015/oct/21/uk-china-cybersecurity-pact-xi-jinpingdavid-cameron; Stefan Nicola, China Working to Halt Commercial Cyberwar in Deal with Germany,
BLOOMBERG TECH. (Oct. 29, 2015, 8:31 AM), http://www.bloomberg.com/news/articles/2015-10-29/chinaworking-to-halt-commercial-cyberwar-in-deal-with-germany. 22 Maeghin Alarid, Recruitment and Radicalization: The Role of Social Media and New Technology, in
IMPUNITY: COUNTERING ILLICIT POWER IN WAR AND TRANSITION 313, 322 (Michelle Hughes & Michael
Miklaucic eds., 2016).
2017] CYBER ESPIONAGE AND ELECTRONIC SURVEILLANCE 517
material support to terrorism by hacking a U.S. government database and
stealing personal information on more than 1350 military and civilian
government personnel.23 Ferizi allegedly passed the information to an
operative of ISIS.24
The ISIS Cyber Caliphate hacking unit seized control of U.S. Central
Command Twitter and YouTube feeds early in 2015, using them to post
propaganda videos and personal information on top military officials.25 The
hackers seized more than 54,000 Twitter accounts for the same objectives
again late in 2015.26 Even terrorists who seek visible, kinetic effects from their
attacksâ€”and are thus less likely to engage in malware insertion and other
disruptive, but not destructive, cyber attacksâ€”increasingly rely on digital
protections (encryption) to assure the secrecy of their communications.27 Most
notably, ISIS has demonstrated a sophisticated understanding of methods for
shielding its communications from electronic surveillance by intelligence
agencies. Security companies have described a manual released by an ISIS
operative urging its followers to use fake phone numbers to set up an encrypted
chat system that will shield ISIS communications from intelligence
surveillance and avoid revealing personal information.28
For the most part, international law has been a bystander to this entire
fabric of stealth, deception, and greed. The individual strands of this story are
bound together by a unique set of oppositional forces and compelling needs for
â€¢ The costs of economic cyber espionage are staggeringly high and
will continue to rise unless something is done.29
23 Joe Davidson, ISIS Threatens Feds, Military After Theft of Personal Data, WASH. POST (Jan. 31,
2016), https://www.washingtonpost.com/news/federal-eye/wp/2016/01/31/isis-threatens-feds-military-aftertheft-of-personal-data/. 24 Id. 25 CNN Staff, CENTCOM Twitter Account Hacked, Suspended, CNN POLITICS (Jan. 12, 2015, 5:43 PM),
http://www.cnn.com/2015/01/12/politics/centcom-twitter-hacked-suspended/. 26 Jigmey Bhutia, Isis â€˜Cyber Caliphateâ€™ Hacks More than 54,000 Twitter Accounts, INTâ€™L BUS. TIMES
(Nov. 9, 2015, 9:10 AM), http://www.ibtimes.co.uk/isis-cyber-caliphate-hacks-more-54000-twitter-accounts1527821. 27 Kate Oâ€™Keeffe, American ISIS Recruits Down, but Encryption Is Helping Terroristsâ€™ Online Efforts,
Says FBI Director, WALL ST. J. (May 11, 2016, 8:54 PM), http://www.wsj.com/articles/american-isis-recruitsdown-but-encryption-is-helping-terrorists-online-efforts-says-fbi-director-1463007527?mg=id-wsj. 28 Kim Zetter, Security Manual Reveals the OPSEC Advice ISIS Gives Recruits, WIRED (Nov. 19, 2015,
4:45 PM), http://www.wired.com/2015/11/isis-opsec-encryption-manuals-reveal-terrorist-group-security-protocols/. 29 See infra note 53 and accompanying text.
518 EMORY LAW JOURNAL [Vol. 66:513
â€¢ The Snowden leaks have sewn distrust among citizens and
between allied governments, each doubting the veracity of the
United States and other nationsâ€™ intelligence collection
â€¢ Intelligence collection incidentally but persistently invades
citizensâ€™ liberties in collecting beyond the reasonable needs of
â€¢ Yet continuing terrorist attacks in a wide range of locations
reinforces the need for the most effective means of electronic
surveillance of potential terrorist activities.32
â€¢ Traditional espionage is now scapegoated in ways that harm
allied relationships and impose costs on intelligence collection.
If we do not act to put a stopper in these escalating crises of costs and
confidence soon, the security and integrity of the Internet may be up for grabs.
Not to mention the efficacy of intelligence collection by electronic means.
III. THE LIMITED ROLE OF INTERNATIONAL LAW
Cyberspace remains a netherworld for intelligence activitiesâ€”whatever
surveillance or cyber spying a government does outside its own national
borders is, in most circumstances, an international law free-for-all. Decades of
state practice tell us that surveillance or espionage may be conducted across
borders without violating sovereignty.33 Examples of presumably permissible
behavior include collecting the contents of electronic communications or
metadata about them; watching government computer systems, including
SCADA systems, through cyber penetration; exfiltration of government data,
including military or other national security secrets; and denial of service
penetrations that decrease the bandwidth for government web sites. Disruptive
cyber activities that are not destructive or coercive in some way apparently do
not violate international law. The line between permitted espionage and
unlawful cyber intrusions is far from clear.
30 Alan Travis, Snowden Leak: Governmentsâ€™ Hostile Reaction Fuelled Publicâ€™s Distrust of Spies,
GUARDIAN (June 15, 2015, 11:19 AM), https://www.theguardian.com/world/2015/jun/15/snowden-files-us-ukgovernment-hostile-reaction-distrust-spies. 31 See infra notes 45â€“49 and accompanying text. 32 See Kelly, supra note 3; Sanger, supra note 3. 33 Glenn Sulmasy & John Yoo, Counterintuitive: Intelligence Operations and International Law, 28
MICH. J. INTâ€™L L. 625, 626, 628 (2007).
2017] CYBER ESPIONAGE AND ELECTRONIC SURVEILLANCE 519
One response to the increasing concerns about online theft of intellectual
property and complaints of invasions of privacy has been for more
governments around the world to enact or at least talk about data-localization
laws. Such laws, already in place in authoritarian states such as Russia, China,
and Iran, typically enforce limitations for all citizen data and the infrastructure
that supports it.34 China strictly vets companies selling Internet technology and
services in China.35 Now-democratic states such as Brazil, India, and Germany
are contemplating data-localization. Brazil plans to stop using Microsoft
Outlook for e-mail, and Germany has unhooked from Verizon and signed on
with Deutsche Telekom.36 There is talk among our European allies about
creating a European Internet.37
To what extent does the uniqueness of the cyber domain make cyber
espionage and foreign intelligence surveillance legally distinct? On the one
hand, the fact that no person has to cross a border to accomplish the espionage
or surveillance probably does not matter, legally. Remoteness is just a means
of collection. On the other hand, attribution, knowing who stole your secrets, is
a serious technical problem and makes controlling cyber exploitation more
difficult than keeping tabs on traditional spying. In addition, in the cyber world
distinguishing exploitation from a cyber attack (an intrusion designed to
disrupt or destroy systems or data) can be difficult. The malware that exploits a
computer to retrieve its data may be indistinguishable at first from malware
that will destroy the computer hard drive. Thus, the exploited state may be
hard-pressed deciding how to prepare and respond.
States have historically tolerated traditional espionage because they all do it
and gain from it.38 Domestic laws proscribe spying for those that are caught.
Most espionage disputes are resolved through diplomacy, and in extreme
cases, states send the spies home. In cyber espionage, the status quo favors
34 Anupam Chander & UyÃªn P. LÃª, Data Nationalism, 64 EMORY L.J. 677, 686â€“88, 701â€“02, 735â€“36
(2015). 35 Paul Mozur, New Rules in China Upset Western Tech Companies, N.Y. TIMES (Jan. 28, 2015),
http://www.nytimes.com/2015/01/29/technology/in-china-new-cybersecurity-rules-perturb-western-techcompanies.html?_r=0. 36 Anton Troianovski & Danny Yadron, German Government Ends Verizon Contract, WALL ST. J. (June
26, 2014, 2:54 PM), http://www.wsj.com/articles/german-government-ends-verizon-contract-1403802226; see
also Brazil to Create Its Own Email System After Protesting U.S. Spying, UPI.COM (Oct. 14, 2013, 5:12 PM),
http://www.upi.com/Science_News/Technology/2013/10/14/Brazil-to-create-its-own-email-system-afterprotesting-US-spying/69911381785172/. 37 Sam Ball, Plans to Stop US Spying with European Internet, FRANCE 24, http://www.france24.com/en/
20140217-european-internet-plans-nsa-spying (last updated Feb. 18, 2014). 38 See Sulmasy & Yoo, supra note 33, at 626â€“29.
520 EMORY LAW JOURNAL [Vol. 66:513
sophisticated countries with the finances and technological capabilities to
extract the intelligence. But the status quo is changing rapidly. Cyberspace
reduces the power differentials among actors. Powerful states have more cyber
resources but also more government and private-sector vulnerabilities. The
advantage increasingly lies with state-sponsored and non-state hackersâ€”the
offense, not the defenseâ€”and the costs of cyber exploitation of security and
proprietary data are forcing states to look for ways to curb the espionage.
To date, efforts to anchor the law of cyber espionage or foreign-intelligence
surveillance in international law have developed in three mostly nascent
directions. One potential pathway is the conventional and customary norm of
nonintervention, a corollary to state sovereignty. The principle of
nonintervention is reflected in Article 2(4) of the U.N. Charter and its
prohibition of â€œthe threat or use of force against the territorial integrity or
political independence of any state.â€39 In theory at least, nonintervention is
broader than use of force and the Charter. As the International Court of Justice
stated in Nicaragua v. United States,
40 wrongful intervention involves
â€œmethods of coercion,â€41 and the United States engaged in wrongful
intervention even though it did not use force in Nicaragua. Should
nonintervention take on new meaning in the twenty-first century based on the
expanding cornucopia of technical means for crossing sovereign borders
without human intervention? Apart from the technical means, does the
contemporary use of state-supported espionage to steal trade secrets and
intellectual property constitute intervention? Is a breach of the norm measured
by the impact of the intervention, whether virtual or physical? Certainly cyber
surveillance or espionage targeting government activities interferes with the
internal affairs of the victim state.
However, the legislative history of the Charter and later commentary
confirm that â€œforceâ€ in Article 2(4) does not include economic or political
pressure.42 Thus, under the Charter, espionage does not constitute an
internationally wrongful act triggering state responsibility under international
law. (If a state is responsible for an unlawful act, the victim state is entitled to
reparation, and a state may take any responsive actions that neither amount to a
39 U.N. Charter art. 2, Â¶ 4.
40 Military and Paramilitary Activities in and Against Nicaragua (Nicar. v. U.S.), Judgment, 1986 I.C.J.
Rep. 14 (June 27). 41 Id. at Â¶ 205. 42 Matthew C. Waxman, Cyber-Attacks and the Use of Force: Back to the Future of Article 2(4), 36
YALE J. INTâ€™L L. 421, 422 (2011).
2017] CYBER ESPIONAGE AND ELECTRONIC SURVEILLANCE 521
use of force nor breach a treaty or customary law obligation. Or it may take
countermeasures.)43 Cyber exploitation directed at financial targets, for
example, could cause economic loss, panic in the streets, and a loss of public
confidence in the state. Yet if there is no physical damage or loss of life, the
Charter suggests that the norm of nonintervention has not been violated.
Some scholars have argued in the alternative that cyber espionage is a
lawful precursor to a stateâ€™s exercise of its U.N. Charter Article 51 self-defense
rights.44 Preparing for and anticipating an armed attack is critically important
in the modern world, the argument goes. If not affirmatively allowed as an
adjunct to Article 51, others maintain that espionage has been recognized by
widespread state practice and thus is supported by a norm of customary
From the human rights perspective, electronic surveillance could be seen to
violate the International Covenant on Civil and Political Rights (ICCPR),
Article 17(1), which protects against â€œarbitrary or unlawful interference
with . . . privacy.â€45 The reach and application of the ICCPR and a similar
provision in the European Convention on Human Rights46 (ECHR) outside any
stateâ€™s territory are unsettled, although there is support for the view that the
protection extends to foreign nationals outside the territory of the state party in
the context of electronic surveillance or cyber intrusions. The U.N. Special
Rapporteur wrote that Article 17 protects against â€œmass surveillance of the
Internet,â€ and that bulk surveillance must be justified following a
proportionality analysis that accounts for â€œsystematic interference with the
Internet privacy rights of a potentially unlimited number of innocent people
located in any part of the world.â€47 The Rapporteur finds bulk collection
â€œindiscriminately corrosive of online privacyâ€ and threatening to the core of
Article 17 privacy.48 (Jurisdictional issues cloud whether any court or treaty
body would apply human rights law to surveillance or cyber spying.) Cases are
43 Michael N. Schmitt, â€œBelow the Thresholdâ€ Cyber Operations: The Countermeasures Response
Option and International Law, 54 VA. J. INTâ€™L L. 697, 703 (2014). 44 Ashley Deeks, An International Legal Framework for Surveillance, 55 VA. J. INTâ€™L L. 291, 302
(2015); see also U.N. Charter art. 51 (â€œNothing in the present Charter shall impair the inherent right of
individual or collective self-defense . . . .â€). 45 International Covenant on Civil and Political Rights art. 17, Â¶ 1, Dec. 19, 1966, 999 U.N.T.S. 171.
46 Convention for the Protection of Human Rights and Fundamental Freedoms art. 8, Nov. 4,
1950, 213 U.N.T.S. 221. 47 U.N. Secretary-General, Report of the Special Rapporteur on the Promotion and Protection of Human
Rights and Fundamental Freedoms While Countering Terrorism, Â¶ 59, U.N. Doc. A/69/397 (Sept. 23, 2014). 48 Id.
522 EMORY LAW JOURNAL [Vol. 66:513
pending now in the European Court of Human Rights alleging privacy
violations due to the U.K. Government Communications Headquartersâ€™s
cooperation with the National Security Agency in collecting upstream contents
and bulk data.49
An unusual alignment of interests between some powerful governments
(victims of cyber exploitation and overbroad surveillance), ordinary citizens,
and major corporations and their clients present what may be a propitious time
for forging new international law in these areas. Governments, citizens, and
influential opinion makers learned a great deal about foreign intelligence
surveillance from the Snowden leaks. And the governments most affected by
the Snowden leaks are some of the same ones most victimized by cyber
espionage of one sort or another.
The United States has already begun to limit their surveillance activities in
response to political pressure, not least from the heads of state whose
conversations were recorded.50 Meanwhile, litigation in European and U.S.
courts and a resolution by the U.N. General Assembly addressing the right of
privacy in the digital era51 sow the seeds of a rights-based reorientation of
international law. Perhaps most important, the economic impacts of cyber
espionage and foreign surveillance are considerable. On the surveillance side
of things, Internet service providers and social media companies in the United
States are losing contracts and clients in many places, and the data-localization
laws and other steps taken by some states to insulate â€œtheirâ€ piece of the
Internet threaten to further constrain the global economy.52 As for cyber
49 See, e.g., Applicantâ€™s Reply, 10 Human Rights Orgs. v. United Kingdom, App. No. 24960/15 (2016),
https://www.documentcloud.org/documents/3115985-APPLICANTS-REPLY-to-GOVT-OBSERVATIONSPDF.html; Ryan Gallagher, Europeâ€™s Top Human Rights Court Will Consider Legality of Surveillance
Exposed by Edward Snowden, INTERCEPT (Oct. 3, 2016), https://theintercept.com/2016/09/30/echr-nsa-gchqsnowden-surveillance-privacy/. 50 Presidential Policy Directive PPD-28: Directive on Signals Intelligence Activities, 2014 DAILY COMP.
PRES. DOC. 31 (Jan. 17, 2014); REVIEW GROUP ON INTELLIGENCE AND COMMCâ€™NS TECHS., LIBERTY AND
SECURITY IN A CHANGING WORLD: REPORT AND RECOMMENDATIONS OF THE PRESIDENTâ€™S REVIEW GROUP ON
INTELLIGENCE AND COMMUNICATIONS TECHNOLOGIES 20 (2013), https://www.whitehouse.gov/sites/default/
files/docs/2013-12-12_rg_final_report.pdf (suggesting steps to place certain allied leadersâ€™ private
communications off-limits for the NSA). 51 Human Rights Council, Rep. of the Office of the U.N. High Commâ€™r for Human Rights, The Right to
Privacy in the Digital Age, U.N. Doc. A/HRC/27/37 (June 30, 2014). 52 Claire Cain Miller, Revelations of N.S.A. Spying Cost U.S. Tech Companies, N.Y. TIMES, (Mar. 21,
2017] CYBER ESPIONAGE AND ELECTRONIC SURVEILLANCE 523
espionage, the estimated $300â€“600 billion annual price tag53 is illustrative of
the costs imposed by theft of IP and trade secrets, along with other valuable
government and private sector information.
States could agree to distinguish national-security espionage from all other
forms, and tolerate only the former. After all, keeping a nation safe is a high
and noble objective, and intelligence can directly serve that end. The trick is to
thoughtfully limit that power to collect intelligence only where it is necessary
to safeguard national-security interests, and then to be sure that the intelligence
function is subject to effective oversight. All other forms of espionage could be
treated as theft, and rules forbidding that activity could be enforced in the
private, commercial realm. It remains difficult in some instances to distinguish
national-security espionage from other spying. Developing customary
international law is a slow, lengthy process, but it could begin in just this way.
If a sufficient number of other states sign on, new international norms may be
made. A similar process could lead to developing international law on
surveillance, perhaps starting with agreements among the Five Eyesâ€”the
English speaking democracies.
Similarly, states could agree that international law forbids spying by a state
for the direct benefit of a private company. Governments can and have at times
established rules of the road for limiting espionage and created incentives for
cooperation. The 2015 U.S.â€“China agreement is exemplary.54 The new
approaches are necessary because the model response to conventional
espionageâ€”arrest their spies, expel diplomats, and the likeâ€”does not work
when the cyber theft is accomplished remotely by unnamed agents. Trade
sanctions, tariffs, and diplomatic pressures are often effective tools.
Another method of influencing international law could be to adapt domestic
laws to international law. Domestic regulation of cyber espionage in the United
States has been provided by the Economic Espionage Act (EEA), which
proscribes the possession, collection, duplication, transfer, or sale of trade
secrets for the benefit of a foreign nation or any of its agents.55 The Justice
Department is expressly given extraterritorial enforcement authority.56
53 Ellen Nakashima & Andrea Peterson, Report: Cybercrime and Espionage Costs $445 Billion Annually,
WASH. POST (June 9, 2014), https://www.washingtonpost.com/world/national-security/report-cybercrime-andespionage-costs-445-billion-annually/2014/06/08/8995291c-ecce-11e3-9f5c-9075d5508f0a_story.html (CSIS
places the figure at $375â€“$575 billion). 54 See supra notes 15â€“21 and accompanying text. 55 18 U.S.C. Â§ 1831 (2012).
56 18 U.S.C. Â§ 1836 (2012).
524 EMORY LAW JOURNAL [Vol. 66:513
Amendments to the EEA in 2012 and 2013 increased the criminal penalties
and the breadth of coverage for stealing trade secrets to benefit a foreign
government.57 New amendments have been recommended that would provide
a private right of action for those who hold trade secrets that have been subject
to theft.58 In addition, the Computer Fraud and Abuse Act (CFAA) prohibits
intentionally causing damage through a computer code or program to any
computer connected to the Internet.59 Although not written with espionage in
mind, the CFAA could be used to counter cyber exploitation. These domestic
laws could provide foundational concepts for developing international
agreements and, eventually, international law.
The benefits of augmenting international law with domestically grown
mechanisms are numerous, but ultimately, customary international law needs
an international platform. For example, in the intellectual property realm,
customary international law could incorporate intellectual property theft
proscriptions from the World Trade Organization (WTO) and the related Trade
Related Aspects of Intellectual Property Rights agreement.60 An advantage is
the use of a respected international forum, where nations such as China could
also seek relief from cyber exploitation (by the United States). A drawback is
that WTO agreements presently require meeting obligations only within the
memberâ€™s territory.61 The structure of the agreements could be changed, if they
could figure out how to prove responsibility for a stateâ€™s actions outside its
In an effort to distinguish espionage while applying domestic legal
structures, states could determine that disruptive cyber actions should be
treated differently than espionage. Such agreements could be grafted onto the
Cybercrime Convention.62 The Cybercrime Convention commits states to enact
domestic laws criminalizing cyber theft.63 Of course, the Cybercrime
Convention could be amended to make unlawful espionage that steals trade
secrets or other proprietary information for the benefit of domestic firms. The
domestic laws required by the Convention are largely ineffective against state57 Id.
58 Dennis Crouch, Defend Trade Secret Act Moving Forward, PATENTLY-O (Apr. 5, 2016),
http://patentlyo.com/patent/2016/04/secret-moving-forward.html. 59 18 U.S.C. Â§ 1030 (2012).
60 Agreement on Trade-Related Aspects of Intellectual Property Rights, Apr. 15, 1994, 1869 U.N.T.S.
299. 61 See, e.g., id. art. 1, Â¶ 1. 62 Convention on Cybercrime, Nov. 23, 2001, 2296 U.N.T.S. 167.
63 Id. art. 2.
2017] CYBER ESPIONAGE AND ELECTRONIC SURVEILLANCE 525
sponsored theft because of the difficulties of obtaining jurisdiction of accused
cyber criminals and because of diplomatic immunities. The domestic laws are
difficult to enforce anyway because of attribution problems. There are no
enforceable international law violations recognized by the treaty. As it now
stands, the Cybercrime Convention includes no universal definition of
cybercrime, for example.64 Does cybercrime include theft for espionage
purposes? The Convention has demonstrated that problems of cyber espionage
cannot be addressed as a traditional crime problem because a large portion of
what is criminal is state-tolerated or state-supported. Nor are Mutual Legal
Assistance Treaties useful where the crimes are politically motivated and state
Furthermore, distinguishing between cyber espionage and disruptive cyber
activity could encourage states to come to agreements upon some off-limits
parts of cyber. For example, agreements not to disrupt nuclear installations or
other critical infrastructure would be beneficial to all sides. Abolishing spying
on these systems goes hand in hand with limiting disruption. Once the
infrastructure is off-limits for attack, there is no legitimate reason to illicitly
obtain information about that system.
The confluence of interests between victims of overbroad surveillance and
cyber espionage presents an opportunity to begin developing new norms and
eventual international law that could bring more rationality, predictability, and
privacy protections to the cyber domain. The costs of cyber espionage are real,
and the threats and vulnerabilities will increase with the progression of
technology. Companies and governments are underprepared for the level of
cyber espionage they are facing. Solutions vary, but they all share the common
foundation of increased international cooperation and the development of a
customary international legal framework that everyone understands.
Meanwhile, blowback from the Snowden leaks has generated sufficient
political pressure to cause some changes to surveillance authorities. As those
reforms develop and privacy claims are litigated in international fora and
European courts, it is likely that new international law will emerge, too,
perhaps in tandem with reforms to the limits on cyber espionage.
64 Id. art. 1.
Reproduced with permission of the copyright owner. Further reproduction prohibited without
Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?
Whichever your reason is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.
Students barely have time to read. We got you! Have your literature essay or book review written without having the hassle of reading the book. You can get your literature paper custom-written for you by our literature specialists.
Do you struggle with finance? No need to torture yourself if finance is not your cup of tea. You can order your finance paper from our academic writing service and get 100% original work from competent finance experts.
While psychology may be an interesting subject, you may lack sufficient time to handle your assignments. Don’t despair; by using our academic writing service, you can be assured of perfect grades. Moreover, your grades will be consistent.
Engineering is quite a demanding subject. Students face a lot of pressure and barely have enough time to do what they love to do. Our academic writing service got you covered! Our engineering specialists follow the paper instructions and ensure timely delivery of the paper.
In the nursing course, you may have difficulties with literature reviews, annotated bibliographies, critical essays, and other assignments. Our nursing assignment writers will offer you professional nursing paper help at low prices.
Truth be told, sociology papers can be quite exhausting. Our academic writing service relieves you of fatigue, pressure, and stress. You can relax and have peace of mind as our academic writers handle your sociology assignment.
We take pride in having some of the best business writers in the industry. Our business writers have a lot of experience in the field. They are reliable, and you can be assured of a high-grade paper. They are able to handle business papers of any subject, length, deadline, and difficulty!
We boast of having some of the most experienced statistics experts in the industry. Our statistics experts have diverse skills, expertise, and knowledge to handle any kind of assignment. They have access to all kinds of software to get your assignment done.
Writing a law essay may prove to be an insurmountable obstacle, especially when you need to know the peculiarities of the legislative framework. Take advantage of our top-notch law specialists and get superb grades and 100% satisfaction.
We have highlighted some of the most popular subjects we handle above. Those are just a tip of the iceberg. We deal in all academic disciplines since our writers are as diverse. They have been drawn from across all disciplines, and orders are assigned to those writers believed to be the best in the field. In a nutshell, there is no task we cannot handle; all you need to do is place your order with us. As long as your instructions are clear, just trust we shall deliver irrespective of the discipline.
Our essay writers are graduates with bachelor's, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college degree. All our academic writers have a minimum of two years of academic writing. We have a stringent recruitment process to ensure that we get only the most competent essay writers in the industry. We also ensure that the writers are handsomely compensated for their value. The majority of our writers are native English speakers. As such, the fluency of language and grammar is impeccable.
There is a very low likelihood that you won’t like the paper.
Not at all. All papers are written from scratch. There is no way your tutor or instructor will realize that you did not write the paper yourself. In fact, we recommend using our assignment help services for consistent results.
We check all papers for plagiarism before we submit them. We use powerful plagiarism checking software such as SafeAssign, LopesWrite, and Turnitin. We also upload the plagiarism report so that you can review it. We understand that plagiarism is academic suicide. We would not take the risk of submitting plagiarized work and jeopardize your academic journey. Furthermore, we do not sell or use prewritten papers, and each paper is written from scratch.
You determine when you get the paper by setting the deadline when placing the order. All papers are delivered within the deadline. We are well aware that we operate in a time-sensitive industry. As such, we have laid out strategies to ensure that the client receives the paper on time and they never miss the deadline. We understand that papers that are submitted late have some points deducted. We do not want you to miss any points due to late submission. We work on beating deadlines by huge margins in order to ensure that you have ample time to review the paper before you submit it.
We have a privacy and confidentiality policy that guides our work. We NEVER share any customer information with third parties. Noone will ever know that you used our assignment help services. It’s only between you and us. We are bound by our policies to protect the customer’s identity and information. All your information, such as your names, phone number, email, order information, and so on, are protected. We have robust security systems that ensure that your data is protected. Hacking our systems is close to impossible, and it has never happened.
You fill all the paper instructions in the order form. Make sure you include all the helpful materials so that our academic writers can deliver the perfect paper. It will also help to eliminate unnecessary revisions.
Proceed to pay for the paper so that it can be assigned to one of our expert academic writers. The paper subject is matched with the writer’s area of specialization.
You communicate with the writer and know about the progress of the paper. The client can ask the writer for drafts of the paper. The client can upload extra material and include additional instructions from the lecturer. Receive a paper.
The paper is sent to your email and uploaded to your personal account. You also get a plagiarism report attached to your paper.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more