Methodology of identifying customary international law applicable to cyber activities

Abstract

What is striking about recent scholarship on the application of customary international law to cyber activities is how little has been dedicated to the preliminary question of how one identifies the applicability of existing rules of customary international law to cyber operations. Yet, the answer to this preliminary question holds the key to answering many of the questions which arise regarding whether existing rules of customary international law apply to cyber activities. This article seeks to answer the preliminary question. After providing background on the nature of customary international law, and in light of recent scholarly trends and what is often implied in literature on cyber activities, it makes the argument that rules of customary international law are not interpretable. Accordingly, reference must be made to state practice accepted as law for the purpose of identifying applicable customary international law; the article provides guidance on how this should be done. For a precedent of state practice to be relevant to determining the existence of a customary rule applicable to a cyber activity, pursuant to the International Court’s jurisprudence, the precedent must not have significant distinguishing features from the cyber activity concerned. For determining whether a precedent of opinio juris recognizes the existence of a customary rule applicable to the cyber activity, it is necessary to determine whether the relevant state pronouncement intended to accept as law a rule applicable thereto. In anticipation of objections, the article also addresses the practicability of the approach laid out.