you come into my house and ask me to do a philosophy? ok! let’s throw down!
an important note for the unlucky reader
so what’s happening is i’m drafting a paper on these issues, and of course when you write a paper you try to be a serious person. you add citations, you say things formally, you don’t insult anyone, you follow a cohesive structure.
what often ends up happening is, in order to overcome my perennial writers block, i’ll just write based on vibes. i’ll jot down my thoughts. then on that basis, i’ll draft the paper’s structure, and go through everything again adding the sources (that originated my vibes) and more.
this is not the paper that results from that process. this is that process. i’m not even sure i endorse the entirety of its content. still, we roll.
v.0
[working title] is the ground too safe? a reflection on cyberspace outside the territorial nexus
Why would you want to think outside the box?
The box is steel, and locked, and buried deeply underground.
It’s so safe here. Why would you want to leave?
For hundreds of years, international law has been regulating stuff based on physical territory. Not exclusively, of course; but territory was always there to anchor us. Think of the sea – undoubtedly a physical, geographical reality – and how we struggled with the fact that, beyond a cannon’s throw, we could not claim ownership of it. Westphalia-pilled, each and every one of us, smh.
Now that we’re regulating spaces that are not really territorial, it’s gotten even worse. We only think in terms of “traditional” territory. We call cyberspace “cyber- space”, yet we refuse to consider it as such, until and unless we are actually using it, that is. Where are your files? Where are your backups? Do you know? Can you name the country? Of course you can’t. Is there even one country?
I would argue the ground is a bad habit we’re struggling to break from. Our current application of ILaw principles on a territorial basis is a patchwork approach that will leave ample room for exploitation.
There is, of course, a reason for this. The idea of considering cyberspace as a different kind of territory is typically put forward by other, non-Western jurisdictions, which see in it their chance to get one on the old colonisers. A shot at finally regulating not just something but somewhere; a seat at the territory regulation table. Thus the West opposes this: cyberspace is not a territory, we say (until we need to conduct warfare on it: it then becomes a domain of operations, alongside the other, territorial, ones).
Of course, there are real risks too. If we were to admit cyberspace to the territory club, then its regulation would not at all be obvious, at least until opinio juris and practice make it so. And then we could kiss our precious assets goodbye. Other legal traditions are very keen on relativising some things we would like to remain absolute – human rights, privacy, etc. Regulating cyberspace anew would empower them and lead to a situation potentially worse than the current one. Thus, our trade-off: we accept a terrible, nonsensical state of cyberspace regulation, in order to prevent a worse one from coming into being.
Cyberspace is somewhere and nowhere and everywhere. Which one we choose to use as a basis for its regulation follows an ideological fault line: if cyberspace is anchored to the ground, then nothing needs to change, and we can go on with our increasingly online lives, haphazardly chasing legal issues as they arise.
Except, there is a subtle but fundamental inconsistency in the “Western” position that IL should apply directly to cyberspace-as-not-territory, because that implies a fragmentation we profess to dislike. So which is it? Is cyberspace a new territory, a global commons that should not be fragmented and appropriated by states? Or is it not a new territory, to be regulated simply on the basis of territorial links with the physical location of infrastructural nodes?
Our current setup (barely) works. As humanity’s personal and economic life moves more and more online, the tension between these two might reach a breaking point, where your average user (your average citizen), extrapolating from their lived experience, reaches a conclusion that cyberspace is a territory. And the West will have lost control of the narrative. Good luck with that.
v.1
“Non-Territorial” Spaces in International Law – 2023/24 – Prof. Gasbarri
Thinking outside the box buried underground:
a reflection on the territorial nexus in cyberspace regulation.
1. A lay of the land.
Why would you want to think outside the box?
The box is steel, and locked, and buried deeply underground.
It’s so safe here. Why would you want to leave?
Welcome to Night Vale, ep. 118.
There has never been the need for an international legal framework divorced from physical territory. Although the territorial nexus is far from the only jurisdictional basis[1], it was always available, not only as a reliable, time-honoured option, but also as the conceptual ground (pun half-intended) for the existence of the international system as we know it. Although perhaps overplayed[2], the Westphalian heritage establishes sovereignty over territory as the constitutive pillar of statehood[3], which in turn is the constitutive pillar of the international order[4].
Then cyberspace came along. The conventional wisdom goes that the techno utopian phase[5] lasted exactly as long as it took for the world to realise there was money to be made online[6], whence early innovators established what would become today’s big tech empires and the world’s regulators started to take notice. Just like many of those companies were not really founded in garages[7], this is only part of the Internet’s story – State involvement was key in the creation of the Internet[8], of the infrastructure it would run on[9], and in the funding of the colossal private enterprises which would both capitalise on and shape cyberspace[10].
As of today, there is no shortage of statistics supporting the common perception that the Internet, alongside other aspects of cyberspace that are not acknowledged as clearly, is a key force in the social, political and economic life of much of the developed world[11], with other areas playing catch-up[12].
International Law is playing catch-up as well. As a consequence of that Westphalian order, enforcement of International Law is almost exclusively territorial, upholding State’s sovereignty through the principle of non-intervention[13]. Thus, any reflections concerning International Law in cyberspace focus on the jurisdiction to prescribe and to adjudicate. Such developments are based on the assumption that International Law is directly applicable to cyberspace, on the basis of a fictio juris that connects the physical world to the virtual one[14] on the basis of the physical position of cyber infrastructure in a State’s territory.
2. A qualitatively different type of space.
I find it interesting that we only seem to be able to think about territory in traditional terms, as characterised by physical dimensions. We call cyberspace “cyber- space”, yet, by determining jurisdiction on a territorial basis, we refuse to consider it as such. This contrasts with State interpretation of whether cyberspace constitutes a “space” in and of itself in practice[15], at least in Western doctrine[16].
I argue that cyberspace has enough emergent properties to warrant its conceptualisation as a different kind of space, beyond the position of its physical infrastructure. Traditional arguments in favour of a functional jurisdictional nexus highlight the difficulty in establishing a link between physical infrastructure and logical connections, and the legal uncertainty around the status of infrastructure located in spaces outside national jurisdiction[17]. Perhaps as a provocation, I suggest we go further; take the “space” part of “cyberspace” seriously; and entertain the possibility of territorial jurisdiction rooted in cyberspace as a territory.
It requires a rethinking of the meaning of territory as a fabric of affordances that can be acted upon. It forsakes some of the assumptions inherent in physical territories (the fact that a constant and limited amount exists to split) – on a cosmic scale, that, too, is a false assumption. Space is already a human construct, and territory doubly so. This may sound like a pointlessly abstract digression. It is rather an attempt to break the concept of territory free of the three-dimensional linkage it has always been underpinned by. I argue it must not be so. But we have never before been in a position where we had any reason to subtract physical spatiality from our idea of territory. Space[18] may not be conventionally measurable or mapped to traditional sovereignty areas, but the task of extending sovereignty to it is still aided by the very real possibility of placing physical objects in measurable positions inside it.
Yet, territory aside from our own three dimensions is not unthinkable. In such a setup, the physical position of cyber infrastructure would not be rendered irrelevant, but rather considered as only one constitutive element of positionality in cyberspace. Every asset in cyberspace – from economic activity to political action, from currency to identity, is backed not by space, but by information. The fabric of traditional territory is time and space. The fabric of cyberspace is time and information.
This may sound like gibberish, and perhaps it is. But I argue that this, rather than the aforementioned fictio juris, this corresponds not only to the reality of the structure of cyberspace, but also how we as users experience it. Where are your files? Where are your backups? Do you know? Can you name the country? Of course you can’t. Is there even one country? What does positionality mean when it is not univocal?
I would argue the ground is a bad habit we’re struggling to break from. Concerning enforcement jurisdiction, our current application of International Law principles on a conventional territorial basis is a patchwork approach that leaves ample room for exploitation. The approach considered in this paragraph would allow enforcement jurisdiction to both respect territorial jurisdiction, as redefined, and be effective. As for jurisdiction to prescribe and adjudicate, their development would benefit from this approach too. A more cohesive understanding of cyberspace as a space to regulate would improve the coherence of its regulation.
3. This is why we can’t have nice things that make sense
Aside from the perhaps unnecessarily philosophical tones of my argument above, I hope my point will seem, if not self-evident, at least plausible. Why, then, is it so far from the mainstream regulatory doctrine that it is often not considered at all? Indeed, the idea of considering cyberspace as a different kind of territory is typically put forward by other, non-Western jurisdictions[19], which perhaps see in it their chance to get one on the old colonisers. A shot at finally regulating not just something but somewhere; a seat at the table in defining not only their position within an established order, but the order itself.
Thus, a certain argument goes, the West opposes this out of an instinct, more than a conscious policy choice, to defend its legacy: cyberspace is not a territory, we say (until we need to conduct warfare on it: it then becomes a domain of operations, alongside the other, territorial, ones). We are power-hungry hypocrites.
Cyberspace is indeed somewhere and nowhere and everywhere. Which one we choose to use as a basis for its regulation follows an ideological fault line: if cyberspace is anchored to the ground, then nothing needs to change, and we can go on with our increasingly online lives, haphazardly chasing legal issues as they arise.
Of course, the above is a partial and biased view. Regulating cyberspace ex novo implies real risks, too. Other legal traditions are very keen on relativising some things we would like to enshrine as absolute, such as human rights and privacy. Most international fora for political regulation of cyberspace would empower them – after all, China and Russia have permanent veto power in the UNSC and every country has a vote in the UNGA. The idea that treating cyberspace as a new territory in the current international political landscape may lead to a further deterioration of the situation is not unfounded.
In addition, if we were to admit cyberspace to the territory club, then for a while its regulation would not at all be obvious, at least until opinio juris and practice were to make it so. The term online piracy in such a set of circumstances would imply something much deeper than it does now (to say nothing of the corsairs…). The maritime simile is not random. Before Space came along, the sea – undoubtedly a physical, geographical reality – took the cake as the hardest kind of territory to regulate, all because, beyond a cannon’s throw, we could not claim ownership of it. We are never beating the Westphalian allegations!
So, at least in theory, here is our trade-off: we accept a terrible, ineffective and nonsensical state of cyberspace regulation, in order to prevent a worse one from coming into being.
4. Regulation is dead, long live (technical) regulation
“There is no standards police”
– Everyone at IETF (see Nottingham, 2023)
Politics and personal views aside, the traditionally Western position that IL should apply directly to cyberspace-as-not-territory on the basis of a territorial nexus with infrastructure is viable (while, I maintain, not optimal). In this scenario, given there is no need for ex novo regulation, the keys to the kingdom are left in the hands of engineers, who are often unaware this shift in regulatory power has taken place[20].
Except, there is a subtle but fundamental inconsistency in the “Western” position that IL should apply directly to cyberspace-as-not-territory, because that implies a fragmentation we profess to dislike. So which is it? Is cyberspace a new territory, a global commons that should not be fragmented and appropriated by states? Or is it not a new territory, to be regulated simply on the basis of territorial links with the physical location of infrastructural nodes?
4. Conclusion
“Imagine the possibilities!”
Official slides on ISITE, an information sharing scheme between US intelligence and law enforcement agencies enabled by Amazon Web Services (see Amoore, 2016).
After all, it appears clear we don’t know what territory is. By this I mean: if we had a single, universally agreed upon definition of what territory is, it would be very easy to go through the characteristics of cyberspace and see if it fits within that definition, or, conversely, if, based on that definition, cyberspace is merely an aspect, a flourish, of other territories.
There’s a lot of fictio juris in positionality anyways. But a person could not be somewhere and somewhere else at any given time. Information can be. Where are people when online? Where their physical body is, or where their servers are? Is a cyberattack located in the country of citizenship of the person conducting it, in the country where the person is located, in the country where the program is hosted, in the countries it transits through before landing, or in the countries of destination?
In the same way that we describe an incident as having happened in the airspace of a country, it could be said that it happened in the cyberspace of a country. Unfortunately, we are not free to explore whether this possibility would be better or worse for cyberspace regulation, because such wording would be an expression not only of a territorialisation of cyberspace, but of its fragmentation, too; a point that the Western world, or at least its private actors, ostensibly wants to
Regardless of the unconvincing adoption rates and use cases around the Metaverse[21], I don’t think Zuckerberg was wrong in principle, merely in execution. Silicon Valley has a track record of “creating the torment nexus”[22]… Facebook wouldn’t have pivoted for millions’ worth of its stock price, and Apple wouldn’t have launched a new product line (Apple Vision), without solid market and tech research. Big tech will make it happen; they just need to figure out how – be it through the Metaverse, smart cities, or the Internet of Things.
Our current regulatory setup for the Internet (barely) works. It is important that cyberspace does not become the new Wild West, but the refusal to engage with cyberspace regulation at a political level leads to the decisions being made at a technical one. And as humanity’s personal and economic life moves more and more online, the tension between these two might reach a breaking point.
And the risks are real, as the recent TikTok saga in the US demonstrates. When young people were mobilised into political action (contacting their congressional representatives) to affect the regulation of a platform affiliated with an “adversary”[23], this further convinced politicians of the potential of the platform for political influence by a “hostile” party[24]. Regardless of where servers and corporate governance “place” TikTok, its young US user base definitely does not believe they are spending their online time in China.
When your average user (your average citizen), extrapolating from their lived experience, reaches a conclusion that cyberspace needs specific regulation that recognises its emergent existence beyond cables, servers and chips, they will only find support in the doctrines of countries outside the West. If this doesn’t change, we risk that popular support shifts to doctrines we oppose, not just for power politics, but because of their more relaxed opinions around such issues as privacy and human rights.
Bibliography
Amoore, Louise. “Cloud geographies: Computing, data, sovereignty.” Progress in Human Geography 42, no. 1 (2018): 4-24.
Barlow, John Perry. “A Declaration of the Independence of Cyberspace.” Electronic Frontier Foundation, 1996. https://www.eff.org/cyberspace-independence.
Blechman, Alex. “Sci-Fi Author: In My Book I Invented the Torment Nexus as a Cautionary Tale. tech Company: At Long Last, We Have Created the Torment Nexus from Classic Sci-Fi Novel Don’t Create The Torment Nexus.” Twitter, November 8, 2021. https://twitter.com/AlexBlechman/status/1457842724128833538.
Campbell-Dollaghan, Kelsey. “How Silicon Valley Invented the Myth of the Startup Garage.” FastCompany, November 27, 2018. https://www.fastcompany.com/90270226/the-origins-of-silicon-valleys-garage-myth.
Cinelli, Claudia. La disciplina degli spazi internazionali e le sfide poste dal progresso tecnico-scientifico. G. Giappichelli Editore, 2020.
Croxton, Derek. “The Peace of Westphalia of 1648 and the Origins of Sovereignty.” The international history review 21, no. 3 (1999): 569-591.
Delerue, François. Cyber operations and international law. Vol. 146. Cambridge University Press, 2020.
Flake, Lincoln. “Russia and Information Warfare: a Whole-of-Society Approach.” Lithuanian Annual Strategic Review 18, no. 1 (2020): 163-175.
Gibbs, Samuel. “Steve Wozniak: Apple Starting in a Garage Is a Myth.” The Guardian, December 5, 2014. https://www.theguardian.com/technology/2014/dec/05/steve-wozniak-apple-starting-in-a-garage-is-a-myth.
Goanta, Catalina, Alfa Yohanis, Vikas Jaiman, and Visara Urovi. “Web monetisation.” Internet Policy Review 11, no. 1 (2022): 1-8.
Graham, Mark, and William H. Dutton, eds. Society and the internet: How networks of information and communication are changing our lives. Oxford University Press, 2019.
Johnson, David R., and David Post. “Law and borders: The rise of law in cyberspace.” Stanford law review (1996): 1367-1402.
Kleijssen, Jan, and Pierluigi Perri. “Cybercrime, evidence and territoriality: Issues and options.” Netherlands Yearbook of International Law 2016: The Changing Nature of Territoriality in International Law (2017): 147-173.
Kornbluh, Karen. “The End of Techno-Utopianism.” GMFUS, September 13, 2019. https://www.gmfus.org/news/end-techno-utopianism.
Leiner, Barry M., Vinton G. Cerf, David D. Clark, Robert E. Kahn, Leonard Kleinrock, Daniel C. Lynch, Jon Postel, Larry G. Roberts, and Stephen Wolff. “A brief history of the Internet.” ACM SIGCOMM computer communication review 39, no. 5 (2009): 22-31.
Lin, Herbert, and Amy Zegart, eds. Bytes, bombs, and spies: The strategic dimensions of offensive cyber operations. Brookings Institution Press, 2019.
Moynihan, Harriet. “The application of international law to state cyberattacks.” Sovereignty and Non–Intervention, Chatham House, London (2019).
Nottingham, Mark. “There Are No Standards Police.” Mark Nottingham, 2023. https://www.mnot.net/blog/2024/03/13/voluntary.
Osiander, Andreas. “Sovereignty, international relations, and the Westphalian myth.” International organization 55, no. 2 (2001): 251-287.
Schia, Niels Nagelhus. “The Cyber Frontier: Digitalization of the Global South.” European Cybersecurity Journal (2) (2016): 82-94.
Schiff Berman, Paul. “The globalization of jurisdiction.” University of Pennsylvania Law Review 151, no. 2 (2002): 311-529.
Slaughter, Anne-Marie. “Sovereignty and power in a networked world order.” Stan. J. Int’l L. 40 (2004): 283.
Shackelford, Scott J., Scott Russell, and Andreas Kuehn. “Unpacking the international law on cybersecurity due diligence: Lessons from the public and private sectors.” Chi. J. Int’l L. 17 (2016): 1.
Tsagourias, Nicholas, and Russell Buchan, eds. Research handbook on international law and cyberspace. Edward Elgar Publishing, 2021.
[1] See Klejssen and Perri [ADD MORE].
[2] See Osiander, 2001.
[3] See Croxton, 1999.
[4] See Slaughter, 2004 for a discussion of various facets of sovereignty.
[5] No document better exemplifies this phase than Barlow’s 1996 “Declaration of the Independence of Cyberspace”, now hosted on the website of the Electronic Frontier Foundation, one of the most prolific defenders of Internet users.
[6] See Goanta, 2022.
[7] See Gibbs, 2014; Campbell-Dollaghan, 2018.
[8] See Leiner, Cerf et al., 2009.
[9] See Kornbluh, 2019. In addition, see https://personal.utdallas.edu/~bxt043000/Motivational-Articles/Big_Data-Have_we_seen_it_before.pdf [MUST FORMAT CORRECTLY AND FRAME]
[10] With one of the most recent and public iterations, In-Q-Tel, constituting the tech investment arm of the CIA.
[11] See Graham and Dutton, 2019.
[12] See Schia, 2016.
[13] Mills, p. 195
[14] Cinelli, p. 139
[15] The United States has eleven Combatant Commands. Three of them concern functional matters (special operations, strategy, and transportation); six of them concern geographic areas; and two of them concern non-territorial spaces (Cyber Command and Space Command). In US doctrine, cyberspace is a domain of operations, alongside space, air, sea, and land. No definition of “domain” is provided (https://www.nrdc-ita.nato.int/newsroom/insights/creating-competitive-space-through-a-framework-of-joint-all-domain-maneuver), which complicates the task of understanding the domain/territory relationship. However, at a planning level, this categorisation as a domain allows cyber to be included in Multi-Domain Operations alongside other territorial spaces.
[16] In contrast to the above approach, shared by NATO, Russian doctrine includes cyber operations under the hat of “information operations”, employing it in light of a “whole-of-society approach” (Flake, 2020).
[17] Cinelli [FIND PRECISE REFERENCE, ELABORATE]
[18] As in “outer space”; from now referred to through capitalisation.
[19] THIS IS A BIG ONE TO SUBSTANTIATE, I KNOW, BUT I THINK I CAN DO IT
[20] Mark Nottingham, “There Are No Standards Police,” Mark Nottingham, 2023, https://www.mnot.net/blog/2024/03/13/voluntary.
[22] “Sci-Fi Author: In my book I invented the Torment Nexus as a cautionary tale. Tech Company: At long last, we have created the Torment Nexus from classic sci-fi novel Don’t Create The Torment Nexus”, Alex Blechman, 2021.