baby don’t hurt me / don’t hurt me / no more
eurghhhhh this is a shit draft bleurgh
ok. let’s get real- it’s like a thousand times better than the first one. this one has a better structure, a more cohesive argument, and really, it’s not an unhinged (exclusively) vibes-based rant. here’s what else it isn’t: a good paper (yet), a well-researched paper, a paper that accurately represents my view.
great!
anyways.
Thinking outside the box buried underground:
advantages, implications and issues of cyberspace as a territory
Why would you want to think outside the box?
The box is steel, and locked, and buried deeply underground.
It’s so safe here. Why would you want to leave?
Welcome to Night Vale, ep. 118.
Introduction
This paper argues that cyberspace challenges the traditional – Westphalian paradigm of the centrality of state territory and that International Law is trying (without success) to maintain the validity of that paradigm by relying on physical infrastructure. International Law is playing catch-up to developments in this space, maintaining a conservative approach that does not correspond to reality, hampers enforcement and adjudication jurisdiction efforts, and might not stand the test of time. This opens up spaces for influence to nondemocratic States, often expressed through technical regulatory fora, with potential negative effects in terms of democratisation, transparency, and the upholding of human rights. This paper makes the argument this is a compelling reason to try and find a way to separate what we see as a better, more realistic conceptualisation of cyberspace from its recessive and authoritarian political implications.
The paper begins with working definitions, then outlines the difficulties of conceptualising jurisdiction in cyberspace. It critiques the current Western approach of using physical infrastructure as a jurisdictional basis, highlighting its flaws. It then proposes viewing cyberspace as a sui generis territory for jurisdictional purposes. The risks and limitations of this approach, particularly as promoted by Russia and China, are also discussed.
Working definitions
This paper attempts the difficult task of exploring a different conceptualisation of a space – cyberspace – based on first principles and on observation of its properties and characteristics. Thus, while this is no forum to put forward mathematically formal definitions, it is necessary to preface the argument by providing common-sense definitions for, or baselines of the conversation around, the following terms: physical space, cyberspace, territory, and sovereignty.
Physical space
For the purposes of this paper, we will define a physical space as wherever physical objects can be placed and located univocally (i.e., while the location of a physical object may change or be difficult to determine, it is nonetheless one and one alone; at a large enough scale, at least, a physical object cannot be located in more than one place at once). As a corollary, physical spaces are not manmade. While moving through a space may require advanced technologies (outer space being an obvious example) the space itself precedes human interaction with it.
Cyberspace
Cyberspace is both “a global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers”[1] and “the complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form”[2] (emphasis my own). The fact that both definitions come from the same source is a good descriptor of the level of agreement that exists concerning what exactly cyberspace exactly “is”.
In recognition of the validity of both the above perspectives and acknowledging the very real lack of consensus on this matter, we will not put forward a single common definition of cyberspace. Instead, we will refer to cyberspace as a non-physical space, encompassing a series of characteristics as outlined in the above authoritative definitions.
Territory
The definition of “territory” is even more contested – notwithstanding its much longer tradition and its foundational role in the Westphalian tradition of sovereign statehood[3]. This is a serious debate in scholarship and practice that this paper cannot aim to resolve. However, simply ignoring it would prevent the development of this argument. For our purposes, the notion of territory is deeply intertwined with that of jurisdiction – both in a prescriptive and an enforcement capacity.
For this reason, a clunky but fitting term to describe cyberspace may be “a-spatial territory” (referring to its dimension of emergent property) or “physical and non-physical territory” (including both the physical infrastructure network and its emergent properties).
Sovereignty
The principle of territorial sovereignty includes the right of a state to exercise jurisdiction within its own territory. Jurisdiction can be divided into three main types: prescriptive, enforcement, and adjudicative. Prescriptive jurisdiction refers to the power of a state to create, amend, and repeal laws, and it allows a state to establish norms and regulations that apply within its territory. Enforcement jurisdiction is the authority of a state to implement and enforce its laws. Finally, adjudicative jurisdiction pertains to the power of a state’s judicial system to interpret and apply the law, resolve disputes, and render legal judgments. A state’s right to exercise all forms of jurisdiction within its territory is a fundamental aspect of its sovereignty, closely linked to its independence and regarded as one of the rights flowing from sovereign statehood.[4] In the context of cyberspace, this traditional notion of sovereignty is challenged, as cyberspace transcends physical borders and requires a rethinking of how jurisdiction is applied in a digital environment.
Conceptualising jurisdiction in cyberspace
It is a self-evident fact that there has never been the need for an international legal framework divorced from physical space. Indeed, while areas such as the seas and outer space may defy parts of the traditional Westphalian conceptualisation of sovereign state territory and pose specific challenges for international law, they are nonetheless physical spaces as defined above.
Although the territorial nexus is far from the only jurisdictional basis[5], it was always available, not only as a reliable, time-honoured option, but also as the conceptual grounds for the existence of the international system as we know it. Although perhaps overplayed[6], the Westphalian heritage establishes sovereignty over territory as the constitutive pillar of statehood[7], which in turn is the constitutive pillar of the international order[8].
If there were a single, agreed-upon definition of what constitutes territory, it would be straightforward to analyse the characteristics of cyberspace and determine if it fits within that definition. Alternatively, it could be assessed whether cyberspace is merely an aspect or extension of other territories. These two perspectives correspond to viewing cyberspace either as a “domain” encompassing the network of all its infrastructures or as an emergent property of this network.
There is no compelling argument to exclude either of these definitions. An appropriate conceptualisation of cyberspace must include both views, but this duality has profound regulatory and jurisdictional implications.
Conceptualizing jurisdiction in cyberspace presents a significant challenge due to its unique and inherently transnational nature. Traditional notions of territoriality are ill-suited to a domain where actions can have immediate and far-reaching impacts across the globe, often without clear geographical boundaries. However, the solution of considering cyberspace as a global commons, while potentially interesting, is unsatisfactory in practice, because of the very not-common interests and structures behind it[9].
The current solution: the physical link fictio juris
The current prevailing approach to regulating cyberspace often hinges on the physical location of the underlying infrastructure[10]. The current reliance on the physical link fictio juris represents an attempt to apply conventional territorial principles to a non-physical domain. This fictio juris connects the physical world to the virtual one based on the physical position of cyber infrastructure within a state’s territory. This approach aligns with the Westphalian order, where the enforcement of International Law is almost exclusively territorial, upholding state sovereignty through the principle of non-intervention. Consequently, reflections on International Law in cyberspace primarily focus on the jurisdiction to prescribe and to adjudicate.
This method, however, is piecemeal and inadequate. Data can traverse multiple jurisdictions almost instantaneously, complicating the enforcement of laws and the protection of rights. Additionally, the virtual nature of cyberspace allows individuals and entities to operate across borders with relative ease, posing challenges for traditional regulatory frameworks. For this reason, enforcement and adjudication jurisdiction based on “mapping” cyberspace to physical locations encounter extreme challenges that risk rendering them near useless. On the other hand, prescriptive jurisdiction does indeed benefit from the usage of this more traditional framework, but, while it is formally preserved, it is thus substantially hollowed by its difficulty in dealing with cyberspace as an emergent property. Indeed, when applied using conventional territorial principles, enforcement jurisdiction constitutes a patchwork approach that leaves ample room for exploitation.
Why change?
I argue that cyberspace exhibits enough emergent properties to warrant its conceptualization as a different kind of space, formed out of the combination of the globally distributed infrastructure that underpins it, the data layer that runs on it, and the emergent ecosystem of information, interaction, and power that constitutes most user/citizens’ experience of cyberspace.
Competing jurisdictions – passive and active personality, as well as functional and territorial – are not news in International Law. However, what is news is that at any given time, the data that is exchanged between the two people and the company may be located in more than one of those jurisdictions following the criterium of territorial infrastructure links. A user may be a citizen of country A, located in country B, accessing a service that is provided by a citizen of country C, working in country D for a company headquartered in country E, by using infrastructure such as servers located in countries F and G, and physical network infrastructure such as undersea cables connecting country B with country H through the territorial waters of country I and – for good measure – some open seabed. Additionally, the issue becomes further complicated if the service is used to attack an objective in country J.
Recognising cyberspace as a sui generis territory to achieve a legal framework that better fits the realities of cyberspace and its users would necessitate a deep reimagining of jurisdictional principles. However, this effort to create a more accurate picture – a sort of territorial but de-spatialised jurisdiction – would pay off by enabling more effective regulation, enforcement, and adjudication. It would address the inherent complexity of cyberspace, where physical and non-physical dimensions are deeply intertwined.
Traditional arguments in favour of a functional jurisdictional nexus highlight the difficulty in establishing a link between physical infrastructure and logical connections, and the legal uncertainty around the status of infrastructure located in spaces outside national jurisdiction. A more integrated approach, taking the “space” part of “cyberspace” seriously, would involve treating cyberspace as a territory in its own right. Indeed, this would align with State practice concerning the interpretation of whether cyberspace constitutes a “space”, especially as related to warfare [11], and at least in Western doctrine[12].
Advocating for the creation of an ex-novo framework to reconceptualise the application of international law to cyberspace is not merely an academic exercise. The current framework for applying international law to cyberspace, as outlined above, is not only theoretically unsatisfactory, but it also leads to practical negative consequences. For instance, the main international fora following this ill-fitting conception often push the actual regulation and creation of cyberspace into the purview of technical standardization fora, which may lack the democratic oversight, transparency, and human rights considerations of more formal international legal frameworks[13].
Such an approach would allow enforcement jurisdiction to both respect territorial jurisdiction, as redefined, and be effective. As for jurisdiction to prescribe and adjudicate, their development would benefit from this approach too, because it would allow for more clarity, fewer voids and overlaps, and because the three facets of jurisdiction are interlinked.
The problem is that it requires a redefinition of territory, a rethinking of the meaning of territory as a fabric of affordances that can be acted upon. It forsakes some of the assumptions inherent in physical territories: in addition to the aforementioned principle of univocal positionality, the fact that a constant and limited amount exists to split. It requires the awareness that while space is a natural physical dimension, territory is socially, politically, and – in this case – technically constructed.
This is an attempt to break the concept of territory free of its three-dimensional underpinnings. In such a setup, the physical position of cyber infrastructure would not be rendered irrelevant, but rather considered as only one constitutive element of positionality in cyberspace. In cyberspace, every asset– from economic activity to political action, from currency to identity, is backed not by space, but by information. The fabric of traditional territory is time and space. The fabric of cyberspace is time and information.
Why this idea holds very little traction
This idea is not unpopular only because of the natural attrition surrounding any perspective paradigm shift – especially considering that the current system somewhat still works, even though more and more scenarios where it does not are slipping through the cracks. However, this line of reasoning risks ushering in an avalanche of cyberspace fragmentation, which can lead to stronger authoritarian control if states use the concept of cyberspace as a distinct territory to justify extensive surveillance and restrictive measures.
The idea of considering cyberspace as a different kind of territory is typically advanced by non-Western jurisdictions, which reclaim their chance at influencing this key topic. For example, China’s March 2017 International Strategy for Cooperation in Cyberspace asserts that the principle of sovereignty applies in cyberspace, emphasizing that “no country should pursue cyber hegemony, interfere in other countries’ internal affairs, or engage in, condone or support cyber activities that undermine other countries’ national security.”[14] Similarly, Russia’s approach to internet governance emphasises “territorial” authoritarian management, involving extensive state control and surveillance over internet activities within its borders.
By enacting hard limitations to the ability to visit certain Internet contents on users located within their territory (the “Great Firewall”) and/or actively enforcing takedowns of unwanted information (Roskomnadzor), these two countries act as an unwitting testing ground for their own preferred theory of cyberspace as territory. Indeed, their more internationally inclined citizens use Virtual Private Networks (VPNs) to spoof their physical location to somewhere else in the world and access different content, effectively (illegally) “travelling” to a different jurisdiction.
These countries’ actions effectively fragment the global internet into national segments, something Western jurisdictions ostensibly strongly opposes. Indeed, other legal traditions are keen on relativizing some principles that the West would prefer to enshrine as absolute, such as human rights and privacy. However, facing growing geopolitical tensions with these nondemocratic countries, even the West seems to be faltering in this commitment, further showing the difficulty of upholding this traditionalist view without working to adapt it to cyberspace as it really is[15].
Thus, it may be argued that the West resists the idea to “graduate” cyberspace to a “real” territory out of an instinct to defend its legacy (except when conducting warfare, at which point it becomes a domain of operations alongside other territorial domains). Perhaps more critically, the infrastructure of cyberspace – at many layers, not just the physical – in many ways traditionally centres the US, and such a global dominance would raise more than a few eyebrows if a more territorial conception let it be interpreted as an “invasion” of other countries’ cyberspaces, or a stifling of their resources and development. The battle for the conceptualisation of the internet as a territory is not only fought in jurisdictional interpretation, but also in structural, technical change[16].
Conclusions
This paper critically examined the inadequacies of applying traditional territorial principles to cyberspace regulation. Its central thesis posited that the prevailing territorial nexus underpinning international law is insufficient for governing cyberspace, necessitating a reconceptualisation of jurisdiction and territoriality in this unique domain.
We argued that cyberspace’s emergent properties justify treating it as a distinct territory, which should lead to more effective regulation, enforcement, and adjudication. This perspective, however, faces resistance due to fears of fragmentation and authoritarian misuse, as evidenced by approaches in China and Russia. These countries use the concept of cyberspace sovereignty to justify extensive state control, posing significant risks to human rights and privacy at both emergent and infrastructural levels.
Despite these challenges, the paper argues for a nuanced approach that integrates both the physical and emergent properties of cyberspace. This approach would address the complexities of cyberspace while upholding fundamental principles of justice and human rights. By rethinking cyberspace regulation, the international community can develop a more coherent and effective framework, better suited to the realities of the digital age.
Ultimately, the trade-off we face is accepting the current, flawed state of cyberspace regulation to prevent a potentially more detrimental scenario. However, by reconceptualising cyberspace as a sui generis territory, we can create a more robust and equitable regulatory system, balancing the need for state sovereignty with the imperative of protecting democratic values and human rights in the digital realm.
Bibliography
Brighenti, Andrea. “On Territory as Relationship and Law as Territory.” Canadian Journal of Law and Society/La Revue Canadienne Droit et Société 21, no. 2 (2006): 65-86.
Caeiro, Carolina. “Standards: The New Frontier for the Free and Open Internet.” DNS Research Federation, 2023. https://dnsrf.org/blog/standards–the-new-frontier-for-the-free-and-open-internet/index.html.
Council on Foreign Relations. “Internet Governance Doublespeak: Western Governments and the Open Internet.” No date. https://www.cfr.org/blog/internet-governance-doublespeak-western-governments-and-open-internet.
Croxton, Derek. “The Peace of Westphalia of 1648 and the Origins of Sovereignty.” *The International History Review* 21, no. 3 (1999): 569-591.
Flake, Lincoln. “Russia and Information Warfare: a Whole-of-Society Approach.” *Lithuanian Annual Strategic Review* 18, no. 1 (2020): 163-175.
Franzese, Patrick W. “Sovereignty in Cyberspace: Can It Exist.” *Air Force Law Review* 64 (2009): 1.
Kleijssen, Jan, and Pierluigi Perri. “Cybercrime, Evidence and Territoriality: Issues and Options.” *Netherlands Yearbook of International Law 2016: The Changing Nature of Territoriality in International Law* (2017): 147-173.
Moynihan, Harriet. “The Application of Sovereignty in Cyberspace.” Chatham House, 2019. https://www.chathamhouse.org/2019/12/application-international-law-state-cyberattacks/2-application-sovereignty-cyberspace.
Nanni, Riccardo. “Whither (De) Globalisation? Internet Fragmentation, Authoritarianism, and the Future of the Liberal International Order: Evidence from China.” *The Pacific Review* (2023): 1-25.
National Institute of Standards and Technology. *Guide for Conducting Risk Assessments (Special Publication 800-30 Revision 1)*. 2012. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf.
National Institute of Standards and Technology. *Guideline for Smart Grid Cybersecurity (NIST Interagency Report 8074 Volume 2)*. 2015. https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8074v2.pdf.
Osiander, Andreas. “Sovereignty, International Relations, and the Westphalian Myth.” *International Organization* 55, no. 2 (2001): 251-287.
Schmitt, Michael N., ed. *Tallinn Manual on the International Law Applicable to Cyber Warfare*. Cambridge: Cambridge University Press, 2013.
Slaughter, Anne-Marie. *A New World Order*. Princeton: Princeton University Press, 2004.
United Nations General Assembly (UNGA). “Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.” UN Doc A/68/98, 24 June 2013.
United Nations General Assembly (UNGA). “Report of the Group of Government Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.” UN Doc A/70/174, 22 July 2015.
Xinhuanet. “International Strategy of Cooperation on Cyberspace.” March 1, 2017. http://www.xinhuanet.com//english/china/2017-03/01/c_136094371_5.htm in Moynihan, 2019.
[1] National Institute of Standards and Technology. Guide for Conducting Risk Assessments (Special Publication 800-30 Revision 1). 2012. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf.
[2] National Institute of Standards and Technology. Guideline for Smart Grid Cybersecurity (NIST Interagency Report 8074 Volume 2). 2015. https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8074v2.pdf.
[3] Brighenti, Andrea. “On Territory as Relationship and Law as Territory.” Canadian Journal of Law and Society/La Revue Canadienne Droit et Société 21, no. 2 (2006): 65-86.
[4] Moynihan, Harriet. “The Application of Sovereignty in Cyberspace.” Chatham House, 2019. https://www.chathamhouse.org/2019/12/application-international-law-state-cyberattacks/2-application-sovereignty-cyberspace.
[5] Kleijssen, Jan, and Pierluigi Perri. “Cybercrime, evidence and territoriality: Issues and options.” Netherlands Yearbook of International Law 2016: The Changing Nature of Territoriality in International Law (2017): 147-173.
[6] Osiander, Andreas. “Sovereignty, International Relations, and the Westphalian Myth.” International Organization 55, no. 2 (2001): 251-287.
[7] Croxton, Derek. “The Peace of Westphalia of 1648 and the Origins of Sovereignty.” The International History Review 21, no. 3 (1999): 569-591.
[8] Slaughter, Anne-Marie. A New World Order. Princeton: Princeton University Press, 2004 for a discussion of various facets of sovereignty.
[9] Franzese, Patrick W. “Sovereignty in Cyberspace: Can It Exist.” Air Force Law Review 64 (2009): 1.
[10] Schmitt, Michael N., ed. Tallinn Manual on the International Law Applicable to Cyber Warfare. Cambridge: Cambridge University Press, 2013. Rule 9: “14. A State may exercise territorial jurisdiction over: (a) cyber infrastructure and persons engaged in cyber activities on its territory; (b) cyber activities originating in, or completed on, its territory; or (c) cyber activities having a substantial effect in its territory. 15. A State may exercise extraterritorial prescriptive jurisdiction with regard to cyber activities: (a) conducted by its nationals; (b) committed on board vessels and aircraft possessing its nationality; (c) conducted by foreign nationals and designed to seriously undermine essential State interests; (d) conducted by foreign nationals against its nationals, with certain limitations; or (e) that constitute crimes under international law subject to the universality principle.” United Nations General Assembly (UNGA). “Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.” UN Doc A/68/98, 24 June 2013.
United Nations General Assembly (UNGA). “Report of the Group of Government Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.” UN Doc A/70/174, 22 July 2015. “State sovereignty and international norms and principles that flow from sovereignty apply to State conduct of ICT-related activities, and to their jurisdiction over ICT infrastructure within their territory”.
[11] The United States has eleven Combatant Commands. Three of them concern functional matters (special operations, strategy, and transportation); six of them concern geographic areas; and two of them concern non-territorial spaces (Cyber Command and Space Command). In US doctrine, cyberspace is a domain of operations, alongside space, air, sea, and land. No definition of “domain” is provided (NATO. “Creating Competitive Space through a Framework of Joint All-Domain Maneuver.” NATO Rapid Deployable Corps Italy, no date. https://www.nrdc-ita.nato.int/newsroom/insights/creating-competitive-space-through-a-framework-of-joint-all-domain-maneuver) which complicates the task of understanding the domain/territory relationship. However, at a planning level, this categorisation as a domain allows cyber to be included in Multi-Domain Operations alongside other territorial spaces.
[12] In contrast to the above approach, shared by NATO, Russian doctrine includes cyber operations under the hat of “information operations”, employing it in light of a “whole-of-society approach” (Flake, Lincoln. “Russia and Information Warfare: a Whole-of-Society Approach.” Lithuanian Annual Strategic Review 18, no. 1 (2020): 163-175.).
[13] For an interesting look at China’s double positioning as a staunch defender of its domestic cyberspace sovereignty, while also encouraging ever growing participation in international regulatory fora, see: Nanni, Riccardo. “Whither (De) Globalisation? Internet Fragmentation, Authoritarianism, and the Future of the Liberal International Order: Evidence from China.” The Pacific Review (2023): 1-25.
[14] Xinhuanet. “International Strategy of Cooperation on Cyberspace.” March 1, 2017. http://www.xinhuanet.com//english/china/2017-03/01/c_136094371_5.htm in Moynihan, 2019.
[15] Council on Foreign Relations. “Internet Governance Doublespeak: Western Governments and the Open Internet.” No date. https://www.cfr.org/blog/internet-governance-doublespeak-western-governments-and-open-internet.
[16] Caeiro, Carolina. “Standards: The New Frontier for the Free and Open Internet.” DNS Research Federation, 2023. https://dnsrf.org/blog/standards–the-new-frontier-for-the-free-and-open-internet/index.html.