Academic journal article Texas Law Review

Give Them an Inch, They'll Take a Terabyte: How States May Interpret Tallinn Manual 2.0's International Human Rights Law Chapter

Academic journal article Texas Law Review

Give Them an Inch, They'll Take a Terabyte: How States May Interpret Tallinn Manual 2.0's International Human Rights Law Chapter

Article excerpt

The development of norms for [S]tate conduct in cyberspace does not require a reinvention of customary international law, nor does it render existing international norms obsolete. Long-standing international norms guiding [S]tate behavior-in times of peace and conflict-also apply in cyberspace.1


The recent publication of Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, the "follow-on initiative [expanding Tallinn Manual 7.0's] scope to include the public international law governing cyber operations during peacetime,"2 is a truly remarkable accomplishment in both cyber and international law. Unquestionably, it is the most comprehensive work ever written to describe how international law regulates cyber activities that take place below the use-of-force threshold. As this Article underscores, the significance of the Manuals publication is further enhanced by its Chapter seeking to "articulate[] Rules indicating the scope of application and content of international human rights law [(IHRL)] bearing on cyber activities."3

An international group of "scholars and practitioners with expertise in the legal regimes implicated by peacetime cyber activities"4 (International Group of Experts) authored the Manual (Tallinn 2.0) between 2013 and 2016 over the course of a series of formal meetings and workshops held in Tallinn, Estonia.5 Like the Manual itself, it is inevitable that the Manuals IHRL Chapter will be studied and debated endlessly. Less concerned with this overall debate than with the need for practitioners to understand specific assertions made within the human rights Chapter, this Article closely examines certain key terms in the text to ascertain their impact on daily cyber activities at the State (national) level. A granular view of the IHRL Chapter reveals these key terms to be often vague and ill-defined, resulting in definitional gaps capable of being used by States to undermine IHRL progress over time.

After background discussion laying the foundation for IHRL and identifying the actual human rights contemplated by the International Group of Experts in the IHRL Chapter (Part II), this Article identifies several important yet undefined terms and concepts throughout the work. Part III centers on perhaps the most significant example of an undefined concept, "countering terrorism,"6 which the Experts state without further explanation to be a "legitimate purpose" allowing States to monitor online communications without violating the right to privacy.7 While the International Group of Experts offers checks on possible abuse, this section demonstrates the challenges of constraining a State intent on using the "countering terrorism" exception to swallow the rule requiring States to respect and protect international human rights.8 Even key terms such as the word "terrorism" are nebulous to the reader and exemplify the ambiguity on which a State may rely to limit human rights.9

Part IV analogizes the gaps in 2.0 to a similarly critical, unforeseen gap in Tallinn 1.0 (above the use-of-force-threshold activities) to illustrate how both manuals similarly act as a general framework for application of international law to cyber activities while leaving specifics to be filled in by State practice. Although the International Group of Experts is not optimistic there will be more than a paucity of State practice10 available due to secrecy challenges, and provides another vague term suggesting "effective measures"11 will be allowed, this Article suggests there are examples of unclassified, ongoing State practices that both help define the vague "effective measures" term and indicate the ability to overcome the secrecy challenge in this area. Unclassified U.S. cyber programs designed to gather intelligence, map networks, and prepare for military operations against an adversary in the cyber realm are described here in an effort to illustrate the (perhaps) overstated secrecy concerns. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.