The elephant in the room: Coercion

Abstract

Dan Efrony and Yuval Shany’s article offers some critically important observations on the reception of the Tallinn Manual 2.0 by states, as well as subsequent state practice and opinio juris with regard to the international use of cyber operations. Based on their case studies, Efrony and Shany conclude that states have largely been reluctant to adopt fully the norms, premises, and analogies offered by the Tallinn Manual. The authors argue that there is a “deep uncertainty about the treatment of cyberspace as just another physical space, like land, air, or sea—over which states may exercise sovereignty or control.”1 The authors further explain that there is an “uneasy fit” between traditional international law regarding internal and external state power, and the regulation of a unterritorial cyberspace. In other words, cyberspace is a sui generis domain, such that analogies to physical-space domains are often ill-suited, and at times doomed to failure. In particular, Efrony and Shany’s eleven case studies suggest that the notion of coercion, a “requisite component of the non-intervention rule,”2 is becoming blurrier with the emerging state practice of offensive and defensive cyber operations and ought to be reconsidered, whether by states individually or through a subsequent multilateral codification of norms for international use of cyber capabilities. This blurring reflects the absence of any guiding norms and principles on what constitutes coercion, and it is arguably contrary to the ICJ judgment in Nicaragua,3 where the Court unequivocally held that “intervention is wrongful when it uses methods of coercion” and that coercion is “the very essence” of intervention.4 The ICJ’s view cannot hold in an era where cyberspace is used for harmful interference that cannot, almost by definition, be coercive. Coercion, as traditionally understood, is absent from all of the cyber interferences identified in Efrony and Shany’s eleven case studies, precluding a determination of illegality under international law. These case studies thus reveal that the Tallinn Manual’s reliance on a coercion standard in its rule on nonintervention is underinclusive, and therefore underprotective of essential state interests. Instead, cyber operations require a more nuanced definition of nonintervention that departs from the narrow coercion standard. Such a norm would not categorically condemn all interference, but rather reevaluate which cyber operations significantly jeopardize the internal and external affairs of a state, including election integrity, territorial and political sovereignty, self-determination, and many other values that international law has long recognized and defended from undue external influence.