From Nation-States to Cyberspace: Rethinking Sovereignty in the Digital Age

By Marc LeVan

Foundations of Sovereignty

The year is 1648. One of the longest and bloodiest conflicts in European history, the Thirty Years' War, has come to an end. Amidst the capacious battlefields and razed towns, diplomats gather and sign treaties in the German provinces of Münster and Osnabrück. They stitch together the tattered fabric of a war-torn continent with the Peace of Westphalia, and, in doing so, inadvertently establish the foundational tenets of state sovereignty: territorial integrity, non-interference, and sovereign equality. Although rooted in the sociopolitical realities of 17th century Europe, these principles continue to guide international jurisprudence to this day as undercurrents of international humanitarian law (“IHL”).

State sovereignty revolves around the power and authority of a nation-state over its territory and subjects, and such sovereignty is critical for the creation of volksgeist or “national spirit” — a concept that Georg Wilhelm Friedrich Hegel touched on in his Lectures on the Philosophy of History (see Part II, Section I: “The Elements of the Greek Spirit”; see also Part IV, Section II, Chapter III: “The Transition from Feudalism to Monarchy”). It follows that no state can violate the sovereignty of another without degrading domestic authority and the spirit of its people. However, the advent of cyberspace poses unprecedented challenges to this bedrock of international law. When digital interactions blur traditional territorial demarcations, how does sovereignty evolve?

Philosophical Underpinnings

Philosophical literature like Thomas Hobbes’ Leviathan and Jean-Jacques Rousseau’s The Social Contract have enriched our understanding of sovereignty. Both works acknowledged the necessity of a governing entity, albeit from differing perspectives. For Hobbes, the chaos of anarchy led individuals to cede freedoms to a powerful authority, the Leviathan, in return for protection (see Chapter XVII: Of the Causes, Generation, and Definition of a Commonwealth). Rousseau, however, saw sovereignty as a collective endeavor, emphasizing the interplay between common will and direct democracy (see Book I, Chapter VI: the Social Contract; see also Book I, Chapter VII: the Sovereign). Yet, how would these theories hold in the face of a cyberattack? Hobbes’ Leviathan, envisioned as a singular controlling figure, may flounder in the digital realm, struggling to exert tangible control on an amorphous entity.

Likewise, while the Westphalian system provides a framework for physical conflicts, it struggles in light of digital confrontations. For instance, IHL's principles of distinction and proportionality, which differentiate between combatants and civilians and limit excessive use of force, become murkier in cyberspace. How can states be held accountable when cyberattacks originate from unknown sources?

Challenges in the Digital Age

Consider the 2007 Estonia cyberattacks. Estonia, a nation known for its advanced digital architecture, was pulverized by a series of distributed denial-of-service (“DDoS”) attacks that targeted its banks, news outlets, and government institutions. These cyberattacks resulted in substantial economic and social disruptions. Given the political tensions between Estonia and Russia at that time, the Kremlin was quickly suspected. However, the elusive nature of cyber warfare prevented Estonian authorities from definitively attributing the attacks.

The 2014 Sony Pictures Hack illuminated the intricate web of accountability in cyber realms. A more insidious attack, the cyber-siege leaked confidential data, including unreleased films and sensitive employee information. The U.S. government quickly blamed North Korea’s “Lazarus Group,” determining that the attack was in retaliation against the upcoming release of The Interview, a satirical film depicting Kim Jong-un. While this incident did not culminate in a formal legal resolution, it underscored the potential of cyber operations as tools of political influence and the challenges of determining proportional response in the digital domain. That is, how might the U.S. respond to such an attack under the rules of IHL? The CIA could launch a digital counteroffensive on North Korea, but what would be a reasonable target?

Finally, the 2017 NotPetya Attacks further accentuated the potential use of cyber operations as political tools. The ransomware attack initially targeted Ukraine, but quickly spread globally, affecting multinational corporations and causing billions in damages. The CIA attributed the attack to the Russian military, asserting that it was not just a criminal act but a state-sponsored cyber operation with geopolitical motives. The incident highlighted the blurry lines between cybercrime and cyber warfare, raising concerns about state responsibility and sovereign interference.

Potential Solutions

Some international efforts have started to address the tension between sovereignty and cyberspace. Of note, a group of international legal experts collaborated to draft the Tallinn Manual, under the auspices of the NATO Cooperative Cyber Defence Centre of Excellence (“CCDCOE”). The manual aims to provide a comprehensive analysis of how current international law applies to cyber conflicts.

The first edition, released in 2013, predominantly focused on the most severe cyber operations, those that violate the prohibition of the use of force in international relations and those that occur during armed conflicts. The manual highlighted that while the digital landscape may be new, many of its challenges can be addressed within the existing frameworks of international jurisprudence.

Recognizing the limitations and the narrower scope of the first manual, the 2017 edition, Tallinn 2.0, expanded its purview. It delved into the more common, yet equally complex, cyber operations that fall below the thresholds of the use of force or armed conflict. While covering aspects of state jurisdiction, sovereignty, and due diligence, it offered a more comprehensive guide for states navigating the murky waters of cyber operations. In 2021, the CCDCOE announced that the third edition, Tallinn 3.0, was underway. Expected to release in 2026, Tallinn 3.0 will revise and expand upon the previous editions, considering perspectives from “governments, industry, and civil society.”

As scholars and policymakers grapple with the tension between sovereignty and cyberspace, several other potential solutions may emerge. International cybersecurity treaties, akin to the Geneva Conventions, could elucidate the rules of digital engagement while respecting sovereign boundaries both physical and metaphysical.

Furthermore, either as a branch of the International Court of Justice (“ICJ”), or as a freestanding tribunal, a “cyber court” could be formed, allowing for adjudication that not only settles international disputes, but also establishes jurisprudential norms. Likewise, revising the Rome Statute of the International Criminal Court (“ICC”) would allow state actors to face criminal punishment for cybercrimes.

Given the significant role of institutions and technologists, public-private partnerships could bolster cyber defenses and streamline responses to threats. A fundamental step would be investing in education and training, thus ensuring our workforce is well-equipped to counter cyber challenges. Moreover, ramping up research and development efforts in universities and think tanks could lead to advancements in secure technologies. Lastly, domestic legislation could define the United States’ treatment of cybercrimes on American soil. Embracing such multifaceted strategies could guide the U.S. and others in their navigation of the shifting sands of sovereignty.

Conclusion

The very nature of state sovereignty is evolving due to the philosophical conundrums posed by cyberspace. In the digital age, these debates take on new dimensions. In cyberspace, individual actors can wield power traditionally reserved for states. This decentralization of power prompts us to reconsider Rousseau's notion of the collective will and its place in the digital realm. Likewise, the openness of the Internet champions the ideals of Enlightenment thinkers, who valued individual liberty.

With cyber threats looming, states face the challenge of ensuring security, potentially at the cost of individual freedoms. Hegel emphasized the importance of national identity tied to territoriality. But in an age where digital communities transcend borders, how does our understanding of national identity and allegiance change? As we plunge deeper into the digital age, the fabric of sovereignty, intertwined with philosophical principles, will continue to evolve. With challenges abundant, states stand at a crossroads: they can redefine sovereignty for the modern era or risk obsolescence in a world where power dynamics are ever-shifting. As we stride forward, the balance between power, identity, and governance will dictate our shared digital future.