ASP20 Side Event: The Application of the Rome Statute of the International Criminal Court to Cyberwarfare

20TH SESSION OF THE ASSEMBLY OF STATES PARTIES

9 December 2021

Name of the Event: The Application of the Rome Statute of the International Criminal Court to Cyberwarfare (co-hosted by: Argentina, Austria, Belgium, Costa Rica, the Czech Republic, Estonia, Liechtenstein, Luxembourg, Portugal, Spain, and Switzerland)

Report by:  Lilian Srour, Junior Research Associate PILPG-NL

Highlights:

  • Members of the Council of Advisors (the Council), authors of the Report on the Application of the Rome Statute of the International Criminal Court to Cyberwarfare, discussed the main findings, offering valuable insights on the applicability of the Rome Statute to cyberwarfare.

  • The Council is in agreement that, at present, the Rome Statute does not need to be amended to encompass cyber warfare under the crimes listed. 

  • To clarify remaining ambiguities relating to the applicability of the Rome Statute to certain cyber warfare, panelists suggested that the Office of the Prosecutor issues a Policy Paper on the matter of cyberwarfare, or perhaps to establish a state-led working group in the ICC addressing cyber warfare.

Speakers:

  • Christian Wenaweser, Permanent Representative of Liechtenstein to the United Nations;

  • Oona A. Hathaway, Gerard C. and Bernice Latrobe Smith Professor of International Law at Yale Law School;

  • Jennifer Trahan, Clinical Professor at NYU's Center for Global Affairs and Director of their Concentration in International Law and Human Rights;

  • Charles C. Jalloh, Professor of Law at Florida International University;

  • Matt Cross, Office of the Prosecutor at the International Criminal Court (ICC);

Summary of the Event:

Christian Wenaweser, Permanent Representative of Liechtenstein to the UN, opened the side event.  The event was dedicated to discussing the Council of Advisers’ Report on the Application of the Rome Statute of the International Criminal Court to Cyberwarfare.   Wenaweser highlighted the importance of having this conversation in light of the upcoming 20 year anniversary of the Rome Statute.  In emphasizing that “online cyber operations have become an unfortunate and nearly daily occurrence, they do not occur in a law-free domain, but are subject to various bodies of international law, including the Rome Statute”, he underlined that such crimes could be investigated and prosecuted at the International Criminal Court (ICC) without an amendment of the Rome Statute.

Oona A. Hathaway, Council Member, began her comments by emphasizing that the crime of aggression is addressed first in the Report, recognizing its centrality in answering questions on the applicability of crimes to the cyber realm.  Hathaway explained that there were many areas where the Council was in agreement, and other areas where there had not been sufficient development in the law to allow for consensus.  She said that “one clear area of certainty is that the prohibition of the use of force does apply in cyberspace”, explaining that there could be a violation of the crime of aggression.  Council advisors noted that cyber warfare does not fit into the state-centric focus of the act of aggression, however, concluded that article 8bis of the Rome Statute contains a non-exhaustive list, allowing the ICC to find other uses of force that constitute an act of aggression.  Hathaway further elaborated on discussions surrounding the threshold of “manifest violation” under article 2(4) of the UN Charter, underlining that greater clarity is needed on this in the cyber context.

Jennifer Trahan, Council Member, began by repeating that the Council is in agreement that no amendment of the Rome Statute is necessary and that “a severe enough cyber-attack has the potential to fit into each of the crimes”.  She further acknowledged that there are questions as to what  “severe enough” and to reach a “threshold” constitute.  She explained the different forms of cyber-attacks, ranging from attacks committed solely in the cyber realm to attacks that constitute elements of a physical attack.  In answering the question of how genocide could be committed solely through a cyber-attack, Trahan provided an example of an attack committed on the cooling system of a nuclear power plant, which could result in the release of radiation.  After providing in-depth insights on the different elements of cyber-attacks and the findings of the Report, Trahan suggested two ideas moving forward: (1) issuing a policy paper by the Office of the Prosecutor (OTP) on the applicability of cyber-attacks to the Rome Statute, or (2) the OTP assessing questions relating to, for instance, the destruction of data, when discussing the element of gravity under the Statute.  In conclusion, Trahan suggested the ICC increase its expertise on the matter of cyber-attacks, considering the unfortunate possibility that these may take place in the future.

Charles Jalloh, Council Member, began by explaining the significance of the rule of law for the maintenance of international peace and security, pointing to the dramatic progress in technology over the last years.  He noted that, despite the positive progress, this also creates the possibility of malicious cyber operations that could lead to the commission of crimes under the Rome Statute, raising again the question of the threshold for the application of the international criminal law regime.  Jalloh discussed the findings of the Report concerning how, in the view of the Council, the crimes against humanity provision in article 7 of the Rome Statute may apply to cyber warfare.  After providing an insightful and in-depth account of the relevant elements, Jalloh recounted the findings of the Report, whereby the Council concluded that cyber operations could potentially satisfy each of the contextual elements of crimes against humanity.  Nonetheless, he acknowledged that certain challenges remain, for instance, relating to proving intent.  Conclusively, Jalloh suggested the appointment of a Special Advisor on cyber warfare, or a state-led working group in the ICC.  

The last speaker, Matt Cross, from the Office of the Prosecutor, identified three strong themes in the Report.  First, the Report views the Rome Statute providing new insights on how the ICC can remain useful in current matters, such as cyber warfare.  Second, the Report stresses connections between international law more generally and the Rome Statute.  Cross explained that, when discussing cyber conflict, international criminal law “is one aspect of that discussion, but it is a much broader discussion”, emphasizing that other fields of law, such as public international law and humanitarian law, are all evolving to deal with this new challenge together.  In this regard, he said that the Report stresses areas where scholarship has reached some degree of consensus, allowing for reflection on discussions in other areas.  Third, the Report provides food for thought on how the Rome Statute may be adapted to better deal with these new challenges. In discussing article 8 of the Rome Statute relating to cyber conflict in war crimes, Cross explained that, although the Report recognized that conduct in the cyber realm can amount to war crimes, “that does not necessarily mean this is going to happen very often”.  

Wenaweser ended the event by mentioning that 2022 will be an important year to talk about the relevance of the Rome Statute, which has “stood the test of time”, particularly with a focus on its applicability in the cyber realm.