The Application Of The Principle Of Distinction Under Law Of Armed Conflict In Cyberspace

Currently there is no specific international rules concerning cyber armed conflict.Despite the technical difficulties of attribution,the principle of distinction,as one of the cardinal principles under law of armed conflict,shall be applied to cyberspace.Due to the embryonic state practice and the absence of treaties and judicial decisions on the emerging field of cyber warfare,in order to maximize the protection of the interests of civilians,the rules concerning the principle of distinction need to be further tailored and clarified.The principle of distinction can be divided into the distinction concerning non-human targets and the distinction concerning human targets.In summary,the principle of distinction requires that combatants and other military objectives to be distinguished from protected persons and objects,and only the former can be targeted.Due to the anonymity of cyberspace and the characteristics of high inter-connectivity,the application of this traditional principle in cyber armed conflicts has been severely challenged.Cyber attack is a key concept when involving the issue of distinction in cyber context.Using “kinetic effect equivalent standard” to define cyber attack as “a cyber operation that is reasonably expected to cause injury or death to persons or damage or destruction to objects” is reasonable at present.However,it is still difficult to operate in terms of confirming the existence of damage and the assessment of damage,and there would be a legal lacuna when there is no physical consequences of a cyber attack,ergo it is more appropriate to use the “functional standard” for reinforcement.For the distinction concerning non-human targets,only military objectives can be attacked while all civilian objects are protected under law of armed conflict.Given that cyberspace has great military potential,from the standpoint of preventing the over-militarization,it is more reasonable to define military objectives in a relative strict way.Combined with the characteristics of cyberspace,this paper focuses on the issues of whether dual-use objects and digital data can be identified as military targets.With regard to the former,dual-use objects appear in large numbers in cyberspace,such as satellites,routers,power grids,nuclear power plants,etc.,and the positioning of such objects does not exceed the legal dichotomy of military objectives and civilian objects.All dual-use objects must cumulatively fulfill both “effective contribution” and “definite military advantage” criteria to become military objectives,otherwise they are still civilian objects.In case of doubt on the dual-use object's military status in cyberspace,it shall be presumed not to be so used.Regarding the latter,in military operations,the value of the data itself is likely to be much higher than its carrier,such as computer hard drives,mainframes,and so on.Concerning whether the data per se can constitute a military objective,there is currently no clear attitude from the states,but it has caused controversy in the academic discussion.Scholars' views can be divided into three categories: negative theory,affirmation theory and taxonomy.If the digital data is not included in the scope of “object”,it will not be recognized as a military objective,but it will not be recognized as a civilian object either.The deletion and tampering of military or civil data will become a blind spot in the norms of law of armed conflict,ergo the data should constitute an “object” and constitute a military target under certain conditions,otherwise,the civil data is protected under the law of armed conflict.For the distinction concerning human targets,only combatants can be attacked while all civilians and civilian population are protected under law of armed conflict.Civilians shall enjoy the protection unless and for such time as they take a direct part in hostilities.The traditional law of armed conflict is based on the fact that the belligerent parties can visually see and identify each other,thus it requires combatants to distinguish themselves from civilians by means of carrying arms openly and having a fixed distinctive sign recognizable at a distance.However,this is apparently not practical in the cyber context,where anonymity is the normal statusand where it is impossible to tell who is sitting in front of a computer.For the identification of cyber combatants,more attention should be paid to the subtantial elements,such as “belonging to one party of the conflict” and “having a certain degree of organization and the superior-subordinate structure”,rather than the formal elements,such as “carrying arms openly”.In addition,due to the low cost and professionalism of cyber operations,the participation rate of civilians in cyber military operations has reached an unprecedented level.The identification of civilians directly participating in cyber hostilities is of great practical significance.The Interpretative Guidance proposed by ICRC provides a basic framework,which requires the three elements,namely the threshold of damage,direct causal link and the belligerent nexus should be met cumulatively.The framework can provide reference for its application in cyberspace,but it still needs some clarification: the threshold of harm requires objective likelihood instead of mere subjective intention provided by Tallinn Manual 2.0,and the belligerent nexus should be confirmed while the causality should be proximate.The temporal scope of the loss of protected status for civilians is further complicated by the emergence of delayed effects and repeated cyber hostilities.The prohibition of indiscriminate attack is a derivative of the prohibition against attacks on civilians and civilian objects,which includes at least two situations: the use of indiscriminate weapons and the indifference attitude of the attacker to civilian casualties or damage to civilian objects.The use of cyber weapons of an indiscriminate nature,such as viruses and worms that cannot target certain military targets,should be banned,as should the use of chemical and biological weapons.The 2010 Stuxnet worm was designed specifically to attack Iran's nuclear operating system,while the means of attack appeared to be indiscriminate,the consequences were limited to Iran's nuclear facilities.