'The Final Frontier of Cyberspace: The Seabed Beyond National Jurisdictioon and the Protection of Submarine Cables by Douglas Guilfoyle, Tamsin Phillipa Paige and Rob McLaughlin in (2022) 71(3) International & Comparative Law Quarterly 657 - 696 comments
Cyberspace is now acknowledged not only as the newest domain of warfare, but also as a space vital to economic, educational and cultural development for all States. This thin consensus ignores the fundamental fact that the backbone of cyber infrastructure—submarine telecommunication cables—is not (for the large part) located within sovereign territorial jurisdiction. The radically increased reliance of States upon submarine data cables emphasises their vulnerability to damage by malicious acts, accidents, or natural phenomena. Faced with these problems, legal analysis has tended to identify gaps or deficiencies in the law, and propose the creation of new legal instruments. The contribution of this article is twofold. First, it expands the frame of analysis to include deliberate damage to cables not only in peacetime but under the law of armed conflict. Second, rather than treating the legal framework as inherently deficient, it considers the extent to which existing rules and principles can be progressively developed, interpreted, or creatively applied to close perceived gaps. This article surveys the existing law specific to the protection of submarine cables and assesses how general principles of the law of the sea, State responsibility, the law on the use of force, and the law of armed conflict apply to this problem. It thus considers in turn the applicable ‘law of peace’, the jus ad bellum and the jus in bello.
The authors argue
Liberal Western States are calling for an Internet which is fundamentally free, open, and secure while authoritarian States prioritise ‘cyber sovereignty’ and an Internet which is free from criminality, secessionism and terrorism. Nevertheless, there is now widespread agreement that existing public international law applies to cyberspace and, in particular, certain principles derived from sovereignty, including the right of States to exercise jurisdiction over those aspects of the material infrastructure underpinning cyberspace which are located within their territory (albeit that the concept of ‘sovereignty’ in cyberspace is still debated in some quarters).
This thin consensus, however, ignores the fundamental fact that the backbone of cyber infrastructure—submarine telecommunication cables—is not (for the large part) located within sovereign territorial jurisdiction. This means that the increasing utility of these cables beyond data transfer—for example, as a source of environmental data —will create further tensions between States; as the ITU has noted, such use of submarine data cables in the EEZ has raised questions as to the applicability or otherwise of the UNCLOS marine scientific research regime to these cables.
This increased utility, and the radically increased reliance of States upon submarine data cables for data transfer, serves to emphasise the potential consequences of their vulnerability to damage by malicious acts, accidents, or natural phenomena. These vulnerabilities extend beyond international communications to financial, data storage and service provision, and to the military sectors. It is, for example, a commonplace that US$10 trillion of transactions take place via the undersea data cable network daily; beyond this, a majority of Europe's data is stored in US data centres and relies on cable connectivity for access. Increasingly, major cloud-based corporations such as Google, Amazon and Meta are investing in submarine cables or rolling out their own proprietary cables. They are doing this in part to facilitate access to their cloud-based services for overseas customers. One goal of Google's new ‘Firmina’ cable was to connect customers in Argentina, Brazil and Uruguay with Google services. Universities and commercial organisations increasingly rely on cloud-based providers for their data storage and email provision. This rise of ‘software as a service’ means that the applications used on our desktop or laptop computers may actually be based in another country. Thus ‘as individuals and businesses increasingly rely on the cloud to perform basic functions, reliable access to that cloud is not merely important – it is critical’, and that access for many States relies upon submarine cables. Governments too are vulnerable, as ‘[d]iplomatic cables and military orders largely pass through … privately owned cables’.
The political, social and economic consequences of interference with these cables therefore cannot be underestimated. This is exponentially so for some States—such as Kiribati, Tonga, and the Marshall Islands —which are currently serviced by a single data cable. Recently, a volcanic eruption off Tonga severed the country's sole cable between 15 January and 22 February 2022 largely cutting the country off from communication with the rest of the world.
Presently, more than 98 per cent of all data traffic is carried by just over 400 undersea data cables globally. Critical ‘bottlenecks’ link numerous cables in Egypt, Guam and Hawaii—the latter being both exposed to volcanic damage and accounting for up to 70 per cent of Australia's international connectivity. Terrestrial cable networks offer a partial, but potentially limited and vulnerable, alternative. The US, Canada and Mexico can perhaps be treated as one integrated North American bloc linked through terrestrial cables. The same is not necessarily true of other continents. The overland cable networks connecting Europe and Southeast Asia, for example, all run through Russia and China, putting those two governments in a position to monitor or interrupt communications.
While it may be the case that ‘it has long been held that submarine cables are legitimate wartime targets’, increased dependence on them now means that the consequences of severing of a submarine telecommunications cable as part of an armed conflict, whether by a State or non-State actor, would be severe and could be felt in every corner of the globe. Alarmingly, a characteristic of the race to weaponise and securitise cyberspace has been the lack of restraint shown by many actors.
Faced with these problems, the tendency of legal analysis has been to identify gaps or deficiencies in the law, and propose the need either for the creation of new legal instruments or the urgent conclusion of a multilateral treaty making intentional damage to cables an international crime. Nonetheless, such projects have had to acknowledge the unlikelihood of major legal reform and in particular of concluding new treaties. The contribution of this article to the literature is twofold. First, it expands the frame of analysis to include deliberate damage to cables not only in peacetime, but under the law of armed conflict. Second, rather than treating the legal framework as inherently deficient, it considers the extent to which existing rules and principles can be progressively developed, interpreted, or creatively applied to close some of the perceived gaps.
This article will thus survey the existing law specific to the protection of submarine cables as well as assess how general principles of the law of the sea, State responsibility, the law on the use of force, and the law of armed conflict apply to this problem. It thus considers in turn the applicable ‘law of peace’, the jus ad bellum and the jus in bello. For reasons of space, it is beyond the scope of this aticle to consider the potential role of submarine cables as a vector for foreign espionage or interference operations against a target State.
