Canadian Lawyer InHouse

profile Contemplating the borders of cyberspace Counsel for international governance body explores legal boundaries of online spying. By Shane Schick Edward Snowden may have exposed countless secrets about the way governments are conducting cyber espionage on their own citizens and each other, but even he couldn't have been aware that as the National Security Agency/Prism scandal broke this past summer, Aaron Shull was quietly figuring out where the legal boundaries of online spying should lie. In August, Shull was appointed coun- sel and corporate secretary at the Centre for International Governance Innovation, a Waterloo, Ont.-based think-tank founded by former co-CEO of Research In Motion Jim Balsillie. Besides the more traditional duties expected of an inhouse lawyer and corporate secretary, Shull's appointment has also seen him jump head-first into CIGI's Global Security Program, contributing research that www.ca na dia nl awy e r m a g . c o m / i n h o u s E explores the legality of cyber espionage and the rules of attribution and state responsibility for offensive cyber activities. In October, for example, Shull travelled to Bali, Indonesia, where he presented a paper on cyber espionage and international law at the Global Internet Governance Academic Network (GigaNet). While the media was filled with headlines about Canada reportedly spying on Brazil and the United States monitoring German Chancellor Angela Merkel's mobile phone, Shull was making an argument that these activities may be even more legally contentious than most people realize. "The first question around cyber espionage is, is it illegal? And most people would tell you no," he says. "All you have to do is look at state practice. Countries spy on each other routinely, and as a consequence of that practice there are no rules prohibiting it." You could even go one step further, Shull says, and look at a famous case involving the SS Lotus which was put before the Permanent Court of International Justice in 1927. It was a jurisdictional dispute between the French and Turkish governments involving the collision of two steamships. Though many of the details have been forgotten, it gave rise to the Lotus principle, which says sovereign states may act in any way they wish so long as they do not contravene an explicit prohibition. Shull has a different take. His paper points to the 1970 Declaration on Principles of International Law concerning Friendly Relations and Co-operation among States in Accordance with the Charter of the United Nations. Better known as the Friendly Relations Declaration, it was used by the International Court of Justice in The Republic of Nicaragua v. The United States of America to prohibit any form of interference with the political, economic, and cultural elements of another state. "That's a starting point: We now know that there's a rule in international law that prohibits foreign interference. Then the question becomes, do international acts of cyber espionage offend that rule?" Shull asks. "And if they do, well then, it should be rightly considered illegal, notwithstanding that states routinely engage in it." december 2013/january 2014 • 43

• Cover