Through frequent posting and an understanding of what emotionally moves her followers (which she already has, since she has managed already to amass millions of followers who consistently engage with her content), Trinity would be able to create in her followers the desire to commit genocide against the target group. Once she has cultivated the genocidal attitude she wants, she will have potentially thousands of people across the world who share her desire to destroy the group. At this point, she will be able to begin the process of inciting real violence toward the group.

This hypothetical relies on the efforts of one individual with a large following, but the use of social media by terrorist groups in order to spread the group’s message, and even to incite violence, has been already occurred. ISIS, for example, has used social media to recruit and to spread propaganda.2 Propaganda has of course been used in the incitement of genocide in the past, but what makes the use of social media to incite genocide particularly dangerous is the fact that it can reach greater amounts of people across the world. This hypothetical focuses on one person who already has a large follower base rather than a group for the sake of simplicity and clarity.

B. Hypothetical B

Imagine an individual who desires not to incite genocide through the use of social media, but instead, to commit genocide. The individual’s goal is to use social media to reach members of the target group and cause serious mental harm, with the end goal of destroying the target group. He would create content that mentally manipulates members of the target group with the ultimate goal of leading members of the target group to commit self harm and suicide. For the sake of clarity, this individual will be referred to as Thomas.

Like the first hypothetical, this act would require some kind of a large following, or, in this case, any way to spread the content that would make sure it reaches members of the target group. Content that harms the target group enough that it could eventually lead to physical harm to the group would have to be very serious. It would need to be more than mere hate speech, and would be specifically tailored to achieve a significant reaction among members of the group. For this hypothetical, imagine that Thomas utilizes videos meant to influence young members of the target group, teens and young adults, to commit suicide. Studies on the effects of social media on youth show that the graphic and frequent portrayal of self harm leads to increased likelihood that teens and young adults will engage in these behaviors.3 By creating videos that appeal to individuals of the target group or by manipulating the social media pages of those in the target group to ensure that they see the content, Thomas could show young members of the target group videos that depict self harm and methods of committing suicide with enough frequency to lead the members of the target group to engage in those practices. Alternatively, he could create a series of posts or videos similar to the blue whale challenge. Using the formula of the blue whale challenge, Thomas would create videos that give tasks to viewers, which in Thomas’s case would be members of the target group, that culminate in the viewers being led to commit suicide.

The blue whale challenge has been reported as a game on social media that targets youth. The game directs participants through a series of videos to secretly complete tasks which become progressively more harmful, ultimately ending with the participants being directed to commit suicide in order to finish the game.4 Discussions of this game do not indicate that it was targeted at any particular group other than young people in general, but content like the blue whale challenge could be used to target members of a certain group by someone who wished to commit genocide against them. This could be done by posting content of the game on forums or social media groups aimed at the target group, or by taking advantage of social media algorithms to reach members of the target group on their accounts. Once the game is shown to those in the target group, it could be conducted similarly to the blue whale challenge, and members of the target group rather than youth in general would be encouraged to engage in self harm and eventually suicide. This is the method that Hypothetical B focuses on.

II. Hypothetical A Could Fall Under the Rome Statute’s Definition of Genocide

Article 25(3)(e) of the Rome Statute states that:

[I]n accordance with this Statute, a person shall be criminally responsible and liable for punishment for a crime within the jurisdiction of the Court if that person: […] (e) in respect of the crime of genocide, directly and publicly incites others to commit genocide.5

Hypothetical A, depending on the circumstances of the act, could fall under this definition. Trinity (the celebrity from Hypothetical A) could be found to be criminally liable for committing genocide if she directly and publicly incited others to commit genocide, which she would do through her social media accounts.

The Genocide Convention’s definition of incitement to commit genocide requires that the incitement be direct and public.6 International courts like the International Criminal Tribunal for Rwanda and the International Criminal Tribunal for the Former Yugoslavia (ICTY) have interpreted the meaning of these terms in prosecuting incitement to commit genocide. In The Prosecutor v. Pauline Nyiramasuhuko et al., the International Criminal Tribunal for Rwanda stated that in order for the incitement to be direct, it must specifically provoke another person to engage in acts that qualify as genocide under the statute:

It must be more than a vague or indirect suggestion, and an accused cannot be held accountable for this crime based on hate speech that does not directly call for the commission of genocide.7

This means that Trinity would have to do more than create posts that make hateful or derogatory comments about the target group. It would not be enough to post often about Trinity’s hatred for the target group or to make negative statements about the target group.

However, the Tribunal did emphasize that the call to the commission of genocide does not have to be explicit if in the context of the statement, it is clear that the meaning of the statement was a direct appeal to commit genocide.8 For example, if Trinity posted one day that “we should all start treating [the target group] the way they really deserve to be treated” that would not be a direct incitement to commit genocide because it does not necessarily suggest the commission of any genocidal act. That statement is so vague that it could refer to anything. On the other hand, Article 6 of the Rome Statute states that killing members of the target group (with the requisite intent to destroy the group) is genocide.9 If Trinity posted videos of members of the target group being killed and said “when I say you should treat [members of the target group] the way they deserve to be treated, this is what I mean,” then in context, that could be considered direct incitement to kill members of the target group. However, in order for this statement to qualify as direct incitement, the statement would have to not be ambiguous within that context.10 If Trinity posted about “treating them the way they deserve to be treated” and it was very clear in context that she meant to kill members of the target group, then that could qualify as direct incitement. If it was ambiguous, either because she only used the term as a euphemism for kill once and it was not clearly meant to convey that meaning, or because she also used the term “treat them the way they deserve to be treated” to mean other things in other posts, it would likely not qualify as direct incitement.

In order to tell the difference, the Tribunal offered one way to determine what the speech means in context. It suggested that the speech be evaluated based on how it was understood by the intended audience. If there were thousands of comments from her followers expressly stating that they understood she meant kill when she used the term “treat them the way they deserve to be treated” (for example, if followers had discussions about how Trinity had to use the term “treat them the way they deserve to be treated” when she meant kill in order to not be removed from the social media platform), then the context of her statements would make it clear that she was engaging in the direct incitement to commit genocide because her followers understood her to be directing them to kill. Therefore, whether or not her incitement was direct could be easily understood if her language was clear, or it could be ascertained using the context of her statement and the way it was understood by her followers. Both could result in her statement being found to be a direct incitement to commit genocide.

In addition to being direct, Trinity’s statements would also have to be public in order to fit under the definition of incitement to commit genocide. The Appeals Chamber in The Prosecutor v. Pauline Nyiramasuhuko et al. stated that:

[A]ll convictions before the Tribunal for direct and public incitement to commit genocide involve speeches made to large, fully public assemblies, messages disseminated by the media, and communications made through a public address system over a broad public area.11

Under this definition of public, the public requirement for incitement to commit genocide would be relatively easy to meet for this hypothetical. When Trinity posts, her content is seen by her millions of followers as well as anyone with whom those followers might share her posts. Although social media posts are not made through the traditional media or the other public sources utilized by perpetrators convicted of genocide in the past, it is likely that Trinity’s posts would quality because they would be seen by just as many if not more people. Her posts would also be available to viewers across the world rather than limited to one area the way a speech given to a large, public assembly would be. Her posts would almost certainly meet the definition of public.

The hypothetical in which Trinity is a celebrity with millions of followers would make it possible for her posts to meet both the direct and public requirements, but if a different individual, someone with only a thousand followers, or only five followers, made posts with the intention of inciting genocide, the analysis might be different. For someone with only a few followers, the speech would have to be more explicit to be considered a direct incitement, because with a smaller audience, or no audience participation at all, it would be more difficult to rely on context and the way the audience understood the message. Still, a post made by someone with only five followers could still qualify as direct, because it could explicitly tell others to commit acts that would fit the definition of genocide.

The public requirement would be the more serious challenge for prosecuting a poster with a small number of followers. Trinity is clearly making a public statement when she addresses millions of followers. Not every follower is going to see her post, but many of them will, and many people who do not follow her will see her posts when the posts are shared or interacted with by her followers. Someone with only a few followers, however, might make a post that is only seen by those five followers, only a few of them, or even none of them. Given that the requirement is that the incitement be public, not simply that it be heard by someone other than the speaker, it seems unlikely that someone who had five followers would be thought of as making a public statement. This is especially true considering the fact that all of the convictions for the International Criminal Tribunal for Rwanda, which has played a role in interpreting these terms, involved speeches given to a large public audience, broadcasted by the media, or made through a public address system over a large area. Making a post on social media that will probably only be seen by a few followers would be akin to making the statement at a small party, and that would probably not be enough to amount to a public statement.

If five followers is not enough, however, the question becomes how many are enough? Would one thousand followers be enough, taking into account the fact that not every follower is going to see the post? If someone like Trinity shared the post made by someone with only a few followers, would the original poster’s statement then be considered public because it had the capacity to be shared to a wide group and then actually was, even though the poster did not choose for that to happen? Due to the nature of social media, namely the fact that posts can be shared, it is not clear what would meet the public requirement and what would not.

One aspect of the Rome Statute that might limit the practical importance of these questions is the gravity requirement. Article 17(1)(d) states that a case will be inadmissible where “the case is not of sufficient gravity to justify further action by the Court.”12 Even if a post made by someone with five followers might qualify as public due to the potential for the post to be shared and then seen by many more people, the Prosecutor might find that the post is so unlikely to gain any traction that it would not justify further action by the Court. However, the gravity requirement is argued to be a very low threshold, meant to keep out offenses such as small, isolated war crimes, rather than excluding crimes like genocide that are grave per se.13 Marco Roscini, a professor of international law at the University of Westminster Law School argues that “cyber conduct constituting, instigating or facilitating an act of genocide will not need to result in a high number of casualties to be considered admissible.”14 Thus, the legal gravity requirement is thought to be very low, and is arguably likely to be met by any incitement to genocide should the Prosecutor use his discretion to take the case.

In fact, it is the Prosecutor’s discretion that offers another reason to think that a post technically inciting genocide in a direct and public way still might not meet the gravity requirement. In addition to the legal gravity requirement in Article 17(1)(d), there is also the practical consideration that the Prosecutor has limited resources and cannot, and arguably should not, take on every case that falls under the jurisdiction of the Court. The Prosecutor has to make decisions about what cases, according to his own judgment, best serve the interests of justice and the Court. Therefore, there is a relative gravity requirement as well in choosing what cases to take on.15 The relative gravity requirement is higher than the legal gravity requirement; not every case that technically qualifies as incitement to genocide would be considered worthy of pursuit by the Prosecutor. The relative gravity requirement would probably make it unlikely that the Court would indict someone for incitement of genocide if he made a social media post that would only be seen by five followers. Even once a certain number of viewers was deemed “public” for the purpose of the definition, it would be up to the Prosecutor’s discretion to determine how many viewers (among other circumstances) would be enough to make the case important enough to pursue.

Posts inciting genocide made by Trinity, which would potentially meet the direct and public requirements, would be subject to the same discretion of the Prosecutor. If Trinity reached a large audience in her incitement to genocide but there was no loss of life in the target group, then the Prosecutor might find that, given the seriousness and high death toll of other crimes under his jurisdiction, this case did not warrant investigation by the Court. On the other hand, he might find that given the publicity of Trinity’s posts and the rise in attention to cyber crimes across the world that investigating Trinity’s crimes would be an important deterrent of future cyber crimes of this nature.16 In that case, a low death toll, or no death toll at all, might still warrant investigation and indictment by the Court. Therefore, it is certainly possible that Hypothetical A would meet the Rome Statute ’s definition of genocide and be investigated by the International Criminal Court, assuming that the case met the intent requirement.

III. Hypothetical B Could Qualify as Genocide Under the Rome Statute

Article 6(b) states that:

[F]or the purpose of this Statute, ‘genocide’ means any of the following acts committed with intent to destroy, in whole or in part, a national, ethnical, racial or religious group, as such: […] (b) Causing serious bodily or mental harm to members of the group.17

Hypothetical B focuses on how Thomas could use social media to cause harm to members of the target group by making videos similar to the blue whale challenge that influence those members to commit serious bodily injury to themselves.

If Thomas’s conduct meets the definition of genocide under the Rome Statute, it would most likely be because it falls under Article 6(b), causing serious mental harm to members of the target group. Many scholars argue that for mental harm to qualify under the Statute, it must be manifested physically.18 Nema Milaninia, a trial attorney with the Office of the Prosecutor for the International Criminal Court, argues that nothing in the Genocide Convention states this requirement, and such a requirement would render the rule redundant. Thomas’s content would qualify as serious mental harm that does manifest physically, so under either interpretation, Thomas’s content could potentially be an act of genocide. Courts have recognized “threats of death and knowledge of impending death; acts causing intense fear or terror; surviving killing operations; forcible displacement; and ‘mental torture’ ” as causing mental harm under the Statute.19 A series of videos or posts that encourage the target group to engage in self harm or suicide would likely qualify as mental harm.

In addition to qualifying as mental harm, the harm also has to be considered serious. The analysis of whether an act of mental harm is considered serious is done by looking at the totality of the circumstances, in which the Court will look at all of the related acts together to evaluate whether the acts caused serious mental harm, rather than looking at the acts one by one.20 For example, in The Prosecutor v. Rukundo, the International Criminal Tribunal for Rwanda did not have direct evidence of the mental state of a victim of sexual assault, but they looked at the circumstances of the assault to determine whether serious mental harm existed.21 The Court considered the victim’s relationship to the accused, her sexual inexperience, and the fact that the perpetrator had carried a weapon.22 Using all of these factors considered together, the Court determined that the victim would have suffered serious mental harm from the assault.

If Thomas made a series of videos each progressing in seriousness that were meant to be viewed in succession by a member of the target group (a system where the victims watched the first video, did the assigned task, and then progressed to the next video), then the Court, in evaluating whether serious mental harm had been inflicted on the victim, would have to look at all of the videos together, as well as any other posts or circumstances that would play a role in the victim’s mental state. The Court might take into account what the videos said, whether any graphic content in the video would be particularly disturbing for the victim, and any potentially harmful effects of the videos being aimed at the target group in particular, to decide if under these circumstances the mental harm would be serious. Alternatively or in addition, of course, the Court could use victims’ own statements of the harms that they suffered. In The Prosecutor v. Popovićet al., the Court relied on other circumstances because it had very little evidence of the victim’s mental state from her own words. If victims were willing and able to come forward, then their testimony would help the Court determine the seriousness as well.

The Trial Chamber for the ICTY suggested in its analysis of the case The Prosecutor v. Tolimir that in order to find serious mental harm that qualifies as genocide, the perpetrator’s act must be a proximate and direct cause of the mental harm.23 For Thomas’s content to be considered to have caused serious mental harm, his content would have to be the direct cause of the harm, meaning that the harm would not have occurred but for his act of posting the content. His content would also have to be the proximate cause of the harm, meaning that the mental harm done to the victims was a foreseeable consequence of Thomas’s actions. If victims participated in Thomas’s challenge and sustained serious mental harm as a result, that would make his actions a but-for cause of the harm. Also, since the purpose of his content is to cause members of the target group to sustain harm, it would be very difficult to argue that such harm was not foreseeable, so his actions would also be a proximate cause. Therefore, Thomas’s actions would likely fit the causal requirements implicit in the Trial Chamber’s analysis.

One potential argument against this hypothetical qualifying as serious mental harm is the fact that victims can choose at any point to disengage from the game, or not to take part in it in the first place. It could be argued that if the harm they were suffering really was serious, then they could at any time log off and not watch the videos. This makes it very different from a situation in which victims of a target group are tortured or forcibly removed from their homes, because in those situations, the victims have no opportunity to escape the treatment. However, psychological studies on youth have shown that social media can contribute significantly to suicidality in teens and young adults, especially those with pre-existing mental health issues.24 These harms occur despite the fact that users can cease their use of social media at any time. Whether or not the victims could stop viewing Thomas’s content at any time should be irrelevant to the analysis, because if the victims have viewed it, and they suffered serious mental harm as a result, it is still Thomas’s genocidal act that caused their harm. The victims’ choice to view the content has not prevented the individual with genocidal intent from causing serious mental harm to the target group. There is nothing in the Statute that requires that the victims be unable to escape the harm.

Nonetheless, the Prosecutor could consider the existence of choice in his analysis of the relative gravity of the crime. He might find that the Court’s resources are better spent on instances of genocide in which the victims did not have any avenues of escape, allowing responses from other governmental agencies or organizations to respond to social media attacks like Thomas’s. Perhaps due to the choice involved in these kinds of challenges, outreach efforts created to spread awareness of the attacks and warn potential victims how to spot and avoid this content would be sufficient to protect the target group. The existence of this possibility may lead the Prosecutor to determine that there are other cases that more warrant the resources of the Court. On the other hand, researchers have found that even posts attempting to spread awareness of the blue whale challenge in order to protect people from its content still have the potential to contribute to the self harm contagion, a phenomenon in which internet users with mental illness are influenced to engage in more self harm or suicide ideation due to the way these topics are addressed in media and on social media.25 The potential for attempts at spreading awareness to cause more harm than good might lead the Prosecutor to find a case like Thomas’s to be worth pursuing.

The potential for an attack like Thomas’s to be committed anonymously raises further issues for the Prosecutor to consider in investigating the case. Cyber attacks can be more difficult to prosecute than more traditional forms of genocide because the perpetrator can make the attack without revealing his identity to anyone. Attribution is a difficult problem in prosecuting cyber attacks in general because it is difficult to find the source and perpetrator of the attack.26 This obviously increases the costs of prosecuting the attack, but it could be argued that it makes it more worthy of pursuit. Since anonymity makes a cyber attack more appealing for would-be perpetrators, it may be even more important for the Court to make an example out of the perpetrators that they are able to identify. By pursuing instances of genocide conducted through social media, the Prosecutor can send a message that there is a lot of risk in such attacks because the Court will make the effort to find and punish the perpetrators. Still, knowing that they can act anonymously may cause perpetrators to feel that even if someone else is convicted by the Court for a social media focused cyber attack, the risk of getting caught is low and the act is still worth attempting. These are the kinds of issues that the Prosecutor will have to take into account in considering whether a case like Thomas’s should be investigated by the Court.

Although Hypothetical B focuses on posting content similar to the blue whale challenge, it is not difficult to imagine other uses of social media that might lead to serious mental harm and fall under the Statute ’s definition of genocide. Given that cyberbullying has been shown to have a significant adverse effect on the mental health of victims,27 it might be argued that if a perpetrator targeted individual members of a target group through cyberbullying that that might qualify as genocide as well. The constant posting of extremely graphic videos depicting violence against the target group, especially when sent to the members of the target group themselves rather than posted publicly, might also be found to be a serious enough harm. What makes Hypothetical B a useful example, however, is that it would likely qualify as genocide even if a physical manifestation of the harm is required, since it clearly leads to physical harm to the target group. Therefore, it shows how social media could be used to commit what would qualify as genocide under the Rome Statute.

IV. Both Hypotheticals Could Meet the Intent Requirement Depending on the Circumstances

To prosecute a perpetrator for genocide, the Rome Statute requires more than proof that the act was committed and that the perpetrator intended to commit that act. In addition, there is the dolus specialis, the requirement of a special intent to destroy a protected group in whole or in part.28

It is not enough that Thomas in Hypothetical B wanted to create a program like the blue whale challenge in order to influence teens and young adults to commit self harm. In order for that act to qualify as genocide, the Prosecutor must prove that Thomas created this program to influence teens and young adults of the target group to commit self harm because he wanted to destroy the target group in whole or in part. The Prosecutor must prove that Thomas actually intended for the content to reach the target group and cause them harm because he had the desire for his content to contribute to the destruction of the target group.

The acts must be committed against members of the target group because they are members of the target group. The International Law Commission stated that the “[t]he action taken against the individual members of the group is the means used to achieve the ultimate criminal objective with respect to the group,”29 and that “the intention must be to destroy the group ‘as such’, meaning as a separate and distinct entity, and not merely some individuals because of their membership in a particular group.”30 For Trinity in Hypothetical A, for example, this means that the Prosecutor would have to prove that Trinity wanted her followers to commit acts of violence against members of the target group, not only because she wants harm to be caused to be members of the target group, but because she has a desire to destroy the target group itself.

Intent is a difficult requirement in prosecuting the crime of genocide because it requires that the mental state of the perpetrator be proven when the defendant may not have ever admitted such a mindset.31 In fact, Josef Kunz has stated that:

[I]t has been said that this specific criminal intent makes the Convention useless; that governments, less stupid than that of National Socialist Germany, will never admit the intent to destroy a group as such, but will tell the world that they are acting against traitors and so on.32

He argues that it is very unlikely that perpetrators of genocide will admit that they had the requisite intent. Further, it can be difficult to prove someone’s mental state when their words claim a different motivation. However, even without a confession as to the intent of the crime, international tribunals have found the intent to commit genocide using other evidence. The International Criminal Tribunal for Rwanda has looked at factors like “the scale of atrocities committed, their general nature, a local region or country, or furthermore, the fact of deliberately and systematically targeting victims on account of their membership of a particular group, while excluding the members of other groups” in order to find intent.33

Instances of genocide committed through the use of social media face this same requirement and some of the challenges that it brings. Like other perpetrators of genocide, perpetrators using social media to incite others to commit genocide or to commit acts of genocide themselves may deny having a genocidal intent, and in that case the Prosecutor would need to find other evidence to establish the requisite intent. However, in certain situations, proving genocidal intent for an act conducted through social media might be easier than proving intent for more traditional forms of genocide. In the case of more traditional forms of genocide, there are often other possible motivations for the potentially genocidal behavior. Perpetrators who murder members of the target group could be doing so due to a desire to destroy that group, or they could be doing so because they are at war with the people in that area over a piece of land, and the people involved in that war happen to be of the target group. In that case the reason for the behavior would not be to destroy the target group but something else entirely. For example, in The Prosecutor v. Tolimir, the Appeal and Trial Chambers found that the Bosnian women and children had suffered serious mental harm as a result of forced displacement and the harmful circumstances involved in that displacement.34 In a case like Tolimir that involves forced displacement, a tribunal might find the dolus specialis of intent to destroy the target group, but that same act by a different perpetrator might have been motivated by concerns that are not related to genocide. It could be a matter of the perpetrators wanting to remove the group in order to take land for themselves.

In the case of genocide committed through social media, however, it might be easier to prove that the motivation was genocidal. When perpetrators are explicit about their hatred of the target group and their desire to destroy that group, it is obviously easier to prove intent. The large amount of documentation by German leaders of their intent to eradicate Jewish peoples during the Holocaust is an unusual example of perpetrators of genocide being forthcoming with their intent.35 In cases like that, it is easy to prove the dolus specialis. Genocide committed through social media might be another instance of genocidal intent being broadcasted more openly. Because the internet is not limited to one’s own region of the world, users can reach people outside of their own country or area. If perpetrators seek out members of the target group regardless of where in the world they are living, then it will be much harder to argue that the perpetrators only tried to harm those particular people because they are at war with them or because they have certain territory that the perpetrators want. By using the internet to connect with members of the target group around the world, perpetrators will make it more clear that destroying the target group was their intention.

In Hypothetical A, Trinity’s posts call for violence against members of the target group. Since her posts can be seen by viewers all over the world, it will be clear that the reason she is targeting these individuals is because of their membership in the target group and not for reasons related to their location, like her desire to remove a group from land that she wants to occupy. Her intent to target this group may also be clearly proven because her posts specify that group itself. She does not call for violence against people who do not support her, or people who engage in certain behaviors. She explicitly calls for violence against members of the target group, so her intent to cause harm to members of the target group will be clear from her posts. The Prosecutor would still have to prove that her intent in inciting violence against members of the group was specifically to destroy the group itself and not just to harm individual members of the group, but the fact that she has already made her intentions to cause harm to the target group clear would make the proving a lot easier.

In Hypothetical B, whether it would be easier to prove Thomas’s intent to destroy the group than it would be to prove the intent of any other perpetrator of genocide depends on how Thomas goes about reaching the members of the target group. If Thomas’s videos are explicitly labeled as being aimed at the target group, or if the content of the video addresses members of the target group directly, then it would be reasonably easy to prove his intent to destroy members of the group. Depending on what is said in the videos, it might even be easy to prove that he is trying to destroy the group itself rather than just individual members of the group. If Thomas does not explicitly refer to the target group in the videos and has other methods of ensuring that they are the ones who view his content, like manipulating the algorithms on whatever social media site he uses to make sure that his videos are shown to the desired group members, that might make proof more difficult. Still, the Prosecutor could introduce evidence of whatever efforts Thomas makes to reach the target group in order to prove that he intended for them to be harmed specifically.

For both hypotheticals, the fact that the genocidal act is being done through social media helps to make proving the dolus specialis of intent easier than it would be with more traditional forms of genocide like murder, displacement, and other acts of violence. The fact that the perpetrators in these hypotheticals use words rather than physical violence provides useful evidence of intent.

V. Conclusion

As use of the internet progresses, the world will have to contend with the proliferation of cyber crimes by state actors and by individuals. In the Preamble to the Rome Statute, the State Parties declared their determination to “put an end to impunity for the perpetrators of these crimes and thus to contribute to the prevention of such crimes.”36 In order to live up to this goal, the International Criminal Court must be prepared to address the crimes under its jurisdiction in all forms, including in the form of cyber crime. Genocide, perhaps the most serious crime over which the Court has jurisdiction, may be perpetrated through cyber attacks, and the Court ought to be prepared. Perpetrators with the intent to commit genocide may choose to do so using social media. As long as the act falls under the definition of genocide under the Statute, the crime should be considered genocide by the Court even though it is undertaken through social media rather than through more traditional means.

Hypothetical A may fit under the definition of genocide as an incitement to commit genocide. Social media offers perpetrators a platform to directly and publicly incite violence against a target group because it allows posters with a large follower base to reach millions of people with their message. Such behavior could fall under the definition of genocide depending on the particular circumstances of the case.

Hypothetical B also has the potential to fall under the Statute ’s definition of genocide. By making videos similar to the blue whale challenge that influence viewers to commit self harm and even suicide and using this content to cause serious mental harm to members of the target group, a perpetrator may commit an act of genocide using social media.

Although social media has the potential to offer perpetrators the opportunity to reach a larger group of victims from the target group, it may also be easier for the Prosecutor to prove the dolus specialis of intent to destroy the target group in whole or in part and prosecute the perpetrators.

In order to fulfill its mission of punishing perpetrators of genocide and deterring future genocidal acts, the Court ought to be aware of the possibility that genocidal actors may seek to harm others through the use of social media. Awareness of this potential threat may allow the Court to adjust to the world of cyberspace and prevent the perpetration of these crimes.

Endnotes — (click the footnote reference number, or ↩ symbol, to return to location in text).

1. 1.

   Rome Statute of the International Criminal Court, Adopted by the United Nations Diplomatic Conference of Plenipotentiaries on the Establishment of an International Criminal Court, Jul. 17, 1998, U.N. Doc. A/CONF.183/9, as amended [hereinafter Rome Statute], Art. 5, available online. ↩

2. 2.

   Piotr Łubiński, Social Media Incitement to Genocide: ECHR Countries’ Perspective, in The Concept of Genocide in International Criminal Law 262, 268 (Marco Odello & Piotr Łubiński eds., 2015), available online.  ↩

3. 3.

   Amro Khasawneh, Kapil Chalil Madathil, Emma Dixon, Pamela Wiśniewski, Heidi Zinzow & Rebecca Roth, Examining the Self-Harm and Suicide Contagion Effects of the Blue Whale Challenge on YouTube and Twitter: Qualitative Study, 7 JMIR Mental Health  (Sep. 6, 2020), available online,  doi.  ↩

4. 4.

   Id. ↩

5. 5.

   Rome Statute, supra note 1, Art. 25(3)(e). ↩

6. 6.

   Łubiński, supra note 2. ↩

7. 7.

   Id. at 269 quoting The Prosecutor v. Pauline Nyiramasuhuko et al., ICTR-98-42-T, Judgement and Sentence, n.5986 (TC II, Jun. 24, 2011) [hereinafter Nyiramasuhuko], available online.  ↩

8. 8.

   Id. ↩

9. 9.

   Rome Statute, supra note 1, Art. 6(a). ↩

10. 10.

    Łubiński, supra note 2, quoting Nyiramasuhuko. ↩

11. 11.

    Id. ↩

12. 12.

    Rome Statute, supra note 1, Art 17(1)(d). ↩

13. 13.

    Marco Roscini, Gravity in the Statute of the International Criminal Court and Cyber Conduct that Constitutes, Instigates or Facilitates International Crimes, 30 Crim. L. Forum  247, 269–70 (2019), available online,  doi.  ↩

14. 14.

    Id. at 270. ↩

15. 15.

    Id. ↩

16. 16.

    Id. ↩

17. 17.

    Rome Statute, supra note 1, Art. 6(b). ↩

18. 18.

    Nema Milaninia, Understanding Serious Bodily or Mental Harm as an Act of Genocide, 51 Vand. J. Transnat’l L.  1381, 1393 (2018), available online.  ↩

19. 19.

    Id. at 1394. ↩

20. 20.

    Id. at 1397. ↩

21. 21.

    Milaninia, supra note 18, at 1397 quoting The Prosecutor v. Rukundo, ICTR-2001-70-T, Judgement, ¶ 388 (TC II, Feb. 27, 2009), available online.  ↩

22. 22.

    Id. ↩

23. 23.

    Milaninia, supra note 18, at 1398 quoting The Prosecutor v. Tolimir, IT-05-88/2-A, Judgement, ¶ 761 (TC II, Dec. 12, 2012), available online.  ↩

24. 24.

    Khasawneh et al., supra note 3. ↩

25. 25.

    Id. ↩

26. 26.

    Gary D. Brown & Keira Poellet, The Customary International Law of Cyberspace, 6 SSQ  126, 133 (2012), available online.  ↩

27. 27.

    Khasawneh et al., supra note 3. ↩

28. 28.

    Article 17. Crime of Genocide in Report of the International Law Commission on the Work of its Forty-eighth session, 6 May-26 July 1996, U.N. Doc. A/51/10, 44, ¶ 19 (1996), available online.  ↩

29. 29.

    Id. ¶ 6. ↩

30. 30.

    Id. ¶ 7. ↩

31. 31.

    Habtamu Dugo & Joanne Eisen, Proving Genocide in Ethiopia: The Dolus Specialis of Intent to Destroy a Group, 10 A:JPAS  133, 135 (Sep. 2017), available online.  ↩

32. 32.

    Id. quoting Josef L. Kunz, The United Nations Convention on Genocide, 43 Am. J. Int’l L.  738, 743 (Oct. 1949), available online,  doi.  ↩

33. 33.

    Id. ↩

34. 34.

    Prosecutor v. Tolimir, supra note 23. ↩

35. 35.

    Dugo & Eisen, supra note 31, at 143. ↩

36. 36.

    Rome Statute, supra note 1, at Preamble. ↩

Treaties, conventions, state practice do not provide clear answers. Specialized conventions for cyberwarfare have not been negotiated and state practice—where it exists in the first place—is inconsistent and unclear. Hence, we need to turn to interpreting existing treaties, which were made for conflicts from another era.

The following comment will attempt to delineate the circumstances under which economic cyber crime might fall under the Rome Statute.3 When the comment makes reference to “economic cyber attacks,” it means cyber attacks attributable to sovereign states that are conducted primarily for financial gain, either by theft, extortion, or a similar method. Also, it will focus on questions of substantive law, not on questions of procedure and admissibility.

This comment first looks at economic cyber attacks as possible war crimes under Art. 8 of the Rome Statute and as a potential violation of Art. 8 bis. As war crimes require can only be committed during an armed conflict, the comment then moves on to examine if and when cyber attacks can trigger such armed conflict. The conclusion shows the impracticality of the current system and the resulting need for reform and international treaty recognition of cyber crimes and cyberwarfare.

II. The Rome Statute and Economic Cyber Crimes

So far, cyber crime and cyberwarfare in international law has been mostly confined to discussions lecture halls and war rooms instead of multilateral negotiating tables. The Rome Statute is no exception, as it does not feature special rules for crimes committed via the internet or cyber conflicts. Of course, the Statute does not prohibit considering economic cyber attacks, either. Therefore, digital hostilities might be prosecutable under several of the Statute ’s articles.

In particular, it is conceivable that an economic cyber attack constitutes a war crime under Art. 8 of the Rome Statute. Under this provision, “serious violations of the laws and customs applicable in international armed conflict” are punishable.4 The norm’s catalogue enumerates eight general war crimes in Art. 8(2)(a), another 26 acts that constitute war crimes when conducted during the course of International Armed Conflicts in Art. 8(2)(b), and 19 war crimes of Non-International Armed Conflicts in Arts. 8(2)(c) and 8(2)(e). Following the outlined conception of an economic cyber attack as a state-sponsored actor attacking financial infrastructure in another state, this comment is limited to considering International Armed Conflicts.5 This is not to say, of course, that this kind of attack is inconceivable in a non-international armed conflict and many of the following considerations apply there, too.

Within the catalogue of Art. 8, several offenses stand out: pillaging,6 the destruction and appropriation of civilian objects,7 and the intentional attack of civilian objects.8 Beyond Art. 8, the Crime of Aggression as enshrined in Art. 8 bis will also be examined.

A. The War Crime of Pillaging

Commonly, we refer to pillaging as incidents of theft and robbery in the face of catastrophes, violence or other breakdowns of the public order. In the context of wars and armed conflicts, its prohibition is an almost universally acknowledged principle of the jus in bello. While the language of Art. 8(2)(b)(xvi) of the Statute has its roots in the Hague Conventions,9 the prohibition of pillaging is much older than that. It can be found in Art. 44 of the 1863 Lieber Code, where “all pillage and sacking” was prohibited under the penalty of death.10 While this proclamation only bound American forces, the Code is considered to reflect the greater contemporary consensus on customs of war.11 The prohibition of pillaging has been a mainstay of the criminal law of armed conflict for the one and a half centuries, regardless of changes in technology or warfare. In light of this history alone, it does not seem far-fetched to acknowledge that pillaging can occur in cyberwarfare, too.

An analysis of Art. 8(2)(b)(xvi) of the Rome Statute supports this. While the provision itself does not elaborate what “pillaging” is, the Elements of Crimes define it as the appropriation of property for private or personal use against the consent of the owner.12 This should not be misunderstood: the criterion of “private or personal” use is meant to be read in opposition to militarily necessary cases of appropriation of property.13 It does not mean that state-sponsored raids during wartime fall outside the scope of the crime of pillaging. Insofar, the ICTY clarified in the Čelebići case that:

[T]he prohibition against the unjustified appropriation of public and private enemy property is general in scope, and extends both to acts of looting committed by individual soldiers for their private gain, and to the organized seizure of property undertaken within the framework of a systematic economic exploitation of occupied territory.14

In the later Hadžihasanović judgement, the ICTY confirmed this interpretation, finding that:

[T]he regulations do not allow arbitrary and unjustified plunder for army purposes or for the individual use of army members.15

Trial Chamber III of the ICC adopted this view, stating that “the prohibition of pillaging covers both individual acts of pillage and organized pillage.”16 The exception for militarily necessary appropriations will not apply in most instances of economic cyber attacks, as it is hard to imagine a clandestine cyber attack for economic gains during peacetime to further a legitimate military objective.

Notably, the provision itself and the interpretation given to it by tribunals, commentators, and the Elements of Crimes remain silent as to the mode of appropriation. On the one hand, this is due to the fact to acts of pillaging have been relatively straightforward in conflicts so far, they resembled burglaries and robberies at gunpoint, just that they were conducted by soldiers during wartime. On the other hand, this reflects that the Rome Statute is open to new developments in weapon technologies. Innovation does not prevent criminal prosecution.

Lastly, unlike other provisions of Art. 8, the war crime of pillaging is not limited to instances of occupation.17 However, the ICC Pre-Trial Chamber I found that “the war crime of pillaging occurs when the enemy’s property has come under the control of the perpetrator.”18 By its wording alone, this “enemy-control” criterion must be interpreted to impose a certain threshold that falls below that of occupation. When applying this test to economic cyber attacks, this means that only widespread attacks that take over significant parts of the relevant network or system and that operate under the sustained oversight of the attacker. Hence, neither low-level individual attacks nor unguided viruses that unintentionally infect random systems would suffice. In those cases, the attacker is in no position to exercise sufficient control over the system or network against which the economic attack is launched.

This shows that it is not wholly inevitable that an economic cyber attack constitutes an act of pillaging, as long as it is of particular gravity and scale. The attack would, however, have to occur during an armed conflict, which we will turn to shortly. Before this, the relevance of other crimes under the Rome Statute will be evaluated.  

B. Cyber Attacks and the Rome Statute Beyond Pillaging

While at a first glance it seems plausible that an economic cyber attack constitutes either the war crime of extensive destruction and appropriation of property,19 the intentional attack of civilian objects20 or the Crime of Aggression,21 a closer look proves fatal to all three.

1. Extensive Destruction and Appropriation of Property

Extensive destruction and appropriation of property is subject to particularly high thresholds. They must be “extensive” and carried out “wantonly.” Particularly grave cyber attacks might meet this threshold, either by dealing significant incidental damage to computer systems (as was the case for the WannaCry virus), or through particularly large sums attained. The vast majority of attacks, however, is unlikely to meet this requirement; not all that is illegal is also “extensive.”

Also, the act must be carried out “wantonly.” That is a high standard. The Commentary on the Fourth Geneva Convention, in the context of which the crime was first formulated, finds that “an isolated incident would not be enough.”22 The International Criminal Tribunal for the Former Yugoslavia (ICTY) affirmed this view, while conceding that a single grave attack can under exceptional circumstances count as “wanton.”23 As an example, it points to the destruction of a hospital, demonstrating just how heinous and destructive a single attack would need to be to fall under Art. 8(2)(a)(iv) of the Rome Statute. A mere one-of digital heist would hardly pass this threshold.

But even acts that might pass this first hurdle will frequently fail at a second one. Assuming the targets of our cyber heist aren’t hospitals and ambulances—in other words property that is afforded special protection under the Geneva Conventions24—the norm limits itself to protecting civilian property in occupied territory.25 Since the vast majority of state-sponsored cyber attacks are aimed at targets in sovereign, independent states, Art. 8(2)(a)(iv) proves to have a very narrow practical scope.

2. Intentional Attack of Civilian Infrastructure

Furthermore, those acts also fall outside the scope of Art. 8(2)(b)(ii),26 the war crime of attacking civilian objects. This hinges on the definition of “attacks against a[n] […] object.” At first glance, a cyber attack could certainly fall under the wording of the Article. However, the Rome Statute did not create the text of this provision out of thin air. The wording derives from Art. 52 of the Additional Protocol I to the Geneva Conventions (AP I)27 and reflects International Court of Justice (ICJ) precedent and customary law.28 The meaning of “attack” in the context of Art. 8 of the Rome Statute must therefore be construed in light of this history. As for AP I, the Protocol itself defines attacks to be “acts of violence,” Art. 49(1). The 1987 Commentary to AP I further clarifies what is meant by this. While it takes a generally wide interpretation of “attacks,”29 it states that an attack is “simply […] the use of armed force to carry out a military operation.” In its Article 53(1) Report on the Situation on Registered Vessels of Comoros, Greece and Cambodia,30 the ICC has further confirmed that word “attacks” must be interpreted in accordance with its IHL origin and agreed that an element of violence must be present. The Office of the Prosecutor stated that:

[A]n attack […] must include a forcible boarding operation, by analogy with other areas of international humanitarian law in which an attack includes all acts of violence against an adversary.

The vast majority of economic cyber attack are, however, non-violent. If they do cause damage to civilian objects and infrastructure, as was the case with the aforementioned WannaCry-virus, this is damage is usually incidental and not intentional, their objective is financial gain. This precludes a prosecution for violation of Art. 8(2)(b)(ii) of the Statute.

Changing narrow definition of “attack” of Art. 8 to include non-violent offenses might be tempting, but would raise issues under the principle of nullum crimen sine lege, as enshrined in Art. 22(2) of the Rome Statute. Not only does this principle prohibit prosecution for unwritten crimes, but it also mandates that “[t]he definition of a crime shall be strictly construed.”31 Of course, this does not mean that a judge cannot clarify ambiguous terms of a statute. It does, however, mean that such clarification must be foreseeable for the accused.32 In the parallel judgments of C.R. v. United Kingdom and S.W. v. United Kingdom, the European Court of Human Rights stated regarding the similar Art. 7 of the European Convention on Human Rights that:

Article 7 […] cannot be read as outlawing the gradual clarification of the rules of criminal liability through judicial interpretation from case to case, provided that the resultant development is consistent with the essence of the offence and could reasonably be foreseen.33

In this case, however, there has been no indication that “attack” should be treated as entailing no-violent, economic crimes. Neither the ICC itself, nor international tribunals or other bodies tasked with interpreting relevant treaty law, have signaled that this interpretation is permissible. There is not even an academic debate on the issue, which might have made a change in judicial opinion predictable.

In summary, the Rome Statute ’s prior interpretation of Art. 8(2)(b)(ii) does not allow for a prosecution of economic cyber crimes. An ad hoc change of this interpretation would violate the principle nullum crimen sine lege, as enshrined in Art. 22(2) of the Statute.

3. The Crime of Aggression

An examination of Art. 8 bis Rome Statute does not fare much better. As per Art. 8 bis(2), an act of aggression:

[Is the] use of armed force by a State against the sovereignty, territorial integrity or political independence of another State, or in any other manner inconsistent with the Charter of the United Nations.

This poses the question: What acts, short of an armed invasion, constitute the use of force and thus a violation of U.N. Charter Art. 2(4)?

The U.N. Charter is from 1945. Since then, conflict has changed significantly in ways which could not have been anticipated back then. Today’s battlefields are full of newly developed defense technologies and marked by shifting geopolitical power relations. An American drone attacking terrorist organization thousands of miles would have been unthinkable in the 1940s. Neither the technology nor the importance of and blurry definitions of non-state actors were expectable. Most of all, it was much easier to say when the threshold for the use of violence was crossed. This has changed significantly. There is hardly an instance where this change is more tangible than when cyber weapons are deployed.

Certainly, one could make the case that in today’s interconnected world and globalized economy, a well-placed virus attack wreaks greater havoc on societies around the world than traditional acts of aggression do.34 After all, the Rome Statute recognizes the “blockade of the ports or coasts of a State” to be acts of aggression. Doesn’t computer malware “blockade” the ports of a digital economy too? And if the U.N. Charter wants to save us from “the scourge of war,”35 shouldn’t Art. 2(4) be interpreted to prohibit as many forms of aggression as a liberal interpretation of the statute allows?36 The U.N. Charter at least does not limit what type of weapon is used in the course of a “use of force.”37 These arguments seem to be in line with a broader view favored by some academics and sates, who argue that any form of political, economic, and, of course, military force can constitute a violation of U.N. Charter Art. 2(4), as long as it reaches a certain threshold of gravity.38

But this interpretation of Art. 2(4) is rejected by most states and academics alike.39 A prominent proponent of the theory even admits that “the overwhelming majority of commentators today consider the term “force” in Art. 2(4) of the U.N. Charter as practically synonymous to “armed” or “military” force.”40 When interpreting the Rome Statute, there is even more grounds for hesitancy than in a mere jus ad bellum debate.

The Crime of Aggression has been highly controversial in the drafting history of the Rome Statute. The offense was not included in the original version of the Statute but was only added after the 2010 Kampala Review Conference. Unable to reconcile their widely differing views as to how the Crime of Aggression should be defined, in 1998 the Drafting Parties deferred the resolution of the problem to a later Review Conference.41 Eight years after the Rome Statute went into force, this Review Conference finally met in Kampala and came to an agreement on the appropriate wording of the Crime of Aggression. Consequently, today’s Art. 8 bis was inserted into the Statute by the States Parties.42

However, some doubts remain to what extent this compromise actually reflects a global consensus. So far, the ICC has heard no case involving the Crime of Aggression, which alludes to the crime’s high threshold and the Court’s hesitancy to apply it. Perhaps an early German statement, found in a 1997 Discussion Paper, best reflects the state of the actual in the international community:

In accordance with historic precedents the definition in question should focus on and try to cover only the obvious and indisputable cases of this crime (such as the aggressions committed by Hitler and the one committed against Kuwait in August 1990).43

Germany’s reason for this narrow approach to aggression seems to be in line with the Court’s views today. Says the Discussion Paper further:

It is of utmost importance that the definition does not lend itself to possible frivolous accusations of a political nature against the leadership of a Member State.44

Looking at this background of Art. 8 bis, it is not hard to understand why its drafters chose strong language and high standards and why commentators have interpreted it restrictively. It is limited to persons “in a position effectively to exercise control,” only applies to acts of aggression that, by virtue of their “character, gravity and scale,” are “manifest” violations of the U.N. Charter.45 For the sake of this present analysis, the criterion of “manifest violations” might be the most crucial. It is a somewhat elusive clause; the Elements of Crimes merely state that it is an objective rather than a subjective criterion.46 Commentators, too, have wrestled with the criterion. A prominent, albeit not uncontroversial, interpretation is that requiring an act to be a manifest” violation of the U.N. Charter, “grey areas” should not be criminalized.47 While there are limits as to how liberally one might be able to interpret “grey area,”48 the term should a at the very least be understood to prevent an all too progressive interpretation of crimes. Otherwise, the term would bear little relation to its definition as meaning “clear or obvious to the eye or mind”49 and the aforementioned Art. 22(2) concerns would apply here, too.

There might very well be some cyber attacks that meet the threshold of U.N. Charter Art. 2(4) and that might even pass the muster of Art. 8 bis of the Rome Statute. It is no coincidence that cyber weapons have been described as the “perfect weapon.”50 However, I have no doubt that mere economic cyber attacks—at least how we have experienced them so far—have not been acts of aggression that by their “character, gravity and scale, constitute[…] a manifest violation of the Charter of the United Nations.” And absent widespread physical destruction or the use of kinetic force, it is unlikely that they will rise to this level in the future. It seems like state practice agrees with this conclusion. So far, the most frequent response to economic cyber attacks has been public condemnation and occasional criminal indictments under municipal criminal law.51

III. Economic Cyber Crimes and Armed Conflicts

The previous discussion showed that a prosecutor wishing to go after the backers of an economic cyber attack would have the best case under Art. 8(1)(b)(xvi) of the Rome Statute. However, we could also see in the context of Art. 8 bis that there are substantial difficulties in applying rules of warfare made decades (or even centuries) ago to cyber attacks, particularly if those attacks are primarily committed for financial gain.

Similar issues as those discussed for the Crime of Aggression mar any consideration of war crimes too. But where we could point to the criterion of “manifest” violations and a more restrictive approach to interpreting U.N. Charter Art. 2(4), war crimes require the existence of an armed conflict, a term that is much wider interpreted than the “use of force” of U.N. Charter Art. 2(4), let alone “armed attack” of U.N. Charter Art. 51.

War crimes, both as they are generally conceived in IHL and as they are defined in Art. 8(2)(b) of the Rome Statute, require the existence of an International Armed Conflict (IAC).52 Whether or not certain hostilities amount to an IAC is a factual determination, independent of a formal declaration of war.53 In the oft-cited Tadić case, the ICTY found that “an armed conflict exists whenever there is a resort to armed force between States.”54 In the Lubanga55 and Katanga56 judgments, the ICC adopted this view. Using armed force is not equivalent to deploying the armed forces. In the words of Pre-Trial Chamber II:

[A]n international armed conflict exists in case of armed hostilities between States through their respective armed forces or other actors acting on behalf of the State. 57

Hence, it makes no difference whether a state uses military hackers or civilian personnel in its cyber attacks.58 What matters is that they are acting for the state. This definition of armed conflict poses two questions: First, can the use of a virus be considered to be a “resort to armed force?” If this is possible, what is the threshold for an “armed” cyber attack?

It is widely accepted that the Geneva Conventions apply to the use of cyber warfare during a pre-existing IAC or Non-International Armed Conflict.59 In those cases, cyber weapons are treated like any other weapon. It is much less clear if this equal treatment also extends to a conflict started by the use of a cyber weapon, let alone one exclusively fought using cyber weapons. So far, this issue has been reserved to theoretical discussions, as cyber-only attacks—economic or otherwise—have not led to an escalation of violence or resulted in a “traditional” armed conflict.60

An early, consequence-based approach by Michael N. Schmitt considered cyber-only attacks to be “armed” if the cyber attack produced results similar to those of a conventional attack, i.e., injury, death, physical damage or destruction..61 Gradually, this approach has changed. Instrumental for this gradual change was Knut Dörmann, who expanded the consequence-test to include attacks that don’t destroy but merely disable or neutralize the target.62 By now, this approach has been adopted by the International Committee of the Red Cross63 and by a majority of commentators, as Schmitt himself observes.64

However, this is no blanket justification to consider all instances of state-sponsored cyber attacks incidents of an armed conflict. Whenever a cyber attack does not lead to injury, death, physical damage or destruction, it must be of a certain gravity. This gravity-threshold would be met in instances of disruptions of vital infrastructure, like electrical grids or water supply. Vital infrastructure stands in contrast to mere critical infrastructure, which would include the banking system, financial institutions, and the majority of other businesses and institutions.65 It seems like the implicit argument behind this theory is that non-destructive attacks can bear a foreseeable and grave risk of causing incalculable human suffering, fatalities, or physical destruction. In those instances, the attack must be treated as if it had directly led to those results. The approach of outlawing an act based on its associated dangers is not foreign to the Geneva Conventions. Art. 35 of Additional Protocol I, for example, prohibits:

[T]o employ weapons, projectiles and material and methods of warfare of a nature to cause superfluous injury or unnecessary suffering.

These weapons are banned based on their abstract nature, not their concrete consequences. Similarly, wherever cyber attacks, by their character alone, are highly likely to lead to injury, death, physical damage or destruction, they may be treated like attacks that directly cause those consequences.

Economic cyber attacks to date have fallen short of this threshold. Digitally stealing money from a civilian bank account causes financial loss and certainly some hardship, but not the immediate widespread suffering that preventing access to the water grid does. A standalone economic cyber attack would have to be of a much greater scale to be considered an “armed conflict.” Consequently, attacks so far have not constituted war crimes and future economic cyber attacks are unlikely to do so, too. There is no violation of Art. 8(1)(b)(xvi) of the Rome Statute.

This is not to say that cyber attacks don’t cause major disruptions for public life and constitute threats to peace. They change the battlefield and simultaneously stretch the textual interpretation of the current laws of war. This has led one commentator to wonder if one day the term armed attack will be obsolete.66 While this may be desirable lex ferenda, today, the “armed” criterion is still part of the jus in bello and puts a limit to the kind of hostilities that can constitute an IAC. It seems that most cases of economic cyber attacks fall just short of this limit.

IV. Conclusion

As seen, it is not completely impossible to prosecute international cyber crimes under the Rome Statute. However, requiring that the attack rise to the intensity of an armed conflict is a major obstacle. But even if the threshold were met, the attack would need to pass the muster of the gravity requirement of Art. 17(1)(d) of the Rome Statute.

The comment shows that the Rome Statute is an inappropriate framework to address the realities of cyberwarfare. It is not a convenient replacement for municipal criminal justice and for international treaty negotiation. But this is not a disappointing finding. First, it strengthens the standing of the Court and the Rome Statute. Why should cyber crimes be included through treaty interpretation when other serious offenses like terrorism, drug trafficking and crimes against United Nations personnel failed to make it into the Statute?67 In a time where the Court faces allegations of illegitimacy, expanding the scope of the Rome Statute through clever interpretation would only further undermine its work. Second, as the Rome Statute is an instrument of international criminal justice, limiting the use of ambitious textual interpretation is a win for the fundamental principles of justice, not a loss. Third, cyber crime and cyberwarfare are here to stay. They will challenge the international community for years to come. Ultimately, states will have to find their way to the negotiating table to draft the rules for cyber conflicts. Only a multilateral treaty has a realistic chance to achieve widespread acceptance and to mitigate the dangers of cyber attacks. Hence, this comment is less a manual for the prosecution of economic cyber attacks and more a call to action to fill the gaps in the international law on cyber conflicts.

Endnotes — (click the footnote reference number, or ↩ symbol, to return to location in text).

1. 1.

   What is WannaCry Ransomware?, Kaspersky,  available online  (last visited Feb. 26, 2022). ↩

2. 2.

   Press Release, U.S. Dept. of Just.,  Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe (Feb. 17, 2021) [hereinafter North Korean Hackers Indicted], available online;  Ewen MacAskill, Alex Hern & Justin McCurry, Facebook Action Hints at Western Retaliation over WannaCry Attack, The Guardian,  Dec. 19, 2017, available online;  White House says WannaCry attack was carried out by North Korea, CBS,  Dec. 19, 2017, available online.  ↩

3. 3.

   Rome Statute of the International Criminal Court, Adopted by the United Nations Diplomatic Conference of Plenipotentiaries on the Establishment of an International Criminal Court, Jul. 17, 1998, U.N. Doc. A/CONF.183/9, as amended [hereinafter Rome Statute], available online. ↩

4. 4.

   Id. Art. 8(2)(b). ↩

5. 5.

   As defined by Article 2 Common to the Geneva Conventions, Geneva Convention for the Amelioration of the Condition of the Wounded and Sick in Armed Forces in the Field, 75 U.N.T.S.  31 (adopted Aug. 12, 1949, entered into force Oct. 12, 1950), available online;  Geneva Convention for the Amelioration of the Condition of Wounded, Sick and Shipwrecked Members of Armed Forces at Sea, 75 U.N.T.S.  85 (adopted Aug. 12, 1949, entered into force Oct. 12, 1950), available online;  Geneva Convention Relative to the Treatment of Prisoners of War, 75 U.N.T.S.  135 (adopted Aug. 12, 1949, entered into force Oct. 12, 1950), available online;  Geneva Convention Relative to the Protection of Civilian Persons in Time of War, 75 U.N.T.S.  287, (adopted Aug. 12, 1949, entered into force Oct. 12, 1950), available online. 

   (“[T]he present Convention shall apply to all cases of declared war or of any other armed conflict which may arise between two or more of the High Contracting Parties, even if the state of war is not recognized by one of them.”). ↩

6. 6.

   Rome Statute, supra note 3, Art. 8(1)(b)(xvi). ↩

7. 7.

   Id. Art. 8(2)(a)(iv). ↩

8. 8.

   Id. Art. 8(1)(b)(ii). ↩

9. 9.

   William A. Schabas, The International Criminal Court: A Commentary on the Rome Statute, 241 (2nd ed. Sep. 2016), paywall,  doi.  ↩

10. 10.

    General Orders No. 100: Instructions for the Government of Armies of the United States in the Field, Adjutant General’s Office (Apr. 24, 1863), available online.  ↩

11. 11.

    Dietrich Schindler & Jiri Toman, The Laws of War and Armed Conflict 3 (4th ed. 2004), paywall,  doi.  ↩

12. 12.

    International Criminal Court, Elements of Crimes, ICC-ASP /1/3, Adopted and Entry into Force 9 September 2002, updated at Kampala, 31 May-11 June 2010, 26 (Jun. 11, 2011) [hereinafter Elements of Crimes], available online,  archived;  Andreas Zimmermann & Robin Geiß, Article 8 in The Rome Statute of the International Criminal Court: A Commentary, 553-4 (Otto Triffterer & Kai Ambos eds., 3rd ed. 2016). ↩

13. 13.

    Elements of Crimes, supra note 12, at n.47; Schabas, supra note 9, at 242; Mark Klamberg, Article 8(2)(b)(xvi), in Commentary on the Law of the International Criminal Court (Mark Klamberg & Jonas Nilsson eds., last updated Jun. 30, 2016), available online.  ↩

14. 14.

    The Prosecutor v. Zejnil Delalić, Zdravko Mucić, Hazim Delić and Esad Landžo, IT-96-21-T, Judgement (ICTY TC, Nov. 16, 1998) [hereinafter Čelebići], available online.  ↩

15. 15.

    The Prosecutor v. Enver Hadžihasanović and Amir Kubura, IT-01-47-T, Judgement, ¶ 52 (ICTY TC, Mar. 15, 2006) [hereinafter Hadžihasanović], available online.  ↩

16. 16.

    The Prosecutor v. Jean-Pierre Bemba Gombo, ICC-01/05-01/08-3343, Judgment pursuant to Article 74 of the Statute, ¶ 117 (TC III, Mar. 21, 2016) [hereinafter Bemba], available online.  ↩

17. 17.

    Zimmermann & Geiß, supra note 12, at 562. ↩

18. 18.

    The Prosecutor v. Germain Katanga and Mathieu Ngudjolo Chui, ICC-01/04-01/07, Decision on the confirmation of charges, ¶ 330 (PTC I, Sep. 30, 2008), available online.  ↩

19. 19.

    Rome Statute, supra note 3, Art. 8(1)(a)(iv). ↩

20. 20.

    Id. Art. 8(2)(b)(ii). ↩

21. 21.

    Id. Art. 8 bis. ↩

22. 22.

    Oscar M. Uhler et al., eds., ICRC,  Commentary on the Geneva Convention Relative to the Treatment of Prisoners of War 601 (Jean S. Pictet, ed., 1958) [hereinafter Geneva Convention IV Commentary], available online.  ↩

23. 23.

    The Prosecutor v. Tihomir Blaškić, IT-95-14-T, Judgement, ¶ 157 (ICTY TC, Mar. 3, 2000), available online.  ↩

24. 24.

    Geneva Convention IV Commentary, supra note 22, at 601. ↩

25. 25.

    Schabas, supra note 9, at 219; The Prosecutor v. Dario Kordić and Mario Čerkez, IT-95-14/2-T, Judgement, ¶ 335-340 (ICTY TC, Feb. 26, 2001), available online.  ↩

26. 26.

    Rome Statute, supra note 3, Art. 8(1)(b)(ii)

    (criminalizing “[i]ntentionally directing attacks against civilian objects, that is, objects which are not military objectives.”). ↩

27. 27.

    Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of International Armed Conflicts, 1175 U.N.T.S.  3 (adopted Jun. 8, 1977, entered into force Dec. 7, 1978), available online.  ↩

28. 28.

    Schabas, supra note 9, at 227; Noëlle Quénivet, Article 8(2)(b)(ii), in Commentary on the Law of the International Criminal Court (Mark Klamberg & Jonas Nilsson eds., (last updated May 13, 2019), available online;  Legality of the Threat or Use of Nuclear Weapons (Advisory Opinion), 1996 I.C.J. Rep.  226, ¶ 78 (Jul. 8, 1996), available online;  Jean-Marie Henckaerts & Louise Doswald-Beck, Customary International Humanitarian Law, Volume I: Rules Rule 7 (2005), available online.  ↩

29. 29.

    Yves Sandoz, Christophe Swinarski & Bruno Zimmermann eds., ICRC,  Commentary on the Additional Protocols of 8 June 1977 to the Geneva Conventions of 12 August 1949 (1987), available online.  ↩

30. 30.

    Office of the Prosecutor, International Criminal Court, Situation on Registered Vessels of Comoros, Greece and Cambodia: Article 53(1) Report, ¶ 93 (Nov. 6, 2016), available online.  ↩

31. 31.

    Rome Statute, supra note 3, Art. 22(2). ↩

32. 32.

    Bruce Broomhall, Article 22, in Rome Statute of the International Criminal Court: Article-by-Article Commentary 38 (Otto Triffterer & Kai Ambos eds., 3rd ed. 2016). ↩

33. 33.

    S.W. v. The United Kingdom, 20166/92, Judgment ( ECHR,  Nov. 22, 1995), available online;  C.R. v. The United Kingdom, 20190/92, Judgment ( ECHR,  Nov. 22, 1995), available online.  ↩

34. 34.

    Heather Harrison Dinniss, Cyberwarfare and the Laws of War 62 et seq. (2014), paywall,  doi 

    (using a similar line of argument that cyber-only attacks can violate U.N. Charter Art. 2(4), stating that “the weapon criteria is losing its relevancy in today’s world.” However, she limits her argument to an attack that “manifest itself in the physical sphere”).

    Similar Nils Melzer, UNIDIR,  Cyberwarfare and International Law 8 (2011), available online. 

    (Whether financial losses fall under her conception of Art. 2(4) of the Charter is unclear). ↩

35. 35.

    United Nations Charter, Preamble. ↩

36. 36.

    Melzer, supra note 34, at 8. ↩

37. 37.

    Andreas Zimmermann & Elisa Freiburg, Article 8 bis, in Rome Statute of the International Criminal Court: A Commentary, 157-58 (Otto Triffterer & Kai Ambos eds., 3rd ed. 2016). ↩

38. 38.

    James A. Delanis “Force” under Article 2(4) of the United Nations Charter: The Question of Economic and Political Coercion, 12 Vand. J. Transnat’l L.  101 (1979), paywall.  ↩

39. 39.

    See Daniel B. Silver, Computer Network Attack as a Use of Force Under Article 2(4) of the United Nations Charter, in Computer Network Attack and International Law 73 (Michael N. Schmitt & Brian T. O’Donnell eds., 2002), available online 

    (rejecting this argument in the context of economic cyber attacks).

    Albrecht Radelzhofer & Oliver Doerr, Article 2(4), in The Charter of the United Nations: A Commentary, Volume I 17-20 (Bruno Simma et al. eds., Nov. 2012), paywall,  doi 

    (rejecting the inclusion of economic and political force).

    See also Military and Paramilitary Activities In and Against Nicaragua (Nicaragua v. United States), Judgment, 1986 I.C.J. Rep.  14, ¶ 195 (Jun. 27, 1986), available online.  ↩

40. 40.

    Melzer, supra note 34, at 7. ↩

41. 41.

    United Nations Diplomatic Conference of Plenipotentiaries on the Establishment of an International Criminal Court, Bureau Proposal, A/CONF.183/C.1/L.59, at 1 (Jul. 10, 1998) [hereinafter Bureau Proposal], available online.  ↩

42. 42.

    Zimmermann & Freiburg, supra note 37, at 30 et seq. ↩

43. 43.

    United Nations Diplomatic Conference of Plenipotentiaries on the Establishment of an International Criminal Court, Proposal by Germany, A/AC.249/1997/WG.I/DP.20, at 2 (Dec. 11, 1997), available online.  ↩

44. 44.

    Id. ↩

45. 45.

    Rome Statute, supra note 3, Art. 8 bis(1). ↩

46. 46.

    Elements of Crimes, supra note 12, at 43. ↩

47. 47.

    Marie Aronnson-Storrier, Article 8 bis(1) in Commentary on the Law of the International Criminal Court (Mark Klamberg & Jonas Nilsson eds., last updated Apr. 10, 2017), available online;  Mary Ellen O’Connell & Mirakmal Niyazmatov, What is Aggression? Comparing the Jus ad Bellum and the ICC Statute, 10 J. Int’l Crim. Just.  189 (Mar. 2012), paywall,  doi;  Patrycja Grzebyk, Criminal Responsibility for the Crime of Aggression 201-02 (Oct. 2013), available online,  doi;  Claus Kreß, Strafrecht und Angriffskrieg im Licht des “Falles Irak”, 115 Zeitschrift für die gesamte Strafrechtswissenschaft, 294, 302-07 (2003) (Ger.), paywall,  doi.  ↩

48. 48.

    Andreas Paulus, Second Thoughts on the Crime of Aggression, 20 EJIL  1117, 1122-23 (2009), available online,  doi;  Zimmermann & Freiburg, supra note 37, at 66. ↩

49. 49.

    Manifest, Lexico,  available online  (last visited Feb. 26, 2022). ↩

50. 50.

    David E. Sanger, The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age (May 14, 2019), paywall.  ↩

51. 51.

    Press Release, FCDO,  Foreign Office Minister Condemns North Korean Actor for WannaCry Attacks (Dec. 19, 2017), available online;  North Korean Hackers Indicted, supra note 2; Gary D. Brown, Why Iran Didn’t Admit Stuxnet Was an Attack, 63 JFQ  70 (Oct. 1, 2011), available online

    (offering possible explanations for this restraint). ↩

52. 52.

    As mentioned in Section II, war crimes can also be committed during a Non-International Armed conflict, which is outside the scope of this comment. ↩

53. 53.

    Lindsey Cameron, Bruno Demeyere, Jean-Marie Henckaerts, Eve La Haye, Iris Müller, Cordula Droege, Robin Geiss, Laurent Gisel, Article 3—Conflicts Not of an International Character in Commentary on the First Geneva Convention 211 (Philip Spoerri et al. eds., 2016), paywall,  doi.  ↩

54. 54.

    The Prosecutor v. Dusko Tadić, Decision on the Defence Motion for Interlocutory Appeal on Jurisdiction, ¶ 70 (ICTY AC, Oct. 2, 1995) [hereinafter Tadić], available online,  archived.  ↩

55. 55.

    The Prosecutor v. Thomas Lubanga Dyilo, ICC-01/04-01/06, Judgment Pursuant to Article 74 of the Statute, ¶ 533, 541 (TC I, Mar. 14, 2012), available online;  see also The Prosecutor v. Thomas Lubanga Dyilo, ICC-01/04-01/06, Decision on the confirmation of charges, ¶ 209 (PTC I, Jan. 29, 2007), available online.  ↩

56. 56.

    The Prosecutor v. Germain Katanga, ICC-01/04-01/07, Judgment Pursuant to Article 74 of the Statute, ¶ 1173 (TC II, Mar. 7, 2014), available online.  ↩

57. 57.

    Bemba, supra note 16, ¶ 223 (emphasis added); see also id. ¶ 1177. ↩

58. 58.

    There might be issues regarding attribution of the attack, however. ↩

59. 59.

    Melzer, supra note 34, at 22; Louise Doswald-Beck, Some Thoughts on Computer Network Attack and the Law of Armed Conflict, in Computer Network Attack and International Law 164-5 (Michael N. Schmitt & Brian T. O’Donnell eds., 2002), available online. ↩

60. 60.

    Oona A. Hathaway, Rebecca Crootof, Philip Levitz, Haley Nix, Aileen Nowlan, William Perdue & Julia Spiegel, The Law of Armed Attack, 100 Cal. L. Rev.  817, 850 (2012), available online.  ↩

61. 61.

    Michael N. Schmitt, Wired Warfare: Computer Network Attack and Jus in Bello, 84 Int’l Rev. Red Cross  365, 374-5 (2002), available online.  ↩

62. 62.

    Knut Dörmann, Applicability of the Additional Protocols to Computer Network Attacks, ICRC  4 (2004), available online;  see also Cordula Droege, Get off my Cloud: Cyber Warfare, International Humanitarian Law, and the Protection of Civilians, 94 Int’l Rev. Red Cross  533 (2012), available online.  ↩

63. 63.

    International Committee of the Red Cross,  31st International Conference of the Red Cross and Red Crescent: International Humanitarian Law and the Challenges of Contemporary Armed Conflicts 36-38 (2011), available online.  ↩

64. 64.

    Michael N. Schmitt, Rewired Warfare: Rethinking the Law of Cyber Attack, 96 Int’l Rev. Red Cross  189, 198 (2014), available online,  doi.  ↩

65. 65.

    Droege, supra note 62, at 548. ↩

66. 66.

    Doswald-Beck, supra note 59, at 165. ↩

67. 67.

    Bureau Proposal, supra note 41, at 1. ↩