The rule of law based on human rights can be difficult to apply online, in cyberspace. There are arguments, which suggest that the law should adapt and evolve when applied to online situations, while others believe that there is no need for such change. On the one hand, it can be argued that given there are no physical borders; it is difficult for the matter of jurisdiction to be resolved. On the other hand, it can also be debated that governments must prosecute those responsible for criminal acts, and those users and corporations reside within their jurisdiction.

A multinational treaty is necessary which is binding on both states and major actors within cyberspace. This treaty must ensure protection of human rights. It is also important for people to accept that some level of surveillance is necessary for their own protection. A monitoring and enforcement body will also be required to ensure protection of human rights online. It may be difficult to bring into existence a treaty and court as described, since every state/ organisation may have different views and opinions regarding human rights.

It can be extremely difficult to track origins of online crime. This may involve sharing of personal data of a large number of users, and the issue of lack of confidentiality also arises as a result. On the one hand, sharing such information is necessary to track Internet crime; on the other hand, it can create mistrust, and a severe lack of privacy.

Rule of law and cyber security

"The Rule of Law is not a natural phenomenon or merely an idea; it does not exist in the same way as a stone or a mathematical formula. The law, the state and the Rule of Law are institutions that depend on complex patterns of interaction, which in turn depend on the institutions which enable and constrain them."[1]

The rule of law is a system of rules and rights that enables fair and functioning societies. It requires states, individuals or organisations to act in accordance with the law and exercise rights and responsibilities in line with the law. It affirms the supremacy of the legal system over all individuals and organisations, including the government. Raz asserts that the rule of law comprises of two broad categories "(1) that people should be ruled by the law and obey it,and (2) that the law should be such that people will be able to be guided by it."[2]

Cyber security "is the collection of tools, policies, security concepts, security safeguards,guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user's assets."[3] In other words, it is the safety, protection and privacy of personal data in cyberspace.

It is clear that human rights can be breached offline as well as online and are open to attack on a regular basis. The question is, whether the rule of law based on human rights as applied offline can be applied online.

Rule of law based on human rights

The rule of law based on human rights norms means that every state, individual, or organisation must act in accordance to human rights treaties, legislation and norms. States cannot apply one set of human rights to one set of people and then apply another set to another group of people. A state which ignores the rule of law is a state that ignores democracy. It also helps to ensure compliance of the law, and that states do not ignore their duties under human rights norms.

Application to cyber space

When the Internet was first introduced to the world it was targeted at the military and academic community. There was little regulation and certainly very little if any mention of human rights. No one could have predicted the impact the Internet would have on the lives of people – both positive and negative. Given this, there should be no disagreement that human rights need to be protected and respected online. The real question is whether the rule of law based on human rights norms as applied offline can also be applied online. Some argue that law should develop and evolve rather than applying the laws offline to cyberspace. They argue that cyberspace is a "distinct sphere, in which a discrete system of legal rules and regulatory processes should be permitted to evolve".[4] Others disagree and argue that the same laws applied offline should be applied to cyberspace. It is these arguments that we will turn to next.

Professors Johnson and Post point to the practical feasibility of imposing external regulations on a place with no borders. They argue that it is pointless imposing the same human rights norms that are applied online to cyberspace.[5] They argue that unlike offline, there is no logical relationship between territorial borders and four related considerations of power: legitimacy, effects and notice which makes this relationship valid when applied offline. They go so far to say, "that the regulation of cyberspace by territorially-based sovereigns constitutes the invalid exercise of extraterritorial authority".[6] For example, privacy in cyber space may seem analogous to privacy offline but communications over the Internet creates vast records which may pass through many different jurisdictions. What substantive law should be applied in this case and may a UK policeman lawfully access the Internet records in a different jurisdiction?[7] As events on the Internet do not occur anywhere and there are no physical boundaries no particular government has a "more compelling claim than any other to subject these events exclusively to its laws."[8]

In response, Professor Goldsmith disagrees with Johnson and Post and argues that "a nation's rights to control events within its territory … entails the power to regulate the local effects of extraterritorial acts."[9] He argues that Johnson and Post overstate the inability of states to regulate online. He argues that they mistake ability for cost, fail to recognize the ability of governments to enforce against users and corporations located within their jurisdiction and mistake valid regulation with near perfect regulation. Similar problems exist offline but it does not mean that it is near impossible to achieve. As Holland puts it, their argument "appears to ignore that many assertions of extraterritorial authority have been accepted in the off-line world.Governments must not shy away from their responsibilities and must ensure compliance of human rights of actors operating within their jurisdiction.

In the 21st century, the increase in use of cyberspace in the world has experienced increased development, especially in recent years. Hence the fact that the global use of the Internet has increased by over 500%, from 360 million users in 2000 billion. Also, the principles of human rights have become more widespread and known in most countries of the world, including developed countries. But with the growth of organizations advocating for human rights, is what we can judge the respect and involvement of all countries in these recommendations? In any situation, it is the level of implementation of these rights for the protection and safety of users increasing privacy in cyberspace.

Undoubtedly, the recommendations of computer security in cyberspace and the principles of human rights have same objectives despite the difference in their application spaces (virtual and physical). Also, for each state, the notion of human rights is different depends on other parameters such as and: religion, education…. Thus, we can find things that are private in a state but in other public and also on the Internet. In addition, sometimes the notion of human rights becomes a some flow, especially when the rights of citizens opposing the objectives of states (Iraq, Ukraine and Syria) or when about a state opposed to other state (USA and Russia or North Korea and South Korea).

Also, so far on the Internet, there is no standardization of norms capable of giving international context for the cryptographic mechanisms. For this example, there are large differences between web browsers. Also, level of adoption at international level creates a great challenge that hinders the implementation of their principles for the protection and assertion of freedom and privacy on the Internet. In addition, it is impossible to find in the world two organizations or two states that have the same vision visà-vis human rights. Thus, it requires more effort by organizations like the Council of Europe, which is already doing significant work in this area by various training and activities that will develop common standards (legal and operational) and strengthen international cooperation in law enforcement on human rights to the protection of private life and liberty on the Internet.

In addition, the space of application of human rights is physical realm. Hence, the probability of traceability or fingerprints of malicious is very high. For example, physical attacks leave Traceability as terrorism attacks (Iraq, Syria…). This, on the one hand, facilitated the collection of information for the legal judgment, and secondly, gives more confidence and validity of legal decisions for citizens. But the worst scenario is when we have influences or external interference. For cons, the space of computer security is a virtual environment that does not always leave traceability. Of course, on the Internet, traceability of data of connection (logs) is a solution to monitor users and conducting surveys. It also serves to monitor their activities in order to create profiles in the case of semantic web: movements, sites visited, exchange and sharing. And can become a cause of mistrust and disclosure of confidential data, where it affects the confidential of sensitive data. Hence, the right to confidential personal data has been compromised in cyberspace. Despite this notion is very important to identify an attacker or a spy software on the network. But it can become a point of concerns for the citizens and limiting the space of trust on cyberspace. Hence, we see that human rights are demanding to evolve measures for the protection of privacy on the Internet. But they are unable to achieve the objectives of computer security on the network or resolve conflicts between the communicating entities.

The conflicts involved disagree on issues such as the right to intellectual property, file sharing, the limits of freedom of expression, the balance between privacy and online security, Internet governance and net neutrality. Cyberspace can facilitate and accelerate all types of disputes arising from the physical world, street demonstrations coordinated through social media for large-scale wars where cyberspace is utilized to disseminate information as well as fighting the general public in the promotion of those involved. As the target of a conflict, both the infrastructure of cyberspace, and the resources of its users, are exposed the consequences of these conflicts.[10]

In addition, computer security is a discipline that is characterized by the weakest link. So cyber defense must treat information security as an inter-connected environment requiring a fairly high level of protection. Actually, the evolution of new technologies capable of providing digital communication, storage of personal data and to associate and organize different datasets have attracted and increased use of the internet world level. But according to studies on the habits of people we concluded that it can't rely on humans to ensure their privacy on the Internet. For example, the habits followed by users to select and maintain authentication many online accounts settings are generally courageous for attackers. It should also be noted that all studies in this field confirm that the great challenge among the users is the difficulty of storing the authentication credentials for each online account.

Suffice to say, the average user more than 25 separate accounts. This problem of computer security in cyberspace buttons at the bottom all transactions online businesses worldwide. In addition, it generates more concern for citizens who use the Internet for online shopping or banking…. In general, all the studies in this field have shown that the problem of memory and storage is among the major causes of the inability of users to respond to recommendations related to IT security passwords. But at the university level, a survey by Shay et al showed that the majority of users are aware of the impact of IT security requirements on their accounts. In parallel, there are other changes that affect the substance of personal privacy on the Internet is innovation cyber able to monitor, disclose and to usurp the privacy of every person on the Internet. Hence, another constraint hinders the application of human rights (physical discipline) to ensure privacy on the Internet.

Also, the policy at the international or regional level is becoming an area of destruction of human rights. Because, instead of ensuring democratic practice of politics in parties or governments. We found these entities using this power for its own objectives with a very limited vision. Of course, the European Union and its Member States have developed a vital dependence of cyberspace security, safe use of digital technologies and information, and the strength and reliability of services information and associated infrastructure. But with nearly two billion users interconnected worldwide the challenges, threats and cyber attacks are increasing at a dramatic rate and is a major risk for the security, defense, stability and competitiveness of nations and States the private sector. Also, the sharing and coordination in this area between States worldwide with external partners remain inadequate.

What (i) legal and political instruments i.e. treaties and (ii) mechanisms i.e. courts are needed to achieve protection and realization of human rights in cyberspace?

Treaties

It is clear that national and international courts and monitoring bodies have a fundamental role in protecting human rights in cyberspace. However, without a legal or constitutional framework in place success will always be limited. A multi-national treaty is needed binding not only on states but on the major actors involved in cyberspace. All the major actors would need to have been consulted. It would need to spell out what rights are protected, how the rights are going to be enforced and set out the jurisdictional parameters. The problem with the UN Resolution on Privacy was that it was not legally binding and left it up to governments on how it was implemented.[11]

Even if a State has not ratified all international human rights treaties it is still possible for that state to be bound as many of the provisions in international human rights treaties are customary international law and apply to states regardless whether state has ratified treaty or not. It can also not be ignored the spill over effects of norms on a state's cyberspace approach and the impact of norm diffusion on a state's human rights approach. Derogations should be non-existent or very limited and specific. The reason for this is that some countries that have experienced terrorists' attacks often try to legislate away human rights in cyberspace often in the guise of public safety and concern.

People must accept that some surveillance is necessary in order to ensure public safety and prevent terrorism from happening. The key thing when legislating human rights in cyberspace and ensuring public safety is a balance and ensuring independent checks and balances. As the UN Special Rapporteur on freedom of expression stated "Legislation must stipulate that State surveillance of communications must only occur under the most exceptional circumstances and exclusively under the supervision of an independent judicial authority".[12]

Courts

All agree that a monitoring and enforcement body is needed – an international committee that watches and monitors and makes sure agreement are followed. Some body or institution needs to be given the power to decide on whether there has been a breach of a human right or not and hold the party responsible for the breach. Bodies such as the International Court of Justice, the European Court of Human Rights or the African Court of Human Rights have a key role to play in protecting freedom rights on the Internet. Watchdog such as NGOs, CSOs and monitoring bodies too have a role in reporting abuses and holding the justice system to account.

From this small development, we found, despite the evolution of the theory of human rights but on the earth the concept of force, religion, education, awareness, legal conflicts more… dominants, in addition, they restrict their implementation particularly in less developed countries. Also, we do not have clear and consistent definitions of "cyberspace security" and "defense of cyberspace." The design of cyberspace security and other essential concepts varies considerably depending on the country. But despite this complexity and limited, they remain more demanding to evolve the measures to protect the privacy and security in cyberspace. Also, they require initiatives, training and collaboration to build trust between the private sector, law enforcement agencies, the institutions responsible for defense and all other relevant agencies are essential in the fight against cybercrime. In particular, if we note that humans also play a very important role in the discipline of computer security.

Not everyone agrees that the rule of law based on human rights norms is the best way to ensure protection of human rights in cyberspace. Some argue that self-regulation is the way forward. What everyone does agree on is that it will be an even bigger issue in the future. This is especially true given the revelations of Edward Snowden. This puts more urgency on states to implement the UN Human Rights Council (HRC) resolution on the promotion, protection and enjoyment of human rights on the Internet. Something needs to be done to ensure that cyberspace is a place where human rights are respected and that there is a level of trust between end users and actors in the cyber space regime.

Footnotes:

1. Hildebrandt, M, The Rule of Law in Cyberspace, Selected Works, June 2013, retrieved 3 February 2015.

2. Raz, J, The Rule of Law and Its Virtue, in the Authority of Law: Essays on Law and Morality Oxford University Press, at 213.

3. International Telecommunication Union, Definition of Cyber Security, retrieved 6 September 2014.

4. Holland, HB, The Failure of the Rule of Law in Cyberspace? Reorienting the Normative Debate on Borders and Territorial Sovereignty, 24 J Marshall J Computer & Info, L 1, 2005, at 4.

5. Johnson, DR and Post, D, Law and Borders – The Rise of Law in Cyberspace, 48 Stan L Rev 1367 (19951996), at 1375-1377.

6. See Holland, at 10.

7. Johnson, DR and Post, D, Law and Borders – The Rise of Law in Cyberspace, 48 Stan. L. Rev. 1367 (19951996), at 1375.

8. Ibid.

9. Goldsmith, JL, The Internet and the Abiding Significance of Territorial Sovereignty, Indiana Journal of Global Legal Studies: Vol. 5 Iss. 2, Article 6 at 476.

10. James A. Lewis, The "Korean" Cyber Attacks and Their Implications for Cyber Conflict, Center for Strategic and International Studies, October 2009. Retrieved 4 February 2015,

11. UN General Assembly, The right to privacy in the digital age, A/RES/68/167, 18 December 2013.

12. Human Rights Council, Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, A/HRC/23/40, at 21.