The article in question examines a recent cyber attack that is alleged to have been launched against Apple customers by the Chinese government. According to reports, the Chinese government, known for using aggressive computerized tactics against the United States, has hacked into Apple Inc.’s databases and retrieved username and password data associated with the online iCloud accounts of Chinese customers. They did this by creating a replica of the popular cloud program’s login page and fooling users, who believed that it was the true login portal, into entering their usernames and passwords, thus capturing that information. This, allegedly, has enabled officials to “gain access to all information stored in iCloud, including photos, iMessages, contacts, emails, and more.” For an authoritarian government seeking to suppress dissent, like the one in Beijing, this could be a valuable tool in harsh measures intended to do just that. It may be related to the ongoing unrest in Hong Kong, where citizens are rallying for democratic reforms that will give them a more expansive voice in determining who occupies the city’s government.
Of course, this raises issues insofar as it constitutes an attack by one country upon another. It also calls into question whether or not the actions here are actually cyber attacks, rather than cyber exploitation, which, as a form of espionage, is not illegal under international law.
As to how this intrusion can be classified, Michael Gervais (from our reading for the October 24 lecture) references the U.S. Army’s definition, which calls cyberattacks “the premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or to further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.”
China’s actions here could, therefore, very well be defined as a cyber attack, because it disrupts the normal functionality of Apple’s iCloud platform for those who were targeted, and the knowledge that their information might have been compromised by an authoritarian government may incidentally cause effects similar to those arising from more direct coercion, or the information might directly be used to coerce Chinese citizens. Furthermore, the fact that Apple’s systems have been compromised can be construed as a form of pressure directed against the company, with China implicitly declaring that it will penetrate the firm’s systems when that would further national interests.
The most obvious legal objection to China’s actions here is the fact that, because Apple is an American corporation, cyber attacks by foreign states represent an intrusion upon American sovereignty.
It is also an attack upon civilian interests. As Apple is neither a military target nor a civlian arm of the United States government, and as it does not constitute a threat to Chinese interests in and of itself, we can find in international law many condemnations of Beijing’s actions in this case. However, it should be noted that, as expressed in Michael Gervais’ piece, the absence of a state of war between China and the United States makes the application of laws of war more difficult than would otherwise be the case.