REGULATING TRANSNATIONAL DISSIDENT CYBER ESPIONAGE

Abstract Remote-access cyber espionage operations against activists, dissidents or human rights defenders abroad are increasingly a feature of digital transnational repression. This arises when State or State-related actors use digital technologies to silence or stifle dissent from human rights defenders, activists and dissidents abroad through the collection of confidential information that is then weaponized against the target or their networks. Examples include the targeting of Ghanem Al-Masarir (a Saudi dissident living in the United Kingdom), Carine Kanimba (a United States–Belgian dual citizen and daughter of Rwandan activist Paul Rusesabagina living in the United States) and Omar Abdulaziz (another Saudi dissident living in Canada) with NSO Group's mercenary spyware. This practice erodes human rights, democracy and the rule of law and has a negative impact on targeted communities, including social isolation, self-censorship, the fragmentation and impairment of transnational political and social advocacy networks, and psychological and social harm. Despite this, international law does little to restrain this practice. Building on momentum around the regulation of mercenary spyware and transnational repression, this article elaborates on how States could consider regulating dissident cyber espionage and streamlines a unified approach among ratifying States addressing issues such as State immunity, burden of proof, export control and international and public–private sector collaboration.


I. INTRODUCTION
Ghanem Al-Masarir is a Saudi human rights activist and satirist. 1He was granted asylum in the United Kingdom (UK) in 2018. 2 He runs a popular YouTube channel called 'The Ghanem Show' which includes criticism of the Saudi royal family. 3In November 2019, Al-Masarir sued the Kingdom of Saudi Arabia alleging that it infected his phone with Pegasus spyware. 4Pegasus, which is developed and sold by an Israeli company called NSO Group, grants the operator access to the targeted phone including access to the contents of encrypted applications like Signal and WhatsApp and use of the device's microphone and camera. 5It has been described as a technology posing 'unprecedented risks' by the European Data Protection Supervisor, 6 and its use against human rights defenders (HRDs), journalists and other members of civil society has been widely condemned. 7In addition to his device being infected with spyware, Al-Masarir was attacked in London by two men, with footage of the assault appearing on social media accounts linked to the Saudi government. 8He was warned by the police that there was a credible threat against his life. 9These events had a profound impact on Al-Masarir, affecting his personal life and work and shattering his 'appetite to do anything'. 10l-Masarir is not alone in experiencing such an invasion of privacy.In the past few years, numerous reports of HRDs, activists and dissidents 11 abroad being similarly subjected to surveillance-often linked to their country of origin-have come to the surface, including: the targeting of Bahraini activists in the UK; 12 the surveillance of Omar Abdulaziz, a Saudi dissident in Montreal; 13 and the infection of the phone of Carine Kanimba in the United States (US).Kanimba's father is Paul Rusesabagina, a Rwandan dissident who was forcibly rendered back to Rwanda, prosecuted and jailed. 14Kanimba, who worked to secure her father's eventual release, was targeted with spyware during a meeting with the Belgian Minister of Foreign Affairs and during calls with the US Presidential Envoy for Hostage Affairs and the US State Department. 15Kanimba's cousin, a Belgian citizen, was also hacked nearly a dozen times with Pegasus spyware. 16his article examines the practice of the transnational cyber espionage of dissidents (which is referred to in this article as 'transnational dissident cyber espionage' or simply 'dissident cyber espionage' and which has also been described as 'refugee espionage' in other contexts 17 ) by States and proposes the contours of an international agreement to unify and streamline host State responses.The growing number of documented cases of such acts of dissident cyber espionage suggests that this practice constitutes a serious risk to fundamental rights, including the rights to freedom of expression and privacy, and poses a complex policy problem for States where targeted individuals reside. 18Dissident cyber espionage is not an isolated strategy of authoritarian regimes, but falls within the broader framework of digital transnational repression (DTR), which describes the range of tactics used byusually authoritarian-States to silence dissent abroad through the use of digital technologies. 19It is part of a broader pattern in States that engage in transnational repression (TR). 20As Al-Masarir's story illustrates, dissident cyber espionage has serious consequences for targeted individuals and for the success of social and political advocacy-of which those outside the country of origin are an important part 21 -leading to self-censorship, social and professional isolation and psychological harm, among other negative outcomes. 22espite the impact of dissident cyber espionage on human rights, democracy and the rule of law, 23 there remains significant uncertainty regarding the legality of remoteaccess cyber espionage in international law and, by extension, dissident cyber espionage.Considering this gap and the importance of addressing the practice of dissident cyber espionage, this article argues that States need to respond to this category of espionage at the international level through the development of a common definition and a set of measures intended to deter this practice and facilitate access to a remedy.In addition to being the cornerstone of an effective global response to a transnational problem like dissident cyber espionage, international agreements-even in the absence of perfect compliance by ratifying States-can have a powerful 17 Unrepresented Nations & Peoples Organization, 'The Recognition and Criminalization of "Refugee Espionage" in Europe' (Unrepresented Nations & Peoples Organization, March 2022) <https://unpo.org/downloads/2748.pdf>.The focus on refugees as a target is a misnomer as the practice affects not just individuals who are accepted as refugees in their host States, but also political and social activists, dissidents, HRDs and others who seek to challenge authoritarian regimes.
19 N Schenkkan and I Linzer, Out of Sight, Not Out of Reach: The Global Scale and Scope of Transnational Repression (Freedom House 2021) <https://freedomhouse.org/sites/default/files/2021-02/Complete_FH_TransnationalRepressionReport2021_rev020221.pdf>. 20TR is broadly understood by social scientists as the practice, by States, of targeting individuals located abroad (in particular, activists, HRDs, journalists, members of the political opposition, or other individuals who challenge the power of a regime) in order to silence, stifle or stop dissent.See, eg, DM Moss, The Arab Spring Abroad (CUP 2021) 35.
expressive function sending the message that an activity is broadly condemned and leading States to modify their behaviour. 24urther, this article builds on the work of scholars who have argued that international law is not agnostic to the practice of espionage and that there is momentum for developing international rules that address different categories of espionage. 25The focus on dissident cyber espionage is an opening for States to craft international norms addressing remote-access cyber espionage without impinging on State-on-State political espionage, which has been defended by States and scholars alike.There are also several factors that suggest that this is a propitious time to engage in the development of new rules around dissident cyber espionage.The Snowden documents ignited a discussion around the boundaries of permissible cyber espionage activities with growing concern over States' widespread intrusions into privacy.The national security risks posed by the proliferation of cyber technologies such as Pegasus and other forms of mercenary spyware and the obligations of host States under international human rights law (IHRL) to protect individuals within their borders 26 offer additional reasons for international coordination and regulation around this form of cyber espionage. 27o unpack the practice of dissident cyber espionage and its relationship with both international law and cyber espionage more generally, this article proceeds as follows: Section II defines dissident cyber espionage and compares it to other categories of espionage, such as political and economic or industrial espionage.It situates it within the broader field of TR and the spread of domestic authoritarian practices in transnational spaces.Section III reviews the muddy waters of international law as it relates to espionage and cyber espionage, concluding-as others have-that there remain normative gaps in whether remote-access cyber espionage, or by extension dissident cyber espionage, is legal under international law.Section IV concludes, arguing that the proliferation of surveillance technologies and the impact of dissident cyber espionage on human rights, democracy and the rule of law create a growing need and opportunity to develop specific rules that address this category of cyber espionage.

A. Defining Transnational Dissident Cyber Espionage
There is no definition of transnational dissident cyber espionage in international law.Building from definitions of refugee espionage, this article understands dissident 24

262
International and Comparative Law Quarterly cyber espionage to arise where (1) States, (2) engage in the remote collection of confidential information, (3) targeting activists and dissidents living in exile or the diaspora, (4) with the aim of trying to undermine, neutralize, eliminate or stifle political or social opposition, (5) while using cyber capabilities and (6) (setting aside issues of extraterritoriality) in violation of IHRL. 28issident cyber espionage is distinguishable from other categories of espionage by its purpose and its targets.In terms of purpose, a State's intent in political cyber espionage is to understand better the capabilities of and threats posed by other States.This has been justified on the basis of international peace and stability. 29In economic espionage the State's intent is to capture trade secrets that can be leveraged by the recipient State's business sector. 30In contrast, the intent behind dissident cyber espionage is to silence or neutralize any perceived threat to the regime through the weaponization of confidential information.This cannot be squared with peace and stability in an international order underpinned by principles aimed at protecting human rights. 31As regards targets, in political espionage, the target is another State; in industrial cyber espionage, the targets are corporate actors with the intent to obtain commercial or business-related information.In dissident cyber espionage, confidential information is sought that can be leveraged against a human rights defender, activist or dissident, in order to silence them or others involved in activities that challenge the regime.
While dissident cyber espionage can be distinguished from political and industrial espionage in both its purpose and targets, it does rely on a shared method-cyber espionage.The Tallinn Manual 2.0 defines cyber espionage as 'any act undertaken clandestinely or under false pretenses that uses cyber capabilities to gather, or attempt to gather, information'. 32Cyber espionage 'involves, but is not limited to, the use of cyber capabilities to surveil, monitor, capture, or exfiltrate electronically transmitted or stored communications, data, or other information'. 33Dissident cyber espionage, like much of contemporary cyber espionage, is usually accomplished through remote access, which refers to 'operations that are "launched at some distance from the adversary computer or network of interest"'. 34Such operations are of 'virtually unlimited reach', posing a broad risk to human infrastructure while being 'extraordinarily difficult to defend against'. 35his article, which is focused exclusively on dissident cyber espionage that is carried out by or attributable to States, proceeds on the assumption that the term espionage is broad enough to cover not only State-on-State activity, but also State-on-company or State-on-individual activity. 36The targeting of non-State actors is increasingly part of the espionage nomenclature. 37Domestic criminal law similarly suggests that some States already view the targeting of individuals in order to extract information not related to the host State's intelligence or military capabilities for the benefit of a Transnational dissident cyber espionage takes place in the broader context of the expanding practice of TR, which arises where States target nationals outside their territory in order to intimidate or coerce them with the purpose of silencing or stifling dissent or otherwise advancing State interests. 39The term TR originates in social sciences literature and captures the methods that States use to silence dissent abroad, including extrajudicial and extraterritorial assassinations, in-person harassment, physical assaults, renditions, unlawful deportations, physical surveillance, passport cancellations or control over other government-issued documents, among others. 40TR is not formally defined under international law.However, the rapidity with which the term is being mainstreamed into scholarship 41 and broader policy discourse 42 -and into domestic legislation 43 -suggests an appetite for terminology highlighting specific harms associated with targeting dissidents abroad.Digital methods of TR are increasingly prevalent.This maps with cyber threats becoming 'more sophisticated and multifaceted' 44 and the growing importance of exiled digital transnational advocacy networks in challenging authoritarian regimes' domestic policies and practices. 45DTR describes the use of digital technologies by States to achieve the aims of TR-in other words, to silence or prevent dissent originating abroad.It includes a broad range of tools, such as State monitoring and surveillance of digital communications and social media accounts, the use of online harassment and smear campaigns, or even distributed-denial-of-service attacks.Researchers have noted that instances of DTR are 'vastly more common' than physical ones and represent a cornerstone of campaigns of TR. 46 Transnational dissident cyber espionage does not encompass all acts of DTR, but specifically captures situations where States engage in the remote, non-consensual, collection of confidential information using cyber capabilities such as mercenary spyware (or intrusion software).This can be distinguished from government surveillance of public social media posts or 'electronic armies' engaging in International and Comparative Law Quarterly coordinated campaigns of online harassment and intimidation.It also excludes acts which affect the 'availability or integrity of data or the networks and systems upon which that data resides'. 47Further, while mercenary spyware is increasingly associated with transnational dissident cyber espionage, this is only one mechanism by which States may engage in remote-access collection of confidential information from dissidents.Other, cheaper technologies exist such as the use of spear-phishing to gain access to email or social media accounts. 48tudies around DTR show that dissident cyber espionage, like other forms of DTR, leads to self-censorship, social isolation, stress and burnout.It allows the State to intervene in activists' personal and professional lives, despite a physical distance. 49uch digital threats and attacks may happen alongside physical threats; 50 for example, confidential information collected by States can be used to track the location of a dissident abroad to carry out their assassination or rendition. 51Transnational dissident cyber espionage is characterized by a high level of intrusiveness.The remote and covert collection of confidential information from the target may be undertaken through cyber capabilities that provide total access to the target's electronic devices or accounts.On a systemic level, in addition to human rights violations, dissident cyber espionage contributes to the erosion of democracy and the rule of law through the impairment of transnational advocacy work.

C. Ambiguity Around International Law and the Regulation of Transnational Dissident Cyber Espionage
Scholarship on cross-border espionage (including cyber espionage) under international law has generally been divided into three categories: espionage is legal, espionage is illegal, or espionage is neither legal nor illegal under international law. 52Proponents of the view that espionage is legal argue that there is no general prohibitive rule against espionage under international law 53 and further that States have not concluded treaties that regulate or render illegal the practice of espionage. 54This argumentwhich has been characterized as a 'majority' view 55 -hinges on the Lotus principle, namely that, in the absence of a prohibitive rule under international law, a State is free to act. 56Supporters of the view that espionage is illegal argue that it is a clear breach of territorial sovereignty and thus illegal under international law.Proponents of the view that espionage is neither legal nor illegal take the view that espionage exists in a grey zone where it is neither explicitly forbidden, nor clearly authorized by States and thus operates 'outside the boundaries of international law'. 57More recent analysis argues that there is no specific rule of international law that renders espionage lawful or unlawful but that one must refer to general principles of international law to identify the relevant norms, and specific acts of espionage may violate them. 58ssuming that the last view is the 'most' correct, there remain significant gaps in the regulation of cross-border cyber espionage-as a method of espionage-under international law.The literature reveals continuing uncertainty regarding when and how remote-access cyber espionage that involves the exfiltration of confidential data leads to violations of international law. 59While the International Group of Experts consulted in the Tallinn Manual 2.0 agreed that the principles of sovereignty and nonintervention apply in cyberspace and that some situations lead to clear violations of the sovereignty principle, they could not achieve consensus as to whether remote cyber espionage reaching a particular threshold of severity violates international law. 60For example, in a situation where a State exfiltrates data from another State's military systems, the majority of Experts concluded that such exfiltration does not violate any prohibition under international law regardless of severity. 61This conclusion suggests that remote-access transnational dissident cyber espionage would not violate the principle of territorial sovereignty.International law scholars have also arrived at different conclusions regarding the application of international law to remote-access cyber espionage operations. 62he application of IHRL as a regulatory instrument must briefly be considered.Transnational dissident cyber espionage leads to the impairment of human rights, such as the rights to privacy and freedom of expression, and thus might also be appropriately considered through the lens of IHRL.However, even if the issue of dissident cyber espionage is tackled through IHRL, a normative gap remains.There continues to be debate around the extraterritorial application of IHRL and the responsibility of States for rights-infringing acts outside their territorial boundaries. 63In the Tallin Manual 2.0, the Experts noted these disagreements, concluding that 'no consensus could be reached as to whether State activities conducted through cyberspace can give rise, as a matter of law, to power or effective control over an individual located abroad, thereby triggering the extraterritorial applicability of that State's IHRL obligations'. 64

266
International and Comparative Law Quarterly article integrates IHRL into a proposed international regulatory framework addressing transnational dissident cyber espionage.As noted by the Experts, IHRL obliges host States to act to protect the rights of individuals within their territory, even against cross-border or transnational human rights violations, and host States are required 'to take action in relation to third parties that is necessary and reasonable in the circumstances to ensure that individuals are able to enjoy their rights online'. 65Thus, IHRL also provides an argument that States must consider such a regulatory framework and ensure that domestic law protects against rights violations, including transnational dissident cyber espionage.

III. REGULATING TRANSNATIONAL DISSIDENT CYBER ESPIONAGE: AN INTERNATIONAL TREATY?
The absence of clear rules 66 regarding cyber espionage is an opportunity for States: it provides a legal vacuum in which dissident cyber espionage can take place with few restraints.As Wallace et al observe: [i]n the absence of voluntary change in practice, international agreement, or emerging legal custom, states will likely continue to comfortably operate within the uncertain sphere of cyber espionage, conducting intelligence-gathering operations against foreign nations, institutions, and individuals. 67is section elaborates on how States could consider regulating transnational dissident cyber espionage at the international level and discusses some of the key issues (although not an exhaustive list) that need to be considered in such an international instrument.This article does not discuss at length the pros and cons of a treaty, but it is acknowledged that there remain significant barriers to States concluding new treaties, particularly around cyber issues.While such barriers exist, this section also serves to further stimulate discussion around spyware, cross-border espionage and possible regulatory responses.

A. Setting the Stage: Growing Momentum Towards Regulating Cyber Espionage and Mercenary Spyware Technology
The regulation of cyber espionage at the international level has now become a plausible notion. 68While many argue that espionage plays a role in maintaining international peace and security, others point out that States are moving towards the development of norms to limit cyber espionage. 69States have begun to condemn specific instances of this activity. 70Others pinpoint the Snowden documents as a turning point in international policy around transnational surveillance. 71Further, national security arguments for curtailing remote-access cyber espionage practices are growing as more States acquire technology to undertake such operations. 72The proliferation of offensive cyber capabilities is a topic increasingly in the public eye and one that States have started to consider more specifically, particularly with respect to the use of spyware. 73urther, there has been significant momentum building over the past few years around the regulation of mercenary spyware-one of the key technologies that facilitate remoteaccess cyber dissident espionage.In March 2023, the US announced the Presidential Initiative for Democratic Renewal.One pillar of this call to action is US-led efforts to 'counter[] the misuse of technology and rise of digital authoritarianism'. 74The announcement referred to a 'comprehensive package of actions meant to combat digital repression' including an Executive Order prohibiting the use of commercial spyware that poses 'risks to national security or has been misused by foreign actors to enable human rights abuses around the world', 75 restrictions on post-service employment with foreign entities of concern that develop commercial spyware and the listing of several spyware companies on the Entity List restricting US exports to those companies. 76The US has also started transnational coalition-building around spyware regulation through the issuance of a set of Guiding Principles on Government Use of Surveillance Technologies and a Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware intended to deepen international cooperation around spyware proliferation, which has been signed by ten other countries. 77It has also established the EU-US Trade and Technology Council, including a specific working group on the 'misuse of technology threatening security and human rights'. 78The European Parliament Committee investigating the use and abuse of mercenary spyware in the European Union (EU) also called for stringent regulation in their final report on the issue. 79More recently, the United Nations Special Rapporteur on Counter-Terrorism and Human Rights called for an international legal response to the issue of spyware proliferation. 80here has also been growing policy discussion regarding the best means to address the broader practice of TR.The US is also a leader here.There are two pending bills on TR in 73 European Parliament, 'Committee of Inquiry to Investigate the Use of Pegasus and Equivalent Surveillance Spyware' (European Parliament, 2 June 2023) <https://www.europarl.europa.eu/committees/en/pega/home/highlights>. 74The White House, 'FACT SHEET: Advancing Technology for Democracy' (The White House, 29 March 2023) <https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/29/fact-sheet-advancing-technology-for-democracy-at-home-and-abroad/>. 75The White House, 'FACT SHEET: President Biden Signs Executive Order to Prohibit U.S. Government Use of Commercial Spyware that Poses Risks to National Security' (The White House, 27 March 2023) <https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/27/factsheet-president-biden-signs-executive-order-to-prohibit-u-s-government-use-of-commercialspyware-that-poses-risks-to-national-security/>.'Executive Order on Prohibition on Use by the United States Government of Commercial Spyware That Poses Risks to National Security' (The White House, 27 March 2023) <https://www.whitehouse.gov/briefing-room/presidential-actions/2023/03/27/executive-order-on-prohibition-on-use-by-the-united-states-government-of-commercialspyware-that-poses-risks-to-national-security/>; 76 The White House FACT SHEET (n 75). 77The White House FACT SHEET (n 74). 78European Commission, 'EU-US Trade and Technology Council Inaugural Joint Statement' (European Commission, 29 October 2021) <https://ec.europa.eu/commission/presscorner/detail/en/STATEMENT_21_4951>.

268
International and Comparative Law Quarterly the US, one to define and criminalize TR in domestic law and the second to establish several policy initiatives.The Department of Justice has also been active in issuing criminal indictments in situations described as TR. 81n short, there are a confluence of factors making this an appropriate time to start a discussion regarding the international regulation of dissident cyber espionage, despite States' prior reluctance to regulate on cyber issues.First, there are growing concerns regarding States' unchecked cyber espionage practices, and dissident cyber espionage is the least defensible practice under existing justifications for not regulating political cyber espionage-it does not further international stability and security.Second, there is a building consensus that one of the key technologies that underpins dissident cyber espionage-mercenary spyware-needs to be tackled through comprehensive domestic, regional and international regulation in order to prevent the further proliferation of this technology and the possibility that States use this technology in order to engage in political espionage.At the core of recent discussions towards regulating mercenary spyware is the realization that this technology is not 'just' used to conduct transnational dissident cyber espionage, but also to engage in political espionage against government targets such as US government officials working in embassies and consulates abroad. 82ith this background in mind, dissident cyber espionage is an area ripe for international regulation.Further, transnational dissident cyber espionage is sufficiently distinct from other categories of espionage in that it does not raise the risk of regulating State-on-State political espionage, which has been identified as a deterrent to any form of regulation. 83The following section reviews some of the key elements of a potential international treaty addressing transnational dissident cyber espionage.

Aims of the treaty
The aims of such a treaty would be multi-fold.One would be to demonstrate normative consensus around the issue of transnational dissident cyber espionage and establish rules that such activity-despite the murky nature of international law on this issue and States' permissive approach to cross-border political espionage-will be prohibited.A second aim would be to ensure that States which ratify the treaty have adopted or amended domestic laws to ensure that acts of dissident cyber espionage can be addressed through civil and criminal action, as well as other measures that ensure targets with government support and judicial remedies.A third aim would be to facilitate international cooperation around dissident cyber espionage, such as formal information exchanges between ratifying States, the development of human-rights 81 See, eg, US Department of Justice, 'U.S. Citizen and Four Chinese Intelligence Officers Charged with Spying on Prominent Dissidents, Human Rights Leaders and Pro-Democracy Activists' (US Department of Justice, 18 May 2022) <https://www.justice.gov/opa/pr/us-citizenand-four-chinese-intelligence-officers-charged-spying-prominent-dissidents-human>.
82 C Bing, 'At Least 50 US Govt Employees Hit with Spyware, Prompting New Rules' (Reuters, 27 March 2023) <https://www.reuters.com/technology/least-50-us-govt-employees-hit-withspyware-prompting-new-rules-2023-03-27/>. 83Banks argues that States, in starting to regulate espionage, 'could agree to distinguish national security espionage from all other forms, and tolerate only the former'.See Banks (n 25) 9. centred export control norms and to provide a place for an international dialogue on the issue.A final aim of the treaty would be to incentivize the private sector to investigate, disclose and collaborate with States.

Defining dissident cyber espionage
Present definitions of 'refugee espionage'84 are a good starting point to build from.As discussed in Section II of this article, transnational dissident cyber espionage can be understood to arise where (1) States, (2) engage in the remote collection of confidential information, (3) targeting activists and dissidents living in exile or the diaspora, (4) with the aim of trying to undermine, neutralize, eliminate or stifle political or social opposition, (5) while using remote-access cyber capabilities and (6) (setting aside the issue of extraterritoriality) in violation of IHRL.Where a State targets activists or dissidents living in exile or in the diaspora in such a manner, the presumption must be that such targeting is illegal under IHRL and is carried out with the intent of acquiring confidential information to be used in a manner that silences dissent.

Some measures to be taken by ratifying States at the national level a) Access to legal remedies in court i. Criminal prosecutions
A key aim of a treaty would be ensuring that ratifying States have adapted domestic law to ensure that targets of dissident cyber espionage can access judicial remedies.One option is to require ratifying States to ensure that their domestic criminal laws describe dissident cyber espionage as a criminal offence.Most States will already have criminalized espionage or the unauthorized interception of electronic communications.However, espionage provisions may be too narrow to capture situations where the espionage at issue is information gathering from non-State actors in the host State (such as foreign nationals in the host State) and transmitting that information to a foreign State.The criminalization of dissident cyber espionage (or refugee espionage more broadly, as in Sweden) sends the message that such activities will not be tolerated.The inclusion of such a crime would not be a particularly novel extension of criminal law. 85That said, criminal law may be hard to utilize in remote-access cyber operations where the operator is outside the host State and thus outside the enforcement jurisdiction of the court.Thus, access to civil remedies against the perpetrating State remains particularly important.

ii. Civil litigation
One of the significant challenges faced by targets of dissident cyber espionage has been the lack of access to a civil remedy in the courts of their host State.This is illustrated by the Court of Appeals for the District of Columbia Circuit decision in International and Comparative Law Quarterly Doe v Ethiopia. 86In that case, the plaintiff, an Ethiopian dissident, alleged that he was tricked into downloading a spyware program that enabled the Ethiopian government to spy on him from abroad. 87He sought to sue Ethiopia in the US.However, under US law, foreign States are immune from suit unless an exception to the Foreign Sovereign Immunities Act applies.Kidane argued that the non-commercial tort exception applied.However, the court concluded this was not the case, finding that the exception 'abrogates sovereign immunity for a tort occurring entirely in the United States' while the plaintiff alleged a 'transnational tort'.The court confirmed the lower court's dismissal for lack of subject matter jurisdiction. 88Thus, it appears that-at least for now-civil claims of dissident cyber espionage in the US will be unsuccessful.
However, there have been promising developments in the UK, which could be concretized through a treaty and consequent statutory amendments in ratifying States.In 2022, the High Court of England and Wales addressed the interpretation of the State Immunity Act 1978 (SIA) in the context of a case of dissident cyber espionage.In that case, Al-Masarir, a Saudi dissident, sued the Kingdom of Saudi Arabia for personal injury. 89Saudi Arabia argued that it was immune under the SIA and thus the court should set aside the order for service. 90Section 1 of the SIA provides that States are immune from the jurisdiction of UK courts in the absence of an exception to immunity listed in the statute.Al-Masarir argued that Saudi Arabia was not immune because of the exception for territorial personal injury in section 5 of the statute. 91He alleged that psychiatric injury arose after learning that the Saudi government sent him malicious messages, that he was subject to surveillance through spyware installed on his iPhones, and that he suffered injury after he was physically attacked. 92The court held in the plaintiff's favour, finding that even if the act of spyware installation was a sovereign act, section 5 of the SIA 'operates to remove the immunity' in this case. 93he court concluded that the plaintiff's claim of personal injury was covered by the exceptions in section 5 even though the acts were not all located within the UK. 94A year later, the same judge concluded that two Bahraini dissidents could sue the Kingdom of Bahrain for damages for personal injury in the form of psychiatric injury which they alleged to have suffered as a result of 'the infection of their laptop computers with spyware by the Defendant, which enabled it to conduct surreptitious surveillance on them'. 95The same judge held that there was no requirement under section 5 of the SIA that the infringing State had to be present in the UK or that all of the defendant's acts had to have occurred in the UK.It was sufficient that 'an act takes place in the UK, which is more than a minimal cause of the injury'. 96he US and UK decisions illustrate that there has been debate regarding the application of State immunity in the face of transnational dissident cyber espionage.A treaty addressing this practice could specifically require that ratifying States amend their domestic law to ensure that State immunity will not act as a barrier to these kinds of cases.This is not a novel approach; the US, for example, has enacted such an exception to State immunity in terrorism cases. 97The treaty could also specifically stipulate that domestic law must allow for claims to proceed based on psychiatric injury as a form of personal injury and where there are violations of IHRL.The latter is important to ensure that all targets of dissident cyber espionage are able to make a claim.For example, journalists working on human rights issues and subject to dissident cyber espionage may not be in a position to argue that they have suffered psychiatric injury in the same way as an activist, but they can show that their privacy has been violated contrary to IHRL.
iii.A note on the question of attribution of cyber espionage operations Much has been written on the challenge of attribution in cyber cases.However, countering this scholarship is a growing body of case law showing that attribution is not a barrier.In Al-Masarir v the Kingdom of Saudi Arabia, the High Court of Justice concluded that the plaintiff met his burden, on a balance of probabilities, to demonstrate that the exception under section 5 of the SIA applied. 98The plaintiff served expert evidence that his iPhones had been hacked with spyware by the defendant. 99The defendant claimed that this evidence was insufficient to attribute the claim properly, but the court observed that Saudi Arabia failed to serve any 'direct evidence in response to the Defendant's expert evidence'. 100The court reviewed the expert evidence filed by the plaintiff, concluding that it 'demonstrates to the requisite standard that the Claimant's iPhones were infected with spyware, and that the Defendant and/or those for whom it was vicariously liable, were responsible'. 101This decision, and the Shehabi and Anor v the Kingdom of Bahrain case, 102 show that sufficient technical expertise exists to demonstrate on a balance of probabilities that a device has been hacked by a government.
Further, the fact that any 'smoking gun' evidence is likely to be in the possession of the perpetrating State is not a bar to litigation.This was demonstrated in Al-Masarir, where the court noted the relatively thin response from the defendant in the face of the hacking claim.This seems to have weighed in favour of the court's conclusion that the claim had been sufficiently made out as the defendant did not present anything persuasive to the contrary. 103Carter v Russia is also instructive on the issue of burden of proof.The case dealt with an act of TR: the transnational poisoning and killing of Alexander Litvinenko in London by Russian State agents.The European Court of Human Rights concluded that it could shift the burden of proof to the Russian authorities in situations where the government was in possession of the necessary information to corroborate the allegation of the killing being a rogue operation.The court drew an adverse inference from the State's refusal to disclose documents related to its domestic investigation into the killing.Considering the government's 'failure to displace the prima facie evidence of State involvement', the court had to conclude that the killing was undertaken by individuals acting as State agents for Russia. 104In short, in cases where a plaintiff alleges that a foreign State engaged in an act of transnational dissident cyber-espionage, it could be specified in the treaty that 98 Ghanem Al-Masarir v Kingdom of Saudi Arabia (n 1) para 152. 99

272
International and Comparative Law Quarterly ratifying States must, once the plaintiff has met a certain threshold, provide for a reversal of the burden of proof through domestic law placing the onus on the State to offer disproving evidence.Legislative reversals of the burden of proof are not novel.

iv. Training and support
Another aspect of a potential treaty would be a commitment by States to dedicate resources and training to addressing the issue of dissident cyber espionage.This would be a 'due diligence' obligation, such that States who ratify the treaty can report and justify decisions taken and resources allocated based on the means available to them.Including this in a treaty would provide a starting point for a common set of initiatives among host States to mitigate dissident cyber espionage.Training and support may take many forms.One option is for States to agree to task domestic cybersecurity agencies with monitoring for transnational dissident cyber espionage and implementing a 'duty to warn' system that has emerged in the context of threats to life. 105This could be coordinated and implemented through government bodies that deal with cybersecurity and infrastructure in the host State.The US has announced such an approach through the US Cybersecurity and Infrastructure Security Agency. 106

International cooperation
A key component would be ensuring effective international cooperation around transnational dissident cyber espionage.A treaty could provide a structured forum for States to engage in information and evidence exchange in the context of dissident cyber espionage.While there may currently be ad hoc sharing among States, inclusion of the requirement to cooperate internationally on this issue and creation of a forum for such exchanges to happen on a regular basis would be likely to lead to more streamlined and consistent information-sharing.Such exchanges may also result in States receiving useful technical information regarding emerging surveillance technologies that are used not only in dissident cyber espionage, but also in acts of political espionage.Informationsharing mechanisms could also facilitate human-rights centred export control norms and coordinated sanctions enforcement by providing a specific space in which to ensure regular exchange on these topics.

Public-private sector collaboration
A final component of this treaty would be developing a framework for public-private collaboration.The ongoing Pegasus spyware scandal shows that States are insufficiently resourced in terms of technical expertise to detect cyber capabilities and that private companies and groups are in possession of relevant information regarding acts of transnational dissident cyber espionage.Developing a route for collaboration and cooperation between the two would greatly increase the efficacy of efforts to tackle cyber espionage.

IV. CONCLUSION
Transnational dissident cyber espionage is not currently addressed or defined under international law, and is not covered by international regulation or agreement.Yet, it poses a significant threat to human rights, democracy and the rule of law.Addressing this practice sets an important precedent for tackling TR and DTR more broadly.While international law applies to cyber espionage, and thus to dissident cyber espionage, there are normative gaps that allow this practice to continue while States struggle to respond.If recent negotiations around other digital technology-related treaties are any indication, there are significant hurdles to the drafting of such a treaty.However, there is presently a window of opportunity for the drafting of an international treaty that defines dissident cyber espionage and specifically outlines how ratifying States should be required to respond.And-even if States fall short of a binding instrument107 -this article contributes to the debate by outlining key issues that need to be discussed and addressed in any global framework.
35 36 For example, one might argue that situations where States are targeting non-State actors should be referred to as surveillance or information collection not espionage.However, this article argues that espionage is broadly understood to include State activity not only against other States, but also non-State actors.See, eg, Buchan (n 25) 21-4. 37ibid 22. Regulating Transnational Dissident Cyber Espionage foreign State as a form of espionage.For example, Sweden has criminalized 'refugee espionage' ('flyktingspionage'). 38 B. Placing Transnational Dissident Cyber Espionage in Context: (Digital) Transnational Repression Further, IHRL does not state how a State should respond to prevent such a practice.This R Buchan and I Navarrete, 'Cyber Espionage and International Law' in N Tsagourias and R Buchan (eds), Research Handbook on International Law and Cyberspace (Elgar Publishing 2021); Terry (n 54) 404; Buchan (n 25) 9; E Watt, State Sponsored Cyber Surveillance (Edward Elgar Publishing 2021).The argument has been made that DTR, which includes transnational dissident cyber espionage, gives rise to extraterritorial enforcement jurisdiction which is prohibited under international law and thus violates State sovereignty; see Michaelsen and Thumfart (n 41) 160-161. 63M Gibney et al, The Routledge Handbook on Extraterritorial Human Rights Obligations (1st edn, Routledge 2021).However, see Wieder and Guarnieri v UK App Nos 64371/16 and 64407/16 (European Court of Human Rights 12 September 2023) which suggests that we may see more clarity on this point over time.