Cyber Espionage: The Silent Crime of Cyberspace
Boston University, Boston, USA
Abstract: In recent years, the disclosure of secrets through cyber infiltration of America’s largest intelligence organization,
the National Security Agency (NSA), has raised the fears of veteran intelligence officials and close allies around the globe that
no institution or government is secure from those who roam the discrete halls of cyberspace. Although espionage has existed
since before the days of the Greek mythological Trojan horse, no one could have envisioned the sophisticated use of
espionage in today’s networked world. Espionage has been used for political and military intelligence and economic and
industrial pursuits with a lack of understanding of all of the impacts on our daily lives. In the context of foreign or international
law, espionage is sometimes characterized as lawless, without controls or regulation, and it rarely distinguishes between
economic and security based cyber espionage. Through empirical analysis this paper explores the treatment of espionage
under various legal systems including those countries and regions considered the most advanced at cyber espionage, the
United States, the United Kingdom, Russia and China. To provide greater insight into the different perspectives of cyber
espionage from a legal standpoint, this paper distinguishes the law of national intelligence collection from the criminal laws
of economic/industrial espionage on the domestic front. The purpose of this research is to analyze the development of cyber
espionage as a preferred means of contemporary warfare, as well as a tool for economic and political intelligence. The paper
concludes by responding to the challenges faced by nation-states in the development of an effective legal system governing
espionage at the domestic and international level.
Keywords: cyber espionage, cybercrime, foreign surveillance, national intelligence, economic espionage, cyber warfare
Although many countries all over the world are committing cyber espionage, the United States, Russia, and China
represent the most sophisticated cyber spying capabilities (Senate, 2014). A 2011 Report by the Office of the
National Counterintelligence Executive (ONCIX) suggested that the rise of cyberspace as a platform for
innovation and storage of trade secrets was greatly enhancing the risks faced by American firms. The report also
found that the United States remains the prime target for foreign economic collection and industrial espionage
by virtue of its global technological leadership and innovation (ONCIX, 2011).
Cyber espionage has also become an accepted and even preferred means of warfare. That is not to say that
cyber espionage will replace traditional means of warfare, but it is already affecting the nature of nation-state
conflict. Dunn Cavelty (2012) suggests that this shift began with the Cold War, when the United States and Russia
focused their efforts on covert information gathering over outright warfare. Because all-out war between major
world powers has become less acceptable in the modern world, more cautious strategies have continued into
the 21st century. In the last few decades especially, as technology has become more advanced, cyber espionage
tools have become indispensable to modern military operations (DoD, 2015). The Defense Department
continues to support the Justice Department and other agencies in exploring new tools and capabilities to help
deter such activity in cyberspace (DoD, 2015, p. 12). For example, the United States used verifiable and
attributable data to engage China about the risks posed by its economic espionage. The attribution of this data
allowed the United States to express concerns regarding the impact of Chinese intellectual property theft on
U.S. economic competitiveness, and the potential risks posed to strategic stability by Chinese activity. To deter
China from conducting future cyber espionage, the Justice Department indicted five members of the People’s
Liberation Army for stealing U.S. intellectual property to directly benefit Chinese companies. The Chinese
hackers were indicted on 31 counts, 23 of which were under the Computer Fraud and Abuse Act. While Justice
Officials say the indictment was a breakthrough, others characterize the punishment as only symbolic as the
likelihood of prosecution is slim (DOJ, 2014).
The 2014 Office of Personnel Management (“OPM”) data breach has been described as the greatest theft of
sensitive personnel data in history. However, neither the scope nor scale of the breach, nor its significance, has
been fully investigated and shared with victims and the public. The 22 million victims—and their families—of
this espionage attack share concerns with the deficiency of this counterintelligence campaign that have not been
answered or addressed (Nakashima, 2015).
Based on empirical research this paper explores the unique characteristics of cyber espionage under the laws of
four major powers and the existing legal concepts and doctrines for national intelligence and cybersecurity and
organizes a conceptual legal structure that frames the convergence and divergence in espionage laws and legal
practice, and the areas for harmonization and agreement among nations.
2. Espionage under international law
Espionage, commonly known as spying, is the practice of secretly gathering information about a foreign
government or a competing industry, with the purpose of placing one's own government or corporation at some
strategic or financial advantage. In the United States, federal law prohibits espionage when it jeopardizes the
national defense or benefits a foreign nation (18 U.S.C.A. § 793). Criminal espionage involves betraying U.S.
government secrets to other nations. Importantly, espionage does not reach the level of use of force under the
U.N. Charter. According to the International Group of Experts that authored the Tallinn Manual 2.0 on the
international law applicable to cyberspace, cyber espionage is distinct from the underlying acts that enable the
espionage (NATO, 2017).
The definition of a cyber-attack varies widely. For example, the United States definition of a cyber-attack does
not include espionage as the U.S. has a separate Espionage Act (Espionage Act of 1917), while Germany makes
no distinction between cyber-attack and probe or espionage (Germany CSS, 2011, pp. 14-15). However,
espionage’s permissibility under international law remains largely unsettled; no global regulation exists for this
important state activity (Pun, 2017). The contradiction of espionage is evident as states deem their own
espionage activities legitimate and essential for national security, while aggressively pursuing criminal actions
against foreign espionage activity. "The law of espionage is, therefore, unique in that it consists of a norm
(territorial integrity), the violation of which may be punished by offended states, however, states have
persistently violated the norm” … (Scott, 1999).
Although it is unclear under international law whether states in general have a lawful right to spy on other states,
the disallowance of certain activities within espionage is clearer (Pun, 2017). The treatment of those involved in
spying activities as well as the use of torture to extract information has been held unlawful by Courts in many
nations (Forcese, 2011). In 2013, fifteen countries, including the United States and China, agreed that
international law, in particular, the United Nations Charter applies in cyberspace and explicitly highlighted the
need to elaborate confidence-building measures and norms, rules, or principles of responsible behavior of States
(UN Report, 2013).
3. The United States Espionage Act, Foreign Intelligence Surveillance Act, and Economic
More than one hundred years ago, President Woodrow Wilson signed the Espionage Act. Enacted soon after the
United States entered World War I in 1917, the Espionage Act prohibited individuals from expressing or
publishing opinions that would interfere with the U.S. military’s efforts to defeat Germany and its allies.
Specifically, the Espionage Act made it a crime willfully to interfere with U.S. war efforts by conveying false
information about the war, obstructing U.S. recruitment or enlistment efforts, or inciting insubordination,
disloyalty, or mutiny. Ironically, this tension between national security and free speech rights still exists today.
To be convicted under the 1917 Act, the law requires proof of intent for the information to be used to injure the
United States or to advantage any foreign nation or reason to believe that the information will be used for either
of these purposes. Section 794(b) applies “in time of war” and prohibits the communication of this information
to the enemy or attempts to elicit any information relating to the public defense. The offenses contained in
sections 794(a) and (b) are punishable by death or imprisonment for any term of years or for life. Courts have
held that the statute requires the government to prove four elements under §793 : (1) the defendant lawfully
or unlawfully had possession of, access to, or control over, or was entrusted with (2) information relating to the
national defense that (3) the defendant reasonably believed could be used to the injury of the United States or
the advantage of a foreign nation and (4) that the defendant willfully communicated, delivered, or transmitted
such information to a person not entitled to receive it (§793). The U.S. Department of Defense tracks the 1917
Espionage Act and defines "espionage" in its Joint Publication 2-01.2 as "[t]he act of obtaining, delivering,
transmitting, communicating, or receiving information about the national defense with an intent, or reason to
believe that the information may be used to the injury of the United States or to the advantage of any foreign
nation (JP 2-01.2). Espionage is a violation of 18 United States Code 792-798 and Article 106, Uniform Code of
The Espionage Act is far from a paradigm of clarity. Scholars have described it as “incomprehensible if read
according to the conventions of legal textualism, while paying fair attention to legislative history” (Edgar and
Schmidt, 1986). A major problem that arises from the lack of clarity is to whom exactly the Espionage Act applies.
The plain meaning of the Espionage Act appears to apply to everyone including government employees, leakers,
whistleblowers, and members of the press alike. For example, Section 793(e) prohibits the willful communication
of confidential information by someone who is not authorized to possess it.
To address with more clarity the role of National Intelligence and Foreign data collection, the United States
passed the Foreign Intelligence Surveillance Act in 1978 (FISA) with major Amendments in 2007 and 2008 to
ease restrictions on surveillance of terrorists suspects where one party (or both parties) to the communication
are located overseas (FISA, 1978). Despite the ample evidence that FISA has led federal investigators to
significant victories in the apprehension of terrorists and the conviction of conspirators passing U.S. secrets on
to foreign nations, it has been criticized for not maintaining the proper balance between national security and
the protection of individual privacy (Breglio, 2003; Correia, 2014).
Following the end of the Cold War, in the West there was a noticeable shift of concern about espionage from
that which is political and military in nature to economic espionage, especially when carried out by cyber means
(U.S. Strategy, 2011). In 1996, Congress passed the Economic Espionage Act (EEA), to help reduce the theft by
foreign entities of proprietary information and trade secrets of U.S. businesses. Economic espionage occurs
when a foreign government seeks information to advance its own technological or financial interest against
another government, foreign company or an individual.
The weaknesses of the Economic Espionage Act has been a subject of scholarly research. With some finding that
the Act has been difficult to prove with minimal sentences under para. 1831, while others argue that the
government has taken a hands off approach in helping private industry, and a lack of support from other nations
assisting in international investigations (Reid, 2016). Notably, since the inception of the EEA in 1996 there have
been fewer than 10 convictions to date under the law. Walter Liew, was the first person to be convicted of
economic espionage by a U.S. jury in March 2014 and was sentenced to 15 years in prison.
4. China’s National Intelligence and Trade Secrets Law
China passed its new National Intelligence Law on June 27, 2017 by the 28th meeting of the Standing Committee
of the 20th National People's Congress. Article 1 of the Law states its broad purpose under the Constitution …
“to strengthen and safeguard national intelligence work and to preserve state security and interests” (China,
2017b). The Law further specifies its purpose by providing that "National Intelligence work adheres to the overall
national security perspective, provides intelligence as a reference in major national decision-making, provides
intelligence support for the prevention and mitigation of threats endangering national security, and preserves
the national political power, sovereignty, unity, and territorial integrity, the welfare of the people, sustainable
social and economic development and other major national interests” (Art. 2). Consistent with China’s
governance of national security, the Law stipulates that "The Central Military Commission uniformly leads and
organizes military intelligence efforts” (Art. 3). To address respect for the law and human rights, the Law states
“that the National intelligence efforts shall be conducted in accordance with law, shall respect and protect
human rights, and shall preserve the lawful rights and interests of individuals and organizations” (Art. 8).
The United States Intelligence Community in their 2017 Threat Assessment Report ranked China as the number
one threat against U.S. interests in cyberspace noting that Beijing will continue actively targeting the US
Government, its allies, and US companies for cyber espionage (Coates, 2017). As noted in the Report, The
Chinese government continues to conduct pervasive industrial espionage against U.S. companies, universities,
and the government and direct efforts to circumvent U.S. export controls to gain access to cutting-edge
technologies and intellectual property in strategic sectors (U.S.-China, 2017). According to the Intellectual
Property Commission Report by the National Bureau of Asian Research (NBAR) the scale of international theft
of American intellectual property (IP) is in the hundreds of billions of dollars per year, on the order of the size of
U.S. Exports to Asia (NBAR, 2013, p. 1).
China’s espionage laws like the United States encompass both trade secret protections and national security.
China first enacted trade secret “protections” in 1993 with the passage of Article 10 of the Unfair Competition
Law, which prohibits businesses from the following: a) obtaining the trade secret of the rightful party by theft,
inducement, duress or other illegal means; b) disclosing, using or allowing others to use the trade secrets of the
rightful party obtained by illegal means; or c) disclosing, using or allowing others to use trade secrets in breach
of an agreement or the confidentiality requirement imposed by the rightful party (China, 1993).
5. The United Kingdom’s Espionage and Trade Secrets Law
From the earliest days of the British intelligence community, which was established in the early twentieth
century, there was a close connection between intelligence-gathering and empire (Walton, 2013). Intelligence
played an essential role in the administration of the empire, which by the 1920s had grown to encompass onequarter of the world’s territory and population. The formation of the two services that would later become
known as MI5 and SIS commonly called MI6 represented a fundamental break with all British intelligencegathering efforts up to that point. For the first time, the government had professional, dedicated peacetime
intelligence services at its disposal (Walton, 2013, p. 5).
Historically, the United Kingdom embraced a stronger culture of secrecy than the United States (Donahue, 2005).
The Official Secrets Act of 1989 is the key statute that prohibits the unauthorized disclosure of government
information. The law criminalizes “secondary disclosures,” that is, the publication by journalists or members of
the public of protected information received from government employees in contravention of the law (OSA,
The Official Secrets Act 1889 (52 & 53 Vict. c. 52) was an Act of the Parliament of the United Kingdom. It created
offences of disclosure of information (section 1) and breach of official trust (section 2). It was replaced in the UK
by the Official Secrets Act 1911. The Official Secrets Act 1989 (c. 6) replaced section 2 of the Official Secrets Act
1911, thereby removing the public interest defense created by that section. The Official Secrets Bill was enacted
to give increased powers against offences of disclosing confidential matters by officials, and to prevent the
disclosure of such documents and information by spies, and/or to prevent breaches of official trust, in order to
punish such offences of obtaining information and communicating it, against the interests of the British State.
Unlike the U.S., Russia and China, the United Kingdom (UK), has not criminalized the misappropriation of trade
secrets, and has limited its remedies to civil actions including injunctive relief, search and seizure orders and
damages (UK, 2017). Based on an extensive consultation paper on the protection of official data, the UK Law
Commission recently recommended that the UK criminalize the theft of trade secrets, however, the
recommendations have not been acted upon (UK, 2017). The UK also proposed changes to the Serious Crime Bill
in order to deter hackers by increasing the penalty under the Computer Misuse Act to a life sentence.
6. Russia’s Espionage and Trade Secrets Law
Russia's External Intelligence Service (SVR) is the current incarnation of one of the world's oldest and most
extensive espionage agencies, known for decades as the KGB (BBC, 2010). While China uses various methods to
steal foreign trade secrets for both political and economic interests, Russia has recently focused its efforts on
cyber espionage to promote its national economic interests, while also employing intelligence officers under
The Criminal Code of the Russian Federation, Law No. FZ-190 as amended in 2012 , sets out what is termed “High
Treason,” which is defined as “espionage, disclosure of state secrets, or any other assistance rendered to a
foreign State, a foreign organization, or their representatives in hostile activities to the detriment of the external
security of the Russian Federation committed by a citizen of Russia (RF, 1996, 2012). Under Article 275, of Law
No. FZ-190 high treason shall be punishable by 12 to 20 years imprisonment with or without a fine in an amount
of up to 500 thousand roubles or in the amount of the wage or salary, or other income of the convicted person
for a period of up to three years.
According to the Russian Federal Security Service (FSS), which proposed the bill, the amendments are aimed at
emphasizing that state treason is a broad concept and that espionage and disclosure of state secrets are forms
of it (RF, 2012). The FSS also stated, in its explanatory memo to the amendment law, that previous practice in ...
Purchase answer to see full attachment