Skip to main content

Cyber-activities: Rule of Law

Volume 638: debated on Thursday 22 March 2018

5. What discussions he has had with Cabinet colleagues on the application of the rule of law to cyber-activities. (904513)

8. What discussions he has had with Cabinet colleagues on the application of the rule of law to cyber-activities. (904516)

Cyber-space is not a lawless world. When states and individuals engage in hostile cyber-operations, they are governed by the law, just as they are elsewhere. The UK has always been clear that we consider cyber-space to be governed by the wider rules-based international order that we are proud to promote.

What actions can we take against those countries that we know are carrying out hostile actions in cyber-space?

Many states accept that international law covers cyber-space. In June 2015, there was a decision by 20 United Nations states to confirm that. Interestingly, one of those 20 states was Russia. Our argument, therefore, is that if there is an internationally wrongful act against the UK in cyber-space or anywhere else, the UK is entitled to respond.

In confirming that the UN charter also applies to state actions in cyber-space, will the Attorney General also confirm that that includes the prohibition on the use of force?

Yes, I can. The UN charter applies in its entirety to cyber-space, including the general prohibition on the use of force and the ability of states to defend themselves.

Order. I want to get down the Order Paper, so I will take each of the two hon. Members on condition that they give a short sentence each, not two, three, or four sentences.

What is the Attorney General going to do about the horrendous breach of cyber-security by Cambridge Analytica, and who are the right people to prosecute?

The hon. Gentleman will know from what the Prime Minister said yesterday that the Information Commissioner is already engaged in an investigation. It is important that she has the powers to investigate properly, and the Data Protection Bill, which was referred to previously, will give additional force to that.

A C1 cyber-attack is a matter of when, not if. Will the Attorney General outline the steps his Department is taking to protect the masses of digital personal information files held, and are there plans to upgrade this protection?

I fear that that needs more than a one-sentence answer. The hon. Gentleman will recognise that it is certainly a responsibility not just of the Government, but of each of us, to ensure that data on organisations and individuals is as well protected as it can be.