Cyber Attacks and the Use of Force in International Law

The thesis reviews the issue of cyber attacks and international law in terms of jus ad bellum, the law concerning the recourse to force by states. The thesis takes the view that the existing rules on the use of force, namely Articles 2(4) and 51 of the United Nations Charter and the corresponding rules of customary international law apply to attacks regardless of the way they are carried out and thus, they apply to cyber attacks as well. Two central examples of different kinds of cyber attacks are presented to illustrate the issue: the attacks against Estonia in 2007 and Stuxnet, the malware that targeted Iranian nuclear facilities and was discovered in 2010. Before covering the main question of if and when cyber attacks may constitute uses of force or armed attacks, the thesis takes a brief historical look at how the just war doctrine and the regulation of war have evolved to their current state. The thesis argues that while cyber attacks are a new phenomenon with certain unique aspects, they are a part of the evolution and continuum of armed conflict. The thesis takes a look at the different approaches (instrument-based, target-based and effects-based) to assessing the question of whether or not a cyber attack crosses the threshold of a use of force or an armed attack. The effects-based view is found to be most appropriate one. It is argued that particularly cyber attacks that cause death, injury, damage or destruction qualify as uses of force. As cyber operations make it possible to cause severe economic consequences without the use of physical force, the question of economic force is discussed as well. The thesis argues that while the prevailing view is that Article 2(4) does not cover the use of economic force, the question may arise in the context of cyber attacks, and an attack with such consequences may result in a reappraisal of the issue in state practice. Turning to armed attacks, the thesis argues that cyber operations may also qualify as armed attacks. Accepting the prevailing view that distinguishes between uses of force and armed attacks, the thesis claims that for a cyber operation to rise to the level of an armed attack, the consequences must be sufficiently grave. It is argued that for example a denial-of-service attack does not fulfil the criteria of an armed attack, but an attack that causes fatalities or severe damage or destruction would cross the threshold and justify self-defence. The thesis also discusses the question of anticipatory self-defence in the context of cyber attacks

Oikeusturva tahdosta riippumattomasta psykiatrisesta hoidosta päätettäessä

In July 2012 the European Court of Human Rights (ECtHR) ruled in X v. Finland that the Finnish legislation regarding the involuntary treatment of psychiatric patients did not offer sufficient safeguards against arbitrary decisions in the light of the European Convention on Human Rights. The Court ruled that patients should be able to get an independent medical opinion, which the Finnish legislation did not guarantee. The Finnish Supreme Administrative Court in a subsequent en banc ruling disregarded the decision of the ECtHR and upheld a decision to place a patient in involuntary care even though the patient had not had the opportunity to getan independent opinion. The article takes a critical look at the decision of the Supreme Administrative Court and the following decisions by lower courts and their reasoning. The author’s conclusion is that the Court did not have grounds to disregard the earlier decision of the ECtHR and that its reasoning does not suffciently take into account the decision in question and the earlier praxis of the ECtHR

Potilastietojen salassapito potilastietojärjestelmien kannalta

The article discusses the confidentiality of medical records especially regarding electronic medical records (EMRs) in Finland. During the past few years there have been dozens of cases where medical records have been accessed without authorization and the patients’ privacy has been breached. Although the Finnish data protection legislation confines access to records only to those taking part in the treatment, much wider access is granted in practice. The article presents the principles of confidentiality of medical records and the protection of privacy and discusses the current state of legislation and the major problems regarding the privacy breaches. Special notice is paid to the possible ways of enforcing the current legislation and holding the registrars liable

Large-scale data integration framework provides a comprehensive view on glioblastoma multiforme

Peer reviewe