論惡意網絡行動歸因中對“控制”標準的法律解釋和適用

The Legal Interpretation and Application of the ''Control'' Criterion in Attribution in Hostile Cyber Operations

以2001 年《國家對國際不法行為的責任條款草案》為標誌，現行國際法確立了內容連貫、邏輯續密的歸因規則體系。這套規則體系同樣可以被用來處理非國家行為體實施的可能構成國際不法行為的惡意網絡行動所涉及的國家貴任問題。在國家責任上，歸因是一個門檻條件，其中又以“控制”為核心要素。然而，在既往的司法實踐中，對“控制”標準本身有不同的解釋和適用，有時甚至出現了誤讀或誤用的情況，若不加以澄清，就有可能在處理非國家行為體實施的惡意網絡行動的國家貴任問題時產生不當歸因的結果。因此，首先確定能夠用於歸因的＂控制”標準是必要的。同時，《國家對國際不法行為的責任條款草案》第55 條為在該條款草案框架之外產生新的＂控制”標準提供了法律上的可能性，而有學者提出的＂控制和能力＂測試也並沒有超出這一框架。此外，在當前國家公共實踐處於相對真空的背景下，這種特別法也很難形成。

In international law, a coherent and logical system of attribution rules has been established in current international law, marked by the 2001 ILC Draft Articles on Responsibility of States for Internationally Wrongful Acts (ARSIWA). This body of rules can be equally used to address the issue of state responsibility concerning hostile cyber operations committed by non-state actors that may constitute internationally wrongful acts. Attribution is a threshold condition for state responsibility, of which ''control'' is the most central element. However, in the past judicial practice, there are different interpretations and applications of the ''control'' criterion itself, and sometimes even misinterpretation or misuse, which, if not clarified, may result in improper attribution when dealing with the state responsibility for malicious cyber actions committed by non-state actors. Therefore, it is necessary to first identify the ''control'' criterion that can be used for attribution. At the same time, article 55 of the ARSIWA offers the legal possibility of creating a new standard of ''control'' outside the framework of the ARSIWA, while the ''control and capabilities'' test proposed by scholars is within the scope of this framework. Moreover, such Jex specialis would be difficult to develop in the current context of a relative vacuum in state public practice.