Communication Blackouts: Israeli Cyberattacks Against Civilians in Gaza

[Mais Qandeel is a Senior Lecturer of International Law at Örebro University, Sweden. She holds a Ph.D. in international humanitarian law from the University of Fribourg, Switzerland.]

Introduction

Israel fully controls the Palestinian cyberspace and information and communications technologies (ICTs) infrastructure. It only allows the use of 3G in the West Bank and 2G in the Gaza Strip. In its current war, Israel has been constantly imposing internet shutdowns and communications blackouts in Gaza. Israel carries out these acts as it imposes a complete siege/blockade, using starvation as a weapon of war, cutting off fuel and electricity and other lifeline supplies, bombing and destroying critical infrastructure, and killing and injuring more than 100,000 Palestinians. 

By December 2023, Israel had destroyed all major communication networks in Gaza. Even with some of Gaza’s internet access restored, data shows that the connectivity rate lingered at 1% in November 2023, leaving nearly the entire population without internet and communication means. The lack of electricity and fuel contributes to communication blackouts, as communication and internet providers cannot generate the power necessary to operate. Consequently, most Palestinians have no smartphones in working order and no electricity with which to charge their mobile phones, no fuel to generate energy, no telecommunication services, and no access to the internet. It has been reported that all internet, mobile data, telephone, and TV networks are constantly disturbed. These fall within the meaning of blanket shutdowns, where access to telecommunication services, including the internet, is entirely cut off. 

Communication blackouts and internet shutdowns in Gaza have been criticised by international organisations, including the World Health Organization, Save the Children, Access Now, Electronic Frontier Foundation and Human Rights Watch. Legally, the Israeli acts of imposing a communication blackout and damaging cyber infrastructure in Gaza raise several questions. Do these acts constitute a form of cyberoperations or qualify as attacks under international humanitarian law (IHL)?  Are they legal under the provisions of IHL and international human rights law (IHRL)? These legal questions concern not only the current Israeli war on Gaza, but they also stem from the role of Israel, the occupying power in Palestine, to provide and allow internet services, directly or through Palestinian telecommunication companies, such as Paltel Group. It is important to note that both IHL and IHRL are complementary and apply to situations of conflicts and military occupation. The focus of this blogpost is on IHL, although some human rights aspects are highlighted. 

This blogpost discusses communication blackouts in Gaza as a form of Israeli cyberattacks against civilian objects, considering their violent nature in means or effects. It evaluates the legality of such cyberattacks under the principles of distinction and proportionality, in conjunction with the Customary Rule 54: prohibition of attacks against objects indispensable to the survival of civilian population. 

Communication Blackouts in Gaza as a Form of Cyberattack

Communication blackouts and internet shutdowns can lead to a complete absence of connectivity and any form of communication tools. According to the UN High Commissioner for Human Rights, internet shutdowns are “measures taken by governments to intentionally disrupt access to, and the use of, information and communications systems online […] by restricting internet connectivity at large or by obstructing the accessibility and usability of services.” These measures limit or eliminate the ability of people to use online communications tools. The UN Human Rights Council, in Resolution 50/55, concluded that:

Internet shutdowns very rarely meet the proportionality test… Shutdowns also directly put people’s safety and well-being at risk, for example, when they make it impossible to warn people against impending danger or for people to call for vital services. Whereas blanket shutdowns have severe consequences and can never be justified, other forms of network and communications disruptions are also likely to have indiscriminate adverse effects, rendering them disproportionate.

para 13

Specifically in the context of Gaza, Human Rights Watch has stated that “intentional, blanket shutdowns or restrictions on access to the internet violate multiple rights and can be deadly during crises […] [and] prolonged and complete communications blackouts, like those experienced in Gaza, can provide cover for atrocities and breed impunity while further undermining humanitarian efforts and putting lives at risk.” Communication blackouts and internet shutdowns have not only been caused deliberately through technical means by the Israeli authorities, they have also been caused by the physical destruction of communication infrastructure and the cutting off of electricity and fuel, preventing service providers to operate and individuals to be connected.

The International Committee of the Red Cross (ICRC) defines cyber warfare as “means and methods of warfare that rely on information technology and are used in situations of armed conflict.” The ICRC does not seem to distinguish between the terms ‘cyber warfare’ and ‘cyber operations’. Some, such as Roscini (p. 11) and Delerue (p. 40) argue, rightfully so, that cyber warfare is a narrower term limited to the conduct of hostilities. It is important to make this distinction as States have engaged in cyberoperations without being in a situation of war. It is more accurate to limit the term cyber warfare to armed conflicts. 

A cyberattack, according to the Tallinn Manual 2.0, is “a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects” (Rule 92 – Tallinn Manual 2.0, 415). The ICRC offers an understanding of what may constitute a cyberattack, providing that “during an armed conflict an operation designed to disable a computer or a computer network constitutes an attack under IHL, whether the object is disabled through kinetic or cyber means”. Cyberattacks can seek, inter alia, to put critical services offline and paralyse their operations. A cyber act qualifies as an attack when it may have a “similar effect to kinetic action that would constitute an attack” (see the UK position as an example). In addition, cyberattacks harm civilians and put their lives and safety at risk. It can thus be understood that a cyberoperation is not necessarily accompanied with physical harm, while a cyberattack is violent and causes physical harm. 

It is well-established that an attack is connected to the notion of violence, which “can refer to either the means of warfare or their effects… an operation causing violent effects can be an attack even if the means used to cause those effects are not violent” (p. 312). States have adopted this view to “include harm due to the foreseeable indirect (or reverberating) effects of attacks” (p. 313). States have also recognised that cyberoperations against critical infrastructure and critical information infrastructure supporting essential services to the public may result in serious “devastating security, economic, social and humanitarian consequences[…] and ultimately the safety and wellbeing of individuals” (paras 18-19). 

Do Israeli acts in Gaza qualify as cyberattacks? Communication blackouts and internet shutdowns in Gaza qualify as cyberattacks. They are violent in their means (bombing critical infrastructure) and effects (harming civilians). They have ultimately endangered the safety and wellbeing of civilians and halted the work of medical services, humanitarian aid, and relief. For example, the lack of access to the internet has prevented civilians in Gaza from knowing where the declared safe areas and evacuation routes are, as the Israeli military uses social media and QR-code leaflets. Civilians have not been able to communicate with their own family members or reach out to healthcare services. Medical service providers and health workers have not been able to reach those killed and injured, and medical crews have not been able to communicate with each other. Internet shutdowns have also resulted in widespread service disruption and obstructed the delivery of humanitarian aid. The UN-OCHA has stated that internet and communication shutdowns have put the “delivery of humanitarian assistance to an almost complete halt, including life-saving assistance to people injured or trapped under the rubble.” Human rights organisations, including  Access Now, have stated that Israel is using internet shutdowns as a weapon of war and military tactic, creating an “air of impunity during armed conflicts and provide cover for grave human rights abuses and [as] a form of collective punishment.”

Importantly, bombing and destroying telecommunication infrastructure in Gaza qualifies as an attack within the meaning of IHL (see Art. 49 of Additional Protocol I). Disrupting connectivity via cyber means might not qualify as an attack if it does not have a violent and harmful effect. Communication blackouts and internet shutdowns through technical disruption can only be considered as a cyberattack when they have caused direct damage and harm to civilians. 

The Application of IHL to Cyberattacks 

IHL applies to cyberspace and cyberattacks. The international community supports this view (p. 302). This has also been affirmed in the 2015 and 2021 substantive reports of the Group of Governmental Experts (GGE). The Group notes that “international humanitarian law applies only in situations of armed conflict [and] it recalls the established international legal principles including, where applicable, the principles of humanity, necessity, proportionality and distinction” (para 71 (f)). Rule 80 of the Tallinn Manual 2.0 affirms “cyber operations executed in the context of an armed conflict are subject to the law of armed conflict.” 

Cyberattacks are conducted as a means and method of war, and in the Nuclear Weapons Advisory Opinion, the International Court of Justice noted that IHL applies “to all kinds of weapons, those of the past, those of the present and those of the future” (para 68). The ICRC concluded that ICT operations against critical infrastructure ultimately threaten “the safety and wellbeing of individuals” and that IHL applies to the context of armed conflicts and “restricts the means and methods of warfare in order to reduce risks and potential harm to both civilians and civilian objects as well as combatants”. In Rule 84, the Tallinn Manual considers that cyberattacks may amount to war crimes, and possibly to crimes against humanity, genocide or crimes of aggression under international law. In this context, the Prosecutor of the International Criminal Court, Karim Khan, accepts that cyberattacks fulfil the elements of many core international crimes, which may be prosecuted before the Court. This particular opinion to invoke criminal responsibility may shift the conduct of cyberoperations. 

Israel’s communication blackouts and internet shutdowns in Gaza through bombing cyber infrastructure in (violent means of warfare) or through the technical disruption of the internet (violent in effect) definitely constitute cyberattacks, causing harm to civilian lives and infrastructure. The interpretations of the main principles and rules governing cyberattacks depend on the case at hand and the principle discussed. In this post, the principles of proportionality and distinction are discussed in the context of communication blackouts in Gaza. 

The Principles of Distinction and Proportionality in Attacks Against Gaza’s ICT

The principle of distinction in IHL is crystal clear. Article 48 of Additional Protocol I to the Geneva Conventions obliges parties to distinguish between a military object and a civilian object, and operations shall only be directed at military objects. This is a legally binding customary international rule. Customary Rules 7 and 54 reflect such a provision. Rule 7 provides that “parties to the conflict must at all times distinguish between civilian objects and military objectives” and “attacks must not be directed against civilian objects.” This rule has been affirmed in the Nuclear Weapons Advisory Opinion, described as one of the “cardinal… intransgressible principles of international customary law” (paras 78-79). Rule 54 states that “attacking, destroying, removing or rendering useless objects indispensable to the survival of the civilian population is prohibited.” The Rule does not only prohibit attacks on civilian objects, it also prohibits rendering them useless which jeopardises the survival of civilians. 

When targeting military objects, the principle of proportionality plays an important role in the legal assessment. The principle of proportionality is codified in Article 51(5)(b) of the 1977 Additional Protocol I and reflected upon in Customary Rule 14. It prohibits attacks against military objectives which are “expected to cause incidental loss of civilian life, injury to civilians, damage to civilian objects, or a combination thereof, which would be excessive in relation to the concrete and direct military advantage anticipated”. Simply put, parties to a conflict are prohibited from attacking a military object – this is on the assumption that the distinction assessment has been carried out and the target has been identified as a military object – in cases where excessive civilian harm is foreseen or incidental. It is the civilian harm that counts in the proportionality analysis, for example, the loss of life or injury of civilians. In cyberattacks, incidental harm that causes the loss of the functionality of civilian computers, systems or networks must be considered for the application of proportionality. 

In the context of cyberattacks, the ICRC Position Paper affirms that “civilian infrastructure is protected against cyberattacks by existing IHL principles and rules, in particular the principles of distinction, proportionality and precautions in attack […] safeguarding such infrastructure and services against cyberattacks or incidental damage is essential to protect the civilian population.” This means that civilian infrastructure, including civilian ICT equipment and networks, may not be attacked. While the principle of distinction prohibits indiscriminate attacks, including the use of cyber means and methods, proportionality limits the extent of permissible incidental civilian harm caused by cyberattacks. When an attack is very excessive in conduct and effect, extending to harm the entire civilian population, it cannot fulfil the requirements of proportionality. 

The ICRC suggests that measures that can be taken to ensure that civilians are not affected by attacks on ICTs, including separating military and civilian cyber infrastructure and services as well as identifying the networks serving the safety of civilians such as access to information about safe areas, and protected objects such as hospitals. Attacks on cyber infrastructure and blanket shutdowns cannot be justified and cannot be in conformity with either the principle of distinction or the principle of proportionality. This is because when a “civilian object becomes a military objective cannot be done for cyberspace or the Internet in general. Instead, belligerents must identify which computer, nodes, routers or networks might have become a military objective […] [which needs] to be analysed individually” (p. 321). 

Israel has conducted consecutive attacks on telecommunication installations, towers and companies. Because civilian and military networks are highly interconnected in the ICT environment, “incidental civilian harm is to be expected in most cases”. Attacking all ICT infrastructure and imposing a blanket shutdown has directly led to excessive civilian damage and harm and would have been expected to have disproportionate effects. Specifically, the principle of proportionality forbids attacks that do not adhere to the basic obligation to spare civilians and civilian objects as much as possible. Thus, it does not appear that communication blackouts and internet shutdowns, as a result of technical and kinetic means, fulfil the requirements under the principle of proportionality. During conflicts, military commanders must “reach decisions on the basis of their assessment of the information from all sources which is available to them at the relevant time” to spare civilians and civilian objects and avoid or minimise harm, including through cyber means and methods. 

Israel’s Ministry of Communications has declared that the reason for cutting Gaza off the internet was that Hamas uses it for its communications. Some may argue, hence, that communication infrastructure is a civilian object, but it may well be a dual-use object, which qualifies as a military target. If Hamas is using the internet to communicate in Gaza, it may be argued that disrupting connectivity is generally in line with targeting military objects. The question here, however, concerns total communication blackout and blanket shutdowns, which essentially cannot fall within the meaning of distinction or proportionality. In practical terms, blanket shutdowns that last for weeks, cutting off an entire population from any form of communication and the massive bombardment of all communication infrastructure in Gaza cannot fall within the boundaries of the distinction or proportionality in attacks and may well constitute a war crime. Thus, Israeli imposed communication blackouts in Gaza have physically harmed both civilians and civilian objects, which may amount to a war crime. Such crimes should be investigated by the ICC’s Prosecutor Office.