A student had a question: If State A doxes State B for hacking State C, what would be the result under international law? The student was in the law school class, International Law of Cyber Conflict. My immediate response was, “That is a good question. Let me get back to you.” Every reference librarian needs a fall-back response like this. We can’t know everything immediately. The question was substantive, but since the student was asking a librarian, I understood that she wanted to know what resources there are that would help answer the question.
The first step was to orient myself to the question: What is doxing? There is a pretty good Wikipedia entry on doxing. This raises another question: Can you trust Wikipedia? As it happens, there is a Wikipedia entry on this point. It says explicitly, “Wikipedia is not a reliable source. Wikipedia can be edited by anyone at any time. This means that any information it contains at any particular time could be vandalism, a work in progress, or just plain wrong.” Nevertheless, I am prepared to use Wikipedia based on a critical factor of reliability: internal evidence. If the entry is well-drafted, contains references, and has other indicia of reliability, then I am prepared to use it, at least for the purpose of orienting myself to a question.
Lexico.com is a language site, a good one for definitions. A collaboration between Dictionary.com and Oxford University Press, it includes both a US English dictionary and a UK English dictionary, as well as a Spanish-English dictionary and grammars for both English and Spanish. Lexico.com defines doxing as the publication of private or identifying information on the internet about a particular individual, typically with malicious intent. I would take a broader approach and define doxing as the malicious publication on the internet of sensitive information about an individual, an organization, or (why not?) about a state.
The law review literature has a small number of articles about doxing. A good example is Julia M. McAllister, The Doxing Dilemma: Seeking a Remedy for the Malicious Publication of Personal Information, 85 Fordham L. Rev 2451 (2017). You won’t find any articles on doxing done by or about states. We law reference librarians know that you have to go into the law-related literature, especially when the subject is international. International law and international relations overlap so much that it could be tantamount to negligence to fail to search in the latter when dealing with an issue of the former. An extended search produces an article published on SSRN and in the Harvard National Security Journal, Doxfare: Politically Motivated Leaks and the Future of the Norm on Non-Intervention in the Era of Weaponized Information by Ido Kilovaty. Note that the author is affiliated with US law schools, but the article appeared in the international law-related literature. This is as close as I could get to a source on doxing by states.
The broader context here is cyber operations in general and international law. States use computers and computer networks to act in the international sphere. Does international law govern in cyberspace? The generally accepted answer is yes. The field is pretty new and international law has to adapt to operate in it. General public international law applies to state conduct in cyberspace and some of the issues are fundamental. Sovereignty, jurisdiction, state responsibility and attribution are examples.
Students in a course like International Law of Cyber Conflict may not realize that the foundations of public international law are critically relevant. Where do you send them for a grounding in international law? The Max Planck Encyclopedia of Public International Law is a great source for this. Confusingly, Oxford University Press has chosen to integrate the encyclopedia with another one, the Max Planck Encyclopedia of International Procedural Law. In this connection, the question arises, what is the best one-volume textbook of public international law? There are several one-volume introductions to the field. My strong preference lies with James Crawford’s Brownlie’s Principles of Public International Law, 9th ed. (Oxford University Press, 2019). It is authoritative, current and full of references to the primary sources and further reading.
Two secondary sources that have to be mentioned are the 2020 monograph Cyber Operations and International Law by François Delerue (Cambridge University Press) and the Talinn Manual 2.0 on the International Law Applicable to Cyber Operations (Cambridge University Press, 2017). The upshot of the question about doxing by states is Tarlton Law Library’s new research guide on cyber operations and international law.