I’m not really talking about state-vs-state actions.
It’s my understanding that if a foreign national commits a crime against a US citizen or interest, first, it’s a big deal to keep him here, if he does it in country, and if he is abroad it’s even harder for US “actions” to take place, ie trial, conviction, sentencing. Even “in absentia” we can’t just go over there and clap him in irons.
But it seems like if some serious attack on a US computer system takes place, work will be done to, well, fuck up the person(s) who did it, if they can find them, by disabling or destroying his system.
I understand if a counterattack takes place in more-or-less real time (I have in my head a hazy notion of “hot pursuit.”) But many times a major hunt-and-kill operation is set up afterwards. When this happens with a physical criminal in another country, or a physical criminal’s assets there, nations tend to raise their eyebrows.
For criminal law, there will often be a treaty specifying when an extradition can take place. Even without, extradition may well be possible. The Courts will want that the action/ommission was a crime in both juridictions and there are no public policy reasons for why an extradition cannot occur. In your case, cybercrime or no cybercrime, it will be like any other extradition request.
For civil law decrees, oftentimes there are agreements between nation states that they will execute the decrees/orders/judgements of each others courts. If there is no such agreement, enforcement may still be possible, for example by filing suit using the existence of a foreign judgement as a cause of action.
Read a paper on this a few months ago. The short of it is that our laws and our doctrines of human rights and other assorted garbage have not kept pace with the reality of warfare in general and cyberwarfare in particular. Our various treaties and conventions all address relations between nation-states, but the reality of it is that we’re increasingly dealing with non-state actors and proxies.
This becomes especially tangled when you deal with cyberwarfare. Non-state proxies attacking virtual resources without setting foot in the host country defies our concept of how we define ‘war.’ Traditional human rights doctrine on justifiable self-defense make no sense in a conflict where time and place are completely disconnected from the offense. And, as Pakistan’s proxy war on America demonstrates, there is much debate over how to respond to a non-state actor based inside a supportive sovereign state.
So, if A launches a cyberattack on B, state-sponsored or otherwise, does that give B the right to physically attack the perpetrator’s servers? Nobody knows. Even the human rights organizations admit their doctrine just doesn’t make sense in the context of cyber-crime and cyber-war. We’re going to have to wait and see how it plays out.
Had to look up the article… here it is. It looks at it from a warfare perspective, but many of the same points apply. Also, as a disclaimer, I disagree with many of his conclusions and I think the Red Cross is hopelessly naive in general.
Droege, Cordula. “Get Off My Cloud: Cyber Warfare, International Humanitarian Law, and the Protection of Civilians.” International Review of the Red Cross 94, no. 886 (06, 2012): 533-78, http://search.proquest.com/docview/1370609087?accountid=8289 (accessed November 12, 2013).
If you read, “The Cuckoo’s Egg” by Clifford Stoll, one problem was at the time was that hacking was not a crime in Germany and so there was real controversy for the German if a German citizen could even be arrested for a legal action that took place in Germany. Compare that to Americans who are convicted for crimes (e.g. sex trips to Aisa) for actions illegal in the US but legal in the country they occur.
If by “in country” you mean in the US, keeping him there is not a big deal at all. As a foreign citizen (assuming he is not also a US citizen) he has a right to access the consular services of his home country, but all that they can do for him is to ensure that he is treated in accordance with the minimal standards required by international law. Regular US criminal procedures comfortably meet those standards, in most cases, so there is no great obstacle to charging, trying and imprisoning him for a breach of US criminal law committed in the US.