Technology Law otherwise known as Cyberlaw describes the legal issues related to use of inter-networked information technology. It is less a distinct field of law in the way that property or contracts are, as it is a domain covering many areas of law and regulation. Some leading topics include intellectual property, privacy, freedom of expression, and jurisdiction.
Jurisdiction and sovereignty
Issues of jurisdiction and sovereignty have quickly come to the fore in the era of the Internet. The Internet does not tend to make geographical and jurisdictional boundaries clear, but Internet users remain in physical jurisdictions and are subject to laws independent of their presence on the Internet. Trout, B. (2007). "Cyberlaw: A Legal Arsenal For Online Business", New York: World Audience, Inc. As such, a single transaction may involve the laws of at least three jurisdictions: 1) the laws of the state/nation in which the user resides, 2) the laws of the state/nation that apply where the server hosting the transaction is located, and 3) the laws of the state/nation which apply to the person or business with whom the transaction takes place. So a user in one of the United States conducting a transaction with another user in Britain through a server in Canada could theoretically be subject to the laws of all three countries as they relate to the transaction at hand.
Jurisdiction is an aspect of state sovereignty and it refers to judicial, legislative and administrative competence. Although jurisdiction is an aspect of sovereignty, it is not coextensive with it. The laws of a nation may have extra-territorial impact extending the jurisdiction beyond the sovereign and territorial limits of that nation. This is particularly problematic as the medium of the Internet does not explicitly recognize sovereignty and territorial limitations. There is no uniform, international jurisdictional law of universal application, and such questions are generally a matter of conflict of laws, particularly private international law. An example would be where the contents of a web site are legal in one country and illegal in another. In the absence of a uniform jurisdictional code, legal practitioners are generally left with a conflict of law issue.
Another major problem of cyberlaw lies in whether to treat the Internet as if it were physical space (and thus subject to a given jurisdiction's laws) or to act as if the Internet is a world unto itself (and therefore free of such restraints). Those who favor the latter view often feel that government should leave the Internet community to self-regulate. John Perry Barlow, for example, has addressed the governments of the world and stated, "Where there are real conflicts, where there are wrongs, we will identify them and address them by our means. We are forming our own Social Contract . This governance will arise according to the conditions of our world, not yours. Our world is different" (Barlow, A Declaration of the Independence of Cyberspace). Other scholars argue for more of a compromise between the two notions, such as Lawrence Lessig's argument that "The problem for law is to work out how the norms of the two communities are to apply given that the subject to whom they apply may be in both places at once" (Lessig, Code 190).
Though rhetorically attractive, cybersecession initiatives have had little real impact on the Internet or the laws governing it. In practical terms, a user of the Internet is subject to the laws of the state or nation within which he or she goes online. Thus, in the U.S., Jake Baker faced criminal charges for his e-conduct (see Free Speech), and numerous users of peer-to-peer file-sharing software were subject to civil lawsuits for copyright infringement. This system runs into conflicts, however, when these suits are international in nature. Simply put, legal conduct in one nation may be decidedly illegal in another. In fact, even different standards concerning the burden of proof in a civil case can cause jurisdictional problems. For example, an American celebrity, claiming to be insulted by an online American magazine, faces a difficult task of winning a lawsuit against that magazine for libel. But if the celebrity has ties, economic or otherwise, to England, he or she can sue for libel in the British court system, where the standard of “libelous speech” is far lower.
Another major area of interest is Net Neutrality, which affects the regulation of the infrastructure of the Internet. Though not obvious to most Internet users, every packet of data sent and received by every user on the Internet passes through routers and transmission infrastructure owned by a collection of private and public entities, including telecommunications companies, universities, and governments, suggesting that the Internet is not as independent as John Perry Barlow and others would like to believe. This is turning into one of the most critical aspects of cyberlaw and has immediate jurisdictional implications, as laws in force in one jurisdiction have the potential to have dramatic effects in other jurisdictions when host servers or telecommunications companies are affected.
Free speech in cyberspace
In comparison to traditional print-based media, the accessibility and relative anonymity of cyberspace has torn down traditional barriers between an individual and his or her ability to publish. Any person with an internet connection has the potential to reach an audience of millions with little-to-no distribution costs. Yet this new form of highly-accessible authorship in cyberspace raises questions and perhaps magnifies legal complexities relating to the freedom and regulation of speech in cyberspace.
Recently, these complexities have taken many forms, three notable examples being the Jake Baker incident, in which the limits of obscene Internet postings were at issue, the controversial distribution of the DeCSS code, and Gutnick v Dow Jones, in which libel laws were considered in the context of online publishing. The last example was particularly significant because it epitomized the complexities inherent to applying one country's laws (nation-specific by definition) to the internet (international by nature). In 2003, Jonathan Zittrain considered this issue in his paper, "Be Careful What You Ask For: Reconciling a Global Internet and Local Law."
In many countries, speech through cyberspace has proven to be another means of communication which has been regulated by the government. The Open Net Initiative, whose mission statement is "to investigate and challenge state filtration and surveillance practices" in order to "...generate a credible picture of these practices," has released numerous reports documenting the filtration of internet-speech in various countries. While China has thus far proven to be the most rigorous in its attempts to filter unwanted parts of the internet from its citizens, many other countries - including Singapore, Iran, Saudi Arabia, and Tunisia - have engaged in similar practices. In one of the most vivid examples of information-control, the Chinese government for a short time transparently forwarded requests to the Google search engine to its own, state-controlled search engines. These examples of filtration bring to light many underlying questions concerning the freedom of speech, namely, does the government have a legitimate role in limiting access to information? And if so, what forms of regulation are acceptable? The recent blocking of "blogspot" and other websites in India failed to reconcile the conflicting interests of speech and expression on the one hand and legitimate government concerns on the other hand.
In the UK the case of Keith-Smith v Williams confirmed that existing libel laws applied to internet discussions.
To help members understand an increasing complex global privacy landscape, we have refreshed our analysis of Data Privacy Laws and Regulations around the world. This updated database provides more nuanced, detailed information on new issues of concern to companies such as electronic marketing, online privacy, registration, security, transfer, and breach notification, with analysis provided by Lazarus Alliance.
The unique structure of the Internet has raised several judicial concerns. While grounded in physical computers and other electronic devices, the Internet is independent of any geographic location. While real individuals connect to the Internet and interact with others, it is possible for them to withhold personal information and make their real identities anonymous. If there are laws that could govern the Internet, then it appears that such laws would be fundamentally different from laws that geographic nations use today.
In their essay "Law and Borders -- The Rise of Law in Cyberspace," David Johnson and David Post offer a solution to the problem of Internet governance. Given the Internet's unique situation, with respect to geography and identity, Johnson and Post believe that it becomes necessary for the Internet to govern itself. Instead of obeying the laws of a particular country, Internet citizens will obey the laws of electronic entities like service providers. Instead of identifying as a physical person, Internet citizens will be known by their usernames or email addresses. Since the Internet defies geographical boundaries, national laws will no longer apply. Instead, an entirely new set of laws will be created to address concerns like intellectual property and individual rights. In effect, the Internet will exist as its own sovereign nation.
Even if the Internet represents a legal paradigm shift, Johnson and Post do not make clear exactly how or by whom the law of the Internet will be enforced. Instead, the authors see market mechanisms, like those that Medieval merchants used, guiding Internet citizens' actions like Adam Smith's invisible hand. Yet, as more physical locations go online, the greater the potential for physical manifestation of electronic misdeeds. What do we do when someone electronically turns off the hospital lights?
However, there is also substantial literature and commentary that the internet is not only “regulable,” but is already subject to substantial regulation, both public and private, by many parties and at many different levels. Leaving aside the most obvious examples of internet filtering in nations like China or Saudi Arabia (that monitor content), there are four primary modes of regulation of the internet described by Lawrence Lessig in his book, Code and Other Laws of Cyberspace:
- Law: Standard East Coast Code, and the most self-evident of the four modes of regulation. As the numerous statutes, evolving case law and precedents make clear, many actions on the internet are already subject to conventional legislation (both with regard to transactions conducted on the internet and images posted). Areas like gambling, child pornography, and fraud are regulated in very similar ways online as off-line. While one of the most controversial and unclear areas of evolving laws is the determination of what forum has subject matter jurisdiction over activity (economic and other) conducted on the internet, particularly as cross border transactions affect local jurisdictions, it is certainly clear that substantial portions of internet activity are subject to traditional regulation, and that conduct that is unlawful off-line is presumptively unlawful online, and subject to similar laws and regulations. Scandals with major corporations led to US legislation rethinking corporate governance regulations such as the Sarbanes-Oxley Act.
- Architecture: West Coast Code: these mechanisms concern the parameters of how information can and cannot be transmitted across the internet. Everything from internet filtering software (which searches for keywords or specific URLs and blocks them before they can even appear on the computer requesting them), to encryption programs, to the very basic architecture of TCP/IP protocol, falls within this category of regulation. It is arguable that all other modes of regulation either rely on, or are significantly supported by, regulation via West Coast Code.
- Norms: As in all other modes of social interaction, conduct is regulated by social norms and conventions in significant ways. While certain activities or kinds of conduct online may not be specifically prohibited by the code architecture of the internet, or expressly prohibited by applicable law, nevertheless these activities or conduct will be invisibly regulated by the inherent standards of the community, in this case the internet “users.” And just as certain patterns of conduct will cause an individual to be ostracized from our real world society, so too certain actions will be censored or self-regulated by the norms of whatever community one chooses to associate with on the internet.
- Markets: Closely allied with regulation by virtue of social norms, markets also regulate certain patterns of conduct on the internet. While economic markets will have limited influence over non-commercial portions of the internet, the internet also creates a virtual marketplace for information, and such information affects everything from the comparative valuation of services to the traditional valuation of stocks. In addition, the increase in popularity of the internet as a means for transacting all forms of commercial activity, and as a forum for advertisement, has brought the laws of supply and demand in cyberspace.
Internet regulation in the United States
Internet regulation in other countries
While there is some United States law that does restrict access to materials on the Internet, it does not truly filter the internet. Many Asian and Middle Eastern nations use any number of combinations of code-based regulation (one of Lessig's four methods of net regulation) to block material that their governments have deemed inappropriate for their citizens to view. China and Saudi Arabia are two excellent examples of nations that have achieved high degrees of success in regulating their citizens access to the internet.
- The Defense of a Computer Crime Case
- Computer Fraud and Abuse Act
- Information Technology Management Reform Act of 1996
- Electronic Freedom of Information Act Amendments of 1996
- Computer Security Act of 1987
- 12 USC 3406 Search Warrants
- 12 USC 3407 Judicial Subpoena
- 18 USC 1030 Fraud and related activity in connection with computers
- 18 USC 2518 Electronic Surveillance
- 18 USC 2701 Electronic Communications Privacy Act
- 31 USC 5321 Monetary Transactions: Civil Penalties
- 12 CFR 205.13 Electronic Fund Transfers (Regulation E): Administrative enforcement; record retention
- 12 CFR 226.25 Truth in Lending (Regulation Z): Record retention
- 12 CFR 229.21 Availability of Funds and Collection of Checks (Regulation CC): Civil liability
- 12 CFR 229.21(g) Availability of Funds and Collection of Checks (Regulation CC): Civil liability: Record retention
- 12 CFR 230.9 Truth in Savings (Regulation DD): Enforcement and record retention
- 31 CFR 103.34 Revised: See 31 CFR Part 10331 instead
- 31 CFR 103.35 Revised: See 31 CFR Part 10331 instead
- 31 CFR 103.36 Revised: See 31 CFR Part 10331 instead
- 31 CFR 103.37 Revised: See 31 CFR Part 10331 instead
- 31 CFR 103.38 Revised: See 31 CFR Part 10331 instead
- 31 CFR 501.601 Reporting, Procedures and Penalties Regulations: Records and record keeping requirements
- 31 CFR 10331 Transfer and Reorganization of Bank Secrecy Act Regulation
- 42 USC 4212(f)(10) 4211 to 4214. Repealed. Pub.L. 97-258, § 5(b), Sept. 13, 1982, 96 Stat. 1068
- 44 USC 3501-3549 Coordination of Federal Information Policy
- H.R. 1895: Do Not Track Kids Act of 2011
- H.R. 1869: Lifelong Learning Accounts Act of 2011
- H.R. 1931: Groundwork USA Trust Act of 2011
- H.R. 1866: Members of Congress Tax Accountability Act of 2011
- H.R. 611: BEST PRACTICES Act
- H.R. 1528: Consumer Privacy Protection Act of 2011
- S. 1212: Geolocational Privacy and Surveillance Act
- S. 799: Commercial Privacy Bill of Rights Act of 2011
- H.R. 654: Do Not Track Me Online Act
- H.R. 1707: Data Accountability and Trust Act
- H.R. 2168: Geolocational Privacy and Surveillance Act
- Generalized Torts Outline
- Generalized Intentional Torts
- Generalized Negligence Torts
- Generalized Strict Liability Torts
- Generalized Defamation Torts
- Generalized Tort Remedies
Search and Seizure
- WorldLII Cyberspace Law
- Cyber Law World
- Computer Crime Research Center
- Global School of Tech Juris White Paper on Censoring The Indian Cyberspace
- Global School of Tech Juris White Paper on Cyber Voyeurism Perverts Dot Com
- ASCL Cyber Law Library
- Borders on, or border around – the future of the Internet
- Cyber Law In India
- Cyberlaw.ro Romanian IT law articles and news
- Stanford Law School Cyberlaw Clinic
- University of Puerto Rico Law School Cyberlaw Clinic
- Global School of Tech Juris
- Santa Clara University School of Law Tech LawForum
- Cyber Law Discussion Forum
- Netlitigation: Internet Law
- Cybertelecom :: Federal Internet Policy
- North American Consumer Project on Electronic Commerce NACPEC
- Internet Library of Law and Court Decisions Internet Law Case Digest
- Alfa-Redi (About Cyberlaw in Latin America and Caribbean)