Can cyberspace be governed by law? Steve Hedley LLM 2011-2012 CyberCrime No - Cyberspace is an independent realm See e.g. Barlow, A Declaration of the Independence of Cyberspace “Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter here.” 2 Attractions of this view Weakness of law enforcement Constant jurisdictional issues ‘No-one knows you are a dog’ Not much at stake The libertarian impulse 3 But …. Increasing importance Increasing enforcement activity Increasing volume of trade Irrelevance of jurisdiction cuts both ways – increasing intergovernmental co-operation 4 Yes – Cyberspace is no less regulable than anywhere else … and the idea that cyberspace is a “place” may be misleading See e.g. Goldsmith and Wu, Who controls the Internet? (OUP, 2006) 5 Yes – We not only can but up to a point must regulate the Internet … to preserve what freedom there is on it e.g. Zittrain, The Future of the Internet - And How to Stop It (Yale UP, 2009) 6 Control of the Internet – how? 1. 2. 3. 4. International control? Direct control of users? Design control? Control through intermediaries? 7 1. International control 1. International control? Wide diversity of approaches world-wide Different levels of economic development and web access Different values reflected in different national laws 9 Different approaches to freedom of expression All nations respect freedom of speech to some degree … … but the differences are nontrivial For international censorship see www.opennetinitiative.org 10 The dilemma of internationalism International co-operation means agreeing common standards with some fairly unsavoury regimes but Failure to co-operate makes it hard to enforce ANY standards nationally ! 11 Increasing restrictions on freedom of (internet) expression China Iran Saudi Arabia Cuba Pakistan 12 Jurisdictional battles A notorious battle was the Yahoo! Nazi memorabilia case (France v US), which ended in stalemate A struggle now emerging between the US and the UK over libel judgements 13 Where can international co-operation be expected? Keeping the Internet running Facilitation of trade Areas where international standardisation is recognised as beneficial 14 Some relevant international texts Tradeable IP rights are regulated world-wide through UNCITRAL, WIPO, the TRIPs Treaty , ACTA On general trade matters, the EU has managed to secure a measure of uniformity within Europe 15 Cyber peace treaty? Cyber attacks moving from the theoretical to the actual Protection of networks is now a basic part of national defence Actual incidents already Difficulties of attribution 16 International administration is carried on through ICANN ICANN assigns all names of machines connected to the Internet In theory, ICANN could remove any machine (or any country!) from the Internet But can this power be used to enforce common standards of behaviour? 17 In practise, ICANN’s powers are very limited See e.g. the debate over confining porn to a “.xxx” domain Controlling individual behaviour is technically very difficult … … and is not likely to be regarded as legitimate world-wide 18 2. Can Internet law be directly enforced on Internet users? In other words … Can’t we simply deal with undesirable behaviour on the net by passing laws against it and prosecuting people who break those laws???? 20 Example: ‘Operation Amethyst’ (2002) Discovery of an Internet child porn server Thousands of buyers worldwide – identified by credit card numbers Various buyers were traced to Ireland – prosecutions 21 Example: ‘Operation Amethyst’ But subsequently: Doubts as to the evidence Various lines of defence beginning to emerge Stolen credit card numbers 22 General features of Internet law enforcement 1. Wide geographical distribution of participants and investigators 2. Only very serious crimes can attract the necessary effort by police and prosecutor 23 General features of Internet law enforcement 3. Technical and evidential problems throughout 4. Extremely labour-intensive legal processes 5. The role of intermediaries, who are much easier to control than are actual perpetrators 24 Individual prosecutions or legal actions Pornography Copyright music Prosecutions for hacking or fraud 25 The culture of hackers today Increasing sophistication of hackers Tending to operate from abroad Difficulties of detection Growth of cyberfraud and phishing activities 26 No longer the lone hacker Selling hacking services BitTorrent and other decentralised systems Phishing kits Botnets Porn rings, link to child traffickers 27 3. Can Internet law be enforced through the design of computers and software ? Lessig, Code and other laws of cyberspace (1999) 29 Computers are designed with various ends in view … … and so why can’t law enforcement be one of them? Can crime be “designed out” of the Internet? 30 Nice theory, but … Stopping computers from doing things is more difficult than it sounds! 31 DRM: A developing area Current weaknesses of DRM Controversies over rootkits Unpopularity with consumers New business models How far can anti-circumvention laws go? Is it now criminal to tinker with your own PC or DVD player? 32 National firewalls? China Australia 33 4. Can Internet law be enforced by targeting intermediaries? 4. Can Internet law be enforced through intermediaries? ISPs Search engines Amazon and other retailers Bebo and other networking sites Employers (and Universities!) Parents 35 The most successful control of the Internet Examples include cases involving: eBay rate-your-solicitor.com Grokster YouTube 36 Control of search engines Probably the most effective method But search engines are powerfully resistant to pressure from other commercial entities 37 The cases have tended to involve: Libel and causing offence Pornography Stolen (intellectual) property 38 Current controversy over “three strikes” Ireland (EMI v Eircom [2010] IEHC 108) France UK EU 39 ISPs as a route to individuals Often the intermediary is sued merely to make them reveal the name of the actual perpetrator 40 Is it TOO easy to control intermediaries? Direct Government control of intermediaries? The weakness of the typical ISP Surveillance of individuals Data retention 41 In summary Initial fears (hopes? dreams?) that law might not apply in cyberspace are unfounded … … but enforcement is extremely patchy and context-dependent 42 In summary Only in extreme cases has it been practical to act The cases where governments have acted are mostly concerned with: Terrorism Online fraud and theft Child porn Promoting international trade 43