Can cyberspace
be governed by
law?
Steve Hedley
LLM 2011-2012
CyberCrime
No - Cyberspace is an
independent realm
 See
e.g. Barlow, A Declaration of the
Independence of Cyberspace
“Your legal concepts of property,
expression, identity, movement, and
context do not apply to us. They are all
based on matter, and there is no
matter here.”
2
Attractions of this view
 Weakness
of law enforcement
 Constant jurisdictional issues
 ‘No-one knows you are a dog’
 Not much at stake
 The libertarian impulse
3
But ….
 Increasing
importance
 Increasing enforcement activity
 Increasing volume of trade
 Irrelevance of jurisdiction cuts
both ways – increasing intergovernmental co-operation
4
Yes – Cyberspace is no less
regulable than anywhere else
…
and the idea that
cyberspace is a
“place” may be
misleading
 See e.g. Goldsmith
and Wu, Who controls
the Internet?
(OUP, 2006)
5
Yes – We not only can but up to a
point must regulate the Internet
…
to preserve what
freedom there is on it
 e.g. Zittrain, The
Future of the Internet
- And How to Stop It
(Yale UP, 2009)
6
Control of the Internet – how?
1.
2.
3.
4.
International control?
Direct control of users?
Design control?
Control through intermediaries?
7
1. International
control
1. International control?
 Wide
diversity of approaches
world-wide
 Different levels of economic
development and web access
 Different values reflected in
different national laws
9
Different approaches to freedom of
expression
 All
nations respect freedom of
speech to some degree …
 … but the differences are nontrivial
 For international censorship see
www.opennetinitiative.org
10
The dilemma of internationalism
 International
co-operation means
agreeing common standards with
some fairly unsavoury regimes
but
 Failure to co-operate makes it
hard to enforce ANY standards
nationally !
11
Increasing restrictions on freedom
of (internet) expression
 China
 Iran
 Saudi
Arabia
 Cuba
 Pakistan
12
Jurisdictional battles
A
notorious battle was the Yahoo!
Nazi memorabilia case (France v
US), which ended in stalemate
 A struggle now emerging
between the US and the UK over
libel judgements
13
Where can international
co-operation be expected?
 Keeping
the Internet running
 Facilitation of trade
 Areas where international
standardisation is recognised as
beneficial
14
Some relevant international
texts
 Tradeable
IP rights are regulated
world-wide through UNCITRAL,
WIPO, the TRIPs Treaty , ACTA
 On general trade matters, the EU
has managed to secure a
measure of uniformity within
Europe
15
Cyber peace treaty?
 Cyber
attacks moving from the
theoretical to the actual
 Protection of networks is now a
basic part of national defence
 Actual incidents already
 Difficulties of attribution
16
International administration is
carried on through ICANN
 ICANN
assigns all names of
machines connected to the Internet
 In theory, ICANN could remove any
machine (or any country!) from the
Internet
 But can this power be used to
enforce common standards of
behaviour?
17
In practise, ICANN’s powers are
very limited
 See
e.g. the debate over
confining porn to a “.xxx” domain
 Controlling individual behaviour is
technically very difficult …
 … and is not likely to be regarded
as legitimate world-wide
18
2. Can Internet law
be directly enforced
on Internet users?
In other words …
 Can’t
we simply deal with
undesirable behaviour on the net
by passing laws against it and
prosecuting people who break
those laws????
20
Example: ‘Operation Amethyst’
(2002)
 Discovery
of an Internet child
porn server
 Thousands of buyers worldwide –
identified by credit card numbers
 Various buyers were traced to
Ireland – prosecutions
21
Example: ‘Operation Amethyst’
 But
subsequently:
 Doubts as to the evidence
 Various lines of defence
beginning to emerge
 Stolen credit card numbers
22
General features of Internet law
enforcement
 1.
Wide geographical distribution
of participants and investigators
 2.
Only very serious crimes can
attract the necessary effort by
police and prosecutor
23
General features of Internet law
enforcement
 3.
Technical and evidential problems
throughout
 4. Extremely labour-intensive legal
processes
 5. The role of intermediaries,
who are much easier to control than
are actual perpetrators
24
Individual prosecutions or legal
actions
 Pornography
 Copyright
music
 Prosecutions
for hacking or fraud
25
The culture of hackers today
 Increasing
sophistication of
hackers
 Tending to operate from abroad
 Difficulties of detection
 Growth of cyberfraud and
phishing activities
26
No longer the lone hacker
 Selling
hacking services
 BitTorrent and other
decentralised systems
 Phishing kits
 Botnets
 Porn rings, link to child traffickers
27
3. Can Internet
law be enforced
through the design
of computers and
software ?
Lessig, Code and other laws of
cyberspace (1999)
29
Computers are designed with
various ends in view …
…
and so why can’t law
enforcement be one of them?
 Can
crime be “designed out” of
the Internet?
30
Nice theory, but …
 Stopping
computers from
doing things is more difficult
than it sounds!
31
DRM: A developing area
 Current
weaknesses of DRM
 Controversies over rootkits
 Unpopularity with consumers
 New business models
 How far can anti-circumvention laws
go?
 Is it now criminal to tinker with your
own PC or DVD player?
32
National firewalls?
 China
 Australia
33
4. Can Internet
law be enforced
by targeting
intermediaries?
4. Can Internet law be enforced
through intermediaries?
 ISPs
 Search
engines
 Amazon and other retailers
 Bebo and other networking sites
 Employers (and Universities!)
 Parents
35
The most successful control of
the Internet
 Examples
include cases
involving:
 eBay
 rate-your-solicitor.com
 Grokster
 YouTube
36
Control of search engines
 Probably
the most effective
method
 But search engines are
powerfully resistant to pressure
from other commercial entities
37
The cases have tended to
involve:
 Libel
and causing offence
 Pornography
 Stolen
(intellectual) property
38
Current controversy over “three
strikes”
 Ireland
(EMI v Eircom [2010]
IEHC 108)
 France
 UK
 EU
39
ISPs as a route to individuals
Often the intermediary is
sued merely to make
them reveal the name of
the actual perpetrator
40
Is it TOO easy to control
intermediaries?
 Direct
Government control of
intermediaries?
 The weakness of the typical ISP
 Surveillance of individuals
 Data retention
41
In summary
 Initial
fears (hopes? dreams?)
that law might not apply in
cyberspace are unfounded …
…
but enforcement is extremely
patchy and context-dependent
42
In summary
 Only
in extreme cases has it been
practical to act
 The cases where governments have
acted are mostly concerned with:
 Terrorism
 Online fraud and theft
 Child porn
 Promoting international trade
43