Jurisdiction in Cyberspace
by Jonathan Zittrain
At its core, jurisdiction is about the boundaries of a sovereign's
exercise of its power. What are reasonable constraints on its reach,
such that faraway or otherwise unconnected people and institutions
can be called to account by the sovereign? Closely related are concepts
of choice of law - exactly which sovereign's law to apply to a situation
that spans multiple jurisdictions - and venue, which determines
the physical location in which the parties are best served to settle
The global nature of the internet - both its global reach and its
perceived "boundaryless" architecture - presents a host
of jurisdictional complexities for any sovereign seeking to define
and / or enforce laws regulating its use. What are the proper boundaries
of a sovereign's reach on the internet and how can these boundaries
be implemented in practice?
In exploring this issue, this module first reviews the basics of
jurisdiction. Next, it describes the unique "boundarylessness"
of the internet and recent technical efforts to circumvent this
architectural characteristic. Finally, we discuss various perspectives
on the optimal extent of "local" jurisdiction over the
1. The basics of jurisdiction
a. Personal Jurisdiction
The requirement of personal jurisdiction prevents the courts of
a sovereign from exercising authority over persons who have little
or no relation to that sovereign. Personal jurisdiction is distinct
from subject matter jurisdiction which governs the types of cases
(e.g., traffic violations v. murder trials v. constitutional questions)
that a court is competent to decide.
i. United States
Finding personal jurisdiction in the United States requires a two
step inquiry. For state courts, first, state law must authorize
the court to exercise jurisdiction over the parties. A state's common
law might allow personal service within the state as a means of
establishing jurisdiction. Most states also have long arm statutes
that specify other circumstances giving rise to personal jurisdiction.
A typical statute might provide jurisdiction where:
- Defendant is incorporated in the state; or
- Defendant is registered to do business in the state; or
- Defendant has insured a resident of the state; or
- Defendant has engaged in a tort within the state.
Second, the exercise of jurisdiction authorized by state law must
comport with the due process guarantees of the federal constitution.
There are several ways to satisfy the requirements of due process:
(1) general jurisdiction, (2) specific jurisdiction, (3) personal
service, (4) consent, and (5) a valid forum selection clause. General
jurisdiction arises when defendant has substantial and continuous
contacts with the forum state. For example, a state would have general
jurisdiction over a company headquartered in that state or over an
individual who is a citizen of that state. Specific jurisdiction arises
when there are minimum contacts with the forum state, the suit arises
from or relates to those contacts and the exercise of jurisdiction
would be fundamentally fair. A defendant who does significant business
in the forum state likely satisfies this minimum contacts requirement.
Personal jurisdiction is also constitutional when a defendant explicitly
or implicitly consents, as when he appears in court and defends his
case on the merits. Finally, forum selection clauses can satisfy the
constitutional due process requirements so long as they are not imposed
to deter suit and are not a result of fraud. Several states have statutes
authorizing personal jurisdiction whenever constitutional. In those
states, as with federal courts, the issue of personal jurisdiction
collapses into the single due process inquiry (described above).
ii. European Union
In the European Union, several Conventions govern the circumstances
in which the exercise of jurisdiction is proper, and various scholars
have recently suggested how those conventions would and should apply
to internet-related disputes.
Under the Lugano
Convention on Jurisdiction and the Enforcement of Judgments in Civil
and Commercial Matters, the power of a state to assert jurisdiction
over a person domiciled therein will be decided according to the
law of that state. Several exceptions to this principle have been
enumerated. For example, in contractual relationships, a person
may be sued in the courts of the country where the obligation was
to be performed. In the case of involvement of a branch, agency
or other establishment, the courts of the place where such branch,
etc. is situated have jurisdiction to adjudicate the matter. In
consumer disputes, the complainant is entitled to bring proceedings
against a supplier of goods or services or a creditor in the state
where the consumer is domiciled. Finally, an entrepreneur can only
bring proceedings against a consumer in the country where the consumer
Convention on the Law Applicable to Contractual Obligations
deals with international private law. Parties are free to choose
the law applicable to a whole contract or to parts of a contract.
In the absence of any valid agreement regarding choice of law, the
applicable law shall be that of the country most closely connected
to the agreement. Here too, consumers are given special protection.
A consumer's right under the law of his domicile cannot be overridden
by a contractual choice-of-law provision if (1) the execution of
the contract was preceded by specific invitations addressed to the
consumer or by advertising directed towards the consumer; or (2)
the seller or its agents received the order in the country of the
Lindberg argues that, when these conventions are applied to
internet-related disputes, the physical domicile of entrepreneurs
acting on the internet will still be the determining factor when
deciding which are the competent courts and which is the applicable
law within the E.U. countries. He suggests that these Conventions
are already well suited for the internet transactions and that the
European Court of Justice can and will apply them properly to the
Also important in the E.U. context is the "country of destination
rule," which entitles a consumer to bring suit in his own domicile
whenever the defendant has been pursuing business activities in
the consumer's domicile or directing commercial activities towards
that state. In relation to e-commerce, this rule, in view of Frederica
Greggio and Andrea Platania, would mean that the proprietor
of an interactive website based in an E.U. Member State would be
subject to the jurisdiction of any E.U. Member State where his website
The European Commission has proposed the targeting approach in
its draft regulation to implement the Brussels
Convention on Jurisdiction and the Enforcement of Judgments in Civil
and Commercial Matters as part of E.U. Law. Greggio
and Platania analyze the impact of the proposed Council Regulation
on Jurisdiction and the Recognition and the Enforcement of Judgments
in Civil and Commercial Matters, aimed to replace and update the
Traditionally, Australian courts have been somewhat more willing
than American courts to require out-of-state defendants to appear
and defend themselves. In Australia, a personal action typically
is initiated by serving the defendant with a writ or other originating
process. Such service generally establishes the court's adjudicative
jurisdiction over the person served. Regarding interstate service,
the Service and Execution of Process Act of 1992 provides for jurisdiction
by initiating process in an Australian State or Territory to be
served in another State without the need to show a nexus between
the initiating State and the parties or the cause of action.
v. Dow Jones & Co.,  V.S.C. 305, is an application
of Australian law to an internet defamation case. In the attached
Stephen Jacques discusses the current status of Australian law
on this subject and how it is likely to develop in the near future.
b. Conflict of Laws
Once a tribunal has effectively asserted jurisdiction over the
parties, the next question is: what body of substantive law should
be used to resolve the controversy? As previous modules have shown,
the laws in force in different countries pertaining to the internet
vary considerably. Thus, the choice of law can be dispositive and
almost always matters greatly. In the United States, the meta-doctrine
that determines which substantive law should be applied in known
as conflict of laws. In other countries it is more likely to be
called private international law. This is a notoriously unstable,
shifting field of doctrine, characterized by warring principles
or tests. Some of the major contending principles include the 'the
most significant relationship' test, the 'center of gravity' approach,
and the 'interest' approach.
It is far from clear how this body of law will or should be brought
to bear on internet-related disputes. The attached articles offer
two views. Hao-Nhien
Q.Vu outlines the major tests that might be employed. Paul
Edward Geller focuses on lawsuits claiming infringement of intellectual
property over the Net. Geller argues that, in such cases, cross-border
infringing acts could be best localized by considering consequences
for judicial remedies.
c. Enforcement of judgments
Naturally, the judgment of a court is only meaningful to the extent
that it can be enforced. A sovereign can only enforce the judgments
of its courts insofar as: i) a defendant or his assets can be reached
by the enforcement mechanisms of the sovereign, ii) the sovereign
can get extradition of the absent defendant from some other sovereign,
or iiii) foreign states will enforce the judgment of the sovereign.
Within the United States, all three of these enforcement methods
are available among states: the first by exercise of police power,
the second for enforcement of criminal laws, and the third by requirement
of the full faith and credit clause of the federal constitution.
Internationally, the problem is more complicated and is governed
by the doctrine of international comity. A state generally will
not enforce a foreign judgment it views as manifestly unreasonable.
If it wishes its judgment enforced, therefore, a state will only
be able to exercise jurisdiction over defendants that have some
significant tie to the forum state (e.g., the defendant is present
there, has assets there, or causes significant harm there).
2. Geographical boundaries and the internet
A global network designed to ignore, rather than respect, geographical
lines, the internet (as originally conceived / implemented) is fundamentally
ill-suited to "local" regulation based on geographical
boundaries. As Johnson and Post explain in their 1996 article, "Law
and Borders: The Rise of Law in Cyberspace":
The rise of the global computer network is destroying the link
between geographical location and: (1) the power of local governments
to assert control over online behavior; (2) the effects of online
behavior on individuals or things; (3) the legitimacy of the efforts
of a local sovereign to enforce rules applicable to global phenomena;
and (4) the ability of physical location to give notice of which
sets of rules apply.
[The internet] has no territorially-based boundaries, because
the cost and speed of message transmission on the Net is almost
entirely independent of physical location
. Location remains
vitally important, but only location within a virtual space consisting
of the "addresses" of the machines between which messages
and information are routed.
The system is indifferent to the physical location of those machines,
and there is no necessary connection between an internet address
and a physical jurisdiction.
Although a domain name, when initially assigned to a given machine,
may be associated with a particular internet Protocol address
corresponding to the territory within which the machine is physically
located (e.g., a ".uk" domain name extension), the machine
may move in physical space without any movement in the logical
domain name space of the Net. Or, alternatively, the owner of
the domain name might request that the name become associated
with an entirely different machine, in a different physical location.
Thus, a server with a ".uk" domain name may not necessarily
be located in the United Kingdom, a server with a ".com"
domain name may be anywhere, and users, generally speaking, are
not even aware of the location of the server that stores the content
that they read. Physical borders no longer can function as signposts
informing individuals of the obligations assumed by entering into
a new, legally significant, place, because individuals are unaware
of the existence of those borders as they move through virtual
(48 Stanford Law Review 1367. Excerpts of Johnson and Post's article
are available here.
The full text of the article is available here.)
Johnson and Post's article most notably describes the internet as
it was originally conceived and implemented by its founding engineers.
Since 1996 (when the article was written), however, technology
efforts aimed at enabling the introduction of geographical boundaries
have been somewhat successful. The most common approach involves
"ip mapping," or the mapping of an internet user's ip
address (discussed by Johnson and Post above) to a geographic region.
Ip mapping is based on the fact that while, in theory, ip addresses
need not correlate with geographic location at all, in practice,
they do. Internet Service Providers ("ISPs") (through
which most people access the internet) usually assign their customers
ip addresses based on geographic location. A provider of ip mapping
"technology" essentially assembles a massive directory
of this information; ip addresses can be "looked up" in
the directory and an associated geographic location provided, if
available. Moreover, the directory can store other information about
the user derivable from the ip address, like the identity of his
/ her ISP and the bandwidth of his / her connection to the internet.
It is important to stress that ip mapping is not a science. It often
requires business relationships with ISPs to uncover geographic
data on their customers and a host of technological issues - largely
a result of the fact that, fundamentally, the internet was not designed
to preserve geographic information (as described above) - can make
the data highly unreliable. The imperfect character of the technology
is evident in the product descriptions crafted by its providers.
For example, Quova, one of the
leading developers of this technology, describes its GeoPoint
product as follows:
GeoPoint provides the geographic location of your Web site visitors
in real time. It is the best geolocation service available, and
· We combine automated technology with expert human analysis
to provide unsurpassed global coverage and data quality.
· We provide the most extensive list of data fields - high-resolution
geographic options from continent to city and all points in-between,
plus a full array of network connection and performance information.
· We lead the industry in providing accurate geolocation
information previously masked by proxies - including AOL users by
country - plus anonymous, cache, and corporate proxy information.
· Each piece of information comes with a confidence factor
representing the probability it is correct. You get a much fuller
picture and can make better decisions.
· GeoPoint is truly enterprise-class, with easy integration,
an application management utility, reliable performance, and scalability
to any business size.
· Privacy-safe - no cookies, profiling, or click-stream data
is used, so your visitors maintain their anonymity.
Finally, we stand behind our service. Accuracy, performance, and
system availability are guaranteed by the industry's first Service
Though imperfect, IP mapping can be very effective, particularly
when users of the technology do not require a high degree of specificity
/ granularity in defining geographic locations. IP mapping can very
accurately predict the country from which a viewer accesses your
site where it might fail to reliably predict his / her town.
Naturally, IP mapping is often deployed by website operators for
a variety of commercial reasons. Often, tailoring a marketing message
to a user on the basis of his / her geographic location can be very
effective. Similarly, companies often employ IP mapping in order
to provide accurate shipping and availability information on products
on the basis of a user's location without requiring that user to
explicitly divulge his / her location. In the context of our discussion
of jurisdiction on the internet, the most notable use of the technology
is, naturally, using IP mapping to guarantee compliance with the
regulations of the sovereign state in which a user resides. Given
the ability to know the geographic location of its viewers, a company
can construct its website so as to respond differently to viewers
in different geographic regions as a function of the respective
laws of those regions. Virtgame.com,
in its description of its eBorder
Controls product, explains, for example: "Virtgame.com's
eBorder Controls ensure that internet and Closed-loop content and
meet specified geographical distribution and legal
Beyond the use of techniques like ip mapping to predict geographic
locations, some argue that the fundamental architecture of the internet
should be augmented so as to preserve and report reliable geography
data. While the internet as it is currently designed does not preserve
geographic information, nothing says that it could not do so in
the future. Whether or not the current "boundarylessness"
of the internet is desirable is a hotly contested issue discussed
3. What is the optimal extent of an entity's jurisdiction over
Most fundamentally, the issue of jurisdiction on the internet collapses
into a simple, yet profound, question: What ought to be the extent
of a sovereign's authority over the internet? As we have seen, some
argue that the internet should exist as its own international space,
entirely free from local regulation. Of those that disagree and
call for some localized authority over the internet, a question
of degree arises; if a sovereign should be able to enforce its (local)
regulations of internet use, what should be the extent of its reach?
a. The internet as its own international space
Johnson and Post (discussed above) argue that the internet, or
"cyberspace", should be treated as a distinct territory
or sovereignty subject to its own self-governance and worthy of
deference from other sovereignties. In concluding their discussion,
Global electronic communications have created new spaces in which
distinct rule sets will evolve. We can reconcile the new law created
in this space with current territorially-based legal systems by
treating it as a distinct doctrine, applicable to a clearly demarcated
sphere, created primarily by legitimate, self-regulatory processes,
and entitled to appropriate deference--but also subject to limitations
when it oversteps its appropriate sphere.
The law of any given place must take into account the special
characteristics of the space it regulates and the types of persons,
places, and things found there. Just as a country's jurisprudence
reflects its unique historical experience and culture, the law
of Cyberspace will reflect its special character, which differs
markedly from anything found in the physical world. For example,
the law of the Net must deal with persons who "exist"
in Cyberspace only in the form of an email address and whose purported
identity may or may not accurately correspond to physical characteristics
in the real world. In fact, an e-mail address might not even belong
to a single person. Accordingly, if Cyberspace law is to recognize
the nature of its "subjects," it cannot rest on the
same doctrines that give geographically based sovereigns jurisdiction
over "whole," locatable, physical persons. The law of
the Net must be prepared to deal with persons who manifest themselves
only by means of a particular ID, user account, or domain name.
Moreover, if rights and duties attach to an account itself, rather
than an underlying real world person, traditional concepts such
as "equality," "discrimination," or even "rights
and duties" may not work as we normally understand them.
New angles on these ideas may develop. For example, when AOL users
joined the Net in large numbers, other Cyberspace users often
ridiculed them based on the ".aol" tag on their email
addresses--a form of "domainism" that might be discouraged
by new forms of Netiquette. If a doctrine of Cyberspace law accords
rights to users, we will need to decide whether those rights adhere
only to particular types of online appearances, as distinct from
attaching to particular individuals in the real world.
Similarly, the types of "properties" that can become
the subject of legal discussion in Cyberspace will differ from
real world real estate or tangible objects. For example, in the
real world the physical covers of a book delineate the boundaries
of a "work" for purposes of copyright law; those limits
may disappear entirely when the same materials are part of a large
electronic database. Thus, we may have to change the "fair
use" doctrine in copyright law that previously depended on
calculating what portion of the physical work was copied. Similarly,
a web page's "location" in Cyberspace may take on a
value unrelated to the physical place where the disk holding that
Web page resides, and efforts to regulate web pages by attempting
to control physical objects may only cause the relevant bits to
move from one place to another. On the other hand, the boundaries
set by "URLs" (Uniform Resource Locators, the location
of a document on the World Wide Web) may need special protection
against confiscation or confusingly similar addresses. And, because
these online "places" may contain offensive material,
we may need rules requiring (or allowing) groups to post certain
signs or markings at these places' outer borders.
The boundaries that separate persons and things behave differently
in the virtual world but are nonetheless legally significant.
Messages posted under one e-mail name will not affect the reputation
of another e-mail address, even if the same physical person authors
both messages. Materials separated by a password will be accessible
to different sets of users, even if those materials physically
exist on the very same hard drive. A user's claim to a right to
a particular online identity or to redress when that identity's
reputation suffers harm, may be valid even if that identity does
not correspond exactly to that of any single person in the real
Clear boundaries make law possible, encouraging rapid differentiation
between rule sets and defining the subjects of legal discussion.
New abilities to travel or exchange information rapidly across
old borders may change the legal frame of reference and require
fundamental changes in legal institutions. Fundamental activities
of lawmaking--accommodating conflicting claims, defining property
rights, establishing rules to guide conduct, enforcing those rules,
and resolving disputes--remain very much alive within the newly
defined, intangible territory of Cyberspace. At the same time,
the newly emerging law challenges the core idea of a current law-making
authority--the territorial nation state, with substantial but
legally restrained powers.
If the rules of Cyberspace thus emerge from consensually based
rule sets, and the subjects of such laws remain free to move among
many differing online spaces, then considering the actions of
Cyberspace's system administrators as the exercise of a power
akin to "sovereignty" may be inappropriate. Under a
legal framework where the top level imposes physical order on
those below it and depends for its continued effectiveness on
the inability of its citizens to fight back or leave the territory,
the legal and political doctrines we have evolved over the centuries
are essential to constrain such power. In that situation, where
exit is impossible, costly, or painful, then a right to a voice
for the people is essential. But when the "persons"
in question are not whole people, when their "property"
is intangible and portable, and when all concerned may readily
escape a jurisdiction they do not find empowering, the relationship
between the "citizen" and the "state" changes
radically. Law, defined as a thoughtful group conversation about
core values, will persist. But it will not, could not, and should
not be the same law as that applicable to physical, geographically-defined
(48 Stanford Law Review 1367. Excerpts of Johnson and Post's article
are available here.
The full text of the article is available here.)
The "governance" of domain names by ICANN and its Uniform
Dispute Resolution Procedure ("UDRP") for the resolution
of domain name disputes represent compelling examples of the type
of self-governance Johnson and Post envision for cyberspace. (ICANN
and the UDRP are discussed in detail in other module(s).)
Regardless of its potential ideological appeal, the vision of Johnson
and Post appears not to be the dominant view among sovereignties.
Efforts to enforce local regulations of the internet have increased
significantly and will likely continue to do so.
Motivated by a similar vision for the autonomy of cyberspace -
and by potential profits -, HavenCo is a start-up company seeking
to deliver for its customers the government-free vision of the internet
described by Johnson and Post. It aims to realize this vision through
very practical, direct means: HavenCo has deployed its network on
Sealand, an independent sovereignty that consists of an abandoned
British island fortress in international waters. As described by
the website of the SeaLand
Sealand was founded as a sovereign Principality in 1967 in international
waters, six miles off the eastern shores of Britain. The island
fortress is conveniently situated from 65 to 100 miles from the
coasts of France, Belgium, Holland and Germany. The official language
of Sealand is English and the Sealand Dollar has a fixed exchange
rate of one U.S. dollar. Passports and stamps have been in circulation
since 1969, however, contrary to many misleading websites and
news articles, Sealand passports are not for sale, and anyone
offering such are selling forgeries. Within a radius of 500 miles
of Sealand live more than 200 million people who enjoy some of
the highest standards of living in the world. This area also encompasses
the financial, industrial and cultural heart of Europe.
The history of Sealand is a story of a struggle for liberty.
Sealand was founded on the principle that any group of people
dissatisfied with the oppressive laws and restrictions of existing
nation states may declare independence in any place not claimed
to be under the jurisdiction of another sovereign entity. The
location chosen was Roughs Tower, an island fortress created in
World War II by Britain and subsequently abandoned to the jurisdiction
of the High Seas. The independence of Sealand was upheld in a
1968 British court decision where the judge held that Roughs Tower
stood in international waters and did not fall under the legal
jurisdiction of the United Kingdom. This gave birth to Sealand's
national motto of E Mare Libertas, or "From the Sea, Freedom".
In his article on SeaLand and HavenCo, author Simson Garfinkel explains:
Hunkered down on a North Sea fortress, a crew of armed cypherpunks,
amped-up networking geeks, and libertarian swashbucklers is seceding
from the world to pursue a revolutionary idea: an offshore, fat-pipe
data haven that answers to nobody.
Ryan Lackey, a 21-year-old MIT dropout and self-taught crypto
expert, sees fantastic things for himself in 2005. For starters,
he'll be filthy rich. But his future is animated by more than
just money - to wit, the exploration of a huge idea he thinks
will change the world. Lackey's big concept? That freedom is the
next killer app.
Before you get too choked up, you should know that Lackey means
giving corporations and frisky individuals the "freedom"
to store and move data without answering to anybody, including
competitors, regulators, and lawyers. He's part of a crew of adventurers
and cypherpunks that's working to transform a 60-year-old gunnery
fort in the North Sea - an odd, quasi-independent outpost whose
British owner calls it "the Principality of Sealand"
- into something that could be possible only in the 21st century:
a fat-pipe Internet server farm and global networking hub that
combines the spicier elements of a Caribbean tax shelter, Cryptonomicon,
[In the summer of 2000], with $1 million in seed money provided
by a small core of Internet-fattened investors, Lackey and his
colleagues [set] up Sealand as the world's first truly offshore,
almost-anything-goes electronic data haven - a place that occupies
a tantalizing gray zone between what's legal and what's ... possible.
Especially if you exist, as the Sealanders plan to, outside the
jurisdiction of the world's nation-states. Simply put: Sealand
won't just be offshore. It will be off-government.
The startup is called, fittingly, HavenCo Ltd. Headquartered
on a 6,000-square-foot, World War II-era antiaircraft deck that
comprises the "land" of Sealand, the facility isn't
much to look at and probably never will be. It consists of a rusty
steel deck sitting on two hollow, chubby concrete cylinders that
rise 60 feet above the churn of the North Sea. Up top there's
a drab building and a jury-rigged helicopter landing pad.
Soon, Lackey believes, powerful upgrades will transform Sealand
into something amazing. The huge support cylinders will contain
millions of dollars' worth of networking gear: computers, servers,
transaction processors, data-storage devices - all cooled with
banks of roaring air conditioners and powered by triple-redundant
generators. HavenCo will provide its clients with nearly a gigabit
per second of Internet bandwidth by year's end, at prices far
cheaper than those on the overregulated dry land of Europe - whose
financial capitals sit a mere 20 milliseconds away from Sealand's
electronic nerve center. Three speedy connections to HavenCo affiliate
hubs all over the planet - microwave, satellite, and underwater
fiber-optic links - will ensure that the data never stops flowing.
HavenCo's onboard staff will come and go on helicopters and speedboats.
Four security people will be on hand at all times to maintain
order; six computer geeks will run the network operations center.
The security personnel, heavily armed and ready to blast anybody
who shouldn't be around, will make sure that unauthorized boats
and aircraft keep their distance. The geeks will perform maintenance
tasks like replacing failed hard disks and installing new equipment.
These routine chores will be a little more challenging than usual,
given the maritime setting and Sealand's obsession with privacy.
Fall over the edge of Sealand's deck, for instance, and you'll
probably drown. Simply entering one of the machine rooms will
require putting on scuba gear, because the rooms will be filled
with an unbreathable pure nitrogen atmosphere instead of the normal
oxygen mix - a measure designed to keep out sneaks, inhibit rust,
and reduce the risk of fire.
HavenCo will be "offshore" both physically and in the
sense that its clients - who will purchase preconfigured "colocation"
computers maintained and secured by HavenCo - will basically be
able to tell the rest of the world to shove it. The essence of
offshore Internet services, as defined by sort-of-offshore places
like Anguilla and Bermuda, is that when you base an operation
in such a locale, you can claim to be governed only by the laws
that prevail there. So if Internet gambling is legal (or overlooked)
in Country A but not in Country B, you set up in A, and use the
Web to send your site to B - and to the rest of the world.
Similarly, companies using Sealand to house their data can choose
to operate according to the special laws of Sealand, and those
laws will be particularly lax - though not quite anarchic. Lackey
says the general idea is to allow a little naughtiness, while
forbidding criminal activity that could generate international
Meaning? Basically, that HavenCo wants to give people a safe,
secure shelter from lawyers, government snoops, and assorted busybodies
without getting tangled in flagrant wrongdoing. So if you run
a financial institution that's looking to operate an anonymous
and untraceable payment system - HavenCo can help. If you'd like
to send old-fashioned, adults-only pornography into a grumpy country
like Saudi Arabia - HavenCo can help there, too. But if you want
to run a spamming operation, launder drug money, or send kiddie
porn anywhere - forget it.
(Garfinkel's article, posted by wired.com in July of 2000, is available
It is important to stress that Sealand maintains its own laws with
respect to use of the internet. Thus, to the extent that it represents
the most radical implementation of a "government-free"
internet, it is, itself, subject to the regulation of the Sealand
government - not to mention whomever is providing internet connectivity
to Sealand, or whomever can regulate whomever is providing internet
connectivity to Sealand..
Thus the true measure of protection afforded to HavenCo customers
remains unclear. Putting aside the fact that HavenCo is situated
in international waters, a U.S. company, for example, would still
have to comply with a U.S. court's order requiring production of
data stored on SeaLand. That said, HavenCo might enable a company
to avoid subjecting itself to the personal jurisdiction of any country
if that company can avoid making any contacts with other countries
(see the discussion of personal jurisdiction, above).
b. Localized regulation and the optimal extent of control
In considering the optimal extent of a sovereign's authority over
the internet, one can look to two clear and opposite extremes. The
rule might be that a defendant will only be subject to jurisdiction
for his internet activities in his home forum, or the rule might
be that a defendant will be subject to jurisdiction for his internet
activities everywhere those activities are accessible or have a
The extreme of universal jurisdiction is immediately limited by
practical considerations. As discussed above, a sovereign must be
able to enforce its judgments if its laws are to have any meaning
/ effect. While these practical limits are substantial limits, additional,
theoretical problems remain. Consider, for example, the defendant
who facilitates the sale of Nazi memorabilia through an internet
auction site. Claiming the display of Nazi images is indecent and
against its law, a foreign state orders the defendant to remove
the Nazi images and the defendant complies. The notable side effect
of this is that not only are citizens of the foreign state protected
from the Nazi images, but also citizens of all states who previously
might have accessed the images. Several authors have argued that
these "overflow effects" of internet jurisdiction are
undesirable. Whether or not one agrees with their position, the
problem of overflow effects is not unique to internet cases. As
other authors point out, U.S. antitrust regulations have substantial
effects on the price of products and the structure of markets beyond
U.S. borders. Moreover, as technology like ip mapping improves,
or as fundamental changes to the internet's architecture are implemented,
our hypothetical defendant may be able to effectively remove the
Nazi images only for those viewers located in the foreign state.
The overflow effect is, in short, a result of the "boundarylessness"
of the internet. To the extent boundaries are introduced, the overflow
effect is reduced.
A second problem is notice. Defendant individuals or small businessmen
will not know the laws of all the jurisdictions from which their
web sites will be accessible and it therefore seems unjust to hold
them accountable under those laws. This problem might suggest only
that a warning or a cease and desist notice in internet suits should
be issued before a defendant faces liability. That is, a defendant
accused of violating the laws of a foreign forum state should first
be informed of those laws and given an opportunity to stop the violation
unless the defendant had reason to know of the foreign laws beforehand.
Third and related is the problem of conflicting and overlapping
laws. By putting up a web site, a defendant potentially subjects
himself to laws that mandate contradictory results. One country
may label something obscene while another protects it under freedom
of speech. In those cases, defendants will conform to the requirements
of the strictest substantive law. More difficult cases arise when
substantive laws command affirmatively different actions, as when
two courts order mutually inconsistent equitable remedies. In that
situation, the practical limitations on enforcement limit the effectiveness
of the orders, but it remains difficult for defendants to organize
their conduct in order to avoid liability.
Territorial regulation of internet disputes is difficult and costly
for states because of the international context of many internet
disputes. There are feasible alternatives: voluntary alternative
dispute resolution coupled with an international enforcement regime,
international treaties or conventions such as those in force in
the E.U. on the exercise of personal jurisdiction, and international
treaties or conventions on rules of substantive law to be applied
no matter which court exercises jurisdiction. Each of these three
options requires progressively more surrender of local sovereign
authority. In the first, a state must surrender its right to review
and reject the judgment of an arbitrator or other alternative tribunal.
In the second, a state must give up the power to decide when its
courts will be able to hear international internet disputes. In
the last, a state must surrender its very lawmaking power over internet
disputes in favor of some international compromise.
The tradeoff in internet jurisdiction is between local sovereignty
and the cost of deciding disputes and enforcing judgments. Local
sovereignty, even given practical limitations on enforcement, implies
greater costs because of the joint problems of overflow effects,
notice, conflicting and overlapping laws, and indirect enforcement.
As international use of the internet increases, internet disputes
will grow in number, size and complexity. This growth will impose
greater costs on sovereigns of maintaining local authority and we
should therefore expect alternatives to sovereignty to increase
This situation is not unique to the internet. International arbitration
agreements, made enforceable by international convention, are an
abdication of local sovereignty (to review and reject arbitration
awards as a matter of course) in favor of a lower cost means of
settling international disputes. The internet merely makes this
tension between sovereignty and efficient dispute resolution in
an international setting dramatically apparent. The UDRP, discussed
in earlier modules, is an example of an alternative to local sovereignty
that states have elected to abide by in the internet context.
For presentations of these and other arguments about jurisdiction
in internet disputes and internet regulation in general, see:
L. Goldsmith, Against Cyberanarchy 65 U. Chi. L. Rev. 1199
David R. Johnson and
David Post, Law and Borders - The Rise of Law in Cyberspace
48 Stan. L. Rev. 1367
For particular proposals of how to deal with internet jurisdiction
in the face of these arguments, see:
K. Jezairian, Lost in the Virtual Mall: Is Traditional Personal
Jurisdiction Analysis Applicable to E-Commerce Cases? 42 Ariz.
L. Rev. 965
Todd D. Leitstein, A Solution for Personal Jurisdiction on the
internet 59 La. L. Rev. 565
Menthe, Jurisdiction in Cyberspace: A Theory of International
Separate Jurisdiction for Cyberspace