Registration Still Open


Jurisdiction in Cyberspace

by Jonathan Zittrain



At its core, jurisdiction is about the boundaries of a sovereign's exercise of its power. What are reasonable constraints on its reach, such that faraway or otherwise unconnected people and institutions can be called to account by the sovereign? Closely related are concepts of choice of law - exactly which sovereign's law to apply to a situation that spans multiple jurisdictions - and venue, which determines the physical location in which the parties are best served to settle their dispute.

The global nature of the internet - both its global reach and its perceived "boundaryless" architecture - presents a host of jurisdictional complexities for any sovereign seeking to define and / or enforce laws regulating its use. What are the proper boundaries of a sovereign's reach on the internet and how can these boundaries be implemented in practice?

In exploring this issue, this module first reviews the basics of jurisdiction. Next, it describes the unique "boundarylessness" of the internet and recent technical efforts to circumvent this architectural characteristic. Finally, we discuss various perspectives on the optimal extent of "local" jurisdiction over the internet.


1. The basics of jurisdiction

a. Personal Jurisdiction

The requirement of personal jurisdiction prevents the courts of a sovereign from exercising authority over persons who have little or no relation to that sovereign. Personal jurisdiction is distinct from subject matter jurisdiction which governs the types of cases (e.g., traffic violations v. murder trials v. constitutional questions) that a court is competent to decide.

i. United States

Finding personal jurisdiction in the United States requires a two step inquiry. For state courts, first, state law must authorize the court to exercise jurisdiction over the parties. A state's common law might allow personal service within the state as a means of establishing jurisdiction. Most states also have long arm statutes that specify other circumstances giving rise to personal jurisdiction. A typical statute might provide jurisdiction where:


- Defendant is incorporated in the state; or
- Defendant is registered to do business in the state; or
- Defendant has insured a resident of the state; or
- Defendant has engaged in a tort within the state.

Second, the exercise of jurisdiction authorized by state law must comport with the due process guarantees of the federal constitution. There are several ways to satisfy the requirements of due process: (1) general jurisdiction, (2) specific jurisdiction, (3) personal service, (4) consent, and (5) a valid forum selection clause. General jurisdiction arises when defendant has substantial and continuous contacts with the forum state. For example, a state would have general jurisdiction over a company headquartered in that state or over an individual who is a citizen of that state. Specific jurisdiction arises when there are minimum contacts with the forum state, the suit arises from or relates to those contacts and the exercise of jurisdiction would be fundamentally fair. A defendant who does significant business in the forum state likely satisfies this minimum contacts requirement. Personal jurisdiction is also constitutional when a defendant explicitly or implicitly consents, as when he appears in court and defends his case on the merits. Finally, forum selection clauses can satisfy the constitutional due process requirements so long as they are not imposed to deter suit and are not a result of fraud. Several states have statutes authorizing personal jurisdiction whenever constitutional. In those states, as with federal courts, the issue of personal jurisdiction collapses into the single due process inquiry (described above).

ii. European Union

In the European Union, several Conventions govern the circumstances in which the exercise of jurisdiction is proper, and various scholars have recently suggested how those conventions would and should apply to internet-related disputes.

Under the Lugano Convention on Jurisdiction and the Enforcement of Judgments in Civil and Commercial Matters, the power of a state to assert jurisdiction over a person domiciled therein will be decided according to the law of that state. Several exceptions to this principle have been enumerated. For example, in contractual relationships, a person may be sued in the courts of the country where the obligation was to be performed. In the case of involvement of a branch, agency or other establishment, the courts of the place where such branch, etc. is situated have jurisdiction to adjudicate the matter. In consumer disputes, the complainant is entitled to bring proceedings against a supplier of goods or services or a creditor in the state where the consumer is domiciled. Finally, an entrepreneur can only bring proceedings against a consumer in the country where the consumer is domiciled.

The Romano Convention on the Law Applicable to Contractual Obligations deals with international private law. Parties are free to choose the law applicable to a whole contract or to parts of a contract. In the absence of any valid agreement regarding choice of law, the applicable law shall be that of the country most closely connected to the agreement. Here too, consumers are given special protection. A consumer's right under the law of his domicile cannot be overridden by a contractual choice-of-law provision if (1) the execution of the contract was preceded by specific invitations addressed to the consumer or by advertising directed towards the consumer; or (2) the seller or its agents received the order in the country of the consumer.

Agne Lindberg argues that, when these conventions are applied to internet-related disputes, the physical domicile of entrepreneurs acting on the internet will still be the determining factor when deciding which are the competent courts and which is the applicable law within the E.U. countries. He suggests that these Conventions are already well suited for the internet transactions and that the European Court of Justice can and will apply them properly to the new medium.

Also important in the E.U. context is the "country of destination rule," which entitles a consumer to bring suit in his own domicile whenever the defendant has been pursuing business activities in the consumer's domicile or directing commercial activities towards that state. In relation to e-commerce, this rule, in view of Frederica Greggio and Andrea Platania, would mean that the proprietor of an interactive website based in an E.U. Member State would be subject to the jurisdiction of any E.U. Member State where his website is accessible.

The European Commission has proposed the targeting approach in its draft regulation to implement the Brussels Convention on Jurisdiction and the Enforcement of Judgments in Civil and Commercial Matters as part of E.U. Law. Greggio and Platania analyze the impact of the proposed Council Regulation on Jurisdiction and the Recognition and the Enforcement of Judgments in Civil and Commercial Matters, aimed to replace and update the Brussels Convention.

iii. Australia

Traditionally, Australian courts have been somewhat more willing than American courts to require out-of-state defendants to appear and defend themselves. In Australia, a personal action typically is initiated by serving the defendant with a writ or other originating process. Such service generally establishes the court's adjudicative jurisdiction over the person served. Regarding interstate service, the Service and Execution of Process Act of 1992 provides for jurisdiction by initiating process in an Australian State or Territory to be served in another State without the need to show a nexus between the initiating State and the parties or the cause of action.

Gutnick v. Dow Jones & Co., [2001] V.S.C. 305, is an application of Australian law to an internet defamation case. In the attached article, Mallesons Stephen Jacques discusses the current status of Australian law on this subject and how it is likely to develop in the near future.

b. Conflict of Laws

Once a tribunal has effectively asserted jurisdiction over the parties, the next question is: what body of substantive law should be used to resolve the controversy? As previous modules have shown, the laws in force in different countries pertaining to the internet vary considerably. Thus, the choice of law can be dispositive and almost always matters greatly. In the United States, the meta-doctrine that determines which substantive law should be applied in known as conflict of laws. In other countries it is more likely to be called private international law. This is a notoriously unstable, shifting field of doctrine, characterized by warring principles or tests. Some of the major contending principles include the 'the most significant relationship' test, the 'center of gravity' approach, and the 'interest' approach.

It is far from clear how this body of law will or should be brought to bear on internet-related disputes. The attached articles offer two views. Hao-Nhien Q.Vu outlines the major tests that might be employed. Paul Edward Geller focuses on lawsuits claiming infringement of intellectual property over the Net. Geller argues that, in such cases, cross-border infringing acts could be best localized by considering consequences for judicial remedies.

c. Enforcement of judgments

Naturally, the judgment of a court is only meaningful to the extent that it can be enforced. A sovereign can only enforce the judgments of its courts insofar as: i) a defendant or his assets can be reached by the enforcement mechanisms of the sovereign, ii) the sovereign can get extradition of the absent defendant from some other sovereign, or iiii) foreign states will enforce the judgment of the sovereign. Within the United States, all three of these enforcement methods are available among states: the first by exercise of police power, the second for enforcement of criminal laws, and the third by requirement of the full faith and credit clause of the federal constitution. Internationally, the problem is more complicated and is governed by the doctrine of international comity. A state generally will not enforce a foreign judgment it views as manifestly unreasonable. If it wishes its judgment enforced, therefore, a state will only be able to exercise jurisdiction over defendants that have some significant tie to the forum state (e.g., the defendant is present there, has assets there, or causes significant harm there).

2. Geographical boundaries and the internet

A global network designed to ignore, rather than respect, geographical lines, the internet (as originally conceived / implemented) is fundamentally ill-suited to "local" regulation based on geographical boundaries. As Johnson and Post explain in their 1996 article, "Law and Borders: The Rise of Law in Cyberspace":


The rise of the global computer network is destroying the link between geographical location and: (1) the power of local governments to assert control over online behavior; (2) the effects of online behavior on individuals or things; (3) the legitimacy of the efforts of a local sovereign to enforce rules applicable to global phenomena; and (4) the ability of physical location to give notice of which sets of rules apply.

[The internet] has no territorially-based boundaries, because the cost and speed of message transmission on the Net is almost entirely independent of physical location …. Location remains vitally important, but only location within a virtual space consisting of the "addresses" of the machines between which messages and information are routed.
The system is indifferent to the physical location of those machines, and there is no necessary connection between an internet address and a physical jurisdiction.
Although a domain name, when initially assigned to a given machine, may be associated with a particular internet Protocol address corresponding to the territory within which the machine is physically located (e.g., a ".uk" domain name extension), the machine may move in physical space without any movement in the logical domain name space of the Net. Or, alternatively, the owner of the domain name might request that the name become associated with an entirely different machine, in a different physical location. Thus, a server with a ".uk" domain name may not necessarily be located in the United Kingdom, a server with a ".com" domain name may be anywhere, and users, generally speaking, are not even aware of the location of the server that stores the content that they read. Physical borders no longer can function as signposts informing individuals of the obligations assumed by entering into a new, legally significant, place, because individuals are unaware of the existence of those borders as they move through virtual space.

(48 Stanford Law Review 1367. Excerpts of Johnson and Post's article are available here. The full text of the article is available here.) Johnson and Post's article most notably describes the internet as it was originally conceived and implemented by its founding engineers.

Since 1996 (when the article was written), however, technology efforts aimed at enabling the introduction of geographical boundaries have been somewhat successful. The most common approach involves "ip mapping," or the mapping of an internet user's ip address (discussed by Johnson and Post above) to a geographic region. Ip mapping is based on the fact that while, in theory, ip addresses need not correlate with geographic location at all, in practice, they do. Internet Service Providers ("ISPs") (through which most people access the internet) usually assign their customers ip addresses based on geographic location. A provider of ip mapping "technology" essentially assembles a massive directory of this information; ip addresses can be "looked up" in the directory and an associated geographic location provided, if available. Moreover, the directory can store other information about the user derivable from the ip address, like the identity of his / her ISP and the bandwidth of his / her connection to the internet. It is important to stress that ip mapping is not a science. It often requires business relationships with ISPs to uncover geographic data on their customers and a host of technological issues - largely a result of the fact that, fundamentally, the internet was not designed to preserve geographic information (as described above) - can make the data highly unreliable. The imperfect character of the technology is evident in the product descriptions crafted by its providers. For example, Quova, one of the leading developers of this technology, describes its GeoPoint product as follows:


GeoPoint provides the geographic location of your Web site visitors in real time. It is the best geolocation service available, and here's why:
· We combine automated technology with expert human analysis to provide unsurpassed global coverage and data quality.
· We provide the most extensive list of data fields - high-resolution geographic options from continent to city and all points in-between, plus a full array of network connection and performance information.
· We lead the industry in providing accurate geolocation information previously masked by proxies - including AOL users by country - plus anonymous, cache, and corporate proxy information.
· Each piece of information comes with a confidence factor representing the probability it is correct. You get a much fuller picture and can make better decisions.
· GeoPoint is truly enterprise-class, with easy integration, an application management utility, reliable performance, and scalability to any business size.
· Privacy-safe - no cookies, profiling, or click-stream data is used, so your visitors maintain their anonymity.
Finally, we stand behind our service. Accuracy, performance, and system availability are guaranteed by the industry's first Service Level Agreement.

Though imperfect, IP mapping can be very effective, particularly when users of the technology do not require a high degree of specificity / granularity in defining geographic locations. IP mapping can very accurately predict the country from which a viewer accesses your site where it might fail to reliably predict his / her town.

Naturally, IP mapping is often deployed by website operators for a variety of commercial reasons. Often, tailoring a marketing message to a user on the basis of his / her geographic location can be very effective. Similarly, companies often employ IP mapping in order to provide accurate shipping and availability information on products on the basis of a user's location without requiring that user to explicitly divulge his / her location. In the context of our discussion of jurisdiction on the internet, the most notable use of the technology is, naturally, using IP mapping to guarantee compliance with the regulations of the sovereign state in which a user resides. Given the ability to know the geographic location of its viewers, a company can construct its website so as to respond differently to viewers in different geographic regions as a function of the respective laws of those regions., in its description of its eBorder Controls product, explains, for example: "'s eBorder Controls ensure that internet and Closed-loop content and activity … meet specified geographical distribution and legal restrictions."

Beyond the use of techniques like ip mapping to predict geographic locations, some argue that the fundamental architecture of the internet should be augmented so as to preserve and report reliable geography data. While the internet as it is currently designed does not preserve geographic information, nothing says that it could not do so in the future. Whether or not the current "boundarylessness" of the internet is desirable is a hotly contested issue discussed below.

3. What is the optimal extent of an entity's jurisdiction over the internet?

Most fundamentally, the issue of jurisdiction on the internet collapses into a simple, yet profound, question: What ought to be the extent of a sovereign's authority over the internet? As we have seen, some argue that the internet should exist as its own international space, entirely free from local regulation. Of those that disagree and call for some localized authority over the internet, a question of degree arises; if a sovereign should be able to enforce its (local) regulations of internet use, what should be the extent of its reach?

a. The internet as its own international space

Johnson and Post (discussed above) argue that the internet, or "cyberspace", should be treated as a distinct territory or sovereignty subject to its own self-governance and worthy of deference from other sovereignties. In concluding their discussion, they write:


Global electronic communications have created new spaces in which distinct rule sets will evolve. We can reconcile the new law created in this space with current territorially-based legal systems by treating it as a distinct doctrine, applicable to a clearly demarcated sphere, created primarily by legitimate, self-regulatory processes, and entitled to appropriate deference--but also subject to limitations when it oversteps its appropriate sphere.

The law of any given place must take into account the special characteristics of the space it regulates and the types of persons, places, and things found there. Just as a country's jurisprudence reflects its unique historical experience and culture, the law of Cyberspace will reflect its special character, which differs markedly from anything found in the physical world. For example, the law of the Net must deal with persons who "exist" in Cyberspace only in the form of an email address and whose purported identity may or may not accurately correspond to physical characteristics in the real world. In fact, an e-mail address might not even belong to a single person. Accordingly, if Cyberspace law is to recognize the nature of its "subjects," it cannot rest on the same doctrines that give geographically based sovereigns jurisdiction over "whole," locatable, physical persons. The law of the Net must be prepared to deal with persons who manifest themselves only by means of a particular ID, user account, or domain name.

Moreover, if rights and duties attach to an account itself, rather than an underlying real world person, traditional concepts such as "equality," "discrimination," or even "rights and duties" may not work as we normally understand them. New angles on these ideas may develop. For example, when AOL users joined the Net in large numbers, other Cyberspace users often ridiculed them based on the ".aol" tag on their email addresses--a form of "domainism" that might be discouraged by new forms of Netiquette. If a doctrine of Cyberspace law accords rights to users, we will need to decide whether those rights adhere only to particular types of online appearances, as distinct from attaching to particular individuals in the real world.

Similarly, the types of "properties" that can become the subject of legal discussion in Cyberspace will differ from real world real estate or tangible objects. For example, in the real world the physical covers of a book delineate the boundaries of a "work" for purposes of copyright law; those limits may disappear entirely when the same materials are part of a large electronic database. Thus, we may have to change the "fair use" doctrine in copyright law that previously depended on calculating what portion of the physical work was copied. Similarly, a web page's "location" in Cyberspace may take on a value unrelated to the physical place where the disk holding that Web page resides, and efforts to regulate web pages by attempting to control physical objects may only cause the relevant bits to move from one place to another. On the other hand, the boundaries set by "URLs" (Uniform Resource Locators, the location of a document on the World Wide Web) may need special protection against confiscation or confusingly similar addresses. And, because these online "places" may contain offensive material, we may need rules requiring (or allowing) groups to post certain signs or markings at these places' outer borders.

The boundaries that separate persons and things behave differently in the virtual world but are nonetheless legally significant. Messages posted under one e-mail name will not affect the reputation of another e-mail address, even if the same physical person authors both messages. Materials separated by a password will be accessible to different sets of users, even if those materials physically exist on the very same hard drive. A user's claim to a right to a particular online identity or to redress when that identity's reputation suffers harm, may be valid even if that identity does not correspond exactly to that of any single person in the real world.

Clear boundaries make law possible, encouraging rapid differentiation between rule sets and defining the subjects of legal discussion. New abilities to travel or exchange information rapidly across old borders may change the legal frame of reference and require fundamental changes in legal institutions. Fundamental activities of lawmaking--accommodating conflicting claims, defining property rights, establishing rules to guide conduct, enforcing those rules, and resolving disputes--remain very much alive within the newly defined, intangible territory of Cyberspace. At the same time, the newly emerging law challenges the core idea of a current law-making authority--the territorial nation state, with substantial but legally restrained powers.

If the rules of Cyberspace thus emerge from consensually based rule sets, and the subjects of such laws remain free to move among many differing online spaces, then considering the actions of Cyberspace's system administrators as the exercise of a power akin to "sovereignty" may be inappropriate. Under a legal framework where the top level imposes physical order on those below it and depends for its continued effectiveness on the inability of its citizens to fight back or leave the territory, the legal and political doctrines we have evolved over the centuries are essential to constrain such power. In that situation, where exit is impossible, costly, or painful, then a right to a voice for the people is essential. But when the "persons" in question are not whole people, when their "property" is intangible and portable, and when all concerned may readily escape a jurisdiction they do not find empowering, the relationship between the "citizen" and the "state" changes radically. Law, defined as a thoughtful group conversation about core values, will persist. But it will not, could not, and should not be the same law as that applicable to physical, geographically-defined territories.

(48 Stanford Law Review 1367. Excerpts of Johnson and Post's article are available here. The full text of the article is available here.) The "governance" of domain names by ICANN and its Uniform Dispute Resolution Procedure ("UDRP") for the resolution of domain name disputes represent compelling examples of the type of self-governance Johnson and Post envision for cyberspace. (ICANN and the UDRP are discussed in detail in other module(s).)

Regardless of its potential ideological appeal, the vision of Johnson and Post appears not to be the dominant view among sovereignties. Efforts to enforce local regulations of the internet have increased significantly and will likely continue to do so.

Motivated by a similar vision for the autonomy of cyberspace - and by potential profits -, HavenCo is a start-up company seeking to deliver for its customers the government-free vision of the internet described by Johnson and Post. It aims to realize this vision through very practical, direct means: HavenCo has deployed its network on Sealand, an independent sovereignty that consists of an abandoned British island fortress in international waters. As described by the website of the SeaLand "government":


Sealand was founded as a sovereign Principality in 1967 in international waters, six miles off the eastern shores of Britain. The island fortress is conveniently situated from 65 to 100 miles from the coasts of France, Belgium, Holland and Germany. The official language of Sealand is English and the Sealand Dollar has a fixed exchange rate of one U.S. dollar. Passports and stamps have been in circulation since 1969, however, contrary to many misleading websites and news articles, Sealand passports are not for sale, and anyone offering such are selling forgeries. Within a radius of 500 miles of Sealand live more than 200 million people who enjoy some of the highest standards of living in the world. This area also encompasses the financial, industrial and cultural heart of Europe.

The history of Sealand is a story of a struggle for liberty. Sealand was founded on the principle that any group of people dissatisfied with the oppressive laws and restrictions of existing nation states may declare independence in any place not claimed to be under the jurisdiction of another sovereign entity. The location chosen was Roughs Tower, an island fortress created in World War II by Britain and subsequently abandoned to the jurisdiction of the High Seas. The independence of Sealand was upheld in a 1968 British court decision where the judge held that Roughs Tower stood in international waters and did not fall under the legal jurisdiction of the United Kingdom. This gave birth to Sealand's national motto of E Mare Libertas, or "From the Sea, Freedom".

In his article on SeaLand and HavenCo, author Simson Garfinkel explains:

Hunkered down on a North Sea fortress, a crew of armed cypherpunks, amped-up networking geeks, and libertarian swashbucklers is seceding from the world to pursue a revolutionary idea: an offshore, fat-pipe data haven that answers to nobody.

Ryan Lackey, a 21-year-old MIT dropout and self-taught crypto expert, sees fantastic things for himself in 2005. For starters, he'll be filthy rich. But his future is animated by more than just money - to wit, the exploration of a huge idea he thinks will change the world. Lackey's big concept? That freedom is the next killer app.

Before you get too choked up, you should know that Lackey means giving corporations and frisky individuals the "freedom" to store and move data without answering to anybody, including competitors, regulators, and lawyers. He's part of a crew of adventurers and cypherpunks that's working to transform a 60-year-old gunnery fort in the North Sea - an odd, quasi-independent outpost whose British owner calls it "the Principality of Sealand" - into something that could be possible only in the 21st century: a fat-pipe Internet server farm and global networking hub that combines the spicier elements of a Caribbean tax shelter, Cryptonomicon, and 007.

[In the summer of 2000], with $1 million in seed money provided by a small core of Internet-fattened investors, Lackey and his colleagues [set] up Sealand as the world's first truly offshore, almost-anything-goes electronic data haven - a place that occupies a tantalizing gray zone between what's legal and what's ... possible. Especially if you exist, as the Sealanders plan to, outside the jurisdiction of the world's nation-states. Simply put: Sealand won't just be offshore. It will be off-government.

The startup is called, fittingly, HavenCo Ltd. Headquartered on a 6,000-square-foot, World War II-era antiaircraft deck that comprises the "land" of Sealand, the facility isn't much to look at and probably never will be. It consists of a rusty steel deck sitting on two hollow, chubby concrete cylinders that rise 60 feet above the churn of the North Sea. Up top there's a drab building and a jury-rigged helicopter landing pad.

Soon, Lackey believes, powerful upgrades will transform Sealand into something amazing. The huge support cylinders will contain millions of dollars' worth of networking gear: computers, servers, transaction processors, data-storage devices - all cooled with banks of roaring air conditioners and powered by triple-redundant generators. HavenCo will provide its clients with nearly a gigabit per second of Internet bandwidth by year's end, at prices far cheaper than those on the overregulated dry land of Europe - whose financial capitals sit a mere 20 milliseconds away from Sealand's electronic nerve center. Three speedy connections to HavenCo affiliate hubs all over the planet - microwave, satellite, and underwater fiber-optic links - will ensure that the data never stops flowing.

HavenCo's onboard staff will come and go on helicopters and speedboats. Four security people will be on hand at all times to maintain order; six computer geeks will run the network operations center. The security personnel, heavily armed and ready to blast anybody who shouldn't be around, will make sure that unauthorized boats and aircraft keep their distance. The geeks will perform maintenance tasks like replacing failed hard disks and installing new equipment. These routine chores will be a little more challenging than usual, given the maritime setting and Sealand's obsession with privacy. Fall over the edge of Sealand's deck, for instance, and you'll probably drown. Simply entering one of the machine rooms will require putting on scuba gear, because the rooms will be filled with an unbreathable pure nitrogen atmosphere instead of the normal oxygen mix - a measure designed to keep out sneaks, inhibit rust, and reduce the risk of fire.

HavenCo will be "offshore" both physically and in the sense that its clients - who will purchase preconfigured "colocation" computers maintained and secured by HavenCo - will basically be able to tell the rest of the world to shove it. The essence of offshore Internet services, as defined by sort-of-offshore places like Anguilla and Bermuda, is that when you base an operation in such a locale, you can claim to be governed only by the laws that prevail there. So if Internet gambling is legal (or overlooked) in Country A but not in Country B, you set up in A, and use the Web to send your site to B - and to the rest of the world.

Similarly, companies using Sealand to house their data can choose to operate according to the special laws of Sealand, and those laws will be particularly lax - though not quite anarchic. Lackey says the general idea is to allow a little naughtiness, while forbidding criminal activity that could generate international outrage.

Meaning? Basically, that HavenCo wants to give people a safe, secure shelter from lawyers, government snoops, and assorted busybodies without getting tangled in flagrant wrongdoing. So if you run a financial institution that's looking to operate an anonymous and untraceable payment system - HavenCo can help. If you'd like to send old-fashioned, adults-only pornography into a grumpy country like Saudi Arabia - HavenCo can help there, too. But if you want to run a spamming operation, launder drug money, or send kiddie porn anywhere - forget it.

(Garfinkel's article, posted by in July of 2000, is available here.) It is important to stress that Sealand maintains its own laws with respect to use of the internet. Thus, to the extent that it represents the most radical implementation of a "government-free" internet, it is, itself, subject to the regulation of the Sealand government - not to mention whomever is providing internet connectivity to Sealand, or whomever can regulate whomever is providing internet connectivity to Sealand..

Thus the true measure of protection afforded to HavenCo customers remains unclear. Putting aside the fact that HavenCo is situated in international waters, a U.S. company, for example, would still have to comply with a U.S. court's order requiring production of data stored on SeaLand. That said, HavenCo might enable a company to avoid subjecting itself to the personal jurisdiction of any country if that company can avoid making any contacts with other countries (see the discussion of personal jurisdiction, above).

b. Localized regulation and the optimal extent of control

In considering the optimal extent of a sovereign's authority over the internet, one can look to two clear and opposite extremes. The rule might be that a defendant will only be subject to jurisdiction for his internet activities in his home forum, or the rule might be that a defendant will be subject to jurisdiction for his internet activities everywhere those activities are accessible or have a major effect.

The extreme of universal jurisdiction is immediately limited by practical considerations. As discussed above, a sovereign must be able to enforce its judgments if its laws are to have any meaning / effect. While these practical limits are substantial limits, additional, theoretical problems remain. Consider, for example, the defendant who facilitates the sale of Nazi memorabilia through an internet auction site. Claiming the display of Nazi images is indecent and against its law, a foreign state orders the defendant to remove the Nazi images and the defendant complies. The notable side effect of this is that not only are citizens of the foreign state protected from the Nazi images, but also citizens of all states who previously might have accessed the images. Several authors have argued that these "overflow effects" of internet jurisdiction are undesirable. Whether or not one agrees with their position, the problem of overflow effects is not unique to internet cases. As other authors point out, U.S. antitrust regulations have substantial effects on the price of products and the structure of markets beyond U.S. borders. Moreover, as technology like ip mapping improves, or as fundamental changes to the internet's architecture are implemented, our hypothetical defendant may be able to effectively remove the Nazi images only for those viewers located in the foreign state. The overflow effect is, in short, a result of the "boundarylessness" of the internet. To the extent boundaries are introduced, the overflow effect is reduced.

A second problem is notice. Defendant individuals or small businessmen will not know the laws of all the jurisdictions from which their web sites will be accessible and it therefore seems unjust to hold them accountable under those laws. This problem might suggest only that a warning or a cease and desist notice in internet suits should be issued before a defendant faces liability. That is, a defendant accused of violating the laws of a foreign forum state should first be informed of those laws and given an opportunity to stop the violation unless the defendant had reason to know of the foreign laws beforehand.

Third and related is the problem of conflicting and overlapping laws. By putting up a web site, a defendant potentially subjects himself to laws that mandate contradictory results. One country may label something obscene while another protects it under freedom of speech. In those cases, defendants will conform to the requirements of the strictest substantive law. More difficult cases arise when substantive laws command affirmatively different actions, as when two courts order mutually inconsistent equitable remedies. In that situation, the practical limitations on enforcement limit the effectiveness of the orders, but it remains difficult for defendants to organize their conduct in order to avoid liability.

Territorial regulation of internet disputes is difficult and costly for states because of the international context of many internet disputes. There are feasible alternatives: voluntary alternative dispute resolution coupled with an international enforcement regime, international treaties or conventions such as those in force in the E.U. on the exercise of personal jurisdiction, and international treaties or conventions on rules of substantive law to be applied no matter which court exercises jurisdiction. Each of these three options requires progressively more surrender of local sovereign authority. In the first, a state must surrender its right to review and reject the judgment of an arbitrator or other alternative tribunal. In the second, a state must give up the power to decide when its courts will be able to hear international internet disputes. In the last, a state must surrender its very lawmaking power over internet disputes in favor of some international compromise.

The tradeoff in internet jurisdiction is between local sovereignty and the cost of deciding disputes and enforcing judgments. Local sovereignty, even given practical limitations on enforcement, implies greater costs because of the joint problems of overflow effects, notice, conflicting and overlapping laws, and indirect enforcement. As international use of the internet increases, internet disputes will grow in number, size and complexity. This growth will impose greater costs on sovereigns of maintaining local authority and we should therefore expect alternatives to sovereignty to increase in importance.

This situation is not unique to the internet. International arbitration agreements, made enforceable by international convention, are an abdication of local sovereignty (to review and reject arbitration awards as a matter of course) in favor of a lower cost means of settling international disputes. The internet merely makes this tension between sovereignty and efficient dispute resolution in an international setting dramatically apparent. The UDRP, discussed in earlier modules, is an example of an alternative to local sovereignty that states have elected to abide by in the internet context.

For presentations of these and other arguments about jurisdiction in internet disputes and internet regulation in general, see:
Jack L. Goldsmith, Against Cyberanarchy 65 U. Chi. L. Rev. 1199
David R. Johnson and David Post, Law and Borders - The Rise of Law in Cyberspace 48 Stan. L. Rev. 1367

For particular proposals of how to deal with internet jurisdiction in the face of these arguments, see:
Sarah K. Jezairian, Lost in the Virtual Mall: Is Traditional Personal Jurisdiction Analysis Applicable to E-Commerce Cases? 42 Ariz. L. Rev. 965
Todd D. Leitstein, A Solution for Personal Jurisdiction on the internet 59 La. L. Rev. 565
Darrel Menthe, Jurisdiction in Cyberspace: A Theory of International Spaces
A Separate Jurisdiction for Cyberspace