Global computer-based communications cut across
territorial borders, creating a new realm of human activity and undermining the
feasibility--and legitimacy--of applying laws based on geographic boundaries.
While these electronic communications play havoc with geographic boundaries, a new
boundary, made up of the screens and passwords that separate the virtual world
from the "real world" of atoms, emerges. This new boundary defines a
distinct Cyberspace that needs and can create new law and legal institutions of
its own. Territorially-based law-making and law-enforcing authorities find this
new environment deeply threatening. But established territorial authorities may
yet learn to defer to the self-regulatory efforts of Cyberspace participants
who care most deeply about this new digital trade in ideas, information, and
services. Separated from doctrine tied to territorial jurisdictions, new rules
will emerge, in a variety of online spaces, to govern a wide range of new
phenomena that have no clear parallel in the nonvirtual world. These new rules
will play the role of law by defining legal personhood and property, resolving
disputes, and crystallizing a collective conversation about core values.
…
B. The Absence of Territorial Borders in Cyberspace
Cyberspace radically undermines the relationship
between legally significant (online) phenomena and physical location. The rise
of the global computer network is destroying the link between geographical
location and: (1) the power of local governments to assert control over
online behavior; (2) the effects of online behavior on individuals or
things; (3) the legitimacy of the efforts of a local sovereign to
enforce rules applicable to global phenomena; and (4) the ability of physical
location to give notice of which sets of rules apply.
The Net thus radically subverts a system of rule-making based on
borders between physical spaces, at least with respect to the claim that
cyberspace should naturally be governed by territorially defined rules.
Cyberspace has no territorially-based boundaries, because the cost and
speed of message transmission on the Net is almost entirely independent of
physical location: Messages can be transmitted from any physical location to
any other location without degradation, decay, or substantial delay, and
without any physical cues or barriers that might otherwise keep certain
geographically remote places and people separate from one another. The Net enables transactions between people who do not know, and
in many cases cannot know, the physical location of the other party. Location
remains vitally important, but only location within a virtual space
consisting of the "addresses" of the machines between which messages
and information are routed.
The system is indifferent to the physical location of those
machines, and there is no necessary connection between an Internet address and
a physical jurisdiction.
Although a domain name, when initially assigned to a given machine, may
be associated with a particular Internet Protocol address corresponding to the
territory within which the machine is physically located (e.g., a
".uk" domain name extension), the machine may move in physical space
without any movement in the logical domain name space of the Net. Or,
alternatively, the owner of the domain name might request that the name become
associated with an entirely different machine, in a different physical
location. Thus, a server with a ".uk" domain
name may not necessarily be located in the United Kingdom, a server with a
".com" domain name may be anywhere, and users, generally speaking,
are not even aware of the location of the server that stores the content that
they read. Physical borders no longer can function as signposts informing
individuals of the obligations assumed by entering into a new, legally
significant, place, because individuals are unaware of the existence of those
borders as they move through virtual space.
The power to control activity in Cyberspace has only the most tenuous
connections to physical location. Many governments first respond to electronic
communications crossing their territorial borders by trying to stop or regulate
that flow of information as it crosses their borders. Rather than deferring to
efforts by participants in online transactions to regulate their own affairs,
many governments establish trade barriers, seek to tax any border-crossing
cargo, and respond especially sympathetically to claims that information coming
into the jurisdiction might prove harmful to local residents. Efforts to stem
the flow increase as online information becomes more important to local
citizens. In particular, resistance to "transborder data flow" (TDF)
reflects the concerns of sovereign nations that the development and use of
TDF's will undermine their "informational sovereignty,"\13\ will negatively impact
on the privacy of local citizens,\14\ and will upset private
property interests in information. Even local governments in the United States
have expressed concern about their loss of control over information and
transactions flowing across their borders.
But efforts to control the flow of electronic information across
physical borders--to map local regulation and physical boundaries onto
Cyberspace--are likely to prove futile, at least in countries that hope to
participate in global commerce.\17\ Individual electrons
can easily, and without any realistic prospect of detection, "enter"
any sovereign's territory. The volume of electronic communications crossing
territorial boundaries is just too great in relation to the resources available
to government authorities to permit meaningful control.
U.S. Customs officials have generally given up. They assert
jurisdiction only over the physical goods that cross the geographic borders
they guard and claim no right to force declarations of the value of materials
transmitted by modem. Banking and securities regulators seem
likely to lose their battle to impose local regulations on a global financial
marketplace. And state
Attorneys General face serious challenges in seeking to intercept the electrons
that transmit the kinds of consumer fraud that, if conducted physically within
the local jurisdiction, would be more easily shut down.
Faced with their inability to control the flow of electrons across
physical borders, some authorities strive to inject their boundaries into the
new electronic medium through filtering mechanisms and the establishment of
electronic barriers.\20\
Others have been quick to assert the right to regulate all online trade insofar
as it might adversely impact local citizens. The Attorney General of Minnesota,
for example, has asserted the right to regulate gambling that occurs on a
foreign web page that was accessed and "brought into" the state by a
local resident.\21\ The
New Jersey securities regulatory agency has similarly asserted the right to
shut down any offending Web page accessible from within the state.
But such protective schemes will likely fail as well.
First, the determined seeker of prohibited communications can simply
reconfigure his connection so as to appear to reside in a different location,
outside the particular locality, state, or country. Because the Net is
engineered to work on the basis of "logical," not geographical,
locations, any attempt to defeat the independence of messages from physical
locations would be as futile as an effort to tie an atom and a bit together.
And, moreover, assertions of law-making authority over Net activities on the
ground that those activities constitute "entry into" the physical
jurisdiction can just as easily be made by any territorially-based authority.
If Minnesota law applies to gambling operations conducted on the World
Wide Web because such operations foreseeably affect Minnesota residents, so,
too, must the law of any physical jurisdiction from which those operations can
be accessed. By asserting a right to regulate whatever its citizens may access
on the Net, these local authorities are laying the predicate for an argument
that Singapore or Iraq or any other sovereign can regulate the activities of
U.S. companies operating in cyberspace from a location physically within the
United States.
All such Web-based activity, in this view, must be subject
simultaneously to the laws of all territorial sovereigns.
Nor are the effects of online activities tied to geographically
proximate locations. Information available on the World Wide Web is available
simultaneously to anyone with a connection to the global network. The notion
that the effects of an activity taking place on that Web site radiate from a
physical location over a geographic map in concentric circles of decreasing
intensity, however sensible that may be in the nonvirtual world, is incoherent
when applied to Cyberspace. A Web site physically located in Brazil, to
continue with that example, has no more of an effect on individuals in Brazil
than does a Web site physically located in Belgium or Belize that is accessible
in Brazil. Usenet discussion groups, to take another example, consist of
continuously changing collections of messages that are routed from one network
to another, with no centralized location at all; they exist, in effect,
everywhere, nowhere in particular, and only on the Net.\23\
Nor can the legitimacy of any rules governing online activities be
naturally traced to a geographically situated polity. There is no
geographically localized set of constituents with a stronger claim to regulate
it than any other local group; the strongest claim to control comes from the
participants themselves, and they could be anywhere.
The rise of an electronic medium that disregards geographical
boundaries also throws the law into disarray by creating entirely new phenomena
that need to become the subject of clear legal rules but that cannot be
governed, satisfactorily, by any current territorially-based sovereign. For
example, electronic communications create vast new quantities of transactional
records and pose serious questions regarding the nature and adequacy of privacy
protections. Yet the communications that create these records may pass through
or even simultaneously exist in many different territorial jurisdictions. What
substantive law should we apply to protect this new, vulnerable body of transactional
data? May a French policeman lawfully access the records of communications
traveling across the Net from the United States to Japan? Similarly, whether it
is permissible for a commercial entity to publish a record of all of any given
individual's postings to Usenet newsgroups, or whether it is permissible to
implement an interactive Web page application that inspects a user's
"bookmarks" to determine which other pages that user has visited, are
questions not readily addressed by existing legal regimes--both because the
phenomena are novel and because any given local territorial sovereign cannot
readily control the relevant, globally dispersed, actors and actions.
Because events on the Net occur everywhere but nowhere in particular,
are engaged in by online personae who are both "real" (possessing
reputations, able to perform services, and deploy intellectual assets) and
"intangible" (not necessarily or traceably tied to any particular
person in the physical sense), and concern "things" (messages,
databases, standing relationships) that are not necessarily separated from one
another by any physical boundaries, no physical jurisdiction has a more
compelling claim than any other to subject these events exclusively to its
laws.
…
…
Many of the jurisdictional and substantive
quandaries raised by border-crossing electronic communications could be
resolved by one simple principle: conceiving of Cyberspace as a distinct
"place" for purposes of legal analysis by recognizing a legally
significant border between Cyberspace and the "real world."
Using this new approach, we would no longer ask the unanswerable
question "where" in the geographical world a Net-based transaction
occurred. Instead, the more salient questions become: What rules are best
suited to the often unique characteristics of this new place and the
expectations of those who are engaged in various activities there? What
mechanisms exist or need to be developed to determine the content of those
rules and the mechanisms by which they can enforced?
Answers to these questions will permit the development of rules better
suited to the new phenomena in question, more likely to be made by those who
understand and participate in those phenomena, and more likely to be enforced
by means that the new global communications media make available and effective.
Treating Cyberspace as a separate "space"
to which distinct laws apply should come naturally, because entry into this
world of stored online communications occurs through a screen and (usually) a
"password" boundary. There is a "placeness" to Cyberspace
because the messages accessed there are persistent and accessible to many
people. You know when you are "there." No one accidentally strays
across the border into Cyberspace. To be sure, Cyberspace is not a homogenous
place; groups and activities found at various online locations possess their
own unique characteristics and distinctions, and each area will likely develop
its own set of distinct rules. But the line that separates online transactions
from our dealings in the real world is just as distinct as the physical
boundaries between our territorial governments--perhaps more so.
Crossing into Cyberspace is a meaningful act that would make
application of a distinct "law of Cyberspace" fair to those who pass
over the electronic boundary.
…
What should happen when conflicts arise between the
local territorial law (applicable to persons or entities by virtue of their
location in a particular area of physical space) and the law applicable to
particular activities on the Net? The doctrine of "comity," as well
as principles applied when delegating authority to self-regulatory
organizations, provide us with guidance for reconciling such disputes.
The doctrine of comity, in the Supreme Court's classic formulation, is
"the recognition which one nation allows within its territory to the
legislative, executive, or judicial acts of another nation, having due regard
both to international duty and convenience, and to the rights of its own
citizens or of other persons who are under the protections of its law."
It is incorporated into the principles set forth in the Restatement
(Third) of Foreign Relations Law of the United States, in particular Section
403, which provides that "a state may not exercise jurisdiction to
prescribe law with respect to a person or activity having connections with
another state when the exercise of such jurisdiction is unreasonable," and
that when a conflict between the laws of two states arises, "each state
has an obligation to evaluate its own as well as the other state's interest in
exercising jurisdiction [and] should defer to the other state if that state's
interest is clearly greater.").\80\
It arose as an attempt to mitigate some of the harsher features of a
world in which lawmaking is an attribute of control over physical space but in
which persons, things, and actions may move across physical boundaries, and it
functions as a constraint on the strict application of territorial principles
that attempts to reconcile "the principle of absolute territorial
sovereignty [with] the fact that intercourse between nations often demand[s]
the recognition of one sovereign's lawmaking acts in the forum of
another." In general, comity reflects the view that those who care more
deeply about and better understand the disputed activity should determine the
outcome. Accordingly, it may be ideally suited to handle, by extension, the new
conflicts between the a-territorial nature of cyberspace activities and the
legitimate needs of territorial sovereigns and of those whose interests they
protect on the other side of the cyberspace border. This doctrine does not
disable territorial sovereigns from protecting the interests of those
individuals located within their spheres of control, but it calls upon them to
exercise a significant degree of restraint when doing so.
Local officials handling conflicts can also learn from the many
examples of delegating authority to self-regulatory organizations. Churches are
allowed to make religious law. Clubs and social organizations can, within broad
limits, define rules that govern activities within their spheres of interest.
Securities exchanges can establish commercial rules, so long as they protect
the vital interests of the surrounding communities.
In these cases, government has seen the wisdom of allocating rule-making
functions to those who best understand a complex phenomenon and who have an
interest in assuring the growth and health of their shared enterprise.
Cyberspace represents a new permutation of the underlying issue: How
much should local authorities defer to a new, self-regulating activity arising
independently of local control and reaching beyond the limited physical
boundaries of the sovereign. This mixing of both tangible and intangible
boundaries leads to a convergence of the intellectual categories of comity in
international relations and the local delegation by a sovereign to
self-regulatory groups. In applying both the doctrine of "comity" and
the idea of "delegation" to Cyberspace, a local sovereign is called
upon to defer to the self-regulatory judgments of a population partly, but not
wholly, composed of its own subjects.
Despite the seeming contradiction of a sovereign deferring to the
authority of those who are not its own subjects, such a policy makes sense,
especially in light of the underlying purposes of both doctrines. Comity and
delegation represent the wise conservation of governmental resources and
allocate decisions to those who most fully understand the special needs and
characteristics of a particular "sphere" of being. Although
Cyberspace represents a new sphere that cuts across national boundaries, the
fundamental principle remains.
If the sysops and users who collectively inhabit and control a
particular area of the Net want to establish special rules to govern conduct
there, and if that rule set does not fundamentally impinge upon the vital
interests of others who never visit this new space, then the law of sovereigns
in the physical world should defer to this new form of self-government.
…
Because controlling the flow of electrons across physical boundaries is
so difficult, a local jurisdiction that seeks to prevent its citizens from
accessing specific materials must either outlaw all access to the Net--thereby
cutting itself off from the new global trade--or seek to impose its will on the
Net as a whole. This would be the modern equivalent of a local lord in medieval
times either trying to prevent the silk trade from passing through his
boundaries (to the dismay of local customers and merchants) or purporting to
assert jurisdiction over the known world. It may be most difficult to envision
local territorial sovereigns deferring to the law of the Net when the perceived
threat to local interests arises from the very free flow of information that is
the Net's most fundamental characteristic--when, for example, local sovereigns
assert an interest in seeing that their citizens are not adversely affected by
information that the local jurisdiction deems harmful but that is freely (and
lawfully) available elsewhere.
Examples include the German government's attempts to prevent its
citizens access to prohibited materials, or the prosecution of a California
bulletin board operator for making material offensive to local "community
standards" available for downloading in Tennessee.
Local sovereigns may insist that their interest (in protecting their
citizens from harm) is paramount, and easily outweighs any purported interest
in making this kind of material freely available. But the opposing interest is
not simply the interest in seeing that individuals have access to ostensibly
obscene material, it is the "meta-interest" of Net citizens in
preserving the global free flow of information.
If there is one central principle on which all local authorities within
the Net should agree, it must be that territorially local claims to restrict
online transactions (in ways unrelated to vital and localized interests of a
territorial government) should be resisted. This is the Net equivalent of the
First Amendment, a principle already recognized in the form of the
international human rights doctrine protecting the right to communicate.
Participants in the new online trade must oppose external regulation
designed to obstruct this flow. This naturally central principle of online law
bears importantly on the "comity" analysis, because it makes clear
that the need to preserve a free flow of information across the Net is just as
vital to the interests of the Net as the need to protect local citizens against
the impacts of unwelcome information may appear from the perspective of a local
territorial sovereign.
For the Net to realize its full promise, online rule-making authorities
must not respect the claims of territorial sovereigns to restrict online
communications when unrelated to vital and localized governmental interests.
One of a border's key characteristics is that it
slows the interchange of people, things, and information across its divide.
Arguably, distinct sets of legal rules can only develop and persist where
effective boundaries exist. The development of a true "law of
Cyberspace," therefore, depends upon a dividing line between this new
online territory and the nonvirtual world. Our argument so far has been that
the new sphere online is cut off, at least to some extent, from rule-making
institutions in the material world and requires the creation of a distinct law
applicable just to the online sphere.
But we hasten to add that Cyberspace is not, behind that border, a
homogeneous or uniform territory behind that border, where information flows
without further impediment. Although it is meaningless to speak of a French or
Armenian portion of Cyberspace, because the physical borders dividing French or
Armenian territory from their neighbors cannot generally be mapped onto the flow
of information in Cyberspace, the Net has other kinds of internal borders
delineating many distinct internal locations that slow or block the flow of
information.
Distinct names and (virtual) addresses, special passwords, entry fees,
and visual cues --software boundaries--can distinguish subsidiary areas from
one another. The Usenet newsgroup "alt.religion.scientology" is
distinct from "alt.misc.legal," each of which is distinct from a chat
room on Compuserve or America Online which, in turn, are distinct from the
Cyberspace Law Institute listserver or Counsel Connect. Users can only access
these different forums through distinct addresses or phone numbers, often
navigating through login screens, the use of passwords, or the payment of fees.
Indeed, the ease with which internal borders, consisting entirely of software
protocols, can be constructed is one of Cyberspace's most remarkable and
salient characteristics; setting up a new Usenet newsgroup, or a
"listserver" discussion group, requires little more than a few lines
of code.
The separation of subsidiary "territories" or spheres of
activity within Cyberspace and the barriers to exchanging information across
these internal borders allow for the development of distinct rule sets and for
the divergence of those rule sets over time.
…
The internal borders within Cyberspace will thus allow for
differentiation among distinct constellations of such information … . Content
or conduct acceptable in one "area" of the Net may be banned in
another. Institutions that resolve disputes in one "area" of
Cyberspace may not gain support or legitimacy in others. Local sysops can, by
contract, impose differing default rules regarding who has the right, under
certain conditions, to replicate and redistribute materials that originate with
others. While Cyberspace's reliance on bits instead of atoms may make physical
boundaries more permeable, the boundaries delineating digital online
"spheres of being" may become less permeable. Securing online
systems from unauthorized intruders may prove an easier task than sealing
physical borders from unwanted immigration. Groups can establish online
corporate entities or membership clubs that tightly control participation in,
or even public knowledge of, their own affairs.
Such groups can reach agreement on or modify these rules more rapidly
via online communications. Accordingly, the rule sets applicable to the online
world may quickly evolve away from those applicable to more traditional spheres
and develop greater variation among the sets.
…
The ability of inhabitants of Cyberspace to cross borders at will
between legally significant territories, many times in a single day, is
unsettling. This power seems to undercut the validity of developing distinct
laws for online culture and commerce: How can these rules be "law" if
participants can literally turn them on and off with a switch? Frequent online
travel might subject relatively mobile human beings to a far larger number of
rule sets than they would encounter traveling through the physical world over
the same period. Established authorities, contemplating the rise of a new law
applicable to online activities, might object that we cannot easily live in a
world with too many different sources and types of law, particularly those made
by private (non-governmental) parties, without breeding confusion and allowing
anti-social actors to escape effective regulation.
But the speed with which we can cross legally meaningful borders or
adopt and then shed legally significant roles should not reduce our willingness
to recognize multiple rule sets. Rapid travel between spheres of being does not
detract from the distinctiveness of the boundaries, as long as participants
realize the rules are changing. Nor does it detract from the appropriateness of
rules applying within any given place, any more than changing commercial or
organizational roles in the physical world detracts from a person's ability to
obey and distinguish rules as a member of many different institutional
affiliations and to know which rules are appropriate for which roles Nor does
it lower the enforceability of any given rule set within its appropriate
boundaries, as long as groups can control unauthorized boundary crossing of
groups or messages.
Alternating between different legal identities many times during a day
may confuse those for whom cyberspace remains an alien territory, but for those
for whom cyberspace is a more natural habitat in which they spend increasing
amounts of time it may become second nature. Legal systems must learn to
accommodate a more mobile kind of legal person.\105\
Global electronic communications have created new
spaces in which distinct rule sets will evolve. We can reconcile the new law
created in this space with current territorially-based legal systems by
treating it as a distinct doctrine, applicable to a clearly demarcated sphere,
created primarily by legitimate, self-regulatory processes, and entitled to
appropriate deference--but also subject to limitations when it oversteps its
appropriate sphere.
The law of any given place must take into account the special
characteristics of the space it regulates and the types of persons, places, and
things found there. Just as a country's jurisprudence reflects its unique
historical experience and culture, the law of Cyberspace will reflect its
special character, which differs markedly from anything found in the physical
world. For example, the law of the Net must deal with persons who
"exist" in Cyberspace only in the form of an email address and whose
purported identity may or may not accurately correspond to physical
characteristics in the real world. In fact, an e-mail address might not even
belong to a single person. Accordingly, if Cyberspace law is to recognize the
nature of its "subjects," it cannot rest on the same doctrines that
give geographically based sovereigns jurisdiction over "whole,"
locatable, physical persons. The law of the Net must be prepared to deal with
persons who manifest themselves only by means of a particular ID, user account,
or domain name.
Moreover, if rights and duties attach to an account itself, rather than
an underlying real world person, traditional concepts such as
"equality," "discrimination," or even "rights and
duties" may not work as we normally understand them. New angles on these
ideas may develop. For example, when AOL users joined the Net in large numbers,
other Cyberspace users often ridiculed them based on the ".aol" tag
on their email addresses--a form of "domainism" that might be
discouraged by new forms of Netiquette. If a doctrine of Cyberspace law accords
rights to users, we will need to decide whether those rights adhere only to
particular types of online appearances, as distinct from attaching to
particular individuals in the real world.
Similarly, the types of "properties" that can become the
subject of legal discussion in Cyberspace will differ from real world real
estate or tangible objects. For example, in the real world the physical covers
of a book delineate the boundaries of a "work" for purposes of
copyright law; those limits may disappear entirely when the same materials are
part of a large electronic database. Thus, we may have to change the "fair
use" doctrine in copyright law that previously depended on calculating
what portion of the physical work was copied. Similarly, a web page's
"location" in Cyberspace may take on a value unrelated to the
physical place where the disk holding that Web page resides, and efforts to
regulate web pages by attempting to control physical objects may only cause the
relevant bits to move from one place to another. On the other hand, the
boundaries set by "URLs" (Uniform Resource Locators, the location of
a document on the World Wide Web) may need special protection against
confiscation or confusingly similar addresses. And, because these online
"places" may contain offensive material, we may need rules requiring
(or allowing) groups to post certain signs or markings at these places' outer
borders.
The boundaries that separate persons and things behave differently in
the virtual world but are nonetheless legally significant. Messages posted
under one e-mail name will not affect the reputation of another e-mail address,
even if the same physical person authors both messages. Materials separated by
a password will be accessible to different sets of users, even if those
materials physically exist on the very same hard drive. A user's claim to a
right to a particular online identity or to redress when that identity's
reputation suffers harm, may be valid even if that identity does not correspond
exactly to that of any single person in the real world.
Clear boundaries make law possible, encouraging rapid differentiation
between rule sets and defining the subjects of legal discussion. New abilities
to travel or exchange information rapidly across old borders may change the
legal frame of reference and require fundamental changes in legal institutions.
Fundamental activities of lawmaking--accommodating conflicting claims, defining
property rights, establishing rules to guide conduct, enforcing those rules,
and resolving disputes--remain very much alive within the newly defined,
intangible territory of Cyberspace. At the same time, the newly emerging law challenges
the core idea of a current law-making authority--the territorial nation state,
with substantial but legally restrained powers.
If the rules of Cyberspace thus emerge from consensually based rule
sets, and the subjects of such laws remain free to move among many differing
online spaces, then considering the actions of Cyberspace's system
administrators as the exercise of a power akin to "sovereignty" may
be inappropriate. Under a legal framework where the top level imposes physical
order on those below it and depends for its continued effectiveness on the
inability of its citizens to fight back or leave the territory, the legal and
political doctrines we have evolved over the centuries are essential to
constrain such power. In that situation, where exit is impossible, costly, or
painful, then a right to a voice for the people is essential. But when the
"persons" in question are not whole people, when their
"property" is intangible and portable, and when all concerned may
readily escape a jurisdiction they do not find empowering, the relationship
between the "citizen" and the "state" changes radically.
Law, defined as a thoughtful group conversation about core values, will
persist. But it will not, could not, and should not be the same law as that applicable
to physical, geographically-defined territories.
© 1996
David R. Johnson and David G. Post. Permission granted to redistribute freely,
in whole or in part, with this notice attached.