Who governs the Internet? (and should we care?)

Can cyberspace be governed by law? Steve Hedley LLM 2011-2012 CyberCrime

No - Cyberspace is an independent realm  See

e.g. Barlow, A Declaration of the Independence of Cyberspace “Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter here.” 2

Attractions of this view  Weakness

of law enforcement  Constant jurisdictional issues  ‘No-one knows you are a dog’  Not much at stake  The libertarian impulse 3

But ….  Increasing

importance  Increasing enforcement activity  Increasing volume of trade  Irrelevance of jurisdiction cuts both ways – increasing intergovernmental co-operation 4

Yes – Cyberspace is no less regulable than anywhere else …

and the idea that cyberspace is a “place” may be misleading  See e.g. Goldsmith and Wu, Who controls the Internet? (OUP, 2006) 5

Yes – We not only can but up to a point must regulate the Internet …

to preserve what freedom there is on it  e.g. Zittrain, The Future of the Internet - And How to Stop It (Yale UP, 2009) 6

Control of the Internet – how? 1. 2. 3. 4.

International control? Direct control of users? Design control? Control through intermediaries?

7

1. International control

1. International control?  Wide

diversity of approaches world-wide  Different levels of economic development and web access  Different values reflected in different national laws 9

Different approaches to freedom of expression  All

nations respect freedom of speech to some degree …  … but the differences are nontrivial  For international censorship see www.opennetinitiative.org 10

The dilemma of internationalism  International

co-operation means agreeing common standards with some fairly unsavoury regimes but  Failure to co-operate makes it hard to enforce ANY standards nationally ! 11

Increasing restrictions on freedom of (internet) expression  China  Iran  Saudi

Arabia

 Cuba  Pakistan 12

Jurisdictional battles A

notorious battle was the Yahoo! Nazi memorabilia case (France v US), which ended in stalemate  A struggle now emerging between the US and the UK over libel judgements 13

Where can international co-operation be expected?  Keeping

the Internet running  Facilitation of trade  Areas where international standardisation is recognised as beneficial 14

Some relevant international texts  Tradeable

IP rights are regulated world-wide through UNCITRAL, WIPO, the TRIPs Treaty , ACTA  On general trade matters, the EU has managed to secure a measure of uniformity within Europe 15

Cyber peace treaty?  Cyber

attacks moving from the theoretical to the actual  Protection of networks is now a basic part of national defence  Actual incidents already  Difficulties of attribution 16

International administration is carried on through ICANN  ICANN

assigns all names of machines connected to the Internet  In theory, ICANN could remove any machine (or any country!) from the Internet  But can this power be used to enforce common standards of behaviour? 17

In practise, ICANN’s powers are very limited  See

e.g. the debate over confining porn to a “.xxx” domain  Controlling individual behaviour is technically very difficult …  … and is not likely to be regarded as legitimate world-wide 18

2. Can Internet law be directly enforced on Internet users?

In other words …  Can’t

we simply deal with undesirable behaviour on the net by passing laws against it and prosecuting people who break those laws????

20

Example: ‘Operation Amethyst’ (2002)  Discovery

of an Internet child porn server  Thousands of buyers worldwide – identified by credit card numbers  Various buyers were traced to Ireland – prosecutions 21

Example: ‘Operation Amethyst’  But

subsequently:  Doubts as to the evidence  Various lines of defence beginning to emerge  Stolen credit card numbers 22

General features of Internet law enforcement  1.

Wide geographical distribution of participants and investigators

 2.

Only very serious crimes can attract the necessary effort by police and prosecutor 23

General features of Internet law enforcement  3.

Technical and evidential problems throughout  4. Extremely labour-intensive legal processes  5. The role of intermediaries, who are much easier to control than are actual perpetrators 24

Individual prosecutions or legal actions  Pornography  Copyright

music

 Prosecutions

for hacking or fraud 25

The culture of hackers today  Increasing

sophistication of

hackers  Tending to operate from abroad  Difficulties of detection  Growth of cyberfraud and phishing activities 26

No longer the lone hacker  Selling

hacking services  BitTorrent and other decentralised systems  Phishing kits  Botnets  Porn rings, link to child traffickers 27

3. Can Internet law be enforced through the design of computers and software ?

Lessig, Code and other laws of cyberspace (1999)

29

Computers are designed with various ends in view … …

and so why can’t law enforcement be one of them?

 Can

crime be “designed out” of the Internet?

30

Nice theory, but …  Stopping

computers from doing things is more difficult than it sounds!

31

DRM: A developing area  Current

weaknesses of DRM  Controversies over rootkits  Unpopularity with consumers  New business models  How far can anti-circumvention laws go?  Is it now criminal to tinker with your own PC or DVD player? 32

National firewalls?  China  Australia

33

4. Can Internet law be enforced by targeting intermediaries?

4. Can Internet law be enforced through intermediaries?  ISPs  Search

engines  Amazon and other retailers  Bebo and other networking sites  Employers (and Universities!)  Parents 35

The most successful control of the Internet  Examples

include cases

involving:  eBay  rate-your-solicitor.com  Grokster  YouTube 36

Control of search engines  Probably

the most effective

method  But search engines are powerfully resistant to pressure from other commercial entities

37

The cases have tended to involve:  Libel

and causing offence

 Pornography  Stolen

(intellectual) property

38

Current controversy over “three strikes”  Ireland

(EMI v Eircom [2010] IEHC 108)  France  UK  EU 39

ISPs as a route to individuals

Often the intermediary is sued merely to make them reveal the name of the actual perpetrator 40

Is it TOO easy to control intermediaries?  Direct

Government control of intermediaries?  The weakness of the typical ISP  Surveillance of individuals  Data retention 41

In summary  Initial

fears (hopes? dreams?) that law might not apply in cyberspace are unfounded …

…

but enforcement is extremely patchy and context-dependent 42

In summary  Only

in extreme cases has it been practical to act  The cases where governments have acted are mostly concerned with:  Terrorism  Online fraud and theft  Child porn  Promoting international trade 43