Chapter 2 - Competing Visions of Internet Law


In the early days of the Internet, discussion of Internet law centered largely on whether the Internet could or should be regulated. The Internet of those days bore little resemblance to the 100 million user Internet of today. Rather, the Internet of the 1980's and early 1990's had a communal feel where users generally trusted one another and commercial activities were frowned upon. Longtime Internet users often yearn for that Internet of old - a space governed by the inhabitants where the Internet genuinely constituted a place separate and apart from real space.

Today the Internet has emerged as integral part of our communications and social infrastructure with millions of users and companies online. This growth resulted in critical changes to the legal regulation of Internet-based activity. Legal scholars have now advanced beyond the issue of whether to regulate Internet activity and are instead focusing on the more challenging question of how to regulate such activity.

Notwithstanding these developments, the hope that the Internet can return to its roots remains firmly in place for many users. This view is best illustrated by John Perry Barlow's Declaration of the Independence of Cyberspace. Barlow, a co-founder of the influential Electronic Frontier Foundation, first published the declaration on the Internet in the wake of the U.S. Congress enacting the Communications Decency Act, which was the first U.S. national attempt at Internet content regulation. The declaration attracted widespread attention as it captured the frustration of thousands of Internet users who felt helpless as they witnessed the profound change enveloping the Internet legal landscape.

John Perry Barlow's "A Declaration of the Independence of Cyberspace", 1996

Date: Fri, 9 Feb 1996 17:16:35 +0100


From: John Perry Barlow

Subject: A Cyberspace Independence Declaration

Yesterday, that great invertebrate in the White House signed into the law the Telecom "Reform" Act of 1996, while Tipper Gore took digital photographs of the proceedings to be included in a book called "24 Hours in Cyberspace."

I had also been asked to participate in the creation of this book by writing something appropriate to the moment. Given the atrocity that this legislation would seek to inflict on the Net, I decided it was as good a time as any to dump some tea in the virtual harbor.

After all, the Telecom "Reform" Act, passed in the Senate with only 5 dissenting votes, makes it unlawful, and punishable by a $250,000 to say "shit" online. Or, for that matter, to say any of the other 7 dirty words prohibited in broadcast media. Or to discuss abortion openly. Or to talk about any bodily function in any but the most clinical terms.

It attempts to place more restrictive constraints on the conversation in Cyberspace than presently exist in the Senate cafeteria, where I have dined and heard colorful indecencies spoken by United States senators on every occasion I did.

This bill was enacted upon us by people who haven't the slightest idea who we are or where our conversation is being conducted. It is, as my good friend and Wired Editor Louis Rossetto put it, as though "the illiterate could tell you what to read."

Well, fuck them.

Or, more to the point, let us now take our leave of them. They have declared war on Cyberspace. Let us show them how cunning, baffling, and powerful we can be in our own defense.

I have written something (with characteristic grandiosity) that I hope will become one of many means to this end. If you find it useful, I hope you will pass it on as widely as possible. You can leave my name off it if you like, because I don't care about the credit. I really don't.

But I do hope this cry will echo across Cyberspace, changing and growing and self-replicating, until it becomes a great shout equal to the idiocy they have just inflicted upon us.

I give you...


Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.

We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear.

Governments derive their just powers from the consent of the governed. You have neither solicited nor received ours. We did not invite you. You do not know us, nor do you know our world. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions.

You have not engaged in our great and gathering conversation, nor did you create the wealth of our marketplaces. You do not know our culture, our ethics, or the unwritten codes that already provide our society more order than could be obtained by any of your impositions.

You claim there are problems among us that you need to solve. You use this claim as an excuse to invade our precincts. Many of these problems don't exist.

Where there are real conflicts, where there are wrongs, we will identify them and address them by our means. We are forming our own Social Contract. This governance will arise according to the conditions of our world, not yours.

Our world is different.

Cyberspace consists of transactions, relationships, and thought itself, arrayed like a standing wave in the web of our communications. Ours is a world that is both everywhere and nowhere, but it is not where bodies live.

We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth.

We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.

Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter here.

Our identities have no bodies, so, unlike you, we cannot obtain order by physical coercion. We believe that from ethics, enlightened self-interest, and the commonweal, our governance will emerge. Our identities may be distributed across many of your jurisdictions. The only law that all our constituent cultures would generally recognize is the Golden Rule. We hope we will be able to build our particular solutions on that basis. But we cannot accept the solutions you are attempting to impose.

In the United States, you have today created a law, the Telecommunications

Reform Act, which repudiates your own Constitution and insults the dreams of Jefferson, Washington, Mill, Madison, DeToqueville, and Brandeis. These dreams must now be born anew in us.

You are terrified of your own children, since they are natives in a world where you will always be immigrants. Because you fear them, you entrust your bureaucracies with the parental responsibilities you are too cowardly to confront yourselves. In our world, all the sentiments and expressions of humanity, from the debasing to the angelic, are parts of a seamless whole, the global conversation of bits. We cannot separate the air that chokes from the air upon which wings beat.

In China, Germany, France, Russia, Singapore, Italy and the United States, you are trying to ward off the virus of liberty by erecting guard posts at the frontiers of Cyberspace. These may keep out the contagion for a small time, but they will not work in a world that will soon be blanketed in bit-bearing media.

Your increasingly obsolete information industries would perpetuate themselves by proposing laws, in America and elsewhere, that claim to own speech itself throughout the world. These laws would declare ideas to be another industrial product, no more noble than pig iron. In our world, whatever the human mind may create can be reproduced and distributed infinitely at no cost. The global conveyance of thought no longer requires your factories to accomplish.

These increasingly hostile and colonial measures place us in the same position as those previous lovers of freedom and self-determination who had to reject the authorities of distant, uninformed powers. We must declare our virtual selves immune to your sovereignty, even as we continue to consent to your rule over our bodies. We will spread ourselves across the Planet so that no one can arrest our thoughts.

We will create a civilization of the Mind in Cyberspace. May it be more humane and fair than the world your governments have made before.


Is cyberspace a place? That question was a central theme of early Internet scholarship as leading academics and practitioners debated the merits of an Internet-specific legal structure and the viability of applying traditional, real space rules to online activity.

The leading proponent of the "cyberspace is a place" camp is Professor David Post, a professor at Temple University in Philadelphia. His 1996 article, Law and Borders - The Rise of Law in Cyberspace, co-authored with David Johnson, is one of the most widely read Internet articles attracting the attention of legal scholars worldwide.

LAW AND BORDERS - THE RISE OF LAW IN CYBERSPACE - David R. Johnson & David Post, 48 Stan. L. Rev. 1367 (1996) [citations omitted]

Global computer-based communications cut across territorial borders, creating a new realm of human activity and undermining the feasibility -- and legitimacy-- of laws based on geographic boundaries. While these electronic communications play havoc with geographic boundaries, a new boundary, made up of the screens and passwords that separate the virtual world from the "real world" of atoms, emerges. This new boundary defines a distinct Cyberspace that needs and can create its own law and legal institutions. Territorially based law-makers and law-enforcers find this new environment deeply threatening. But established territorial authorities may yet learn to defer to the self-regulatory efforts of Cyberspace participants who care most deeply about this new digital trade in ideas, information, and services. Separated from doctrine tied to territorial jurisdictions, new rules will emerge to govern a wide range of new phenomena that have no clear parallel in the nonvirtual world. These new rules will play the role of law by defining legal personhood and property, resolving disputes, and crystallizing a collective conversation about online participants' core values.


We take for granted a world in which geographical borders -- lines separating physical spaces -- are of primary importance in determining legal rights and responsibilities. Territorial borders, generally speaking, delineate areas within which different sets of legal rules apply. There has until now been a general correspondence between borders drawn in physical space (between nation states or other political entities) and borders in "law space." For example, if we were to superimpose a "law map" (delineating areas where different rules apply to particular behaviors) onto a political map of the world, the two maps would overlap to a significant degree, with clusters of homogeneous applicable law and legal institutions fitting within existing physical borders.



Physical borders are not, of course, simply arbitrary creations. Although they may be based on historical accident, geographic borders for law make sense in the real world. Their logical relationship to the development and enforcement of legal rules is based on a number of related considerations.


Power. Control over physical space, and the people and things located in that space, is a defining attribute of sovereignty and statehood. Law- making requires some mechanism for law enforcement, which in turn depends on the ability to exercise physical control over, and impose coercive sanctions on, law-violators. For example, the U.S. government does not impose its trademark law on a Brazilian business operating in Brazil, at least in part because imposing sanctions on the Brazilian business would require assertion of physical control over business owners. Such an assertion of control would conflict with the Brazilian government's recognized monopoly on the use of force over its citizens.


Effects. The correspondence between physical boundaries and "law space" boundaries also reflects a deeply rooted relationship between physical proximity and the effects of any particular behavior. That is, Brazilian trademark law governs the use of marks in Brazil because that use has a more direct impact on persons and assets within Brazil than anywhere else. For example, a large sign over "Jones' Restaurant" in Rio de Janeiro is unlikely to have an impact on the operation of "Jones' Restaurant" in Oslo, Norway, for we may assume that there is no substantial overlap between the customers, or competitors, of these two entities. Protection of the former's trademark does not -- and probably should not -- affect the protection afforded the latter's.


Legitimacy. We generally accept the notion that the persons within a geographically defined border are the ultimate source of law-making authority for activities within that border. The "consent of the governed" implies that those subject to a set of laws must have a role in their formulation. By virtue of the preceding considerations, those people subject to a sovereign's laws, and most deeply affected by those laws, are the individuals who are located in particular physical spaces. Similarly, allocation of responsibility among levels of government proceeds on the assumption that, for many legal problems, physical proximity between the responsible authority and those most directly affected by the law will improve the quality of decision making, and that it is easier to determine the will of those individuals in physical proximity to one another.


Notice. Physical boundaries are also appropriate for the delineation of "law space" in the physical world because they can give notice that the rules change when the boundaries are crossed. Proper boundaries have signposts that provide warning that we will be required, after crossing, to abide by different rules, and physical boundaries -- lines on the geographical map -- are generally well- equipped to serve this signpost function.


Cyberspace radically undermines the relationship between legally significant (online) phenomena and physical location. The rise of the global computer network is destroying the link between geographical location and: (1) the power of local governments to assert control over online behavior; (2) the effects of online behavior on individuals or things; (3) the legitimacy of a local sovereign's efforts to regulate global phenomena; and (4) the ability of physical location to give notice of which sets of rules apply. The Net thus radically subverts the system of rule-making based on borders between physical spaces, at least with respect to the claim that Cyberspace should naturally be governed by territorially defined rules.


Cyberspace has no territorially based boundaries, because the cost and speed of message transmission on the Net is almost entirely independent of physical location. Messages can be transmitted from one physical location to any other location without degradation, decay, or substantial delay, and without any physical cues or barriers that might otherwise keep certain geographically remote places and people separate from one another. The Net enables transactions between people who do not know, and in many cases cannot know, each other's physical location. Location remains vitally important, but only location within a virtual space consisting of the "addresses" of the machines between which messages and information are routed. The system is indifferent to the physical location of those machines, and there is no necessary connection between an Internet address and a physical jurisdiction. Although the domain name initially assigned to a given machine may be associated with an Internet Protocol address that corresponds to that machine's physical location (for example, a ".uk" domain name extension), the machine may be physically moved without affecting its domain name. Alternatively, the owner of the domain name might request that the name become associated with an entirely different machine, in a different physical location. Thus, a server with a ".uk" domain name need not be located in the United Kingdom, a server with a ".com" domain name may be anywhere, and users, generally speaking, are not even aware of the location of the server that stores the content that they read.


The power to control activity in Cyberspace has only the most tenuous connections to physical location. Nonetheless, many governments' first response to electronic communications crossing their territorial borders is to try to stop or regulate that flow of information. Rather than permitting self-regulation by participants in online transactions, many governments establish trade barriers, attempt to tax border-crossing cargo, and respond especially sympathetically to claims that information coming into the jurisdiction might prove harmful to local residents. As online information becomes more important to local citizens, these efforts increase. In particular, resistance to "transborder data flow" (TDF) reflects the concerns of sovereign nations that the development and use of TDF's will undermine their "informational sovereignty," will impinge upon the privacy of local citizens, and will upset private property interests in information. Even local governments in the United States have expressed concern about their loss of control over information and transactions flowing across their borders.


But efforts to control the flow of electronic information across physical borders -- to map local regulation and physical boundaries onto Cyberspace -- are likely to prove futile, at least in countries that hope to participate in global commerce. Individual electrons can easily, and without any realistic prospect of detection, "enter" any sovereign's territory. The volume of electronic communications crossing territorial boundaries is just too great in relation to the resources available to government authorities.


Traditional legal doctrine treats the Net as a mere transmission medium that facilitates the exchange of messages sent from one legally significant geographical location to another, each of which has its own applicable laws. But trying to tie the laws of any particular territorial sovereign to transactions on the Net, or even trying to analyze the legal consequences of Net-based commerce as if each transaction occurred geographically somewhere in particular, is most unsatisfying. A more legally significant, and satisfying, border for the "law space" of the Net consists of the screens and passwords that separate the tangible from the virtual world.


Many of the jurisdictional and substantive quandaries raised by border- crossing electronic communications could be resolved by one simple principle: conceiving of Cyberspace as a distinct "place" for purposes of legal analysis by recognizing a legally significant border between Cyberspace and the "real world." Using this new approach, we would no longer ask the unanswerable question "where" in the geographical world a Net-based transaction occurred. Instead, the more salient questions become: What procedures are best suited to the often unique characteristics of this new place and the expectations of those who are engaged in various activities there? What mechanisms exist or need to be developed to determine the content of those rules and the mechanisms by which they can enforced? Answers to these questions will permit the development of rules better suited to the new phenomena in question, more likely to be made by those who understand and participate in those phenomena, and more likely to be enforced by means that the new global communications media make available and effective.


Treating Cyberspace as a separate "space" to which distinct laws apply should come naturally. There is a "placeness" to Cyberspace because the messages accessed there are persistent and accessible to many people. Furthermore, because entry into this world of stored online communications occurs through a screen and (usually) a password boundary, you know when you are "there." No one accidentally strays across the border into Cyberspace. To be sure, Cyberspace is not a homogenous place; groups and activities found at various online locations possess their own unique characteristics and distinctions, and each area will likely develop its own set of distinct rules. But the line that separates online transactions from our dealings in the real world is just as distinct as the physical boundaries between our territorial governments -- perhaps more so.


Crossing into Cyberspace is a meaningful act that would make application of a distinct "law of Cyberspace" fair to those who pass over the electronic boundary. As noted, a primary function and characteristic of a border or boundary is its ability to be perceived by the one who crosses it. As regulatory structures evolve to govern Cyberspace-based transactions, it will be much easier to be certain which of those rules apply to your activities online than to determine which territorial-based authority might apply its laws to your conduct. For example, you would know to abide by the "terms of service" established by CompuServe or America Online when you are in their online territory, rather than guess whether Germany, or Tennessee, or the SEC will succeed in asserting their right to regulate your activities and those of the "placeless" online personae with whom you communicate.




Even if we agree that new rules should apply to online phenomena, questions remain about who sets the rules and how they are enforced. We believe the Net can develop its own effective legal institutions.


In order for the domain name space to be administered by a legal authority that is not territorially based, new law-making institutions will have to develop. Many questions that arise in setting up this system will need answers: Should a new top level domain be created? Do online addresses belong to users or service providers? Does one name impermissibly interfere with another, thus confusing the public and diluting the value of the pre- existing name? The new system must also include procedures to give notice in conflicting claims, to resolve these claims, and to assess appropriate remedies (including, possibly, compensation) in cases of wrongful use. If the Cyberspace equivalent of eminent domain develops, questions may arise over how to compensate individuals when certain domain names are destroyed or redeployed for the public good of the Net community. Someone must also decide threshold membership issues for Cyberspace citizens, including how much users must disclose (and to whom) about their real-world identities to use e-mail addresses and domain names for commercial purposes. Implied throughout this discussion is the recognition that these rules will be meaningful and enforceable only if Cyberspace citizens view whoever makes these decisions as a legitimate governing body.


Experience suggests that the community of online users and service providers is up to the task of developing a self-governance system. For example, the current domain name system evolved from decisions made by engineers and the practices of Internet service providers. Now that trademark owners are threatening the company that administers the registration system, the same engineers who established the original domain name standards are again deliberating whether to alter the domain name system to take these new policy issues into account.


Every system operator who dispenses a password imposes at least some requirements as conditions of continuing access, including paying bills on time or remaining a member of a group entitled to access (for example, students at a university). System operators (sysops) have an extremely powerful enforcement tool at their disposal to enforce such rules -- banishment. Moreover, communities of users have marshaled plenty of enforcement weapons to induce wrongdoers to comply with local conventions, such as rules against flaming, shunning, mailbombs, and more. And both sysops and users have begun explicitly to recognize that formulating and enforcing such rules should be a matter for principled discussion, not an act of will by whoever has control of the power switch.


While many of these new rules and customs apply only to specific, local areas of the global network, some standards apply through technical protocols on a nearly universal basis. And widespread agreement already exists about core principles of "netiquette" in mailing lists and discussion groups --although, admittedly, new users have a slow learning curve and the Net offers little formal "public education" regarding applicable norms. Moreover, dispute resolution mechanisms suited to this new environment also seem certain to prosper. Cyberspace is anything but anarchic; its distinct rule sets are becoming more robust every day.


Perhaps the most apt analogy to the rise of a separate law of Cyberspace is the origin of the Law Merchant -- a distinct set of rules that developed with the new, rapid boundary-crossing trade of the Middle Ages. Merchants could not resolve their disputes by taking them to the local noble, whose established feudal law mainly concerned land claims. Nor could the local lord easily establish meaningful rules for a sphere of activity that he barely understood and that was executed in locations beyond his control. The result of this jurisdictional confusion was the development of a new legal system -- Lex Mercatoria. The people who cared most about and best understood their new creation formed and championed this new law, which did not destroy or replace existing law regarding more territorially based transactions (e.g., transferring land ownership). Arguably, exactly the same type of phenomenon is developing in Cyberspace right now.


Governments cannot stop electronic communications from coming across their borders, even if they want to do so. Nor can they credibly claim a right to regulate the Net based on supposed local harms caused by activities that originate outside their borders and that travel electronically to many different nations. One nation's legal institutions should not monopolize rule- making for the entire Net. Even so, established authorities will likely continue to claim that they must analyze and regulate the new online phenomena in terms of some physical locations. After all, they argue, the people engaged in online communications still inhabit the material world, and local legal authorities must have authority to remedy the problems created in the physical world by those acting on the Net. The rise of responsible law-making institutions within Cyberspace, however, will weigh heavily against arguments that describe the Net as "lawless" and thus connect regulation of online trade to physical jurisdictions. As noted, sysops, acting alone or collectively, have the power to banish those who commit wrongful acts online. Thus, for online activities that minimally affect the vital interests of sovereigns, the self-regulating structures of Cyberspace seem better suited to dealing with the Net's legal issues.




Global electronic communications have created new spaces in which distinct rule sets will evolve. We can reconcile the new law created in this space with current territorially based legal systems by treating it as a distinct doctrine, applicable to a clearly demarcated sphere, created primarily by legitimate, self-regulatory processes, and entitled to appropriate deference -- but also subject to limitations when it oversteps its appropriate sphere.


The law of any given place must take into account the special characteristics of the space it regulates and the types of persons, places, and things found there. Just as a country's jurisprudence reflects its unique historical experience and culture, the law of Cyberspace will reflect its special character, which differs markedly from anything found in the physical world. For example, the law of the Net must deal with persons who "exist" in Cyberspace only in the form of an e-mail address and whose purported identity may or may not accurately correspond to physical characteristics in the real world. In fact, an e-mail address might not even belong to a single person. Accordingly, if Cyberspace law is to recognize the nature of its "subjects," it cannot rest on the same doctrines that give geographically based sovereigns jurisdiction over "whole," locatable, physical persons. The law of the Net must be prepared to deal with persons who manifest themselves only by means of a particular ID, user account, or domain name.


Moreover, if rights and duties attach to an account itself, rather than to an underlying real world person, traditional concepts such as "equality," "discrimination," or even "rights and duties" may not work as we normally understand them. For example, when AOL users joined the Net in large numbers, other Cyberspace users often ridiculed them based on the ".aol" tag on their email addresses -- a form of "domainism" that might be discouraged by new forms of Netiquette. If a doctrine of Cyberspace law accords rights to users, we will need to decide whether those rights adhere only to particular types of online appearances, as distinct from those attaching to particular individuals in the real world.


Similarly, the types of "properties" that can become the subject of legal discussion in Cyberspace will differ from real world real estate or tangible objects. For example, in the real world the physical covers of a book delineate the boundaries of a "work" for purposes of copyright law; those limits may disappear entirely when the same materials are part of a large electronic database. Thus, we may have to change the "fair use" doctrine in copyright law that previously depended on calculating what portion of the physical work was copied. Similarly, a web page's "location" in Cyberspace may take on a value unrelated to the physical place where the disk holding that Web page resides, and efforts to regulate web pages by attempting to control physical objects may only cause the relevant bits to move from one place to another. On the other hand, the boundaries set by "URLs" (Uniform Resource Locators, the location of a document on the World Wide Web) may need special protection against confiscation or confusingly similar addresses. And, because these online "places" may contain offensive material, we may need rules requiring (or allowing) groups to post certain signs or markings at these places' outer borders.


The boundaries that separate persons and things behave differently in the virtual world but are nonetheless legally significant. Messages posted under one e-mail name will not affect the reputation of another e-mail address, even if the same physical person authors both messages. Materials separated by a password will be accessible to different sets of users, even if those materials physically exist on the very same hard drive. A user's claim to a right to a particular online identity or to redress when that identity's reputation suffers harm, may be valid even if that identity does not correspond exactly to that of any single person in the real world.


Clear boundaries make law possible, encouraging rapid differentiation between rule sets and defining the subjects of legal discussion. New abilities to travel or exchange information rapidly across old borders may change the legal frame of reference and require fundamental changes in legal institutions. Fundamental activities of lawmaking -- accommodating conflicting claims, defining property rights, establishing rules to guide conduct, enforcing those rules, and resolving disputes -- remain very much alive within the newly defined, intangible territory of Cyberspace. At the same time, the newly emerging law challenges the core idea of a current law-making authority -- the territorial nation state, with substantial but legally restrained powers.


If the rules of Cyberspace thus emerge from consensually based rule sets, and the subjects of such laws remain free to move among many differing online spaces, then considering the actions of Cyberspace's system administrators as the exercise of a power akin to "sovereignty" may be inappropriate. Under a legal framework where the top level imposes physical order on those below it and depends for its continued effectiveness on the inability of its citizens to fight back or leave the territory, the legal and political doctrines we have evolved over the centuries are essential to constrain such power. In that situation, where exit is impossible, costly, or painful, then a right to a voice for the people is essential. But when the "persons" in question are not whole people, when their "property" is intangible and portable, and when all concerned may readily escape a jurisdiction they do not find empowering, the relationship between the "citizen" and the "state" changes radically. Law, defined as a thoughtful group conversation about core values, will persist. But it will not, could not, and should not be the same law as that applicable to physical, geographically-defined territories.


  1. The authors argue that logging onto the Internet involves moving from the physical to the virtual -- with the consequence that we can treat cyberspace as a place separate from the physical world. Such an approach would enable us (consider who the "us" is) to craft laws specific to cyberspace and to place significant limitations on traditional regulatory approaches. Do you agree with this characterization? Do you think that recent technological change impacts the authors' analysis? Has the Internet become sufficiently ingrained into daily life such that it now functions as part of real space?
  2. How much of Post and Johnson's arguments rest upon the technological limitations of their day? In view of the rapid progress of Internet development, might the arguments pertaining to enforcement limitations be rendered moot someday soon?


The most direct response to the Law and Borders article comes from Professor Jack Goldsmith of the University of Chicago Law School. His 1998 article, Against Cyberanarchy, tackles the "cyberspace is a place" argument with a forceful case for the belief that existing law can adapt to the Internet.

AGAINST CYBERANARCHY Jack L. Goldsmith - 65 U. Chi. L. Rev. 1199 (1998) [citations omitted]

The Supreme Court's partial invalidation of the Communications Decency Act on First Amendment grounds raises the more fundamental question of whether the state can regulate cyberspace at all. Several commentators, whom I shall call "regulation skeptics," have argued that it cannot. Some courts have also expressed skepticism. The popular and technical press are full of similar claims.


The regulation skeptics make both descriptive and normative claims. On the descriptive side, they claim that the application of geographically based conceptions of legal regulation and choice of law to a-geographical cyberspace activity either makes no sense or leads to hopeless confusion. On the normative side, they argue that because cyberspace transactions occur " simultaneously and equally" in all national jurisdictions, regulation of the flow of this information by any particular national jurisdiction illegitimately produces significant negative spillover effects in other jurisdictions. They also claim that the architecture of cyberspace precludes notice of governing law that is crucial to the law's legitimacy. In contrast, they argue, cyberspace participants are much better positioned than national regulators to design comprehensive legal rules that would both internalize the costs of cyberspace activity and give proper notice to cyberspace participants. The regulation skeptics conclude from these arguments that national regulators should "defer to the self-regulatory efforts of Cyberspace participants."




This Section argues that the skeptics' claims about the infeasibility of national regulation of cyberspace rest on an underappreciation of the realities of modern conflict of laws, and of the legal and technological tools available to resolve multijurisdictional cyberspace conflicts. From the perspective of jurisdiction and choice of law, regulation of cyberspace transactions is no less feasible than regulation of other transnational transactions.


A. Default Laws and Private Ordering in Cyberspace


Cyberspace transactions that implicate default laws, like other transnational transactions that implicate such laws, are subject to private legal ordering. The architecture of cyberspace facilitates this private ordering and thus enables cyberspace participants to avoid many transnational conflicts of law.


At the most basic level, private ordering is facilitated by the technical standards that define and limit cyberspace. To participate in the Internet function known as the World Wide Web, users must consent to the TCP/IP standards that define the Internet as well as to the HTML standards that more particularly define the Web. Similarly, sending e-mail over the Internet requires the sender to use TCP/IP standards and particular e-mail protocols. One's experience of cyberspace is further defined and limited by the more particular communication standards embedded in software. For example, within the range of what TCP/IP and HTML permit, an individual's communication via the World Wide Web will be shaped and limited by (among many other things) her choice of browsers and search engines. These and countless other technical standard choices order behavior in cyberspace. In this sense, access to different cyberspace networks and communities is always conditioned on the accessors' consent to the array of technical standards that define these networks and communities.


Technical standards cannot comprehensively specify acceptable behavior in cyberspace. Within the range of what these standards permit, information flows might violate network norms or territorial laws. Many network norms are promulgated and enforced informally. A more formal method to establish private legal orders in cyberspace is to condition access to particular networks on consent to a particular legal regime.


This regime could take several forms. It could be a local, national, or international law. When you buy a Dell computer through the company's web page from anywhere in the world, you agree that "(a)ny claim relating to, and the use of, this Site and the materials contained herein is governed by the laws of the state of Texas." Alternatively, the chosen law could be a free- standing model law attached to no particular sovereign but available to be incorporated by contract. For example, parties to a commercial transaction over the Internet could agree that their transaction is governed by UNIDROIT Principles or the Uniform Customs and Practice for Documentary Credits. Or the governing law could be the contractual terms themselves. Waivers and exclusions operate as private law in this way. So too do chat rooms, discussion lists, and local area networks that condition participation on the user's consent to community norms specified in a contract.


Cyberspace architecture can also help to establish other aspects of a private legal order. Through conditioned access, cyberspace users can consent to have subsequent disputes resolved by courts, arbitrators, systems operators, or even "virtual magistrates." They can also establish private enforcement regimes. Technical standards operate as an enforcer of sorts by defining and limiting cyberspace activity. For example, software filters can block or condition access to certain information, and various technologies perform compliance monitoring functions. In addition, the gatekeeper of each cyberspace community can cut off entry for noncompliance with the community rules, or punish a user for bad acts by drawing on a bond (perhaps simply a credit card) put up as a condition on the user's entry.


Many have proposed a structure for private legal ordering of cyberspace along the lines just sketched. There is nothing remarkable about this structure. It differs little from the legal structure of other private groups, such as churches, merchants, families, clubs, and corporations, which have analogous consent based governing laws, dispute resolution mechanisms, and private enforcement regimes. But just as private ordering is often not a comprehensive solution to the regulation of "real-space" private groups, it will not be a comprehensive solution to the regulation of cyberspace either.


In part this is because it remains an open question how to generate consent across cyberspace networks. Conditioning access on consent to a governing legal regime is relatively easy at the entry point of a cyberspace network. In theory, it is just as easy to generate such consent at the interface between networks. It is commonplace to click on a hypertext link and be greeted by a message that conditions further access on presentation of an identification code, or credit card number, or personal information such as age and address. A similar demand for consent to a particular legal regime could be added as a condition for access. However, this process might become confusing; the technological and conceptual details of consenting to and coordinating different legal regimes as one works one's way through dozens of cyberspace networks remain to be worked out. In addition, the generation of legal consent across networks will impose time and other costs that are anathema to many cyberspace users.


An important additional difficulty is that many cyberspace activities affect non-cyberspace participants with whom ex ante consent to a private legal regime will not be possible. Cyberspace is not, as the skeptics often assume, a self-enclosed regime. A communication in cyberspace often has consequences for persons outside the computer network in which the communication took place. For example: a book uploaded on the Net can violate an author's copyright; a chat room participant can defame someone outside the chat room; terrorists can promulgate bomb making or kidnapping tips; merchants can conspire to fix prices by e-mail; a corporation can issue a fraudulent security; a pornographer can sell kiddie porn; Internet gambling can decrease in-state gambling revenues and cause family strife; and so on. In these and many other ways, communications via cyberspace produce harmful, real-world effects on those who have not consented to the private ordering of the cyberspace community.


Finally, even if the hurdles to consent can be surmounted, consent-based legal orders are limited by a variety of national mandatory law restrictions. These mandatory laws define who may consent to these private regimes. For example, they prevent persons of certain ages from entering into certain types of contracts. They also limit the form and scope of such consent. The consideration requirement and limitations on liquidated damages clauses fall into this category, as do requirements that the law chosen by the parties have a reasonable relationship to the subject matter of the contract. Some mandatory laws also limit the internal and external activities of the group's activities. Criminal law, for example, falls in this category.


Private legal ordering thus has the potential to resolve many, but not all, of the challenges posed by multijurisdictional cyberspace activity. Cyberspace activities for which ex ante consent to a governing legal regime is either infeasible or unenforceable are not amenable to private ordering. Such activities remain subject to the skeptics' concerns about multiple or extraterritorial national regulation.


B. The Limits of Enforcement Jurisdiction


The skeptics' concerns are further attenuated, however, by limitations on every nation's ability to enforce its laws. A nation can purport to regulate activity that takes place anywhere. The Island of Tobago can enact a law that purports to bind the rights of the whole world. But the effective scope of this law depends on Tobago's ability to enforce it. And in general a nation can only enforce its laws against: (i) persons with a presence or assets in the nation's territory; (ii) persons over whom the nation can obtain personal jurisdiction and enforce a default judgment against abroad; or (iii) persons whom the nation can successfully extradite.


A defendant's physical presence or assets within the territory remains the primary basis for a nation or state to enforce its laws. The large majority of persons who transact in cyberspace have no presence or assets in the jurisdictions that wish to regulate their information flows in cyberspace. Such regulations are thus likely to apply primarily to Internet service providers and Internet users with a physical presence in the regulating jurisdiction. Cyberspace users in other territorial jurisdictions will indirectly feel the effect of the regulations to the extent that they are dependent on service or content providers with a presence in the regulating jurisdiction. But for almost all users, there will be no threat of extraterritorial legal liability because of a lack of presence in the regulating jurisdictions.


A nation or state can also enforce its laws over an entity with no local presence or assets if it can obtain personal jurisdiction over the entity and enforce a local default judgment against that entity abroad. The domestic interstate context presents a much greater threat in this regard than does the international context. This is because the Full Faith and Credit Clause requires a state to enforce the default judgment of a sister state that had personal jurisdiction over the defendant. This threat is attenuated, however, by constitutional limits on a state's assertion of personal jurisdiction. The Due Process Clauses prohibit a state from asserting personal jurisdiction over an entity with no local presence unless the entity has purposefully directed its activities to the forum state and the assertion of jurisdiction is reasonable.


Application of this standard to cyberspace activities presents special difficulties. Under standard assumptions about cyberspace architecture, persons can upload or transmit information knowing that it could reach any and all jurisdictions, but not knowing which particular jurisdiction it might reach. Can every state where these transmissions appear assert specific personal jurisdiction over the agent of the information under the purposeful availment and reasonableness tests?


Full consideration of this issue is far beyond this Article's scope. I simply wish to point out why there is relatively little reason at present, and even less reason in the near future, to believe that the mere introduction of information into cyberspace will by itself suffice for personal jurisdiction over the agent of the transmission in every state where the information appears. Most courts have required something more than mere placement of information on a web page in one state as a basis for personal jurisdiction in another state where the web page is accessed. For a variety of reasons, these decisions have limited specific personal jurisdiction to cases in which there are independent indicia that the out-of-state defendant knowingly and purposefully directed the effects of out-of-state conduct to a particular state where the acts were deemed illegal.


Given the skeptics' assumptions about cyberspace architecture, this conclusion appears appropriate. It seems unfair to expose a content provider to personal jurisdiction in all fifty states for the mere act of uploading information on a computer if she cannot take affordable precautions to avoid simultaneous multi-jurisdictional effects. But we shall see below that the skeptics' architectual assumptions are inaccurate. It is already possible for content providers to take measures to achieve significant control over information flows. And filtering and identification technology promise greater control at less cost. In cyberspace as in real space, the ultimate meaning of "purposeful availment" and "reasonableness" will depend on the cost and feasibility of information flow control. As such control becomes more feasible and less costly, personal jurisdiction over cyberspace activities will become functionally identical to personal jurisdiction over real- space activities.


This detour into the technicalities of personal jurisdiction was necessitated by a worry about the extraterritorial enforcement of local default judgments against nonlocal cyberspace users within the American federal system. Such concerns are less pronounced in the international context. In contrast to the domestic interstate context, customary international law imposes few enforceable controls on a country's assertion of personal jurisdiction, and there are few treaties on the subject. However, also in contrast to domestic law, there is no full faith and credit obligation to enforce foreign judgments in the international sphere. If one country exercises personal jurisdiction on an exorbitant basis, the resulting judgment is unlikely to be enforced in another country. In addition, local public policy exceptions to the enforcement of foreign judgments are relatively commonplace in the international sphere, especially when the foreign judgment flies in the face of the enforcing state's regulatory regime. For these reasons, there is little concern that a foreign default judgment will be enforceable against cyberspace users who live outside the regulating jurisdiction.


The final way that a nation can enforce its regulations against persons outside its jurisdiction is by seeking extradition. In the United States, extradition among the several states is regulated by Article IV of the Constitution and the federal extradition law. As a general matter, State A must accede to the proper demand of State B for the surrender of a fugitive who committed an act in State B that State B considers a crime. Nonetheless, a person who in State A transmits information flows that appear in and constitute a crime in State B will not likely be subject to extradition to State B under these provisions. This is because the extradition obligation only extends to fugitives who have fled State B, and these terms have long been limited to persons who were physically present in the demanding state at the time of the crime's commission. A different, but equally forceful, limitation applies to international extradition. International extradition is governed largely by treaty. A pervasive feature of modern extradition treaties is the principle of double criminality. This principle requires that the charged offense be criminal in both the requesting and the requested jurisdictions. This principle, and its animating rationale, make it unlikely that there will be international cooperation in the enforcement of exorbitant unilateral criminal regulations of cyberspace events.


This review of transnational enforcement jurisdiction makes clear that the skeptics exaggerate the threat of multiple regulation of cyberspace information flows. This threat must be measured by a regulation's enforceable scope, not by its putative scope. And the enforceable scope is relatively narrow. It extends only to individual users or system operators with presence or assets in the enforcement jurisdiction, or (in the U.S.) to entities that take extra steps to target cyberspace information flows to states where such information flows are illegal. Such regulatory exposure is a significant concern for cyberspace participants. But it is precisely how regulatory exposure operates in "real space." And it is far less significant than the skeptics' hyperbolic claim that all users of the Web will be simultaneously subject to all national regulations.


Even with these limitations, the skeptics worry that an individual cyberspace content provider in one jurisdiction faces potential liability in another jurisdiction when she places information on the Internet. This potential liability can become an unforeseen reality when the provider travels to the regulating jurisdiction, or moves assets there. Such potential liability in turn affects the providers' activities at home and thus can be viewed as a weak form of extraterritorial regulation. This form of regulation is a theoretical possibility, but it should not be exaggerated. No nation has as yet imposed liability on a content provider for unforeseen effects in an unknown jurisdiction. The threat of such liability will lessen as content providers continue to gain means to control information flows. It is also conceivable that weak normative limitations might exist or develop to prevent a jurisdiction from regulating local effects that were truly unforeseeable or uncontrollable. The point for now is that even in the absence of such limits, this potential threat of liability is relatively insignificant and does not come close to the skeptics' broad descriptive claims about massive multiple regulation of individual users.


C. Indirect Regulation of Extraterritorial Activity


Indeed, if the limits on enforcement jurisdiction support any of the skeptics' descriptive claims, it is their somewhat different claim that because of the potential for regulation evasion, cyberspace transactions are beyond the regulatory powers of territorial governments. Cyberspace content providers can, at some cost, shift the source of their information flows to jurisdictions beyond the enforceable scope of national regulation and thus continue information transmissions into the regulating jurisdiction. For example, they can relocate in geographical space, or employ telnet or anonymous remailers to make the geographical source of their content difficult to discern. These and related regulatory evasion techniques can make it difficult for a nation to regulate the extraterritorial supply side of harmful cyberspace activity.


Regulation evasion of this sort is not limited to cyberspace. For example, corporations reincorporate to avoid mandatory laws and criminals launder money offshore. Closer to point, offshore regulation evasion has been a prominent characteristic of other communication media. For example, Radio-Free Europe broadcast from western Europe into the former Soviet Union but lacked a regulatable presence there. Similarly, television signals are sometimes broadcast from abroad by an entity with no local presence. The extraterritorial source of these and many other non-cyberspace activities is beyond the enforceable scope of local regulation. But this does not mean that local regulation is inefficacious. In cyberspace as in real space, offshore regulation evasion does not prevent a nation from regulating the extraterritorial activity.


This is so because a nation can regulate people and equipment in its territory to control the local effects of the extraterritorial activity. Such indirect regulation is how nations have, with varying degrees of success, regulated local harms caused by other communications media with offshore sources and no local presence. And it is how nations have begun to regulate local harms caused by offshore Internet content providers. For example, nations penalize in-state end users who obtain and use illegal content or who otherwise participate in an illegal cyberspace transaction. They also regulate the local means through which foreign content is transmitted. For example, they impose screening obligations on in-state Internet service providers and other entities that supply or transmit information. Or they regulate in-state hardware and software through which such transmissions are received. Or they regulate the local financial intermediaries that make commercial transactions on the Internet possible.


These and related regulations of domestic persons and property make it more costly, and thus more difficult, for in-state users to obtain content from, or transact with, regulation evaders abroad. In this fashion a nation can indirectly regulate the extraterritorial supply of prohibited content even though the source of the content is beyond its enforcement jurisdiction and even though it cannot easily stop transmission at the border. These various forms of indirect regulation will not be perfect in the sense of eliminating regulation evasion. But few regulations are perfect in this sense, and regulation need not be perfect in this sense to be effective. The question is always whether the regulation will heighten the costs of the activity sufficiently to achieve its acceptable control from whatever normative perspective is appropriate.


In the cyberspace regulation context, the answer to this question depends on empirical and technological issues that are unresolved and that will vary from context to context. The prodigious criticism of and lobbying efforts against proposed regulation of (among other things) digital goods, Internet gambling, and encryption technology suggest that governments can raise the costs of many cyberspace transactions to a significant degree. And of course unilateral national regulation is one of many regulation strategies at a nation's disposal. The point for now is simply that offshore regulation evasion does not, as the skeptics think, undermine a nation's ability to regulate cyberspace transactions. Although a nation will sometimes have difficulty in imposing liability on extraterritorial content providers, it can still significantly regulate the local effects of these providers' activities through laws aimed at local persons and entities.




E. International Harmonization


Private legal ordering, the limitations on enforcement jurisdiction, indirect regulation, and effective information flow control, taken together, go a long way toward redressing the skeptics' descriptive claims about the infeasibility of cyberspace regulation. These techniques will not resolve all conflict of laws in cyberspace any more than they do in real space. Nor will they definitively resolve the problem of the relative ease by which information suppliers can "relocate" into a safe haven outside of the regulating jurisdiction, a problem that also has many real-space analogies. When similar spillover and evasion problems have occurred with respect to non- cyberspace transactions, nations have responded with a variety of international harmonization strategies.


The same harmonization strategies are being used today to address the challenges presented by cyberspace transactions. A few examples will suffice. Several recent treaties and related multinational edicts have strengthened digital content owners' right to control the distribution and presentation of their property online. These harmonization efforts grow out of an international copyright regime that is over one hundred years old. The G8 economic powers have recently begun to coordinate regulatory efforts concerning cyberspace-related crimes in five areas: pedophilia and sexual exploitation; drug-trafficking; money-laundering; electronic fraud; and industrial and state espionage. These initiatives mirror similar efforts to redress similar regulatory leakage problems in real-space contexts such as environmental policy, banking and insurance supervision, and antitrust regulation. Several international organizations have drafted model laws and guidelines to facilitate Internet commerce and related digital certification issues. There are scores of other international efforts in a variety of cyberspace-related contexts.


International harmonization is not always (or even usually) the best response to the spillovers and evasions that result from unilateral regulation. And harmonization is often not easy to achieve. However, the proliferation of international organizations, in combination with modern means of communication and transportation, has helped to facilitate international harmonization. Harmonization is especially likely in those contexts -- like many aspects of criminal law enforcement -- where nations' interests converge and the gains from cooperation are high. But nations sometimes lack the incentive to participate in international regimes, and there are often international and domestic political economy obstacles to harmonization. It is too early to tell how successful international efforts will be in addressing the challenges of cyberspace. It is clear, however, that international harmonization will play an important role in nations' overall cyberspace-regulation strategy.


F. Residual Choice-of-Law Tools


The skeptics' implicit goal of eliminating all conflicts of laws that arise from cyberspace transactions is unrealistic. Private legal ordering, the limits of enforcement jurisdiction, indirect regulation of extraterritorial activity, filtering and identification technology, and international cooperation facilitate and rationalize legal regulation of cyberspace. These tools, however, will not eliminate all conflicts of laws in cyberspace any more than they do in real space. Transnational activity is too complex. As mentioned above, the elimination of conflict of laws would require the elimination of decentralized lawmaking or of transnational activity. In this light, the enormous increases in the pervasiveness and complexity of conflict of laws in this century can be viewed as an acceptable cost to a world that wishes to expand transnational activity while retaining decentralized lawmaking. As persistent conflicts become prohibitively costly to private parties and regulating nations, public or private international coordination or technological innovation becomes more attractive and thus more likely.


Short of these developments, transnational transactions in cyberspace, like transnational transactions mediated by telephone and mail, will continue to give rise to disputes that present challenging choice-of-law issues. For example: "Whose substantive legal rules apply to a defamatory message that is written by someone in Mexico, read by someone in Israel by means of an Internet server located in the United States, injuring the reputation of a Norwegian?" Similarly, (w)hich of the many plausibly applicable bodies of copyright law do we consult to determine whether a hyperlink on a World Wide Web page located on a server in France and constructed by a Filipino citizen, which points to a server in Brazil that contains materials protected by German and French (but not Brazilian) copyright law, which is downloaded to a server in the United States and reposted to a Usenet newsgroup, constitutes a remediable infringement of copyright?


It would be silly to try to formulate a general theory of how such issues should be resolved. One lesson of this century's many failures in top-down choice-of-law theorizing is that choice-of-law rules are most effective when they are grounded in and sensitive to the concrete details of particular legal contexts. This does not mean that standards are better than rules in this context. It simply means that in designing choice-of-law rules or standards, it is better to begin at the micro rather than macro level, and to examine recurrent fact patterns and implicated interests in discrete legal contexts rather than devise a general context-transcendent theory of conflicts.


With these caveats in mind, I want to explain in very general terms why the residual choice-of-law problems implicated by cyberspace are not significantly different from those that are non-cyberspace conflicts. Cyberspace presents two related choice-of-law problems. The first is the problem of complexity. This is the problem of how to choose a single governing law for cyberspace activity that has multijurisdictional contacts. The second problem concerns situs. This is the problem of how to choose a governing law when the locus of activity cannot easily be pinpointed in geographical space. Both problems raise similar concerns. The choice of any dispositive geographical contact or any particular law in these cases will often seem arbitrary because several jurisdictions have a legitimate claim to apply their law. Whatever law is chosen, seemingly genuine regulatory interests of the nations whose laws are not applied may be impaired.


The problems of complexity and situs are genuine. They are not, however, unique to cyberspace. Identical problems arise all the time in real space. In fact, they inhere in every true conflict of laws. Consider the problem of complexity. The hypotheticals concerning copyright infringements and multistate libels in cyberspace are no more complex than the same issues in real space. They also are no more complex or challenging than similar issues presented by increasingly prevalent real-space events such as airplane crashes, mass torts, multistate insurance coverage, or multinational commercial transactions, all of which form the bread and butter of modern conflict of laws. Indeed, they are no more complex than a simple products liability suit arising from a two-car accident among residents of the same state, which can implicate the laws of several states, including the place of the accident, the states where the car and tire manufacturers are headquartered, the states where the car and tires were manufactured, and the state where the car was purchased.


Resolution of choice-of-law problems in these contexts is challenging. But the skeptics overstate the challenge. Not every geographical contact is of equal significance. For example, in the copyright hypothetical above, the laws of the source country and the end-use countries have a much greater claim to governing the copyright action than the laws of the country of the person who built the server and the country of the server whose hyperlink pointed to the server that contained the infringing material. The limits on enforcement jurisdiction may further minimize the scope of the conflict. In addition, even in extraordinarily complex cases where numerous laws potentially apply, these laws will often involve similar legal standards, thus limiting the actual choice of law to two or perhaps three options. Finally, these complex transactions need not be governed by a single law. Applying different laws to different aspects of a complex transaction is a perfectly legitimate choice-of-law technique.


The application of a single law to complex multijurisdictional conflicts will sometimes seem arbitrary and will invariably produce spillover effects. But as explained above, the arbitrariness of the chosen law, and the spillovers produced by application of this law, inhere in all conflict situations in which two or more nations, on the basis of territorial or domiciliary contacts, have a legitimate claim to apply their law. When in particular contexts the arbitrariness and spillovers become too severe, a uniform international solution remains possible. Short of such harmonization, the choice-of-law issues implicated by cyberspace transactions are no more complex than the issues raised by functionally identical multijurisdictional transactions that occur in real space all the time.


Like the problem of complexity, the situs problem is a pervasive and familiar feature of real-space jurisdictional conflicts. A classic difficulty is the situs of intangibles like a debt or a bank deposit. More generally, the situs problem arises whenever legally significant activity touches on two or more states. For example, when adultery committed in one state alienates the affections of a spouse in another, the situs of the tort is not self-evident. It depends on what contact the forum's choice-of-law rule deems dispositive. Similar locus difficulties arise when the tort takes place over many states, such as when poison is administered in one state, takes effect in another, and kills in a third. The situs problem even arises when a bodily injury occurs in one state based on negligence committed in another, for there is no logical reason why the place of injury should be viewed as the place of the tort any more than should the place of negligence. In all of these situations, the importance of any particular geographical contact is never self-evident; it is a legal rather than a factual consideration that is built into the forum's choice-of-law rules. As the geographical contacts of a transaction proliferate, the choice of any one contact as dispositive runs the risk of appearing arbitrary. But again, this problem pervades real-space conflicts of law and is not unique to cyberspace conflicts.


So the complexity and situs problems inhere to some degree in all transnational conflicts, and are exacerbated in real space and cyberspace alike as jurisdictional contacts proliferate. No choice-of-law rule will prove wholly satisfactory in these situations. However, several factors diminish the skeptics' concerns about the infeasibility of applying traditional choice-of- law tools to cyberspace. For example, the skeptics are wrong to the extent that they believe that cyberspace transactions must be resolved on the basis of geographical choice-of-law criteria that are sometimes difficult to apply to cyberspace, such as where events occur or where people are located at the time of the transaction. But these are not the only choice-of-law criteria, and certainly not the best in contexts where the geographical locus of events is so unclear. Domicile (and its cognates, such as citizenship, principal place of business, habitual residence, and so on) are also valid choice-of-law criteria that have particular relevance to problems, like those in cyberspace, that involve the regulation of intangibles or of multinational transactions.


The skeptics are further mistaken to the extent that their arguments assume that all choice-of-law problems must be resolved by multilateral choice-of-law methodologies. A multilateral methodology asks which of several possible laws governs a transaction, and selects one of these laws on the basis of specified criteria. Multilateral methods accentuate the situs and complexity problems. But the regulatory issues that are most relevant to the cyberspace governance debate almost always involve unilateral choice-of-law methods that alleviate these problems. A unilateral method considers only whether the dispute at issue has close enough connections to the forum to justify the application of local law. If so, local law applies; if not, the case is dismissed and the potential applicability of foreign law is not considered. For example, a jurisdiction typically does not apply foreign criminal law. If a Tennessee court has personal jurisdiction over someone from across the Virginia border who shot and killed an in-stater, the court does not consider whether Tennessee or Virginia law applies. It considers only whether Tennessee law applies. If so, the case proceeds; if not, it is dismissed.


Unilateral choice-of-law methods make the complexity and situs problems less significant. They do not require a determination of which of a number of possible laws apply. Nor do they require a court to identify where certain events occurred. What matters is simply whether the activity has local effects that are significant enough to implicate local law. By failing to recognize that courts can and will use unilateral rather than multilateral choice-of-law methods to resolve cyberspace conflicts, the skeptics again exaggerate the challenge of cyberspace regulation.


G. Number and Velocity of Transactions


The skeptics' final descriptive claim is that even if cyberspace transactions appear like real-space transnational transactions in other respects, they differ significantly with respect to the velocity and number of transactions. Cyberspace dramatically lowers the costs of multinational communication. With only a computer and Internet access, anyone in the world can communicate with anyone, and potentially everyone, in the world. The skeptics believe communications via cyberspace will be so prevalent that governments will not find it cost-effective to regulate them.


A dramatic increase in the number and speed of transactions might well multiply the aggregate harms from such transactions. But this increases rather than decreases a nation's incentives to regulate. Consider Internet gambling. In pre-Internet days, individuals in the United States could gamble from home or work via telephone with domestic and offshore bookies. Although this form of gambling was regulated by a variety of state and federal statutes, the statutes were filled with loopholes and rarely enforced because transactions were relatively infrequent. Internet gambling makes it significantly easier to gamble from home or work. This has led to a dramatic increase in gambling and a related rise in the costs of gambling that governments worry about: fraud, diminution in local gambling and other entertainment expenditures, loss of tax revenues, decreased productivity, gambling by children, and so on. Not surprisingly, federal and state governments are beginning to regulate gambling much more extensively, and seriously, than ever.


Even with governments' heightened incentives to regulate Internet transactions, some believe that the sheer number of transactions will overwhelm governments' ability to regulate. A related argument is that because individuals can so easily engage in transnational communications via the Internet, governmental regulation will be less effective; for individuals operating on the Internet are hard to identify, isolate, and thus sanction. Once again, the conclusion that regulation is infeasible simply does not follow from these premises. The mistake here is the belief that governments regulate only through direct sanctioning of individuals. But of course this is not the only way, or even the usual way, that regulation works. Governments regulate an activity by raising the activity's costs in a manner that achieves desired ends. This can be accomplished through several means other than individual sanctions. Governments can, for example, try to alter the social meaning of the activity, regulate the hardware and software through which the activity takes place, make individual penalties severe and notorious, or impose liability on intermediaries like Internet service providers or credit card companies.


In short, a dramatic increase in the number and velocity of transactions by itself says very little about the feasibility of governmental regulation. Numerous communication advances, beginning with the telegraph, dramatically increased the velocity and number of communications, and lowered their costs. The skeptics have provided no reason to think that the differences between cyberspace and prior communication technology are so much greater than the differences between pre-and post-telegraph technology (which reduced communication time from weeks and months to hours and minutes), or between pre- and post-telephone technology (which also dramatically reduced the cost and enhanced the frequency and privacy of transjurisdictional communication) to justify the conclusion that governmental regulation will be nonefficacious.


  1. Goldsmith argues that the spillover effects in cyberspace mirror those found in real space. Do you agree? Does the interconnected nature of the Internet alter the analysis in any way?
  2. A third vision of regulating Internet activity comes from those who argue that technology is rapidly replacing law as the regulator of choice. Proponents of this view argue that in real space, law sets the traditional parameters for conduct. For example, copyright law sets the rules for use of content, privacy law sets the rules for the use of private data, and consumer protection law sets the rules for consumer retail transactions. In electronic commerce, technology is rapidly usurping the role traditionally played by law by providing a quicker and more effective means of recourse. Digital watermarking and technologies that limit repeated uses of digital information may soon replace law as the tool of choice for content creators anxious to protect their rights. Similarly, digital signatures are replacing law as the gatekeeper to contractual certainty. Consumers, cognizant of the limitations of the traditional consumer protection legal framework, now look to private protections such as private insurance and online escrow services.

    For more on this "software code as law" approach, see Lawrence Lessig, The Law of Cyberspace, available on the Internet at; Joel Reidenberg, Lex Informatica: The Formulation of Information Policy Rules Through Technology, 76 Texas L. Rev. 553 (1998); or James Boyle, Foucault in Cyberspace: Surveillance, Sovereignty, and Hard-Wired Censors, 66 U Cin L Rev. 177 (1997) available on the Internet at < pub/faculty/boyle/foucault.htm.

  3. The issue of Internet regulation has not escaped the notice of members of the Canadian Supreme Court. We will consider the writings of the late Justice John Sopinka later in the text. For now, review this excerpt from Justice Michel Bastarache. With which perspective do you think Bastarache most closely identifies with?

    The Challenge of the Law in the New Millennium, The Honorable Michel Bastarache, 25 Manitoba Law Journal 411 (1997-98) [citations omitted]

    As with aboriginal legal norms, developments in international law raise the question of whether a pluralistic structure of normativity can be accommodated in a single, coherent legal order. Individual issues will come and go, but that structural issue will remain. Will our legal system really evolve from an essentially unitary doctrinal structure to a much more pluralistic one, with competing valid normative orders? That is a question which underlies the specific challenges inherent in the enhanced status which has been - and may be granted over time - to aboriginal and international law.

    That larger question is also posed by the dramatic emergence of what I would reluctantly describe as cyberspace. It is perhaps the most stunning example of a technological innovation which defies traditional legal models and which will probably continue to do so for many years. I say I am "reluctant" because to concede that the medium of computer-assisted communication is a "space" is immediately to accept certain premises about the separateness of that realm from real world models of spatial jurisdiction. If it really is cyberspace, then doesn't that imply that there should be separate jurisdiction of cyber-courts, with cyber-rules, cyber-citizenry, and cyber normativity? There are legal academics who argue just that. And probably the majority of cyberspace participants are excited at the prospect of an Eden unspoiled by insidious legal regulation, and insist on the viability of self regulation based on technological borders rather than the frontiers of states.

    Searching for the right metaphors which relate cyberspace to conventional law is a huge challenge precisely because there are no precise analogies to cyberspace in the real world. Moreover, many questions are implicated by the nature of cyberspace which have never been previously raised and which pose insoluble problems for legal doctrine as currently constituted. Questions such as: [w]hen users are in different countries, where is a contract made over the Internet for jurisdictional purposes? When a defamatory statement is made on the Internet, does every state where the statement is accessible have jurisdiction over that tort? Are criminal sanctions against, for example, hate speech, gambling, or pornography subject to the authority of any jurisdiction in which that speech is accessible? What type of communication on the Internet should be considered private and what should be considered public? Is a "chat-room" public or private? How private does the "chat-room" have to be before it is considered analogous to the privacy of one's home? Does, for example, the delicate balancing required under the Charter apply with equal force to all forms of speech on the Internet, even though that speech and the opportunity for response, rebuttal, control, and tuning-out are greater than in any other "public" forum?

    The Internet raises a host of other issues which I have not canvassed here, particularly in the realm of intellectual property law. In fact, it is hardly an exaggeration to say that cyberspace is sufficiently distinct from any other model of communication and human interaction that almost every important issue in civil law, and many in the criminal context, may need to be reviewed according to the particular circumstances of this new technology. Moreover, courts will need to be aware as in no other domain of developments in other jurisdictions and the dictates of inter-jurisdictional comity. But this will be an elusive task for a medium where a message posted onto the Internet can simultaneously be available in every country in the world. The borders of cyberspace do not map onto the borders of real space, which poses a fundamental problem for courts whose jurisdiction is based on geography. New tools and new doctrines will need to be developed, and perhaps certain doctrines that have been developed heretofore, particularly in the realm of conflict of laws, will need to be revisited. While this challenge may not require the acceptance of a new normative order, as in the case of aboriginal or international law, it does present a whole area of such rapid technological change that it will be a challenge for legal models to adapt quickly and yet remain coherent and comprehensible over time. And depending on the response of other jurisdictions and users of cyberspace, what amounts to an independent normative code could develop and demand deference from Canadian courts.

  4. Consider this excerpt from the author's article, The Reality of Bytes: Regulating Economic Activity in the Age of the Internet: While the Internet may change the manner in which commerce is conducted, it will not alter the state's interest in regulating such activity. The rationales for regulating commercial activity - shifting costs to those parties who can best afford to bear the external costs created by the activity, addressing market imperfections such as informational inequalities, and implementing social regulation such as worker rights - remain unchanged in the age of the Internet.

    Do you agree with this perspective? What, if anything, does the Internet change with regard to legal regulation?