Chicago-Kent College of Law Home Page Cyberlaw Home Page
Contacts Project Documentation Resources Working Groups

Computer Crimes and Torts in the Global Information Infrastructure: Intermediaries and Jurisdiction

University of Oslo
12 October 1995

Henry H. Perritt, Jr.
Professor of Law
Villanova University School of Law
(610) 519-7078
fax (610) 519-7033
perritt@law.vill.edu

Table of Contents:

  1. Introduction
  2. Intermediary liability
    1. Two competing views of intermediaries
    2. Relationship between jurisdiction to regulate and intermediary targeting
    3. Impact of different architectures
    4. Legal approaches to intermediary liability
  3. Jurisdiction
    1. Private rulemaking and adjudication
    2. Expand private international law to cover computer crimes and torts
    3. Rely on existing mechanisms
    4. Political realities
  4. Conclusion

Footnotes

Introduction

The Internet has firmly established itself as the model for the Global Information Infrastructure. The World Wide Web shows that the Internet can be user friendly to end users. It permits content originators and a variety of intermediaries to collaborate in unbundling and distributing the functions of interactive communication and electronic publishing.

At the same time, a variety of legal questions have arisen. The most interesting questions involve civil and criminal liability of intermediaries, and jurisdiction of national courts.

In 1991 a federal court in New York held that CompuServe, a pre-Internet provider of remote access to information services, was not liable for a defamatory message posted in one of its electronic conferences. 1 Five years later, a state court in New York held that Prodigy, using a similar technology, was potentially liable for a defamatory message posted on its service, based on Prodigy's public commitments to screen information content flowing through its service. 2

In 1994, the operators of a California electronic bulletin board were convicted in Tennessee for making available material that violated Tennessee standards of pornography. 3 In early 1995, the United States Senate considered legislation to impose criminal liability on electronic service providers facilitating access to "indecent" material. 4

In the same year, a college student named Jake Baker was prosecuted for interstate communication of threats because he exchanged email messages with someone in Canada elaborating a fantasy of kidnapping and torturing a fellow college student. The charges were dismissed on First Amendment grounds. 5

Criminal charges also were dismissed against a graduate student at MIT who made space available on an anonymous ftp Internet server for other persons to exchange pirated computer programs infringing copyrights. 6

Three federal district courts in the United States, at the behest of the Church of Scientology, authorized the seizure of computing equipment used to post allegedly copyrighted religious material on the Internet.

A Finn announced his intentions in 1995 to expand anonymous remailer services to enable persons to evade national laws restricting Internet content. 7

The expressed willingness of the Clinton administration to relax export controls on encryption technology as long as third-party key escrow is involved, raises new questions about how law enforcement and intelligence agencies will obtain access to keys escrowed in foreign countries. This merges with broader international search and seizure issues pertaining to electronic network facilities.

These cases and controversies raise important and interesting questions about the legal position of intermediaries in this new environment and about the efficacy of national law in policing network conduct. The intermediary liability issue is not entirely distinct from the national jurisdiction issue. As new technologies like the Internet make it easier for someone located in any part of the world to inflict injury on someone else located in any other part of the world by sending an electronic message, difficulties in identifying the actor, and obtaining relief against him naturally shift victim attention to intermediaries who are more likely to be readily identifiable, subject to the jurisdiction of traditional legal institutions, and financially able to pay compensation for injury.

Intermediary liability

New information technologies have stimulated a rethinking of the legal rules according to which information intermediaries are held legally responsible for harmful information created by someone else. Such liability might be imposed for defamation or copyright infringement, or distribution of contraband such as child pornography. Intermediaries also might, although the cases have not arisen yet in the United States, face liability for false advertising or fraudulent misrepresentation by facilitating the distribution of false or fraudulent material originated by someone else. Similarly, they might face liability for invasion of privacy if they facilitate intrusion into someone else's private information space or facilitate publication of private information about someone else. And, under present and proposed criminal statutes, they might be liable for distributing child pornography 8 or other indecent material.

Two competing views of intermediaries

Historically, Anglo-American law accommodated two opposing ideas. On the one hand, English law created the tort of libel and distinguished it from the tort of slander in order to impose greater liability on intermediaries who published information likely to harm someone's reputation. The then-new print technologies justified a new tort because they tended to expand the scope of injury resulting from stating false information about someone else. Under this developmental strand, intermediaries were subject to greater liability than creators of defamatory communication because the intermediary conduct increased the likelihood of injury and the seriousness of injury once it occurs.

Faithful to this strand of intermediary liability, the recently-released White Paper from the Clinton Administration 9 rejected recommendations for special provisions shielding intermediaries from no-fault liability for copyright infringement, on the grounds that "they are still in a better position to prevent or stop infringement than the copyright owner. Between these two relatively innocent parties, the best policy is to hold the service provider liable." 10

In Playboy Enterprises v. Frena, 11 the district court found that the operator of the electronic bulletin board on which third parties placed digitized images of Playboy centerfolds infringed the distribution rights of the content originator, Playboy. 12 Intent is irrelevant, when conduct falling within 106 is shown to have occurred. "It does not matter that defendant Frena may have been unaware of the copyright infringement. Intent to infringe is not needed to find copyright infringement." 13 In other words intermediaries are subject to no- fault liability.

The opposing strand in American law is expressed by the United States Supreme Court's decision in New York Times v. Sullivan, 14 in which the First Amendment to the United States Constitution necessitated reversal of a judgment imposing liability on the New York Times for publishing an advertisement alleged to defame certain officials in the state of Alabama. The Supreme Court reasoned that the public interest in free expression, underlying the immunity against state regulation of speech, in the First Amendment necessitates curtailing the potential liability of information intermediaries lest they be afraid to provide outlets for potentially controversial views. In that and subsequent cases applying this basic principle, the Supreme Court refined the formula for accommodating the common law of libel with First Amendment immunities. While a number of issues are not clearly resolved after three decades of litigation reaching the Supreme Court, two things are reasonably clear. First, the more extreme differences between libel and slander, including no fault liability, presumed damages, and requiring publisher to prove truth rather than plaintiff to prove falsity, are unconstitutional. Second, originators of harmful communications have greater responsibility than intermediaries.

These two certainties about the law underpin the first major decision about intermediary liability in cyberspace. In Cubby v. CompuServe, holding that CompuServe was not liable for an allegedly defamatory message posted on one of its conferences, the federal trial court reasoned that: "[T]he constitutional guarantees of the freedom of speech and of the press stand in the way of imposing" strict liability on distributors for the contents of the reading materials they carry. . . . If the contents of bookshops and periodical stands were restricted to material of which their proprietors had made an inspection, they might be depleted indeed," quoting from a 1959 case absolving a bookstore from strict liability for selling an obscene book. 15 More recently, the Supreme Court of the United States held that free expression concerns negate statutory liability against a distributor of child pornography unless the distributor is proven to have knowledge of both the sexually explicit material and the age of the performer. 16

Relationship between jurisdiction to regulate and intermediary targeting

The Tennessee pornography conviction is an interesting example of the relationship between the jurisdiction of a particular political entity to define standards for intermediary conduct and the conscious direction by intermediary of material to that particular geographic area. The California bulletin board operators did not take the initiative in sending the offending files into Tennessee. Rather, they simply posted them on their bulletin board, and a request from Tennessee residents triggered the computer routines that send the files. 17 This relative passivity of the publisher is typical of dialup bulletin boards and those web servers that make content available from the server.

An exchange that I had on one of the LEXIS Counsel Connect electronic seminars with another participant fairly frames the characterization issue. The other LCC participant said that the system operator in cases like this is like someone who leaves a number of objects on the floor. The requester is like someone who uses a vacuum cleaner to pick the objects up. The vacuum cleaner bag is like the jurisdiction imposing legal standards. No sensible person, he said, would assert that the person leaving the objects on the floor had placed them in the bag of the vacuum cleaner. I preferred a different metaphor, comparing the electronic service to a vending machine on which the operator had placed different types of items in particular compartments for customer selection. The electronic customer is then is like the vending machine customer, who selects a particular type of item, inserts money if necessary, and pulls the handle or pushes a button causing that type of item to be delivered. The vending machine comparison lends support to the fairness of treating the operator as a seller of that particular item, subject to regulation by whoever has jurisdiction over the vending machine compartments. That is so even though the vending machine operator was in some sense passive, and the actual delivery of the item occurred only when the customer acted to cause it to be delivered.

Of course both metaphors involve conscious placement of items in a place from which they will be retrieved.

Determining who causes the content in question to come into a particular jurisdiction seeking to regulate it is important in determining whether that jurisdiction may regulate it. 18 In the Tennessee pornography case, geographic jurisdiction made a difference because of the principle in American law that illegality of pornography is judged by the standards of a particular community. 19 The bulletin board operator claimed that its material should be judged by California standards, or by the standards of "cyberspace," rather than by the standards of Tennessee.

Charging the distributor with knowledge of the destination of particular material should depend not only on the distributor knowing of the nature of the content, as in Cubby, but also on the distributor knowing the identity -- or at least the location of -- the customer. Knowledge of customer location may depend substantially on the particular technology configuration ("architecture") used.

Impact of different architectures

The National Information Infrastructure of the future will be more diverse, more multi directional, more decentralized, more distributed, and less proprietary in important respects, than today's converging but still separate telephone, broadcast, cable, and computer database markets. In other words, the infrastructure will have important features of today's Internet. In that kind of infrastructure, intermediaries play an even more important role than do interexchange networks in today's telephone system, local broadcast stations in today's network television, local cable franchises in today's cable television system, libraries, newsstands, and bookstores in today's print distribution chain. Already, small and large bulletin board operators make it possible for individual citizens and small companies to exchange email with each other, and to engage in electronic discussions by posting messages. Larger information services enterprises like America On Line, CompuServe, and Prodigy serve similar information brokering functions.

But it is in Internet architectures, where intermediation really flourishes. Virtually all of the new Internet applications that have engendered so much excitement, such as Gopher, World Wide Web, and Wide Area Information Services under the international Z39.50 standard, rely on a web of intermediaries to make it possible for users and publishers to find resources scattered around the world wide information infrastructure. The provider of a Gopher or World Wide Web service aids in the dissemination of information by establishing pointers to information resources located on other computers connected to the Internet. In most cases the other computers are controlled by someone else. Assembling collections of pointers that are expected to meet the needs of a particular user population is an important way of adding information value because it reduces search costs. Indeed, one way to think of the library of the future is to think of it as a collection of pointers to information resources distributed within an Internet-like infrastructure. The same user-oriented considerations that determine the collection strategy of the library of today would determine the pointers strategy of the electronic library of tomorrow.

Diverse technological approaches to intermediation enlarge the possibilities for the relationship between a particular intermediary and the content received by a particular consumer, and between a particular intermediary and that consumer.

Figure 1

Figure 1 shows how the Internet and similar architectures permit value added products to be unbundled, with different elements of the bundle being supplied by different entities, and the bundling of these elements occurring according to the desires of a particular user at the time the user wants the complete value added information product. In this architecture, suppliers of information content, shown in the figure by the circles above the solid line, 20 supply their content to anyone who wants it simply by putting files on computers connected to the Internet, called servers or "content servers."

Those value added features are supplied by others, represented in the figure by rectangles below the solid line. It is entirely possible with Internet applications like the World Wide Web for an entity to supply only index or table of contents type value in the form of pointers to content. The pointers are implemented through World Wide Web pages and lists or Gopher menus on an Internet server that offers no other kinds of value. Someone else can provide user friendly interface software through another server. Still someone else can provide connection services that permit connections through dial up telephone lines or through higher speed dedicated links.

When a user wishes to identify and obtain a particular type of content, the user interacts with several Internet servers operated by different entities. First, the user establishes a connection to the Internet through a connection services provider, then establishing a connection to an index provider. From the lists, tables, and menus provided by that server, the user identifies one or more items of interest. The index server uploads the pointers (not the content because the index server does not have the content) through the Internet to the user's client computer. Then the user's client computer executes the pointers which automatically causes the content pointed-to to be downloaded directly from the content server into the client computer.

This is a kind of assembly line for pieces of information value. It produces product just in time rather than producing it in bulk according to someone else's design just in case someone might want that particular bundle. It lets the user design the product on an ad hoc basis.

Such an infrastructure is not only two layered; in many cases a pointer points, not directly to the full information resource, but to another collection of pointers, which may point to still other collections of pointers and so on, collectively marking a trail to the complete resource. The computer programs involved assemble a trail from the three pointers and then retrieve the desired content from wherever it resides, directly into the computer of the requester, without the content having to traverse all the intermediary computers. Whether an intermediary points directly or indirectly to the desired resource is inherently an engineering decision driven by performance considerations. In many cases, the decision to maintain copies of a particular information resource is made entirely automatically without any human intervention. A clear example of this is in the caching of recently-retrieved resources within a World Wide Web browser such as Netscape.

Figure 2

The typical bulletin board/electronic publisher concept is illustrated in figure 2. The server not only provides pointers and other finding and retrieval value, represented by the rectangles; it also publishes content, represented by the circle. The client has dealings only with the server, which looks like a conventional publisher.

Figure 3

The facts of Lamacchia 21 and Frena 22 are different, as illustrated in figure 3. The operator simply set aside an electronic space within which others could exchange material. The content originator posted a file to the server, from whence it was retrieved by the client. In that situation, the operator may have no knowledge of what items are being offered and retrieved. Nevertheless, in Frena, the operator was liable, and in Lamacchia the operator would have been liable if the statutorily required commercial motive had been present. The justification is that the server had control over its facilities, and could have blocked the content originator from posting material there.

Figure 4

The typical web server is in yet a different situation, as shown in figure 4. Web server X never has possession of the content. It points to server Y, which in turn points to the content on the server of the content originator. Transactions 1-4 with servers X and Y are requests for and transmissions of pointers only. The eventual request for, and retrieval of the content transpires entirely between the client and the content originator, in 5 and 6. The web server that simply points to other, content, servers is rather like one who gives directions to the dirty movie studio or the drug dealer. While the supplier of the pointers can be said to be involved in the distribution chain, the operator never comes in contact with the accused material. Certainly, in the copyright setting, this eliminates prima facie liability because the server has not engaged in any of the acts reserved exclusively to the copyright owner. On the other hand, there is the possibility of vicarious liability under other theories.

Legal approaches to intermediary liability

If any of these architectures is to function anywhere close to its potential as a mechanism for disseminating information, the intermediaries must not be inhibited from performing their dissemination function by fears of vicarious liability for the wrongdoing of others. Here is how such inhibitions might arise by virtue of the copyright laws. An intermediary would disseminate an infringing work and would, because the architecture of its system (figure 2 or figure 3), commit literal infringement. The literal infringement would occur either because the intermediary permits the posting of copies on the intermediary computer by third parties (figure 3), because its caching algorithm makes an intermediate copy to improve system performance (figure 4), or because establishing pointers executable by the user violates the distribution, display, or performance right exclusively reserved to the copyright holder (figure 4). What happens here is not that the intermediary accesses the copyright holder's material without permission, but that the intermediary unwittingly aids in the dissemination of an infringement committed by someone else.

The nature of the increasingly complex intermediation technologies (especially figure 4) make it infeasible for intermediaries to check out the bona fides of the information they assist in disseminating. It may be more or less feasible for a service provider actually maintaining copies of files and messages on its own computer (figure 2) to screen for certain offensive words, but it certainly is not feasible to automate screening for copyright or trademark infringement, especially by one who merely points to information resources created and maintained by others. Any attempt at such screening would so clog up the functioning of the dissemination technologies that their power largely would dissipate.

The impediment to information dissemination, though arising from literal application of the Copyright Act, strongly resembles the problems confronted by intermediaries in older communications technologies such as telegraph and telephone services and broadcast stations carrying network feeds. Indeed, as is suggested later in this paper, some of the solutions to the copyright law problem can be borrowed from the communications law context.

Goals

In addressing intermediary liability, it is important to bear in mind the purposes of tort and criminal law. Tort law reallocates the law of injury. For example, when someone is defamed, has her privacy invaded, or loses market because of intellectual property infringement, tort law reallocates the loss to someone else from the victim. Typically, the loss allocation scheme in tort law is based on fault. That is the justification for targeting the originator of harmful messages or files in cyberspace. Tort liability imposed on an intermediary is a kind of default rule or safetynet, recognizing that there may be instances in which the person with fault - the originator of the harmful message or file - would be unavailable, beyond the jurisdiction of any tribunal available to the victim, or judgment proof. Thus, the policy question for intermediary liability is whether the victim should bear the loss when the originator cannot be found, or conversely when the intermediary should bear the loss.

The purpose of criminal law is to discourage socially undesirable conduct. Thus, criminal law punishes the originator of harmful messages or files in order to discourage such persons from originating or distributing such messages or files. The only conceivable purpose for imposing criminal liability on intermediaries is to change their behavior - to discourage them from handling material that might turn out to violate the criminal laws.

Common-carrier immunity

Tort law long has recognized that intermediaries obligated to handle all traffic should be immune from liability based on the character of the traffic. Communications law, written into the Copyright Act, offers a useful model for extending such an immunity into statute law.

The Copyright Act deals with the special position of intermediaries in its specialized privileges for broadcast intermediaries. For example, 111(a)(3), 23 , provides that it is not an infringement of copyright if a secondary transmission embodying a performance or display of a work is made by "any carrier who has no direct or indirect control over the content or selection of the primary transmission or over the particular recipients of the secondary transmission, and whose activities with respect to the secondary transmission consists solely of providing wires, cables, or other communications channels for the use of others." 24 The legislative history notes that clause (3) intends to grant a privilege to "passive carriers." 25 A similar privilege is given for secondary transmissions to parts of a hotel, apartment house, or similar establishment, but only so long as no alterations are made. 26

Intermediaries in the GII play a somewhat different role from transmission facilities in broadcast media. Intermediary protection must recognize the necessity of a system operator's selection of classes of communications to conform to its entrepreneurial definition of its product or service niche. It also must recognize the appropriateness of certain transformations and alterations that occur as part of normal digital processing. One could adapt the language of 111 to the position of other kinds of intermediaries in the GII in the following way:

"the forwarding or transferring of a work infringing the copyright of another is not itself an infringement of copyright if the forwarding or transferring is made or facilitated by an electronic service provider who has no direct or indirect control over the content of the infringing work and whose activities with respect to the forwarding consist solely of providing communications channels, pointers, and intermediate copying at the request of another or for the use of others: provided that the exemption provided by this section shall not extend to sponsoring, soliciting, promoting or adopting infringement as the provider's own."

If the common-carrier model were adopted completely, the test for intermediary immunity would be whether the intermediary could be compelled to accept content. In the Web pointer context, the test would be whether the server could be compelled to point to a particular Web site. Constraining immunity in that fashion would either extinguish it as a practical matter, or involve creation of a significant new source of access rights, probably unjustified by the inherently competitive structure of architectures like the Web. 27 Instead, language like that suggested in this section should focus on lack of control -- a standard that fits reasonably comfortably with traditional tests for contributory infringement of copyright.

Of course, intermediaries also would like to have both an immunity and complete freedom to censor or not topic and choose their content - in absence of tradeoff not usually found in the law, and not generally desirable as a matter of public policy.

Immunize servers of mere pointers

One approach would be to focus on the newer technologies and immunize servers X and Y in figure 4, but neither of the servers in figures 2 or 3. X and Y never have control of the content. X has no control -- and possibly no knowledge of where Y points. On a continuum of fault, the content originator has a greatest fault, and X has the least.

On the other hand, one could argue that Jurisdiction B may be unable to identify or to obtain jurisdiction over the content originator, but may be able to obtain jurisdiction over X or Y. Moreover, discouraging X and Y from facilitating access to the content originator will, as a practical matter, diminish the incidence of exposure to the content in Jurisdiction B. So from a strictly pragmatic point of view, intermediary liability furthers the policies of Jurisdiction B.

Moreover, if the content originator is the only potentially liable entity, it faces risks enhanced by X and Y, who increased the scope of the population with access to its content. 28

Extend the Cubby standard

In most respects the fault-based know-or-reason-to-know standard applied in the Cubby case and well recognized for print-technology intermediaries like newsstands and bookstores seems appropriate for new-technology intermediaries. Nevertheless, major questions exist about the scope and the practicability of the Cubby standard.

First, the Cubby standard does not apply when the harm created by the message or file handled by an intermediary relates to intellectual property rather than to reputation. If an intermediary handles a message or file that infringes someone else's copyright or trademark, it makes no difference that the intermediary neither knew nor had reason to know of the possibility of infringement. 29 The intermediary is strictly liable if it engages in conduct such as reproducing or distributing or performing or displaying infringing material.

Second, application of the Cubby standard to particular technology applications, especially those involved in the World Wide Web are uncertain.

Third, it is unclear how commitments to screen material or conversely to handle all material should be reconciled with standards of intermediary liability. Much of the uproar about the Prodigy case involves claims that classifying intermediaries like Prodigy as publishers in effect punishes socially desirable conduct by exposing an intermediary who undertakes to eliminate harmful conduct to greater legal liability because of his efforts. The same concern underlies opposition to greater use of the traditional immunity for common carriers, objecting to a standard that protects only those who promise in advance to hear no evil, see no evil, and speak no evil by closing their eyes and their ears to obvious indicia of harmful tendency.

Minimize prior restraint

The problem with present law is that de facto prior restraint occurs because of the combination of the rules of intermediary liability for copyright infringement and the economics of intermediaries in the information infrastructure. The intermediary imposes prior restraint at the first hint of a controversy over mutual property. The point is not only that the intermediary may be subjected to an injunction or criminal prosecution in advance of the dissemination; the point is the possibility of a damages judgment effectively works to shut down the dissemination just as effectively as an injunction or incarceration of the intermediary would.

What is needed is to give the intermediary more certain guidance as to what exposes it to liability and what does not. The law could insulate an intermediary from damages exposure unless and until it is presented a neutral determination that a particular item is infringing.

One obvious way to do this is to protect intermediaries from liability unless a judgment has been entered finding that particular material infringes that that it is feasible for the intermediary to screen out the material, but that approach would not adequately protect the interests of copyright holders. It takes a long time to get a judgment on the merits in most jurisdictions and continued availability of infringing materials while the litigation process proceeds could result in substantial irreparable harm to the copyright holders.

The need to prevent irreparable harm pending litigation is not a new challenge to legal systems. Federal Rule of Civil Procedure 65(a) is a prominent example of a procedure that allows a threshold judicial determination as to whether an activity should be stopped or allowed to continue pending complete adjudication of competing claims. It allows a "temporary restraining order" to be issued summarily, and ex parte in some circumstances, when the requester can show that irreparable harm will be established by waiting for a full hearing. The law, relying on the protections available under injunction procedures like Rule 65, could shield intermediaries from liability unless and until some kind of court order has been issued, relying on judicial procedural rules to protect against judicial or partisan overreaching in obtaining such an order.

But there is another problem to be addressed before temporary restraining orders are viewed as the solution to the de facto prior restraint problem. An injunction, whether final, preliminary, or temporary is an archetypal prior restraint, if the orders distribution of controversial material to stop. This problem could be avoided by recognizing the flexibility of injunctive remedies. There is no reason that a TRO or a preliminary injunction representing the needed judicial determination of probable cause or probability of success on an infringement claim must prohibit dissemination. Such an order can impose conditional damages for continuing to engage in conduct. In effect, the court presented with a TRO or preliminary injunction application by a copyright holder or victim of defamation or would say, "I find probable cause to believe that the accused item is infringing or defamatory and declare that any damages proven on the trial of the merits will accrue from the date on which this order is entered.

Encourage closed networks rather than open ones

A final alternative, implicit in the White Paper's lack of sympathy for the position of intermediaries, is to encourage reliance on closed systems, like pre-Internet CompuServe and NEXIS (figure 2), rather than newer open architectures like the Internet (figure 4). A distributor who controls its content faces less risk than a distributor to facilitates access to content controlled by another. Such an approach vitiates the benefits available from open architectures.

On the other hand, as the GII matures, the advantages of closed networks for protecting intellectual property and discouraging tortious and criminal content may lead to a merger of the open and closed architectures. While some role may remain for the original closed networks like pre-1993 CompuServe, America Online, WESTLAW, and LEXIS it is more likely that new Internet technologies will permit certain features of those approaches to exist along the side with traditional open architectures in the Internet. For example, new tools for screening and blocking Internet packets, being feverishly developed to block pornography to stave off federal legislation like the Exon amendment, can be used to exclude persons who violate community rules. This would enable an Internet based intermediary to unplug someone as CompuServe or AOL may do now by canceling an account and password. Supplementing that means of expulsion or denial of entry, will be secure payment systems that deny access to certain Internet resources until appropriate payment arrangements have been made. That is already possible now with a combination of Netscape CGBIN scripts and public key encryption. One can be denied access to a particular set of web pages or newsgroups unless one has an account name and password associated with that particular set of resources. Public key encryption permits either the private transmission of credit card numbers or authentication of an account holder's identity, as is being demonstrated by Digicash and Cybercash.

Jurisdiction

Geographically based concepts of sovereignty and, within it, jurisdiction to prescribe, to adjudicate, and to enforce legal decisions must be squared with the nature of open networks, which are indifferent to geographic boundaries. Whose substantive legal rules apply to a defamatory message that is written by someone in Mexico, read by someone in Israel by means of an Internet server located in the United States, injuring the reputation of Norwegian? While this kind of problem is at the center of choice of law jurisprudence, the frequency with which choice of law decisions will have to be made will increase in cyberspace and more questions may arise as to the suitability of traditional choice of law formulations.

Whose courts have jurisdiction to adjudicate claims of injury or violation of national standards? Must a Norwegian go to Mexico or the United States to find a legal institution with power over one of the two potential sources of compensation? If not, if jurisdiction exists in Norway, the most convenient forum for the victim, how is a favorable decision by a Norwegian tribunal ordering that the Mexican originator or the American intermediary pay damages to be enforced?

Similar questions, addressed by different rules, arise in the criminal context. Suppose the message was criminal instead of defamatory, involving child pornography or indecency, or representing some sort of financial fraud or forgery. Where can the wrongdoer be tried, only where he is physically found? If the answer is yes, how should extradition or extra-legal means of physically moving the alleged wrongdoer to the place of trial be utilized? Whose substantive criminal law should apply? Arguably Norway has the greatest interest in punishing the conduct, while Mexico has only a weak interest, but legislatures usually focus on conduct occurring within the jurisdiction in defining crimes, and criminal courts rarely exercise power to prosecute for a crime against another jurisdiction's laws.

An inability to answer these questions satisfactorily increases the pressure to extend liability to intermediaries, because unsatisfactory answers to the jurisdictional questions increase uncertainty about the availability of legal relief against content originators. The Internet tradition of allowing anonymity makes it even more difficult to immunize intermediaries based on the reasoning that a victim's remedy should lie against the originator of harmful information. If the victim cannot identify the originator because she is anonymous, immunizing an intermediary leaves a faultless victim bearing the loss.

It is not clear to anyone what the solution to these problems are. It is possible, however, to suggest some alternatives and to sketch their advantages and disadvantages.

Private rulemaking and adjudication

To some extent, the concerns about both substantive rules and competence of legal institutions can be managed best by using private associations in arbitration mechanisms. The communities of suppliers and consumers of information technology services would adopt their own rules for defamation, intellectual property infringement, misrepresentation, and indecency, and would apply these rules through arbitration machinery agreed to through the community.

Conduct would be judged according to norms developed by the users of the network. For example, it would not violate network community norms to post a sexual explicit message to a newsgroup or list the participants of which define it to be an exchange for such messages. On the other hand, it would violate community norms to post such a message to another group defined as hosting communications among young children. It would not violate community norms to advertise in electronic spaces devoted to advertising, but it would violate norms to post advertisements to all newsgroups regardless of their nature.

Alleged violations of community norms would be adjudicated through a system of arbitration, probably implemented through spaces on the network itself. Complaints could be made, arbitrators selected, hearings held, and arbitral decisions announced, all through electronic messages and file exchange. Sanctions could include monetary penalties or exclusion from network participation. Arbitration awards could be enforced worldwide under the New York Convention on the enforcement of international arbitration awards, or simply by excluding wrongdoers from the benefits of services available through the community. An obvious limitation of this approach is that it either does not solve the problem of the victim or wrongdoer who has no community ties or, if it purports to solve it by subjecting such third parties to community jurisdiction, enormous enforcement and fairness problems arise.

Expand private international law to cover computer crimes and torts

A second approach would deal with criminal conduct by bringing certain types of electronic piracy and computer crimes within the jurisdiction of emerging international criminal law institutions such as the International Criminal Court being discussed under U.N. auspices. 30 In addition, problems of international search and seizure as when the evidence pertinent to a crime in one country is contained on a network server located in another country can be addressed by broader adoption of legal assistance treaties on the model suggested by the UN draft treaty. Extradition treaties need to be modernized as well, to include computer crimes within enumerated extradictable offense.

For this to be a practicable solution, however, computer crimes must be perceived as sufficiently serious to warrant their inclusion in international documents and institutional jurisdictions heretofore focused primarily on war crimes and terrorism. Certain computer crimes, such as terrorism by means of computer, 31 or crimes involving computerized financial transactions, might be an appropriate starting point. Moreover, there is a need for further harmonization of substantive criminal law concepts pertaining to computer crimes, both to make transnational jurisdiction over computer crimes acceptable for new international bodies, and to satisfy the dual criminality requirements of both extradition and legal assistance treaties.

Rely on existing mechanisms

The third alternative is the most likely one: do nothing, and continue to rely on national legal systems, supplemented by a patchwork of extradition and legal assistance treaties, choice of law rules and a few treaties providing for transnational enforcement of civil money judgments. While this probably is the untidiest solution, it has its merits. Relatively few cases have arisen yet testing the adequacy of traditional legal theories and procedure, and it may be better to wait for experience to be developed in this essentially common-law context before trying to legislate or write treaties.

Political realities

Politics is important in determining which alternative will be selected. It is, therefore, useful to assess the likely positions of different groups interested in the development of the global information infrastructure. Intermediaries, frequently known as "system operators" or "sysops," in the United States, almost always prefer to minimize the legal control of their activities. It is likely that they would oppose any new initiative to develop new international or other machinery to enforce legal obligations against participants in cyberspace. While their real interest might be served by harmonizing and internationalizing the legal machinery, especially if it is done through private mechanisms, it may be difficult to get them to understand their self interests in this regard.

The proponents of new laws to restrict indecent material, such as Senator Exon, are likely to oppose the loss of sovereignty they perceive to be associated with international machinery and are most likely to focus their efforts to enact new legislation and to enlist the national prosecutors at the local, state or -- at most -- national levels.

Indeed, the only group with significant political power likely to favor the establishment of new machinery are content originators interested in reducing the incidence of intellectual property infringement. They insisted on inclusion of the Trade Related Intellectual Property appendix in the Uruguay Round of GATT, and already have proposed stronger international machinery to enforce intellectual property rights. While they might support the idea of international institutions with broad jurisdiction, they are more likely to concentrate their efforts on specialized copyright enforcement machinery. Involving them in discussions over the proposed international criminal court would be a useful step.

Also, broader support for internationalization of computer crimes might be enlisted for initiatives involving financial computer crimes.

Conclusion

Realizing the potential of the Global Information Infrastructure requires new approaches to allocate responsibility for tortious or criminal conduct so that intermediaries do not face sanctions for activities they cannot prevent. At the same time private the public international institutions must evolve so that the rules for allocating responsibility can be enforced effectively even against harmful transactions that cannot be localized to any particular state.

Footnotes

1 Cubby, Inc. v. CompuServe, Inc., 776 F. Supp. 135 (S.D.N.Y. 1991).

2 Stratton Oakmont, Inc. v. Prodigy Services Co., 63 USLW 2765, 23 Media L. Rep. 1794, 1995 WL 323710 (N.Y. Supr. Nassau County May 24, 1995) (preliminary findings that Prodigy is publisher for purposes of defamation law, and that bulletin board monitor was Prodigy's agent)

3 See Thomas v. United States, No. 94- 6648 (appeal filed 6th Cir. 1995).

4 See 141 Cong. Rec. S4841 (Mar. 30, 1995) (remarks of Senator Leahy, criticizing legislative proposal).

5 United States v. Jake Baker, 890 F. Supp. 1375 (E.D. Mich. 1995).

6 United States v. LaMacchia, 871 F. Supp. 535 (D. Mass. 1994).

7 Finland resists control efforts: As Regulators Seek to Police Internet, An Offbeat Finnish Service Fights Back, WALL STREET JOURNAL, July 17, 1995, 1995 WL-WSJ 8733699 (reporting on claims by Johan Helsingius to run anonymous remailer service to help frustrate impeding U.S. regulation of indecent material; also reporting Finnish police intention to enforce only Finnish law, not U. S. law).

8 See United States v. X-Citement Video, 115 S.Ct. 464 (1994) (construing 18 U.S.C. 2252 to require proof that distributor had knowledge of age of performer before criminal liability is imposed).

9 Intellectual Property and the National Information Infrastructure: The Report of the Working Group on Intellectual Property Rights (Sept. 1995) [hereinafter "White Paper"].

10 White Paper, text accompanying notes 377-378.

11 Playboy Enterprises, Inc. v. Frena, 839 F. Supp. 1552 (M.D. Fla. 1993).

12 839 F. Supp. at 1556. See also Sega Enterprise Ltd. v. MAPHIA, 857 F. Supp. 679, 686 (N.D. Cal. 1994) (finding that uploading of copyrighted material by third party to bulletin board constituted making unauthorized copies attributable to the bulletin board operator).

13 839 F. Supp. at 1559 (finding infringement based both on distribution and display rights).

14 376 U.S. 254 (1964).

15 776 F. Supp. 139-140.

16 United States v. X-Citement Video, 115 S.Ct. 464, 472 (1994).

17 Actually, the facts are more complicated. The requester was an undercover law enforcement officer. The bulletin board operator allegedly communicated with the requester and sent videotapes to Tennessee as well as making the offending files available on the bulletin board computer.

18 See Restatement (Third) of Foreign Relations Law 401(a) (1987) (categories of jurisdiction); Id. 402-403 (bases of and limitations on jurisdiction to prescribe).

19 See United States v. Levinson, 991 F.2d 508, 510 (9th Cir. 1993) (reversing suppression of evidence and holding that community standards in either the place of shipment or the place of receipt govern).

20 As the figure indicates content suppliers by be governmental entities, as for statutes and judicial opinions, or private sector entities.

21 (the MIT anonymous ftp area for pirated software)

22 (the bulletin board on which Playboy pictures were posted)

23 17 U.S.C. 111(a)(3)

24 17 U.S.C. 111(a)(3).

25 17 U.S.C. 111 note.

26 17 U.S.C. 111(a)(1).

27 See Henry H. Perritt, Jr., Access to the National Information Infrastructure, 30 WAKE FOREST L.REV. 51 (1995) (access rights should be limited to circumstances in which competitive alternatives are limited).

28 But see Restatement (Second) of Torts 576 (original publisher liable for reasonably foreseeable republication though caused by others).

29 Frena v. Playboy Enterprises, supra.

30 See Virginia Morris & M- Christaine Bourloyannis-Vrailas, The Work of the Sixth Committee at the Forty-Ninth Session of the UN General Assembly, 89 Am.J.Int'l L. 607, 613 (1995) (reporting on discussions of recommendation for an international criminal court, and suggesting that concept might be ripe now for negotiation of a treaty establishing such a court); Madeline K. Albright, International Law Approaches the Twenty-First Century: A U.S. Perspective on Enforcement, 18 Fordham Int'l L.J. 1595 (1995) (reporting Clinton Administration interest in International Criminal Court proposal); Jelena Pejic, The International Criminal Court: Issues of Law and Political Will, 18 Fordham Int'l L.J. 1762 (1995) (suggesting that international conference of plenipotentiaries may be convened to draft convention on establishing an international criminal court in late 1995); James Crawford, The ILC Adopts a Statute for an International Criminal Court, 89 Am.J.Int'l L. 404 (1995) (reporting on basic parameters for a draft statute developed by International Law Commission); Paul D. Marquardt, Law Without Borders: The Constitutionality of an International Criminal Court, 33 Columb.J.Transnat'l L. 73 (1995); American Bar Association, American Bar Association Task Force on an International Criminal Court Final Report, 28 Int'l Law 475 (1994).

31 Information technology might be the instrument of a terroristic threat aimed at conventional property or person, or a computer system might be the target, e.g. if a terrorist threatened to disable or corrupt a system for managing financial transactions.


Cyberlaw Home | Advertising/Consumer Protection | Intellectual Property | Payment Systems/Banking
Privacy | Public Law/Gaming | Sale of Goods | Sale of Services | Securities | Taxation