I’ve heard many people complain about the fact that law in cyberspace is a mess: different laws in different countries (and different laws in parts of countries, as with the U.S. states), laws that conflict, laws that seem to make no sense when they are applied to online activity, etc., etc. And they’re right.
We’re clearly in some kind of transitional phase, at least as far as the law goes. Law has always been territorial and parochial: England had its unique set of laws, which applied only within the territory controlled by England; Japan had its unique set of laws, which applied only within the territory Japan controlled; Egypt had its unique set of laws, which applied only within the territory Egypt controlled, and so on.
This wasn’t a problem as long as people were pretty much parochial, i.e., pretty much stayed in the country in which they were born. It began to become a problem a hundred years or so ago, when international travel began to become easier and therefore more common. One downside of international travel’s becoming increasingly easier has been that the “bad guys,” the criminals can commit crimes in Country A and then go to another country, in an effort to avoid being apprehended and punished by Country A.
As I’ve written elsewhere, there is and has been a core of consistency in the laws of the various nation-states, because every state has to protect certain interests (e.g., property, matrimony, parentage) and prohibit certain types of conduct (e.g., murder, rape, theft). States may well go about protecting these interests and prohibiting conduct in different ways, but there has generally been a baseline of consistency in certain fundamental areas. That has made it possible – not necessarily easy, but possible – for countries to cooperate in bringing criminals to justice. As you probably know, modern states have extradition treaties which let Country B arrest the criminal I hypothesized above upon being requested by Country A; Country B returns him to Country A, where he can be tried, convicted and punished for crimes he committed against citizens of that country.
That system works pretty well in the real, physical world, though it has been facing more and more challenges as international travel becomes more common. It’s still, though, relatively easy to identity and apprehend a human being traveling from one country to another because actions in the physical world leave traces: A criminal who moves from Country A to Countries B and C can be identified by his appearance (unless he alters it substantially), by his fingerprints, by his passport, by his habits or other methods. The relatively cumbersome nature of real-world travel also contributes to the identification of criminals such as our hypothesized victimizer of Country A. It takes time and funds and arrangements (public arrangements) to go from Country A to Country B and then to Country C. Our perpetrator cannot move that quickly (unless he has his own private jet and other resources, which is possible but unlikely), and that, too, can facilitate his being identified, apprehended and returned to face justice in appropriate venues.
Cyberspace of course changes all this. We can virtually “travel” the globe in instants, or less than instants. We can do so anonymously or pseudonymously. We can conceal where we are in the traditional, territorial sense, where we were and where we will be. Identity and actions disconnect from territory, which can also mean they disconnect from law, which still is territorial and parochial.
We’re not sure yet how to think about cyberspace. One option, which was long ago proposed by many other people, is to conceptualize it as a “place” in itself – a virtual “place.” That makes sense if you equate “place” with the context in which we carry on various activities; we buy things, sell things, communicate, do art, harass and annoy each other, commit crimes, make friends, form communities and do a host of other typically human things online. It would, therefore, be quite logical to conceptualize cyberspace as another “place,” something analogous to a new, as-yet unsettled country.
If we did that, we could develop cyberspace-specific laws. These laws would be laws that, like the nation-state laws I noted earlier, were unique and parochial -- specific to the territory within which they applied. That “territory” would be the ever-expanding confines of cyberspace. The cyberspace laws would therefore only apply when we were “in” cyberspace, i.e., only when we were online. Offline activities would continue to be governed by the unique, parochial laws of the nation-state whose territory we occupied while we were online.
I see two problems with this approach. One is devising cyberspace-specific laws: Who would do this? Would the countries of the world develop a code of laws for cyberspace? Would the UN do this, alone or in collaboration with these countries? Who would decide what law governs cyberspace?
Before I analyze that issue, I want to note the other problem, which I am not specifically going to address in this post. If we were to devise and implement a set of cyberspace-specific laws, who would enforce them? I think that if it ever happens, it will be a long time before the various countries of the world are wiling to let an independent entity (the Cyberspace Court? A UN Cyberspace Court?) exercise jurisdiction over their citizens with regard to their online activities.
Think what that would mean: I’m a U.S. citizen and I’m writing this from my home in Dayton, Ohio. Assume that what I’m writing somehow violates our hypothetical set of cyberspace laws, which would subject me to the efforts of the entity charged with enforcing those laws. That would mean, I assume, that I would somehow have to be extradited from Dayton/Ohio/USA to a cyberspace-jurisdiction to be tried, probably convicted and somehow punished. If the United States. or any other country were to allow that to happen to its citizens, it would be surrendering a measure of its national sovereignty. It would be conceding part of its authority to control its citizens’ behavior to another, albeit virtual, sovereign entity. That may happen someday, in a distant future in which the influence of nation-states has declined or disappeared, but it will not happen for a long time.
That problem, though, cannot arise unless and until there is a set of cyberspace-specific laws. Let’s go back to the first problem: Who would devise such laws?
Logically, the articulation of these laws can from either from sources outside cyberspace or from sources inside cyberspace. In the first alternative, we either (i) devise entirely new laws that are specific to cyberspace or (ii) extrapolate existing, external law to cyberspace. In the second alternative, we would “grow” cyberspace law in cyberspace. Let’s consider each alternative.
I do not think we will see an external effort to devise cyberspace-specific laws primarily because of the enforcement problem. By agreeing to the articulation of cyberspace-specific laws, countries would already be surrendering a measure of their sovereign authority, because the issue of enforcement is implicit in, and an inevitable consequence of, the articulation of such laws.
Another external approach – which the Council of Europe is pursuing on a limited basis – is to encourage the harmonization of national laws insofar as they impact on activities in cyberspace. The Council of Europe has promulgated a Convention on Cybercrime in an effort to do this for the laws that define certain type of cybercrime and govern what law enforcement can do in investigating online criminal activity. The Convention has been ratified by many European countries, plus the U.S.; it can also be signed and ratified by other non-European countries, but I suspect that will take a while if, indeed, it happens. I’m not going to go into detail on why I think that here, because it would be a digression; suffice it to say that the Convention is a very complex document, one that incorporates certain perspectives about law that may not be common in all countries. I’m not saying that harmonization is a bad idea or that it is impossible; I am saying that I think it will take a long time to break down the barriers that exist between the unique, parochial laws that are found in every modern nation-state.
We needn’t give up hope for cyberspace laws, though. There’s still the other alternative: growing cyberspace laws in cyberspace. While this might seem a peculiar approach, it actually has its roots in history.
A system of law known as the Lex Mercatoria developed in medieval Europe, beginning around the tenth and eleventh centuries. The Lex Mercatoria was, as Wikipedia explains, a
body of rules and principles laid down by merchants themselves to regulate their dealings. It consisted of usages and customs common to merchants . . . in Europe, with slightly local differences. It originated from the problem that civil law was not responsive enough to the growing demands of commerce: there was a need for quick and effective jurisdiction, administered by specialised courts. The guiding spirit of the merchant law was that it ought to evolve from commercial practice, respond to the needs of the merchants, and be comprehensible and acceptable to the merchants who submitted to it.
The Lex Mercatoria was the product of a world in which nation-states had yet to evolve. During this era, merchants did not operate from a single location; instead, they traveled to sell goods they bought in one place at another. Because they were doing business in so many places, the itinerant merchants became increasingly frustrated at having to deal with a patchwork of parochial, often inconsistent and inadequate local laws. To remedy this, they developed their own laws, which evolved from their needs and from the nature of the transactions in which they engaged. (They also developed their own courts, to ensure that disputes could be settled quickly and fairly, but that’s another story.)
Many scholars have suggested that the solution for cyberspace is the evolution of a new, online Lex Mercatoria – a Lex Cyberspace. The Lex Cyberspace would be, like the Lex Mercatoria, a specialized set of laws that exist separate and apart from the general laws governing activities in the various countries of the world. And like the Lex Mercatoria, the Lex Cyberspace would apply only to those who participate in activities undertaken in a specialized context, the context being trade for the Lex Mercatoria and cyberspace for the Lex Cyberspace. The rationale for the two law codes would be essentially the same: specialized endeavors that transcend national boundaries and national cultures require their own laws.
This approach could have certain advantages. Like the Lex Mercatoria, a consensually-evolved Lex Cyberspace should be uniquely tailored to the needs of the cyber-community, instead of a modified version of real-world law extrapolated online, where it may or may not be appropriate. And a Lex Cyberspace would be internally-derived, instead of than being imposed by an external entity (or entities). This aspect of a Lex Cyberspace has implicitly manifested itself in certain ways, one of which is a general sentiment to the effect that online communities should be self-policing, i.e., should develop and enforce their own standards and rules of behavior.
A Lex Cyberspace could, it seems, resolve both of the issues I noted above: developing laws governing online activity and enforcing those laws. The problem I see with the Lex Cyberspace solution is that nation-states are unlikely to be willing to surrender control to a body of online law-makers and law-enforcers. The demise of the Lex Mercatoria, after all, is attributed to the rise of nation-states, which were jealous of and insecure with this independent, transnational legal institution. Nation-states therefore assumed exclusive responsibility for making and enforcing law and, in so doing, subsumed the principles of the Lex Mercatoria into their own laws.
Perhaps there will someday be a Law of Cyberspace. It seems, though, that such a phenomenon cannot exist unless and until the influence of nation-states erodes or until the laws governing the territories claimed by the discrete nation-states coalesce into a single, consistent whole.