SCN: Net freedom
Steve
steve at advocate.net
Fri Jan 12 16:59:32 PST 2001
x-no-archive: yes
========================
The Internet was supposed to be all about freedom. It is far from
certain whether freedom, or government control, will win the day.
(Economist)---In 1967 Roy Bates, a retired British army major,
occupied an island fortress six miles off the English coast and
declared it a sovereign nation. He was never sure what to do with
his Principality of Sealand. Now, however, the fortress may have
found its calling. For several months, a firm called HavenCo has
been operating a data centre there. Anyone who wants to keep a
website or other data out of the reach of national governments can
rent space on the servers that hum in one of the concrete pillars.
In the mid-1990s, Sealand would have been seen as yet more proof
that the Internet cannot be regulated. If a country tried to censor
digital content, the data would simply hop to a more liberal
jurisdiction. These days, the data principality symbolises just the
opposite: the days of unrestricted freedom on the Internet are
numbered, except, perhaps, in odd places like Sealand.
It seems likely that 2000 will be remembered as the year when
governments started to regulate cyberspace in earnest; and forgot,
in the process, that the reason the worldwide network became such
an innovative force at all was a healthy mix of self-regulation and no
regulation. In Britain, the Regulation of Investigatory Powers Act now
gives the police broad access to e-mail and other online
communications. South Korea has outlawed access to gambling
websites. The United States has passed a law requiring schools and
libraries that receive federal funds for Internet connections to install
software on their computers to block material harmful to the young.
This year, governments are turning their attention to the many
jurisdictional problems created by the Internet. These have been
emphasised by a French ruling against Yahoo! on November 20th.
The French court ordered the Internet portal firm to find some way of
banning French users from seeing the Nazi memorabilia posted on
its American sites, or face a daily fine of FFr100,000 ($13,000) from
the end of February. Yahoo! is fighting the case, even though it has
now stopped sales of Nazi memorabilia.
The case could be a taste of things to come. Under a new EU law, for
example, European consumers may now sue EU-based Internet
sites in their own countries, and the rule may well be extended
internationally. The United States has just endorsed the gist of the
Council of Europe's cybercrime treaty, which aims to harmonise
laws against hacking, Internet fraud and child pornography.
All this is a far cry from what leading Internet thinkers prophesied
only five years ago. "You [governments] have no moral right to rule
us nor do you possess any methods of enforcement we have true
reason to fear," proclaimed John Perry Barlow in his 1996
"Declaration of Independence of cyberspace". Libertarian thinking
also ran through early Internet scholarship. David Post and David
Johnson, law professors at Temple University in Philadelphia and
Georgetown University respectively, argued in that same year that
cyberspace was a distinct place that needed laws and legal
institutions entirely of its own.
To treat cyberspace differently seemed logical. Because data are
sent around the Internet in small packets, each of which can take a
different route, the flow of information is hard to stop, even if much
of the network is destroyed. It was this built-in resilience that
appealed to the Internet's original sponsor, America's Defence
Department, and made it the medium of choice for civil libertarians.
"The Internet", runs their favourite motto, "interprets censorship as
damage and routes around it."
Many online experts argue that, since the Internet does away with
geographical boundaries, it also does away with territorially based
laws. The transmission of data is almost instant, regardless of
where sender and receiver are. Today individuals, as well as
multinational companies, can decide in which country to base their
websites, thus creating competition between jurisdictions. For
example, the United States, thanks to its constitutional guarantee of
the right to free speech, has become a safe haven for hundreds of
German neo-Nazi sites that are illegal under German law.
Yet, for all that, governments are not completely helpless in
cyberspace. They have some potentially powerful tools at their
disposal. Filtering is one. Software installed on a PC, in an Internet
service provider's equipment or in gateways that link one country
with the rest of the online world, can block access to certain sites.
Less well known, but potentially more important, is the fact that
websites themselves can block users. They do so by employing the
same technology that serves up tailored banner advertisements to
visitors from another country. They track the Internet service
provider's "IP address", the number that identifies computers on the
Internet and, in many cases, reveals where a user is.
This technology was the basis for the French ruling against Yahoo!
The firm had argued that it was technically impossible to prevent
French users from reaching auctions of illegal Nazi memorabilia on
its sites. But a panel of three technical experts argued that IP-
address tracking could spot more than 60% of French surfers.
Both filtering and IP-address tracking are far from perfect. Filters
generally block too much-and too little. And surfers can block IP-
address tracking by using services such as Zero Knowledge's
Freedom or anonymizer.com. In any case, knowing where a user is
is only part of the solution. In the case of Yahoo!, the firm would still
have to work out which auctions to block.
But do these shortcomings matter? Jack Goldsmith, a law professor
at the University of Chicago, argues that the real world is full of
imperfect filtering and identification techniques: criminals crack
safes, 15-year-olds visit bars with fake IDs, secret information is
leaked to the press. To Mr Goldsmith, there is little doubt that
filtering and identification technologies will help to make cyberspace
more regulated, because they will allow governments to raise the
cost of getting certain information.
China, for instance, has essentially covered its territory with an
Intranet isolated from the rest of the online world by software that
blocks access to sites with unwanted content. Although clever
surfers can find ways to tunnel through the "Great Firewall", it keeps
the majority from straying too far online. Most Chinese, in any case,
get on to the Internet from work or a public place, where the state
can control the software and track what users do, and where they
risk being seen if they go to an illegal site.
These technologies are likely to become more efficient. The
demands of e-commerce, rather than governments, are driving
improvements. Akamai, an Internet firm which speeds up delivery by
using a network of computers to store online content closer to
consumers, recently started offering a new service called
EdgeScape. This allows websites to determine exactly where a
visitor is, at the time he visits, in order to customise content by
region or country.
Online companies will certainly also make use in future of a
controversial feature called IPv6, designed by the Internet
Engineering Task Force (IETF). At present, the anonymity of most
Internet users is more or less protected because service providers
generally assign a different IP address each time someone logs on.
But IPv6 includes a new, expanded IP address, part of which is the
unique serial number of each computer's network-connection
hardware. Every data packet sent will carry a user's electronic
fingerprints.
The holy grail for e-commerce, however, would be a system in which
users had permanent digital certificates on their computers
containing details of age, citizenship, sex, professional credentials,
and so on. Such technology would not only allow websites to aim
their services at individuals, but would let governments reclaim
their authority. These solutions to Internet regulation are far off, if
they fly at all. But Lawrence Lessig, a law professor at Stanford
University, warns that e-commerce firms will push for such
certificates and that governments may one day require them.
Nor do governments always need new technology to impose their
regulatory muscle. They can also rely on human intervention, just
as Yahoo! now intends to do in order to ban auctions of Nazi and Ku
Klux Klan items on its site. Although it is coy about details, the
company says it will use software to filter out objectionable material
and human reviewers to decide borderline cases.
Indirect regulation can also do the job. In Myanmar, formerly Burma,
access to the web is banned. To enforce this, the country's military
regime imposes jail terms of up to 15 years for unauthorised use of
a modem. China recently published sweeping new rules that require
Internet companies to apply for a licence and hold them responsible
for illegal content carried on their websites. And democratic
governments are learning that illegal commercial activity, such as
online gambling, can be regulated by controlling credit-card
companies and other financial intermediaries.
Perhaps the most promising approach, from the governments' point
of view, is co-ordinated action to gain some control over the online
world. Faster than might be expected, countries have banded
together to fight the threat of jurisdictional arbitrage and to solve
conflicts of law. The most straightforward way for governments to do
that is to devise a uniform international standard. One early
example is the World Intellectual Property Organisation's copyright
treaty of 1996, which strengthened international copyright rules.
The Council of Europe-a group of 41 countries which includes all 15
members of the European Union-is putting the finishing touches to
the world's first international treaty on cybercrime. The United
States, which has also been involved in the negotiations, supports
the treaty's main points. Signatories to the agreement, which will
probably be presented for ratification this summer, must have laws
on their books that allow, for instance, quick seizure of incriminating
computer data and its distribution to authorities in other countries.
Such harmonisation is most likely in areas of interest to big
multinational corporations (copyright) or where the interests of
countries are closely aligned (crime and taxation). On January 9th,
the OECD countries announced that they had agreed on a series of
rules determining what kind of e-commerce activities made a
company liable to taxation: doing business through a website, they
concluded, would not leave a company liable to tax in the country
from which the website had been accessed. But even most
democratic countries are unlikely to agree on standards for more
controversial issues, above all freedom of speech. As a result, in
many areas, governments are trying "softer" approaches.
In the case of privacy, for instance, the United States and the EU
have agreed to disagree. America so far favours self-regulation and
sectoral laws, for example for the health-care industry, in order to
protect the personal data of its citizens. In contrast, the EU relies on
comprehensive privacy legislation enforced by data-protection
agencies. The EU's privacy directive also authorises member states
to cut off the data flow to other countries, including the United States,
which do not have (by its lights) adequate privacy laws.
To avoid a trade war over personal data, both sides devised a "safe-
harbour" agreement that went into effect on November 1st. This
protects companies from having their data flow severed, as long as
their privacy policies comply with certain principles (such as letting
consumers choose how data are used, and allowing access to that
data). So far, however, only a dozen companies and organisations
have registered with America's Department of Commerce, not least
because many firms first want to see whether and how the
agreement will be enforced.
The provisions of the Hague Convention could prove more popular.
This treaty, which is due to be adopted at a diplomatic conference in
June, was first proposed by the American government in the early
1990s to formalise worldwide what American courts already often
do: enforce foreign judgments in matters such as intellectual-
property claims, contractual disputes and libel. American citizens
would thus also be able to collect awards abroad.
Under the treaty, an online store could be liable under laws in any of
the 48 member-countries of the Hague conference. That is why the
American government is opposing, among other things, a clause
that would ensure that consumers could sue businesses in the
courts of the country where the consumer lives.
Instead, the Department of Commerce and e-commerce firms are
pushing for a different solution: in effect, a new system of private
laws, which would avoid the requirement to abide by the laws of the
countries where their customers live. As in the Safe Harbour
agreement, web firms could seek a certification that they follow
certain minimum rules of consumer protection and privacy. Conflicts
would be resolved by so-called "alternative dispute resolution".
Will these trends turn cyberspace into a place stuffed with even
more rules than the real world, as online companies worry? Or, as
free-speech advocates predict, will litigants and governments
pursue service providers they don't like, leading to an ever-tighter
standard for protected speech?
For now, these fears seem exaggerated. But much depends on how
the legal and political battles of the next few years are settled, and
how technology evolves. There have been some attempts to steer a
middle course. The Brussels Convention, for instance, lets
consumers sue a foreign website in their home country only if the
site can be proved to have aimed at that country's market.
Many courts are likely to refuse to enforce foreign judgments on
matters of widely differing practice, especially where free speech is
concerned. For example, Yahoo! will probably successfully defend
itself in the American courts, on first amendment grounds, against
the French judgment.
And yet this may not be enough. The company plans to go on
fighting the legal case. On December 22nd it asked a federal court
for a ruling stating that a French court cannot hold an American-
based company accountable for breaking French law. Nevertheless,
the company has already, in effect, caved in by banning Nazi
memorabilia from its auction sites. So whatever the American courts
decide, the outcome will be new restrictions on Yahoo!'s American
operations.
The firms that will be easiest to regulate and restrict, and which will
be subject to multiple jurisdictions, will be those with assets in
several countries: big websites such as Yahoo!, Amazon and eBay.
But this is nothing new, Mr Goldsmith argues: multinational
companies have always faced multiple regulatory burdens. In
addition, new technology will make it much easier to comply.
Several start-ups such as Mercury2, MyCustoms.com and
tariffic.com already offer services that automate the process of
making sure that cross-border trade complies with all the various
rules.
For Michael Froomkin, a law professor at the University of Miami, all
this represents a great irony about the Internet. What was supposed
to be an anarchistic and liberating technology may in fact make the
world less democratic, by forcing a huge increase in legal
harmonisation. This will mostly be pursued by governments and
vested interests banding together to enact multilateral treaties,
which are difficult for national parliaments to scrutinise or change.
The Hague convention and the cybercrime treaty are cases in point.
If the online industry creates its own way of resolving disputes, this
could take away jurisdiction from courts worldwide and eliminate
existing legal rights. And the fact that the American government let a
relatively unknown European organisation develop such an
important agreement as the cybercrime treaty is a sign that
Washington did not want it widely discussed. Although negotiations
began three years ago, the treaty was made public only last April, in
its 22nd draft. Only recently, therefore, were Internet advocacy
groups able to get involved. To them, the treaty is a document that
"threatens the rights of the individual while extending the power of
police authorities."
The treaty also exemplifies the risk that governments, especially
democratic ones, run when they try to assert their authority in the
online world. The legal tools and technologies they develop, though
useful in that context, may well be abused not only by them but also
by authoritarian governments. The means used by France to fight
anti-Semitism on the web could also be used to prevent people
living in less democratic countries from getting the information they
need to strive for basic freedoms.
Those aiming to preserve the Internet's freedom-loving character
also have new technologies to deploy in their battle with
government regulators. So-called peer-to-peer networks could make
it more difficult to control content on the Internet. FreeNet, for
instance, automatically spreads copies of documents all over the
web, so that they no longer belong to one place. And SafeWeb will
soon launch a service called "Triangle Boy" that allows netizens in
democratic countries to turn their PCs into so-called proxy servers.
These can then be used by surfers in China, Saudi Arabia or
Vietnam to pierce through their countries' firewalls.
On the Internet, the struggle between freedom and state control will
rage for some time. But if recent trends in online regulation prove
anything, it is that technology is being used by both sides in this
battle and that freedom is by no means certain to win. The Internet
could indeed become the most liberating technology since the
printing press- but only if governments let it.
Copyright 1995-2001 The Economist Newspaper Group Ltd.
* * * * * * * * * * * * * * From the Listowner * * * * * * * * * * * *
. To unsubscribe from this list, send a message to:
majordomo at scn.org In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * * http://www.scn.org/volunteers/scn-l/ * * * * * * *
More information about the scn
mailing list