SCN: Net freedom

[Steve]

x-no-archive: yes  

========================  

The Internet was supposed to be all about freedom. It is far from 
certain whether freedom, or government control, will win the day.  

(Economist)---In 1967 Roy Bates, a retired British army major, 
occupied an island fortress six miles off the English coast and 
declared it a sovereign nation. He was never sure what to do with 
his Principality of Sealand. Now, however, the fortress may have 
found its calling. For several months, a firm called HavenCo has 
been operating a data centre there. Anyone who wants to keep a 
website or other data out of the reach of national governments can 
rent space on the servers that hum in one of the concrete pillars.   

In the mid-1990s, Sealand would have been seen as yet more proof 
that the Internet cannot be regulated. If a country tried to censor 
digital content, the data would simply hop to a more liberal 
jurisdiction. These days, the data principality symbolises just the 
opposite: the days of unrestricted freedom on the Internet are 
numbered, except, perhaps, in odd places like Sealand.   

It seems likely that 2000 will be remembered as the year when 
governments started to regulate cyberspace in earnest; and forgot, 
in the process, that the reason the worldwide network became such 
an innovative force at all was a healthy mix of self-regulation and no 
regulation. In Britain, the Regulation of Investigatory Powers Act now 
gives the police broad access to e-mail and other online 
communications. South Korea has outlawed access to gambling 
websites. The United States has passed a law requiring schools and 
libraries that receive federal funds for Internet connections to install 
software on their computers to block material harmful to the young.   

This year, governments are turning their attention to the many 
jurisdictional problems created by the Internet. These have been 
emphasised by a French ruling against Yahoo! on November 20th. 
The French court ordered the Internet portal firm to find some way of 
banning French users from seeing the Nazi memorabilia posted on 
its American sites, or face a daily fine of FFr100,000 ($13,000) from 
the end of February. Yahoo! is fighting the case, even though it has 
now stopped sales of Nazi memorabilia.   

The case could be a taste of things to come. Under a new EU law, for 
example, European consumers may now sue EU-based Internet 
sites in their own countries, and the rule may well be extended 
internationally. The United States has just endorsed the gist of the 
Council of Europe's cybercrime treaty, which aims to harmonise 
laws against hacking, Internet fraud and child pornography.   

All this is a far cry from what leading Internet thinkers prophesied 
only five years ago. "You [governments] have no moral right to rule 
us nor do you possess any methods of enforcement we have true 
reason to fear," proclaimed John Perry Barlow in his 1996 
"Declaration of Independence of cyberspace". Libertarian thinking 
also ran through early Internet scholarship. David Post and David 
Johnson, law professors at Temple University in Philadelphia and 
Georgetown University respectively, argued in that same year that 
cyberspace was a distinct place that needed laws and legal 
institutions entirely of its own.   

To treat cyberspace differently seemed logical. Because data are 
sent around the Internet in small packets, each of which can take a 
different route, the flow of information is hard to stop, even if much 
of the network is destroyed. It was this built-in resilience that 
appealed to the Internet's original sponsor, America's Defence 
Department, and made it the medium of choice for civil libertarians. 
"The Internet", runs their favourite motto, "interprets censorship as 
damage and routes around it."   

Many online experts argue that, since the Internet does away with 
geographical boundaries, it also does away with territorially based 
laws. The transmission of data is almost instant, regardless of 
where sender and receiver are. Today individuals, as well as 
multinational companies, can decide in which country to base their 
websites, thus creating competition between jurisdictions. For 
example, the United States, thanks to its constitutional guarantee of 
the right to free speech, has become a safe haven for hundreds of 
German neo-Nazi sites that are illegal under German law.   

Yet, for all that, governments are not completely helpless in 
cyberspace. They have some potentially powerful tools at their 
disposal. Filtering is one. Software installed on a PC, in an Internet 
service provider's equipment or in gateways that link one country 
with the rest of the online world, can block access to certain sites.   

Less well known, but potentially more important, is the fact that 
websites themselves can block users. They do so by employing the 
same technology that serves up tailored banner advertisements to 
visitors from another country. They track the Internet service 
provider's "IP address", the number that identifies computers on the 
Internet and, in many cases, reveals where a user is.   

This technology was the basis for the French ruling against Yahoo! 
The firm had argued that it was technically impossible to prevent 
French users from reaching auctions of illegal Nazi memorabilia on 
its sites. But a panel of three technical experts argued that IP-
address tracking could spot more than 60% of French surfers.   

Both filtering and IP-address tracking are far from perfect. Filters 
generally block too much-and too little. And surfers can block IP-
address tracking by using services such as Zero Knowledge's 
Freedom or anonymizer.com. In any case, knowing where a user is 
is only part of the solution. In the case of Yahoo!, the firm would still 
have to work out which auctions to block.   

But do these shortcomings matter? Jack Goldsmith, a law professor 
at the University of Chicago, argues that the real world is full of 
imperfect filtering and identification techniques: criminals crack 
safes, 15-year-olds visit bars with fake IDs, secret information is 
leaked to the press. To Mr Goldsmith, there is little doubt that 
filtering and identification technologies will help to make cyberspace 
more regulated, because they will allow governments to raise the 
cost of getting certain information.   

China, for instance, has essentially covered its territory with an 
Intranet isolated from the rest of the online world by software that 
blocks access to sites with unwanted content. Although clever 
surfers can find ways to tunnel through the "Great Firewall", it keeps 
the majority from straying too far online. Most Chinese, in any case, 
get on to the Internet from work or a public place, where the state 
can control the software and track what users do, and where they 
risk being seen if they go to an illegal site.   

These technologies are likely to become more efficient. The 
demands of e-commerce, rather than governments, are driving 
improvements. Akamai, an Internet firm which speeds up delivery by 
using a network of computers to store online content closer to 
consumers, recently started offering a new service called 
EdgeScape. This allows websites to determine exactly where a 
visitor is, at the time he visits, in order to customise content by 
region or country.   

Online companies will certainly also make use in future of a 
controversial feature called IPv6, designed by the Internet 
Engineering Task Force (IETF). At present, the anonymity of most 
Internet users is more or less protected because service providers 
generally assign a different IP address each time someone logs on. 
But IPv6 includes a new, expanded IP address, part of which is the 
unique serial number of each computer's network-connection 
hardware. Every data packet sent will carry a user's electronic 
fingerprints.   

The holy grail for e-commerce, however, would be a system in which 
users had permanent digital certificates on their computers 
containing details of age, citizenship, sex, professional credentials, 
and so on. Such technology would not only allow websites to aim 
their services at individuals, but would let governments reclaim 
their authority. These solutions to Internet regulation are far off, if 
they fly at all. But Lawrence Lessig, a law professor at Stanford 
University, warns that e-commerce firms will push for such 
certificates and that governments may one day require them.   

Nor do governments always need new technology to impose their 
regulatory muscle. They can also rely on human intervention, just 
as Yahoo! now intends to do in order to ban auctions of Nazi and Ku 
Klux Klan items on its site. Although it is coy about details, the 
company says it will use software to filter out objectionable material 
and human reviewers to decide borderline cases.   

Indirect regulation can also do the job. In Myanmar, formerly Burma, 
access to the web is banned. To enforce this, the country's military 
regime imposes jail terms of up to 15 years for unauthorised use of 
a modem. China recently published sweeping new rules that require 
Internet companies to apply for a licence and hold them responsible 
for illegal content carried on their websites. And democratic 
governments are learning that illegal commercial activity, such as 
online gambling, can be regulated by controlling credit-card 
companies and other financial intermediaries.   

Perhaps the most promising approach, from the governments' point 
of view, is co-ordinated action to gain some control over the online 
world. Faster than might be expected, countries have banded 
together to fight the threat of jurisdictional arbitrage and to solve 
conflicts of law. The most straightforward way for governments to do 
that is to devise a uniform international standard. One early 
example is the World Intellectual Property Organisation's copyright 
treaty of 1996, which strengthened international copyright rules.   

The Council of Europe-a group of 41 countries which includes all 15 
members of the European Union-is putting the finishing touches to 
the world's first international treaty on cybercrime. The United 
States, which has also been involved in the negotiations, supports 
the treaty's main points. Signatories to the agreement, which will 
probably be presented for ratification this summer, must have laws 
on their books that allow, for instance, quick seizure of incriminating 
computer data and its distribution to authorities in other countries.   

Such harmonisation is most likely in areas of interest to big 
multinational corporations (copyright) or where the interests of 
countries are closely aligned (crime and taxation). On January 9th, 
the OECD countries announced that they had agreed on a series of 
rules determining what kind of e-commerce activities made a 
company liable to taxation: doing business through a website, they 
concluded, would not leave a company liable to tax in the country 
from which the website had been accessed. But even most 
democratic countries are unlikely to agree on standards for more 
controversial issues, above all freedom of speech. As a result, in 
many areas, governments are trying "softer" approaches.   

In the case of privacy, for instance, the United States and the EU 
have agreed to disagree. America so far favours self-regulation and 
sectoral laws, for example for the health-care industry, in order to 
protect the personal data of its citizens. In contrast, the EU relies on 
comprehensive privacy legislation enforced by data-protection 
agencies. The EU's privacy directive also authorises member states 
to cut off the data flow to other countries, including the United States, 
which do not have (by its lights) adequate privacy laws.   

To avoid a trade war over personal data, both sides devised a "safe-
harbour" agreement that went into effect on November 1st. This 
protects companies from having their data flow severed, as long as 
their privacy policies comply with certain principles (such as letting 
consumers choose how data are used, and allowing access to that 
data). So far, however, only a dozen companies and organisations 
have registered with America's Department of Commerce, not least 
because many firms first want to see whether and how the 
agreement will be enforced.   

The provisions of the Hague Convention could prove more popular. 
This treaty, which is due to be adopted at a diplomatic conference in 
June, was first proposed by the American government in the early 
1990s to formalise worldwide what American courts already often 
do: enforce foreign judgments in matters such as intellectual-
property claims, contractual disputes and libel. American citizens 
would thus also be able to collect awards abroad.   

Under the treaty, an online store could be liable under laws in any of 
the 48 member-countries of the Hague conference. That is why the 
American government is opposing, among other things, a clause 
that would ensure that consumers could sue businesses in the 
courts of the country where the consumer lives.   

Instead, the Department of Commerce and e-commerce firms are 
pushing for a different solution: in effect, a new system of private 
laws, which would avoid the requirement to abide by the laws of the 
countries where their customers live. As in the Safe Harbour 
agreement, web firms could seek a certification that they follow 
certain minimum rules of consumer protection and privacy. Conflicts 
would be resolved by so-called "alternative dispute resolution".   

Will these trends turn cyberspace into a place stuffed with even 
more rules than the real world, as online companies worry? Or, as 
free-speech advocates predict, will litigants and governments 
pursue service providers they don't like, leading to an ever-tighter 
standard for protected speech?   

For now, these fears seem exaggerated. But much depends on how 
the legal and political battles of the next few years are settled, and 
how technology evolves. There have been some attempts to steer a 
middle course. The Brussels Convention, for instance, lets 
consumers sue a foreign website in their home country only if the 
site can be proved to have aimed at that country's market.   

Many courts are likely to refuse to enforce foreign judgments on 
matters of widely differing practice, especially where free speech is 
concerned. For example, Yahoo! will probably successfully defend 
itself in the American courts, on first amendment grounds, against 
the French judgment.   

And yet this may not be enough. The company plans to go on 
fighting the legal case. On December 22nd it asked a federal court 
for a ruling stating that a French court cannot hold an American-
based company accountable for breaking French law. Nevertheless, 
the company has already, in effect, caved in by banning Nazi 
memorabilia from its auction sites. So whatever the American courts 
decide, the outcome will be new restrictions on Yahoo!'s American 
operations.   

The firms that will be easiest to regulate and restrict, and which will 
be subject to multiple jurisdictions, will be those with assets in 
several countries: big websites such as Yahoo!, Amazon and eBay. 
But this is nothing new, Mr Goldsmith argues: multinational 
companies have always faced multiple regulatory burdens. In 
addition, new technology will make it much easier to comply. 
Several start-ups such as Mercury2, MyCustoms.com and 
tariffic.com already offer services that automate the process of 
making sure that cross-border trade complies with all the various 
rules.   

For Michael Froomkin, a law professor at the University of Miami, all 
this represents a great irony about the Internet. What was supposed 
to be an anarchistic and liberating technology may in fact make the 
world less democratic, by forcing a huge increase in legal 
harmonisation. This will mostly be pursued by governments and 
vested interests banding together to enact multilateral treaties, 
which are difficult for national parliaments to scrutinise or change.   

The Hague convention and the cybercrime treaty are cases in point. 
If the online industry creates its own way of resolving disputes, this 
could take away jurisdiction from courts worldwide and eliminate 
existing legal rights. And the fact that the American government let a 
relatively unknown European organisation develop such an 
important agreement as the cybercrime treaty is a sign that 
Washington did not want it widely discussed. Although negotiations 
began three years ago, the treaty was made public only last April, in 
its 22nd draft. Only recently, therefore, were Internet advocacy 
groups able to get involved. To them, the treaty is a document that 
"threatens the rights of the individual while extending the power of 
police authorities."   

The treaty also exemplifies the risk that governments, especially 
democratic ones, run when they try to assert their authority in the 
online world. The legal tools and technologies they develop, though 
useful in that context, may well be abused not only by them but also 
by authoritarian governments. The means used by France to fight 
anti-Semitism on the web could also be used to prevent people 
living in less democratic countries from getting the information they 
need to strive for basic freedoms.   

Those aiming to preserve the Internet's freedom-loving character 
also have new technologies to deploy in their battle with 
government regulators. So-called peer-to-peer networks could make 
it more difficult to control content on the Internet. FreeNet, for 
instance, automatically spreads copies of documents all over the 
web, so that they no longer belong to one place. And SafeWeb will 
soon launch a service called "Triangle Boy" that allows netizens in 
democratic countries to turn their PCs into so-called proxy servers. 
These can then be used by surfers in China, Saudi Arabia or 
Vietnam to pierce through their countries' firewalls.   

On the Internet, the struggle between freedom and state control will 
rage for some time. But if recent trends in online regulation prove 
anything, it is that technology is being used by both sides in this 
battle and that freedom is by no means certain to win. The Internet 
could indeed become the most liberating technology since the 
printing press- but only if governments let it.   

Copyright 1995-2001 The Economist Newspaper Group Ltd. 





* * * * * * * * * * * * * *  From the Listowner  * * * * * * * * * * * *
.	To unsubscribe from this list, send a message to:
majordomo at scn.org		In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * *     http://www.scn.org/volunteers/scn-l/     * * * * * * *