By definition, an essential question of cyberlaw is to define when law will affect actions in cyberspace. Such law might be uniform, such as where nations have entered into a treaty or have adopted the same legal rule. Or, such law might be diverse, such as where nations adopt different legal rules.
Diversity of law often does not matter for physical acts, such as where the criminal law of one country simply does not apply to acts performed in a foreign country. On the Internet, however, diversity of law poses a fundamental challenge. Each surfer on a website might be from a foreign jurisdiction, with laws unknown to the owner of the site. Similarly, each website visited by a surfer might be hosted in a foreign jurisdiction, with laws unknown to the surfer. Every encounter in cyberspace, therefore, raises the possibility that diverse laws will apply. The rules for choosing among diverse laws--the subject of this part of the Symposium on "Choice of Law and Jurisdiction on the Internet"--thus appear uniquely important for cyberspace.
Surprisingly, however, the number of actual cases addressing choice of law on the Internet is far, far lower than the initial analysis would suggest. Although there is the possibility of diverse national laws in every Internet encounter, some mysterious mechanisms are reducing the actual conflicts to a handful of cases.
This Article seeks to explain those mysterious mechanisms. It does not primarily address the prescriptive task of saying what the optimal rules should be for resolving conflicting national laws that affect the Internet. Instead, it takes on a descriptive task. It treats choice of law on the Internet as a dependent variable; the task is to explain when and how choice-of-law rules actually matter on the Internet. That choice-of-law question, in turn, overlaps considerably with the even broader question--when and how does any rule of law actually matter on the Internet?
In order to deepen our understanding of the effects of legal rules generally and of choice-of-law rules in particular, this Article compares current Internet legal issues with the list of issues described in my 1998 article, Of Elephants, Mice, and Privacy: International Choice of Law and the Internet. (1) The historical comparison shows that most of the current choice-of-law topics were already identified in the earlier period. The chief exception concerns cybercrime and related computer security topics, which were only dimly seen on the horizon in 1998.
The discussion then turns to the mysterious mechanisms that have reduced the possibility of incessant choice-of-law disputes down to the actual handful of cases. Four significant filters exist before a court must choose among conflicting national laws: technology's ability to trump law; lack of jurisdiction over defendants; the harmonization of diverse laws; and the existence of self-regulatory and other systems that suppress choice-of-law conflicts for transactions. For a core concern of the earlier article--business sales to consumers over the Internet (2)--this last filter has proven decisive in avoiding choice-of-law conflicts.
Only a small subset of disputes makes it through all four filters. For those that do, this Article offers a new typology for the categories of residual disputes. First, harms can occur to third parties who are not bound by contracts between surfers and websites. Those harms can happen to owners of intellectual property, where laws have not been harmonized. They can also happen in tort, most prominently for the tort of defamation. Second, conflicts can occur for a limited number of issues involving significant moral, political, or constitutional differences among nations. To date, the most prominent disputes have involved speech protected by the First Amendment to the U.S. Constitution. In the future, we can expect occasional, albeit important, court decisions that seek to choose among national laws in the event of diverse laws.
THE TOPICS OF INTERNET LAW
Many of the major current topics of Internet law, which can lead to international choice-of-law disputes, were identified in the 1998 article. (3) A variety of consumer-protection and other issues can arise as individuals surf on foreign web pages or buy from foreign sites. Intellectual property disputes are manifest, notably for copyrights and trademarks. Privacy and data protection issues exist, such as when protective rules in Europe are not matched by laws in the United States and other countries. Content that is objectionable in some jurisdictions is legal in others. Notable examples include hate speech, pornography, and treasonable or politically censored speech. On the Internet, where everyone can be a publisher, digital defamation can easily occur.
In 1998, it was also possible to identify the types of business issues that would be troublesome on the Internet and potentially raise choice-of-law issues. Taxation becomes more complex as commerce shifts to the Net and away from identified import/export companies. Countries vary in their acceptance of gambling and other business activities. Looking ahead, in a world of outsourcing and offshoring, there will likely be increasing issues concerning professional licensing and the application of local labor laws to Internet activities.
Strikingly, the 1998 list missed a dark side of international Internet behavior. Even for those of us immersed in researching the Internet, there was little or no attention paid to the importance of computer security and cybercrime, much less to the potential use of the Internet for terrorist activity. (4) Since 1998, the Internet community has become far more aware of crime and security-related issues, which often occur across national borders. These issues include computer hacking, diffusion of computer viruses, identity theft, phishing, (5) and spyware. Another related topic that has expanded in importance concerns a different sort of unwanted intrusion into a user's computer, through spam.
In short, the Internet makes it easy and inexpensive for an actor in one country to affect another country. The number of potential transborder legal disputes, which contain choice-of-law issues, seems enormous.
DOES TECHNOLOGY TRUMP LAW? THE METAPHOR OF ELEPHANTS AND MICE
As discussed in the 1998 article, (6) the hope and belief of many Internet pioneers was that geography would prove "a virtually meaningless construct on the Internet." (7) In that early era, there were brave declarations that "the Internet treats censorship as damage, and routes around it," or "national borders aren't even speedbumps on the Information Highway." (8) For these Internet pioneers, the vision was that technology would trump law.
The 1998 article introduced the metaphor of elephants and mice to explain when that vision was provably false or else substantially held true. (9) In short, "elephants" are organizations that will be subject to the law, while "mice" can hope to ignore it. Elephants are large companies or other organizations that have major operations in a country. Elephants are powerful and have a thick skin, but are impossible to hide. They are undoubtedly subject to a country's jurisdiction. Once laws are enacted, they likely will have to comply. By contrast, mice are small and mobile actors, such as pornography sites or copyright violators, who can reopen immediately after being kicked off of a server or can move offshore. Mice breed annoyingly quickly--new sites can open at any time. Where harm over the Internet is caused by mice, hidden in crannies in the network, traditional legal enforcement is more difficult.
Applied to choice of law, the earlier article explained how the metaphor of elephants and mice suggests where international choice-of-law rules are most likely to be important:
Elephants are often subject to jurisdiction in multiple countries. When disputes arise, the issue quickly becomes which sovereign's rules will apply--the classic choice of law question. As international sales to consumers become more prominent, choice of law disputes will often arise between the seller's country and the individual's national consumer protection law. On the other hand, the legal regulation of mice will more rarely implicate choice of law issues. The mice will disguise their identity, dispute jurisdiction, and hide their assets from judgment. Only rarely will they emerge into the light of open court to assert a defense based on choice of law. (10) The activities of mice, I believe, were what the early Internet pioneers were implicitly assuming when they claimed that national laws would have little effect on cyberspace. There are two key features to violations of law caused by mice--it is hard to stop one mouse, and there is rarely only one mouse. Think about the difficulty in tracking one virus writer or one person who illegally distributes copyrighted songs and pictures over the Internet. Next, think about how much more difficult it is to try to stop all virus writers or all those who illegally distribute copyrighted material.
There are strategies in the physical world for catching mice and stopping them (or at least most of them) from getting at the food in the pantry. Analogous strategies exist for the virtual world, and are discussed further in the Conclusion. Where those strategies are not in place, however, mice will often be able to evade the effects of law. Current examples include: hackers who attack systems remotely; virus writers; sites that show content that is illegal locally (such as pornography, hate speech, or speech otherwise censored by the local regime); Internet scams, including phishing; and illegal copying of copyrighted songs, photos, and other material. One current example that is causing particular problems for the Internet is the flood of unauthorized commercial e-mail, or spare. The (perhaps rabid) mice who send spare go to great lengths to stay hidden, and often...