Chapter 7.

Cyber Law and Business

Cyber law is considered to be an interdisciplinary topic because it cuts across numerous areas of law such as commercial law, intellectual property, financial law, criminal law, international law etc. This arises out of recent technological developments. These developments are often described as the informational revolution, the rise of the World Wide Web and the development of cyberspace. The conflict of opinions regarding these technological developments has been focused on their legal implications. On one hand, government officials and some other commentators argued that the dramatic developments in information technology are so great as to require brand-new types of regulation. On the other hand, others have taken the position that while the technological changes are indeed dramatic, the legal implications of these changes can fairly easy be accommodated by existing legal concepts, institutions and rules. At present, the balance inclines towards the first opinion. Thus, the technological revolution triggered a legal one, departing from legal rules and doctrines towards the development of entirely new ones. However, there is considerable uncertainty and disagreement about precisely what changes are needed and what the content of new rules should be1. Here are some of the questions that national and multinational legal system will need to address.

7.1. Governance of cyber space

First issue focuses on whether there should be any government regulation regarding cyber law and if so, what government institutions should be entrusted to provide it. The question arises because unlike most other forms of activity, cyberactivity does not take place to the same degree within the territorial sovereignty of any particular state.

John W. Head, General Principles of Business and Economic Law, Ed. Carolina Academic Press, Durham, NC, 2008, p. 97..

For example, if Cherry Mary sends an e-mail to her friend in another country or searches the Internet for information about the explorer Christopher Columbus, or orders a book from Amazon.com, or visits the website of The Economist magazine, her activity not only that crosses national borders but remains in some sense outside the borders. That being the case, what government entity, if any, has legal authority to regulate the content of Cherry Marys e-mail message, to monitor the fees charged for using an Internet search engine or reading an on-line magazine, or to settle an eventual commercial dispute arising out of the agreement by Amazon.com to sell the book? Some experts on the matter argue that cyberspace cannot legitimately be governed by territorially based sovereigns and that the online world should be its own legal jurisdiction or even multiple jurisdictions. Others, including government officials, argue that territorially base laws should govern any conceivable online activity2. An important step towards solving the issue has been made ten years ago in the US court case of Zippo Mfg. Co. v. Zippo Dot Com, Inc. The Court defined jurisdiction over websites along a classification with three main categories. Passive websites supply information accessible to anyone surfing the Internet. Examples include informational and advertising websites, such as university websites. Passive websites typically would not trigger jurisdiction in a foreign nation because they do not avail themselves of the foreign market. However, foreign governments can prohibit their own citizens from visiting certain websites containing content banned under their own laws3. Interactive websites post information accessible to anyone surfing the Internet, but also conduct a limited amount of interactive activities. It is not certain that interactive websites should trigger foreign jurisdiction. Courts judge the issue on a case-by-case basis, mostly depending upon the type and frequency of the websites cyberspace activities. Highly interactive commercial websites direct activity into a foreign jurisdiction. Highly interactive or commercial websites are generally seen as triggering jurisdiction in a foreign nation and they are subject to foreign regulation, liability and judicial
2

Patricia L. Bellia et al., Cyberlaw: Problems of Policy and Jurisprudence in the Information Age , 2003, p.63. 3 John W. Bagby, Cyberlaw Handbook for E-Commerce, 2003, p.21.

determination of their rights. For example, if a shoe company located in Malaysia sells its shoes exclusively to Canada via its website, sends out advertising emails to Canadian email addresses, and establishes affiliate programs with Canadian business websites etc., then the shoe company will be subject to jurisdiction in Canada. Thus, according to this classification of the websites, national governments will try to impose regulation over some or all of the activities that Cherry Mary was engaged in. However, it is uncertain whether such regulations in fact are enforced. In practice, governments typically will be unable to impose effective regulation over some or all of these activities in which Cherry Mary is engaged. If one national government would try to do so, one or more other national governments are likely to object on the grounds that such regulations will impinge on their own sovereignty. Even non-governmental organizations such as Internet Corporation for Assigned Names and Numbers (ICANN) or even eBay can and do regulate cyberspace. However, there are disadvantages and advantages for NGOs in doing that. One disadvantage is that because the regulation is non-governmental, there is no guarantee of appropriate oversight or due process in the regulatory activities. However, one advantage is that regulation is more flexible because it does not rely on top-down governmental solutions4. Also, resistance to regulation will come from citizens or users themselves on a variety of grounds. For instance, regulation of e-mail correspondence would in many countries be considered illegal causing the infringement of guarantees and expectations of the freedom of expression or the right to privacy. Thus, we can say that the nature of cyber-space raises both practical and conceptual issues. Here is an expert opinion on this matter: Internet is arguably regulated as much by non-state entities as it is by formal sovereign governments. [] Traditionally, law involves a centralized sovereign actor that exerts power within its territorial boundaries. However, several features of the Internet combine to disrupt this framework: the instantaneous extraterritoriality of most acts, the lack of centralized power and the fluidity of geographic or political boundaries. To a much greater degree
4

Patricia L. Bellia et al., Cyberlaw: Problems of Policy and Jurisprudence in the Information Age , 2003, p.333.

than with other technologies, the design choices made by engineers will also act as a type of regulation. [Thus,] challenges posed to the concept of law by Internet technology5.

7.2. Rights and Freedoms in Cyberspace

Although the new technology of cyberspace raises many issues specifically relating to individual rights and freedoms, three in particular stand out as more important: the right to intellectual property, the freedom of expression and the right to privacy. From an intellectual property protection perspective several questions arise: Who owns the content that travels through cyberspace and what rights arise from such ownership? How much control should content owners have over the use or dissemination of their work over the Internet? Some argue that the law should provide more and better tools to prevent members of the public from copying writings, music and other works without the author permission. Opponents of this view challenge the notion that digital transmissions constitute copies at all. They argue that the public should be allowed to share, lend and pass on digital materials as it was traditionally done with hard copies of books, music etc. What liability, if any, should Internet service have for infringement of copyright initiated by their subscribers? In the area of freedom of expression, many countries are struggling with the question if where to strike a balance between government regulation and the freedom of speech. The right is stipulated in many national constitutions and statutes and also it is the key of many human rights treaties that were signed by most countries in the world. However, cyberspace is a tool that can be adversely used conveying inflammatory speech, threatening speech, defamation, hate speech, violent speech etc. The question also arises in the area of privacy, meaning the ability of consumers to control what information about them other people may be able to view or gain access

Maggie Chon, Introduction to Cyberspace, at www.cyberspacelaw.org.

to on the Net. Privacy advocates that on the Net there is not much privacy at all. The mere act of visiting a website generally triggers the placement of cookies on an individuals computer. These cookies enable the website to welcome back a visitor but they also allow the operators of that website to read from the cookie what other websites and that particular individual has visited. This information may be sold to the third parties or kept by the website itself to ascertain consumers preferences and target new product offerings6. The European Union has taken preventive measures such as Directive on Data Protection (Directive 95/46/EC, 1998). This Directive controls the gathering and use of personal data as well as any dissemination of that information. Thus, a company that gathers information must obtain the individuals permission and explain how that information will be used. Also, individuals can see the information that has been gathered about them and correct or delete it. Individuals can also bring legal action against anyone who misuses the information. The American approach to this matter is more reactive, meaning that legal remedies would be provided if an individual can prove that he or she suffered some injury as a result of privacy invasion. The two different views have generated considerable friction between EU and USA, EU refusing to provide personal data on EU citizens to the countries that cannot protect it according to EU standards.

7.3. Cybercrime
Usually, any new environment generates criminal activity. Cyberspace is no exception. Criminal activity in the context of cyberspace can take many forms. National governments and international agencies are just beginning to fight such crimes effectively and to provide protection against the crimes and the criminals that commit them. The range of cybercrimes includes the following:

Robert E. Litan, Law and Policy in the Age of Internet, 50 Duke Law Journal 1045 (2001), pp. 10571058.

fraud in financial transactions conducted over Internet and in an electronic manner; illegal gambling; illegal copyright infringement; malicious computer spamming; identity theft gaining enough personal information about an individual via electronic means as to pretend to be that person; drug-related crimes using Internet prescriptions to buy controlled drugs; unauthorized access to computer files hacking; spreading computer viruses; other Internet crimes of a financial nature e.g. tax evasion; computer crimes creating death or serious physical injury the disruption of emergency response, medical care, telecommunications, electric power; cyber-stalking crime done using chat rooms. Many countries have problems in fighting this range of various forms of cybercrime. One of the most challenging fights is the one at international level. Some of the challenges arise because of inadequate coordination of laws and law enforcement efforts of international level. In response to these challenges, several multilateral steps have been taken. For example, the Convention on Cyber Crime from 2000 takes serious steps in harmonizing substantive national laws in the field of computer crimes, empowering domestic law enforcement officials to obtain electronic evidence within their territorial jurisdiction and developing mechanisms for expedited legal assistance in the investigation and prosecution of computer crimes.