A famous cartoon from the New Yorker of 5 July 1993, reproduced here, encapsulates one of the best-known features of the Internet. The sender of an Internet communication cannot necessarily be presumed to be who he says he is, nor can the sender always be sure of the recipient's true identity. In other words, a user's digital identity has no necessary connection with his physical world identity. Internet users have traditionally selected their own email identities, and that email identity is still the commonest way of identifying Internet users. Staid persons, like lawyers, tend to use their real names as part of their email address.

Others adopt an identity which they choose for varying and idiosyncratic reasons – eg in the gliding newsgroup rec.aviation.soaring can be found messages from White Bird, Soarfox, and others who have adopted aviation-related identities. Some Internet actors even use services such as anonymous remailers to hide their identity completely.

Other types of Internet communication also lack clear identification of the communicating parties. For example, when a user requests a Web page, that request is made via a communication which identifies the host through which the user has Internet access, and may possibly identify the user's computer in some way. However, it does not usually identify the person who has made the request. The website controller may also not be easily identifiable – the registered identity of a domain name owner may be checked via the relevant domain name registry, but this simply gives the information provided by the registrant, which may or may not be correct or informative.

It is a general principle in the physical world that the laws of a particular jurisdiction normally only have effect within the boundaries of that jurisdiction. The application of this principle to physical world activities is comparatively straightforward; the geographical location of an actor or an object at the relevant time is objectively determinable, and on that basis the application of local law and the appropriate jurisdiction can be decided.

The geography of the Internet, however, is purely virtual. In operation it pays no heed to geographical or political boundaries. Furthermore, the physical world location of those parts of the Internet infrastructure via which a communication is carried may be purely fortuitous. The result in many cases is that the parties to an Internet transaction are faced with overlapping and often contradictory claims that national law applies to some part of their activities. In the physical world such overlaps are comparatively rare and, except in private law actions, are often ignored as being too trivial to require legal action. In the Internet world these overlaps are pervasive, and have the potential to stifle legitimate activity or even to encourage deliberate law-breaking.

Introduction

One of the great dangers when examining a technical subject is misuse of the collective noun. For example, for many years some biologists argued that evolution worked, in part at least, through natural selection at the level of the species. ‘Species’, however, is a collective noun for the whole set of individual members of that species, and it is now clear that the evolutionary mechanism works only at the level of individual species members, or even at the lower level of the individual genes which have determined that individual's characteristics. For the purposes of evolutionary study, treating a species as a discrete entity is simply incorrect.

The word ‘Internet’ is, perhaps surprisingly, also a collective noun. This fact is obscured because we tend to speak of ‘the’ Internet; as a result it is very difficult not to think of it as a single entity. For the purposes of legal analysis, however, this single entity perspective is almost always misleading. It leads to a number of assumptions, all of which are false:

• that there is a recognisable controller of the Internet, who might ultimately be responsible for it;

• that the Internet has a fixed, definable infrastructure; and

• that the information and services obtainable via the Internet are provided by that entity called ‘the Internet’.

The examination of legal and regulatory issues in the preceding chapters indicates that the challenges posed by the Internet are unlikely to be solved merely by adapting and extending existing legal concepts. The new ways of communicating via the Internet raise legal questions which are fundamentally different for one of two reasons:

• The activity is unknown in the physical world, and is so unlike any current type of activity that no existing legal or regulatory model is appropriate. One of the clearest examples of this is the identity certification infrastructure, examined in detail in Chapter 5.

• Although the problem is present in the physical world and cannot be solved by extending existing concepts, it occurs so infrequently that leaving it unsolved is an acceptable solution. However, the same problem occurs so frequently in the context of Internet activities that it becomes qualitatively different. Examples of this type of challenge to the law include the domain name/trade mark issues examined in Chapter 3 and the application of indirect taxation rules to on-line supplies of information – see Chapter 8.1.1.1.

If we ask ourselves why these activities present fundamentally new challenges to the law, we see that the challenges arise out of two characteristics which are rarely, if ever, exhibited by traditional physical world activities.

The genesis of this book lies in the author's experience in teaching computer law to students. Many of the ideas expressed here have been developed in discussion and team teaching with my colleagues of the Information Technology Law Unit, Dr Ian Walden, Lars Davies, Christopher Millard, John Angel, Laura Edgar, Gavin Sutter, Julia Hörnle and Anne Flanagan. Their contributions have been made over a period of years, and cannot now be separately identified. However, I am conscious that much of what is of value in this book is attributable to their own work, and gratefully acknowledge their otherwise uncredited efforts. Of course, all errors and misunderstandings remain my own responsibility. I also take this opportunity to acknowledge the assistance of Mark Lewis, whose assistance in my practice work in the Internet law field has been invaluable and who was kind enough to read and comment on parts of the first edition.

Finally, mention must be made of the collective contribution of the hundreds of students who have painstakingly listened to my lectures on the topics considered in the book and have challenged and refined my thinking. In particular I must thank those of the 1999/2000 University of London LLM cohort who provided research assistance for the first edition on specific topics (Roux de Villiers and Sajan Poovayya) and Mr Juan Avellan, PhD researcher at the Information Technology Law Unit for information on electronic signatures and identity certification.

As we have seen in Chapters 1 and 2, the internet technologies require the participation of intermediaries to make transactions possible. Although intermediaries such as banks or commercial agents play an important part in physical world commerce, there are fundamental differences between physical world and internet intermediaries:

• Physical world intermediaries are conscious actors in the transaction, whereas internet intermediaries are often unconscious actors.

• Physical world intermediaries have a prior, legal relationship with one of the primary actors; internet intermediaries more commonly have no pre-existing relationship.

In essence, internet intermediaries play one of two roles in an information transaction. They may provide services to one or more of the parties, including fundamental communications services such as access, information storage, etc. Alternatively, they may provide some additional service which facilitates a transaction between end users, eg identifying one of the parties, providing search facilities, etc. Liability for providing defective services of this kind will be based on established legal principles, although the application of those principles to previously unknown types of service may not be obvious.

More important, though, is the role of intermediaries in relaying information through TCP/IP packet switching. This raises the question of their potential liability for the third party information content of those packets. Although these intermediaries operate via software which processes information automatically and in ignorance of its content or the nature of the transaction, in some cases they are the most easily identified targets for legal action if information content which they carry infringes a third party's rights.

Although, as we have seen, the Internet has produced new actors and new types of transaction, much of the activity taking place via the Internet is still closely analogous to physical world dealings. This is because the Internet is merely a communications mechanism, albeit a highly sophisticated global medium, and can therefore be used to enter into traditional types of transaction. The challenge for the law is to adapt the provisions which currently regulate physical world transactions so as to provide adequate solutions to the new disputes which arise when they are carried out in electronic form.

Difficulties exist because the law has developed over a long period of time during which physical actors and physical media were the only, or at least the primary, mechanisms by which transactions with legal consequences could be effected. When the first elements of communication were dematerialised with the electric telegraph, the result of the communication was still a physical document written by a clerk on a telegram form. This enabled the courts to consider this communication technology as simply a new method of transmitting a physical letter. More recent dematerialisation technology such as the facsimile (fax) machine has been treated in the same way. Similarly, once dematerialised communications methods such as the telephone, radio and telex enabled ‘conversations’ at a distance, the courts noted that there were human actors at either end and treated these in the same way as face-to-face negotiations.

This distinction between applicability and enforceability is fundamental to the future development of Internet law. It is a comparatively easy task for a legislator to draft a law which applies to a particular activity undertaken via the Internet, but much more difficult to frame the law so that it is enforceable in practice. Laws which are unenforceable have two major defects; not only do they fail to deal with the mischief which the law seeks to remedy, but the knowledge that they are unenforceable weakens the normative force of other laws.

Exploring the paradox

The Internet is almost certainly the largest information resource which has ever existed. In theory, there is no limit to its growth. Of course, it will always in fact be finite, but on the scale of human usage it may in practice be treated as potentially infinite. This is true both of the network itself, and of the information resources available via that network.

To take a simple example, accessing a server via the Internet requires one to know its IP address. This is expressed as four binary numbers, each of eight bits (four octets). In theory, therefore, the maximum number of servers which can be connected to the Internet is 232 or in decimal notation 4,294,967,296. To put this in context, the current population of the world is estimated at just over six billion, so that there are probably enough potential IP addresses to allow every adult to run his or her own server. But if this number of potential servers becomes insufficient, each person (including children) in the estimated world population of around 9.5 billion in 2050 could be allocated over 100 IP addresses by modifying the address format to five octets.

Internet users will know that server addresses are identified to humans by domain names. These are expressed in alphanumeric form (eg ccls.edu), and a computer known as a Domain Name Server matches these names to the numerical IP addresses.

The process of mapping the flow of internet communications and determining the roles played by the actors in a transaction is complex, even in the simplest of cases. This is because it is almost never true that only two parties are involved. Every internet transaction requires the participation of multiple intermediaries, and may well involve more than two actors. Each of these plays its own part in carrying out the transaction.

From the perspective of the naïve observer, it may not be at all obvious that multiple parties are involved, or what their roles are. A legal analysis of the internet transaction, however, requires an understanding of all those whose activities play a part in the transaction. It is perfectly possible that some action which appears to have been performed by X was in fact carried out by Y, and this will clearly be relevant to the rights and obligations of those involved.

To clarify the investigation of these players and their roles, this chapter will make frequent reference to a simple, hypothetical transaction in which software is sold on-line. In the physical world this transaction is comparatively simple. The buyer enters a shop, agrees to buy the software from the seller, hands over cash, and leaves in possession of a copy of the software. The Internet equivalent is at first sight nearly as simple.

Aims and methodology

The most difficult task when writing a legal text is deciding what to leave out. This difficulty is compounded at least a hundred-fold when the subject of the book is Internet law. The reason for this becomes apparent when the so-called ‘Cyberspace fallacy’ is examined more closely.

The Cyberspace fallacy states that the Internet is a new jurisdiction, in which none of the existing rules and regulations apply. This jurisdiction has no physical existence; it is a virtual space which expands and contracts as the different networks and computers, which collectively make up the Internet, connect to and disconnect from each other. The geographical locations where activities occur are often purely fortuitous, dictated by the then current configuration of the Internet. The world-wide accessibility of the Internet means that no one legal jurisdiction has de jure or de facto control of these activities. From all this, it is concluded that no jurisdiction has any control.

A moment's thought reveals the fallacy. All the actors involved in an Internet transaction have a real-world existence, and are located in one or more legal jurisdictions. The computing and communications equipment through which the transaction takes place is also located in legal jurisdictions, even though it may be difficult to identify precisely which equipment was in fact used. It is inconceivable that a real-world jurisdiction would deny that its laws potentially applied to the transaction.

Arbitrage, in the financial markets, is the process of finding a difference in pricing between two counterparties and exploiting the differential for profit. Arbitrage in terms of law and regulation is a very similar process, and consists of locating a commercial activity (or part of it) in a jurisdiction which confers advantages, while continuing to do business in other jurisdictions without being subject to the burdens which those jurisdictions impose on local businesses. This phenomenon is well-known already in the field of taxation, and many corporations locate their head offices in tax havens (usually small islands with favourable climates).

However, the opportunities for legislative and regulatory arbitrage are limited for physical world businesses. The need for a sales force and physical distribution infrastructure usually subjects the business to the laws and regulations of the jurisdictions in which it has customers. This is not true for Internet activities. In particular, where the business is dealing in information products it will often be able to adopt a distributed business model (see Chapter 2.4) and locate the different elements in multiple jurisdictions. This can create two main types of arbitrage advantage:

• Decreased overheads, eg because lower taxes are payable or a reduction in the cost of complying with supervisory regimes.

• Avoidance of restrictions on, or in extreme cases prohibition of, certain activities.