Internet & Jurisdiction

I went to the last Internet & Jurisdiction gathering in Paris. I can’t make it to the one that starts today in Ottawa, but I would have come if I could. I’ve been thinking about the last one all year because it was full of good, smart people trying to make progress on coherent and practical Internet jurisdiction. What I also loved about it was that I came away strongly disagreeing with the direction they were going. More on that below, but first some background.

Dwarf Galaxy Caught Ramming Into a Large Spiral Galaxy
(NASA, Chandra, 08/14/13) from NASA Marshall Space Flight Center.
This and the other space images accompanying this blog post appear
to be in the public domain, in spite of NASA's weird licensey language
to the contrary.
Background: Internet Jurisdiction

Jurisdiction is one of the oldest and thorniest questions for Internet policy: “Which government(s) get to regulate what and who, where?”

As John Perry Barlow put it in his 1996 manifesto declaring the Internet’s independence from government regulation, “[Cyberspace] is a world that is both everywhere and nowhere, but it is not where bodies live.” In that piece, he argued that regulation of the Internet by governments was both unwise and impractical. Others saw it differently. As Tim Wu wrote in 1997,  “it is possible to regulate the Internet, and ... countries, corporations, organizations, and private individuals are already doing so.” The first important legal cases involving the extent of government jurisdiction over the Internet were decided shortly thereafter.

As the Internet has grown, become more mainstream, and increased in importance, particularly with respect to real world consequences that governments have historically regulated, questions of which governments get to regulate who and what online have become increasingly frequent. These questions get “answered” in courts, as governments make laws, and by corporations and individuals as the architecture, norms, markets, and regulation of the Internet develop.

There has been no straight line of consensus “progress” from one point of view to another. Even now, there are big questions that are being actively fought, including the United States Supreme Court considering Microsoft’s challenge to request by the United States for user data stored in Ireland, and the Supreme Court of Canada asserting the ability to order content removed globally only to have a U.S. District Court disagree.

The technological landscape has also changed dramatically. Over the last twenty years, as billions of people started using the Internet it has morphed from an incredibly decentralized landscape of personal websites hosted from tiny service providers, often at the very edge of the network, to a more centralized set of cloud-storage service providers serving a large percentage of the population. If the FBI wanted to find out whether I had sent an email to a particular person in 1996, they would have had to come to my house to get my computer and take a look at my locally stored email, if I hadn’t already deleted it. Today, all my email is on Google’s servers, just like that of more than a billion other people from all over the world. The public content I created used to be housed on a server in my closet. If someone thought I was saying something illegal, they would have likewise most likely have had to come to me in order to get it removed from the Internet. While it is true that, in some situations, some other avenues existed to get my information or remove my content, they were not very broadly available or used. By contrast, now, most of my online content is served from large U.S. corporations, like Google and Github. If they decide my content shouldn’t be online, they can remove it and force me to go look for another publisher. In some cases the online service providers are so important that no suitable replacement would exist.

Tarantula Nebula (NASA, Chandra, Hubble, Spitzer,
04/17/12) from NASA Marshall Space Flight Center.
Towards a coherent, if abhorrent, Internet jurisdiction policy

The Internet & Jurisdiction Conference (I&J for short) focuses on three broad tracks: data, requests for private user data; content, requests to render content inaccessible; and the internet domain name system. I’m most interested in the first two and these comments are mostly meant for them.

I&J had a wide variety of participants and many more government and law enforcement types than I generally find at the Internet policy conferences. The conversation was therefore more oriented towards those stakeholders than at some other conferences, and it was quite similar in tone to the types of conversations happening in governments and courts all over the world right now.

In both the data request and content removal areas, these conversations are moving towards a coherent, if abhorrent, policy of allowing governments almost everywhere to get data about any internet user or remove any content without needing to engage the users themselves or the court systems of their jurisdictions. Most discussions exclude certain governments from the club that should have this type of power, but the idea that data should be able to be given over and content should be able to be suppressed through interactions between governments and repeat-player intermediaries was so ingrained in many of the discussions as to be an assumption. Convenience and speed are touted as principal advantages.

For example, a Facebook user in Mexico should have their data given to authorities in the England on a request to Facebook. A Canadian Microsoft user should have their post suppressed, at least in Thailand if not all over the world, via a request to Microsoft. Even if the user is known to the complainant, no direct approach to them is contemplated. At some companies under some circumstances the user might get a notice, but that is left to the companies and to the circumstance. This is not just “All your base are belong to us” but “All your base aren’t ever belonged to you in the first place.”
Black Hole Caught in a Stellar Homicide (NASA, Chandra,
GALEX, 05/03/12)
 from NASA Marshall Space Flight Center.
A challenge: Center Internet policy on users citizens

If I were able to come again this year, I would. Indeed, my favorite conferences are those at which a majority of the attendees are smart, passionate advocates with direct experience with the subject matter and with whom I disagree (see e.g. the excellent Fordham Intellectual Property Institute). If I was there, I would challenge the attendees to propose a way forward that centers on the user rather than removing them from the equation. It is more convenient to just go to the big corporate repeat players. They are well known to the governments and can be counted on to pick up the phone. However, an Internet jurisdiction policy that regularly circumvents the user will encourage countermeasures to return power to the user -- the emerging prevalence of end-to-end encrypted services is one good example of this trend. More importantly, those users are our countries’ citizens, they deserve our respect and, at least, to be able to face their accusers and challenge the accusations. There may be cases where expediency trumps all, but this is the tiny minority of cases, not the norm on which policy should be based.

The YouTube clip above is of me trying to make a similar point at the end of last year's I&J.

PS If you want to read more about the current intermediary liability battles, please follow Daphne Keller and Eric Goldman and take a look at their excellent sets of resources on the topic at Stanford and on Eric’s blog. Graham Smith also wrote a couple of posts in the run-up to this year’s I&J.

Star Cluster Cygnus OB2 (NASA, Chandra,
11/07/12) from NASA Marshall Space Flight Center.

No comments: