Internet Governance (3): Law and Internet Governance

Law and Internet Governance is part of a series of research papers on Internet Governance. You can read other parts here:

Innocent Beginnings

In 1996, addressing the “Governments of the Industrial World,” John Perry Barlow wrote, as a representative of the Cyberspace community, “You are not welcome among us. You have no sovereignty where we gather. You have no moral right to rule us, nor do you possess any methods of enforcement we have true reason to fear.” (Barlow 2019)

These were the happy days of the Internet and Web boom beginnings. Indeed Barlow wasn’t alone in thinking that Cyberspace is, or should be, immune to the interventions of nation-states and their laws. A self-governing Cyberspace was a concept, and a cause, that not only Internet enthusiasts and libertarian activists, the likes of Barlow, have touted. Disappointed that this school of thought seemed quite prevalent at the time, Neil Netanel argues that such an “impassioned call for cyberspace independence,” by Barlow, “cannot be dismissed.” He then laments the fact that “The idea that cyberspace should be presumptively self-governing has resounded in thoughtful scholarship.” (Netanel 2000)

Among the scholars defending the idea of self-governing Cyberspace, the most prominent was David Johnson and David Post. The two wrote extensively explaining why Cyberspace is an “exceptional” borderless realm that can’t be subjected to traditional laws based on territoriality. Together they penned one of the most referenced and quoted papers on the topic titled “Law and Borders: The Rise of Law in Cyberspace” (Johnson and Post 1996)

A Self-Governing Cyberspace

In their paper, Johnson and Post provide the most convincing arguments for the idea of a self-governed Cyberspace that can and should develop its own rules and laws. They first explain how traditional laws can’t develop or apply without corresponding physical boundaries in the real world. (p. 1368) This correspondence is based on four considerations necessary for the legitimacy and feasibility of laws: Power, Effects, Legitimacy, and Notice. For laws to be enforced, a sovereign power should have absolute control over a territory within which it enforces such laws. Effects of behavior and events should be clearly delimited with physical boundaries so that a specific set of rules and laws is applicable to them. Laws are legitimate due to the consent of the group of people to which they apply, by virtue of the group being defined by residence within a specific jurisdictional territory, or a permanent link to it. Finally, physical boundaries are necessary as notice of the applicable rules and laws that should be observed within them. (p. 1370-71)

Cyberspace, as Johnson and Post prove, breaks every single consideration of these in relation to real-world laws based on physical boundaries. No single sovereign has the power to fully control “transborder dataflow” into its territories or to enforce its laws on foreign parties to Cyberspace events implying violations of these laws. However, governments all over the world try incisively to impose their laws on Cyberspace events and activities. (p. 1372) They assert their law-making authority over Cyberspace activities based on considering that these activities constitute entry into their physical jurisdiction. Such a claim however can be made by any jurisdictional entity, as Cyberspace events can be anywhere, and nowhere in particular. (p. 1374) Thus none of these authorities can claim an exclusive right to deal with any cross-border Cyberspace activity.

Similarly, the effects of a Cyberspace activity are not limited by any physical boundaries corresponding to a law space, thus no specific set of rules among many can be decided to be the one applicable to this activity. (p. 1375) Additionally, if a sovereign power seeks to enforce its laws on some Cyberspace activity, those affected can’t all be consenting to its performance of its rights, making such enforcement illegitimate. And finally, entering a website, or any virtual area of Cyberspace, gives no notice of crossing jurisdictional borders into a place where specific rules or laws apply. (p. 1376)

On the other hand, Johnson and Post claim that thinking of Cyberspace as a “realm of human activities” with distinct virtual boundaries demarcated by screens and login passwords, can solve all these problems. (p. 1378) Throughout the rest of their paper, they offer an outline of how various interconnected Cyberspace self-governing communities may develop their own rules, and interact with real-world jurisdiction entities.

Code as Means for Regulation

In response to what became a school of thought under the name “Cyberlibertatianism” there arose “Cyberpaternalism”. The most prominent representatives of this school are Lawrence Lessig, especially in his book Code 2.0 (Lessig 2006), and Joel R. Reidenberg, in his paper “Lex Informatica: The formulation of information policy rules through technology”. (Reidenberg 1997) Both scholars, and many others, claim that real-world governments, through laws and other means, not only could but should, regulate Cyberspace interactions. Both confess that traditional laws may have a hard time trying to regulate this space. In Reidenberg’s words: “serious jurisdictional obstacles confront the enforcement of any substantive legal rights in the network environment.” (Reidenberg 1997, 554) However, a better means to regulate Cyberspace, one that already does, albeit under little to no control of governments, is the technical architecture of Cyberspace itself. In other words, the Internet protocols, and software, the Code.

Lessig believes that there can be no doubt that the Code of Cyberspace will continue to be built adding more regulations to people’s behavior and interactions in this space, the questions he thinks to be more important are: By whom will this code be developed? And with what values? (Lessig 2006, 6) Accordingly, he makes clear that:

We can build, architect or code cyberspace to protect values that we believe are fundamental. Or we can build, architect or code cyberspace to allow those values to disappear. There is no middle ground. (p. 6)

Reidenberg calls “the set of rules for information flows imposed by technology and communication networks,” Lex Informatica (Information Law) (Reidenberg 1997, 555), and he asserts that:

Policymakers can and should look to Lex Informatica as a useful extra-legal instrument that may be used to achieve objectives that otherwise challenge conventional laws and attempts by governments to regulate across jurisdictional lines. (p. 556)

This call on governments to “intervene at the code level,” ordering those developing it “to build in their values,“ has been actually taken on board by governments rather strongly, especially in the last two decades. (Bernal 2018, 22)

The Status Quo

As governments work on the level of code to build in their values, here arises the questions “Which values?” and “Whose values”, and before that, are governments responsible for imposing certain values in the first place? (Bernal 2018, 22) In this regard, Paul Bernal says:

There is a burgeoning worldwide market in surveillance technology, whilst ‘content filtering’ and other methods of what amount to code-based censorship is being implemented for many different reasons from fighting extremism and piracy to ‘protecting’ children from ‘adult’ content. (Bernal 2018, 22)

But of course, direct intervention on the Code level is not enough for many or most governments. Law has become a tool for imposing such intervention, as well as a tool to directly regulate behavior and activities online. Therefore, companies whose content or services are accessible all over the world need to adjust many of their policies according to different sets of rules and laws, each imposing different and, in many cases, contradicting values. Companies apply different standards in different countries in order to preserve their profits. As an example, in March 2017, Facebook consented to a Pakistani government request blocking 85% of content that under laws in Pakistan was deemed blasphemous. (Bernal 2018, 23)

Generally speaking “the existing framework composed of national laws and a few multilateral treaties does not offer appropriate ‘tools’ for the prevailing relations in cyberspace.” (Weber 2015, 1) Additionally, “poorly conceived laws fail to produce the results they intend” (Bernal 2018, 24) Politicians are more likely to craft such “poorly conceived laws,” due to being under the spell of prevailing myths about Cyberspace, and its activities. Developed, democratic countries and inter-governmental organizations are liable to create law instruments that contradict their declared values. The Digital Rights Ireland Case is a good example of this.

Digital Rights Ireland is a small Irish NGO, that challenged the European Union’s Data Retention Directive which “compelled all ISPs and telecommunications service providers operating in Europe to collect and retain a subscriber’s incoming and outgoing phone numbers, IP addresses, location data, and other key telecom and Internet traffic data for a period of six months to two years.” (EFF 2014) The case ended on April 8, 2014, when the European Court of Justice declared the Data Retention Directive invalid.

In other cases inappropriately applied laws that were poorly conceived in the first place can result in different interpretations from policymakers, law legislators, the judiciary, and law enforcement agencies to have

As Bernal explains:

The broadness and vagueness of some of the terms used –‘indecent, grossly offensive, abusive, threatening, insulting, alarm, distress’–and the potential subjectivity of their interpretation has been a problem, particularly given the constantly developing nature of the discourse and the mismatch between those who spend time on social media and those who enforce the law. Police officers, magistrates, and judges may not always understand the norms of social media. (Bernal 2018, 216)

International Law

One might think that the problems that national laws face or produce when trying to regulate online activities may be resolved by resorting to international legal instruments. Public and private International Laws, are such instruments. The first is related to international treaties that signatory states are obliged to observe, while the second is a set of guiding rules that help resolve jurisdictional conflicts in cross-border cases, deciding which laws apply and which court has the right to hear a case.

In the absence of a Cyberspace related treaty, public international law is limited to a portion of cases that may fall under the purview of International Humanitarian, and Human Rights Laws. Otherwise, courts all over the world chose to exceed their jurisdictional limits hearing cases that involve foreign parties based on weak arguments.

Whether an international treaty pertaining to Internet Governance and Cyberspace activities is likely to be discussed and agreed upon by enough countries is highly doubted. But a more important question might be if such a treaty is desired, in the first place. Governments interventions in regulating Cyberspace activities on the level of Code and infrastructure, and on the level of legislation, have proved to be counter-productive, invasive, and downright harmful to users’ rights and basic freedoms. There is no guarantee, whatsoever, that the same governments may negotiate a better international legal instrument than their own national ones.

Where to go?

The experience of almost two decades of legal intensive intervention into Cyberspace regulations within nation-states’ borders, and, in many cases, across these borders, is rather disappointing. This might be the time to go back to the ideas of the early Cyberlibertarians and resurrect the project of a self-governing Cyberspace. If the last decades have done anything, it is vindicating the arguments for the inability of national laws to truly regulate Cyberspace activities, and the likelihood that trying to apply such laws would harm users’ rights rather than protect them. However, a self-governing Cyberspace is by no means an easy objective to achieve. There is much to be done for it to become a possibility in a rather far future. Till then, mitigating and limiting the damage caused by poorly conceived national laws, and invasive governments policies and practices might be all that one can hope for.


Barlow, John Perry. 2019. “A Declaration of the Independence of Cyberspace.” Duke Law & Technology Review 18 (1): 5–7.

Bernal, Paul. 2018. The Internet, Warts and All: Free Speech, Privacy and Truth. 1st ed. Cambridge University Press.

EFF. 2014. “How Digital Rights Ireland Litigated Against the EU Data Retention Directive and Won.” Electronic Frontier Foundation. September 26, 2014.

Johnson, David R., and David Post. 1996. “Law and Borders: The Rise of Law in Cyberspace.” Stanford Law Review 48 (5): 1367.

Lessig, Lawrence. 2006. Code 2.0. Version 2.0. New York: Basic Books.

Netanel, Neil Weinstock. 2000. “Cyberspace Self-Governance: A Skeptical View from Liberal Democratic Theory.” California Law Review 88 (2): 395.

Reidenberg, Joel R. 1997. “Lex Informatica: The Formulation of Information Policy Rules Through Technology.” Tex. L. Rev. 76: 553.

Weber, Rolf H. 2015. Realizing a New Global Cyberspace Framework: Normative Foundations and Guiding Principles. 1st ed. 2015. Berlin, Heidelberg: Springer Berlin Heidelberg : Imprint: Springer.