LEGAL TIMES JANUARY 23, 1995
TECHNOLOGY REPORT
Law in Cyberspace
Suppose you wanted to witness the birth and development of a legal system. You would need a large, complex social system that lies outside of all other legal authorities. Moreover, you would need that system somehow to accelerate the seemingly millennial progress of legal development, so you could witness more than a mere moment of the process.
This hypothetical system might seem like a social scientist's fantasy, but it actually exists. It's called the Internet.
The Net has acquired a reputation as the electronic Wild West_a place where legal authorities are hamstrung by outlaw hackers trading credit-card numbers, dealing in child pornography and copyrighted software, all communicating privately using military-grade encryption systems.
To be sure, the Net as a whole is_quite literally_lawless. The worldwide network has tens of millions of users, crosses national boundaries, and lacks any sort of sovereign. Law in force on one part of the Net is just so many words to the rest of its users, and since everything is connected and communications take only fractions of a second, the less regulated sections often trump those where laws are enforced.
Yet this reputation misses a key point. Like any community for which previous legal models are obsolete, the Net appears to be generating its own. Only a few years into its explosion in size and traffic, it has developed the glimmer of an extra-legal legal system. A combination of user-service contracts, customary practice, and technological and administrative precedent has given the Net its own rules and crude enforcement mechanisms.
"There is a significant amount of self-governance already apparent on the Net, best analogous to a combination of tribal and feudal governance," says Henry Perritt Jr., a cyberlaw expert at Villanova University Law School in Villanova, Pa. "The question is whether, as it evolves, its institutionalization will cause it to become closer and closer to conventional legal systems."
ANALOGY TO LAW MERCHANT The favored analogy among cyberlaw experts for the Net's emerging legal system is the medieval "law merchant." The law merchant, widely seen as the ancestor of modern commercial law, began as a set of enforceable customary practices honored by traders from diverse parts of pre-state Europe.
"No statute or other authoritative pronouncement of law gave rise to [the law merchant's] existence," I. Trotter Hardy, a cyberlaw expert at the Marshall-Wythe School of Law at the College of William and Mary, wrote in the University of Pitts-burgh Law Review. "[It] existed in some sense apart from and in addition to the ordinary rules of law that applied to non-merchant transactions."
In much the same way, adds David Post, a computer law expert at Georgetown Uni-versity Law Center, the Net community is developing its own customary practices_and its own means of enforcing them. It has also developed its tribal chieftains_the system operators, or sysops, who administer online services. "The sysops on the Net become like the law merchant's trade-fair administrators," Post says. "If you abide by the sysops' rules, you can continue to participate in the activities they allow. If you don't, you will be subject to collective action by the people who choose to subject themselves to these rules." (Post moderates a discussion group on Lexis Counsel Connect, an online service for lawyers that is affiliated with Legal Times.)
Almost all privately owned systems have user-services contracts, and users are permitted to log on only after agreeing to the system's operating rules. Some, like the Prodigy online service, specifically encourage civility among users, allowing system administrators to screen out offensive language. Others are less restrictive, simply forbidding users from employing the system to violate state or federal law.
Few, however, function democratically. Vienna, Va.-based America Online Inc., for example, recently terminated the accounts of an undisclosed number of users after other users complained that they were distributing child pornography over the system. AOL reported the incidents to the FBI and unilaterally closed the accounts_without notifying the terminated users.
Any use of the system to violate the law, says AOL spokeswoman Pamela McGraw, also violates AOL's terms of service. "If you feel that your account was terminated unfairly, you can write a letter to the terms-of-service office," says McGraw.
But not all of the Net falls squarely inside these user-service arrangements, and in the more public areas, rules are generated_and enforced_in an almost tribal fashion.
SPAM ANTIDOTES One such rule is the prohibition against "spamming," or posting substantively identical messages to multiple Usenet newsgroups. Usenet is a giant set of discussion groups, known as newsgroups, transported around the world mainly over the Internet. On Usenet, Net users post comments on a wide variety of political, cultural, computer-related, and other issues.
Spamming, which is usually done by advertisers, involves bombarding numerous newsgroups with copies of the same message. Usenet denizens hate spam, complaining that it lards newsgroups with irrelevant "noise." Because newsgroups have such diverse topics, few messages are relevant to very many of them, so custom forbids posting the same message to more than a few groups and requires that the same message placed on more than one newsgroup be placed using a recognized procedure called "cross-posting," which saves disk space.
Many users consider spamming the equivalent of littering because it wastes disk space on the many computers around the world that host Usenet. A fairly wide consensus has developed over the past year that the Usenet community cannot tolerate spamming, and users have organized to put a stop to it.
The most famous anti-spam action took place last summer when Scottsdale, Ariz., lawyers Laurence Canter and Martha Siegel posted an advertisement for legal services on thousands of different newsgroups. Angry messages from all over the world flooded their e-mail addresses, overloading and shutting down their e-mail server. Moreover, their postings were systematically "canceled"_removed from newsgroups around the world, using a computer program called a "cancelbot."
While the Canter and Siegel case made national headlines, it is hardly the only example of the Usenet community enforcing its rules against spamming.
More interesting is the so-called "Cancelmoose[tm]," an anonymous user who regularly issues cancels against spam through a computer in Norway. If the Net is the Wild West, Cancelmoose might be Wyatt Earp.
Cancelmoose's activities have elicited cries of censorship from some critics, who feel that canceling any message constitutes a violation of the free-speech rights of the message's poster.
"This guy is a one-man crime wave," says Patrick Clawson, president and chief executive of the Huntington Beach, Calif. -based TeleGraphix Communications Inc., a software-development firm. "How do you deal with transnational civil-rights violations?"
But the criticism has been surprisingly muted, largely because Cancelmoose is widely seen not as a censor but as an enforcer of the accepted rules of Usenet. There are no polls to measure Cancel-moose's popularity, but the vast majority of messages posted to newsgroups are supportive.
"Ninety-nine percent of the people who express any opinion about it at all are happy that it's being done," Usenet denizen Karen Lofstrom wrote in response to a Legal Times posting. "The 1 percent or less who object . . . are not well-regarded members of the Net community."
Cancelmoose is a fascinating example of the Net's self-government because of the care he takes to avoid going beyond the community's consensus on which cancels are legitimate. He posts a justification for each of his cancels on a newsgroup devoted to net abuse, including in that justification a copy of the original message and a list of the newsgroups from which the spam was removed. He also includes information allowing sysops to override the cancels.
"Those who choose not to honor [Cancelmoose's] cancellations can do so trivially," writes a net-abuse reader whose user name is Lazlo Nibble. "That they do choose to honor the cancellations strongly implies that they agree with the action being taken."
Cancelmoose also takes pains to emphasize that the content of messages does not influence his decision whether or not to cancel them. "This is not being done because the message is an ad. This is not being done to censor a critic. This is not being done because I am offended by the words in his message. [The spammer] has not been 'silenced'_any and all non-spam messages from the same poster will remain untouched by me," Cancelmoose writes in every cancel announcement. "To stop a man from speaking his views in the public square is censorship. To stop a man from speaking his views when he amplifies his voice 67 times the normal volume is not."
The net-abuse newsgroup serves both as the Net community's access to Cancelmoose and as a place where incidents of spam are raised and debated_a sort of locus for Usenet law. When spam is brought to the attention of the newsgroup, users write to the sysop at the site from which the spam originated, and the sysop frequently takes care of the problem_and apologizes.
But there is, everyone acknowledges, a dark side to cancels: Not everyone who issues them is as popularly accepted_or as accountable_as Cancelmoose. In recent weeks, messages posted to a newsgroup devoted to debating Scientology were canceled by an unnamed user_jokingly dubbed "Cancelpoodle" by appalled Usenet denizens. The cancel orders claimed that the messages contained copyrighted material, and shortly after the messages vanished, Church of Scientology International attorney Helena Kobrin requested that the entire newsgroup be removed from Usenet. The word "Scientology" itself, she argued, is a registered trademark of a church affiliate, and the newsgroup "serves no purpose other than condoning . . . illegal practices" such as copyright and trademark infringement.
Kobrin says she does not know who issued the cancel messages_she did not deny that it could have been a church member or even the church itself. "Regardless of who is doing it, however," she writes in an e-mail message. "the materials should never have been posted on the Internet in the first place."
Usenet denizens claim that the Scientologists are trying to shut down the newsgroup because Scientology regularly takes a beating there from ex-church members and cult investigators. And the net-abuse crowd considers such content-based cancels deeply disturbing.
Cancelmoose, reached by Legal Times at an anonymous e-mail address on a computer in Finland, strenuously denies any involvement in the Scientology cancels. "Canceling messages because you disagree with the opinions expressed therein is pure censorship, and I condemn such actions," writes Cancelmoose.
But he does acknowledge that community-sanctioned actions like his own could lead inexorably to renegade canceling. "That is one of the valid objections to my actions," he writes. "This was discussed [on Usenet] in depth a number of months ago, and the conclusion seemed to be that the threat from spamming (and the resultant attacks against spammers) were worse than the threat of people writing cancelbots."
Since the Scientologists' attempts to eliminate the Scientology newsgroup, the net-abuse newsgroup has been abuzz with talk of how the community should respond. Several messages have mentioned possible technical fixes that may prevent renegade canceling.
INNOVATIVE SOLUTIONS Such technical fixes are not uncommon in the emerging law of the Internet. As befits its unique environment, the Internet's emerging legal system is making use of technical innovation as an adjudicatory mechanism. The Net's technical standards are the province of the Internet Architecture Board, a volunteer organization that meets periodically to discuss which communications standards the Internet should use. When standards problems arise, the IAB puts out a Request for Comments, or RFC, which outlines possible solutions.
This might sound far removed from law, except that technical problems often have a policy dimension, and the growing RFC literature includes a body of precedent on many key Internet questions.
"There's a spectrum of things we're involved in, from clear technical standards all the way to administrative policy," says John Postel, a research scientist at the Infor-mation Sciences Institute at the University of Southern California, who is an ex-officio member of the IAB.
Adds Jack Hidary, chief executive of IdentiNet, a Rockville, Md. -based Internet consulting company, "RFCs are a powerful means for both technical and policy-oriented innovation on the Internet."
One recent example of the nexus between rules and standards is the IAB's response to an ongoing controversy over Internet domain names. Each Internet e-mail address includes a unique combination of characters that identifies the addressee's computer system. Called the domain, this expression has to be registered with an organization in Herndon, Va., known as the InterNIC.
The InterNIC, however, refuses to arbitrate trademark disputes over domain names, registering them instead on a first-come, first-served basis. And Postel put out an RFC embodying the InterNIC's current hands-off policy. Thus, such domain names as "nasdaq.com," "hertz.com," and "esquire.com" were all registered by people other than anyone affiliated with the Nasdaq stock market, Hertz car rental, or Esquire magazine, according to The Washington Post.
While no litigation has clarified whether copyright law extends to domain names, the Net community has begun looking for a technical solution. A discussion has begun within the Internet community about whether adjusting the domain standard might alleviate the trademark problem_and what sort of adjustments the fix would require.
"It's a matter of controversy in the Internet community, and there will no doubt be further RFCs on this issue," says Hidary.
And this apparently suits Postel just fine. Although he says he wrote the RFC as policy guidance for the InterNIC "if somebody reading this RFC has an idea for technical modifications that would address the problem, we encourage that."
A more grass-roots example of this sort of government-by-popular -invention began with Columbus, Ohio-based Compuserve Inc.'s recent announcement that its Graphics Interchange Format (GIF) would no longer be available without licensing fees. GIF is a widely used storage program that allows graphics files to be transferred easily between online services and users' computers. Developed by Compuserve in 1987, it is also widely used on the World Wide Web.
The announcement came after Compuserve learned that it had inadvertently used a technology patented by Unisys Corp. at the heart of the GIF algorithm. While Compuserve had always been willing to let GIF be used for free_and the program had been incorporated into many third-party software packages_Unisys suddenly wanted royalties for its part of the technology.
Within two weeks of Compuserve's announcement of its legal problem, the Net was bursting with possible solutions. At least two modifications of GIF were developed within just a few days. The so-called GEF program, say its creators at TeleGrafix Communication, can read all GIF files and save in GIF format without impinging on the Unisys patent. According to TeleGrafix's Clawson, he is only waiting for the green light from Compuserve to release his new program.
"We are prepared to put the GEF up on the Internet and up on Compuserve as a gift to the public," says Clawson. But "if we do not have Compuserve's consent, we are into a copyright infringement suit."
Compuserve has not formally given Clawson permission, but spokesman Pierce Reid insists that Compuserve will not try to prevent developers from distributing altered versions of GIF. "There are lots of technologies that will make GIF work," says Reid. "We regard it as an open and universal standard, and we would never restrict it in any way."
In fact, early last week, Compuserve announced that it would lead the charge to make GIF obsolete. A statement by vice president Tim Oren invited the software development community to work with Compuserve on a more advanced GIF that does not depend on Unisys. The new standard, promises Reid, "will be free and open . . . as the original GIF was intended to be."
The harnessing of rapidly changing technology as a means of avoiding legal problems isn't by any means unique to the Net. But cyberlaw expert Perritt points out that the massive communications infrastructure offered by the worldwide network makes it unusually flexible in inventing its way out of the legal problems that affect its citizens.
"Technology and entrepreneurship and relatively free markets can almost always escape undesired legal implications, and if you speed up the technology, then you increase the flexibility," says Perritt. "The law's impact is limited by that phenomena."
But Perritt cautions that it's far too early to proclaim the Net's sovereignty. Just how far Net self-governance will go depends, he says, on how far real law lets it go.
"That's the $64 question," he says. "The final test of self -governance is whether an external court declines to interfere in [a Net] dispute."
T H E E N DB