260 likes | 492 Vues
Prof. David W. Opderbeck Seton Hall University Law School Fall 2010. Cybersecurity Law. Internet Governance: The Big Picture. © 2010 David W. Opderbeck Licensed Under Creative Commons Attribution / Share Alike. Cybersecurity Law. Who Governs the Internet?.
E N D
Prof. David W. Opderbeck Seton Hall University Law School Fall 2010 Cybersecurity Law Internet Governance: The Big Picture © 2010 David W. Opderbeck Licensed Under Creative Commons Attribution / Share Alike
Cybersecurity Law Who Governs the Internet? • The Internet’s genesis as a network using open protocols for university researchers • Much of the “governance” structure arose piecemeal and pragmatically • No coordinated international legal / treaty mechanisms
Cybersecurity Law ICANN • Internet Corporation for Assigned Names and Numbers: oversees the Domain Name System (DNS) • DNS translates a uniform resource locator (URL) – e.g., www.cnn.com – into the unique numeric IP address used to route messages over the Internet(for www.cnn.com: 157.166.224.26)
Cybersecurity Law ICANN • Authority over domain name addresses originally rested with the U.S. Defense Information Systems Agency under the Internet Assigned Numbers Authority (IANA) • IANA now operated by ICANN • ICANN is a non-profit corporation (chartered in California) operating under agreements with the U.S. Department of Commerce
Cybersecurity Law ICANN • Authority over domain name addresses originally rested with the U.S. Defense Information Systems Agency under the Internet Assigned Numbers Authority (IANA) • IANA now operated by ICANN • ICANN is a non-profit corporation (chartered in California) operating under agreements with the U.S. Department of Commerce
Cybersecurity Law ICANN • ICANN governed by a Board of Directors of 15 voting members • Regional Internet Registries, ccTLDs (country code top level domains), and gTLDs (generic TLDs) have ICANN “supporting organizations” • No direct government participation: a “Governmental Advisory Committee” • Technical advisory committees • Security and At-large advisory committees
Cybersecurity Law ICANN Source: ICANN Website
Cybersecurity Law ICANN • ICANN’s DOC agreements have moved ICANN closer to full private governance of the DNS • Significant issues remain: e.g. control over the master root zone file; internationalization of domain names; security protocols for the DNS; WHOIS information about IP address holders; creation of new top-level domains • E.g.: under the U.S. DOC contracts with ICANN and Verisign, no change in the root zone file can be made without DOC approval; and Verisign manages the .com, .net .or, .edu, .gov and .us domain names • U.S. blocking of new .xxx TLD
Cybersecurity Law ICANN • At WSIS (World Summit on Information Society – U.N.-sponsored) meetings, developing and non-western countries have sharply criticized U.S. influence over ICANN • Many of the ICANN Board members are affiliated with Internet businesses • Meaningful participation is time-consuming and difficult – perhaps only 250 people are true opinion-makers
Cybersecurity Law The Internet Society • ISOC: Group of nonprofit organizations that address technical standards and protocols – international technologists drawn from industry, academia and government • Internet Engineering Task Force • Internet Engineering Steering Group • Internet Architecture Board
Cybersecurity Law The World Wide Web Consortion • W3C: sets standards for the World Wide Web. Not part of ISOC, but collaborates with ISOC.
Cybersecurity Law The International Telecommunication Union • ITU: UN Agency • Addresses operating standards for telecommunications networks and tariff questions • Often suggested that ITU should take over some of ICANN’s functions • Intergovernmental organization – only governments vote in the ITU
Cybersecurity Law Council of Europe Convention on Cybercrime • Convention on Cybercrime requires signatories (46 signatories) to adopt minimum standards on cybercrimes; cooperation in investigations and extradition • Note: U.S. refused to sign until a provision that would have required rules banning racist language was removed
The Yahoo! Case and Internet Governance • Facts / Procedural History • Yahoo!’s auction sites include auctions for Nazi memorabilia • French law makes the sale of Nazi objects illegal • Action by public interest groups in France to block access to Yahoo! Auction sites under the French law
The Yahoo! Case and Internet Governance • Facts / Procedural History • French injunction: “take all measures at their availability, to dissuade and render impossible all visitation on Yahoo.com to participate in the auction service of nazi objects, as well as to render impossible any other site or service which makes apologies of Nazism or that contests Nazi crimes.”
The Yahoo! Case and Internet Governance • Facts / Procedural History • Subsequent French ruling: • upholds original injunction after hearing expert testimony that 70-90% of French traffic to Yahoo! could feasibly be filtered through a combination of IP-based and self-identification • But note testimony of Vinton Cerf (known as the “Father of the Internet”) about the problems with self-identification • 100,000 Franc per day fine for non-compliance • Court notes that Yahoo!’s efforts to comply with earlier order “for the most part” satisfy that order
The Yahoo! Case and Internet Governance • Facts / Procedural History • Yahoo! Then seeks a declaratory judgment in California that the French orders are unenforceable • California district court agrees • Appeal to Ninth Circuit; court hears appeal en banc
The Yahoo! Case and Internet Governance • Analysis • 8 judges conclude there is personal jurisdiction over the French parties • 3 of these 8 conclude the case should be dismissed for lack of ripeness • 5 of these 8 conclude the case is ripe for adjudication • 3 judges conclude there is no personal jurisdiction • Therefore: 6 of 11 judges vote to reverse (3 on ripeness ground and 3 on personal jurisdiction grounds)
The Yahoo! Case and Internet Governance • Analysis – Personal Jurisdiction • Opinion for the judges finding personal jurisdiction: • Specific jurisdiction based on D’s forum contacts and P’s claim • Purposeful availment includes cease and desist letter, service of process in California, and obtaining orders that require compliance in California with threat of substantial penalty
The Yahoo! Case and Internet Governance • Analysis – Ripeness • Opinion for the judges finding the case is not ripe • The French orders only relate to Internet users in France; nothing about restricting access to users in the U.S. • To the extent the French order requires Yahoo! to take actions in the U.S., under principles of comity, it could be challenged if “repugnant” to the public policy of the U.S. • The fact that French law may differ from U.S. law does not make it “repugnant” to U.S. public policy • It is unclear even what further actions, if any, the French orders require • No substantial hardship to Yahoo! because it may already have substantially complied with the French orders
The Yahoo! Case and Internet Governance • Analysis – Judges who would have found no personal jurisdiction • The French orders directed Yahoo! To perform action in France, not in Calfornia • No evidence of purposeful availment of the California forum • The U.S. court should have abstained from exercising jurisdiction under principles of comity • The French litigation was effectively an act of state • “The criminal statutes of most nations do not comport with the U.S. Constitution. That does not give judges in this country the unfettered authority to pass critical judgment on their validity.…”
The Yahoo! Case and Internet Governance • Analysis – Judges who would have the case ripe for adjudication • “the issue before is whether a United States Internet service provider, whose published content has been restricted by a foreign court injunction, may look to the United States federal courts to determine the enforceability of these restrictions under the United States Constitution’s First Amendment.”
The Yahoo! Case and Internet Governance • Analysis – Judges who would have the case ripe for adjudication • Yahoo!’s servers are located in the U.S. • The French injunctions therefore represent a prior restraint on speech in the U.S. • The French orders are vague: “[t]hey require Yahoo! To guess what has to be censored on its Internet services here in the United States, under threat of monetary sanction if it guesses wrong.” • Easily satisfies the “repugnancy” standard for not enforcing a foreign judgment
The Yahoo! Case and Internet Governance • Analysis – Judges who would have the case ripe for adjudication • “Under the principles articulated today, a foreign party can use a foreign court decree to censor free speech here in the United States on any range of subjects it finds objectionable – religion, democracy, gender equality – in the name of enforcing its own country’s laws.”
The Yahoo! Case and Internet Governance • What does this case suggest about cyberspace as a “space?” • Is cyberspace “exceptional” or “unexeceptional”? • What happens when important public policy values collide in cyberspace? • Can / should cyberspace govern itself? • In today’s readings, Kurbalija and Clarke suggest, to differing degrees, a stronger role for international organizations in Internet governance, either through new treaty obligations and/or WTO and WIPO. What security concerns does this raise?