Sovereignty In Cyberspace — What Are The Boundaries?

The common thread which runs through the fabric of judicial thinking in this regard is that parties who avail themselves of technology in order to do business in a distant place should not then be able to escape that place’s legal jurisdiction.

 by Dr. Ruwantissa Abeyratne-Mar 11, 2018

Governments of the Industrial World, you weary giants of flesh and steel, I come from cyberspace, the new home of Mind…John Perry Barlow

( March 11, 2018, Montreal, Sri Lanka Guardian) I was struck by the above quote, contained in the obituary of The Economist of February 24th of John Perry Barlow whom the Economist described as “Internet Utopian”.  The Economist went on: “He saw what other people had not yet seen, that this was a new space – one to which he quickly applied an existing term, cyberspace, and his own metaphor, the electronic frontier”.

This got me thinking: who has sovereignty over cyberspace?  In the sense of airspace and outer space, as well as the sea, sovereignty can be reasonably determined.  In the context of air space, The Chicago Convention says that every State has sovereignty over the air space above its land and territorial waters.  Of course, to what extent air space applies vertically above that land and water has not been determined, arguably because States do not want to constrain themselves on the control they could have above their land and water.  As to sovereignty over the sea, The United Nations Convention on the Law of the Sea (UNCLOS) says it extends to 12 nautical miles beyond the State’s land boundaries.  The Jury is out on at what point outer space starts, again on the assumption that air space ends at the threshold height when the Atmosphere ends (speculatively about 100 kilometres above ground).

But what about cyberspace which transcends State boundaries? Could a State, in which a person buys an item from E-Bay, claim sovereignty over the transaction and therefore apply its jurisdiction to the contract?  What about the country in which the server was?    Wolff Heintschel von Heinegg in his article: Legal Implications of Territorial Sovereignty in Cyberspace states: “The principle of territorial sovereignty applies to cyberspace and it protects the cyber infrastructure located within a State’s territory. States are prohibited to interfere with the cyber infrastructure located in the territory of another State. This certainly holds true if the conduct is attributable and if it inflicts (severe) damage on the integrity or functionality of foreign cyber infrastructure. Moreover, States have the obligation not to allow knowingly their territory to be used for acts that violate the territorial sovereignty of another State…”

This is all well and good for interference with cyberspace infrastructure and where tangible territorial sovereignty principles as described above, can be applied. Author Michael Hanlon envisions the consequences of a cyber attack: “at first, it would be no more than a nuisance. No burning skyscrapers, no underground explosions, just a million electronic irritations up and down the land. Thousands of government web pages suddenly vanish… the disruption continues: thousands of popular websites, from eBay to YouTube, start malfunctioning or are replaced by malicious parodies. Tens of millions of pounds are wiped off the share price of companies like Amazon as fears grow that the whole Internet credit card payment network is now vulnerable and insecure… eventually, reports start to flood in that hundreds of thousands of personal bank accounts have been raided overnight”.

James D. Zirin, writing to the Washington Times said: “It is an irony of the digital age that technology has aided the security forces in detecting and thwarting terrorist operations and has helped terrorists do their evil”.

In taking action against cyber crimes, then US President Bill Clinton, in a 1999 speech to the National Academy of Sciences said: “open borders and revolutions in technology have spread the message and the gifts of freedom, but have also given new opportunities to freedom’s enemies… we must be ready… ready if our adversaries try to use computers to disable power grids, banking, communications and transportation networks, police, fire, and health services—or military assets”.

What about the consequences of the use of cyberspace as mentioned above regarding contracts?    If an arms deal goes through cyber space where the buyer transacted on his computer from his hotel room in Montreal where the server was in Minnesota, and the seller was in Amsterdam?   Cyber contracts are commonly called “click‑wrap” agreements and are formed over the Internet in their entirety. The essence of a “click‑wrap” agreement is that when an offeree visits the web site of a person who has advertised his goods for sale at a given price and agrees to buy those goods, indicating his assent to be bound by the terms of the offeror — or person who offers to sell goods on the Internet — a contract is concluded. There is no paper exchange, nor is there the need for the signature of either parties to the contract.

Arguably, one of the key indicators that cyber contracts should be construed as possessing special characteristics in the context of performance the need to resolve issues of jurisdiction.  Given the worldwide web and its global application, the most compelling question in this regard would pertain to the trans-boundary applicability of an Internet contract.  If an offer originated from a computer based in the vendor’s office in Virginia, or as in the case of an e-ticket sale, an invitation to treat is issued in Virginia and is responded to by the buyer in Paris, the question at issue would be whether the seller “pushed “his message to Paris or whether the buyer “pulled” the message from Virginia.  In such an instance could the vendor claim that it is unjust to apply French law merely because a computer in Paris “pulled “or received his message?  In the 1996 case of United States v. Thomas, concerning criminal liability of the defendant for having posted pornographic pictures on his computer, the defendant claimed that he had not “pushed “pornographic pictures into Tennessee from his server in Los Angeles and therefore should not be subjected to Tennessee’s laws. The defendant Thomas claimed that rather, it was the other way around and that a computer in Tennessee “pulled “the pornographic pictures.  The Thomas case clearly brought to bear the compelling need for courts to determine whether a buyer or recipient of a message “drags” a message and therefore whether the jurisdiction in which that recipient is placed is appropriate for a dispute to be adjudicated on.

In determining jurisdiction in an e-commerce case, the most fundamental issue that arises for consideration is whether any jurisdiction in which either the buyer or seller transacted the business concerned can rule the entire internet.  In the case ofMinnesota v. Granite Gate Resorts, Inc. The court of Appeal of Minnesota ruled that the laws of Minnesota were applicable to an online gambling business located in Las Vegas that operated through a server in Belize. The Minnesota case is somewhat consistent with some cases and at the same time distinguishable from other decisions in various jurisdictions of the United States and Canada (such as those discussed below) which are inclined to follow the approach that every jurisdiction cannot impose its advertising, gambling and consumer protection laws to the entire internet.

The most convenient analogy to an e-transaction comes from the two jurisdictions of Canada and the United States.  Would an offeror in Canada, who offers $500 over the Internet for a round trip between Toronto and Miami, be able to enforce an auction agreement against a United States airline at its home base in Florida?  In a case decided in 1952 in Canada where the plaintiff brought a case to the Ontario High Court against an American radio broadcasting station which was broadcasting from across the border, allegedly libellous statements which could be heard over the air waves in Canada, the defendant radio station brought up a motion of dismissal, alleging that the Ontario Court in Canada had no jurisdiction to hear a case against a party to the action which was an enterprise based in the United States.  The Court disagreed and held: “A person may utter all the defamatory words he wishes without incurring any civil liability unless they are heard and understood by a third person.  I think it a “startling proposition” to say that one may, while standing south of the border or cruising in an aeroplane south of the border, through the medium of modern sound amplification, utter defamatory matter which is heard in a Province in Canada north of the border, and not be said to have published a slander in the Province in which it is heard and understood”.

The principle of universal application of jurisdiction has been invoked in other instances, where courts have accepted jurisdiction on the basis of sales made to customers through the defendant’s web site, or based on soliciting donations, or based on subscribers signed up by the defendant for services delivered over the Internet, or for having follow‑on contacts, negotiations, and other dealings in addition to, and often as a result of the initial Internet‑based communication.  The common thread which runs through the fabric of judicial thinking in this regard is that parties who avail themselves of technology in order to do business in a distant place should not then be able to escape that place’s legal jurisdiction.