This article's lead section may be too short to adequately summarize the key points.(September 2021) |
Part of a series on |
Legal aspects of computing |
---|
Information technology law (IT law), also known as information, communication and technology law (ICT law) or cyberlaw, concerns the juridical regulation of information technology, its possibilities and the consequences of its use, including computing, software coding, artificial intelligence, the internet and virtual worlds. The ICT field of law comprises elements of various branches of law, originating under various acts or statutes of parliaments, the common and continental law and international law. Some important areas it covers are information and data, communication, and information technology, both software and hardware and technical communications technology, including coding and protocols.
Due to the shifting and adapting nature of the technological industry, the nature, source and derivation of this information legal system and ideology changes significantly across borders, economies and in time. As a base structure, Information technology law is related to primarily governing dissemination of both (digitized) information and software, information security and crossing-border commerce. It raises specific issues of intellectual property, contract law, criminal law and fundamental rights like privacy, the right to self-determination and freedom of expression. Information technology law has also been heavily invested of late in issues such as obviating risks of data breaches and artificial intelligence.
Information technology law can also relate directly to dissemination and utlilzation of information within the legal industry, dubbed legal informatics. The nature of this utilisation of data and information technology platform is changing heavily with the advent of Artificial Intelligence systems, with major lawfirms in the United States of America, Australia, China, and the United Kingdom reporting pilot programs of Artificial Intelligence programs to assist in practices such as legal research, drafting and document review.
IT law does not constitute a separate area of law; rather, it encompasses aspects of contract, intellectual property, privacy and data protection laws. Intellectual property is an important component of IT law, including copyright and authors' rights, rules on fair use, rules on copy protection for digital media and circumvention of such schemes. The area of software patents has been controversial, and is still evolving in Europe and elsewhere. [1] [ page needed ]
The related topics of software licenses, end user license agreements, free software licenses and open-source licenses can involve discussion of product liability, professional liability of individual developers, warranties, contract law, trade secrets and intellectual property.
In various countries, areas of the computing and communication industries are regulated – often strictly – by governmental bodies.
There are rules on the uses to which computers and computer networks may be put, in particular there are rules on unauthorized access, data privacy and spamming. There are also limits on the use of encryption and of equipment which may be used to defeat copy protection schemes. The export of hardware and software between certain states within the United States is also controlled. [2]
There are laws governing trade on the Internet, taxation, consumer protection, and advertising.
There are laws on censorship versus freedom of expression, rules on public access to government information, and individual access to information held on them by private bodies. There are laws on what data must be retained for law enforcement, and what may not be gathered or retained, for privacy reasons.
In certain circumstances and jurisdictions, computer communications may be used in evidence, and to establish contracts. New methods of tapping and surveillance made possible by computers have wildly differing rules on how they may be used by law enforcement bodies and as evidence in court.
Computerized voting technology, from polling machines to internet and mobile-phone voting, raise a host of legal issues.
Some states limit access to the Internet, by law as well as by technical means.
Global computer-based communications cut across territorial borders; issues of regulation, jurisdiction and sovereignty have therefore quickly come to the fore in the era of the Internet. They have been solved pretty quickly as well, because cross-border communication, negotiating or ordering was nothing new; new were the massive amounts of contacts, the possibilities of hiding one's identity and sometime later the colonisation of the terrain by corporations. [3]
Jurisdiction is an aspect of state sovereignty and it refers to judicial, legislative and administrative competence. Although jurisdiction is an aspect of sovereignty, it is not coextensive with it. The laws of a nation may have extraterritorial impact extending the jurisdiction beyond the sovereign and territorial limits of that nation. The medium of the Internet, like electrical telegraph, telephone or radio, does not explicitly recognize sovereignty and territorial limitations. [4] [ page needed ] There is no uniform, international jurisdictional law of universal application, and such questions are generally a matter of international treaties and contracts, or conflict of laws, particularly private international law. An example would be where the contents stored on a server located in the United Kingdom, by a citizen of France, and published on a web site, are legal in one country and illegal in another. In the absence of a uniform jurisdictional code, legal practitioners and judges have solved these kind of questions according the general rules for conflict of law; governments and supra-national bodies did design outlines for new legal frameworks.
Whether to treat the Internet as if it were physical space and thus subject to a given jurisdiction's laws, or that the Internet should have a legal framework of its own has been questioned. Those who favor the latter view often feel that government should leave the Internet to self-regulate. American poet John Perry Barlow, for example, has addressed the governments of the world and stated, "Where there are real conflicts, where there are wrongs, we will identify them and address them by our means. We are forming our own Social Contract. This governance will arise according to the conditions of our world, not yours. Our world is different". [5] Another view can be read from a wiki-website with the name "An Introduction to Cybersecession", [6] that argues for ethical validation of absolute anonymity on the Internet. It compares the Internet with the human mind and declares: "Human beings possess a mind, which they are absolutely free to inhabit with no legal constraints. Human civilization is developing its own (collective) mind. All we want is to be free to inhabit it with no legal constraints. Since you make sure we cannot harm you, you have no ethical right to intrude our lives. So stop intruding!" [7] The project is defining "you" as "all governments", "we" is undefined. Some scholars argue for more of a compromise between the two notions, such as Lawrence Lessig's argument that "The problem for law is to work out how the norms of the two communities are to apply given that the subject to whom they apply may be in both places at once" (Lessig, Code 190).[ citation needed ]
With the internationalism of the Internet and the rapid growth of users, jurisdiction became a more difficult area than before, and in the beginning courts in different countries have taken various views on whether they have jurisdiction over items published on the Internet, or business agreements entered into over the Internet. This can cover areas from contract law, trading standards and tax, through rules on unauthorized access, data privacy and spamming to areas of fundamental rights such as freedom of speech and privacy, via state censorship, to criminal law with libel or sedition.
The frontier idea that laws do not apply in "cyberspace" is however not true in a legal sense. In fact, conflicting laws from different jurisdictions may apply, simultaneously, to the same event. The Internet does not tend to make geographical and jurisdictional boundaries clear, but both Internet technology (hardware), the providers of services and its users remain in physical jurisdictions and are subject to laws independent of their presence on the Internet. [8] As such, a single transaction may involve the laws of at least three jurisdictions:
So a user in one of the United States conducting a transaction with another user that lives in the United Kingdom, through a server in Canada, could theoretically be subject to the laws of all three countries and of international treaties as they relate to the transaction at hand. [9]
In practical terms, a user of the Internet is subject to the laws of the state or nation within which he or she goes online. Thus, in the U.S., in 1997, Jake Baker faced criminal charges for his e-conduct, and numerous users of peer-to-peer file-sharing software were subject to civil lawsuits for copyright infringement. This system runs into conflicts, however, when these suits are international in nature. Simply put, legal conduct in one nation may be decidedly illegal in another. In fact, even different standards concerning the burden of proof in a civil case can cause jurisdictional problems. For example, an American celebrity, claiming to be insulted by an online American magazine, faces a difficult task of winning a lawsuit against that magazine for libel. But if the celebrity has ties, economic or otherwise, to England, he or she can sue for libel in the English court system, where the burden of proof for establishing defamation may make the case more favorable to the plaintiff.
Internet governance is a live issue in international fora such as the International Telecommunication Union (ITU), and the role of the current US-based co-ordinating body, the Internet Corporation for Assigned Names and Numbers (ICANN) was discussed in the UN-sponsored World Summit on the Information Society (WSIS) in December 2003.
As of 2020, the European Union copyright law consists of 13 directives and 2 regulations, harmonising the essential rights of authors, performers, producers and broadcasters. The legal framework reduces national discrepancies, and guarantees the level of protection needed to foster creativity and investment in creativity. [10] Many of the directives reflect obligations under the Berne Convention and the Rome Convention, as well as the obligations of the EU and its Member States under the World Trade Organisation 'TRIPS' Agreement and the two 1996 World Intellectual Property Organisation (WIPO) Internet Treaties: the WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty. Two other WIPO Treaties signed in 2012 and 2016, are the Beijing Treaty on the Protection of Audiovisual Performances and the Marrakesh VIP Treaty to Facilitate Access to Published Works for Persons who are Blind, Visually Impaired or otherwise Print Disabled. Moreover, free-trade agreements, which the EU concluded with a large number of third countries, reflect many provisions of EU law.
In 2022 the European Parliament did adopt landmark laws for internet platforms, the new rules will improve internet consumer protection and supervision of online platforms, the Digital Services Act (DSA) and the Digital Markets Act (DMA).
This section needs expansion. You can help by adding to it. (February 2023) |
The law that regulates aspects of the Internet must be considered in the context of the geographic scope of the technical infrastructure of Internet and state borders that are crossed in processing data around the globe. The global structure of the Internet raises not only jurisdictional issues, that is, the authority to make and enforce laws affecting the Internet, but made corporations and scholars raise questions concerning the nature of the laws themselves.
In their essay "Law and Borders – The Rise of Law in Cyberspace", from 2008, David R. Johnson and David G. Post argue that territorially-based law-making and law-enforcing authorities find this new environment deeply threatening and give a scientific voice to the idea that became necessary for the Internet to govern itself. Instead of obeying the laws of a particular country, "Internet citizens" will obey the laws of electronic entities like service providers. Instead of identifying as a physical person, Internet citizens will be known by their usernames or email addresses (or, more recently, by their Facebook accounts). Over time, suggestions that the Internet can be self-regulated as being its own trans-national "nation" are being supplanted by a multitude of external and internal regulators and forces, both governmental and private, at many different levels. The nature of Internet law remains a legal paradigm shift, very much in the process of development. [11]
Leaving aside the most obvious examples of governmental content monitoring and internet censorship in nations like China, Saudi Arabia, Iran, there are four primary forces or modes of regulation of the Internet derived from a socioeconomic theory referred to as Pathetic dot theory by Lawrence Lessig in his 1999 book, Code and Other Laws of Cyberspace :
These forces or regulators of the Internet do not act independently of each other. For example, governmental laws may be influenced by greater societal norms, and markets affected by the nature and quality of the code that operates a particular system.
Another major area of interest is net neutrality, which affects the regulation of the infrastructure of the Internet. Though not obvious to most Internet users, every packet of data sent and received by every user on the Internet passes through routers and transmission infrastructure owned by a collection of private and public entities, including telecommunications companies, universities, and governments. This issue has been handled in the paast for electrical telegraph, telephone and cable TV. A critical aspect is that laws in force in one jurisdiction have the potential to have effects in other jurisdictions when host servers or telecommunications companies are affected. The Netherlands became in 2013 the first country in Europe and the second in the world, after Chile, to pass law relating to it. [12] [13] In U.S, on 12 March 2015, the FCC released the specific details of its new net neutrality rule. And on 13 April 2015, the FCC published the final rule on its new regulations.
Article 19 of the Universal Declaration of Human Rights calls for the protection of free opinion and expression. [14] Which includes right such as freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.
In comparison to print-based media, the accessibility and relative anonymity of internet has torn down traditional barriers between an individual and his or her ability to publish. Any person with an internet connection has the potential to reach an audience of millions. These complexities have taken many forms, three notable examples being the Jake Baker incident, in which the limits of obscene Internet postings were at issue, the controversial distribution of the DeCSS code, and Gutnick v Dow Jones, in which libel laws were considered in the context of online publishing. The last example was particularly significant because it epitomized the complexities inherent to applying one country's laws (nation-specific by definition) to the internet (international by nature). In 2003, Jonathan Zittrain considered this issue in his paper, "Be Careful What You Ask For: Reconciling a Global Internet and Local Law". [15]
In the UK in 2006 the case of Keith-Smith v Williams confirmed that existing libel laws applied to internet discussions. [16]
In terms of the tort liability of ISPs and hosts of internet forums, Section 230(c) of the Communications Decency Act may provide immunity in the United States. [17]
In many countries, speech through ICT has proven to be another means of communication which has been regulated by the government. The "Open Net Initiative" by the Harvard University Berkman Klein Center, the University of Toronto and the Canadian SecDev Group [18] [19] whose mission statement is "to investigate and challenge state filtration and surveillance practices" to "...generate a credible picture of these practices," has released numerous reports documenting the filtration of internet-speech in various countries. While China has thus far (2011) proven to be the most rigorous in its attempts to filter unwanted parts of the internet from its citizens, [20] many other countries – including Singapore, Iran, Saudi Arabia, and Tunisia – have engaged in similar practices of Internet censorship. In one of the most vivid examples of information control, the Chinese government for a short time transparently forwarded requests to the Google search engine to its own, state-controlled search engines.[ citation needed ]
These examples of filtration bring to light many underlying questions concerning the freedom of speech. For example, do government have a legitimate role in limiting access to information? And if so, what forms of regulation are acceptable? For example, some argue that the blocking of "blogspot" and other websites in India failed to reconcile the conflicting interests of speech and expression on the one hand and legitimate government concerns on the other hand. [21]
At the close of the 19th century, concerns about privacy captivated the general public, and led to the 1890 publication of Samuel Warren and Louis Brandeis: "The Right to Privacy". [22] The vitality of this article can be seen today, when examining the USSC decision of Kyllo v. United States , 533 U.S. 27 (2001) where it is cited by the majority, those in concurrence, and even those in dissent. [23]
The motivation of both authors to write such an article is heavily debated amongst scholars, however, two developments during this time give some insight to the reasons behind it. First, the sensationalistic press and the concurrent rise and use of "yellow journalism" to promote the sale of newspapers in the time following the Civil War brought privacy to the forefront of the public eye. The other reason that brought privacy to the forefront of public concern was the technological development of "instant photography". This article set the stage for all privacy legislation to follow during the 20 and 21st centuries.
In 1967, the United States Supreme Court decision in Katz v United States, 389 U.S. 347 (1967) established what is known as the Reasonable Expectation of Privacy Test to determine the applicability of the Fourth Amendment in a given situation. The test was not noted by the majority, but instead it was articulated by the concurring opinion of Justice Harlan. Under this test, 1) a person must exhibit an "actual (subjective) expectation of privacy" and 2) "the expectation [must] be one that society is prepared to recognize as 'reasonable'".
Inspired by the Watergate scandal, the United States Congress enacted the Privacy Act of 1974 just four months after the resignation of then President Richard Nixon. In passing this Act, Congress found that "the privacy of an individual is directly affected by the collection, maintenance, use, and dissemination of personal information by Federal agencies" and that "the increasing use of computers and sophisticated information technology, while essential to the efficient operations of the Government, has greatly magnified the harm to individual privacy that can occur from any collection, maintenance, use, or dissemination of personal information".
Codified at 50 U.S.C. §§ 1801–1811, this act establishes standards and procedures for use of electronic surveillance to collect "foreign intelligence" within the United States. §1804(a)(7)(B). FISA overrides the Electronic Communications Privacy Act during investigations when foreign intelligence is "a significant purpose" of said investigation. 50 U.S.C. § 1804(a)(7)(B) and §1823(a)(7)(B). Another interesting result of FISA, is the creation of the Foreign Intelligence Surveillance Court (FISC). All FISA orders are reviewed by this special court of federal district judges. The FISC meets in secret, with all proceedings usually also held from both the public eye and those targets of the desired surveillance.
For more information see: Foreign Intelligence Act
The ECPA represents an effort by the United States Congress to modernize federal wiretap law. The ECPA amended Title III (see: Omnibus Crime Control and Safe Streets Act of 1968) and included two new acts in response to developing computer technology and communication networks. Thus the ECPA in the domestic venue into three parts: 1) Wiretap Act, 2) Stored Communications Act, and 3) The Pen Register Act.
The DPPA was passed in response to states selling motor vehicle records to private industry. These records contained personal information such as name, address, phone number, SSN, medical information, height, weight, gender, eye color, photograph and date of birth. In 1994, Congress passed the Driver's Privacy Protection (DPPA), 18 U.S.C. §§ 2721–2725, to cease this activity.
For more information see: Driver's Privacy Protection Act
-This act authorizes widespread sharing of personal information by financial institutions such as banks, insurers, and investment companies. The GLBA permits sharing of personal information between companies joined or affiliated as well as those companies unaffiliated. To protect privacy, the act requires a variety of agencies such as the SEC, FTC, etc. to establish "appropriate standards for the financial institutions subject to their jurisdiction" to "insure security and confidentiality of customer records and information" and "protect against unauthorized access" to this information. 15 U.S.C. § 6801
For more information see: Gramm-Leach-Bliley Act
-Passed by Congress in 2002, the Homeland Security Act, 6 U.S.C. § 222, consolidated 22 federal agencies into what is commonly known today as the Department of Homeland Security (DHS). The HSA, also created a Privacy Office under the DoHS. The Secretary of Homeland Security must "appoint a senior official to assume primary responsibility for privacy policy." This privacy official's responsibilities include but are not limited to: ensuring compliance with the Privacy Act of 1974, evaluating "legislative and regulatory proposals involving the collection, use, and disclosure of personal information by the Federal Government", while also preparing an annual report to Congress.
For more information see: Homeland Security Act
-This Act mandates that intelligence be "provided in its most shareable form" that the heads of intelligence agencies and federal departments "promote a culture of information sharing." The IRTPA also sought to establish protection of privacy and civil liberties by setting up a five-member Privacy and Civil Liberties Oversight Board. This Board offers advice to both the President of the United States and the entire executive branch of the Federal Government concerning its actions to ensure that the branch's information sharing policies are adequately protecting privacy and civil liberties.
For more information see: Intelligence Reform and Terrorism Prevention Act
Centers and groups for the study of cyberlaw and related areas
Topics related to cyberlaw
Privacy is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.
Wiretapping, also known as wire tapping or telephone tapping, is the monitoring of telephone and Internet-based conversations by a third party, often by covert means. The wire tap received its name because, historically, the monitoring connection was an actual electrical tap on an analog telephone or telegraph line. Legal wiretapping by a government agency is also called lawful interception. Passive wiretapping monitors or records the traffic, while active wiretapping alters or otherwise affects it.
Computer and network surveillance is the monitoring of computer activity and data stored locally on a computer or data being transferred over computer networks such as the Internet. This monitoring is often carried out covertly and may be completed by governments, corporations, criminal organizations, or individuals. It may or may not be legal and may or may not require authorization from a court or other independent government agencies. Computer and network surveillance programs are widespread today and almost all Internet traffic can be monitored.
Jonathan L. Zittrain is an American professor of Internet law and the George Bemis Professor of International Law at Harvard Law School. He is also a professor at the Harvard Kennedy School, a professor of computer science at the Harvard School of Engineering and Applied Sciences, and co-founder and director of the Berkman Klein Center for Internet & Society. Previously, Zittrain was Professor of Internet Governance and Regulation at the Oxford Internet Institute of the University of Oxford and visiting professor at the New York University School of Law and Stanford Law School. He is the author of The Future of the Internet and How to Stop It as well as co-editor of the books, Access Denied, Access Controlled, and Access Contested.
Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizations, but it may also be carried out by corporations. Depending on each nation's laws and judicial systems, the legality of and the permission required to engage in mass surveillance varies. It is the single most indicative distinguishing trait of totalitarian regimes. It is often distinguished from targeted surveillance.
Center for Democracy & Technology (CDT) is a Washington, D.C.-based 501(c)(3) nonprofit organisation that advocates for digital rights and freedom of expression. CDT seeks to promote legislation that enables individuals to use the internet for purposes of well-intent, while at the same time reducing its potential for harm. It advocates for transparency, accountability, and limiting the collection of personal information.
The Electronic Communications Privacy Act of 1986 (ECPA) was enacted by the United States Congress to extend restrictions on government wire taps of telephone calls to include transmissions of electronic data by computer, added new provisions prohibiting access to stored electronic communications, i.e., the Stored Communications Act, and added so-called pen trap provisions that permit the tracing of telephone communications . ECPA was an amendment to Title III of the Omnibus Crime Control and Safe Streets Act of 1968, which was primarily designed to prevent unauthorized government access to private electronic communications. The ECPA has been amended by the Communications Assistance for Law Enforcement Act (CALEA) of 1994, the USA PATRIOT Act (2001), the USA PATRIOT reauthorization acts (2006), and the FISA Amendments Act (2008).
Email privacy is a broad topic dealing with issues of unauthorized access to, and inspection of, electronic mail, or unauthorized tracking when a user reads an email. This unauthorized access can happen while an email is in transit, as well as when it is stored on email servers or on a user's computer, or when the user reads the message. In countries with a constitutional guarantee of the secrecy of correspondence, whether email can be equated with letters—therefore having legal protection from all forms of eavesdropping—is disputed because of the very nature of email.
Privacy law is a set of regulations that govern the collection, storage, and utilization of personal information from healthcare, governments, companies, public or private entities, or individuals.
Cryptography is the practice and study of encrypting information, or in other words, securing information from unauthorized access. There are many different cryptography laws in different nations. Some countries prohibit the export of cryptography software and/or encryption algorithms or cryptoanalysis methods. Some countries require decryption keys to be recoverable in case of a police investigation.
Internet censorship in the United States is the suppression of information published or viewed on the Internet in the United States. The First Amendment of the United States Constitution protects freedom of speech and expression against federal, state, and local government censorship.
Cyberethics is "a branch of ethics concerned with behavior in an online environment". In another definition, it is the "exploration of the entire range of ethical and moral issues that arise in cyberspace" while cyberspace is understood to be "the electronic worlds made visible by the Internet." For years, various governments have enacted regulations while organizations have defined policies about cyberethics.
Code and Other Laws of Cyberspace is a 1999 book by Lawrence Lessig on the structure and nature of regulation of the Internet.
The Stored Communications Act is a law that addresses voluntary and compelled disclosure of "stored wire and electronic communications and transactional records" held by third-party Internet service providers (ISPs). It was enacted as Title II of the Electronic Communications Privacy Act of 1986 (ECPA).
There is no commonly agreed single definition of “cybercrime”. It refers to illegal internet-mediated activities that often take place in global electronic networks. Cybercrime is "international" or "transnational" – there are ‘no cyber-borders between countries'. International cybercrimes often challenge the effectiveness of domestic and international law, and law enforcement. Because existing laws in many countries are not tailored to deal with cybercrime, criminals increasingly conduct crimes on the Internet in order to take advantages of the less severe punishments or difficulties of being traced.
Information policy is the set of all public laws, regulations and policies that encourage, discourage, or regulate the creation, use, storage, access, and communication and dissemination of information. It thus encompasses any other decision-making practice with society-wide constitutive efforts that involve the flow of information and how it is processed.
Mass media regulations are a form of media policy with rules enforced by the jurisdiction of law. Guidelines for media use differ across the world. This regulation, via law, rules or procedures, can have various goals, for example intervention to protect a stated "public interest", or encouraging competition and an effective media market, or establishing common technical standards.
The pathetic dot theory or the New Chicago School theory was introduced by Lawrence Lessig in a 1998 article and popularized in his 1999 book, Code and Other Laws of Cyberspace. It is a socioeconomic theory of regulation. It discusses how lives of individuals are regulated by four forces: the law, social norms, the market, and architecture.
In internet governance, network sovereignty, also called digital sovereignty or cyber sovereignty, is the effort of a governing entity, such as a state, to create boundaries on a network and then exert a form of control, often in the form of law enforcement over such boundaries.
Human rightsandencryption are often viewed as interlinked. Encryption can be a technology that helps implement basic human rights. In the digital age, the freedom of speech has become more controversial; however, from a human rights perspective, there is a growing awareness that encryption is essential for a free, open, and trustworthy Internet.