internet governance: the big picture © 2010 david w. opderbeck licensed under creative commons...
TRANSCRIPT
Cybersecurity LawInternet Governance: The Big Picture
Prof. David W. OpderbeckSeton Hall University Law SchoolFall 2010
© 2010 David W. OpderbeckLicensed Under Creative Commons Attribution / Share Alike
Who Governs the Internet? The Internet’s genesis as a network
using open protocols for university researchers
Much of the “governance” structure arose piecemeal and pragmatically
No coordinated international legal / treaty mechanisms
Cybersecurity Law
ICANN Internet Corporation for Assigned
Names and Numbers: oversees the Domain Name System (DNS) DNS translates a uniform resource locator
(URL) – e.g., www.cnn.com – into the unique numeric IP address used to route messages over the Internet (for www.cnn.com: 157.166.224.26)
Cybersecurity Law
ICANN Authority over domain name addresses
originally rested with the U.S. Defense Information Systems Agency under the Internet Assigned Numbers Authority (IANA)
IANA now operated by ICANN ICANN is a non-profit corporation (chartered
in California) operating under agreements with the U.S. Department of Commerce
Cybersecurity Law
ICANN Authority over domain name addresses
originally rested with the U.S. Defense Information Systems Agency under the Internet Assigned Numbers Authority (IANA)
IANA now operated by ICANN ICANN is a non-profit corporation (chartered
in California) operating under agreements with the U.S. Department of Commerce
Cybersecurity Law
ICANN ICANN governed by a Board of Directors of
15 voting members Regional Internet Registries, ccTLDs (country
code top level domains), and gTLDs (generic TLDs) have ICANN “supporting organizations”
No direct government participation: a “Governmental Advisory Committee”
Technical advisory committees Security and At-large advisory committees
Cybersecurity Law
ICANN
Cybersecurity Law
Source: ICANN Website
ICANN ICANN’s DOC agreements have moved ICANN closer
to full private governance of the DNS Significant issues remain: e.g. control over the
master root zone file; internationalization of domain names; security protocols for the DNS; WHOIS information about IP address holders; creation of new top-level domains
E.g.: under the U.S. DOC contracts with ICANN and Verisign, no change in the root zone file can be made without DOC approval; and Verisign manages the .com, .net .or, .edu, .gov and .us domain names U.S. blocking of new .xxx TLD
Cybersecurity Law
ICANN At WSIS (World Summit on Information
Society – U.N.-sponsored) meetings, developing and non-western countries have sharply criticized U.S. influence over ICANN
Many of the ICANN Board members are affiliated with Internet businesses
Meaningful participation is time-consuming and difficult – perhaps only 250 people are true opinion-makers
Cybersecurity Law
The Internet Society ISOC: Group of nonprofit organizations
that address technical standards and protocols – international technologists drawn from industry, academia and government Internet Engineering Task Force Internet Engineering Steering Group Internet Architecture Board
Cybersecurity Law
The World Wide Web Consortion W3C: sets standards for the World Wide
Web. Not part of ISOC, but collaborates with ISOC.
Cybersecurity Law
The International Telecommunication Union ITU: UN Agency
Addresses operating standards for telecommunications networks and tariff questions
Often suggested that ITU should take over some of ICANN’s functions
Intergovernmental organization – only governments vote in the ITU
Cybersecurity Law
Council of Europe Convention on Cybercrime Convention on Cybercrime requires
signatories (46 signatories) to adopt minimum standards on cybercrimes; cooperation in investigations and extradition Note: U.S. refused to sign until a
provision that would have required rules banning racist language was removed
Cybersecurity Law
The Yahoo! Case and Internet Governance Facts / Procedural History
Yahoo!’s auction sites include auctions for Nazi memorabilia
French law makes the sale of Nazi objects illegal
Action by public interest groups in France to block access to Yahoo! Auction sites under the French law
The Yahoo! Case and Internet Governance Facts / Procedural History
French injunction: “take all measures at their availability, to dissuade and render impossible all visitation on Yahoo.com to participate in the auction service of nazi objects, as well as to render impossible any other site or service which makes apologies of Nazism or that contests Nazi crimes.”
The Yahoo! Case and Internet Governance Facts / Procedural History
Subsequent French ruling: upholds original injunction after hearing expert
testimony that 70-90% of French traffic to Yahoo! could feasibly be filtered through a combination of IP-based and self-identification But note testimony of Vinton Cerf (known as the
“Father of the Internet”) about the problems with self-identification
100,000 Franc per day fine for non-compliance Court notes that Yahoo!’s efforts to comply with
earlier order “for the most part” satisfy that order
The Yahoo! Case and Internet Governance Facts / Procedural History
Yahoo! Then seeks a declaratory judgment in California that the French orders are unenforceable
California district court agrees Appeal to Ninth Circuit; court hears
appeal en banc
The Yahoo! Case and Internet Governance Analysis
8 judges conclude there is personal jurisdiction over the French parties
3 of these 8 conclude the case should be dismissed for lack of ripeness
5 of these 8 conclude the case is ripe for adjudication
3 judges conclude there is no personal jurisdiction Therefore: 6 of 11 judges vote to reverse (3 on
ripeness ground and 3 on personal jurisdiction grounds)
The Yahoo! Case and Internet Governance Analysis – Personal Jurisdiction
Opinion for the judges finding personal jurisdiction: Specific jurisdiction based on D’s forum
contacts and P’s claim Purposeful availment includes cease and
desist letter, service of process in California, and obtaining orders that require compliance in California with threat of substantial penalty
The Yahoo! Case and Internet Governance Analysis – Ripeness
Opinion for the judges finding the case is not ripe The French orders only relate to Internet users in France;
nothing about restricting access to users in the U.S. To the extent the French order requires Yahoo! to take
actions in the U.S., under principles of comity, it could be challenged if “repugnant” to the public policy of the U.S.
The fact that French law may differ from U.S. law does not make it “repugnant” to U.S. public policy
It is unclear even what further actions, if any, the French orders require
No substantial hardship to Yahoo! because it may already have substantially complied with the French orders
The Yahoo! Case and Internet Governance Analysis – Judges who would have found no personal
jurisdiction The French orders directed Yahoo! To perform action in
France, not in Calfornia No evidence of purposeful availment of the California
forum The U.S. court should have abstained from exercising
jurisdiction under principles of comity The French litigation was effectively an act of state “The criminal statutes of most nations do not comport
with the U.S. Constitution. That does not give judges in this country the unfettered authority to pass critical judgment on their validity.…”
The Yahoo! Case and Internet Governance Analysis – Judges who would have the
case ripe for adjudication “the issue before is whether a United
States Internet service provider, whose published content has been restricted by a foreign court injunction, may look to the United States federal courts to determine the enforceability of these restrictions under the United States Constitution’s First Amendment.”
The Yahoo! Case and Internet Governance Analysis – Judges who would have the case ripe
for adjudication Yahoo!’s servers are located in the U.S. The French injunctions therefore represent a prior
restraint on speech in the U.S. The French orders are vague: “[t]hey require
Yahoo! To guess what has to be censored on its Internet services here in the United States, under threat of monetary sanction if it guesses wrong.”
Easily satisfies the “repugnancy” standard for not enforcing a foreign judgment
The Yahoo! Case and Internet Governance Analysis – Judges who would have the
case ripe for adjudication “Under the principles articulated today, a
foreign party can use a foreign court decree to censor free speech here in the United States on any range of subjects it finds objectionable – religion, democracy, gender equality – in the name of enforcing its own country’s laws.”
The Yahoo! Case and Internet Governance What does this case suggest about cyberspace as
a “space?” Is cyberspace “exceptional” or “unexeceptional”? What happens when important public policy values
collide in cyberspace? Can / should cyberspace govern itself? In today’s readings, Kurbalija and Clarke suggest,
to differing degrees, a stronger role for international organizations in Internet governance, either through new treaty obligations and/or WTO and WIPO. What security concerns does this raise?