TREND: The challenges of regulating a global borderless Internet at a supranational level whilst accommodating overlapping and competing national legal jurisdictions and frameworks will continue

The arrival of a global borderless and hyper-connected Internet has created new challenges in terms of the effective application of national legal jurisdictions and definitions of liability. In some countries Internet intermediaries (such as Internet Service Providers, web hosts and other online platforms) are increasingly being held responsible for content uploaded by third parties – often operating in other countries with different legal frameworks (Open Society Foundation – The Media and Liability for Content on the Internet, 2011, page 6).

In 2010 an Italian court convicted three Google executives of breaking the Italian Data Protection Code (BBC News article 2010) after a video showing the bullying of an autistic teenager was uploaded to Google’s online video service (shortly before Google acquired YouTube). The conviction was successful even though the video was removed shortly after Google received a notification from Italian law enforcement officials. In December 2012 an Italian appeals court rescinded the conviction (New York Times, December 2012), but this example demonstrates how the violation of national legislation can be a potential source of liability for suppliers of Internet content and services, which can also lead to increasing instances of self-protective or defensive censorship (The Media and Liability on the Internet, 2011, page 6). Another example is Twitter’s decision in January 2012 to introduce a new system to censor specific tweets on a country-by-country basis, an approach previously adopted by Facebook, Google, eBay and Yahoo who also filter content in a number of different national jurisdictions (Guardian article, Jan 2012). Twitter’s decision was also officially endorsed by the Government of Thailand whose “lese-majeste” regulations prohibit defamatory or insulting comments (online of offline) about the Royal Family which are punishable by a prison sentence of up to 15 years (Guardian article, January 2012).

In December 2012 the regional data protection office in Schleswig-Holstein in Germany issued an order determining that Facebook’s current practice of preventing its users from signing up for an online account using a pseudonym (Facebook’s long-standing policy requires users to register using their real names) was in violation of German data protection legislation. The regional data protection commissioner sent letters to Facebook founder Mark Zuckerberg in California and to Facebook’s European headquarters in Ireland threatening to issue a fine for €20,000 if the order was not met with compliance (Guardian, January 2013). In January 2013, Facebook responded in an interview with online magazine TechCrunch that its Dublin-based European operation was in compliance with both Irish and European data protection laws and that “we believe the orders are without merit and a waste of German tax payers money…”.

A further challenge exists in the form of rising levels of online criminal activity often referred to as cybercrime. According to a 2012 report by Symantec, the cost of global cybercrime has now reached $110 billion per year. A 2012 briefing paper produced by the US Congressional Research Service (see page 6) underlined the fact that the digital technologies which support cybercrime, including Internet servers and communications devices are often located in physical locations that do not coincide with the locations of either the perpetrator or the victim. As such, the task of national law enforcement agencies in successfully investigating and prosecuting cyber criminals faces significant technical and jurisdictional challenges. An illustration of the obstacles presented by jurisdiction can be found in the thwarted efforts of an active FBI investigation into the architects of the Koobface Worm which used Facebook and other social networks to infect 800,000 computers worldwide and earn the gang an estimated $2 million per year (BBC News, January 2012). In January 2012 an extensive report compiled by Facebook and security firm Sophos named five individuals based in Russia to be responsible for the Koobface operation. However, despite this information being passed on to US law enforcement, as Article 61 of the Russian constitution prohibits its citizens from being extradited to another country to face charges, no arrests have been made. 

A further example of the contemporary challenges of Internet Governance can be found in the recent breakdown of negotiations to agree a new International Telecommunications Treaty (ITR) in December 2012 at the World Conference on Telecommunications in Dubai (What really happened in Dubai – The disagreements in Dubai reflect a clash of two different international approaches to the regulation of the Internet.

Since 1998 the Internet’s Domain Name System (DNS) has been administered by the Internet Corporation for Assigned Names and Numbers (ICANN) – a California-based not-for-profit which currently operates under a Memorandum of Understanding with the US Department for Commerce. At the first and second World Summits on the Information Society (WSIS) in Geneva in 2003 and Tunis in 2005, several countries including China, Brazil, India and Russia express concern over the US government’s proximity to the technical levers operating the DNS and sought to bring ICANN’s operations under the centralised control of an international agency such as the United Nations. In response the United States, the EU and others strongly resisted any moves to undermine the status quo which they believe preserves ICANN’s independence and limits the scope for the Internet’s technical operation to be manipulated by governments.

The compromise brokered at the 2005 WSIS was the creation of the annual Internet Governance Forum sponsored by the United Nations to provide a platform for multi-stakeholder input (from civil society and industry as well as governments) and discussion on the governance of the Internet. Nevertheless, the polarisation of approaches between the current model of multi-stakeholder governance (which maintains a link with the US administration) as opposed to the traditional intergovernmental model continues to characterize the debate around the governance of the Internet.

During the Dubai negotiations in December 2012 the United States and the European Union blocked a series of resolutions, including one tabled by China, Russia and several Arab states which sought to give governments “equal rights to manage the internet” (Economist Blog, December 2012). As a result of multiple attempts to introduce references to the Internet in the new ITR which the United States and others feared might embolden governments to censor or meddle with the Internet’s infrastructure, the conference ended in failure with only 89 of the 144 countries present agreeing to sign the revised ITR (Economist, December 2012).