First, something about what we mean by jurisdiction. We
shouldn’t get too hung up on this, because jurisdiction is mostly used just as shorthand
for cross border legal liability. But lawyers use the single word jurisdiction to
mean several different things and, if we are not careful, we can end up
talking at cross-purposes.
In a nutshell, there is:
- Prescriptive jurisdiction. This is simply the assertion, however theoretical, as to the reach of a local law. If the UK had passed a law making it illegal for UK citizens to read the banned book Spycatcher when visiting the USA, that would be an assertion of prescriptive jurisdiction. Another example is when a court makes an order requiring something to be done (or not done) in a foreign country.
- Adjudicative jurisdiction. This is when a court determines that it has the ability (or not) to hear and decide a case. It also describes a court determining which country’s law it should apply to the case before it. In civil litigation between private parties the court may end up applying its own law or a foreign law. In a criminal prosecution the court will either apply its own country’s law or refuse jurisdiction.
- Enforcement jurisdiction. This engages territoriality issues most strongly, since taking enforcement measures in another country is rather like sending troops across the border – an invasion of territorial sovereignty unless done with the consent of the other state.
- Investigatory jurisdiction. Sometimes regarded as a subset of enforcement jurisdiction, investigatory jurisdiction has become such an important topic for the internet (think of the Microsoft Warrant case pending before the US Supreme Court, or the Yahoo case that went up to the Belgian Supreme Court and back three times) that it deserves its place as a separate category.The issue here is when and how it is legitimate for law enforcement or intelligence agencies, with or without court orders, to demand that communications (or their associated data) held overseas be handed over. As with enforcement jurisdiction this involves direct assertion of state power within the territory of another country – either where the data is held, where a foreign company is established, or both.
It gets more complicated than that. International law has
developed principles around when it is legitimate for a state to act
extraterritorially. They form the
background to a discussion of how jurisdiction should apply to the internet.
But we should not necessarily be hamstrung by the existing order of things when
debating the question of what rules should look like in the internet age.
Yes, the internet is
different. Time was when people would say that the internet was just
another new medium. We have coped with cross-border issues as a result of international
communications and satellite broadcasting, so why do we need new rules for the
internet?
The internet is not wholly
different, but some of its features are sufficiently different to demand
reconsideration of the old rules.
Individuals by the million are authors and
publishers as well as readers. Their content is instantly accessible worldwide. Conversely, the effect of a national law or court injunction is amplified by
the internet. An order can have effects in other countries that the same instrument would
not have in the offline world. Cloud computing means that data is volatile. It
may not stay in the same country from one second to the next, and fragments of
one item of content may be split between data centres in different countries.
All these things render the internet not only different, but materially so.
It’s not about whose
law is better. If you arrive at a jurisdiction conference determined to
demonstrate the superiority of your own local, national or regional law over
that of every other country, then you are at the wrong conference. Jurisdiction
rules are about resolving friction between different legal systems in as agnostic
a way as possible, not about ensuring that the best (in someone’s view) law wins.
It’s not about
global harmonisation. Perhaps you harbour an ambition of achieving global
consensus about the substantive laws that should apply to the internet. That
may be a noble goal (albeit there is also merit in diversity of laws) but it is
a different project. Jurisdiction rules
presuppose different laws in different countries, albeit admittedly it is
easier to reach agreement on jurisdictional rules when the underlying laws are
more closely aligned. Nevertheless, while a jurisdiction project can aim to
create international norms at the level of metalaw (rules about rules), creating
uniform substantive law is not its goal.
Comity is not enough.
Resolving jurisdictional frictions is often seen through the prism of comity. Comity
has two aspects: the need as far as possible to recognise a legitimate
assertion of state power by foreign countries, even if that may have some
cross-border spillover effects; and conversely, the need to avoid treading on
the toes of other foreign states when making orders that may have effects in
other countries (but in both cases bearing in mind that spillover effects are
likely to be greater on the internet than offline).
However, comity is a state-centric concept. It treats
states as proxies for the rights and interests of their citizens. Extraterritorial
legislation and court orders not only engage the sensitivities of other states,
but directly affect individuals in other countries, engaging their universally
recognised fundamental rights of, for instance, privacy or freedom of
expression.
Those individuals’ interests stand to be considered
separately from the question of whether the sensitivities of another state are
likely to be engaged by a particular legal instrument. Failure to engage in
separate consideration can lead to the kind of reasoning adopted in the Equustek case, where the Supreme Court
of Canada concluded that since protection of intellectual property was the kind
of interest that another state would be expected to protect, its sensitivities
would not be engaged and there was no issue of comity.
The SCC did not go on to ask whether, and if how the
freedom of expression interests (the right to receive and seek out information)
of citizens of other countries might be engaged by the particular assertion of
rights in that case. That is of particular relevance in intellectual property
cases since intellectual property rights are themselves generally territorial,
so that a person may own rights only in some countries and not others; or may
own rights of different scope in different countries.
We need brakes as
well as accelerators. The jurisdictional problems of the internet manifest
themselves in both underreach and overreach. There are situations where arrangements between states are no
longer providing adequate means to obtain evidence to support criminal investigations.
We can no longer assume that the evidence relating to a domestic crime will be
held domestically. It could as easily be in a data centre abroad. That would suggest a need to improve
procedures for obtaining cross-border evidence.
Conversely, we have situations in which domestic
legislatures, agencies and courts are at risk of overreaching in the cause of
giving maximum effect to their local laws. That can result in the de facto
imposition of those laws in countries with different laws. The concern here is the need for jurisdictional self-restraint.
The challenge is to forge rules that enable cross-border reach when appropriate, yet prevent the exercise of jurisdiction
when not appropriate. The same kinds of rules are unlikely to achieve both. An
approach that enables a court to weigh up and balance a series of factors in
deciding whether or not to make an extraterritorial order may have desirable
flexibility for the first case. But where risk of jurisdictional overreach is
concerned a multi-factorial approach may be more enabling than restraining. Hard
stops are likely to be required.
Peaceful
co-existence requires compromise. The premise of jurisdiction rules is that
nation states have different laws. The
objective where the internet is concerned should be to achieve peaceful
co-existence between conflicting national regimes while protecting to the
greatest possible extent universal values such as freedom of expression and
privacy.
Peaceful co-existence cannot be achieved without
compromise. That means taking a broader view than simply a laser-like focus on
securing the effectiveness of one country or region’s most cherished laws. It may
mean accepting that your country’s citizens can, if they try hard enough, find somewhere on the internet content that complies with another country’s laws and
not your own.
(For more on this final topic see Cyberborders and the Right to Travel in Cyberspace, my chapter in
The Net and the Nation State (2017 CUP, ed Uta Kohl).)
A realist view - but let's not give up on the common goal agreed by reps of humanity in the Universal Declaration of Human Rights, and the UN agreement on the Ruggie Principles for private sector respect for rights. In other words, compromise should not extend to tolerating generally accepted violations. This is the gist of my chapter in https://www.cambridge.org/core/books/net-and-the-nation-state/D9955146E026166BC6375A202C1FFE19
ReplyDelete