Previous | Table of Contents | Next |
Lawrence D. Dietz
Laws pertaining to the Internet are emerging as the system matures. Large end-user organizations are discovering the true nature of technologys influence on business relationships. This chapter discusses the critical areas of the law and legal liabilities for organizations doing business over the Internet, and uses examples of recent cases to demonstrate possible outcomes of legal action.
The legal environment of the Internet has often been compared with the Wild West in the days of the American frontier. This analogy is used to convey the wide open and freewheeling atmosphere that pervades this area of the law. The Internet, like many other technological phenomena, is developing along several parallel directions. The main line is the technology direction those facets of networking, computing, software, and database, which, when combined, add up to the ability to access the array of interconnected computers known as the Internet.
The second area of development is the nature of business on the Internet. How can information be exchanged? How can goods or services be bought or sold? What aspects of todays business rules can be effectively employed as rules for tomorrows net-based business?
It is only after business transactions are in process or, more properly, when business transactions do not turn out according to the expectations of the participants that the law enters into the picture. Astute managers do not resort to the law to correct a problem; rather, the law is supposed to be used as a guideline to avoid problems or to minimize the consequences if things go wrong.
Therefore, it follows that the law of the Internet is an emerging and evolving beast. Large end-user organizations are turning to technology first and then are immersed in the process of figuring out how to use that technology. Once the technology is employed, the true nature of its influence on business relationships can be determined. The deeper and more mission-critical the use of technology is, the more severe the effects are if something goes awry. When it is clear that a simple business solution will not work to resolve a problem, lawyers are called.
To understand the sheer magnitude of the dilemma of law on the Internet, it is useful to look at the Internet through an analogy. John Anderson, the former Presidential candidate, speaking at the annual RSA Conference in Redwood City, California in January 1995, compared the Internet with interstate highways. He pointed out how, back in 1955, no one could have foreseen the economic fallout of the interstate highway network. Originally set up during the Eisenhower administration as a key part of its Civil Defense strategy, the interstate highway network spawned not only a multibillion dollar auto and truck industry, but had a profound effect on shipping and on population concentration. No one could have looked at the way highways would either spur or destroy commerce and communities.
At present, the Internet and its subsequent progeny are similarly unknown and unpredictable. From a legal perspective, this situation becomes particularly perplexing. When stripped to its core, the purpose of a legal system is to form a bulwark upon which a set of governing behaviors can be determined. The split of law into civil and criminal areas has historically been used to divide the legal world into two segments: a part that deals with interaction among parties (i.e., civil law) and a part that governs an individuals (or organizations) behavior with respect to society (i.e., criminal law).
From a U.S. perspective, civil law may be further divided into multiple areas: areas of legal specialty and jurisdictions. As law relates to the Internet, areas of consequence are:
Before addressing each one of these areas in turn, it is important to point out that laws are not enforced in a vacuum. A critical aspect of the law is jurisdiction. Jurisdiction has two dimensions: the party and the law. The first jurisdictional issue is: does the court have the power to control an individual or entity? In the United States, a courts jurisdiction may be a city, county, state, several states, or the entire country.
The second question is one of subject matter or rules. Plaintiffs (i.e., the parties bringing a suit) determine where they will bring the action; that is the legal forum. If the plaintiffs and defendants (i.e., those charged by the action) are from different locations and if the matter at hand occurred in yet another location, various procedures are set in motion by both sides to decide which set of rules (i.e., body of law) will be applied by the court. This is especially true in a federal court that, although located in one state, will often be compelled to follow the law of another. This jurisdictional issue is called diversity of citizenship, whereby the law of one state may be applied to adjudicate a dispute in a court of another state.
There is no greater challenge to jurisdiction than that of an indefinable web of computers and the various media that link them. The Internet is conceptually stateless and countryless, so jurisdictional issues are wide open. Some of the key aspects of litigation, such as forum shopping (i.e., picking the best place to bring the action), is discussed in a later section. Moreover, courts need two kinds of jurisdiction to try a case: personal jurisdiction over the parties and subject matter jurisdiction over the matter. One is not enough; both are necessary.
The next sections highlight significant areas of the law and how they relate to the Internet and its security and integrity.
The Internet may become not only a transportation medium for business transactions, but the subject matter as well. Existing rules of law and terms and conditions that govern business transactions, such as the UCC, must be modified to bend to the Internet way of doing business.
A number of reforms have been under way for several years on different fronts. A key area of contract law that is evolving is EDI. Organizations can employ EDI to replace paper transactions. If so, clear terms and conditions must be extended to encompass new concepts of contractual relationships. Key terms, such as acceptance, rejection, and remedies for breach of contract, must be couched in terms appropriate for the Internet world. Potential failures or compromises of Internet-based transactions, failure to perform by Internet service providers, as well as action or inaction by suppliers and customers must be considered in developing contracts between organizations using EDI.
Areas of particular interest to Internet security practitioners include the use and acceptance of digital signatures in lieu of written signatures. A digital signature is the use of an algorithm as a substitute for an individuals authorized, holographic signature. The purpose of the signature is to commit the signer. It is an authentication of the signers intent and proof of his or her acceptance or authoring of the document at hand.
The main reason behind the push for digital signatures is the UCC. Used by 49 states (the exception is Louisiana), the UCC requires both parties to sign a writing for transactions in excess of $500. As a side note, there are other branches of the law, such as real estate, where a signed writing is also required for the transaction to be valid. Digital signatures could be employed in a number of other areas in which the legitimization of documents is important.
Previous | Table of Contents | Next |