On Twitter: @JamesFirth and @s_r_o_c (post feed)

Got a tip? tip@sroc.eu



Wednesday, 6 July 2011

Sovereignty Creep

Will a net without borders be policed by the US?
According to the Guardian this weekend, Erik Barnett, assistant deputy director at the US Immigration and Customs Enforcement agency (ICE), made an extraordinary announcement that amounts to the United States claiming criminal jurisdiction over any online publisher operating under a .com or .net web address; and website operators could be extradited to the US to be tried under US federal law for an activity that could in theory be legal under UK law.

The revelation came just two-and-a-half weeks after the start of extradition proceedings against Sheffield student Richard O’Dwyer, alleged to have infringed copyright on a commercial scale via a website he operated called TVshack. An allegation that warrants closer inspection, but I’ll get back to this.

The claim of jurisdiction could have far wider implications, and should concern anyone who publishes anything via a .net or .com website. It also adds to the wider debate of if, or how, the global internet can be regulated - without compromising the sovereignty of individual nations.

Last summer I wrote a blog entitled The Elastic Jurisdiction, looking at issues of lawmaking and national sovereignty in the cloud. The post itself wasn’t a hit magnet, but that one post put me in touch with some very interesting people, from multinational tech corps; to academics, lawyers and government policy advisors.

My original concern was privacy and consumer rights when using cloud-based services, whose physical infrastructure spans multiple jurisdictions. With true cloud services, neither the system programmer nor the end user determines whereabouts in the world transactions are processed, or data is stored.

Note: there is a difference between true cloud, and the slew of server farms currently selling slices of processing at fixed locations, and marketing their offering as “cloud”.   In the true cloud, your net transaction could be processed in Telford... or Sao Paulo; and, to facilitate this, multiple copies of your personal details could be stored on multiple servers across multiple countries.

So, as a consumer, which national regulator do you contact when things go wrong? Welcome to the cloud.
The sovereignty claim by a US Immigrations and Customs official raises a whole new set of jurisdictional questions that should concern far more people than those running services providing links to copyright-infringing content.

Are businesses like gambling and gaming websites, legal in the UK but illegal in the US, at risk? Back on copyright, business owners might not be aware that their service is being used to infringe copyright; search engines, and so-called digital locker services which provide access to photos, music and films from multiple computers.

A closer look at what Richard O’Dwyer is alleged to have done to warrant extradition highlights the complexity of copyright law – a complexity exacerbated by considering both UK and US law. I was one of the first digital policy bloggers to comment on the case, and have followed closely since news first emerged.

Richard is alleged to have operated a website called TVshack. It appears as though TVshack only offered links to infringing material, and did not host the files themselves on its own servers. Solicitor David Cook, who’s defended similar cases in the UK, wrote in the Telegraph on June 17 that “British law has allowed linking to pirated material.”

As CEO of Open Digital Policy Organisation I was quoted in the Guardian that day explaining why it was odd for the US to claim jurisdiction for a copyright claim. Even if, as widely believed, the action is driven by American film studios, who feel they’re losing money due to online piracy; copyright law is territorial. It’s up to each nation state to enact and enforce their own laws.

If an action is illegal in the UK, the *only* way this can be tested against UK law, is by a UK court. If, on the other hand, an action is not illegal in the UK, then no crime has been committed; there are no victims – US-based or otherwise. So there’s no case for extradition?..

... Or so it first appeared.  In signing up to a .com or .net web address from VeriSign Inc, the US-based registrar responsible for these domains, it seems you’re signing up to be extradited to the US should law enforcement officers there take interest in anything you publish.

Of course there is a workaround – avoid .com and .net web addresses, and presumably .tv .name and .cc, also operated by VeriSign (although not mentioned specifically in the Guardian article). Extending this argument is there now a question hanging over the sale of new top level domains by ICANN – the Internet Corporation for Assigned Names and Numbers?

ICANN, based in California, is about to start selling new top level domains to any “qualifying” organisation that can afford the application and renewal fees.  I could one day be blogging simply as http://james/ - but I'm a couple of million dollars short of this aim.

Using the argument applied to VeriSign, will every one of these new domains subject every site operating under the domain to US jurisdiction?

In fact, since ICANN is tasked with operating the internet root zone, is the entire internet already the sovereign domain of the United States?

@JamesFirth

1 comment:

  1. More sovereignty creep - even if data is stored in EU, a US company can be forced to hand it over to US government, see http://www.zdnet.com/blog/igeneration/eu-demands-answers-over-microsofts-patriot-act-admission/11290

    ReplyDelete

Comments will be accepted so long as they're on-topic, do not include gratuitous language and do not include personal attacks or libellous assertions.

Comments are the views of the commentator and not necessarily the view of the blog owner.

Comments on newer posts are not normally pre-moderated and the blog owner cannot be held responsible for comments made by 3rd parties.

Requests for comment removal will be considered via the Contact section (above) or email to editorial@slightlyrightofcentre.com.