MICHAEL GEIST
Thursday, February 24, 2000
Lurking behind virtually every Internet law issue is the challenge of jurisdiction. The recent wave of computer hacking and the accompanying response from law enforcement officials is no exception, as jurisdictional considerations have dogged authorities from the outset.
The Internet jurisdiction issue plays a similarly important role in the courtroom, where lawsuits against e-commerce businesses such as iCraveTV are predicated on a court's willingness to assert its jurisdiction over the dispute.
Given the borderless nature of the Internet, the matter of who is entitled to regulate or assert jurisdiction quickly becomes as important as what is being regulated.
Internet jurisdiction law typically breaks down into two main branches, prescriptive jurisdiction and adjudicative jurisdiction. Prescriptive jurisdiction refers to the power of law enforcement officials or regulators (such as the CRTC or securities commissions) to apply their laws to Internet activity. Adjudicative jurisdiction refers to the power of the courts to rule in a legal dispute arising from the Internet.
This column assesses the prescriptive jurisdiction branch, with a look at adjudicative jurisdiction to follow in two weeks.
The Internet presents a particularly thorny problem for law enforcement officials and regulators who are charged with upholding local law.
In pre-Internet times, the matter of jurisdiction was generally straightforward. Regulators understood the need to protect the local community by enforcing local laws. Since most criminal and regulated activity occurred locally, jurisdiction was rarely a cause for concern.
With the emergence of the Internet, the effects of certain activity, such as the recent denial-of-service attacks, are felt worldwide with perpetrators capable of residing anywhere. Finding those responsible is therefore only half the battle since actually applying local laws to such activity can prove to be impossible.
Under what circumstances can Canadian officials apply local law?
The short answer is that they need either the person or the Web server (preferably the person) in Canada. If both the person and the server are located outside Canada, officials will have little hope of effectively enforcing Canadian law, even though the activity may have had an impact within the country.
If the person is located within the jurisdiction, the issue is relatively simple. Officials will not hesitate to apply local laws, regardless of where the Web server is located.
If the person is located outside Canada but uses a Web server or computer within the country, Canadian law will also apply. For example, if the person or persons responsible for the denial-of-service attacks are located outside Canada but used Canadian ISPs as part of their activities, Canadian officials could seek to apply Canadian law. Indeed, the RCMP obtained search warrants this month to examine the user information of Look Communications
Last week, the Alberta Securities Commission provided an excellent example of how the issue of jurisdiction plays out in practice. In a much-anticipated decision, it ruled that it was entitled to assert jurisdiction over the World Stock Exchange, an offshore on-line stock exchange that had run afoul of Alberta's securities laws.
The commission reasoned that notwithstanding the fact that the exchange was located on a Web site outside Canada, the effects were felt in Alberta. Since the individuals behind the exchange resided within the province, applying local law was reasonable.
This landmark decision, which marked the first time a Canadian securities regulator had asserted its authority over an offshore Web site, confirmed that merely placing a Web server outside of the jurisdiction is not sufficient to avoid the reach of local officials.
With legal actions involving out-of-country hate and defamatory Web sites currently winding their way through the Canadian legal system, the decision strongly suggests that the "server is elsewhere" defence is likely to fall on deaf ears.
Canadian officials will undoubtedly continue to aggressively target on-line crime and fraud. For such initiatives to prove effective, the limitations of local laws (on the Internet, national laws are the equivalent of local ordinances) must be addressed through international co-operation and harmonization.
Without such international co-operation, unenforceable judgments or arrest warrants will leave many with the feeling that authorities' power to regulate the Internet is more bark than bite.
Michael Geist is a law professor at the University of Ottawa School of Law specializing in Internet and electronic-commerce law. He can be reached at mgeist@uottawa.ca and on the Web at http://www.lawbytes.com.
