In order to address the issues posed by cyberspace in the present day, few scholars have contended that it should not be regulated at all, as any form of regulation might stifle the unfettered potential for growth in cyberspace.
These arguments rely on the fact that over a period of time, cyberspace as well as its users, will mature, which will automatically create a robust and socially organized system. This contention is further based on the premise that the act of discouraging or looking down upon undesirable conduct on the internet is similar to how such undesirable acts are looked down upon in real life. Informal social control regulates the behaviour of an individual even though no one is looking. If such social control fails in any manner, sanctions like explicit disapproval in the society, ridicule or ostracism, act as a form of payback to the individual.
Scholars who base their arguments on informal social control also assert that when an individual uses the internet, he abstains from any misconduct out of the fear of internalised norms, and not out of the fear of law, taking into consideration that most of the individuals are unaware which acts are not acceptable in the cyberspace. Therefore, they apply the same standards of caution and care as they would apply, in case of the real world.
Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course!
Thus, over a period of time, individuals will acquaint themselves with what is and what is not acceptable in the cyberspace, and the informal social control will act as an effective regulator.
However, these arguments fail because even in the real world, there are deviant subcultures who do not conform to the norms of the society. Also, misconducts in the real world differ from the misconducts in the cyberspace. Therefore, there is a need for formal regulation of cyberspace. This need is further amplified owing to the cross-national impact of use of cyberspace. Furthermore, cyberspace regulation is necessary as an unregulated cyberspace creates an environment where the rights of individuals as well as the remedies available to them, is uncertain[1]. This uncertainty has the capacity to undermine the legal systems of the world, owing to cyberspace’s global import[2].
Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course!
Taking into account the nature of cyberspace and its implications on different aspects of an individual’s life, the conduct of various nation states and corporations, it can be concluded that there is a need to address the question of governance of cyberspace. The current literature and deliberations by various scholars suggest that the question is not whether cyberspace should be regulated, but how it should be regulated and who are the stakeholders in the process of regulation.
The following are the proposed models of cyberspace regulation by various scholars-
- Regulation by code and architecture
Certain scholars[3] propose the use of code and architecture for regulating cyberspace. They believe that since internet was invented for research and not for commerce, its founding protocols are inherently unsecure and are primarily designed for sharing the data, rather than concealing it. This provides a breeding ground for cybercrime activities.
However, it is argued by these scholars that the internet is, by far, the most regulable space, since, through its architecture, it can reveal who someone is, where they are and what they are doing[4]. The code and architecture of the technology can very easily help in identifying the wrongdoer by tracing the Internet Protocol (IP) address of the computer used for the commission of cybercrime.
Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course!
The scholars also argue that the specific issue of territoriality posed by the cyberspace can only be addressed by the use of code and architecture to trace down the actual location of the computer which was used to commit wrongful acts on the internet[5].
However, merely relying on codes and architecture can, although help in identifying the cybercriminal, but it will not play a key role in preventing cybercrimes and ensuring prosecution of such cybercriminals.
- Regulation by the Government
The role of government in the regulation of cyberspace comes in picture by virtue of sovereignty, territoriality (over its subjects who might be victim of cybercrime), public interest (addressing cybersecurity issues which are posed to its subjects) and national security.
Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course!
Government is considered to have a primary responsibility for formulating cyberspace policies which govern the cyberspace and stimulate the rights, liabilities and remedies available to the parties involved. It is also obligated to take steps for international co-operation in the field of cyberspace regulation, owing to the borderless nature of the cyberspace and the jurisdictional issues stemming from it.
However, the model of governance where just the government is responsible for regulating the cyberspace fails to take into consideration the ineffectiveness of government in addressing the issues faced in the real world. If the state is not competent to regulate its territorial limits itself, how can it be expected to single-handedly regulate the cyberspace, which has no territorial limits. Further, the state might not have appropriate strategies to tackle these issues, owing to the technical nature of such activities.
- Self-regulation by private players
Another model of cyberspace regulation relates to the regulation by the market i.e. self-regulation by the key market players or the private institutions.
The private players are the major stakeholders in the cyberspace due to which they have a great impact on the policies formulated by the government. Some scholars believe that compared to the regulation by government, self-regulation offers greater speed, flexibility and efficiency[6]. Furthermore, the fact that self-regulation responds to the specific industry circumstances makes it more desirable form of regulation.
There are primarily three forms of self-regulation by the private players with respect to the role of government in such regulation[7]–
- voluntary or total self-regulation, without government involvement;
- mandated self-regulation, which involves direct government involvement;
- mandated partial self-regulation, with partial government involvement.
It is difficult to see the first form of self-regulation i.e. pure self-regulation, without any governmental involvement. However, such form of self-regulations do exist. For example, to address the issue of online infringement of copyright in the United States, the Recording Industry Association of America (RIAA), an association formed by music companies in the United States, conducts its own investigations to locate the IP addresses of those who are illegally sharing music[8].
Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course!
Self-regulation by private players is mostly directed, shaped or endorsed by the government[9]. One example of such model is the Internet Corporation for Assigned Names and Numbers (ICANN)[10]. It is a non-profit organisation that operates the internet’s Domain Name System (DNS). It is contracted by the US Department of Commerce and overseen by the US Government.
Taking into consideration its effectiveness in efficiently addressing the issues at hand and its viability, self-regulation is often considered the only legitimate form with which to govern cyberspace.[11]
However, self-regulation without governmental involvement to a certain degree, can prove to be detrimental to the society, owing to the global import of cybercrimes and the lack of resources with the private players to address the issues faced in the cyberspace, which is often a chain reaction with a number of victims.
- Judicial model[12]
The judicial model of cyberspace regulation is based on the premise that since the issues faced in the cyberspace are same or similar to the ones faced in the real world, the regulation of cyberspace should be left at the hands of judiciary as it can regulate the same by applying the existing principles which are used to address the legal issues in real world. Therefore, such principles can be applied to Cyberspace to facilitate an effective regulatory regime[13].
However, this model is inherently flawed in a number of ways. Firstly, courts cannot transpose the existing principles of the physical world to the cyber world owing to the nature of the issues. Also, many issued faced in the cyberworld have no equivalent in the real world. Secondly, this model of regulation totally disregards the question of jurisdiction while applying the traditional legal concepts to the cyberworld. This role of judiciary might come into picture in developing new principles[14] to be applicable to the cyberspace. However, this is the last step towards the prosecution of cybercriminals and is not, in itself sufficient to regulate the cyberspace.
- Multi stakeholder model of regulation
This model of regulation highlights the flaws in putting the obligation of regulation on the government or the private players. Unlike crime in the real world, cybercrime is not typical one-to-one victimisation[15]. Therefore, scholars have argued that in order to tackle the issues arising from the use of internet in the cyberspace, a higher level of cooperation with states, the private sector and even individual users is required.[16]
This model brings into picture the active and responsible role played by the civilians, as they are the first ones who come to know about the commission of such cybercrimes.[17] Further, since cybercrimes are mostly chain reactions, there is a need for sharing of information about commission of such crimes or cyber security breaches by the individuals and the public and private sectors[18].
Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course!
There is no ‘one-size-fits-all’ approach for regulation of cyberspace. All the stakeholders have their own interests and limitations in playing a role in regulating the same. Therefore, the approach involving all the stakeholders addresses the flaws faced by other regulatory models like code and architecture, regulation by the government, self-regulation and judicial regulation and might be the best suited solution for now.
[1] S. M. Hanley, International Internet Regulation: A Multinational Approach, 16 JOHN MARSHALL JOURNAL COMPUTER AND INFORMATION LAW 997, (1998).
[2] D. R. Johnson and D. G. Post, Law and Borders- The Rise of Law in Cyber-Space, 48 STANFORD LAW REVIEW 1367, (1996).
[3] L Lessig and Neal K Katyal.
[4] Lessig
[5] NK Katyal, Digital architecture as crime control, 112(8) YALE LAW JOURNAL 2261, (2003).
[6] N Gunningham, P Grabosky and D Sinclair, Smart Regulation: Designing Environmental Policy, OXFORD CLARENDON PRESS, 52 (1998).
[7] Id.
[8] RIAA, https://www.riaa.com/ (last visited Jan. 29, 2021).
[9] N Tusikov, Chokepoints: Global Private Regulation on the Internet, UNIVERSITY OF CALIFORNIA PRESS, (2016).
[10] ICANN, https://www.icann.org/ (last visited Jan. 29, 2021).
[11] Supra note 4.
[12] Yee Fen Lim, Law and Regulation in Cyberspace, International Conference on Cyberworlds (2003).
[13] Bick J. D., Why Should the Internet Be Any Different?, 9 PACE LAW REVIEW 41, (1998).
[14] Effects test of intentional targeting, Zippo sliding scale test etc.
[15] S W Brenner, Distributed security: Moving away from reactive law enforcement, 9 INTERNATIONAL JOURNAL OF COMMUNICATION LAW & POLICY, (2005).
[16] R Ericson, Crime in an Insecure World, POLITY, (2007).
[17] Supra note 17.
[18] LYC Chang, Cybercrime in the Greater China Region: Regulatory Responses and Crime Prevention across the Taiwan Strait, (2012).