Cyberspace Regulatory Models and their Feasibility

In order to address the issues posed by cyberspace in the present day, few scholars have contended that it should not be regulated at all, as any form of regulation might stifle the unfettered potential for growth in cyberspace.

These arguments rely on the fact that over a period of time, cyberspace as well as its users, will mature, which will automatically create a robust and socially organized system. This contention is further based on the premise that the act of discouraging or looking down upon undesirable conduct on the internet is similar to how such undesirable acts are looked down upon in real life. Informal social control regulates the behaviour of an individual even though no one is looking. If such social control fails in any manner, sanctions like explicit disapproval in the society, ridicule or ostracism, act as a form of payback to the individual.

Scholars who base their arguments on informal social control also assert that when an individual uses the internet, he abstains from any misconduct out of the fear of internalised norms, and not out of the fear of law, taking into consideration that most of the individuals are unaware which acts are not acceptable in the cyberspace. Therefore, they apply the same standards of caution and care as they would apply, in case of the real world.

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

Thus, over a period of time, individuals will acquaint themselves with what is and what is not acceptable in the cyberspace, and the informal social control will act as an effective regulator.

However, these arguments fail because even in the real world, there are deviant subcultures who do not conform to the norms of the society. Also, misconducts in the real world differ from the misconducts in the cyberspace. Therefore, there is a need for formal regulation of cyberspace. This need is further amplified owing to the cross-national impact of use of cyberspace. Furthermore, cyberspace regulation is necessary as an unregulated cyberspace creates an environment where the rights of individuals as well as the remedies available to them, is uncertain[1]. This uncertainty has the capacity to undermine the legal systems of the world, owing to cyberspace’s global import[2].

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

Taking into account the nature of cyberspace and its implications on different aspects of an individual’s life, the conduct of various nation states and corporations, it can be concluded that there is a need to address the question of governance of cyberspace. The current literature and deliberations by various scholars suggest that the question is not whether cyberspace should be regulated, but how it should be regulated and who are the stakeholders in the process of regulation.

The following are the proposed models of cyberspace regulation by various scholars-

  • Regulation by code and architecture

Certain scholars[3] propose the use of code and architecture for regulating cyberspace. They believe that since internet was invented for research and not for commerce, its founding protocols are inherently unsecure and are primarily designed for sharing the data, rather than concealing it. This provides a breeding ground for cybercrime activities.

However, it is argued by these scholars that the internet is, by far, the most regulable space, since, through its architecture, it can reveal who someone is, where they are and what they are doing[4]. The code and architecture of the technology can very easily help in identifying the wrongdoer by tracing the Internet Protocol (IP) address of the computer used for the commission of cybercrime.

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

The scholars also argue that the specific issue of territoriality posed by the cyberspace can only be addressed by the use of code and architecture to trace down the actual location of the computer which was used to commit wrongful acts on the internet[5].

However, merely relying on codes and architecture can, although help in identifying the cybercriminal, but it will not play a key role in preventing cybercrimes and ensuring prosecution of such cybercriminals.

  • Regulation by the Government

The role of government in the regulation of cyberspace comes in picture by virtue of sovereignty, territoriality (over its subjects who might be victim of cybercrime), public interest (addressing cybersecurity issues which are posed to its subjects) and national security.

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

Government is considered to have a primary responsibility for formulating cyberspace policies which govern the cyberspace and stimulate the rights, liabilities and remedies available to the parties involved. It is also obligated to take steps for international co-operation in the field of cyberspace regulation, owing to the borderless nature of the cyberspace and the jurisdictional issues stemming from it.

However, the model of governance where just the government is responsible for regulating the cyberspace fails to take into consideration the ineffectiveness of government in addressing the issues faced in the real world. If the state is not competent to regulate its territorial limits itself, how can it be expected to single-handedly regulate the cyberspace, which has no territorial limits. Further, the state might not have appropriate strategies to tackle these issues, owing to the technical nature of such activities.

  • Self-regulation by private players

Another model of cyberspace regulation relates to the regulation by the market i.e. self-regulation by the key market players or the private institutions.

The private players are the major stakeholders in the cyberspace due to which they have a great impact on the policies formulated by the government. Some scholars believe that compared to the regulation by government, self-regulation offers greater speed, flexibility and efficiency[6]. Furthermore, the fact that self-regulation responds to the specific industry circumstances makes it more desirable form of regulation.

There are primarily three forms of self-regulation by the private players with respect to the role of government in such regulation[7]

  1. voluntary or total self-regulation, without government involvement;
  2. mandated self-regulation, which involves direct government involvement;
  • mandated partial self-regulation, with partial government involvement.

It is difficult to see the first form of self-regulation i.e. pure self-regulation, without any governmental involvement. However, such form of self-regulations do exist. For example, to address the issue of online infringement of copyright in the United States, the Recording Industry Association of America (RIAA), an association formed by music companies in the United States, conducts its own investigations to locate the IP addresses of those who are illegally sharing music[8].

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

Self-regulation by private players is mostly directed, shaped or endorsed by the government[9]. One example of such model is the Internet Corporation for Assigned Names and Numbers (ICANN)[10]. It is a non-profit organisation that operates the internet’s Domain Name System (DNS). It is contracted by the US Department of Commerce and overseen by the US Government.

Taking into consideration its effectiveness in efficiently addressing the issues at hand and its viability, self-regulation is often considered the only legitimate form with which to govern cyberspace.[11]

However, self-regulation without governmental involvement to a certain degree, can prove to be detrimental to the society, owing to the global import of cybercrimes and the lack of resources with the private players to address the issues faced in the cyberspace, which is often a chain reaction with a number of victims.

  • Judicial model[12]

The judicial model of cyberspace regulation is based on the premise that since the issues faced in the cyberspace are same or similar to the ones faced in the real world, the regulation of cyberspace should be left at the hands of judiciary as it can regulate the same by applying the existing principles which are used to address the legal issues in real world. Therefore, such principles can be applied to Cyberspace to facilitate an effective regulatory regime[13].

However, this model is inherently flawed in a number of ways. Firstly, courts cannot transpose the existing principles of the physical world to the cyber world owing to the nature of the issues. Also, many issued faced in the cyberworld have no equivalent in the real world. Secondly, this model of regulation totally disregards the question of jurisdiction while applying the traditional legal concepts to the cyberworld. This role of judiciary might come into picture in developing new principles[14] to be applicable to the cyberspace. However, this is the last step towards the prosecution of cybercriminals and is not, in itself sufficient to regulate the cyberspace.

  • Multi stakeholder model of regulation

This model of regulation highlights the flaws in putting the obligation of regulation on the government or the private players. Unlike crime in the real world, cybercrime is not typical one-to-one victimisation[15]. Therefore, scholars have argued that in order to tackle the issues arising from the use of internet in the cyberspace, a higher level of cooperation with states, the private sector and even individual users is required.[16]

This model brings into picture the active and responsible role played by the civilians, as they are the first ones who come to know about the commission of such cybercrimes.[17] Further, since cybercrimes are mostly chain reactions, there is a need for sharing of information about commission of such crimes or cyber security breaches by the individuals and the public and private sectors[18].

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

There is no ‘one-size-fits-all’ approach for regulation of cyberspace. All the stakeholders have their own interests and limitations in playing a role in regulating the same. Therefore, the approach involving all the stakeholders addresses the flaws faced by other regulatory models like code and architecture, regulation by the government, self-regulation and judicial regulation and might be the best suited solution for now.

[1] S. M. Hanley, International Internet Regulation: A Multinational Approach, 16 JOHN MARSHALL JOURNAL COMPUTER AND INFORMATION LAW 997, (1998).

[2] D. R. Johnson and D. G. Post, Law and Borders- The Rise of Law in Cyber-Space, 48 STANFORD LAW REVIEW 1367, (1996).

[3] L Lessig and Neal K Katyal.

[4] Lessig

[5] NK Katyal, Digital architecture as crime control, 112(8) YALE LAW JOURNAL 2261, (2003).

[6] N Gunningham, P Grabosky and D Sinclair, Smart Regulation: Designing Environmental Policy, OXFORD CLARENDON PRESS, 52 (1998).

[7] Id.

[8] RIAA, (last visited Jan. 29, 2021).

[9] N Tusikov, Chokepoints: Global Private Regulation on the Internet, UNIVERSITY OF CALIFORNIA PRESS, (2016).

[10] ICANN, (last visited Jan. 29, 2021).

[11] Supra note 4.

[12] Yee Fen Lim, Law and Regulation in Cyberspace, International Conference on Cyberworlds (2003).

[13] Bick J. D., Why Should the Internet Be Any Different?, 9 PACE LAW REVIEW 41, (1998).

[14] Effects test of intentional targeting, Zippo sliding scale test etc.

[15] S W Brenner, Distributed security: Moving away from reactive law enforcement, 9 INTERNATIONAL JOURNAL OF COMMUNICATION LAW & POLICY, (2005).

[16] R Ericson, Crime in an Insecure World, POLITY, (2007).

[17] Supra note 17.

[18] LYC Chang, Cybercrime in the Greater China Region: Regulatory Responses and Crime Prevention across the Taiwan Strait, (2012).

Blog Intellectual Property Law

The Chancellor, Masters & Scholars of University of Oxford and Ors.Vs. Rameshwari Photocopy Services and Ors

Delhi High Court

Judges: Justice Pradeep Nandrajog and Justice Yogesh Khanna

Applicable law: Section 52 of the Copyright Act, 1957

Did you know: A reproduction of a copyrighted work by a teacher or pupil in the course of instruction is allowed and is not an infringement of the copyright

Where it all began:

  1. University and Photocopy Shop were photocopying excerpts from the publications of the plaintiffs and were issuing/selling the said compilations in the form of course packs
  2. The world famous publishers alleged that such publication and sale constituted a copyright infringement and filed a case to require the University of Delhi and the photocopy shop to obtain a license.
  3. The Hon’ble single bench of the Delhi High Court dismissed the suit and an appeal was filed by the publishers before the division bench.

Learn more about Copyright with Enhelion’s Online Law firm certified Master Course! 

Legal issue: Whether the right to reproduce work by a teacher or a pupil in the course of instruction is absolute or there are any conditions attached to such a right?

Publisher’s arguments: There are restrictions of fair use that apply to reproduction of materials by teachers and pupils and a license is necessary

University’s arguments: There are no restrictions that apply to the right of reproduction ad no infringement has occurred in this case.

Learn more about Copyright with Enhelion’s Online Law firm certified Master Course! 

Judgment in the case:

  1. The court held that it only has to be seen is whether the work used was necessary for achieving the purpose of educational instruction- if it is there will be no infringement
  2. There is no adverse impact on the market of the books because the students still have access to the books in the library.
  3. It was held that the phrase ‘course of instruction’ used in the section will not be limited to just teaching in the classroom but will also apply to the entire program of education
  4. Because the university was not engaged in profit-making the activitiy could not be termed a publication.
  5. The appeal was dismissed and it was held that the preparation and distribution of the course packs was permitted and not an infringement of copyright. The case was sent back to the Single Bench for decision on the question whether whether the course packs were necessary for the educational instruction or not. The suit was finally withdrawn by the publishers

Learn more about Copyright with Enhelion’s Online Law firm certified Master Course! 


The judgment in the case is hailed as a big victory for promoting the access to education. Many writers and academicians, many of whom were infact associated with the publishers, from all over the world condemned the filing of this suit and asked the publishers to withdraw it.


The Puttaswamy Judgement- How Is Privacy a Fundamental Right?

The jurisprudence in India with respect to the status of right to privacy as a fundamental right has been quite dicey, as pointed out in the previous section. It was only in the case of Justice K. S. Puttaswamy v. Union of India[1] that the Apex Court exclusively dealt with this issue. The case was a reference made by a five-judge bench of the Apex Court to a nine-judge bench. The reference was made owing to the ambiguity arising from the judicial precedents on the status and scope of the right to privacy. The nine-judge bench unanimously held that the right to privacy is an intrinsic part of personal liberty under Article 21 of the Indian Constitution.

The majority opinion authored by Justice Chadrachud discusses in detail, a number of reasons which led to the recognition of privacy as a fundamental right. The following are some of the reasons pointed by the Hon’ble Court in this regard-

Learn more about Constitutional Law with Enhelion’s Online Law firm certified Course! 

  • Natural and inalienable rights[2]

The court pointed out that privacy, as a right, can be traced to the notion of inalienable rights i.e. the rights which are inherent in and are inseparable from a human being.

Although these rights are inalienable, however, the autonomy which an individual enjoys, by virtue of these rights, is not absolute. The court pointed out an example wherein one employs another person to kill oneself. Here, the individual exercised his autonomy to violate his inalienable right to life. For this simple reason, such autonomy cannot be absolute in nature.

  • Jurisprudence on dignity[3]

The court asserted that ‘dignity’, as a constitutional value, finds its place in the Preamble of the Indian Constitution[4]. The court also said that individual is the main focus of the Constitution as the realisation of individual rights plays a key role in achieving the collective well-being of the community. Therefore, human dignity forms an integral part of the Constitution.

The court held that the sanctity of privacy lies in its functional relationship with dignity, thereby establishing a link between dignity and privacy.

Learn more about Constitutional Law with Enhelion’s Online Law firm certified Course! 

  • Essential nature of privacy[5]

The court was of the opinion that privacy highlights the reservation of a private space for the individual; the right to be let alone. The concept is based on the autonomy of the individual.

The court further held that the ability to make choices lie at the core of the human personality. In this process, privacy plays an instrumental role by enabling the individual to assert and control the choices he/she makes. Recognizing a zone of privacy is a mere acknowledgment that individual should enjoy autonomy in the development of his/her personality.

Therefore, the court established a relationship between dignity and autonomy with privacy. By virtue of this relationship, the right to privacy forms an important element of human dignity as well.

  • International obligations[6]

Secondly, the court pointed out India’s international obligations towards protection of privacy by virtue of Article 12 of UDHR[7] and Article 17 of ICCPR[8]. Further, Article 51 of the Constitution requires the State to endeavour to “foster respect for international law and treaty obligations in the dealings of organized peoples with one another[9].

The Protection of Human Rights Act, 1993 also defines “human rights” and includes ‘dignity of individual’[10] under its ambit. Therefore, India is under an obligation to safeguard the privacy aspects of human dignity.

Learn more about Constitutional Law with Enhelion’s Online Law firm certified Course! 

The court also took note of India’s commitment towards international obligations by pointing out the stand of the Indian judiciary in Bacchan Singh v. State of Punjab[11], with respect to the use of the death penalty underlining India’s obligations under ICCPR, and Vishaka v. State of Rajasthan[12], where the court relied on the Convention on the Elimination of All Forms of Discrimination Against Women (CEDAW) to provide guidelines prohibiting sexual harassment.

  • Statutory protection cannot deny a constitutional right[13]

The court stated that although certain aspects of privacy have been protected under different statutes, nevertheless, providing constitutional protection to a right, places it “beyond the pale of legislative majorities[14]. If privacy is considered as a part of the basic structure of the Constitution, it becomes inviolable even through an amendment. However, ordinary statutes come under the ambit of amendment/modification.

  • Not a mere common law right[15]

The court, while addressing the issue that privacy is protected through common law, held that common law protection cannot bar constitutional recognition of a right, which is afforded because such right is an aspect of fundamental freedom or liberty which the draftsperson considered to be so significant as to require constitutional protection.

Learn more about Constitutional Law with Enhelion’s Online Law firm certified Course! 

  • The ruling of the court- Right to privacy as a fundamental right[16]

Taking into account the reasons summarized above, the court finally held that the right to privacy is constitutionally protected, emerging from the right of life and personal liberty under Article 21 of the Constitution.[17]

Secondly, privacy safeguards personal intimacies, the sanctity of family life, marriage, procreation, the home and sexual orientation[18]. However, this list is not exhaustive[19].

Thirdly, the right to privacy is not an absolute right, like any other right under Part III of the Constitution, including the right to life and personal liberty. Privacy can be encroached by law however, such law should withstand the touchstone of permissible restrictions on fundamental rights. The court formulated a three-pronged test which a law has to pass to intrude into the right to life and personal liberty[20]

  1. Legality
  2. Legitimate state aim
  3. Proportionality

The Court also unequivocally held that the doctrinal premise of M.P. Sharma[21] and Kharak Singh stand invalidated. The court also appreciated the minority view of Justice Subba Rao in Kharak Singh[22].


Common Cause v. Union of India[23] represents the first important application of the principles laid down in Puttaswamy[24] with respect to right to self-determination and freedom to make fundamental choices about how to use one’s body[25], as part of fundamental rights under the Constitution.

Further, the Supreme Court while restoring Hadiya’s marriage opined that Hadiya is having internal freedom of choice, marriage and autonomy.[26]

Therefore, ‘privacy’, as a concept incorporates a number of aspects that are now accorded protection under the umbrella of personal liberty under Article 21 of the Constitution.

Learn more about Constitutional Law with Enhelion’s Online Law firm certified Course! 


[1] Justice K. S. Puttaswamy v. Union of India, (2017) 10 SCC 1.

[2] Id, part G.

[3] Supra note 32, part I.

[4] Supra note 6, Preamble.

[5] Supra note 32, part R.

[6] Supra note 32, part J.

[7] Supra note 4.

[8] Supra note 5.

[9] Supra note 6, Art. 51.

[10] Protection of Human Rights Act, 1993, s. 2(1)(d).

[11] Bacchan Singh v. State of Punjab, (1980) 2 SCC 684.

[12] Vishaka v. State of Rajasthan, (1997) 6 SCC 241.

[13] Supra note 32, part N.

[14] Supra note 32, para 153.

[15] Supra note 32, part P.

[16] Supra note 32, part T.

[17] Supra note 32, part T(3)(C).

[18] Supra note 32, part T(3)(F).

[19] Supra note 32, part T(3)(G).

[20] Supra note 3.

[21] Supra note 14.

[22] Supra note 9.

[23] Common Cause v. Union of India, (2018) 5 SCC.

[24] Supra note 32, part T.

[25] Recognition of right to die with dignity as a part of right to life under article 21.

[26] Shafin Jahan v. Ashokan K.M, 2018 SCC Online SC 201.