Jurisdiction: Should Nations extend their legal reach beyond their borders?
by John Hines
The Internet Society believes that recent United States legislation, addressed at problems arising from the global reach of the Internet, goes too far in extending the legal reach of United States courts and United States law. Two legislative initiatives affecting the Internet are contrary to the best interests of the Internet community and to the international community at large. Specifically, the Internet Society believes that the jurisdiction provisions of Anti-Cybersquatting Consumer Protection Act (ACPA), 15 U.S.C. § 1125(d), and the USA Patriot Act of 2001 (Patriot Act), especially 18 U.S.C. § 1030(a), give US courts too great a latitude to assert jurisdiction over foreign nationals in their own countries. Even considered purely as a matter of United States law, both statutes offend constitutional due process principles. From the standpoint of international relations, this extension of U.S. sovereignty should, and likely will, be found offensive by other nations.
The ACPA became law in the United States in December, 1999. Its provisions are generally similar to those of the Uniform Domain Name Dispute Resolution Policy ("UDRP") of ICANN. However, decisions made by UDRP are always subject to further proceedings in a court that has jurisdiction over the parties. Under the ACPA, a trademark owner can file an action against the registrant of an allegedly infringing domain name in the jurisdiction where the registrar or registry of the infringing domain name is located. Since the three generic top level domains (.com, .net and .org), which have by far the greatest number of registrants, are currently controlled by a registry in the State of Virginia, any user of a domain name in one of these three domains is thus potentially subject to the jurisdiction of a court sitting in that state.
The first U.S. federal appellate decision to treat this issue involves a dispute between Argentine and British entities over domain names containing the word "Harrods". The U.S. Fourth Circuit Court of Appeals affirmed a lower court's order requiring the transfer of 54 domain names to the British entity. In doing so, the Court upheld the right of U.S. federal district court to render decisions affecting foreign entities whose only connection to the United States is the use of the Internet and a domain name in one of the three generic top level domains. Moreover, the Court allowed the British plaintiff to pursue its general trademark infringement claims against the Argentine defendant in the same case.
The implications of ACPA's jurisdictional provisions are far reaching, as demonstrated by other cases before the U.S. federal court in Virginia. In one case involving the U.S. company, Cable News Network, it was able take away the domain name of a Chinese entity that used the name in connection with a web site in the Chinese language and directed to persons in China. In another recent case, the same court rendered a decision involving Spanish trademark law where the two parties were both located in Spain, and, again, the only connection with the United States was the use of a .com domain name.
The Patriot Act was hastily passed by the United States Congress in response to the tragic events of September 11, 2001. The Act significantly expands the definition of "protected computers" by amending another U.S. criminal statute intended to deal with computer fraud and abuse. Before the Patriot Act, only computers operating in the United States were protected. Under a section of the Patriot Act, protected computers now include "a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication in the United States." Thus, even if a criminal perpetrator, the victim and the victim's computer are all outside the territorial bounds of the United States, the United States government asserts criminal law jurisdiction, if the computer in question is used in any manner that merely "affects" commerce in the United States. U.S. Justice Department guidelines make it clear that the United States will punish foreign hackers who happen to route communications through the United States. Given the architecture of the Internet, and the fact that a majority of all Internet traffic is routed through the United States, the Patriot Act represents an extraordinary worldwide extension of U.S sovereignty.
ACPA and the Patriot Act are bad foreign policy and bad Internet policy. If the United States chooses to extend its sovereignty, it thereby erodes the sovereignty of other nations. There is every reason to believe that other nations will find opportunities to act similarly. As a result, U.S. citizens residing in the U.S., or French citizens residing in France, or Japanese citizens residing in Japan, may well find themselves subject to the jurisdiction of a multitude of courts in countries foreign to their own. Mutual respect for the sovereignty of nations is the foundation of international law. The disrespect for the sovereignty of other nations inherent in the ACPA and Patriot Act threatens the viability of the norms that are the historic basis of international law.
The ACPA and the Patriot Act threaten the stability of the Internet in another aspect. The Domain Name System and the Internet depend on the norms of internationally accepted standards. The Domain Name System, a distributed hierarchical database under a single legacy root, assigns unique names to unique Internet Protocol addresses. The system "works" because, overwhelmingly, people respect it and choose not to erect competing architectures or alternate roots, although they could. An "Internet" that fails to respect and balance the interest of all peoples invites those who are excluded to participate in competitive architectures and root systems. Potentially, this could destroy the current much valued one-to-one relationship between domain names and unique IP addresses.
The United States proposals to privatize the technical administration of the Internet under ICANN explicitly recognized this principle of mutual international respect. As articulated in the Clinton Administration's White Paper, the "Principles for a New System" were "stability, competition, private bottom-up coordination and representation." The United States recognized that divestiture of its control over these technical aspects of the Internet was in its own interest, as well as in the interest of the international community. The creation of ICANN and its adoption of the UDRP were seen as holding great promise for building an international consensus on Internet administration and the resolution of cross-border legal issues in ways that guarantee mutual empowerment and stability.
Unfortunately, the ACPA and the Patriot Act, with their reassertions of U.S. sovereignty are giant steps backward. The Internet Society urges U.S. law makers to revisit these actions and to restore the spirit of cooperation, participation and mutual respect that has been the foundation of the accomplishments of the Internet.