This article will provide a synopsis of the emerging and rapidly changing area of electronic law. The overview provides an introduction to the basic legal framework governing electronic law and some of the most important issues that courts and legislators have addressed in creating law for the dynamic landscape of electronic communication and commerce. These issues include the scope of electronic law as it relates to jurisdiction, cyber crimes, and criminal liability. Other issues at the forefront of electronic law that this article examines include privacy and security rights and intellectual property protections. In addition, this article will describe some of the factors affecting the development of electronic law, such as whether taxation of e-commerce transactions is warranted, how electronic laws will adapt to emerging technologies, and the development of a legal process to regulate the booming world of e-commerce. Finally, a brief examination of how technology is infiltrating modern life and raising significant questions about how electronic law can both protect the privacy rights of individuals while promoting the growth of technology and business development is provided through descriptions of the legal issues surrounding RFID devices, electronic surveillance, and privacy protections of personal, medical, and financial records.
Keywords Copyright; Cyber Law; E-Commerce; Encryption; Information Security; Intellectual Property; Risk; Spam
Law: Electronic Law
The world of e-commerce is expanding and increasingly important. As businesses have developed an online presence, their ability to provide an efficient platform for customers to make purchases and gather basic information has improved dramatically, increasing both the profile of businesses and their sales volume. In addition, e-mail has enabled vendors, customers, businesses, and employees to communicate with one another from anywhere in the world at almost no cost. This capability has allowed businesses of almost any size to see the world as their marketplace. However, these changes have also raised significant questions about how the elusive and intangible world of electronic communication, information, and commerce can be regulated by law—as well as what body of law should regulate the electronic environment when it functions outside the realm of the traditional physical boundaries that divide nations, states, and cities.
The legal system has struggled to keep up with the changes occurring in the online environment. Yet even as lawmakers and the courts strive to answer the difficult questions that are commonplace in the area of electronic law, technological advancements continue to develop at a rapid pace, generating even more difficult issues that the law will need to address. Never before has the law had to be developed and adapted so quickly to new business practices and technological capabilities. Since the late 1990s, a body of electronic law has been evolving out of traditional legal principles as courts extract legal precedents and attempt to apply them to the issues raised by emerging legal questions. In spite of the development of new fields of business and commerce, the basic principles of law remain relatively constant, and the rise of electronic law has largely found its place firmly entrenched in the legal framework that has governed the United States since its inception.
The following sections provide a more in-depth explanation of these concepts.
Scope of Electronic Law
The Internet's capacity to transcend political and geographic boundaries makes it revolutionary—and problematic for settling jurisdictional questions in legal disputes. This is because jurisdiction, or the power of a court to hear and settle only those matters that arise from within its boundaries, has traditionally been based on geographic demarcation. Courts have personal jurisdiction over people who reside or do business within a given state or territory and lack the power to assert a legal judgment over an individual who has insufficient contacts with its boundaries. For a court to compel a defendant to appear before it, the defendant must have had some dealings within the state to create minimum contacts, such as establishing a residence, opening a business, or even committing a crime. Thus, if the only connection a defendant has to a given jurisdiction is an advertisement on a website that can be seen from anywhere that the Internet is accessible while the defendant lives miles away, this raises the question as to whether there are sufficient minimum contacts for a court to resolve disputes arising from the advertised website or the defendant's services.
For instance, this question could arise in the following scenario: assume Bob lives in Montana and Barbara lives in New York. Barbara has never been to Montana or done business with anyone in Montana. However, she advertises her business on the Internet, and her website can be viewed from anyone who has online access. One day, Bob finds Barbara's website, and through a series of events, a legal dispute arises between Bob and Barbara. Bob files a suit against Barbara in a Montana state court. At this point, the Montana court must decide, before it even addresses the merits of the case, whether it even has jurisdiction over someone who has never been to Montana but whose website can be viewed by any Montana Internet users.
The court could argue that Barbara should know that her website could be accessed by residents of Montana, and by advertising her business on the Internet, she should reasonably expect to be called into court from anywhere her advertisement could be viewed. This interpretation of existing jurisdictional law would subject anyone who advertises services online to the possibility of facing a lawsuit anywhere that the site can be accessed. Yet some courts have upheld the exercise of jurisdiction based on mere accessibility of a website. On the other hand, individual Internet users do not have the power to determine which jurisdictions may view their website and which jurisdictions may not. Since business owners cannot minimize their risk of exposure to a lawsuit by limiting their audience, it is unreasonable and unfair for a business owner like Barbara to face the possibility of being haled into court from anywhere in the United States, or even the world. For this reason, other courts have concluded that without more, a presence on the Web is not enough to support jurisdiction over nonresident defendants.
Courts have worked to develop a new standard to evaluate the exercise of jurisdiction based on contacts over the Internet. This standard is a "sliding scale" in which a court's exercise of personal jurisdiction depends on the amount of business that an individual or firm transacts over the Internet. In Zippo Manufacturing Co. v. Zippo Dot Com, Inc., 952 F. Supp. 1119 (W.D. Pa. 1997), the federal district court held that it has jurisdiction over parties that conduct substantial business in its jurisdiction exclusively over the Internet. In this case, Zippo Dot Com was based in California, while Zippo Manufacturing Co. was based in Pennsylvania. Zippo Dot Com's contacts with Pennsylvania occurred almost exclusively over the Internet, with two percent of its subscribers being Pennsylvania residents. Zippo Dot Com filed a motion to dismiss for lack of personal jurisdiction, but the court held that its business in Pennsylvania via the Internet was grounds for personal jurisdiction, and the court denied the motion to dismiss.
Federal courts that have implemented the "sliding scale" test to evaluate jurisdiction and consider the level of activity of a website to determine whether there is sufficient business activity to warrant asserting jurisdiction over a given defendant. Active websites have often been found to provide jurisdictional authority, while passive websites have not. Semi-active websites require the consideration of additional factors such as the nature and relationship of the information exchanged or the business performed.
While many federal courts have either explicitly or implicitly adopted the "sliding scale" test for determining jurisdiction, not all of them have. Thus, significant questions remain about whether and under what circumstances a defendant may be haled into court. In the meantime, as courts continue to consider this issue, electronic law continues to be challenged by many other legal questions as the exchange of information and commerce continues to grow exponentially in the electronic environment.
In addition to determining jurisdiction, courts must also consider whether any given alleged legal dispute actually violates an existing law or regulation. This consideration poses unique challenges in that some crimes may be committed using certain types of electronic media, but the law may not recognize such violations as being illegal. Thus, while in some crimes, one component of the crime may have been committed using an electronic instrument, in other crimes, the crime as a whole is committed in the online or electronic environment. These crimes, known as cyber crimes, generally occur in the virtual community of the Internet, or in cyberspace. The rapidly evolving technology and the ability of individuals to communicate over the Internet virtually undetected makes the investigation of cyber crimes and the prosecution of perpetrators extremely difficult. The anonymity and the detachment of computer criminals from their victims makes it challenging for courts to simply apply traditional laws that were designed to protect persons from physical harm or to safeguard their physical property. Often, the principal of existing laws covers the wrong committed, but the language of the law does not cover the circumstances of a crime committed in cyberspace. In addition, cyber criminals seldom leave physical traces, such as fingerprints or DNA samples, as evidence of their crimes. Thus, courts and lawmakers continue to search for ways to develop the legal framework for cyber crime along with investigation tools to detect and capture those who commit cyber crimes.
Cyber crimes are committed via the Internet and can take numerous forms. For instance, some of the most common forms of cyber crimes are cyber stalking, cyber theft, and hacking activities. Cyber stalkers are stalkers who commit their crimes in cyberspace rather than by any physical act. Cyber stalkers generally find their victims through Internet sites, chat rooms, or other online message boards. While most states have enacted general stalking laws that cover physical activities, such as making it a crime to harass or follow a person in ways that put the person in reasonable fear of his or her safety, only some states have adapted their stalking statutes to specifically address cyber stalking.
Another cyber crime is cyber theft. Cyber theft occurs when thieves steal data stored in a networked computer through an Internet connection. While some courts have held that certain statues relating to the theft and transportation of stolen property do not apply to intangible property such as computer data, the National Information Infrastructure Protection Act of 1996 makes it a crime to access a computer without authority and take data from it. Still other laws relating to copyright and other intellectual property laws provide additional protections for information stored on computers. However, most theft laws are based on the physical breaking and entering of tangible property for the purpose of stealing items, and these elements cannot be literally met when cyber theft occurs.
In 1968, Congress codified the requirements for obtaining court authority to intercept oral and wire communications in Title III of the Omnibus Crime Control and Safe Streets Act ("Title III"). This Act subsequently was amended and expanded in 1994 by the Communications Assistance for Law Enforcement Act ("CALEA"). CALEA requires telephone firms to enable law enforcement officials to be able to wiretap telephones. Most states have enacted electronic surveillance statutes that are similar to the federal statutes.
Title III, sometimes referred to as the Federal Wiretap Act, establishes procedures for courts to authorize government surveillance of electronic devices in criminal investigations, including voice, e-mail, fax, and Internet communications. The Act requires that a judge must conclude, based on an affidavit submitted by the government, that there is probable cause to believe that a crime has been or is being committed before the wiretap may commence. The government can also seek a court order permitting a wiretap before a crime is actually committed in order to gather planning and conspiratorial evidence.
Another act that creates criminal liability in the electronic environment is the Foreign Intelligence Surveillance Act of 1978 ("FISA"). FISA allows government agents to wiretap the communications of aliens and citizens in the U.S. based on a finding of probable cause that they are members of a foreign terrorist group or an agent of a foreign power. For U.S. citizens and permanent resident aliens, there must also be probable cause to believe that the person is engaged in activities that "may" involve a criminal violation. For aliens who are not permanent residents, the standard that the government must meet to initiate a wiretap is membership in a terrorist group.
In the wake of the events of September 11, 2001, Congress passed the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 ("Patriot Act"). The Patriot Act, among other things, expanded the list of criminal statutes for which wiretaps can be ordered and enabled prosecutors to use FISA for the purpose of gathering evidence in criminal investigations of national security crimes. Although both the Senate and the House of Representatives passed the Patriot Act by overwhelming margins, the surveillance and search powers authorized by the law were criticized as overbroad by legislators and interest groups. After the Patriot Act was enacted, municipalities and states passed resolutions that countered various aspects of the Act based on concerns that the legislation violated fundamental privacy rights. Various provisions of the Patriot Act, including roving wiretaps, were extended in 2011.
In 2013, investigations revealed that the extent of Internet data collection and surveillance carried out by federal agencies such as the National Security Agency (NSA) was much greater than previously known. The NSA surveillance program known as PRISM, which collected data on users from major Internet and technology companies, was made possible through amendments to FISA.
Another statute that governs electronic data is the Electronic Communications Privacy Act ("ECPA"). This Act regulates government access to stored e-mail and other electronic communications. One section of ECPA, known as the Pen Register statute, governs real time interception of telephone numbers that are dialed from the telephone line to which the device is attached. A pen register records numbers dialed from a telephone. A trap and trace device records numbers dialed to a telephone. Although government officials must still get a court order in order to use these devices, they do not have to meet the probable cause standard. Instead, in order for a court to authorize surveillance using a pen register or trap and trace device, a government attorney must certify to the court that the information that the devices will likely obtain is relevant to an ongoing criminal investigation.
While these statutes provide a basic framework that governs criminal liability based on the use of electronic communication devices, these laws are not the sole sources of power that government agents may use to gather evidence of criminal activity. Government investigators and police officers may still use the traditional forms of search and seizure techniques to build their cases that are legally permissible under current law. These techniques include interrogations, search warrants, physical surveillance, informants, and undercover officers.
Issues Affecting Electronic Law
As the use of electronic devices has increased, there has been a corollary increase in the concern that the personal privacy of individuals is threatened when public and private businesses and agencies collect and compile user information from these devices. The right to privacy is generally understood as the expectation that confidential personal information revealed in a private communication or transaction will not be disclosed to third parties when that disclosure would cause either embarrassment or emotional distress to a person of reasonable sensitivities. Information is interpreted broadly to include facts, images, and even personal or inflammatory opinions. The right to privacy has also been defined...
(The entire section is 7481 words.)