20 January 2012

Cybertravel

'The Future of Cybertravel: Legal Implications of the Evasion of Geolocation' by Marketa Trimble in 22 Fordham Intellectual Property, Media & Entertainment Law Journal (2012) considers geolocation questions.

Marketa comments that -
Although the Internet is valued by many of its supporters particularly because it both defies and defeats physical borders, these important attributes are now being exposed to attempts by both governments and private entities to impose territorial limits through blocking or permitting access to content by Internet users based on their geographical location – a territorial partitioning of the Internet. This article, as opposed to earlier literature on the topic discussing the possible virtues and methods of raising borders in cyberspace, focuses on an Internet activity that is designed to bypass the territorial partitioning of cyberspace and render any partitioning attempts ineffective. The activity – cybertravel – permits users to access content on the Internet that is normally not available when they connect to the Internet from their geographical location. By utilizing an Internet protocol address that does not correspond to their physical location, but to a location from which access to the content is permitted, users can view or use content that is otherwise unavailable to them. Although cybertravel is not novel (some cybertravel tools have been available for a number of years), recently the tools allowing it have proliferated and become sufficiently user-friendly to allow even average Internet users to utilize them. Indeed, there is an increasing interest in cybertravel among the general Internet public as more and more website operators employ geolocation tools to limit access to content on their websites from certain countries or regions.

This paper analyzes the current legal status of cybertravel and explores how the law may treat cybertravel in the future. The analysis of the current legal framework covers copyright as well as other legal doctrines and the laws of multiple countries, with a special emphasis on U.S. law. The future of the legal status of cybertravel will be strongly affected by the desire of countries and many Internet actors to erect borders on the Internet to facilitate compliance with territorially defined regulation and enjoy the advantages of a territorially partitioned cyberspace. This paper makes an attempt to identify arguments for making or keeping certain types of cybertravel legal, and suggests legal, technical, and business solutions for any cybertravel that may be permitted.
She suggests that -
If we accept the premise that cybertravel, or the capability of a user to use the Internet as if he were located in a location other than where he is physically located, is socially valuable and worth permitting in some form, the question turns to the conditions under which cybertravel could be legal. ... the existence of this capability does not depend on permitting anonymity on the Internet; anonymization and cybertravel need not go hand in hand.

Thinking about the possible future of cybertravel requires a consideration of all the various policies and business motives that lead website operators to limit access to their content on the Internet. First, website operators design content limitations to enhance user convenience by localizing accessible content, for example by showing advertisements for local businesses. Second, website operators may have contractual obligations with content providers, for example to limit access to video programs that a provider has licensed only for certain countries or regions. Third, the operators may limit access to content to comply with laws that prohibit certain types of content in certain countries, for example by blocking gambling when it is outlawed by some countries; prohibitions may also apply, however, for less-maligned content that may be made inaccessible because of countries’ legal requirements – for instance, countries’ consumer protection laws may require certain products to be offered only if they have been certified for use in the country. Fourth, website operators may decide voluntarily to limit access to content to avoid being exposed to personal jurisdiction and liability in certain countries where they wish to avoid litigation, taxes, regulation or some other type of obligation. Finally, website operators may implement access limitations for security reasons; for example, a bank will not allow a user from outside the account holder’s country of residence to log into the account holder’s account because the bank assumes that such a login is a fraudulent attempt to access the account.

The first type of restriction – content localized for advertising or for user convenience – should cause the least difficulty. There should be no reason for prohibiting users from viewing this type of content as if they were sitting in another country. In fact, website operators such as Google and Lufthansa offer links to allow users to switch easily among different country versions. This switching may not be completely without cost to the website operator, however; if users regularly escape the “convenience” of localized content and use other country versions in lieu of their own local versions, it may diminish website operators’ advertising revenues because they lose some of the advantage that a partitioned cyberspace provides in allowing them to charge premium advertising rates for advertisements that target local consumers.

Cybertravel that is used to evade the other types of access limitations listed above is problematic. It is unrealistic to expect countries to allow users connecting to the Internet from their territory to bypass any prohibitions against certain content or activities by cybertraveling to another country where such content or activities are expressly or implicitly permitted. Allowing cybertravel for these purposes would defeat the public policies behind the prohibitions and undermine national sovereignty. Similarly, it is difficult to defend cybertravel that is used for the purpose of bypassing geolocation tools employed by website operators who are complying with contractual obligations, seeking to avoid personal jurisdiction and liability, or protecting themselves and others against criminal activities. The question is whether there is a way to permit cybertravel when it is conducted to avoid these types of limitations but the conduct has a legitimate goal, such as accessing one’s own bank account from a foreign country. The method of cybertravel is not important, because the tools for its implementation will change; what is important is that travel to another portion of cyberspace be possible.

There are three perspectives from which possible solutions for the future of cybertravel will arise: legal, technical and business. As has been shown by other examples in the Internet environment, a combination of solutions from all three perspectives seems most likely to succeed. For example, laws that prohibit copyright infringement have not stopped online music piracy, and neither have filters that have been imposed by Internet service providers or automatic warnings that are generated by college campus service providers. Although these measures and laws addressing piracy have probably slowed online music and film piracy, the solutions had to be assisted by business solutions, such as iTunes and Netflix, to offer a legal and viable alternative to piracy.

As discussed earlier ... a number of legal doctrines cover issues potentially associated with cybertravel; however, because these doctrines were neither created for nor shaped with cybertravel in mind, court interpretation will be required to determine to what extent the doctrines may make illegal all or some instances of cybertravel. Whatever the status of cybertravel will be, it will be beneficial to clarify the applicability of existing laws to cybertravel and possibly draft specific regulations to govern cybertravel further. If IPv6 makes IPv4 obsolete and a transition actually occurs to permanently assigned or embedded IP addresses, the transition could provide momentum for the creation of cybertravel-specific legislation, and perhaps even for an agreement on a legislative solution at the international level.

Within some permitted extent, cybertravel, as an equivalent to physical international travel, could be subject to reasonable limitations; traditionally, the obligation to carry a passport is considered one such limitation, and a digital passport could serve this purpose for cybertravel. The passport could either be a virtual equivalent to a physical passport and carry the same personally identifiable data of the holder/Internet user, or be a document with only limited information, such as the user’s location. The location identified in either type of passport could be either the current physical location of the user or the place of residence or domicile of the user, depending on the criterion that was set as the factor determining the accessibility of the Internet content.

Although intuition seems to dictate the selection of the user’s current physical location as the determining factor, the other option – place of residence or domicile – should not be excluded summarily. The prevailing principle of territoriality of law suggests that current physical location be the correct solution; under the principle, laws apply territorially, or alternatively stated, the prescriptive jurisdiction of a country extends only to the country’s borders – and outside its borders only to the extent that the country’s jurisdiction covers acts that have effects within its borders. Another principle, the principle of personality of law, exists as well, but with less applicability because the principle of territoriality of law applies to the vast majority of the legislative activities of a country. The use of residence or domicile as the determinative factor for access to Internet content would present a remarkable opportunity to introduce the principle of personality of law for activity on the Internet. Under this principle countries legislate for their own nationals and permanent residents and the laws follow those persons wherever they travel. An analysis of the issues surrounding personality of law on the Internet is beyond the scope of this paper and deserves a separate study, but is worth mentioning.

A law for digital passports cannot exist without a technical implementation. It is not difficult to imagine such a system if the IPv6-related vision of permanently assigned or embedded IP addresses that would identify specific devices (or even persons if the devices were embedded in human bodies) becomes a reality; the law could make it illegal to change or reroute an IP address because that act would be equivalent to forging a physical passport. The digital passport would inform each website operator about the location of the user, or the user’s residence or domicile, depending on the information in the passport.

Knowing exactly how many cybertravelers are connecting to a website and from what locations could assist intellectual property owners, for example, in the creation of tailored licensing schemes; if information about cybertravelers were to include personal identifiers, the system could become what Paul Goldstein described in 1994 as the “celestial jukebox” – a service that would allow on-demand access to copyrighted works from anywhere in the world for a fee. The digital environment is perfectly equipped to implement this system; in such a world, each user could access copyrighted works from anywhere in the world and be charged only for works that the user accessed. This is where a technical solution would prompt the need for a business solution.

What hampers progress towards a celestial jukebox are the significant transaction costs associated with the identification and location of right holders and the negotiation of licenses with multiple right holders. The magnitude of these costs must be addressed in order for global licensing to be feasible, and there are initiatives being developed in this area to pave the way for this type of solution; for example, experts have proposed that the World Intellectual Property Organization create and administer an international repertoire database, and other experts are exploring possibilities for cross-border collective management of rights in the digital environment.

Even without a celestial jukebox solution that would cover all works globally, and even without digital passports, there is clearly space for smaller-scale business solutions to meet the challenges of cybertravel. If content is limited because of the contractual obligations of website operators, cybertravel could be enabled by global or regional licensing schemes that would allow operators to offer selected content either worldwide or in selected countries. Instead of paying cybertravel providers to facilitate cybertravel, users would pay for access directly to website operators, who would then bear any licensing costs and any other costs associated with the content, such as a public television licensing fee.

Of course, these solutions are directed only towards access to content that is restricted because of contractual limitations; any content that is illegal in a country will continue to be inaccessible to users accessing the Internet from that country, and potentially to nationals or permanent residents of that country even when they are temporarily present in another country, if digital passports are used. For certain types of content – and the instances of these types of content are likely to be limited – countries may reconsider the legal status of content in light of the possibilities afforded by digital passports. For example, some countries might reconsider their stance on online gambling if they have the ability to tax users located in their country who use foreign online gambling sites.

The solutions also fail to address cases in which access to content is limited by a website operator’s or content provider’s choice; these cases arise because of issues of jurisdiction, taxation or online security. When website operators or content providers decide sua sponte to restrict their content to certain viewers, users have minimal recourse; only in rare circumstances will a government direct private entities to make content more widely available than it already is. Here a system of digital passports could prove useful; for example, if access to content were based on a user’s permanent residence, content could be made available to a qualified user while he was temporarily located in another country, without exposing the website operator to jurisdiction or taxation in that country.

Finally, knowledge of the numbers and physical locations of cybertravelers could make possible not only sophisticated licensing arrangements but also agreements – either private (meaning between individual content providers and website operators) or international (meaning among countries) on an acceptable level of free spillover. In the physical world, it is accepted that due to international travel, some content limited to a certain country will be available to those who travel to that country. For example, when distribution rights under copyright are licensed for one country, it is understood that some of the copyrighted works will land in the hands of persons who are present in the country only temporarily and those persons may carry the work with them to other countries; laws provide exceptions for individual users to do this because it is considered natural spillover. Exceptions for a similar reasonable spillover could be permitted for cybertravel. However, without information about the extent of cybertravel, it is impossible to find arguments to support the exceptions for the spillover; a passport system would allow the collection of such information.