And this has really come to pass in pockets of the net. I count many 
people around the world, people I've never met as, "friends," and feel 
a strong sense of community on certain mailing lists. 

But you don't hear the boundless optimism anymore, thanks mostly to 
fine folks like Canter and Seigel and the hordes of Delphi and AOL. 
Like many barbarian invasions, the invaders are assimilated quickly -- 
but with each wave there are fewer illusions about Internet growth 
leading to peace, love and baby ducks. As the net expands it seems to 
increase the opportunities for conflict faster than the opportunities 
for togetherness and world understanding. 



Some of you may be insulated from this sort of thing -- as recently as 
last year I attended a talk based on the premise of "more Internet 
nodes will lead to world peace." It turned out the speaker's 
experience for this conclusion was based on hanging out on the Well, 
which is about as peaceful, insulated and self-selecting as an online 
community can get. 

After he gave the talk, I invited the speaker to come sample some of 
the more "full contact" Internet services. I spent most of an 
afternoon showing him the seamier underside of Usenet and IRC, which 
is easy to ignore on the Well. We talked. 

"I bet you've never heard of the Babel Fish, have you?" I asked. He 
hadn't. 

"It doesn't really exist," I told him. "It was made up by a science 
fiction author named Douglas Adams, a very silly person, but with some 
insight in this matter. See, if you put a Babel Fish in your ear, you 
can understand anything spoken to you in any language. Talk about 
increasing your global bandwidth!" 

"A fish? In your ear?" 

"I did say he was silly. But listen, here's what he says about it." I 
read to him: 



... the poor Babel fish, by effectively removing all barriers to 
communication between different races and cultures, has caused more 
and bloodier wars than anything else in the history of creation. 



"Now that's just science fiction, but that's what we're going to be 
faced with as the Internet grows, only substitute `flame wars' for 
`wars.' People aren't going to be throwing virtual flowers to each 
other, they're going to be mixing full-color animations of aborted 
fetuses crying `mommy... mommy' into their abortion flamewars. They're 
going to burn each other in virtual effigy. Christians will dangle 
fantastically well-rendered 3-D pork chops in front of Moslems, 
Moslems will dangle 3-D T-bones in front of Hindus. And those are just 
the interpersonal problems... just wait until governments get 
involved." 



The Swamp 

The Internet is like a multi-media Babel Fish. It lets us communicate 
with great immediacy and little forethought. In a matter of seconds we 
can send our ill-considered opinions, our home videos, our 
get-rich-quick schemes, even scanned images of our genitals, racing 
around the world, impacting hundreds if not thousands of legal 
jurisdictions, evoking amusement, boredom or offense in tens of 
thousands of communities... each with its unique set of community 
standards. 

Now a swamp is a place that doesn't look so bad from the outside until 
you go into it and find yourself hip-deep in muck and alligators. Then 
the alligators chew your legs off. 

The swamp of global jurisdiction is already beginning with the war 
between smut and anti-smut. More and more countries and cultures, with 
radically different community standards, obscenity hot buttons and 
sacred cows will get actively involved in the net. Whether the topic 
is bondage in Bangladesh, pubic hair in Peoria or spankings in 
Singapore, the local citizenry are going to be outraged, and the net 
will draw the attention of the authorities. Communities will demand 
that the authorities Do Something. It's only a matter of time. Here in 
the US one can hardly pick up a newspaper or magazine without being 
treated to another dose of handwringing about irresponsible content on 
the Internet -- as the net spreads globally, so will the commotion. 

But so what? It's just commotion, right? 

A Tennessee court recently convicted a pair of California sysops for 
making sexually explicit images available by modem to the whole world, 
which, unfortunately for them, includes Tennessee. No matter that the 
images didn't violate Los Angeles community standards. In Tennessee 
they did, and since the images could be retrieved in Tennessee through 
the phone system, that was good enough to convict them on charges of 
interstate trafficking in obscenity. While it's still not clear how 
this case will be resolved on appeal, it is an early and so far 
successful attempt to judge globally available information by the 
standards of an arbitrary, far-removed jurisdiction. At least for the 
purposes of determining obscenity, digitized pictures placed on a 
computer, with a modem, were considered a shot fired across a 
frontier. 



The swamp is just beginning to fill, and truly international examples 
are still sparse. But one of the early flashpoints will certainly be 
the widely varying international standards regarding sexual images. 
The laws are all over the map: in Saudi Arabia, distributing Sports 
Illustrated Online Swimsuit Edition would likely be grounds for 
involuntary amputation without anesthetic; in Amsterdam, pretty much 
anything goes, including what most of the world considers child 
pornography. In Japan genitalia are OK, but displaying pubic hair can 
get you thrown in jail; in the US, even the tamer skin mags show pubic 
hair, with special censure reserved for the actual genitalia -- 
depending, of course, on community standards. We already have 
convictions resulting from differences in standards just within the 
US; there is growing pressure here and elsewhere to punish those who 
electronically publish offensive materials, regardless of what country 
they're in or what nationality they are. 

A key question, then, is on what basis, and through what mechanisms, 
will countries be able to punish those who violate faraway local 
ordinances through their participation in global internetworks? I 
believe that as the Internet grows in importance, both socially and 
commercially, nations will be more and more motivated to extend 
jurisdiction to the very source of what they perceive as offensive or 
illegal content. Moreover, it won't just be naughty gifs, but insider 
trading, espionage, libel, anti-trust, blasphemy, sedition, breach of 
contract, money laundering, and violation of patent, trademark, 
copyright and trade secrets law -- a grab bag of offenses with wildly 
varying treatment on the international scene. 

There is a popular notion among many netters that "If it isn't a crime 
in the country where I'm logged in, I can't be extradited, convicted 
or punished elsewhere." Unfortunately for those who will get to be the 
test cases, countries have a variety of handy legal doctrines to 
prosecute extraterritorial behavior, and a variety of ways of 
effecting that jurisdiction. 

The relevant doctrines are: 



* Objective jurisdiction. Your basic shot fired across a frontier. 
Alice, standing in Mexico, shoots Bob, who is standing in the US. 
Alice can (and probably will) be prosecuted in the US, since the 
object of her crime was in the US. A good example for us is a 
Supreme Court decision in 1916, Lamar v. United States[1], where 
the Supreme Court held that a telephone fraud could be prosecuted 
where the call terminated instead of where it was placed from. 

* Effects doctrine. It's like objective jurisdiction, but fuzzier; 
it became established in US law through enforcement of anti-trust 
measures.[2] In the ALCOA case, the US successfully pursued an 
anti-trust action against a foreign aluminum cartel based on the 
effect their restraint of trade had on the US.[3] The effects 
doctrine weakens the requirement for directness of the effect as 
well as reducing the need for a "temporal nexus" to bridge cause 
and effect.[4] 

* Active personality 
This covers jurisdiction over crimes committed by nationals abroad 
and is implemented in many different ways in different countries. 
It's most widely used against diplomatic personnel (who generally 
have immunity where the crime is committed). Rumor has it Germany 
is now using this doctrine to prosecute Germans who deal drugs in 
Amsterdam or have sex with child prostitutes in Thailand. While 
both activities are nominally illegal where the crime is 
committed, the relevant laws go largely unenforced there. 

* Passive personality 
Crimes committed against nationals. The US will, for instance, 
actively pursue and attempt to extradict or otherwise punish 
terrorists who commit crimes of violence directed against 
Americans "because they are Americans," regardless of where the 
crimes take place.[5] 

* Protective principle 
Used against spies, would-be saboteurs, racketeers and their ilk, 
as the behavior must only potentially or indirectly affect the 
national interest. This was cited, along with the effects 
doctrine, by US prosecutors in the Noriega[6] case. Look for this 
principle to be invoked against international software piracy 
rings. 

* Universal jurisdiction 
It will probably be a long time before we start seeing war crimes 
(flame war crimes?) on the net, but this handy principle is used 
for sufficiently heinous crimes such as genocide which are 
considered "universally abhorrent" and can be prosecuted anywhere. 

These principles, particularly the effects doctrine and the protective 
principle, allow a country to justify prosecution of almost any 
behavior on a global internetwork that they would care enough about to 
want to prosecute. 

The next trick is how nations get their hands on and/or punish the 
possibly far-removed offenders. 



The underlying principle in the US and many other countries is, "mala 
captatus, bene detentus," or, "bad capture, good detention".[7] This 
is illustrated in a variety of cases, including quite recently United 
States v. Alvarez-Machain, in which the DEA paid bounty hunters 
$20,000 to kidnap from Mexico a suspect in the slaying of US DEA agent 
Enrique Camarena.[8] The Supreme Court held that "United States 
sponsored abduction of a fugitive criminal suspect from foreign soil 
does not prohibit his trial in a US court, notwithstanding an official 
protest by the offended nation.[9]" So how a suspect is brought into a 
given jurisdiction is largely irrelevant in an attempt to overturn a 
conviction (with some exceptions; for instance, the Toscanino case, 
where the accused was kidnapped, tortured for seventeen days, and then 
illegally extradited from Brazil.[10]) 

Rather than pondering legal niceties, a more important factor to 
consider is how badly someone irritates a given country and what 
treaties and resources said country can bring to bear. Popular methods 
for effecting extraterritorial justice include: 


* Formal and informal extradition 
We all know about formal extradition -- this is where people get 
it stuck in their heads that the offense must be illegal in both 
places, because that's a clause in most extradition treaties. Note 
that even this doesn't require a very exact match; for instance, 
there is no crime of "wire fraud," in the UK, but extradition is 
successful from the UK to the US in a wire fraud case because the 
equivalent crime in the UK is "theft."[11]And while the sense of 
global community may be eroding on the Internet, it can be quite 
strong between law enforcement officials, leading to "informal" 
extraditions by simply grabbing someone and putting them on a 
plane to the requesting country or rerouting a flight. In a few 
countries, such as the UK, the informal approach can be grounds 
for a successful appeal, but not in the US, or in most 
non-common-law countries.[12] 

* Opportunistic seizure 
If someone is selling kiddie porn over the net from Amsterdam or 
making virtual book in Belize, I wouldn't recommend they go home 
to visit Mom in Los Angeles for Thanksgiving, or take any flights 
with stopovers in the US. Flight lists are checked for 
international fugitives, and this is a great way to catch suspects 
who aren't quite worth the trouble of extraditing. 

Both electronic and print authors carefully consider their travel 
plans, especially if they've been potentially offensive. For 
instance, science-fiction writer William Gibson is probably 
steering clear of Singapore for the next decade or so.[13] As the 
net expands globally, Usenet posters, web page editors and archive 
maintainers may find themselves in an unexpected legal pickle 
while travelling abroad. 

* Kidnapping by governments or other interested parties. 
While a few spectacular cases make the news, one author estimated 
in 1991 that the US was abducting two people a day from Mexico 
alone.[14] The US is clearly the biggest offender in this regard, 
but Israel and France have also demonstrated few qualms about 
abducting suspects.[15] This is probably not a big fear for US 
citizens in the US, but rather anyone committing "crimes" (no 
matter how legal in the host country) outside the US with 
perceived effects inside the US. With the greatly increased 
penalties for copyright infringement in the US, along with RICO 
laws, it will be interesting to see whether any of the anti-piracy 
groups get involved in this sort of activity -- they already 
maintain worldwide networks of investigators and lawyers to try to 
combat piracy and counterfeiting. 

* Military invasion (Noriega) 
An unusual and highly controversial approach that we used against 
our friend Manuel. 

* Assassination and other terrorist measures 
Whether at home or abroad, I think this is one very likely way 
American and other citizens in their home countries will be 
affected when they deliberately or unwittingly violate laws or 
community standards in faraway jurisdictions. A good example for 
this is the Salman Rushdie case, even though Rushdie is British 
and he published a book, not a Usenet post. 

Six months after the publication of Satanic Verses, the Ayatollah 
Khomeini issued a fatwa, or death sentence, on everyone involved 
in its publication who was aware of its content.[16] Twenty people 
have been killed so far in connection with the fatwa, including 
the Italian and Japanese translators; Rushdie is still in hiding, 
with a $1 million bounty on his head.[17] What is less well known 
is that Rushdie is merely the best-known and certainly one of the 
luckier Arab writers to face this treatment; in the introduction 
to For Rushdie, the publisher lists five other authors who have 
recently faced fatwa, only two of whom are still alive.[18] 

* Individual retaliation 
Just as we're starting to see the occasional stalking or other 
person to person crime on the major online services, expect this 
to take on an international character with the global spread of 
the net. 





Hip Boots, Canoes, and Draining the Swamp 

A great many real benefits that are anticipated from global 
internetworking are going to be lost, if users, information providers 
and online merchants become mired in this swamp of overlapping 
jurisdictions, conflicting regulations and variable community 
standards. 

One possibility is that network participants will just have to suffer. 
They will be forced to shoulder the burden of avoiding entanglement 
with hundreds of sets of national and provincial laws -- or get off 
the net. As the net becomes more global, the possibility of foreign 
legal entanglements will act as an increasingly substantial barrier to 
entry. Furthermore, it will limit economic activity and free speech on 
the net due to fear of unexpected international consequences. 

To counter this, one can imagine various schemes to limit 
distribution. Certain publications or information products might be 
available only to residents of certain countries, along the lines of 
the ftp sites used for distributing cryptography in the US. To be 
secure, this would require, for starters, a global standard for 
authenticating individuals as to their citizenship -- an electronic 
passport. Companies would then have to hire experts to screen 
materials, and only then could controversial materials be made 
available, based on the consumer's nationality. Alternatively, 
publishers and merchants could use these same experts to assist them 
in reducing their offerings to a pablum-like least offensive 
denominator. Individuals would likely be on their own, unless they 
could afford a legal staff. 



Another possibility, the one I'm going to focus on, is for 
individuals, commercial publishers and online merchants to operate 
anonymously. This is a big step for large corporations with strong 
brand names, and their first step in this direction might be to use 
online distributors who are anonymous, rather than taking the whole 
corporation behind an electronic veil. With time though, as 
information companies begin life with a pseudonymous identity, brands 
and customer loyalty can be built up around network pseudonyms. There 
is already a long history, both in print and on the net, of 
individuals creating and using strong pseudonyms; the federalist 
papers, for instance, were written pseudonymously, and historians are 
still trying to sort out who actually wrote which ones. 

If carried out effectively, and if users are careful not to give away 
their identity, robust anonymity handily solves the problems of 
surprise legal jurisdiction, fatwa, and individual retaliation. Users 
would pay for anonymizing services with anonymous digital cash, of 
course -- and it makes no difference how their packets get on the net 
in the first place, if they're all processed through a packet laundry 
in Jamaica or Finland. 

Sometimes, though, network participants will be motivated to make 
their "true names" knowable. For instance, participants who wanted to 
inspire confidence could escrow their true names with their local 
government or a commercial arbitration agency. As part of a 
transaction, participants would exchange true name escrow 
certificates. If the transaction goes sour, the injured party could 
seek a remedy with the cooperation of the escrow government or agency. 
This provides a mechanism for resolving commercial disputes while 
limiting the dispute resolution process to a particular set of laws or 
an agreed-upon arbitration process. True name escrow certificates 
could also be used by publishers, indicating their willingness to be 
accept actions for libel in a given jurisdiction, potentially 
enhancing their credibility. 



This anonymity approach enjoys a competitive advantage over the more 
cumbersome "national authentication" or "pablum" schemes because: 



* A much greater variety of content could be provided to more people 
without fear of retaliation. For instance, the Sports Illustrated 
Online Swimsuit Edition, Cosmopolitan Online, or their equivalent, 
that would be considered pornographic throughout much of the 
world. 

* Online speech, publishing and commercial transactions would be 
subject to a strictly limited number of legal jurisdictions . 

* Information could be made available more quickly, without a 
lengthy review process prior to release. 

* Anonymization would be substantially cheaper than legal review of 
the impact of each work on hundreds of legal jurisdictions. 

* Users' privacy would be optimally protected . 



Whenever the subject of anonymity comes up, however, many people begin 
to fear a breakdown of the already tenuous civility on the net. Not 
that there is a firm link from real name to Internet access account 
right now, but there is still a comforting illusion, and for some 
users there is enough information to take complaints to school 
officials, postmasters, and their ilk. As we have seen with Canter and 
Seigel, however, the current system does little to deter the hard-core 
disrupter, even a well-identified one. 

So I will briefly mention one way a degree of order can be maintained 
among participating spheres of activity (such as a newsgroups, mailing 
lists or IRC channels), while preserving anonymity, through the 
voluntary applicaton of Chaumian credentials.[19] In this type of 
system, each real user receives an "is-a-person" credential through 
their local government or a notary public, which is used to generate a 
unique pseudonym within each sphere of activity (what Chaum refers to 
as "organizations"). Credentials issued within one sphere of activity 
could be securely transferred to another without anyone except the 
user being aware of a link between the two pseudonyms. For instance, 
each sphere might have a credential of "is not a spammer," and 
implement a mechanism requiring that all submissions come with "is not 
a spammer" credentials. Then they might get really organized, and have 
someone issue "meta is-not-a-spammer" credentials, representing the 
is/is-not a spammer status in a large number of spheres.[20] 

The net probably needs to experiment with these and other automated 
forms of moderation regardless of whether there is a link between a 
username and a true name. But such systems are complex, and very much 
require the consent of the governed -- if someone sets up a mailing 
list or a newsgroup with this type of restriction, and people don't 
like it, they can stay away in droves. If people like the effect, 
they'll get involved and participate. In any event, I don't see 
anonymity as being any more disruptive to civility on the net than the 
existing situation -- if anything it evens out the playing field -- 
and anonymity does not add much to the inherent complexity of 
automated moderation and similar approaches for weeding out disruptive 
participants in a public or semi-public forum. 



But this sort of voluntary social control is not what law enforcement 
is concerned with. 

The bottom line is, your typical computer cop wishes he or she could 
track every packet on a global internetwork and pin it on a particular 
individual. Anything that gets in the way of this is Not Good. Not 
only that, but it would sure be nice if the packet was encrypted only 
with government-approved cryptography, and didn't have any subtext 
lurking in the low-order bits. While there are many arguments from a 
law enforcement perspective on why all this would be desirable, it is 
not realistic or necessary for effective law enforcement on the net. 

Indulge me in a quick analogy. 

Suppose you've got a problem with some dude robbing 7-11s. How do you 
catch the guy? Do you: 



* Stake out 7-11s with cops posing as clerks? 

* Use informants to see who's bragging about ripping off 7-11s? 

* Wait for the perpetrator to screw up (if he's going for 7-11s, he 
can't be that smart...)? 

* Or do you: 

* Ban the sale of ski masks? 

* Require radio ID leg bracelets for all 7-11 customers? 



Now that last suggestion would certainly slow down or stop the 
rip-offs, but from both an economic and a social point of view it is 
completely unworkable. It would infuriate the customers. It would hurt 
7-11's business. It also overlooks the technological race between 
police-supplied radio ID bracelets and counterfeit ones, or the 
possibility of jamming, or... 

This is similar to the problem law enforcement would face if they 
attempted to force authentication for all activity on a global 
internetwork of meaningful size and scope. It would be a form of 
censorship, and, to quote John Gilmore, "The Internet interprets 
censorship as damage, and routes around it." You might end up with a 
global internetwork with the properties you describe, but it would 
quite rapidly be replaced with or shadowed by another net that did not 
have this policy. Users might even get sneaky and route most of their 
packets as disguised data over your global internetwork. What's more, 
the technology for creating and extending wide area networks is 
getting easier to set up every day, and can run over an expanding 
variety of media (wires, fiber, microwave, spread spectrum RF, laser, 
meteor bounce and so forth). 

One approach that law enforcement might take is to encourage 
legislation against anonymizing tools, and attempt to marginalize and 
discredit anonymous services. This is going to be an uphill battle for 
authorities, at least in the US, as there is strong protection for 
products and services with substantial legal use. For instance, 
information companies would dearly love to take action against VCRs 
and anti-copy-protection software, but these have been determined to 
have substantial legal use, in addition to the possibility of 
facilitating a crime. 

I think that it is going to be in the best interests of law 
enforcement to focus on applying conventional law-enforcement tactics 
directed at their own citizens, rather than trying to take on the 
whole net or anonymous services in general. They are unlikely to be 
very successful, and would likely have a "destroying the village in 
order to save it" effect on the rapid growth of global 
internetworking. 



Anonymizing tools and services on global internetworks can give a 
competitive advantage to publishers and merchants, and security to 
individuals from foreign governments and unhinged individuals 
worldwide. While they can be used to further illegal ends, much as a 
ski mask or a Halloween mask can, they have substantial legal use in 
protecting privacy and preventing unforseeable foreign legal 
entanglements. Some services and transactions may require a disclosure 
of identity, or at least a potential disclosure, just as many 
buildings will require you to take off your ski mask or Halloween mask 
before entering a building, but anonymity per se is not illegal and 
should not be made illegal. I think I can safely predict that there 
will be commercial anonymization tools and services available on the 
net by this time next year. I also predict that they will be used 
primarily for legal purposes -- at least, purposes that are legal in 
the home country of the user. I think that rigorous, 
cryptography-based anonymity is going to the best way out of the 
global swamp of jurisdiction, and because of this I expect many people 
will come to appreciate it in the years to come. 






_________________________________________________________________ 



[1] 240 US 60 (1916) 

[2] United States v. Aluminum Company of America (ALCOA), 148 F. 2d 
416 (1945) 

[3] Neale and Stephens, International business and national 
jurisdiction,. Oxford University Press, 1988. pp 44-46 

[4] Id. pp 16. 

[5] Id. 271. 

[6] Ma, Frances, "Noriega's abduction from Panama: Is Military 
Invasion an Appropriate Substitute for International Extradition?" 
Loyola, Los Angeles, International and Comparative Law Journal. p. 
945. 

[7] This principle is rooted in Ker v. Illinois, 119 US 436 (1886) and 
Frisbie v. Collins, 342 US 519 (1952). 

[8] Wing, Michael, "Extradition Treaties-International Law--The US 
Supreme Court Approves Extraterritorial Abduction of Foreign 
Criminals--United States v. Alvarez-Machain, 112 S. Ct. 2188 (1992)", 
Georgia Journal of International and Comparative Law, Vol. 23:435. 
Note that the case against Dr. Alvarez was subsequently dismissed by 
the judge for lack of evidence. 

[9] United States v. Alvarez-Machain, 112 S. Ct. 2188 (1992) 

[10] 500 F.2d 267 (2d Cir 1974) 

[11] Choo 

[12] Choo 

[13] Gibson, William, "Disneyland with the Death Penalty", Wired [??] 

[14] Moss, "Official Kidnapping," 77 ABA Journal 24 (January 1991) 

[15] 

[16] Appignanesi and Maitland, The Rushdie File, Institute of 
Contemporary Arts, 1990. 

[17] Pipes, The Rushdie Affair, Birch Lane Press, New York, 1990. p. 
28 

[18] Abdallah et. al., Pour Rushdie, George Braziller, Inc., 1994. 

[19] Chaum, "Showing Credentials without Identification: Transferring 
Signatures between Unconditionally Unlinkable Pseudonyms," . 

[20] This would also assume that Usenet news is fixed so that it is 
not absurdly trivial to get past moderating mechanisms.