VoIP and Internet Freedom

Government authorities around the world continue to wrestle with the issue of voice-over-Internet-protocol services (VoIP). Different governments are applying different approaches to oversight of VoIP offerings. The Chinese government, for example, permits VoIP services in China, but requires that all such services be provided only by the state-owned telecommunications companies. Government restrictions on VoIP services are a bad idea for at least three reasons. Those restrictions will, as a practical matter, be very difficult to enforce. In addition, they signal an overly intrusive approach to oversight of the diversification of Internet-based service offerings. Finally, VoIP restrictions seem to be part of a troubling trend of regulatory initiatives launched by governments around the world and aimed at impeding the ability of the Internet to serve as a key component of social and political activist movements.

Access to Public Information

More than fifteen countries around the world have launched major initiatives to make a substantial volume of government information available to the public through the Internet. These efforts to promote digital transparency with regard to information of interest to the public are extremely important and should be widely supported. They have the potential to promote open government and greater public participation in the development of key national policies. It is essential to note, however, that online accessibility of government information, alone, is not sufficient. In addition to making the information available online, governments must also act to foster the expansion of Internet access to ensure that all citizens have the technical means to make use of the information. Governments must also work to provide educational and analytical opportunities adequate to ensure that citizens are able to analyze and understand the information. Digital transparency by governments can provide maximum social, political, and economic benefits only when it is combined with the development of an informed population which is educated and trained sufficiently to enable it to analyze and understand the information presented by the government.

ICANN Authorizes New Domains

In an important recent policy decision, the Internet Corporation for Assigned Names and Numbers made a dramatic change in its approach to top level domain names. ICANN chose to authorize use of brand names and generic words as general top level domains. Effective in January 2012, all parties who are willing to pay the substantial registration fee and who can demonstrate a legitimate claim supporting use of the proposed domain will be able to apply to ICANN to register the new top level domain. This system will alter the look of the Internet. It provides attractive marketing and promotional opportunities for businesses, and it marks a significant milestone in the evolution of the Internet. This approach is also likely to create aggressive competition among commercial enterprises as they race to lock-up attractive domains. By, in effect, enabling companies to purchase essentially any general top level domain, ICANN has dramatically increased the commercial character of the Internet. That commercialization carries both important opportunities and concerns.

Fragmenting the Internet

The government of Kazakhstan recently ordered all Internet domains using the .kz top-level country code to route their traffic to servers physically located in Kazakhstan. In response to that requirement, Google indicated that it would direct traffic away from its google.kz domain and route it to the google.com site, instead. Some have characterized this type of government action as the first step in the fragmentation of the Internet. Government insistence on physical presence in a particular jurisdiction raises issues of operational efficiency and content security. Although it is within the authority of any national government to insist on this type of physical presence, it is a mistake to do so. Many of the opportunities and advantages offered by the Internet can only be fully realized if the network is left free to be organized and configured with minimal government intervention. Fragmentation of the sort fostered by the action of the government of Kazakhstan could result in an Internet which is not a truly global network, but is instead a loose collection of many different national Internets. Such a result would notably reduce the value and effectiveness of the Internet.

"Anonymous", Target of International Legal Action

Recently, governments in Spain and Turkey arrested members of the international computer activist group, “Anonymous.” The authorities allege that members of Anonymous were responsible for orchestrating denial-of-service attacks against major companies, including Sony Corporation, and government agencies in various countries. Anonymous contends that its computer attacks represent a form of political protest. For example, the group indicates that it attacked Turkish government websites to protest the government’s planned use of mandatory Internet filters which could enable the government to develop records of Internet use by individuals.

As governments direct increasing law enforcement attention to Anonymous and other computer activist groups, it is important to recognize that both sides in this conflict represent vital aspects of the public interest. Government authorities must act decisively to maintain the security and integrity of computer networks. Without a secure and reliable global computer infrastructure, the public benefits of the Internet and electronic communities will not be fully realized. At the same time, computer activists have a critically important role to play in legitimate political and social movements. In recent months for example, computer activists were instrumental in the drive to political and social reform in Egypt and other nations. The public should not permit legitimate government efforts to promote computer network security to degenerate into excuses for political and social repression. Similarly, the public should insist that computer hackers who claim to be acting in pursuit of political and social reform should be willing to accept that full legal consequences resulting from their actions.

Governments and the Cloud

National governments are increasingly mindful of the legal and regulatory aspects of cloud computing. Governments around the world are moving toward greater use of cloud systems for government data management operations. Yet, those government initiatives are constrained by recognition of the jurisdictional complexities potentially presented by the cloud structure. The government of New Zealand, for example, has set ambitious goals for greater cloud computing use, however, it has also mandated that all cloud computing systems used by the government will be physically located in New Zealand. New Zealand government data will not be moved offshore. Expect other governments to adopt similar limitations on government cloud systems in an effort to make their data systems more secure and to retain jurisdictional control.

Commercial users of cloud computing systems will likely also make increasing use of geographic limitations. Through contract provisions in service agreements, commercial users of cloud systems will attempt to specify the jurisdictions in which their data will be stored. In this way, cloud users will be better able to ensure legal and regulatory compliance with regard to their data and data systems. In this type of environment, it is possible that nations will compete to attract cloud network hubs and other data centers by establishing legal and regulatory frameworks viewed to be attractive by the cloud service providers and users. Cloud systems and other distributed networks can make use of forum shopping to identify the jurisdictions that are optimal from a functional perspective, and then move to place their operations in those locations. An important element of the attractiveness of any jurisdiction, from an information technology perspective, is its legal and regulatory climate with regard to key issues including: data privacy, computer security, intellectual property rights, computer crime, and electronic transactions. As governments compete to attract cloud computing operations, they will continue to evaluate and modify their policies and laws affecting information technology as an important part of their efforts to participate in the emerging global cloud computing environment.

Regulatory Compliance for Cloud Computing

Cloud computing services raise important legal and regulatory issues for both the providers and the users of those services. One of the key issues is effective compliance. Cloud service providers and users must comply with all of the legal and regulatory requirements imposed by the jurisdictions (nations, states/provinces, localities) in which the data managed by the cloud are stored. For example, if an organization makes use of cloud services configured in a manner such that the organization’s data are actually stored on computers in a jurisdiction other than its own, the organization must recognize that its data will be subject to the laws and regulations of that other jurisdiction. The organization must make sure that it and its cloud service provider comply with those requirements. To the extent that the organization also faces legal obligations in its home jurisdiction regarding the data (e.g. requirements to protect the data or to be able to produce it to government authorities in its home jurisdiction on short notice), the organization must also comply with those requirements. Thus use of cloud computing services can subject the user to legal compliance obligations in multiple jurisdictions, depending on the operational configuration of the cloud. Users of cloud services should thus insist on contractual provisions in their agreements with cloud service providers that ensure the operators comply with requirements imposed by all relevant jurisdictions and that provide for indemnification of the user in the event of compliance failures on the part of the service provider.