Internet Governance regulatory models for cyberspace

In the early days of the Internet, not too many counties had access to it. Access to the Internet was limited to those that could afford to visit the online world. Since the revolution of the internet however, the internet has embraced in most aspects of our lives, from online shopping, banking, education and so forth. Internet has change the way people think and the way people live. Such changes are social networks that almost erase every privacy right. Facebook founder and CEO M. Zuckeberg recently went on record and said that none of the cool kids care about privacy; neither should you[1]. As a result of this revolution cyberspace has raised several issues and challenges to the traditional models of regulation. This paper will examine the traditional regulating models and actors involved and whether they can adapt to the fast changing cyberspace in order to provide the protection required in a world that cybercrime increases by 35% per year[2].

Firstly in order to approach the question it requires analyzing the current regulatory models and then critically analyzing how each model works. Regulate the internet has become one of the hardest thinks ever invented since in order to regulate cyberspace it must firstly people have the right of privacy protected and also the right of freedom of expression which are both fundamental rights provided by the human rights act and in many cases online they conflict. Secondly and most importantly is to be able to regulate the cross-border data flow since the basic idea behind internet is that there are no borders. Although internet is just a vast network of computers it is often thought of it in spatial terms. Taking into account the meaning of “cyberspace” on it is own implies that is a place separate from psychical space. As a result of this American courts for example treat the internet as a property based regime and many times subject to the legal doctrines refer to it as a real property[3]. Cyberspace is not only a technical change but can also considered a new place where a new type of purely electronic transactions and electronic life can exist affecting the present and the future physical life of people which means the need for a new understanding of the electronic substance of the whole scale of events taking place there but the real effects are felt in the real world and the state territory which means that legal regulation is needed accordingly. Cyberspace can considered as an instrument of dispersion of effects[4]. While the old technologies such as the telegraph, radio and television remain confined in their uses to states, cyberspace has developed a global scope which does not necessarily means that sovereignty is undetermined. The cyberspace phenomenon brought a growing number of digital goods that replaced many other ordinary goods and services. Therefore the rise of cyberspace brings forward the need for revision the meaning and substance of jurisdiction and sovereignty[5].

Over the years scholars have identified a number of regulatory models for cyberspace[6]. These models include legal rules, market forces, architecture in both physical and virtual, social norms, public education, and private institutions[7].  Another approach has also be given by Robert Baldwin and Martin Cave book Understanding Regulation, in this the authors outline eight alternative regulatory strategies: 1) command and control, 2) self regulation, 3) incentives, 4) market harnessing controls, 5) disclosure, 6) direct action, 7) rights and liabilities laws, and 8) public compensation the authors described these as the application of the basic capacities or resources that governments possess and which can be used to influence industrial, economic or social activity and therefore government may a) use legal authority and command of law pursue policy objectives, or it may (b) deploy wealth through contacts, loans. Grants, subsidies or other incentives to influence conduct, or c) harness markets by channelling competitive forces to particular ends, or d) deploy information strategically or e) act directly by taking physical action, or f) confer protection or create incentives[8].


Firstly taking into account the legal model which is the first model anyone can think when talking about regulation. The legal approach can be classified into two categories: a) the real law approach which the internet is treated in the same way as telecommunication technologies and b) the cyber law approach based on the presumption that the Internet introduces new types of social relationships in cyberspace[9]. This model is based on the idea that internet should be regulated by legislation like all thinks in the world.  Legislation can applied in many situations online such as in case of defamation that can take place in blogs or social networks. Every time those contacts made between parties online under e-commerce can consider enforceable. Also criminal actions such as hacking are subject to criminal sanctions. And lastly every time illegal music is share or distributed around cyberspace with no license and involves copyrights are also subject to criminal and civil liability. In the European Union the community in order to regulate cyberspace implemented the directives. The directive is a legal document enacted by the EU and addressed to the members states. It requires members’ states to implement the substance of the directive into national laws, which require member states implementing the substance of the directive within a period of time. The European Community sets the rules and leaves the details of implementation to its members. The amount of flexibility when it comes to implement it its quiet wide, taking for example the Information Society directive that contains 15 exceptions for exclusive rights but only one is mandatory.  But also directives allow members states to choose a number of options for implementation. The 43-member Council of Europe (CoE) ratified a convention on Cybercrime, the first international treaty on criminal offences committed through use of the Internet and other computer networks. The CoE even if comprises European nations the United states was one of the four non-members that signed the Convention. The main aim of this convention is to pursue, as a matter of priority, a common criminal policy aimed at the protection of society against cybercrime and to take measures such as adopting legislation and fostering international co-operation. The convention deals with copyright infringements, computer related fraud, child pornography, and offenses connected with network security. [10] Even if this is currently the only convention that deals directly with internet related issues, many other international legal instruments address broader aspects of internet regulation. For example in the telecommunications field, ITU regulations govern issues related to telecommunication infrastructure[11].  Another set if internet-related instruments deal with human rights. Article 19 of the Covenant on Political Rights protects freedom of expression. Also global and regional human rights instruments regulate other internet-related rights such as privacy and the right to information.

In the United States recent examples to regulate cyberspace include the Communication Decency Act of 1996 and the Child Protection Act 1998. The Communication Decency Act is an amendment which prevents the information superhighway from becoming a computer red light district[12]. The United States Supreme Court however declares these laws unconstitutional. Part of the Children Protection Act survived and provided the framework for regulations on the methods that may be used to collect data from Children on the web. The most interesting part that took place in the United States however is the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN was created by the United States government as a private, non-profit entity in charge of regulating and manage the domain name system and the Internet. Many governments from other countries have attempted to participate however the United States maintained the strict control of the organization, which existence depends on contract with Department of Commerce as a result even if ICANN seems a good example of regulation, it still ties to the United States. [13]


In order to have a clear view of how governments try to regulate the net through laws the first case to consider is China, in China there several restricts communications by the internet, including all forms of dissent and free reporting of news. The Measure for Managing Internet Information services is regulations that prohibit private web sites to publish news without the approval of Communist Parties Officials. The Seven No’s, another set of law bars the publication of material that negate the guiding role of Marxism, Leninism, Mao Zedong and Den Xiaoping theories go against the guiding principles, official line or policies of the Communist Party or violate party propaganda discipline. Furthermore Chine laws bans content that guides people in wrong direction.  On the other hand in Saudi Arabia bans publishing or even accessing various types of online expression including anything contrary to the state or its system, news damaging to the Saudi Arabian armed forces, anything damaging to the dignity of heads of states. The ISP of this county are linked to a ground floor room where all country’s Web activity is stored in massive cache files and screened for offensive or sacrilegious material before it is released to users[14]. Taking into account some counties in Europe, Italy restricts both online and offline speech in various ways, the Italian constitution contains broad language that forbids printed publication, performances and all other exhibits offensive to public.

The effects that different legislation around the globe has on the regulation of the Internet have been shown in the Yahoo! case. In this case there was a breach of French Law on Nazi materials, which prohibited the exhibition and the sale of such objects. The Yahoo auction site included this kind of materials. The Yahoo website was hosted in the USA where the exhibition and sale of these items was and still is legal. This conflict between French and American legislation shows the difficulties that the national regulation have. This case an example of one country laws influence what appears online in another[15] nation state or at least how that information is transmitted.

In addition to this on the other hand conventions are nonbinding which make them weak tools for compelling behaviour in persons unwilling to conform to such conventions.  Also national law have limited effectiveness, national law has no place in cyberlaw, since if you do not like banking laws in the United States you can set up a machine on the Grand Cayman islands, if you do not like the copyright laws in the United States, you can set up your machine in China. Cyberlaw is global law, which is not going to be easy to handle, since seemingly cannot even agree on world trade for cars.[16] These kind of views have been for years around national law regulation and it is clear that it will be almost impossible to regulate cyberspace when it comes to cross-border cases since every country will have priority it is own country rules and even worst at an online world you can even pick which laws you prefer and set up your machine in those countries.

The second regulation model to consider is self-regulation. The idea behind this model of regulation is keeping the state out. The US government’s “White Paper on Internet Governance (1998)” proposes self-regulation as the preferred regulatory mechanism for the internet. Self-regulation is based on an intentional organized approach with rules that are usually codified in codes of practice or good conduct.[17] This form of regulation private and other entities would police themselves. This model was consider popular back in the 1990s today this model is unlikely to work since if the state do not take part none can ensure civil liberties and public values.  The need of the state to take part was recognize by WSIS, which in its Declaration of Principles states that: “Policy authority for Internet-related public policy issues is the sovereign right of States. They have rights and responsibilities for international Internet-related public policy issues.”[18] Taking into account the complexity of cyberspace, it includes cornucopia institutions that partake of self regulatory characteristics. Voluntary institution, generated by the internet and not by government is the very backbone of efforts to deal with harmful content. In many views, governments have failed to recognize that the Internet industry is not monolithic and that there is no single industry that speaks for the whole of the Internet. It was suggested that self-regulation operates more effectively when it involves interrelated levels of the industry, which often do not form one coherent body.  One example of this is Boddewyn’s study that found that self-regulation system where strengthened when they included distribution systems, such as television networks[19].Less radical views concede that people interacting in cyberspace also have a physical presence. But they argue that this should not prevent from setting up a system of self-regulation.  In the physical world there many examples of groups forming communities and creating self-regulating regimes: from corporations to non-profit organizations, from business associations to sports clubs. Being a member of one of them does not preclude from being a member of another. However many views oppose to this idea, since it would be impossible to work for example in case of child pornography since how can paedophiles of the world come together and rule themselves. It has been said that self-regulation is like having the prisoners guarding the prison[20]. The desire to create a system of self-regulation for all of cyberspace, it can be said that is nothing else than asking for a global regime of governance of all people online. Such self-regulation is a far cry from the ideal of small scale, community based self-governance. In the end, it aspires to govern the communication among all users of the internet.

However this model of regulation can consider flexible since the legislative process is often cumbersome. Once laws are passed, it is difficult to change them. By contrast, rules devised by the industry can apply to matters not subject to statutory regulation where the regulator lacks authority to act. Self-regulation can consider speedy since it can respond faster and more quickly to market developments.  It can also consider cost-efficient, since rules crafted by the industry will be well adapted to business practices and tend to impose a lower regulatory burden on market participants. Self-regulation relieves the government of the costs developing and sometimes enforcing regulations. Self regulation can also extend across national borders since it is defined by contact and not restricted like national legislation[21].

A similar process is when the public authorities are involved to a larger extent, for instances, by defining the essential legal framework and monitoring the outcome of the self-regulatory process, this process can be described as co-regulation. In this process state assumes greater responsibility for regulation and makes the rules itself, however the process may still involve market participants.  Involvement can take the form of private-sector participation in the commissions or working groups mandated with the elaboration of the regulation, the conduct of hearings and wide consultations with the affected parties.[22] As said co-regulation, presupposes the direct involvement of a public actor in this regulatory process, which is usually not the case with self-regulation.  In line with this co-regulation maybe considered as a regulatory mechanism that is primarily considered or understood to take a top down approach[23].  Therefore co-regulation can be seen rather as a complement to legislation than as an alternative to this[24].

Another model of regulation that exists in cyberspace are Social Norms. Norms are social regularities that impose informal standards and constraints on human behaviour in defence to the preferences of others[25].  Therefore social norms can consider generating expectations. They are commonly an outgrowth of custom, convention to organizational structures and a general sense of right and wrong. An example of social norm is tipping in a restaurant after a good meal or saying sorry when bumping to someone. [26] Therefore can be said that norms guide behaviour and in this sense they can function as regulator. The main issue with social norms s firstly taking the example laid above not all people will tip the restaurant despite of how good the food is. Thus, if others do not enforce the norm and the individual bears the individual’s solo efforts are wasted.  Taking the “spam” example, most users abhor spam due to the burden that the behaviour inflicts on them. Even if spam is costly to the cyber society due to bandwidth it greedily occupies and the cost to individual users who receive unwanted email, spam occurs constantly however because the spammers gain all the benefits but they only incur only a very small fraction of the cost. Internet users can benefit if they spent the costs to effectively sanction spammers but the amount any user is willing to spend is likely insufficient to effectively discourage it, unless collective actions are taken by all people[27].

Having said these, it is quite obvious that traditional regulate models have difficulties adapting to cyberspace.  Cyber-libertarians such as Barlow in his view indicated that there are no functional effectors used in traditional legal-regulatory control systems such as imprisonments, fines and orders for specific performances would proves to be ineffective against digital personae who have no, physicality, identity or fiscal funds.  Therefore is his view that traditional laws and law making, based upon the concept of physicality, were rendered ineffective in cyberspace. Also the lack of borders within cyberspace suggested to cyber-libertarians that traditional state sovereignty, based upon notions of physical borders, would be undermined in cyberspace, since individuals could move between zones governed by differing regulatory regimes in accordance with their own personal preferences[28].

The case of Reno vs. ACLU[29] is clear example of the static regulatory. This case concerned the trading of forbidden material on the internet. Even of the decision was widely expected the effects of the decision resonated far beyond the limits of the issues before the court or even supreme courts jurisdictions. This decision affected the ability of lawmakers to use legal controls to manage online content.  UK law enforcement following the Reno decision where left with three options: a) they could seek to regulate UK-based consumers rather than overseas suppliers of infringing material; b) they could negotiate with US lawmakers in the hope of setting up an international settlement or c) they could seek to recreate, artificially, the physical borders that were previously placed. Murray contends that option (a) is impracticable due the millions of people as the surveys showed that download illegal material from the internet. Applying this option is quite clear that it would be almost impossible to go after this amount of potential law breakers but also the prosecuting authorities would have to prove that for example the material accessed, it was indented to be criminal used.  The second option it may sound viable and attractive but it has its own flows.  This flaw was indicated by Douglas Vick in his view the Reno decision will constrain the international community’s affords to establish a comprehensive body of common rules for regulating Internet content. Under American law treaties and other international accords are inferior to the provisions of the United States Constitution. Thus a treaty provision is unforceable if it fails to conform to the First Amendment law[30]. Therefore since the internet is based on communication any convention on cyberspace is more likely to raise issues on freedom of speech based on the first amendment.  Furthermore more with this option if one state refuses to sign up, the users of the country that signs will still be able to browse banned websites simply by browsing through the servers of the country that did not sign the convention. Similar to what happen to the current convention, the council of Europe Convention on cybercrime.[31]

The final option, to erect firewalls in order to restrict websites that are included in lists can consider impracticable to practical and legal and political costs. This is obvious that will require a lot of people continuously monitor the Internet in order to create this lists, which is very costly both under a plain perspective and from human resources viewpoint. There many states that choose to implement these systems to provide this control over their citizens. Examples of this are the Yahoo! Case that was shown above.  Similar example is China that employed 30,000 full time staff to manage the state firewall and updated the lists of the ban websites[32]. It can be said here that the ineffectiveness of this can be seen by anyone by just visiting Facebook, even if Facebook is banned in China thousands of users have account and are able to view it every day.

The final case to consider in order to show how difficult is for an intervention to be made is the ICANN case. As said above ICANN was established following the US government order. Its main objective is to bring stability and public accountability to the domain names system.  After the creation of ICANN, the World Intellectual Property organization, proposed a set of rules in regard to intellectual property rights. This had a result for many domain server owners to walk out on the fact that it perceived as in favour of trademark owners.  Furthermore the World Summit on the Information society was established because EU feared that ICANN would establish an exclusive US jurisdiction over the internet in order to review the ICANN system. And that’s was not all, the Internet Governance Forum was created in order to accommodate the interest of countries which they thought they lacked representation. This had a result for no regulatory intervention to take place, and as Murray indicated its likely not to[33]. The main issue behind this case is that when there is reaction which is not consistent with the rules, lawmakers tend to enact further intervention to re-model the environment.  Is Murray views that this is the basic mistake of lawmakers since they considered the environment as static and therefore the traditional ‘command and control’ regulatory interventions fail to regulate cyberspace. Thus, these kinds of controls cannot be expected to be anywhere near effective in cyberspace.

It is clear that the internet is not a static regulatory universe which an intervention can be made in order for cyberspace to be regulated lawmakers should acknowledge the dynamic characteristics of the environment that they try to regulate. By accepting that the regulatory matrix is dynamic structure, regulators and regulatory theorists are offered the opportunity to produce effective regulations. Example of the value of this kind of regulation can be seen at the position the music industry reached by default after the failure of the Sony Corp of American v Universal City Studios 464 US 417 (1984).[34]


In conclusion it can be said that after examine most models that regulate cyberspace, both in cases of government and public regulation the issues are obvious. Taking the traditional models of regulation it can be said that there outdated and governments attempt to control their content from their citizens it doing so the effects can spread to the whole internet as it was shown in the cases above.  Cyberspace should not be looked as static but rather acknowledge the dynamic characteristics of it and hybrid models should be created that will be able to adapt to cyberspace changes. Also as seen in the ICANN case new interventions are designed to address the issue that was raised by the previous intervention as a result, the need of new interventions every time that the current intervention has an issue. Also as we have see with the conventions and treaties, not all countries get to signed them and as a result of the way internet operates users provided with the options to even choose the law of preference.  It is obvious that new form of regulations required to be brought forward since also the censoring and monitoring like in China is also ineffective and costly.  Lawrence Lessing in his book “Code is Law” identified the relationship of technology and policy. He identified that by the current way that internet is currently grows it will be better to be regulated by technology; Murray also finds technology a good model for regulation that can be used to regulate cyberspace.







  1. Building the Information Society: a global challenge in the new Millennium,
  2. Bygrave, L. and Bing, J. (2009) Internet Governance: Infrastructure and Institutions, Oxford
  3. Crime statistics 2010: “Cyber Crime a huge problem” available at
  4. E. Best, ‘Alternative Regulations or Complementary Methods? Evolving Options in European Governance’, Eipascope (2003)
  5. E. Hupkes “Regulation, self-regulation or co-regulation?” (2009)
  6. E. Hüpkes , O. Zibung, “Pragmatic and effective regulation-a Swiss perspective on the regulatory process” (2008) 9(4) Journal of Banking Regulation
  7. Easton “The web content accessibility guidelines 2.0:an analysis of industry self-regulation” (2011)
  8. F. Mayer “Europe and the Internet: The old world and the new Medium” (2000) available at
  9. G. Smith “Internet law and regulation” (2007)

10. G. Zekos “State cyberspace jurisdiction and personal cyberspace jurisdiction” (2007)

11. H. Nissenbaum, M. Price “Academy and the Internet” (2004)

12. H. Popkin “Privacy is dead on Facebook. Get over it” 1/13/2010 available at

13. internet efficiently? Going beyond the bottom-up and top-down alternatives” (2006)

14. J. Kesan, A. Gallo “Why are the United States and the European Union failing to regulate the internet efficiently? Going beyond the bottom-up and top-down alternatives” (2006)

15. J. Kesan, A. Gallo “Why are the United States and the European Union failing to regulate the

16. J. Kurbalija “Internet Governance and International Law” available at

17. J. Lipton “What Blogging Might Teach about cybernorms” available at

18. J. Trachtman “Cyberspace, Sovereignty, Jurisdiction, and Modernism” (1998) available at

19. J. Whittaker “The Cyberspace handbook” (2004) available at p231

20. K. Coyle “Lessig, Lawrence. Code and Other Laws of Cyberspace. 1999 available at

21. K. Olson “Cyberspace as Place and the Limits of Metaphor” available at

22. L. Lessig “The laws of Cyberspace” (1998) available at

23. L. Lessig. CODE Version 2.0, (2006)


25. M. Chawki “A Critical Look at the Regulation of Cybercrime” (2005) available at

26. M. Masnick “Can We Kill Off This Myth That The Internet Is A Wild West That Needs To Be Tamed?” May 2011 available at

27. M. Sachoff “IBM Calls intent Wild west” August 26 2009 available at

28. Major “Norm origin and development in cyberspace: Models of cybernom evolution”

29. Marsden “Regulating the global information society” (2000)

30. Murray “Regulation of Cyberspace: Control in online environment” (2007)p

31. N. Anderson “Inside the US-Anglo-French plan to civilize the Internet” 2011 available at

32. R. Cannon “The Legislative History of Senator Exon’s Communications Decency Act: Regulating Barbarians on the Information Superhighway” available at

33. R. Corn-Revere “Caught in the seamless web: Freedom of speech?” July 2002

34. Segura-Serano “Internet Regulation and the role on international law” available at

35. Status report for MPs “Current Internet Regulation issues” June 2004 available at

36. T. C. Crews “Who rules the net?: Internet governance and jurisdiction”(2003)

37. V. Mayer-Schönberger, “The shape of Governance: Analyzing the World of Internet Regulation”

38. Vick” The Internet and the First Amendment” (2003)

39. W. Kleinwachter “Internet governance and governments: enhanced cooperation or enhanced confrontation” (2007)


[1] H. Popkin “Privacy is dead on Facebook. Get over it” 1/13/2010 available at

[2] Crime statistics 2010: “Cyber Crime a huge problem” available at

[3] K. Olson “Cyberspace as Place and the Limits of Metaphor” available at

[4] J. Trachtman “Cyberspace, Sovereignty, Jurisdiction, and Modernism” (1998) available at

[5] G. Zekos, “State cyberspace jurisdiction and personal cyberspace jurisdiction” (2007)

[6] Lessig,  The Law of the Horse,  supra  note 3 (identifying legal rules, norms, system

architecture, and market forces as  modes of regulation online); Richards,  supra note 6, at 420

(2008) (giving an example of the American Library Association as an institutional regulator in a real

world context); Lipton,  supra  note 6 (identifying public education as a mode of regulation along

with norms, market forces, system architecture, legal rules, and non profit institutions)

[7] Lipton,  supra  note 6 (identifying public education  as a mode of regulation along with

norms, market forces, system architecture, legal rules, and non-profit institutions)

[8] A. Murray “Regulation of Cyberspace: Control in online environment” (2007)p 28

[9]J. Kurbalija “Intertnet Governance and International Law” available at

[10] A. Thierer, C. Crews“Who rules the net?: Internet governance and jurisdiction”(2003) p235

[11] J. Kurbalija “Intertnet Governance and International Law” available at

[12] R. Cannon “The Legislative History of Senator Exon’s Communications Decency Act: Regulating Barbarians on the Information Superhighway” available at

[13] J. Kesan, A. Gallo “Why are the United States and the European Union failing to regulate the internet efficiently? Going beyond the bottom-up and top-down alternatives” (2006)

[14]R. Corn-Revere “Caught in the seamless web: Freedom of speech?” July 2002

[15] J. Whittaker “The Cyberspace handbook” (2004) available at p231

[16] K. Coyle “Lessig, Lawrence. Code and Other Laws of Cyberspace. 1999 available at

[17] Bygrave, L. and Bing, J. (2009) Internet Governance: Infrastructure and Institutions, Oxford p83

[18] Building the Information Society: a global challenge in the new Millennium,

[19] C. Marsden“Regulating the global information society” (2000)p.68

[20] H. Nissenbaum, M. Price “Academy and the Internet” (2004) p235

[21] E. Hupkes “Regulation, self-regulation or co-regulation?” (2009)

[22] E. Hüpkes and O. Zibung, “Pragmatic and effective regulation-a Swiss perspective on the regulatory process” (2008) 9(4) Journal of Banking Regulation 247

[23] E. Best, ‘Alternative Regulations or Complementary Methods? Evolving Options in European Governance’, Eipascope (2003)p. 3


[25] William K. Jones, A Theory of Social Norms, 1994 U. ILL. L. REV. 545, 546 (1994) (explaining social norms as those rules and standards that define the limits of acceptable behavior). See also Robert Axelrod, An Evolutionary Approach to Norms, 80 AM. POL. SCI. REV. 1095, 1097 (1986) (“A norm exists in a given social setting to the extent that individuals usually act in a certain way and are often punished when seen not to be acting in this way.”); Richard H. McAdams,  The Origin, Development, and Regulation of Norms, 96 MICH. L. REV. 338, 340 (1997) (Norms are “informal social regularities that individuals feel obligated to follow because of an internalized sense of duty, because of a fear of external non-legal sanction, or both.”)

[26]A. Major “Norm origin and development in cyberspace: Models of cybernom evolution” p62

[27] Ibid

[28] A. Murray “Regulation of Cyberspace: Control in online environment” (2007) p203

[29] 521 U.S. 844 (1997)

[30] D. Vick” The Internet and the First Amendment” (2003) p 419

[31] A. Murray “Regulation of Cyberspace: Control in online environment” (2007) p223.

[32] A. Murray “Regulation of Cyberspace: Control in online environment” (2007)p 227

[33] Ibid p234-237

[34] A. Murray “Regulation of Cyberspace: Control in online environment” (2007)p237


Leave a Reply