Benjamin Adida |
Enoch Chang |
Lauren B. Fletcher |
Michelle Hong |
Lydia Sandon |
Kristina Page |
Table of Contents
Endnotes
Appendix A: Acknowledgements
Appendix B : Credits
Appendix C: Executive Summary
1 Introduction
Web page hacks, spam email, and network break-ins, though technically very different in nature, have one unifying thread - they are all trespass. Current law treats these cyberspace occurrences under one common legal doctrine, but an evaluation of this relatively new field raises the question: should trespass be applied to cyberspace?
It is important to keep in mind that trespass was designed for real space dealing with physical property. Moreover, trespass is only a metaphor in cyberspace. On a superficial level, this metaphor may in fact be appropriate. Internet terminology including "home" pages, web "sites," and "visitors" supports this analogy,[1] and it is easy to equate elements of cyber-trespass with their real space counterparts in some instances: firewalls can be thought of as virtual fences and web page notices can be viewed as virtual signs.
Upon closer inspection, however, this metaphor breaks down. In trying to fit cyberspace into the box of common law trespass, some of the meanings are lost in the translation. Are we going too far when we carry this analogy down to the flow of electrons? Why should we constrain ourselves to the framework of common law when we have the ability to adapt the technical and legal architecture at this relatively early stage? What other regimes would more efficiently and effectively deter trespass in cyberspace? This paper is devoted to exploring these very questions in proposing a new way of dealing with trespass in cyberspace.
1.1 Overview
Values and interests of Internet users conflict in the debate on controlling access to information in cyberspace. Individual users, both private and commercial, system administrators, and government strive to keep data and systems secure from hackers, crackers and insiders attempting to view, to collect, or to damage stored information. Many of the early members of cyberspace communities and bulletin board operators want the Internet to remain a resource where one can freely roam, gather, and share information and want to ensure that there are some public spaces in cyberspace. Individual users wish to preserve the privacy of some data while they connect to the Internet or make some data on available for free public access. Hackers, computer techies who try to access data and systems on the Internet in order to test their technical abilities, want the freedom to test the security and privacy features of systems and software but do not want to risk a criminal or civil action when they do not damage the system they enter. In order to preserve the commercial value of proprietary or copyrighted data, commercial entities, entrepreneurs, system administrators, Internet service providers (ISPs), and owners of network hardware wish to control the uses of their data or system. Individual users would like to prevent commercial solicitations from reaching their private spaces on the Internet. Entrepreneurs and commercial entities want to use the Internet for low cost, bulk direct advertising through unsolicited commercial email.
Current approaches to regulating access in cyberspace rely on rules derived from real space. Victims of unauthorized access currently use common law doctrines such as trespass and trespass to chattel and statutes specifically aimed at preventing unauthorized access to computer data or systems to punish those who access data or systems without the owner's consent. These doctrines, based on real space unauthorized access, focus on intent, entry, property, and permission. Problems arise when unauthorized access in cyberspace challenges or conflicts with traditional understandings of real space trespass law.
Unfortunately, the property metaphor which underlies current legal regulation of access is inadequate to meet the continuing challenges which unauthorized in cyberspace will present.
Technical advances increase both the potential scope of unauthorized access to data and systems in cyberspace and the number of access attempts. Traditional legal doctrines must stretch to accommodate these changes in technology if they are to effectively punish unauthorized access. This expansion of the common law understanding of trespass in order to apply it to cyberspace illustrates the limits of current legal approaches to the problem.
Society must determine what combination of technology, legislation, social norms, property law, contract law, tort law or alternative concepts confronts and resolves the special challenges of enforcing rules regarding unauthorized access in cyberspace. The special challenges which unauthorized access presents relate to problems applying common law trespass doctrine and detecting wrongdoers and victims. Efforts to address the problems created by unsolicited commercial email, commonly referred to as spam, illustrate how technology, legislation, and social norms establish and enforce rules which regulate access in cyberspace. Property law, contract law, and tort law provide additional tools for addressing the problem of unauthorized access in cyberspace and for determining which competing interest will prevail in the unauthorized access controversy. Other concepts may provide more insight on how society can achieve its goals of regulating access in cyberspace.
1.2 Outline of Paper
The first part of this whitepaper provides the necessary background information and leads up to the current status of trespass in cyberspace. Sections 2 - 4 provide an overview of current trespass and how this common law framework has been applied to cyberspace. Through discussion of legislation and case law, these sections analyze technical and legal aspects of real space and cyberspace trespass. Section 5 presents a technical discussion of how trespass in cyberspace may occur, followed by a legal analysis of each scenario presented. Section 6 then outlines strategies that are currently employed to prevent cyberspace trespass. Next, Section 7 explores the uses and limitations of metaphors and suggests that cyberspace trespass be abstracted to a conceptual level in order to extract the underlying principles.
The remainder of the paper presents a new architecture, combining law and technology, to deal with trespass in cyberspace. Section 8 establishes the goals to be realized by the proposal, and Section 9 defines the precise language of the conceptual terms to be used. Section 10 proposes a legal and technical architecture utilizing the concepts of entities, control, and containers to prevent and govern unauthorized access in cyberspace. In section 11, the merits of this regime are evaluated in terms of meeting the stated objectives as well as feasibility of implementation and acceptance. Finally, section 13 conjectures as to how the implementation of this architecture will influence the world in terms of technology, law, markets, and social norms.
2 Real Space Trespass
The right to exclude others has been described as the most fundamental and important right of property owners.[2] Because the right of exclusion "determines what men shall acquire. . . [and] determine[s] the mode of life of many," it involves de facto political sovereignty.[3] Thus, as one commentator has argued, property law should be treated with the same "considerations of social ethics and enlightened public policy which ought to be brought to the discussion of any just form of government."[4] This section will explore traditional trespass law from the vantage points of common law, statutes, and case law, focusing particularly on the common law actions of trespass and trespass to chattel.
2.1 Common Law Trespass Actions
Under traditional common law, several different trespass actions are available to remedy offenses to an owner's exclusive use of his property. These include conversion, continuing trespass, nuisance, trespass to land, and trespass to chattel. Conversions are defined as "those major interferences with chattel, or with the plaintiff's rights in it, which are so serious, and so important, as to justify the forced judicial sale to the defendant."[5] Examples include stealing another person's hat, or selling wine discovered in one's basement while mistakenly thinking it was abandoned.[6] However, the damage must be serious or substantial; it is not conversion to ride someone else's horse after getting permission only to feed it.[7]
A continuing trespass is an invasion that is continued by a failure to remove it. Building a structure and dumping trash on another's land are examples of continuing trespasses.[8] Nuisance is very similar to trespass, and the line between them is both fuzzy and crooked.
A nuisance action involves an offense to the owner's use and enjoyment of his property, rather than to his possession of it.[9] For example, a dog that barks all night or blasting vibrations that damage a house have been found to be nuisances because they disrupt the owner's quiet enjoyment, but do not challenge his possession of, his land and house.[10]
All three of these actions can be interpreted as having cyberspace analogues. For example, the sender of commercial spam email does not try to challenge the recipient's possession of his account, but often affects his use and enjoyment by clogging his in-tray and forcing him to expend time and effort to sort through and delete the unwanted emails. A nuisance action might therefore seem appropriate in this case. However, in practice courts have limited the cyberspace application of real property law to the common law actions of trespass to chattel and trespass to land.[11]
Trespass to chattel is defined as the intentional "intermeddling" with someone else's chattel.[12] Trespass to chattel is found in four general cases: (1) X removes a chattel from Y's possession; (2) X impairs Y's chattel as to condition, quality, or value; (3) X prevents Y from using his chattel; or (4) X causes harm to Y or to something in which Y has a legally protected interest.[13]
Trespass to land is generally an injury to possession, as opposed to a challenge to title.[14] To prove trespass, one must show that there was: (1) Intentional (2) Entry (3) Onto the property of another (4) Without their express or implied permission to so enter.[15] Each of these four elements is open to interpretation.[16]
2.2 Statutory Trespass Actions
Trespass can be either criminal or civil. Because of its importance, the right to exclude is protected by all three arms of the state: it is codified in legislation,[17] enforced by law enforcement agents, and vindicated in the courts.[18]
State statutes deal with trespass in a variety of ways. Some statutes are complex, such as
Whoever, without right enters or remains in or upon the dwelling house, buildings, boats or improved or enclosed land, wharf, or pier of another, after having been forbidden so to do by the person who has lawful control of said premises, whether directly or by notice posted thereon, or in violation of a court order pursuant to section thirty-four B of chapter two hundred and eight or section three or four of chapter two hundred and nine A, shall be punished by a fine of not more than one hundred dollars or by imprisonment for not more than thirty days or both such fine and imprisonment. Proof that a court has given notice of such a court order to the alleged offender shall be prima facie evidence that the notice requirement of this section has been met. A person who is found committing such trespass may be arrested by a sheriff, deputy sheriff, constable or police officer and kept in custody in a convenient place, not more than twenty-four hours, Sunday excepted, until a complaint can be made against him for the offence, and he be taken upon a warrant issued upon such complaint.
This section shall not apply to tenants or occupants of residential premises who, having rightfully entered said premises at the commencement of the tenancy or occupancy, remain therein after such tenancy or occupancy has been or is alleged to have been terminated. The owner or landlord of said premises may recover possession thereof only through appropriate civil proceedings.[19]
Other statutes are extremely simple.
There is no federal statute covering general trespass[21]; general federal trespass is covered under common law only.[22] Most trespasses punishable under federal law involve federal lands or property involving a significant federal interest, such as national parks, nuclear reactor sites, and Indian reservations.[23] In general, "trespass to property, normally within the exclusive cognizance of the states, . . . [was not to be] a matter of national concern."[24] This is true even where the trespasser is a government actor.[25]
2.3 Trespass Case Law
Because trespass is such an important and well-established right, there has been no shortage of case law. Two classic cases are Bradley v. American Smelting and Refining Co.[26] and
In Bradley, the plaintiff homeowners were suing a copper smelting factory for blowing gases and microscopic particles onto their land. The court found that the defendant factory had had the requisite intent to commit intentional trespass to land. The court also found that the intentional deposit of microscopic particles could give rise to action for trespass as long as there was proof of actual and substantial damages.[28]
In Cleveland Park Club, a child had placed a tennis ball into the drain pipe of a swimming pool, and had thereby forced the swimming club to close the pool and make repairs. The court held that the child had the