Universidade Autónoma de Lisboa
ISSN: 1647-7251
Vol. 6, n.º 1 (May-October 2015), pp. 86-99
Lino Santos
Holder of a Master Degree in Law and Security from the Faculty of Law of Universidade Nova de
Lisboa. Holder of a Bachelor Degree in Systems and Computer Engineering from the University of
Minho. Operations Coordinator at the National Cybersecurity Center (CNCS, Portugal)
In the amazing Code and Other Laws of Cyberspace, Professor L. Lessig writes "that
something fundamental has changed" with cyberspace with regard to the state's ability to
enforce the law.
On the one hand, the structure and characteristics of cyberspace pose some difficulties
related to jurisdiction and the choice of applicable law. On the other, it raises questions
about the very concept of sovereignty as we know it.
This paper examines the arguments of those who advocate a regulation of cyberspace on
the edges of state sovereignty or within a new concept of sovereignty and capacity to
enforce the law, and the arguments of those who reject this exceptional treatment of
Cyberspace; Regulation; Self-regulation; Sovereignty; Utopia
How to cite this article
Santos, Lino (2015). "Cyberspace regulation: cesurist and traditionalists". JANUS.NET e-
journal of International Relations, Vol. 6, N.º 1, May-October 2015. Consulted [online] on
date of last visit, observare.ual.pt/janus.net/en_vol6_n1_art6
Article received on March, 31 2015 and accepted for publication on April, 30 2015
JANUS.NET, e-journal of International Relations
ISSN: 1647-7251
Vol. 6, n.º 1 (May-October 2015), pp. 86-99
Cyberspace regulation: cesurists and traditionalists
Lino Santos
Lino Santos
There is no doubt that cyberspace has brought about profound changes in the way
citizens, organizations and states relate to each other.
The capillarity of Internet, along with its large geographical coverage in terms of access
and the advent of the personal computer, gave rise to the globalisation of information
and knowledge, creating new spaces for interactivity, sharing and storage of market
products, among which we highlight the leisure and culture immersive virtual
environments (virtual worlds), the product of information technology-mediated social
interactions (social networks), or the place where information is stored and processed
(cloud). This diversity of spaces representing the wealth of cyberspace applications is
the basis of its success and of the rapid growth of its use.
This group of spaces is based on the global communications system the Internet - to
which information systems and personal electronic devices connect to perform their
function. If not originally created for military purposes but certainly developed to be
used with that objective, the Internet penetrated the academic network in the late
1980s and quickly took over as a means of mass communication in the mid-1990s. In
its military origin, the main concern in the Internet’s design was resilience to partial
Soon cyberspace was perceived as a space of freedom, a kind of new global Far West
where no state could enforce the law and maintain order. In this context, two opposing
academic trends emerged.
, resulting in a fully distributed physical architecture and management without
any connection with the administrative map of nations.
The first suggests the failure of the legal system to deal with cyberspace and advocates
the creation of new forms of regulation adapted to its specificities.
The second supports a treatment of nonexceptionality regarding cyberspace and argues
that the challenges in its regulation are no different from those posed by other areas
where there are cross-border transactions.
1 One of the requirements asked to the creators of the Internet, then called ARPANET, was to ensure
tolerance to communication failure between military operational bases in a scenario of partial destruction
of their infrastructure. Consisting of a “web” of connections among the various “nodes”, information within
this network should always reach its destination as long as there was a path available to do so, thereby
reducing the criticality of each individual “node” for the global context of communications.
JANUS.NET, e-journal of International Relations
ISSN: 1647-7251
Vol. 6, n.º 1 (May-October 2015), pp. 86-99
Cyberspace regulation: cesurists and traditionalists
Lino Santos
This article intends to present and discuss these two currents in the light of
developments since their initial formulation, and ascertain whether there is a trend or
primacy in the use of cyberspace regulatory mechanisms.
Characteristics of cyberspace
Some characteristics of cyberspace architecture pose serious challenges to the
governance of this new medium, as well as to the regulation of the various activities
conducted within in. To begin with, cyberspace dramatically increases the speed and
amount of communications, while reducing or eliminating the gap between institutions,
between individuals or between nations.
Emails or SMS are sent and received almost instantly, photographs, videos and opinion
articles are shared and disseminated globally in near real time, buying a book over the
Internet is now as easy and convenient as to do it in a bookstore. In this context,
cyberspace and the conversion from analog to digital brutally increased the frequency
and the speed of some existing unlawful behaviour. Examples include copyright
infringement, which has always existed but that digital technologies have facilitated and
carried to the extreme.
On the other hand, cyberspace is non-territorial. Unlike natural areas (air, sea, land,
and space) where states, within their capabilities, exercise sovereignty and enforce the
law within a relatively well defined physical territory, in cyberspace that exercise raises
demarcation problems.
In the same vein, B. Posen refers to it as another global common, comparing it to the
sea, air and outer space (Posen, 2014: 64). Therefore, classical concepts such as
"jurisdiction" or "property" - to give just a few examples - become fuzzy when applied
to cyberspace. The provision of online services will hardly ever comply with the legal
framework of all the states where they are available2
Finally, this virtual space ensures some degree of anonymity to those using it, which
again raises difficulties regarding the allocation of acts performed or the identity of the
authors. A Portuguese cybernaut or located in Portuguese territory may use a blog
service in the US to slander another Portuguese citizen. This same Internet user can
play an online game allowed in the country where the server is located but which is
banned in Portugal. He may also remotely practice a profession regulated in Portugal,
but which is not regulated in the country where the service is provided.
, creating difficulties in their
exercise of sovereignty, starting with the very choice of which applicable law to apply -
the law where the service is provided, or the law where the effects are produced?
Cyberspace has also brought about a set of new legal protection objects, expanded the
protection scope of some existing ones, and facilitated the emergence of new illegal
types. Figures such as digital identity, multiple identities, avatar, virtual money, or
Internet domain, and professions such as systems administrator, programmer or
blogger, still do not have rules that grant them rights and responsibilities.
2 J. P. Trachtman states that the big novelty of cyberspace is that “it will lead to more situations in which
the effects will be felt in multiple territories at once” (1998: 569).
JANUS.NET, e-journal of International Relations
ISSN: 1647-7251
Vol. 6, n.º 1 (May-October 2015), pp. 86-99
Cyberspace regulation: cesurists and traditionalists
Lino Santos
Similarly, traditional concepts such as privacy had their legal protection range extended
to include, for example, the right to be forgotten3
classified as unlawful in the context of juvenile pornography have started to include
ownership of this sort of material in digital format or merely viewing it.
, and actions
These and other challenges were evaluated at the turn of the century by various
scholars from the field of law. Discussion then allowed identifying two diverging trends
with regard to the regulation of cyberspace.
One must also
refer the need, perceived early, for the legal protection of actual computer systems that
constitute cyberspace to be treated separately in cybercrime law.
The first trend believes that some of the distinctive characteristics of cyberspace are
sufficient to justify the impossibility of using existing legal instruments and jurisdiction,
advocating a new paradigm of cyberspace regulation. Johnson and Post, among others,
share this view, defending cyberspace regulation for Internet users through self-
regulation (1996, 2002). In turn, Lessig advocates regulation through "code" and
cyberspace architecture (1999; in this as in all cases that follow, the translation is
On the other side there are those who argue that the challenges posed by cyberspace
to the law are not very different from those placed by other technological
developments, and that the transactions carried out within cyberspace are no different
from other transnational transactions conducted by other means. The main supporters
of this view are Goldsmith (1998) and Trachtman (1998), who reject the exceptionality
of cyberspace and defend an evolution within the framework of international law and
through strengthening supranational regulatory instruments.
The academic debate around the topic has led JP Goldsmith to dub "regulation sceptics"
those who, like Johnson and D. D. Post, emphasize the extraordinary nature of
cyberspace and ask for a new regulatory model (1998, pp. 1199). In turn, Post calls
“unexceptionalists” (2002: 1365) those who advocate that the problems posed by
cyberspace to the state's ability to exercise and enforce the law are not that different or
new. Without wishing to sound unkind to the authors, henceforth I shall refer to the
former as “cesurists” and the latter as “traditionalists”.
Taking advantage of the distance in time of this discussion, this paper will begin by
addressing the arguments advanced by "cesurists" and "traditionalists", and then will
analyse the two dominant solutions for a better regulation of cyberspace: self-
regulation and the additional supranational approach.
3 Article 17 of the European Commission’s proposal for the regulation of Personal Data Protection states
that “the data subject has the right to obtain from the controller the erasure of personal data concerning
him”. See Proposal for a European Parliament and Council Regulation on the protection of individuals with
regard to the processing of personal data and on the free movement of such data (general regulation on
data protection), available at http://ec.europa.eu/justice/data-
protection/document/review2012/com_2012_11_pt.pdf, accessed in September 2014.
4 See point f) of Article 20 of Convenção para a Protecção das Crianças contra Exploração Sexual
(Convention for the Protection of Children against Sexual Exploitation), Resolution of Assembleia da
República (Portuguese Parliament) no. 75/2012, of 28 May, stating that “[...] consciously accessing child
pornography through the use of communication and information technologies constitutes a crime”.
JANUS.NET, e-journal of International Relations
ISSN: 1647-7251
Vol. 6, n.º 1 (May-October 2015), pp. 86-99
Cyberspace regulation: cesurists and traditionalists
Lino Santos
Cesurism vs. Traditionalism
The term "cesurism" - coined by Herminio Martins (Garcia, 2006) is used here as a
reference to a line of reasoning that tends to deal with phenomena as being specific
and unprecedented, somehow renouncing time and history. This is precisely the
thinking of those who, like Johnson and Post, focus their attention on the novelty
cyberspace represents to justify the failure of the current regulation model based on
the law and the break with the past.
The argument of the "cesurists" focuses on the non-territoriality of cyberspace and,
more specifically, on the fact that clear boundaries are a necessary attribute for
effective law enforcement. The relationship between space and law, Johnson argues,
has multiple dimensions. On the one hand, it is the law that allows a state to exercise
sovereignty and control over its territory - a well delimited space recognized by all - as
well citizens to defend themselves from state action. In other words, the border
concept works as the limit within which the state enforces its law, as well as the limit
outside which citizens are safe from state action5. On the other hand, the legal
significance of the effects of an action - or absence of it - is the same within the same
judicial area and, most likely, different between different legal areas.6
Given this relationship between area and law, the "cesurists" argue that the
geographical location within known physical limits borders - is essential to determine
the set of rights and responsibilities of legal entities, concluding that cyberspace
"radically undermines the relationship between legally significant phenomena and
physical location" (Johnson & Post 1996: 1370).
Conversely, the
legitimacy of the law comes from a state’s citizens direct or indirect participation in
drafting the law, this legitimacy being lost when applied otherwise. Finally, the
preventive effectiveness of the law results from prior knowledge of the law applicable to
the area where we practice relevant acts, or the law where such acts occur (Johnson &
Post, 1996).
Under this assumption, "cesurists" question the competence of any state to enforce law
and justice for acts committed in cyberspace and have reservations about the choice of
applicable law. Johnson and Post envision cyberspace as a single medium7
5 It is through law that a rule of law state governs the freedoms and responsibilities of its citizens and
institutions. The effective enforcement of this regulation is an act of sovereignty.
, as a new
action plan or parallel dimension whose border with our physical world is "made of
screens and passwords" (1996, 1367) where, once inside, there are no other barriers.
Once inside this cyberspace, communicating with the next door neighbour or someone
in the antipodes is exactly the same actually, there is no concept of antipode within
6 Once again the call for the principles of a rule of law state, where the law must be equal for all. Obviously
this equality applies to all legal objects of that state, since the law can be different between states.
7 M. Libiki suggests that cyberspace is not a single medium but rather a “multiplicity of media at least
yours, theirs and of the others” (2012: 326). Also L. Strate, in his brilliant article on cyberspace concepts,
proposes the existence of a multitude of cyberspaces centred on the experience of each individual (1999).
It should also be noted that in the ideological framework of a single cyberspace, the concept of “national
cyberspace” commonly used in the various national cybersecurity strategies would not make sense. See
The National Strategy to Secure Cyberspace (2003), available at https://www.us-
cert.gov/sites/default/files/publications/cyberspace_strategy.pdf, accessed in September 2014; or Italy’s
National Strategic Framework for Cyberspace Security (2014), available at
framework-for-cyberspace-security.pdf, accessed in September 2014.
JANUS.NET, e-journal of International Relations
ISSN: 1647-7251
Vol. 6, n.º 1 (May-October 2015), pp. 86-99
Cyberspace regulation: cesurists and traditionalists
Lino Santos
cyberspace - and the legal framework governing such communication either does not
exist or is difficult to identify .
The case which opposed the International League against Racism and anti-Semitism to
the US giant Yahoo illustrates these difficulties. In 2000, French citizen Marc Knobel, an
activist in the fight against neo-Nazism, found that Yahoo's auction portal was selling
neo-Nazi material. Through the aforementioned NGO, Knobel took Yahoo a company
based in California - to court for violation of the French law banning Nazi goods
trafficking. The first reaction of one of the co-founders of Yahoo, Jerry Yang, was to
consider that the French court intended to impose a judgment in an area over which it
had no control. Regardless of this opinion, the trial continued, with the defence focusing
its arguments on the technical impossibility of distinguishing what was presented to
Yahoo French customers from what was presented to the other ones. For its part, the
prosecution defended the sovereignty of the French state to defend itself from the sale
of illegal Nazi goods from the United States and to question the reason for the
existence of an exceptional regime for Yahoo and cyberspace. The court ruled that
Yahoo violated French law and ordered the company to take all necessary measures to
dissuade and render impossible French citizens’ access to such contents. Yahoo’s claim
about the technical impossibility of fulfilling the court order, based on the idiosyncrasies
of the Internet architecture, was surpassed after several Internet gurus, including Vint
Cerf, advanced technical solutions that enabled Yahoo to comply with the court order
(Goldsmith & Wu, 2006: 1-10).
In line with Johnson's and Post’s argument regarding the uniqueness of cyberspace,
authority can only be exercised within a territory. These authors questioned the
legitimacy of a nation to regulate activities carried out in another country. They also
argue that international disputes over choice of a legal framework can be solved by
choosing the framework of the location where the unlawful acts are committed. These
assumptions guarantee uniformity, predictability and certainty in the application of
laws, which are values of rule of law. However, the above case suggests otherwise and
supports the views of the "traditionalists".
As opposed to "cesurists", "traditionalists", whose motto could be "nothing new under
the sun"8
, advocate that cyberspace is not an exception. For the "traditionalists",
"transactions in cyberspace are no different from cross-border
transactions occurring in the real space. [...] Both involve people
in real space in one territorial jurisdiction transacting with people
in real space in another territorial jurisdiction" (Goldsmith 1998:
For J. P. Trachtman, cyberspace is the medium. Conduct still occurs inside a territory,
its authors still reside in a territory, and, most importantly, effects, although more
dispersed than in the past, also continue to be produced in a territory (1998: 568)9
8 Ecclesiastes 1:9 “That which has been, is that which is to be, and that which has been done, is that which
will be done, and there is no new thing under the sun”.
. As
9 Trachtman rejects the “cesurist” view about the states’ reduced sovereignty as a result of cyberspace: “It
is not the state that has died, but the long-moribund theory of absolute territorial sovereignty.” (1998: