« On the Convergence of Virtual Worlds and Social Networking Sites | Main | An MMO in the Imagination of a Little Girl »

Feb 08, 2008



I don't know dutch law. But I guess it is the general rule of international public law, which should apply: When the foreign country is uncapable or unwilling to prosecute and the crime concerns the international comnunity as a whole, the universal jurisdiction principle allows states to investigate on foreign territory - including servers. Such a crime ist planning of acts of terrorism.
I guess in dutch law, there should be an adoption of this rule in the national code as it is in Germany.
Of course, when it comes to other crimes (like, for example, child pornography) and national specialties like the first amendment in the USA, the situation is much more difficult.

Talking about terrorism, this seems to be an important issue.


I work for Yahoo and find the irony of this pretty rich:

Mr. Lodder says:

There had been a case where a mother killed her child and the Yahoo-mailbox showed an unread e-mail with a subject that seemed highly relevant for the case. Not looking at this e-mail because the mail is hosted in the US seems to me an unjust territorialisation of the internet.

unjust territorialisation?

Did you happen to notice how Yahoo! got it's collective a$$ handed to it for disclosing a dissident's private information to the Chinese government?

One moment people want large companies to defy the orders of local authorities, and the next they want the companies to comply.

It can't be both ways.


@ Hendrik. Very interesting link, thanks

@ Randall Farmer. My 1st amendment example is similar to the Chinese case you refer to. The e-mail example is different, since for that no co-operation is needed. So my point is whether it should be allowed to act on servers WITHOUT the help of the owner being necessary. So, opening an e-mail on someone's computer who is already logged in. Or, if servers of a virtual world are located on foreign ground, being allowed to watch/follow a (possible) suspect.


@ Arno:

Are you saying that Dutch law permits police to use website evidence — regardless of where the website server is located — but that email evidence may only be used if the server is located in the Netherlands (or with the permission of the host nation)? [Read: Having jurisdiction (i.e. the power to prosecute or force action) over a foreign company/website is different from being able to use evidence collected from the source in a criminal prosecution under domestic Dutch law.]

Assuming I understand you correctly — how does Dutch law distinguish between a website and email to justify this somewhat contradictory evidentiary stance? Is it based on the difference in the technology or the manner in which police gather the evidence (or neither because I am missing your point)?


The process involved is a critical component of balancing the ability(and duty!) of a state to protect its citizens and the moral notion that individuals have first amendment rights that both protect free expression and have wrapped in a pragmatic attempt to prevent tyranny that can so often bloom from human polictical and power lust drives.

I would be shocked if there truly was no legal procedure that enabled Dutch authorities to get access eventually to the mentioned email.

But checks and balances would almost certainly evolve through court rulings, laws, and precedent.

There is a difference between authorities eaves dropping at will without a record of them doing so, and having them ask permission from a third party explaining why they believe an infringement is necessary and creating a record of who, when and how such thing would take place and that record might someday be made public.

I'd imagine the laws for getting access to information in virtual worlds would more or less track rules concerning wiretaps and searches of property. The rules on searches are quite intricate (emegerncy, theat, probable cause, admissablity of such evidence in a trial etc)


Using real-world geography to decide issues of net jurisdiction is, ultimately, untenable. Some day in the I-might-live-to-see-it future, we'll have distributed servers that are so devolved that you won't be able to tell whereabouts in the real world the code you're actually running is, or indeed the storage. If you can't tell, you can't prosecute.

States already have some laws that prevent their citizens from engaging in activities in other countries that are legal in those countries but not in their own country (eg. in some parts of the world it's legal to have sex with 14-year-olds, but if you go there and do that and you're British or German then you're going to jail upon your return). It's a much smaller step to say that you can use as evidence anything your citizens do wherever they do it and wherever the evidence is stored; it only becomes a matter of international relations if you have to ask a non-citizen not based on your territory to release the information you require.



Is the disciplinary gaze of the Authoritarian something we would actually encourage in virtual spaces. Particularly if we argue that any damage done is merely virtual anyway.

If in the final analysis 'virtual' freedom is more tangible than 'virtual' harm, would we be better off asking 'the cop' to show the warrant or get the hell out?


For the legal eagles here, with the Guttnick vs Dow Jones decision in Australia, that basically held that a web page is 'published' where its viewed , applicable here, considering it was a civil defamation case that refered to Australias view that a publisher is also liable for defamation, is that applicable to this sort of thing?




eh? Not sure I get yr drift there Reggie.


Seems to me there's a difference between, as you say, "Not looking at this e-mail", and asking for "permission from the hosting state", receiving said permission, and then, presumably, looking at the email after all.

Did the authorities in the Netherlands ask for permission through appropriate channels yet? If so, did they receive it? Or is this case still being resolved, or did they not ask?

I think a law where they could coerce cooperation from a foreign company when they want access to its records isn't the ideal solution to this problem. It's unenforcable, as they can't threaten fines or imprisonment for non-compliance the same way they could to ensure cooperation with the laws of their own local citizenry. And if it were enforcable, it's excessively disruptive and violates the notion of sovereignty. If the government of the other country cooperates sufficiently with your country to handle matters of acquiring evidence, extradition, etc. etc. there's no need to go poking holes in sovereignty to solve a problem you're not even having yet.

Are they having problems getting at info like this once they ask? Or is this an entirely speculative, hypothetical problem?


@ dmx

This gets at my earlier question. There is a difference between having jurisdiction (like I can sue you in the U.S. if your website establishes enough contacts with the jurisdiction) and being able to use the evidence in court (like when U.S. police execute a bad Fourth Amendment search and the evidence is not admissible). I thought that Arno was talking about the latter (under Dutch law) with regard to viewing the emails based on server location.

Gutnick (if I remember it correctly) was about the former — hauling nationals of other States into a domestic court to answer for a tort. Australia, Netherlands, U.S. — whatever country — could, conceivably, set any jurisdictional guidelines it finds suitable. As noted by others, without physical power or some type of financial leverage over the defendant, such jurisdiction is useless.

Universal jurisdiction, discussed by Hendrik, applies to so-called erga omnes offenses like crimes against humanity, slavery, torture, piracy, genocide, etc. (Crimes that are so bad that countries have a moral duty to prosecute them — even without a treaty obligation.) It is a controversial notion of jurisdiction, and it involves heinous acts, which, due to their nature, are unlikely to be prosecuted in the forum where they occur. It is not hard to imagine just how unpopular a country's jurisdiction extension over lesser crimes or civil wrongs would be.

But, again, snooping around in a publicly accessible virtual world to gather evidence is different than trying to coerce the virtual world owner to provide the evidence. The admissibility of the snooping bounty should depend on domestic rules of evidence.


Thanks to Arno for this post. I also know rather little about Dutch law on this issue, but for a U.S. perspective, you might read: Patricia L. Bellia, Chasing Bits across Borders, 2001 U Chi Legal F. 35.

This is from the first few pages:

"This Article examines the challenges that computer crimes cutting across international borders present for law enforcement officials. As unlawful conduct involving computer systems becomes more widespread, evidence of that conduct will increasingly take an electronic form and be stored beyond the reach of the investigating jurisdiction. And traditional mechanisms through which countries ordinarily obtain evidence abroad are unlikely to prove satisfactory in such investigations. The investigative difficulties computer crimes pose have prompted two related state responses. Some states have asserted that they possess a broad power to conduct "remote cross-border searches"--that is, to use computers within their territory to access and examine data physically stored outside of their territory--so long as the data is relevant to an investigation of conduct over which they have jurisdiction and their own law authorizes the search. In November 2000, for example, during an investigation of a Russian hacking ring that had targeted several U.S. companies, FBI agents downloaded extensive data from Russian computers. Other states have merely pressed for recognition of a remote cross-border search power in international fora, arguing that such a power is an essential weapon in efforts to combat computer crime."

I find it very interesting that among those who argue for broad powers of cross-jurisdictional search is Jack Goldsmith, who recently wrote a book about how the notion that the Internet lacks borders is an illusion.

For another point of view, see this by Johnson and Post.


I conducted research into virtual surveillance during my Masters degree.

My exegesis documents the existence of surveillance in virtual worlds. A panoptical model was used, and its premise tested through extension into these communal spaces. Issues such as data security, personal and corporate privacy were investigated.




Thanks a lot for the link!

The comments to this entry are closed.