E-books are books in electronic form: large text files, sometimes with included images, that can be read on computers, dedicated e-book readers, or mobile devices. Because e-books are original works fixed in a tangible medium of expression, they are subject to copyright protection; because they are digitally recorded works, they can easily be copied and distributed over the Internet. As a result, they raise copyright issues similar to those raised by digital music and motion picture recordings, although the e-book industry is smaller than the digital music and movie industries, making e-book piracy smaller as well.

Many e-books can be freely copied and distributed over the Internet either because they are already in the public domain or because the authors have chosen to place few or no restrictions on their copying and distribution. Project Gutenberg, a nonprofit undertaking, offers more than 40,000 previously published books for download, along with a separate self-publishing site and links to partner sites offering over 100,000 additional books (Project Gutenberg 2012). Manybooks.com offers nearly 30,000 titles, many adapted from Project Gutenberg files, formatted for a variety of e-book readers. Commercial sites, including the Baen Free Library and Amazon’s free Kindle books section, also offer many titles not in the public domain.

The creation of archives of public domain e-books has renewed interest in many literary classics. While Project Gutenberg’s list of top downloads includes works of perennially popular, and still in print, authors such as Jane Austen and William Shakespeare, it also includes more obscure, and long out of print, works such as Elizabeth Kent’s The House Opposite, as well as less-known works by well-known authors. There is a certain irony in the fact that ancient books once rare and difficult to find are now freely available to all, while others, more recently published and never put into electronic form, are now far harder to find.

Many authors choose to make their works freely available through other Web sites, often their own. The conditions that authors place on the use of e-books still in copyright vary; resources such as Creative Commons provide a variety of prewritten copyright licenses to suit almost all needs. Frequently an author’s greatest interest is in having the work read as widely as possible, and unlimited free copying furthers that goal; however, should the work take off commercially, the author would like to be able to make some money from it. The author may reserve the right to commercial reproduction and use of the work, but not to noncommercial use. Authors permitting noncommercial copying and distribution of their works also frequently claim the moral rights of integrity and paternity. The right to integrity is the right to protect the work from changes that could damage the work’s or the author’s reputation; the right of paternity, also known as the right of attribution, is the right to be identified as the author of a work and to prevent one’s name from being associated with a modified version of the work. These rights are not part of U.S. copyright law, but are recognized in many other countries.

Public domain works such as those distributed by Project Gutenberg, along with works whose authors do not wish to restrict copying, are generally delivered in plaintext format: they are not encrypted, and can be read without a decryption key. E-book authors who wish to forbid unauthorized copying must, if they are to rely on anything beyond the good intentions of consumers, encrypt their works. Such encryption then becomes a “technological protective measure” within the meaning of Title I of the Digital Millennium Copyright Act (DMCA), and circumvention of that measure is illegal (17 U.S.C. §§ 1201, 1204). The works may also be digitally watermarked so that unlawfully made copies can be detected.

Although most of the attention given to the DMCA’s anticircumvention provisions has focused on the protection of movies, the protection of e-books also gave the world of activists, hackers, and encryption enthusiasts one of its causes célèbres: the July 2001 arrest of Dmitri Sklyarov. Sklyarov had written a program, the Advanced E-Book Processor, which made it possible for users to break the copy protection used by Adobe Systems, Inc. for its Acrobat E-Book Reader. Sklyarov was a Russian citizen and had written the program in Russia for a Russian company, Elcom Ltd.; it does not appear that he violated any Russian law by doing so (Samuelson & Scotchmer 2002). Sklyarov then traveled to the United States to give a presentation on Adobe’s security flaws at a conference. Acting on a complaint from Adobe, the U.S. Federal Bureau of Investigation arrested Sklyarov at his hotel in Las Vegas on the day after his presentation (Lemos 2001). The Justice Department prosecuted Sklyarov for violation of the DMCA’s anticircumvention provisions; Sklyarov was detained in the United States for five months, free on bail but forbidden to leave the country, and was released only when the Justice Department decided not to pursue the prosecution further (Pravda 2001; Samuelson & Scotchmer 2002, 1647 n. 332).

The Sklyarov case attracted considerable media attention both within and outside the United States (Vaidhyanathan 2004, ix–x). In Russia it was used in the media to ridicule the commitment of the United States to free speech (Pravda, Aug. 30, 2001). Even after the government dropped its case against Sklyarov personally, it continued to pursue charges against Sklyarov’s employer, Elcom. Elcom moved to dismiss the charges against it on the grounds that, among other flaws, § 1201(b) of the DMCA violated the First Amendment “because it constitutes a content-based restriction on speech that is not sufficiently tailored to serve a compelling government interest, because it impermissibly infringes upon the First Amendment rights of third parties to engage in fair use, and because it is too vague in describing what speech it prohibits, thereby impermissibly chilling free expression” (Elcom, 203 F. Supp. 2d at 1122). The court rejected all of Elcom’s First Amendment claims, as well as a due process claim. Section 1201(b) did not violate the First Amendment, the court explained. Even though computer code was speech subject to First Amendment protection, §1201(b) was sufficiently tailored because it did not burden more speech than necessary to attain its goal of protecting copyrighted works and it was not vague. With regard to the fair use argument, the court stated that “it is not unlawful to circumvent for the purpose of engaging in fair use, [but] it is unlawful to traffic in tools that allow fair use circumvention” (Elcom, 203 F. Supp. 2d at 1125). Thus had Sklyarov circumvented the copy protection only for his own use, his actions would have been lawful; but for Elcom to distribute his program to those less skilled was unlawful.

More recently library lending of e-books and e-book readers has also become an issue. Lending copies of e-books requires either making copies of those books or lending the device on which those books are stored. Making copies of protected copyrighted works may require the circumvention of technological protective measures, in violation of 17 U.S.C. §1201; the library’s making of copies probably falls outside the fairly narrow exceptions for libraries in § 1201(d). The right of first sale (17 U.S.C. § 109) protects the library’s right to own the copy of a book (including, presumably, an e-book) it has purchased. Thus a library could load its entire e-book collection on to an e-book reader and lend out that reader. However, lending out the reader would also constitute a lending of the reader’s software, possibly in violation of the end-user license agreement (EULA) (see Hirtle 2010). One solution might be to use e-book readers running open-source e-book software such as Calibre, FBReader, or Flipbook.


• Copyright Act of 1976, §§ 101–106

• Digital Millennium Copyright Act, 17 U.S.C. §§ 1201–1204


Authors Guild, Inc. v. Hathitrust, No. 11 CV 6351 (HB), 2012 U.S. Dist. LEXIS 146169 (S.D.N.Y. 2012)

Kirtsaeng v. John Wiley & Sons, Inc., 133 S.Ct. 1361 (2013)

United States v. Elcom Ltd., 203 F. Supp. 2d 1111 (N.D. Cal. 2002)

See also Activism and Advocacy Groups; Content Industry; Copyright; Copyright Infringement; DeCSS; Digital Millennium Copyright Act, Title I; Digital Rights Management; Encryption; Fair Use (Copyright); File-Sharing; First Amendment; First Sale; Moral Rights; Piracy; Project Gutenberg; Public Domain; Steganography

Sources and Further Reading

Damien Cave & Katharine Mieszkowski, “Free Dmitry! A Russian Programmer Charged with Violating the Digital Millennium Copyright Act Languishes in Jail,” Salon (August 3, 2001, 12:17 PM), available at http://www.salon.com/2001/08/03/dmitry/ (visited January 28, 2013)

Creative Commons, available at http://creativecommons.org/choose/ (visited August 3, 2012)

William M. Cross, “Restoring the Public Library Ethos: Copyright, E-Licensing, and the Future of Librarianship,” 104 Law Library Journal 195 (2012)

Rachel Ann Geist, “A ‘License to Read’: The Effect of E-Books on Publishers, Libraries, and the First Sale Doctrine,” 52 Idea: The Intellectual Property Law Review 63 (2012)

Charles Hamaker, “Ebooks on Fire, Controversies Surrounding Ebooks in Libraries,” Information Today, Inc. (December 2011) available at http://www.infotoday.com/searcher/dec11/Hamaker.shtml (visited January 28, 2013)

Peter Hirtle, “May a Library Lend E-Book Readers?” LibraryLaw Blog (June 20, 2010), available at http://blog.librarylaw.com/librarylaw/2010/06/may-a-library-lend-e-book-readers.html (visited January 29, 2013)

Edward Lee, “The Public’s Domain: The Evolution of Legal Restraints on the Government’s Power to Control Public Access through Secrecy or Intellectual Property,” 55 Hastings Law Journal 91 (2003)

Robert Lemos, “FBI Nabs Russian Expert at DefCon,” ZDNet UK (July 18, 2001), available at http://news.zdnet.co.uk/internet/security/0,39020375,2091458,00.htm (visited January 29, 2013)

Laura Hazard Owen, “Ebook Sales Way up in 2011; Overall Trade Book Sales Roughly Flat,” PaidContent: The Economics of Digital Content (July 18, 2012), available at http://paidcontent.org/2012/07/18/ebooks-are-now-the-most-popular-format-for-adult-fiction/ (visited January 29, 2013)

Project Gutenberg, available at http://www.gutenberg.net/ (visited January 29, 2013)

“The Project Gutenberg License, License Explained (Informative),” Project Gutenberg, available at http://www.gutenberg.net/license (visited January 29, 2013)

Rally in Support of Russian Programmer Dmitry Sklyarov, Pravda (August 30, 2001), available at http://english.pravda.ru/society/2001/08/30/13827.html

Ira S. Rubinstein, “Export Controls on Encryption Software,” in Coping with U.S. Export Controls (New York: Practising Law Institute, 1995)

Pamela Samuelson & Suzanne Scotchmer, “The Law and Economics of Reverse Engineering,” 111 Yale Law Journal 1575 (2002)

Siva Vaidhyanathan, The Anarchist in the Library: How the Clash between Freedom and Control Is Hacking the Real World and Crashing the System (New York: Basic Books, 2004)

“US v. ElcomSoft Sklyarov,” Electronic Frontier Foundation, available at https://www.eff.org/cases/us-v-elcomsoft-sklyarov (visited December 4, 2012)


Shoppers today are familiar with the process of viewing pictures of goods on a Web site, reading reviews of those goods on another Web site, using a service such as Google Shopping to shop for the best price on the item selected, and then sending credit card information to an unknown person who claims to have the product available for sale. This convenience has only been made possible, however, by a uniform and uniformly applied body of commercial law. E-commerce has required changes to Article 9 of the preexisting Uniform Commercial Code, the body of law that, with minor variations from state to state, governs contracts in all 50 states of the United States. It has also required other changes, including changes to tax laws and to the laws of other countries, in order to transform the Internet into a true global marketplace (Kryczka 2004).

One of the first problems presented by e-commerce was the problem of electronic signatures, which arguably did not meet the “signature” requirement for contracts under the Uniform Commercial Code. In 1998, Congress enacted the Electronic Signatures in Global and National Commerce Act, better known as E-Sign. E-Sign provides that, subject to some exceptions, “a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form” (15 U.S.C. § 7001(a)(1)).

Most contract law, however, is state law; the federal government may legislate with regard to interstate and international commerce, which certainly includes e-commerce, but much of the evolution in commercial law to address e-commerce issues has taken place at the state level. Two uniform acts attempt to address e-commerce issues; these acts have been approved by the National Conference of Commissioners on Uniform State Laws, which then urges state legislatures to adopt them. The first of these, the Uniform Electronic Transactions Act (UETA), has been adopted in 47 states, the District of Columbia, and Puerto Rico. UETA’s provisions on electronic signatures are similar to E-Sign’s (Ring 2003).

The second of the uniform acts is the Uniform Computer Information Transactions Act (UCITA). In contrast to UETA, UCITA proved controversial; it was opposed by consumer advocates and many state attorneys general (Letter from Attorneys General, 1999), and was adopted in only two states, Maryland and Virginia (Ring 2003). The controversy came down to a disagreement over consumer software license agreements; UCITA’s opponents pointed out that UCITA placed all of the power in forming such agreements in the hands of software vendors, and none in the hands of consumers. With UCITA apparently permanently stalled, the American Law Institute took up the question, issuing its Principles of the Law of Software Contracts in 2010. The Principles attempt to address many of the same questions, albeit from a somewhat different perspective; they have not been welcomed by consumer advocates.


• Electronic Signatures in Global and National Commerce Act (E-Sign), 15 U.S.C. §§ 7001 et. seq.

Uniform Acts

• Uniform Computer Information Transactions Act (2002), available at http://www.uniformlaws.org/shared/docs/computer_information_
(visited December 4, 2012)

• Uniform Electronic Transactions Act (1999), available at http://www.uniformlaws.org/shared/docs/electronic%20transactions/ueta_final_99.pdf (visited December 4, 2012)

See also Clickwrap Agreement; Contracts; Taxation; Uniform Computer Information Transactions Act

Sources and Further Reading

American Law Institute, Principles of the Law of Software Contracts (Philadelphia: American Law Institute, 2010)

“Chinese E-Commerce: Pity the Parcel People,” The Economist, November 17, 2012, at 59

Katarzyna Kryczka, “Ready to Join the EU Information Society? Implementation of E-Commerce Directive 2000/31/EC in the EU Acceding Countries—The Example of Poland,” 12 International Journal of Law and Information Technology 55 (2004)

Letter to NCCUSL from Attorneys General Opposing UCITA, July 23, 1999, available at http://www.badsoftware.com/aglet1.htm (visited August 3, 2012)

“Personalising Online Prices: How Deep Are Your Pockets?” The Economist, June 30, 2012, at 69

Christina Ramberg, The Law of Auctions and Exchanges Online (Oxford, UK: Oxford University Press, 2002)

Carlyle C. Ring, Jr., Understanding Electronic Contracting 2003 The Impact of Regulation, New Laws & New Agreements: Overview of the Legal Landscape of E-Commerce, Practising Law Institute Patents, Copyrights, Trademarks, and Literary Property Course Handbook Series (New York: Practising Law Institute, 2003)

Kurt M. Saunders, Practical Internet Law for Business (Norwood, MA: Artech House, 2001)


See Digital Rights Management


Encryption is the process by which easily comprehended information, such as ordinary text, a photograph, or a motion picture, is converted into a form that can only be understood with the aid of a key. The process by which this key is used to convert the encrypted message back into its easily understood form is called decryption. The encrypted message is called a ciphertext; the unencrypted message is called plaintext. The method by which the plaintext message is encrypted is called a cipher; it is often incorrectly referred to as a code. While a “code” also converts information into some other form, this is done for technical reasons rather than to keep the information secret. For example, a code such as the American Standard Code for Information Interchange (ASCII) or Unicode, both used to convert the letters and characters of ordinary text to binary numbers for use in computers, is necessary in order to allow human beings to use binary computers; the usefulness of these codes would be destroyed if the information was kept secret, however. Encryption, in which the existence of the message is not hidden but the content of the message is rendered incomprehensible, is also sometimes confused with steganography, in which the existence of the message is hidden; encryption and steganography may be combined, of course.

Most encryption methods can be classified as either symmetric or asymmetric key algorithms. The former and much older type requires that the sender and receiver share a key, kept secret from the rest of the world; the key is used both to encrypt and decrypt messages. The key can be very simple or very complex, but the system has two weaknesses: only persons who know the key can send and receive encrypted messages, and anyone who has the key can decrypt all messages encoded with it. As the number of persons with whom the key is shared increases, the likelihood that one of them will inadvertently or deliberately allow the key to fall into the hands of an unauthorized person increases as well.

Simple and not-so-simple symmetric-key encryption has been in use for millennia. One of the simplest forms, the substitution cipher (in which each letter of the alphabet is represented by some other letter) was used by the ancient Romans. As both ciphers and the ability of cryptographers to break them grew more complex, mechanical devices were invented to encode and decode them. These devices, especially those developed by British and American mathematicians to break German and Japanese ciphers during World War II, were among the early ancestors of modern computers.

The tremendous advances in cryptography for military and intelligence purposes during World War II led to government involvement in and regulation of cryptography. In 1952, during the Korean War, then-President Harry Truman created the National Security Agency (NSA). At the time the primary function of the NSA was cryptography and its counterpart, cryptanalysis, or the breaking of codes used by others. The NSA worked to maintain a United States lead in these areas, which it did successfully until the emergence of asymmetric or public-key cryptography.

Public-key cryptography (PKC) avoids the weakness of symmetric cryptography by using two keys: a public key, available to all, used to encrypt the message, and a private key, known only to the recipient, used to decrypt it. Once the public key is made available, anyone who wishes can use it to send encrypted messages to the recipient. The public key may be made available to anyone without increasing the likelihood that the private key will fall into the wrong hands, so anyone can encrypt messages while only the authorized recipient can decrypt them (Lessig 1999, 36–38).

The “invention” of PKC is generally credited to the team of Martin Hellman, a professor at Stanford University, and two graduate students, Whitfield Diffie and Ralph Merkle, and to the slightly later work of three Massachusetts Institute of Technology professors: Ron Rivest, Adi Shamir, and Len Adleman (Diffie & Landau 2007). The latter group patented their encryption method, known as RSA (the initial letters of the surnames of the inventors) and it forms the basis for asymmetric encryption methods in wide use today. The NSA and its British counterpart later claimed to have been aware of the possibility of PKC for some time and to have kept it secret for security reasons.

The NSA initially attempted to prevent the public’s use of PKC. Under the Arms Export Control Act (AECA) and the International Traffic in Arms Regulation (ITAR), cryptographic devices were classified as “significant military equipment.” Exporting public-key encryption outside the United States was, at least in theory, a violation of AECA and ITAR. But privacy pioneers like Phil Zimmerman, the developer of the popular PKC program Pretty Good Privacy (PGP), made public-key encryption methods available over the Internet (including, inevitably, to people outside the United States) and emailed their public keys to persons outside the United States (Rubinstein 1995, 425–427). Providing information on the Internet, however, even for free, may constitute an export; after making PGP available as a free download, Zimmerman was investigated for violation of AECA but never prosecuted.

The NSA is a security agency; perhaps its institutional focus on the potential use of PKC by spies and terrorists blinded it to the commercial possibilities. PKC provides obvious advantages to businesses such as financial institutions and online retailers who need an easy way to protect the privacy of communications with their customers; without it, Internet commerce could not have expanded to the extent it has. Thus business interests, as well as privacy advocates, had a strong interest in PKC. The NSA attempted to address the problem with the Clipper chip. The Clipper chip was intended to be included in all communications devices sold in the United States, and would have added a third component to the public/private key pair—a “spare key” to any encrypted message sent or received with the device. This spare key would be transmitted to a government facility and held in escrow, from which it could be retrieved by court order. This would give the government access, subject to constitutional restraints, to all encrypted communications in the United States (Froomkin 1995, 752–763). Needless to say, neither businesses nor privacy advocates were enthusiastic. Neither trusted either the integrity or the competence of the government; the government might use its escrow powers improperly, or the escrow database might be hacked and the spare keys made available to criminals. And, of course, no one outside the United States would want to send encrypted communications using a device that made the content available to the U.S. government, and no non-U.S. manufacturer would incorporate the Clipper chip into devices for sale outside the United States. Consumers would presumably prefer devices made without the Clipper chip, which would also be cheaper to manufacture; the effect on U.S. manufacturers of communications equipment would be disastrous.

Opposition from nearly all sectors of society led to the demise of the Clipper chip (Pednekar-Magal & Shields 2003). The United States was not the only country to attempt such centralized control of encryption; in France, for instance, a Clipper-like program was instituted in the mid-1990s, but abandoned in 1999. Asymmetric encryption is now an accepted part of Internet commerce, transparent to most users. PKC is incorporated into Web browsers in the form of the Secure Socket Layer (SSL), which encrypts messages between the browser and a Web server. Most users will not be aware that SSL is in use unless the Web page tells them or unless they notice the tiny “lock” icon on their Web browser, or by looking at the URL: encrypted pages generally have an address starting with “https” rather than “http.” SSL can also be used to confirm a server’s or user’s identity through the use of a digital certificate, and can be used to ensure that the content of a message has not been altered in transit (Lessig 1999, 39–40).

Public-key encryption is widely available and difficult to break; it has also become an indispensable part of the Internet economy. In addition, PKC has numerous other legitimate uses: it can be used to verify identity through digital certificates and signature, it can be used to preserve the confidentiality of business and personal communications, and it can be used to protect copyrighted information (such as a movie recorded on a DVD) from unauthorized copying. But PKC can also be used by terrorists, child pornographers, and other criminals. The challenge for lawmakers is to create a set of rules that permits the economically and socially beneficial uses of PKC—encryption of credit card numbers, bank account information, business records, confidential business and personal communications, and the like—while controlling the harmful uses.

The first problem is not easily solved; the same encryption tool that can be used to conceal a legal but confidential business plan can be used to conceal an illegal and dangerous terrorist plot. Encryption can create a virtual private network that can save businesses millions of dollars in infrastructure costs—or provide a hidden marketplace for child pornographers. In this situation the encryption technology is merely a tool, and the appropriate legislative approach is to enhance penalties for crimes committed using that tool. A knife that can be used for slicing melons can also be used to commit a robbery; the legislature has responded not by outlawing knives but by providing that the penalty for a crime committed with a knife is more severe than the penalty for a similar crime committed without one.

There seems to be no downside to allowing the use of encryption to verify the identity of Web servers and Internet users. Copy protection encryption, however, has presented significant legislative difficulties in commercial transactions, aside from privacy concerns. The content industry has lobbied heavily for legislative protection for, and even mandate of, copyright protection encryption technologies. Yet users and equipment makers resent copy protection encryption; equipment must be designed to play encrypted material, sometimes with uneven results. And users may want to record protected material to other media for legitimate space-shifting purposes. The use of encryption thus diminishes utility while simultaneously raising the cost: consumers end up with a more expensive but less useful media player.

Within the United States the problem is addressed by a combined legislative and technological approach. Movies could easily be recorded with nearly unbreakable encryption. But in order to make movies that can be played, the recording industry must share the decryption key with the equipment manufacturing industry; the more complex the encryption, the greater the chance of incompatibility, and the greater the number of keys distributed, the greater the chance that a decryption key will be leaked to the general public.

Instead, movies are recorded with relatively simple encryption, and the Digital Millennium Copyright Act (DMCA) provides penalties for the circumvention of this encryption. The combination of encryption to stop the casual user from copying the movie and criminal penalties to deter the more sophisticated user have managed to control, though not eliminate, piracy of movies within the United States.

The problem for the movie industry is the rest of the world. Foreign earnings represent between two-thirds and three-quarters of the U.S. film industry’s total revenues in a typical year; about one-third of this amount comes from home video sales, although amounts may vary greatly from year to year. Only a relatively sophisticated user can break the encryption used to copy protect DVDs and Blu-Ray disks. But once the encryption is broken, the key can be distributed to the world at large; anyone can use a program incorporating the key to make copies of encrypted movies. In the United States, the DMCA provides penalties for doing so (17 U.S.C. §§ 1203–1204); outside the United States, however, the movie industry’s remedies are limited to an action for copyright infringement under local law (which will generally conform to international treaties).

An intriguing event, and a measure of the level of public fascination with encryption and cipher breaking, has been the emergence of a subgenre of popular fiction on the topic. These novels tend to be multilayered; on the surface they may be read as straightforward adventure novels. On the next level they provide a series of puzzles, related to the story, which the reader can decipher as the plot moves forward. On subsequently deeper levels they provide clues that the reader can use to decipher a variety of messages that may give additional information about the story, or about the author’s future work, or about other things unrelated to the story. These novels range from formulaic stories with simple ciphers aimed at a mass market (Dan Brown’s The Da Vinci Code) and cipher novels for children (the Artemis Fowl series) to the more complex (and thus more rewarding) work of Umberto Eco and to complex ciphers requiring a degree of mathematical sophistication (Neal Stephenson’s Cryptonomicon).


• Arms Export Control Act, 22 U.S.C. § 2778

• Digital Millennium Copyright Act, 17 U.S.C. § 1201

• Security and Freedom through Encryption (SAFE) Act, H.R. 850, 106th Cong. (1st Sess. 1999)


• International Traffic in Arms Regulation (ITAR), 22 C.F.R. §§ 120–30


U.S. v. Hsu, 364 F.3d 192 (4th Cir. 2004)

See also Copyright; Copyright Infringement; Cyberpunk; Digital Rights Management; File-Sharing; Hacking; Phreaking; Privacy; Steganography

Sources and Further Reading


Andre Bacard, The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data Protection, and PGP Privacy Software (Berkeley, CA: Peachpit Press, 1995)

Whitfield Diffie & Susan Landau, Privacy on the Line: The Politics of Wiretapping and Encryption (Cambridge, MA: MIT Press, updated ed. 2007)

Niels Ferguson, Bruce Schneier, & Tadayoshi Kohno, Cryptography Engineering (Indianapolis: John Wiley & Sons, 2010)

Warwick Ford & Michael S. Baum, Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption (Upper Saddle River, NJ: Prentice Hall, 2d ed. 2001)

A. Michael Froomkin, “The Metaphor Is the Key: Cryptography, the Clipper Chip, and the Constitution,” 143 University of Pennsylvania Law Review 709 (1995)

Eric Hughes, “A Cypherpunk’s Manifesto” (March 9, 1993), available at http://www.activism.net/cypherpunk/manifesto.html (visited August 7, 2012)

David Kahn, The Codebreakers: The Story of Secret Writing (New York: Scribner, 1967)

The Law and Practice of Digital Encryption (Amsterdam: Institute for Information Law, 1998)

Lawrence Lessig, Code and Other Laws of Cyberspace (New York: Basic Books, 1999)

Lawrence Lessig, Code and Other Laws of Cyberspace, Version 2.0 (New York: Basic Books, 2006)

Steven Levy, Crypto: How the Code Rebels Beat the Government—Saving Privacy in the Digital Age (New York: Penguin Putnam, 2002)

Wenbo Mao, Modern Cryptography: Theory and Practice (Upper Saddle River, NJ: Prentice Hall, 2003)

Alfred J. Menezes et al., Handbook of Applied Cryptography (Boca Raton, FL: CRC Press, 1997)

Vandana Pednekar-Magal & Peter Shields, “The State and Telecom Surveillance Policy: The Clipper Chip Initiative,” 8 Communication Law and Policy 429 (2003)

Phillip E. Reiman, “Cryptography and the First Amendment: The Right to Be Unheard,” 14 John Marshall Journal of Computer & Information Law 325 (1996)

Ira S. Rubinstein, “Export Controls on Encryption Software,” in Coping with U.S. Export Controls (New York: Practising Law Institute, 1995)

Ira S. Rubinstein & Michael Hintze, “Export Controls on Encryption Software,” in Coping with US Export Controls 2000 (New York: Practising Law Institute, Commercial Law and Practice Course Handbook Series 2000), available at http://encryption_policies.tripod.com/us/rubinstein_1200_software.htm (visited January 7, 2013)

Simon Singh, The Code Book: The Evolution of Secrecy from Mary, Queen of Scots to Quantum Cryptography (New York: Doubleday, 1999)

Daniel Solove, Nothing to Hide: The False Tradeoff between Privacy and Security (New Haven, Connecticut: Yale University Press, 2011)

William Stallings, Cryptography and Network Security: Principles and Practice (Upper Saddle River, NJ: Prentice Hall, 5th ed. 2010)

“Uncrackable Beams of Light: Quantum Cryptography—Hailed by Theoreticians as the Ultimate of Uncrackable Codes—Is Finally Going Commercial,” Economist Technology Quarterly (September 6, 2003), available at http://www.economist.com/node/2020013 (visited February 2, 2013)

Peter Wayner, Disappearing Cryptography—Information Hiding: Steganography and Watermarking (Burlington, MA: Morgan Kaufmann, 3d ed. 2010)


Dan Brown, The Da Vinci Code (New York: Doubleday, 2003)

Eoin Colfer, Artemis Fowl series, beginning with Artemis Fowl (New York: Hyperion Books, 2001)

Umberto Eco, The Name of the Rose (New York: Harcourt Brace & Company, 1983)

Umberto Eco, Foucault’s Pendulum (San Diego, CA: Harcourt Brace & Company, 1989)

Ari Juels, Tetraktys (Newport Coast, CA: Emerald Bay Books, 2009)

Neal Stephenson, Cryptonomicon (New York: HarperCollins, 1999)


The enforcement of laws and legal rights having to do with computers and the Internet involves a wide variety of public and private mechanisms. Intellectual property rights, such as copyright, patent, and trademark rights, are for the most part protected by private lawsuits brought by the victims of infringement on those rights. The same is true of torts against individuals, such as defamation or invasion of privacy. It is the duty of individuals to detect violations of these legal rights and to pursue the violators. In certain cases, however, defamation or infringement of an intellectual property right can result in criminal prosecution.

Certain crimes are especially likely to be committed using the Internet, or are unique to the Internet. These crimes include distribution of unlawful content, identity theft, malicious hacking, phishing, and spamming. Federal and state governments have authority over some Internet crimes, while others are purely federal crimes. While a number of agencies are involved in preventing and pursuing Internet crimes, two in particular—the Federal Trade Commission and the Department of Justice—carry an especially heavy load.

Crimes related to content fall into five general categories: content that infringes upon an intellectual property right; content that is defamatory or invades privacy; content that is obscene, pornographic, or indecent; content that is illegal, including child pornography and criminal conspiracy; and content that threatens national security.

Content that infringes upon an intellectual property right is largely an area for private enforcement, and content industry groups actively pursue civil lawsuits against file-sharing networks (Napster, 239 F.3d 1004) and individual file sharers (Verizon, 351 F.3d 1229), while trademark owners pursue online trademark violators. The federal government may become involved when the scope of the infringement meets certain requirements (e.g., No Electronic Theft Act, 17 U.S.C. §§ 506–507), or when there may be a violation of the anticircumvention provisions of the Digital Millennium Copyright Act (DMCA) (Elcom, 203 F. Supp. 2d 1111); investigation of a possible crime and the making of arrests are the job of the Federal Bureau of Investigation (FBI), while prosecuting the case against the alleged criminal is a matter for the Department of Justice.

Content that infringes on a personal right of reputation or privacy may give rise to a private right of action (Zeran, 129 F.3d 327). Ordinarily such content, even if it results in a civil suit, does not lead to criminal prosecution; however, especially egregious defamation may be a crime under state law. Defamation laws in other countries are significantly different, and courts in the United States will not enforce defamation judgments from other countries if enforcement would conflict with the First Amendment (Bachchan, 585 N.Y.S.2d 661).

Content that is obscene, pornographic, or indecent has posed an especially difficult problem for U.S. law. Obscene content, as defined in Miller v. California, can be prohibited; however, the distinction between obscenity and mere indecency is not always an easy one to draw (413 U.S. 15). Conduct that is merely indecent may not be prohibited, but measures may be taken to render it inaccessible to minors. The difficulty of crafting measures to protect minors from such content without unconstitutionally interfering with the access of adults has occupied considerable Congressional attention. The substantive provisions of the first attempt to do so, the Communications Decency Act of 1996 (CDA), were subsequently struck down as unconstitutional (Reno v. American Civil Liberties Union, 521 U.S. 844). A second attempt, the Child Online Protection Act of 1998 (COPA), failed to pass First Amendment scrutiny in the U.S. Court of Appeals for the Third Circuit, which enjoined its enforcement (Mukasey, 534 F.3d 181). The Supreme Court denied certiorari, declining to review the Third Circuit’s decision.

The next major attempt was the Children’s Internet Protection Act of 1998 (CIPA), which fared better in the courts. Unlike the CDA and COPA, which had attempted to restrict Web content, CIPA left the content alone and focused on restricting access. CIPA required blocking and filtering software to be installed and used on computers in schools and libraries receiving discounted (i.e., federally subsidized) Internet access. CIPA’s constitutionality has been upheld by the Supreme Court (American Library Association, 539 U.S. 194). Enforcement of CIPA is simple: schools and libraries that do not comply do not receive the discount (47 U.S.C. § 254(h)(5)(F)).

Pornographic content provides complex problems of regulation and enforcement because lawmakers wish to restrict access to such content for some users, but not for others. When Congress does not wish to discriminate between groups of users, the lawmaking task is greatly simplified. Some content is prohibited for all users. Child pornography is illegal (18 U.S.C. §§ 2251–2260). Detecting it and arresting violators is the job of the FBI, whose agents infiltrate child pornography rings online; violators are then prosecuted by the Department of Justice. Other illegal content includes content which is part of a crime—for instance, an email soliciting murder for hire, or a Web site offering gambling or prostitution in a jurisdiction where such an offering is illegal, or messages between criminal coconspirators in which they plot to rob a bank. Criminal content of this sort may involve both state and federal law enforcement authorities.

Some content may also be regulated or prohibited on grounds of national security even if it is not otherwise illegal. The USA PATRIOT Act of 2001 greatly enhanced the authority of federal agencies to conduct surveillance of email and other electronic communications and, perhaps more importantly, to disclose the contents of those communications to other law enforcement, intelligence, defense, and national security agencies (18 U.S.C. § 2517(6)). It is possible that the persons sending or receiving the communications may then be detained.

Other crimes are not related to Internet content but to Internet conduct; crimes of this sort include identity theft, malicious hacking, phishing, and spamming. The motivation for these crimes is usually either malicious—a pure desire to cause mischief—or financial. The Federal Trade Commission (FTC) addresses financial crimes directed at consumers. The FTC does this in two ways: through education, outreach, and data collection projects designed to prevent consumers from being victimized; and through prosecutions of violators. It enforces and makes regulations under the Children’s Online Privacy Protection Act (COPPA), which governs the collection of personal information from children over the Internet (15 U.S.C. § 6502). The FTC Division of Advertising Practices enforces laws against unfair, misleading, or false advertising, much of which can be found on the Internet, especially in spam; it also monitors e-commerce. The FTC’s antiscam office, the Division of Marketing Practices, shuts down Internet scammers, while its ID Theft project addresses the crime of identity theft, which has become far more common as a result of Internet use. The FTC is also responsible for enforcing the CAN-SPAM Act of 2003, an antispam law (15 U.S.C. § 7705(c)) and enforces antispyware measures.

Crimes of mischief, chiefly malicious hacking, are governed by a variety of state and federal statutes; the chief antihacker statute is the federal Computer Fraud and Abuse Act of 1986, enforced by the Department of Justice (via the FBI) and the Department of Homeland Security (via the Secret Service, formerly part of the Department of the Treasury) (18 U.S.C. § 1030(d)).


• Children’s Online Privacy Protection Act, 15 U.S.C. § 6501–6506

• Child Pornography Prevention Act of 1996, 18 U.S.C. §§ 2251–2260

• Children’s Internet Protection Act of 1998, 47 U.S.C. § 254(h)

• Communications Decency Act of 1996, Pub. L. No. 104–104, § 502, 1996 U.S.S.C.A.N. (110 Stat.) 56,133 (later codified at 47 U.S.C. § 223)

• Computer Fraud and Abuse Act of 1986, 18 U.S.C. § 1030

• Copyright Act of 1976, 17 U.S.C. §§ 101–1332

• Digital Millennium Copyright Act, 17 U.S.C §§ 512, 1201–1204

• Identity Theft and Assumption Deterrence Act, amending and codified at 18 U.S.C. § 1028

• No Electronic Theft Act, amending and codified at 17 U.S.C. §§ 101, 506 & 507 & 18 U.S.C. §§ 2319–2320

• USA PATRIOT Act of 2001, 18 U.S.C. § 2517(6)


Supreme Court

Ashcroft v. American Civil Liberties Union, 524 U.S. 656 (2004)

Miller v. California, 413 U.S. 15 (1973)

Reno v. American Civil Liberties Union, 521 U.S. 844 (1997)

United States v. American Library Association, Inc., 539 U.S. 194 (2003)

Federal Appellate Courts

A&M Records, Inc. v. Napster, Inc., 239 F.3d 1004 (9th Cir. 2001)

American Civil Liberties Union v. Mukasey, 534 F.3d 181 (3d Cir. 2008), certiorari denied sub nom Mukasey v. American Civil Liberties Union, 555 U.S. 1137 (2009)

Recording Industry Association of America, Inc. v. Verizon Internet Services, Inc., 351 F.3d 1229 (D.C. Cir. 2003), certiorari denied, 543 U.S. 924 (2004)

Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997)

Federal Trial Court

U.S. v. Elcom Ltd., 203 F. Supp. 2d 1111 (N.D. Cal. 2002)

State Court

Bachchan v. India Abroad Publications, 585 N.Y.S.2d 661 (N.Y. Sup. Ct. 1992)

See also Adware and Spyware; Censorship; Child Pornography; Children’s Internet Protection Act; Communications Decency Act; Copyright; Defamation; Digital Millennium Copyright Act; Federal Communications Commission; Federal Trade Commission; Hacking; Identity Theft; No Electronic Theft Act; Patent; Phishing; Spam; Trademark

Sources and Further Reading

Joe Anastasi, The New Forensics: Investigating Corporate Fraud and the Theft of Intellectual Property (Hoboken, NJ: John Wiley & Sons, 2003)

Stuart Biegel, Beyond Our Control? Confronting the Limits of Our Legal System in the Age of Cyberspace (Cambridge, MA: MIT Press, 2001)

“FTC Permanently Halts Unlawful Spyware Operations,” Federal Trade Commission (November 21, 2006), available at http://www.ftc.gov/opa/2006/11/seismicodysseus.shtm

“Identity Theft Resources,” Federal Trade Commission, available at http://www.ftc.gov/bcp/edu/microsites/idtheft2012/ (last updated October 25, 2012)

Chris Marsden, Internet Co-Regulation: European Law, Regulatory Governance and Legitimacy in Cyberspace (Cambridge, MA: MIT Press, 2011)

Bill Nelson et al., Guide to Computer Forensic and Investigations (Boston: Course Technology, 3d ed. 2009)

Micah Sifry, WikiLeaks and the Age of Transparency (Berkeley, CA: Counterpoint, 2011)

Adam Thierer et al., eds., Who Rules the Net? Internet Governance and Jurisdiction (Washington, D.C.: Cato Institute, 2003)

Douglas Thomas & Brian D. Loader, eds., Cybercrime: Law Enforcement, Security and Surveillance in the Information Age (London: Routledge, 2000)

Only gold members can continue reading. Log In or Register to continue