In his book, Internet Governance by Contract, Professor Lee Bygrave has synthesized his thinking on the contractual relationships that permeate technology in the present era alongside the writings of a wide range of scholars in the field of cyberspace regulation and governance. In fact, one of the strong features of Bygrave’s book is his examination of the literature in the field in a concise manner, simultaneously blending the main literature into a clear arguments throughout the book. As a result, Bygrave has produced a clearly structured analysis of the role of contract in the governance and regulation of cyberspace. There is no doubt contractualism will inform debate on governance of the online environment for years to come. The book is peppered with examples for how contract establishes rules for cyberspace, which in-turn interacts with statute. Centred on two varied case studies, Bygrave provides the reader with an engaging, yet problematic, exposition of the ‘utility and legitimacy of contractual governance’. Bygrave set himself an ambitious task; his treatise–
also attempts to tackle larger issues of legitimacy and power – all in a compact yet sanguine 150 pages of scholarly work that ranges from dissecting Lessig’s glaring lack of recognition of the role contract plays in the online environment to the interlink between cyberspace’s intermingling of public and private law.
Bygrave’s argument is that cyberspace can be best viewed and understood as a set of or a nexus of contracts between different parties: governing bodies, regulatory agencies, businesses and corporations and, of course, users.
Contractualism or the nexus of contracts visualises the organisations that ensure the Internet’s operability and functionality are best seen as not entities, but as an aggregate of various inputs acting together to produce goods and services. The entity should be seen as a legal fiction representing a complex set of contractual relationships. Accordingly, entities charged with some sort of governance role for the online environment should not be treated as a thing, but as a nexus of explicit or implicit contracts establishing rights and obligations among the various stakeholders making up the entity. Because ICANN is not held by shareholders with interests in return on investment (as found in traditional private and public companies), characteristics and benefits typically associated with ownership are not meaningful lenses to view the entity through.
The real motive behind the book appears to be quite general: to explore the most basic considerations arguing for and against major sources of rules that govern the online environment; however, it takes an inductive approach. The first part describes some key aspects of the recent debates about the choices between mandatory and enabling rules in cyber law. Its purpose appears to be to illustrate the troubled dominance of one major model of the creation of norms – the contractual model – in academic thinking about the online environment.
Latter parts of the book explore factors often slighted by users of this model – and in doing so introduce ideas that reach far beyond the borders of cyber law.
Examining Internet governance through the lens of contract looks hugely promising. Debates about how cyberspace should be governed has suffered since the glory days of scholarly and non-scholarly debate about who had the legitimacy to regulate the new ‘electronic frontier’. Although the regulation of the
Internet raises hugely important economic and political issues, these can often be easily lost beneath the sheer mass of stakeholders with viable yet contradictory interests in the manner in which the Internet is governed.
Bygrave splits his book into seven chapters, each roughly about 20 pages long, with the exception of Chapter 6 that comes a tad longer. Although each chapter moves through a defence of contract law’s role in Internet governance, there is an introductory chapter that takes the reader through a brief history of governance and an overview of both regulatory and contract theory. The focal point of the book is two case studies; one aptly titled ‘The ICANN-Based Contractual Web’ and the second, ‘Lex Facebook’. In a clear and concise writing style, Bygrave attempts to discuss the utility and legitimacy of ‘contractual governance mechanisms’. He also states that contract law provides the ‘bricks and mortar’ as the ‘governance structure of the Internet has formed largely outside a treaty or other legislative framework that is Internet-specific.’1 In the process, the book lead to several pressing queries: Why shouldn’t operators facilitating the function of ICANN be able to contract around the law? If registrants want to preclude themselves before registering their domain name from being able to challenge, for example, a UDRP decision over a domain name dispute, then why should the law prohibit them from doing so?
In general terms, Bygrave posits that the rationale behind these issues is that it is the role of contract that binds actors in the online environment. Firstly the Internet Corporation for the Assignment of Names and Numbers (ICANN) is simply a fictional entity that serves as the centre of a complicated nexus of contractual relationships.2 Accordingly, it is wrong to view it as organising production in a radically different way than markets do; it is wrong to see ICANN as a “hierarchy” in which decisions are made by “fiat” in contrast to the contractual arrangements that characterise markets. And it is wrong to see ICANN as being a creature of the state in any real or fundamental sense.
Secondly, the second function of ICANN is simply to provide an efficient set of starting or “default” rules to govern the nexus of contracts. Most of these rules concern issues of governance: rights, duties and obligations among registers, registrants, and registrars, as well as liaising with the technical experts to make sure the default rules are compatible with technical operating standards. The aim of the registers is, or should be, to mimic the rules that most registrars and their customers would agree to after a full session of informed bargaining.
Finally, except when there are third party effects, registrars and registrants should be free to change any of the default rules by mutual agreement.
Bygrave’s second chapter, ‘Lex Facebook’ focuses on the contractual arrangements users enter into when opening an account on the social networking platform. Famously (or infamously depending on one’s point of view) Facebook does not charge users to join its platform, instead selling data
1 Page 2, Bygrave
2 Jensen and Meckling, Theory of the Firm: Managerial Behaviour, Agency Costs
& Ownership Structure, 3 J. Fin. Econ. 305, 310 (1976).
about the users to advertisers and other third parties. Bygrave’s analysis is foretold in section 2 of the Chapter: that the contractual terms Facebook “lays down for its community are vehicles for disseminating a set of cultural norms across the globe. Its normative framework reflects its US origins, more specifically a middle-to-upper class North American mind-set.” As a result, concerns arise over Facebook’s role as arbiter of free-speech. The culture Facebook has adopted and therefore disseminates is not aware of the vulnerability that free speech too often brings to people outside of that very bubble. When Facebook’s business model is combined with this pro-speech corporate culture, the site had a powerful capacity to monitor, survey, and profit from the private lives of its users. It is through this lens that Bygrave begins an impressive forensic analysis of the ‘contractual anatomy’ of Facebook.
Bygrave takes the reader through the ‘Facebook Principles’ and the Statement of Rights and Responsibilities and other instruments that provide some sort of guidance to the way Facebook will govern its relationship with users and third parties. The chapter then takes a helpful detour through the way these codes have developed over time. Interestingly, Facebook constitution has grown and expanded, subsequently contracting to “enhance the readability and comprehensibility of contractual instruments. However, rather disappointingly Bygrave glosses over the role network effects play in enticing users to join the Facebook platform. No-one ever reads the terms and conditions. And this is an issue that Bygrave never really addresses.
Take the following example: A user enters into a user agreement with Facebook.
Within the terms and conditions that have to be agreed to prior to opening the account, there is a forum selection clause that stipulates the following:
“it is agreed… that all disputes and matters whatsoever arising under, in connection with or incidental to this contract shall be litigated, if at all, in and before an approved dispute resolution provider located in the State of California… to the exclusion of the Court of any other state or country.”
Users though, when opening their Facebook account, will likely pay no (or at least very little) attention to any terms of service, principles, etc. Clearly presenting them ensures legal compliance with the rational approach of making all relevant information available to the contracting party. However users will no doubt underestimate the probability that they will ever need to litigate. For the
‘naïve user’, a lot is to be determined by this clause. If users disregard these clauses, then regulators might want to intervene. This is because users may make the wrong choice from among the existing contracts and the existing contracts may be too limited a set, if the market fails to offer contracts that some consumers would prefer. The consumer may be better off litigating in her home country, but chooses Facebook because it has to thanks to the network effect that Facebook already enjoys. That a litigation forum is in a place far away from a European or African user is of little consequence to the user who needs to use the site to communicate with friends and family.
The second concern regulators might have is that Facebook fails to offer contracts that at least some users would prefer. Facebook gets the benefit if litigation is inconvenient (especially if users are not aware of the inconvenience).
In this set of assumptions, Facebook has a vested interest in making it harder for users to litigate and will make more money or make offerings more attractive in other ways. Competitors to the social network may also adopt a forum clause to their accounts. Does the strength of regulation change if consumers are or are not behaving rationally? Users don’t look at forum selection clauses, and it is perfectly rational for them not to, because it is not worth the time and effort.
Consequently for Bygrave private contracts almost always dominate over legal rules. Operationally, this means that there should be virtually no mandatory role for cyber law. This seems a bit of a hard pill for cyber-lawyers. As Bygrave admits in ‘Lex Facebook’ if Facebook departed from the principles that the author spent so long dissecting, they would risk breaching section 5 of the US Federal Trade Commission Act 1914.3 Indeed, Facebook fell afoul of hard law when it engaged in deceptive processing of personal data and agreed to undergo bi- annual auditing for 20 years in order to comply with FTC orders.
His conclusion is not very different from the conclusion posited by Lessig nearly 20 years ago – West Coast regulation is being exercised without legitimacy and accountability that is reserved for the East Coast regulators. His argument ultimately is that contract ‘embeds and spreads the preferences of Internet governors’. This is not really a view that I can easily endorse. ICANN, in theory, could agree with either it users, its constituents, registries and registrar to operate in the interests or a combination of interests of its stakeholders. It would simply operate as a nexus of contracts. Yet contractualism has two fundamental requirements: first, that the parties have the freedom to choose the terms of the contracts which they enter into; and secondly, that those contracts should be enforced when they have been entered into. On the first point, users of social media platforms like Facebook have no input (and often ignore even when it is not in the user’s best interest to accept) the terms and conditions that they must agree to. Secondly, there would be a long line of ICANN constituents and stakeholders that would argue quite vehemently that contracts written by ICANN are not written in a way that maximises the value of those contracts for the contracting parties, or maximise the value of ICANN.
I enjoyed Lee Bygrave’s Internet Governance by Contract and can recommend it to anyone who is looking to connect the dots between Internet governance and regulation. The reader will find a little bit of everything in the book, such as classical cyber theory from Goldsmith & Wu, Lessig and Mueller alongside a discussion of contract theories by and Julia Black-esque theories of de-centered and smart regulation. Best of all, it is an extremely accessible text such that a Net policy wonk could pick it up and learn a lot about issues they may not have heard of before. Finally if the goal of the book is to convey the role of contractualism in Internet governance, then a criticism of the book lies in the understating and discussion of the role civil society play in moderating the harsher types of
3 Page 95.
‘contracts’ that are often insisted on by IP rights-owners. More pertinent questions to me are: (1) can true consensus ever be found in a multi-stakeholder organization like ICANN? (2) Are there instances where contracts become imposed rather than agreed to through negotiation? (3) Can users ever truly be said to be giving informed consent when they click yes to the fateful question:
“have you read and understood the terms and conditions?” Not surprisingly, this part of the user ‘contract’ with Facebook is likely to make up a significant part of the reforming General Data Protection Directive. Thus this book understates the significance of contract in regulating the online environment at the expense of its very persuasive argument about the role contract plays in governance of the online environment. Yet contractual ‘governance’ has been used outside of conventional state models of government (for example, in referring to ‘corporate governance’). Although corporate governance has evolved as a result of government induced privatization processes since the 1970s, Internet governance structures have always relied on contractualism, and I think there was room to explore this distinction.
Overall this is a stimulating text. A number of Professor Bygrave’s arguments have prompted disagreement from this reviewer, but that is surely a mark of success in a book seeking to challenge our views and stimulate debate among scholars and academics of cyber law. It should be added to the repertoire of reading of keen academics and students and imagine several of the chapters becoming assigned reading in both policy courses and cyber-law programs alike.
