Brian Chau is a JD Candidate at Osgoode Hall
Digital data in the 21st century is often envisioned to be stored somewhere in a vast cloud of storage mediums – but at the end of the day, the discrete bits and bytes of data are tied to physical locations. While information on the internet transcends national barriers and jurisdictions, its underlying storage devices do not. A recent ruling (relating to the publication of racially inflammatory material) examined the ability for an originating country to claim jurisdiction when data was stored in another country. This case is important as it challenges the traditional definition of location with regards to technologies that have dis-embedded the physical process of publishing one’s views.
The Court of Appeal for England and Wales has ruled in R. v. Sheppard that jurisdiction over data stored in another country applies, “as long as a substantial measure of the activities constituting the crime took place in England”. The appellants were charged with publishing racially inflammatory material which was hosted by a remote server in California (www.heretical.com, among others). The appellants raised three grounds of appeal, with the main argument concerning jurisdiction: That a publication on the internet is only cognisable in the jurisdiction where the web server upon which it is hosted is located and since in this case the location was California the publication falls outside the jurisdiction of England and Wales.
The appellants stated that the determinative factors were:
- that the act of publishing took place in California when the format of the material supplied by Sheppard was converted to allow it to become accessible on the internet, and when it was accessed by other people clicking on the website;
- that the act complained of did not constitute a criminal offence in the United States of America because it was not only not a criminal act but also specifically protected by the First Amendment to the American Constitution; and
- that the wording of section 42 of the 1986 Act was different from the jurisdictional wording of, for example, the Theft Act 1968 and thus the Wallace Duncan Smith (No.4) line of authority was not applicable.
The Court of Appeal concurred with the trial judge in finding that the court did have jurisdiction. The trial judge applied a “substantial measure test” where it was noted that in all the jurisdictional arguments raised, the activities were done with the expectation and intent that the material should be available to the public or a section of it within the jurisdiction in England and Wales. Further, the use of the server was merely a stage in the transmission of the material requiring no intervention once the website was activated. The judge concluded that it could not, be seriously argued on a reasonable view of all the evidence that the appellants’ activities should, on the basis of international comity, be dealt with by another country.
In its application of the “substantial measure test”, the Court of Appeal considered the extent to which it was appropriate for the court to develop the common law as to jurisdiction in order to meet the changing requirements of society. The Court recognized that crime is now established on an international scale and the criminal law must face this new reality – and that intention of parliament when devising the crime under Public Order Act Section 29 (”The 1986 Act”) was that “written material” would be wide enough to cover new forms of communication so that racist organizations and others could not advance the type of argument being put forward in the present case.
The widespread use of information and communication technology has led to challenges that intersect the legal, technological and physical boundaries. This decision listed a number of competing theories regarding which courts should have jurisdiction over data. Will there be an increasing trend from this case that emphasizes the concept of “custody of data” and posits that the traditional concepts of place of data storage or physical servers are now irrelevant? Urs Gasser from the Harvard Law School consider these challenges from the perspective of corporate governance in this article. Gasser posits that “custody of data—as opposed to the place of data storage or the physical location of the servers—is increasingly the decisive factor in cases where stakeholders (e.g. law enforcement authorities; plaintiffs) seek access to information stored in corporate information systems”. He then notes that this is already in place for U.S. electronic discovery rules. Perhaps the Sheppard case is simply another step in this direction.