Internet Law

Internet Law

Unlike many other types of law, there is not a single body of “internet law.” Instead, legal principles from contracts, consumer protection, intellectual property, privacy, free speech, and other areas have been applied to and adapted for the internet either by statute or caselaw. As a result, internet law is complex with a broad variety of rules that affect a party’s rights and liability. 

How is the Internet Governed?

The internet is regulated in several ways. Federal and state laws in the U.S. apply. In addition, the global nature of the internet law means that it may be subject to the rules of different countries, although enforcement of the laws can be challenging.

Self-regulation and user behavior also play a big part in governing the internet. The internet marketplace can decide what is acceptable and demand changes, which may become the new standard if enough people agree. As the public’s acceptance of certain practices has evolved over the decades, so have the content and services available on the internet.

Technology also has an impact. Issues like cybersecurity and privacy have come to the forefront in recent years as companies have taken advantage of advances in technology to exploit consumer information. These same companies and consumers have also been the victims of data breaches, making the internet subject to pitfalls for users and businesses alike.

Who Owns Content on the Internet?

Just because content is easily accessible on a website does not mean that the owner is giving consent for anyone to republish it or take advantage of someone’s trademarks. Intellectual property laws play a substantial role in the internet landscape. For example, the use of the content on the internet is subject to copyright and trademark laws that restrict using someone else’s content.

Copyright Infringement and the Digital Millennium Copyright Act

It is generally unlawful to reproduce, distribute, display, perform or create derivative works from, another person’s copyrighted material – (although there are exceptions). While copyright law allows copyright owners to sue for infringement of these rights, the advent of the internet created challenges to enforcing these rights due to a seemingly unlimited number of blogs, forums, or other websites which could host infringing material. Prior to the Digital Millennium Copyright Act (DMCA), the inability to police the internet and the potential resulting liability discouraged online service providers from hosting user-generated content for fear of being held liable for copyright infringement. The DMCA addressed this disparity by amending the Copyright Act and expanding copyright infringement liability while allowing online service providers a way to limit their own liability.

Specifically, the DMCA’s anti-circumvention provisions (beginning with section 1201 of the Copyright Act) prohibit creating or distributing technology which allows a user to circumvent online copyright protection (Digital Rights Management systems, or DRM) or other measures meant to protect copyrighted works. However, the DMCA also provides a safe harbor provision (section 512 of the Copyright Act), which protects online service providers from infringement claims if certain statutory requirements are met:

Notice. Any copyright holder that suspects content on an online service is infringing must notify the provider of the service of the potentially infringing material.

  • Takedown. In response, the DMCA requires that service providers who host user-generated content notify the user and then remove the potentially infringing material, so long as the takedown notice meets the law’s requirements.
  • Counter-Notice. If the posting user believes that their content does not infringe the copyright holder’s rights, that user can file a counter-notice to the service provider. If the service provider believes the counter-notice valid, then the service provider can restore the content to the website.

To receive the benefit of the DMCA safe harbor provision, a service provider must strictly follow the rules of the notice and takedown process. Otherwise, they may be held liable for secondary copyright infringement.

Trademark Infringement and Unfair Trade Practices

Trademark law protects a mark that is used in commerce for goods or services to identify the source of those goods or services. A trademark can be in the form of words, names, symbols, or devices.

The internet has been a double-edged sword for trademark law. On the one hand, instantaneous search capability and the existence of social media allows a trademark owner to pinpoint trademark infringers and to take action. On the other, trademark owners are obligated to police their marks, and the vastness of the internet can make it difficult to catch every case of infringement.  Trademark owners must be diligent in order to maintain the strength of their marks.

How Are Domain Names Protected?

Anyone can register a domain name, and registration does not require verification of copyright or trademark ownership. Because of this lack of verification, people can and do register domain names of established entities or brands with the intent to essentially ‘ransom’ the domain. This conduct has prompted trademark owners to engage in domain name disputes to protect their mark and brand online.

Anti-Cybersquatting Protection Act (ACPA)

Cybersquatting is when someone registers the domain name of another entity in bad faith, that is, with the intent to financially gain from the goodwill and reputation of the identity (or brand), through either selling the domain name back to the rightful identity (or brand) owner or for profit through advertising.

The ACPA authorizes a trademark owner to sue an alleged cybersquatter in federal court to obtain a court order that transfers the domain name back to the trademark owner. A trademark owner must prove all of the following:

  • Bad faith intent to profit from the use of the trademark;
  • The trademark was distinctive at the time the domain name was first registered;
  • The domain name is identical or confusingly similar to the trademark; and
  • The trademark qualifies for protection under federal trademark laws.
Uniform Domain Dispute Resolution Policy (UDRP)

Trademark owners in domain name disputes can also seek relief through the Uniform Domain Dispute Resolution Policy (UDRP), which establishes methods for resolving domain name disputes. It has been adopted by the Internet Corporation for Assigned Names and Numbers (“ICANN”) and is incorporated by reference into most Domain Name Registration Agreements, which registrants must sign to obtain the desired domain name. Filing under ICANN’s UDRP will bring the issue to arbitration. To enforce their rights, trademark owners must show:

  • The domain name is identical or confusingly similar to your trademark or service mark;
  • The alleged cybersquatter has no rights or legitimate interests in respect of the domain name; and
  • The domain name is being used in bad faith.

Trademark owners can seek relief under both the UDRP and the ACPA; the two are not mutually exclusive. The UDRP tends to be a less costly remedy than initiating a lawsuit under the ACPA, but UDRP resolutions can only result in transferring a domain back to the rightful holder, rather than seeking an injunction or damages as demanded from an ACPA lawsuit. UDRP determinations are also not binding on courts, meaning a later ACPA suit could potentially reverse a UDRP determination.

Note that good faith is a defense to both the ACPA and UDRP.

How Is Privacy and Free Speech Protected on the Internet?

The internet poses several First Amendment challenges. The internet was founded on the principle that cyberspace should be a user-generated, free speech utopia which should reject censorship. However, that lack of censorship has also given rise to and expanded the platform for toxic online content like fake news, cyberbullying, and extremism. Online service providers have full discretion to moderate their websites according to their terms of service but are potentially immunized from any liability for facilitating their users’ behavior.

Communications Decency Act

Section 230 of the Communications Decency Act (“CDA”) allows service providers and websites that host third-party content to avoid liability for what users post even if they are moderating posts according to their own terms of service. Essentially, this law has been interpreted to apply to blogs, listservs, forums, social media, apps, and even sites that allow user reviews like Amazon. It protects them from liability for claims based on the service provider hosting the illegal content of its users. There are exceptions under the CDA. Sites can still be liable under criminal law, intellectual property law (in case of copyright or trademark infringement), state laws, and sex trafficking laws. Notably, various proposals to amend the CDA are being debated by Congress, and parties should stay up to date on these developments.

Computer Fraud and Abuse Act (CFAA)

The internet also created an entirely new pathway for the theft of an individual’s private information.

The Computer Fraud and Abuse Act (CFAA) targets hackers, providing for civil and criminal liability for intentionally accessing a computer without authorization, or exceeding authorization. The law has been interpreted to apply to all internet-connected devices such as computers, cell phones, and tablets. Prohibited acts include compromising confidentiality, damaging or threatening to damage a computer or information, trafficking in passwords, and other conduct.

Common civil claims under the CFAA include seeking an injunction or monetary damages from these hackers. Bad actors could also take the form of a business’s competitors or rogue employees.


Internet laws provide many protections for online activities but also can result in significant liability. Rules and best practices are constantly changing. As a result, it is important to discuss these issues with experienced counsel to mitigate legal risks or to enforce rights against violators.