After the grainy, analog pictures that came from VHS tapes, the DVD, format released in 1996 was a revelation. Crisp, clear, perfect movies came from the new CD-based format, courtesy of completely digital encoding that played back the same audiovisual experience every single time.
But that perfect digital format also introduced another possibility: the ability to make perfect copies. Anyone with a home DVD burner could pirate movies without limit, with none of the inevitable picture degradation that older analog machines introduced.
So DVD manufacturers created a code to protect the data—the Content Scramble System, or CSS, a basic stream cipher that only authorized DVD players could decode, tightly controlling the playback, and restricting it to machines keyed only for certain regions, so European DVDs, for instance, would not work in American players.
Naturally, CSS was cracked by hackers almost immediately. And a little-known hacker news magazine called 2600 linked to the code—only seven lines long, short enough to fit on a t-shirt—and uncorked a legal battle that launched 1st Amendment and cyber technology into a battle that is still being waged today.
The code itself was clearly illegal under the DMCA, or Digital Millennium Copyright Act; the issue was whether the magazine was responsible for the content on the other end of the link, over which it had no direct control. The DVD industry said yes; free speech advocates said no. Badly legally outgunned, 2600 lost the case and declined to pursue it at the Supreme Court.
But today, millions of websites, including huge ones like Google, Facebook, Twitter, and even the one you are reading right now, contain links to the DeCSS code, without fear of legal repercussion. Cyberspace law has exploded into a confusing, contradictory, semi-regulated field where litigation is constant, but the only precedent is that whoever brings the best lawyers to the table wins the day. And then has to start over again tomorrow.
That makes cyberlaw an endlessly fascinating, endlessly lucrative field of practice for lawyers with the legal brains and the high-tech skills to keep up.
Cyberlaw is not so much a new field of practice as the reconstruction of many existing fields of law. It incorporates elements of:
And as new technologies are developed, new aspects of cyberlaw are uncovered. For example, the rise of AI-piloted vehicles is already calling into question culpability in case of accidents… is the occupant of the vehicle, who may not have had control, responsible? The vehicle manufacturer? The programmer who wrote the code? The AI itself? Liability and insurance law is sure to become a new angle in cyberspace litigation soon.
Existing principles of law are frequently called into question by the new realities of the digital world. As the patent and trademark system – designed for a world before it was possible to create an infinite number of perfect digital copies – struggles to keep up, copyright and IP enforcement have become constant battlegrounds. De facto understandings of what it means to create a copy are called into question by the normal function of computers, which frequently create, shuffle, and delete code without users even being aware of it just during normal operation.
And consumer understanding of apparently concrete concepts like buying and selling are thrown out the window by digital technologies, as was demonstrated in an appropriately Orwellian fashion when Amazon remotely deleted copies of “1984” from customer’s devices.Cyberspace lawyers are responsible for nailing down what exactly ownership means in the digital world, how the requirements of coding and computer operation may impact it, and how it matters to both businesses and individuals.
Cyberspace lawyers face the dual challenge of keeping up not only with the latest legal trends and regulatory developments, but also technological developments that call settled legal principles into question. And due to the nature of the internet, these can emerge not only from federal laws, like the Computer Fraud and Abuse Act or the DMCA, but also at the state and even international levels.
For example, California’s Consumer Privacy Act, enacted in January of 2020, asserts its right to regulate information storage and disclosure for companies worldwide, assuming they do business with even a single Californian. Since it’s the world’s 5th largest economy, that’s essentially everyone. And if you have noticed an annoying tendency of websites to flash glaring banners demanding that you accept their cookies now, you have the European Union’s GDPR (General Data Protection Regulation), introduced in 2018, to thank for it.
But assertions of global jurisdiction frequently meet the realities of nation-states and multinational corporations in ways that make the laws less as they are written to be and more what lawyers can do to make them dance. For example, Turkey recently passed a number of severe restrictions on social media, intended to govern Facebook, among other titans. But Facebook’s lawyers decided to ignore those laws. Cyberlaw can be about knowing what you can get away with as much as it is about the letter of the law itself.
Most cyberspace legal experts work in big business, both at technology companies, but also at firms in research, entertainment, and manufacturing. As the digital revolution has overtaken business, all businesses have found it necessary to hire expertise in handling their digital legal portfolios. Lawyers in this field might be employed directly by those companies, or at boutique or major national and international law firms with significant practice portfolios in the sector. They defend corporate interests, both by initiating and defending litigation, and are heavily involved in drafting policy and compliance documents according to current industry standards.
Government lawyers are also heavily involved in cyberspace matters, both acting as prosecutors and investigators at the Justice Department and other federal law enforcement agencies to pursue cybercriminals, and at regulatory agencies like the FCC (Federal Communications Commission) and FTC (Federal Trade Commission), helping to develop the laws and regulations that govern cyber activities. They might help craft and enforce policies that govern online stores, service providers, social media networks, and help negotiate agreements with other countries or businesses in those sectors.
Finally, many cyberspace lawyers work for organizations like the ACLU (American Civil Liberties Union) and EFF (Electronic Freedom Foundation), advocating for consumer rights and privacy laws on the cyberfrontier. They also engage in policy drafting and regulatory advising, but frequently step in pro bono to defend individuals accused of unjust cybercrimes, or to file lawsuits to stop abuses of digital power.
Technology is an increasing part of legal education for all lawyers, from handling online legal research to learning about information security in confidential client communications. But if you want to become a cyber lawyer, you’re going to have to go well beyond the basics and get a serious information technology education.
Although you won’t need to learn to program, you should at least learn about programming, and the basics of computer and network operation. Understanding cellular networks and the internet of things (IoT) are likely to become very important in the coming years as well.
Most cyberlaw work at least touches on intellectual property considerations, so it’s a good idea to get a comprehensive education on subjects such as:
Cyberspace legal practice is new enough that there are no specific certifications offered by accredited organizations that deal with the field, but there are a number of different paths you can pursue to become certified in certain areas that are common in cyberlaw practice.
All of these certifications require passing at least a knowledge-based test in the specific area of practice they touch on, and may have more stringent requirements attached as well, such as a certain number of hours spent in practice, taking and passing courses in the field, and maintaining a membership in good standing with your state bar association.
Privacy is becoming one of the most important elements of modern cyberlaw, and the International Association of Privacy Professionalsholds ABA accreditation to offer their privacy certification for lawyers. Their certifications are recognized by legal bodies in:
Intellectual property law is another important area in cyberlaw, and The Florida Bar offers a specialization in that subject, exclusively available to lawyers in the state.
A certification that is available to both lawyers and non-lawyers is the Certified Expert Cyber Law (CECL) from the National Initiative For Cybersecurity Careers and Studies (NICCS). Aimed at both legal and technical staff who will be working in cybersecurity and cybercrime, it puts together both legal and technical understanding to demonstrate your ability to implement security and privacy controls in modern technical systems.
Lawyer Career Specialties