Limits of Consent in Electronic Contract Law & Cybertort
Posted: 19 Dec 2012
Date Written: December 19, 2012
Abstract
In the last twelve years, the Indian government has enacted Information Technology Act 2000 and amended various Acts including Indian Penal Code under the said Act that prohibits unauthorized access to computers & Internet. These new laws attempt to draw a line between criminality and conduct with consent in cyberspace. No one knows what it means to access a computer, however, nor when access becomes unauthorized. The few courts that have construed these terms have offered divergent interpretations. Recent decisions interpreting the Information Technology Act in some civil cases suggest that any breach of contract with a computer owner or a website renders use of that computer or website an unauthorized access. If applied to criminal cases, this approach would broadly criminalize e-contract law and their acts become tortious on the Internet, potentially making millions of Indians criminal for the way they write e-mail and surf the Internet.
Consent has enjoyed a dominant position in e-contract law and cybertort. We can describe it as the master concept that defines limits of liability in India. That makes intuitive sense. E-Contracts are private agreements – a set of terms and conditions to which the parties have consented. Some have pointed out that the consent doctrine helps protect individual autonomy and freedom of contract, core values protected by contract law. Consent has served to justify the government’s choice of sides in a contractual relationship. The idea that contracting parties tacitly consent to default rules by their failure to contract around them fails to provide a basis for distinguishing contract from tort. Lack of knowledge of default rules, disproportionate transaction costs and inequalities of bargaining power prevent many contracting parties from routinely choosing contract terms. If, despite those constraints, persons engaging in contractual behavior can be said to consent to the legal consequences of that behavior, we can equally say that legal actors engaging in other types of voluntary conduct consent to the obligations arising from that behavior in the law of tort.
This paper identifies the problematic aspects of consent in cyberspace. Consent is an amorphous concept difficult to define and its existence is difficult to ascertain. Furthermore, unprecedented e-market place manipulation raises some thorny issues for liability in cyberspace. Is it consent if someone signed an e-agreement, but unbeknownst to him, the agreement was carefully designed to induce him to accept the e-agreement? In increasing number of cases, an outward manifestation of consent does not necessarily equal to knowledge required for meaningful consent.
The paper considers aspects of tort law that are informed by considerations traditionally associated with the law of contract; namely, the extent to which obligations in tort can be voluntarily assumed and voluntarily limited or excluded. The paper shows that obligations in contract, like those in tort, are to a significant extent shaped by community standards. Contractual rights and obligations are to some extent shaped by consensus, to some extent imposed by one party on another and to some extent imposed on both parties by law. Similarly, obligations in tort are to some extent shaped by voluntary arrangements between the parties, to some extent shaped by the unilateral actions of one party and to some extent imposed by law.
This paper presents a comprehensive inquiry into the meaning of unauthorized access and consent statutes in cyberspace and discusses how the courts have construed these statutes in an overly broad way that threatens to criminalize a surprising range of innocuous conduct involving computers & Internet. The paper offers a normative proposal for interpreting access and authorization. The paper argues that courts should reject a contract theory of authorization, and should narrow the scope of unauthorized access statutes to circumvention of code-based restrictions on computer privileges. The paper justifies this proposal on several grounds. First, the proposal will best mediate the line between securing privacy and protecting the liberty of Internet users. Second, the proposal mirrors criminal law's traditional treatment of crimes that contain a consent element. Third, the proposed approach is consistent with the basic theories of punishment. Fourth, the proposed interpretation avoids possible constitutional difficulties that may arise under the broader constructions.
Keywords: cybertort, e-contract, consent, unauthorised access, liability, obligation, cybercrime
Suggested Citation: Suggested Citation