Building peace in the minds of men and women

Internet Governance Glossary - 4. Legal dimension

4.1 International law

Set of legal rules established by sovereign states, usually through the adoption of international treaties and international conventions and generally regarded and accepted as binding in relations between states.


All basic types of international law, namely:

  • international public law
  • international private law
  • international customary law

may apply to Internet governance.

4.2 Internet law / Cyberlaw

Legal approach to shape a legal framework for the Internet by laws – including international law – addressing the legal issues that arise from the Internet and the information and communication technology (ICT).


The other legal approach is the real-law approach, whereby the Internet and the information and communication technology (ICT) are essentially treated no differently from previous technologies. Consequently, any existing legal rules can also be applied to the Internet.

4.3 Arbitration

A faster, simpler, and cheaper mechanism of settling disputes in place of traditional courts.


The use of an arbitration mechanism (which is usually set out in a private contract with parties agreeing to settle any future disputes through arbitration) as the main Internet dispute settlement mechanism has particular advantages in regard to one of the most difficult tasks in Internet-related court cases, namely the enforcement of decisions (awards).
But it also has a few serious limitations:

  • Since arbitration is usually established by prior agreement, it does not cover a wide area of issues when no agreement between parties has been set in advance (libel, various types of responsibilities, Internet misuse or cybercrime).

Many view the current practice of attaching an arbitration clause to regular contracts disadvantageous for the weaker side in the contract (usually an Internet user or an eCommerce customer).

4.4 Law enforcement agencies / LEA

Organization having law enforcement powers and operating within a jurisdiction.


Law enforcement agencies (LEA) can

  • operate at international, multinational or national levels, and even at different levels within a country,
  • be responsible for enforcing different kinds of law, regulations or codes of practice.
4.5 Uniform Domain-Name Dispute-Resolution Policy UDRP

Policy to provide a “fast track” resolution process for disputes in Internet cases concerning top-level domain (TDL) names developed by the World Intellectual Property Organization (WIPO) and implemented by ICANN as the primary dispute resolution procedure.


So far, UDRP provides mechanisms that have significantly reduced cybersquatting. With the introduction of Internationalised Domain Names (IDN), new challenges are expected to occur.

4.6 Cybersquatting

Internet misuse of registering domain names that could be resold later, e.g. for reselling a trademark later to its rightful trademark owner (which can be considered as extortion).


The Uniform Domain-Name Dispute Resolution Policy (UDRP) provides mechanisms that have significantly reduced cybersquatting. However, cybersquatting can also concern famous individuals and non-profit entities.

4.7 Fundamental human rights

Moral principles commonly understood as inalienable fundamental rights to which a person is inherently entitled simply because she or he is a human being and laid down in the United Nations Declaration on Human Rights (UN/UDHR).


Depending on the degree of material loss or physical harm to people the infringement – which is a violation of a law or right – or violation of other regulations or codes of practice through Internet misuse concerning fundamental human rights may be judged as cybercrime.

4.8 Freedom of expression / Freedom of opinion and expression

Fundamental human right recognized under the United Nations Universal Declaration of Human Rights (UN/UDHR, Article 19) stating.

"Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers."


The protection of freedom of expression as a fundamental human right includes not only the content, but also the means of expression. However, the exercise of these rights carries "special duties and responsibilities" and may "therefore be subject to certain restrictions" when necessary, such as

  • "For respect of the rights or reputation of others"
  • "For the protection of national security or of public order (order public), or of public health or morals".
4.9 Privacy

Fundamental human right concerning “the state or condition of being alone, undisturbed, or free from public attention, as a matter of choice or right; freedom from interference or intrusion” .


In digital environments (characterized by digital information, dematerialization of actors, computers and networks operating mode), technologies don’t preserve, in native mode, user’s privacy. Copy, logging and eavesdropping are easy to realize. Network traffic analysis, auditing of activities, intrusion of detection systems, firewalls, etc. contribute to optimize network performances and security, but at the same time, they can damage privacy of the users. This affects everyone’s privacy over the Internet, and can put in danger eCommerce activities.

4.10 Anonymity

Characteristic of an entity whose name is unknown or which does not reveal its name, allowing an entity to use resources without being identified (incognito).


Provision should be made to respect the wish of certain users who may have a valid reason for not revealing their identity when making statements on the Internet, in order to avoid excessive restriction of their freedom of expression, to promote the freedom of expression and ensure protection against unauthorized online surveillance by public and private entities.

4.11 De-identification

Process by which a collection of data is stripped of information which would allow the identification of the source of the data.


Common uses of de-identification include human subject research for the sake of privacy for research participants. Common strategies for de-identifying datasets are deleting or masking personal identifiers, such as name and social security number, and suppressing or generalizing quasi-identifiers, such as date of birth and zip code. The reverse process of defeating de-identification to identify individuals is known as “re-identification”.

4.12 Internet surveillance

Monitoring of the behavior, activities, or other changing information, usually of people for the purpose of influencing, managing, directing, or protecting them originally as a tool of public authorities to maintain social control, today, can be carried out by any person or organization with sufficient funds for using powerful ICT tools for this kind of monitoring.


While Internet surveillance is considered to some extent a necessity against cybercrime and other Internet misuses, powerful surveillance tools could potentially endanger some fundamental human rights, particularly privacy and freedom of expression depending on those applying these tools. Therefore, the Convention on Cybercrime reinforced the discussion about the balance between cybersecurity and fundamental human rights.

4.13 Censorship

The act of blocking or controlling access to content or services otherwise accessible on the Internet. It can be implemented using various techniques, such as domain name and/or IP filtering, content inspection, etc. As it hinders the free flow of information on the Internet, censorship is often seen as a violation of the right to exchange information, and the right of freedom of expression.


Censorship can be effected by the entity having ability to control data traffic on part of the network or link, thus directly affects users of that part of the network; like connectivity providers, the ICT department in an organisation, or even the administrator of the network of, for example, university or workspace.
Note: part to be deleted in Arabic version.

4.14 Data protection

Legal mechanism that ensures privacy and refers to the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them.


The challenge in data protection is to share data while protecting personally identifiable information from a wide range of sources, such as:

  • Healthcare records
  • Criminal justice investigations and proceedings
  • Financial institutions and transactions
  • Biological traits, such as genetic material
  • Residence and geographic records
  • Ethnicity
  • Privacy breach
  • Location-based service and geolocation.
4.15 Intellectual property rights / IPR

Legal concept which refers to creations of the mind for which exclusive rights are recognized.


IPRs are protected by several branches of law covering certain primary rights, such as: copyright law, trademark law and patent law. Laws on unfair competition also affect IPRs. Depending on the degree of material loss IPR infringement or violation of pertinent regulations or codes of practice through Internet misuse may be judged as cybercrime.

4.16 Copyright

Branch of intellectual property rights (IPR) referring to the expression of an idea when it is materialized in various forms, such as a book or other publication, CD, or computer file for which exclusive rights are recognized.


Depending on the degree of material loss, copyright infringement or violation of pertinent regulations or codes of practice through Internet misuse may be judged as cybercrime.

4.17 Trademark

Symbol (or word, phrase, logo, etc.) used by a company to distinguish its products or services from those of another representing an intellectual property right (IPR).


The trademark as a primary intellectual property right (IPR) can be owned by the trademark owner (who can be an individual, business organization, or any legal entity), but also licensed. Cybersquatting is the Internet misuse of registering domain names also representing trademarks with the intent of reselling them to the companies who are the rightful trademark owners.

4.18 Creative Commons license / CC license

Creative Commons license enables the sharing and use of creativity and knowledge through free legal tools. The free, easy-to-use copyright licenses provide a simple, standardized way to give the public permission to share and use the creative work — on conditions of the creator’s choice.


Creative Commons licenses let creators easily change their copyright terms from the default of “all rights reserved” to “some rights reserved”. CC licenses work alongside copyright and enable creators to modify their copyright terms to best suiting their need.


4.19 Open source

Development model referring to the design of products and their components which then can be reproduced free of charge thus promoting a universal access via an open license to a product's design or blueprint, and, depending on the license, universal redistribution of that design or blueprint, including subsequent improvements to it by anyone.


Open source is the core concept of the open source culture with its open design movement resulting among others in free and open-source hardware and free and open-source software.
Generally, open source refers to a computer program in which the source code is available to the general public for use and/or modification from its original design. Open-source code is meant to be a collaborative effort, where programmers improve upon the source code and share the changes within the community or released to the public under some license. The term Open Source is also widely used referring to the design of products, such as objects, which then can be reproduced free of charge in accordance to the licence.

4.20 Open source hardware

It consists of physical artifacts of technology designed and offered by the open design movement. Open-source software (FOSS) and open-source hardware is created by this open-source culture movement and applies alike concept to a variety of components.
It is sometimes, thus, referred to as FOSH (free and open source hardware). The original sharer gains feedback and potentially improvements on the design from the FOSH community. There is now significant evidence that such sharing creates enormous economic value.


4.21 Free software

Software that respects users' freedom and community, which means that the users have the freedom to run, copy, distribute, study, change and improve the software.

Thus, “free software” is a matter of liberty, not price. To understand the concept, you should think of “free” as in “free speech”, not as in "free beer". We sometimes call it “libre software” to show we do not mean it is gratis.


Free software does not necessarily mean free-of-charge software.

4.22 Open data

It’s the idea that certain data should be freely available to everyone to use and republish as they wish, without restrictions from copyright, patents or other mechanisms of control.
The goals of the open data movement are similar to those of other "Open" movements such as open source, open hardware, open content, and open access. Open data is data that can be freely used, reused and redistributed by anyone - subject only, at most, to the requirement to attribute and sharealike. The key point is that when opening up data, the focus is on non-personal data, that is, data which does not contain information about specific individuals.


Share-alike is a copyright licensing term, originally used by the Creative Commons project, to describe works or licences that require copies or adaptations of the work to be released under the same or similar license as the original. Copyleft licenses are free content or free software licenses with a share-alike condition.


4.23 Open content

It can be assessed under the Framework based on the extent to which it can be retain, reuse, revise, remix, and redistributed by members of the public without violating copyright law.
Unlike open source and free content, there is no clear threshold that a work must reach to qualify as open content. Although open content has been described as a counterbalance to copyright, open content licenses rely on a copyright holder power to license their work.
It is content licensed in a manner that provides users with free and perpetual permission to engage in the 5R activities: Retain, Reuse, Revise, Remix and Redistribute.


4.24 Open Educational Resources / OERs

"Any type of educational materials or tools released into the public domain or with an open license that permits users to legally use, copy, adapt, and share free-of-cost." (UNESCO).

UNESCO OER Programme

4.25 Open access

Unrestricted online access to peer-reviewed scholarly research that comes in two degrees: gratis open access, which is free online access, and libre open access, which is free online access plus some additional usage rights.


Additional usage rights are often granted through the use of various specific Creative Commons licenses. Only libre open access is fully compliant with definitions of open access such as the Berlin Declaration on Open Access to Knowledge in the Sciences and Humanities.


4.26 Data retention

Explicit policy of persistent data and records management for meeting archival requirements for legal and business data.


Data retention regulations have sparked serious concerns from physicians, journalists, privacy and other fundamental human rights groups, unions, IT security firms and legal experts.

4.27 Internet misuse

Improper use of the Internet and related information and communication technology (ICT) which may cause material loss or physical harm to people.


The borderline between Internet misuse and cybercrime is not fixed. Depending on the degree of material loss or physical harm to people the infringement – which is a violation of a law or right – or the violation of other regulations or codes of practice through Internet misuse may be judged as cybercrime.

4.28 Cybercrime

Any crime that involves as a means or the target:

  • a computer system (computer or computer-related crime in a narrow sense),
  • internetworking technologies (netcrime in a narrow sense),
  • or both.

The Budapest Convention on Cybercrime is the first international treaty on crimes committed via the Internet and other computer networks by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations.

4.29 Cyberattack

Internet misuse or cybercrime whereby Internet weaknesses are exploited for different types of attacks directed primarily against information and communication technology (ICT) hardware or software, or primarily aimed at harming people.


There are different types of cyberattacks (each with subtypes):

  • Passive and active attacks,
  • Denial-of-Service attacks,
  • Defacement attacks,
  • Malware attacks,
  • Cyber intrusion,
  • Spam and phishing,
  • Some communication protocols misuse,

…down to full-fledged cyberwar.

4.30 Malware / Malicious software

A program such as a virus, worm or Trojan horse, or any other form of attack software that acts more or less independently and may disrupt computer operation, gather sensitive information, or gain access to private computer systems.


Malware represents a threat to information security and data protection.

4.31 Crimeware

A class of malware designed specifically automating cybercrime, in order (a) to perform illegal acts, (b) to steal personal information, or (c) to automate financial crime.



Crimeware can include spyware, keystroke loggers and bots. Most often crimeware: (i) gathers confidential information, such as passwords or credit card numbers; or (ii) takes control of a computer and executes remote commands.

4.32 Spyware

Malware watching users’ activities, without their knowledge, gathers information such as online activities, confidential and personal information, and transmits this information back to the spyware’s owner.


Spyware represents a threat to data protection.

4.33 Spamming / Electronic spamming

Internet misuse using of electronic messaging systems to send unsolicited bulk messages (spam or junk), especially advertising indiscriminately.


Spamming is the chosen method of many cases of Internet misuse that infect machines with viruses. If the introduction of a virus results in data corruption, the spammer can be prosecuted.

4.34 Cyberwar / Cyberwarfare

Activity of Internet misuse crossing international borders and involving the interests of at least one nation state by targeting the vulnerability of critical national infrastructure and data.


Internationally, both governmental and non-state actors engage in Internet misuse, including espionage (e.g. by means of spyware), information warfare and other cross-border Internet misuse or cybercrime up to full-fledged cyberwarfare. Therefore, cyberwar is of high national security concern.

4.35 Cyberterrorism

Kind of terrorism utilizing cyberspace and information and communication technology (ICT) resources to attack critical infrastructures or to optimize classical terrorism activities.

4.36 Cyberstalking

Internet misuse for stalking and harassment behaviours or abuse.


Many offenders combine their online activities with more traditional forms of stalking and harassment (telephoning the victims for example).

4.37 Cyber bullying

Internet misuse to harm, intimidate or harass other people in a deliberate, repeated, and hostile manner.


Cyber bullying and especially harassment is a particular challenge for child safety online. Children and minors can easily become victims of cyber bullying, most often from their peers using information and communication technology (ICT) – combining mobile phone cameras, file-sharing systems, and social networks – as a convenient tool.

4.38 Child safety online / Child online safety

Protection of child safety against improper and inappropriate content and contact in order to prevent Internet misuse or cybercrime against children.


Children are threatened first of all by objectionable content, counted to include a wide variety of materials including pornography, hate, and violence content, and content hazardous to health, such as suicide advice, anorexia, and the like. Besides, children can be victimised through child grooming, cyber bullying, cyberstalking and harassment.

4.39 Child grooming

Cybercrime deliberately undertaken with the aim of befriending and establishing an emotional connection with a child, to lower the child's inhibitions in order to sexually abuse the child.


Child grooming is a criminal violation of child safety online most frequently undertaken under a masked identity – while pretending to be peers, offenders collect information and steadily groom the child, easily managing to win the child’s trust, even aiming to establish a physical meeting. The virtual conduct thereby transforms to real contact and can go as far as the abuse and exploitation of children, paedophilia, the solicitation of minors for sexual purposes, and even child trafficking.

4.40 Confidentiality

Safeguarding of the secrecy of information, information flows, transactions, services or actions performed in cyberspace for the purpose of guaranteeing the protection of resources against unauthorized disclosure.


Confidentiality can be implemented by means of access control and encryption.

4.41 Phishing

Cyberattack attempting to fraudulently acquire confidential information such as usernames, passwords, and credit card details etc. by luring the user with a message which seems to come from a legitimate organization.


While spamming is most annoying, phishing can cause serious damage.

4.42 Identity theft

Internet misuse or cybercrime in which a fraudster illegally obtains confidential and personal information, such as credit card number, social security numbers, passwords or banking account numbers in order to impersonate the victim.


Identity theft often works together with privacy violations.

4.43 Online fraud

Internet misuse or cybercrime by means of deliberate deception or trickery in order to unjustly obtain property or services.


Online fraud results in loss of property to another through the input, alteration, deletion and suppression of computer data, as well as any interference with the functioning of a computer system, with the dishonest intent of procuring without right an economic  benefit, comprising piracy (e.g. illegal downloading of software, music, movies), and online fraud, including Internet auctions, advanced fee frauds, Internet fraud actions, etc.