Fundamentals of IT Law H-Farm 2024 PDF

Summary

This document covers fundamental concepts of IT law, specifically focusing on domain names and protocols. It explores how domain names function, their translation from IP addresses, and relevant issues like allocation, stability, and governance.

Full Transcript

Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

Internet is a specific modality for data transmission. The
steering and management of currently core elements of
internet is fundamentally made of:

(a)protocols for data transmission in the form of packet
switching (Transmission Control Protocol/Internet
Protocol—TCP/IP), along with subsequent extensions of
these protocols (such as Hypertext Transmission
Protocol—HTTP);
(b)IP addresses and corresponding domain names
(c)root servers
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

TCP/IP
TCP/IP (Transmission Control Protocol/Internet Protocol), are
the two fundamental suites of communication protocols
commonly used to interconnect network devices on the
Internet. They can also be used as a communications protocol
in a private network (for instance, an intranet or an extranet).
TCP/IP is a set of data communication mechanisms, embodied
in software, that let each one of us use the Internet and other
private similar networks.
- TCP focuses on processing and handling data from
applications
- IP is more “network oriented” and it is designed to
accommodate the transmission and receipt of application
data across a network
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW
hypertext —> text that contains links that enable to navigate through correlated coonetnts
HTTP www
HTTP (Hypertext Transfer Protocol) is the application
protocol over which the WorldWideWeb is built upon. An
Hypertext is structural text that uses logical links
(Hyperlinks) between two or more texts. HTTP is the
protocol through which it is possible to exchange or
transfer Hypertext.
HTTP is therefore a request-respond protocol. Once a
request message is sent from a node (client) of the
Internet to a server by using the HTTP protocol, the server
returns a response message to the client. The response
contains all the information about the request and so – for
instance - a website is uploaded on the client’s requesting
computer. ex.
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

Domain names
the main function of a domain name is mnemonic, meaning that it is
designed to help humans easily remember identifiers (symbols,
names or codes used to identify something clearly) understandable
Domain names are essentially translations of IP
numbers/addresses into a semantic and more meaningful
form. An IP address is a bit string represented by 4
numbers (form 0 to 255) separated by dots
153.110.179.30
A IP number tells most people little or nothing; a domain
name is much more easily remembered and catchy. Thus,
the main reason for domain names is mnemonics; that is,
domain names make it easier for humans to remember
identifiers. They are user-friendly.
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

Domain names have two other overlapping functions as
well. cataloging
- The first is that they enhance categorization of
information, thus making administration of networks more
systematic and making it easier for people to find
information.
- The second is stability: IP addresses can frequently change,
whereas domain names will tend to be more stable
reference points
Each domain name must be unique but need not be
associated with just one single or consistent IP number. It
must simply map onto a particular IP number or set of
numbers which will give the result that the registrant of the
domain name desires
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

A domain name has two main parts arranged hierarchically
from right to left: (a) a top‐level domain (TLD) and (b) a
second‐level domain (SLD). It will commonly also have a
third‐level domain. The ordinary number of domains is usually
between two and five.
The potential number of domain name strings is huge (though
not unlimited). The name set currently operates with 37
characters: 26 letters, 10 numerals, and the dash symbol - , so
that there are 372 or 1,369 two‐ character combinations, 373
or 50,653 three‐character combinations, and 374 or 1,874,161
four‐character combinations. Obviously, the number of
combinations will increase significantly if the character set is
increased— a possibility that is currently being discussed and
tested with respect to ‘Internationalized Domain Names’
(IDNs).
it’s not in the notes
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

There are two main classes of top‐level domains (TLD):
(a)generic (gTLD)
(b)country code (ccTLD).
The first class covers TLDs such as:.com,.net,.org,.gov,.edu,.mil,.int,.info, and.biz.
The second class covers TLDs such as.it,.fr,.au,.ru,.uk. (for
a complete liste see http://www.iana.org/cctld/cctld/whois.htm)
The first class also covers TLDs that are set up for use by a
particular community or industry (so‐ called sponsored
TLDs). Examples are.cat (set up for use by the Catalan
community in Spain) and.mobi (set up for users and
producers of mobile telecommunications services).
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

The generic TLDs may further be classified according to
whether they are open to use by anyone; some are
reserved for use only by specified groups/sectors.
For example:.pro is restricted to licensed professional persons;.name is restricted to individual persons;.gov is restricted to public institutions.
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

The Domain Name System (DNS) is essentially a system for
mapping, allocating, and registering domain names.
Basically, it translates domain communicate
nameswith into numerical
addresses so that computers can find each other. Thus, it is
analogous to a telephone number directory that maps the
names of telephone subscribers onto telephone numbers.
The fundamental design goal of the DNS is to provide the
same answers to the same queries issued from any place
on the Internet. Accordingly, it ensures (a) that no two
computers have the same domain name and (b) that all
parts of the Internet know how to convert domain names
into numerical IP addresses, so that packets of data can be
sent to the right destination
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

The core of the system is a distributed database holding
information over which domain names map onto which IP
numbers. The data files with this information are known as
‘roots’ and the servers with these files are called ‘root
servers’ or ‘root nameservers’. The servers are arranged
hierarchically. The top root servers hold the master file of
registrations in each TLD and provide information about
which other computers are authoritative regarding the
TLDs in the naming structure.
The addition of new TLDs may only be carried out by
ICANN, which is headquartered in California.
It is a database containing the domain names and corresponding IP addresses. The files with
this information are the "roots", while the servers that host them are called "root servers”. These
servers are organized in a hierarchical structure. The main root servers contain a file that
records all TLDs, and also indicate which computers are responsible for managing each TLD.
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

ICANN (Internet Corporation for Assigned Names and
Numbers) is a nonprofit private organization responsible for
coordinating the maintenance and procedures of several
databases related to the namespaces of Internet, ensuring the
network's stable and secure operation.
ICANN has been originally subject to US government oversight
– US Department of Commerce; but in 2016 the process of its
complete privatization has concluded and today ICANN is a
pure private multistakeholder community.
A handful of alternative root systems operating independently
of ICANN regime do exist with separate root servers and TLDs
(for instance, New.Net, UnifiedRoot, and OpenNIC), but they
have only a tiny share of the Internet user market due to high
networking and cost factors. minima quota di mercato
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

Historical introduction to ICANN
Internet Corporation for Assigned Names and Numbers
(ICANN)

ICANN statute of corporation
https://www.icann.org/news/blog/cheers-to-the-
multistakeholder-community
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

Problematic issues with domain names

From the point of view of the law, the main points of
conflict and controversy with respect to operation of the
DNS have largely arisen in two respects.

(1) how domain names are allocated to
persons/organizations

(2) which TLDs (and thereby domain names) are
permitted
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

The conflict over domain name allocation and recognition
is due primarily to the changing function of domain names.
They have gone from being just easily remembered
address identifiers to signifiers of broader identity and
value (such as trademarks).
At the same time, while they are not scarce resources
technically, they are scarce resources in the economic
sense. And some have come to assume extremely large
economic value and there are some judicial recognition of
domain names as a form of property.
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

Governance of DNS
based on contracts
Governance of the DNS is largely contractual, at least with
respect to management of gTLDs, although some of the
regimes for management of ccTLDs have a legislative footing.
IANA (Internet Assigned Numbers Authority), which is today a
department of ICANN, is responsible for the allocation of
gTLDs. IANA was once an independent organization whose
functions have been transferred to ICANN through a contract,
renewed many times.
IANA/ICANN distributes blocks of IP numbers to the RIRs
(Regional Internet Registries) all around the world, which then
distribute IP numbers to main Internet Service Providers (ISPs)
in their respective regions. The ISPs further distribute the
numbers to smaller ISPs, corporations, and individuals.
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

To fulfil ICANN's mission, a web of contracts and more
informal agreements has been launched between the
corporation and the bodies with which it deals with.
[For a full list, see
http://www.icann.org/general/agreements.htm]
To carry out its task, ICANN has established a series of contracts and informal
agreements with the entities it collaborates with.
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

These contracts/agreements deal with key issues and
matters concerning the Internet governance, such as:
- Establishment of policy for and direction of the allocation
of IP number blocks;
- Coordination of the assignment of other Internet
technical parameters as needed to maintain universal
connectivity on the Internet;
-Guaranteeing the stability of the Internet
-Rules in assignment of DNS to the users
These contracts/agreements cover the management of the Internet, namely: the allocation of IP
numbers, the coordination of technical aspects of the Internet (to ensure universal connectivity
over the Internet), the guarantee of stability of the Internet and the rules for the allocation of
DNS.
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

Conclusions on Internet governance
There is no specific regulation by national legal systems for the DNS and IP address system, so the Internet
infrastructure is mainly self-managed. The main governance is the one conducted by the ICANN (based on contracts)

At the moment there is no specific regulation by national
legal systems of DNS and IP address system, so that the
infrastructure of the Internet is basically self-governed.
It is meaningful what the European Union said about the
Internet governance in the Preamble to the Directive
2002/21/EC for electronic communications networks and
services:
‘The provisions of this Directive do not establish any new
areas of responsibility for the national regulatory
authorities in the field of Internet naming and addressing’
(Recital 20).”
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

The Directive goes on to encourage EU Member States,
“where and appropriate in order to ensure full global
interoperability of services, to coordinate their positions in
international organizations and forums in which decisions
are taken on issues relating to the numbering, naming and
addressing of electronic communications networks and
services” [Article 10(5)].
However, there may be indications that the European
Union is preparing to depart from this hands‐off policy in
the near future, but at the moment the situation remains
ICANN-based contractual governance of the Internet.
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

ePrivacy

Whenever you open a bank account, join a social network
or book a flight online, you hand over vital personal
information such as your name, address, and credit card
number.
What happens to this data? Could they fall into the wrong
hands? What rights do you have regarding your personal
information?
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW
ensure
All the legal systems recognize protection to personal data
(privacy law or data protection law). Generally speaking,
these regulations provide that personal data can be legally
gathered, stored and used under strict conditions and for a
legitimate purpose.
Subjects collecting and managing other people’s personal
information must protect it from misuse and must respect
certain rights of the data owners which are guaranteed by
the law.
Every day businesses, public authorities as well as private
individuals share great amounts of personal data on the
Internet, in popular communication systems such as
WhatsApp or in social networks like Facebook or
Instagram.
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW

In sharing communication contents, the users are sharing
metadata, e.g. time of a call and location, as sensitive as the
personal data and information themselves.
Here we have two conflicting interests:
(1) The interest of the IT companies to collect personal data
and information of the clients in order to use them to both
complete the service asked by the client (e.g. billing or
delivery), and to provide additional services (e.g. insurance
policies), and to develop their business (e.g. selling data or
statistics on the communication contents to other
companies)
(2) The interest of the users to the maximum possible
confidentiality of the shared data and information, not to
be used more than what strictly necessary to receive the
service.
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW
IT companies may only process your data and information if they obtain your consent, unless this is
necessary to respect mandatory laws (for example, for data required by courts or tax authorities).
The data protection legislations are generally oriented to
find the balance between the two interests with a
particular attention to the users’ interests. The key concept
in data protection law is consent.
The IT companies can store, manage and use personal data
and information gathered by clients as far as clients gives
their consent accordingly.
So that the only way for the IT business to process users’
data and information is to get their consent, with the only
exception of the communication contents requested to
comply with mandatory provisions under the law (e.g.
personal data used by Courts and Tribunals or by the Tax
Authorities).
 Giuliano Zanchi
H-Farm 2024 FUNDAMENTALS OF
IT LAW
In some jurisdictions, such as the EU, additional conditions are required to handle communications content in
sensitive situations. such as the authorization of the Privacy Authorities, as in hospital data.
Moreover, in some jurisdictions, such as the EU, additional
conditions are asked to process communication contents in
some particularly delicate situations (e.g. explicit authorization
from Privacy Authorities, as for processing data in hospitals).
Finding the right balance is not simple anyway. On one side
the business sector pushes to use more personal data and
information from the clients, since these communication
contents mean great opportunities for them. On the other
side, IT users are asking the legislators to grant an even higher
level of protection of their privacy, feeling that the pervasive
use of IT devices is putting in danger the confidentiality of
their data (so called digitalization of privacy). But there are
also cases where IT users protest against a too high level of
protection than expected.