Law and "the metaverse": new(ish) tech, existing principles?

A friend asked me, a while back, if I would write a few thoughts about law and "the metaverse".

Honestly, I've been a bit hesitant about this. I'm not convinced that there's anything particularly exciting or interesting to write about.

But (a) my blog is hardly a bundle of laughs at any other time, and (b) what I take as a given, in terms of existing thinking and scholarship, might be new to some or all of you reading this, so why not?

Law outside the metaverse

By "law outside the metaverse", I mean the body of rules, typically imposed and enforced by the state, which regulates us all. In this case, specifically, the providers of metaverse systems, and the operation of those systems, but they are not special cases in the eyes of the law.

Providers of online services - from simple websites, to social networks, to online games and more sophisticated virtual worlds - are already subject to huge volumes of regulation:

  • data protection laws
  • competition / anti-trust laws
  • "Internet" and telecoms-specific laws
  • corporate laws
  • consumer protection laws
  • contract laws
  • intellectual property laws

and so on.

It looks like this list will continue to grow, with governments keen to impose further obligations on providers.

To my mind, "metaverse" services are just another example of Internet-connected services. There's nothing intrinsically special or unique about them, or their providers. Companies designing metaverse systems will need to do so in a manner consistent with the legal frameworks which apply to them (or else be willing to face the consequences). Just like any other business.

For example, years ago, I advised on some bits and pieces to do with "Second Life", a virtual world. I didn't need to apply "virtual world law" to that advice, just English law, and some guidance on targeting / promoting the competition.

As with online services today, there will be some interesting challenges in terms of jurisdiction, and the potential application of multiple sets of laws to a provider's obligations. Merely by way of example, the extra-territorial effect of the EU's (and now the UK's) data protection framework.

But, at its heart, nothing particularly new.

(And, importantly, I think, it means that businesses working in this space do not need "metaverse-specialist lawyers".)

Law inside the metaverse

"Law inside the metaverse" is a little more complicated, but not that much more complicated.

Inside the metaverse, I draw a distinction between:

  • the application of "law outside the metaverse" within the metaverse; and

  • the "law of the metaverse": rules created by the metaverse provider.

The application of "law outside the metaverse" within the metaverse

What is illegal offline is illegal online, and I see no intrinsic reason why that principle should not apply to metaverse systems as it does to other online systems.

A user of a metaverse system is not excused compliance which the laws of a state which apply to them offline, simply because they are online.

That said, there are some interesting nuances here.

For example, if a user within a metaverse system uses the platform functionality to take something from another user, how do (or should) state laws apply? What is "property" in this context?

If I shoot someone in the real world, I commit one or more crimes. But if my character shoots a character in a game, I do not: no-one has died.

What is the role of state police forces / law enforcement? Are they resourced adequately to tackle crimes which are committed online? What about jurisdictional issues?

Interesting, but not new, and already addressed quite comprehensively, but plenty of room for debate and discussion here.

Law of the metaverse

In addition to the laws of imposed by states, users - businesses and individuals - will need to contend with the "law of the metaverse".

By this, I mean a platform's own "laws", created by the platform operator.

These are made up by a combination of:

  • legal-esque codes: terms of service, community guidelines, and perhaps even a form of netiquette.

  • the technical code (software, but perhaps also hardware designs and limitations) which forms the platform's equivalent of the laws of physics. The code which determines what you actually can, and cannot do, irrespective of what the platform's legal-esque codes might permit or prohibit.

Again, if you're thinking that this all sounds rather familiar, you'd be correct. "Code as law" is hardly a new concept.

And, again, the kind of challenges that we have in existing large online platforms, and the solutions that we develop to them, are likely to be relevant to "metaverse" systems. Online safety and privacy. Appropriate conduct. Moderation, and enforcement. Use, misuse, and abuse.

Does anything excite you about "the metaverse", legally?

I must admit, I'm not enthralled by the notion of a metaverse dominated by major providers, let alone a metaverse which consists solely of one provider's service. "Ready Player One" (the book, not the very questionable film interpretation) offers quite a good (fictional) insight into some of the problems of that.

The idea of yet another online environment where every move you make, every interaction you have, even word you utter, creates more data points for some third party's surveillance-ware fills me with dread, not excitement.

But I am quite excited about the possibility - remote though it may seem right now - of Free and open source metaverse systems, with Free / open hardware.

I am also interested in a metaverse, where users can move readily, if not seamlessly, between platforms operated by different providers (i.e. something akin to moving between different websites). Perhaps that's a federated metaverse, perhaps not federated, but just developed to an open standard.

So, yes, there are things about the "metaverse" which I find interesting.

But, overall, it feels a lot like "business as usual".