Database

Three US States (Alabama, Oklahoma and Utah) prohibit the direct shipment of alcoholic beverages to consumers. The majority of states restrict direct shipments of wine.

While it is possible to sell drugs online in the U.S., it is considered illegal to buy drugs online from outside the US, even when the same medicaments are legally available in the US. There are some exceptions from these rule, including that not more than a three-month supply of the drug is imported.

Since July 2009, ordering most of tobacco products purchased through the Internet to be shipped directly to consumers in Washington is illegal.

Overlapping Federal and State regulations prohibit online gambling in the US (except in Nevada, New Jersey and Delaware, which have officially legalized online gambling). In 2003, Antigua and Barbuda initiated the dispute resolution process at the WTO challenging the US prohibition on cross border supply of online gambling services.

In 2005, the WTO Appellate Body (AB) upheld the Panel's finding regarding the US violation of GATS articles XVI: 1 and XVI: 2 by maintaining certain limitations on market access not specified in its schedule. Given the lack of implementation by the US of the AB ruling, Antigua and Barbuda retaliated by suspending US copyright protection rights as a mean of compensation.

Foreign entities or organizations need a bona fide presence to set up a US domain (.us). or to be a US citizen, permanent resident or an American organization. "Bona fide presence" requires the opponent to have either physical presence or regularly engage in lawful activities (sales of goods or services or other business, commercial or non-commercial including not-for-profit activities) in the United States.

The .com and .org domains have been made available by US authorities to both domestic and foreign users.

In April 2018, the US Commerce Department blocked American firms from selling parts or providing services to ZTE until 2025, following accusations that ZTE violate US sanctions on North Korea and Iran. In May 2018, it was reported that ZTE was forced to halt "major operating activities" following this ban, which was lifted in July 2018.

The US Export Administration Regulations (EAR) regulate exports of commercial communication satellites and technology that uses certain types of encryption.

Commercial communications satellites were moved from the military export controls of the State Department to the civilian or “dual use” controls of the Commerce Department. These regulations are less restrictive than the previously applied United States Munitions List (“USML”) under the jurisdiction of the Directorate of Defense Trade Controls (“DDTC”). However, there are still export regulations in place which may constitute an additional burden for exporters of these items.

Similarly, the Bureau of Industry and Security in the United States Department of Commerce regulates the export of technology that uses certain types of encryption and imposes certain registration and reporting requirements.

In June 2018, the US Federal Communications Commission (FCC) repealed net neutrality rules which require broadband providers to give consumers equal access to all content on the internet. This means that broadband providers can select arbitrarily which internet content can be blocked or slowed down, and are able to charge more for delivery of certain internet content.

Internet access providers in the US have reportedly slowed down the data transmission of the video-on-demand (VOD) service Netflix.

The Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA) allows for private lawsuits and criminal prosecutions against Internet platforms and websites, based on the actions of their users. The law is likely to promote active monitoring of the platforms on their users.

In the United States, the Digital Millennium Copyright Act (DMCA) establishes a conditional safe harbor that focuses specifically on copyright infringement claims. Title II of DMCA protects online intermediaries from liability in the case of copyright infringement, provided a notice and takedown system to deal with infringements is implemented.

Intermediaries also have the right to counter-notify, when they believe there is no copyright infringement involved. Safe harbor is available only to an intermediary that “does not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity."

The Federal Trade Commission Act (FTC Act) provides penalties of up to 16,000 USD for each offence. The FTC Act can also obtain an injunction, restitution to consumers, and repayment of investigation and prosecution costs. Criminal penalties include imprisonment for up to ten years.

Previously, as per the Electronic Communication Privacy Act (EPCA), US public administration organs could only access data stored over seas through mutual legal-assistance treaties (MLATs), which could be brokered with one or several countries at a time, and which require Senate approval.

Since March 2018, an alternative to MLATs, the Clarifying Overseas Use of Data (CLOUD) Act, allows law enforcement officials at any level (from local police to federal agents) to force US firms to turn over user data regardless of where it is stored. The CLOUD Act also gives the executive branch the ability to enter into “executive agreements” with foreign nations, which could allow each nation to access user data stored in the other country, regardless of the hosting nation’s privacy laws. These agreements don’t require congressional approval. In effect, this means that foreign law enforcement officials who need access to data of US companies that enter into an agreement with the US president, the State Department, or the Attorney General to grant them permission to directly contact tech firms to request access.

It is reported that foreign communications infrastructure providers have been asked to sign Network Security Agreements (NSAs) in order to operate in the US. These agreements ensure that U.S. government agencies have the ability to access communications data when legally requested.

The agreements reported range in date from 1999 to 2011 and involve a rotating group of government agencies including the Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), Department of Justice (DoJ), Department of Defense (DoD) and sometimes the Department of the Treasury.

According to the Washington Post, the agreements require companies to maintain what amounts to an “internal corporate cell of American citizens with government clearances” ensuring that “when U.S. government agencies seek access to the massive amounts of data flowing through their networks, the companies have systems in place to provide it securely.”

Moreover, the agreements impose local storage requirements for certain customers data as well as minimum periods of data retention for data such as billing records and access logs.

The Foreign Intelligence Surveillance Act allows US intelligence agencies to access personal data of foreigners either with a court order or in certain cases without.