Supreme Court Ruling Changes as Internet Ages

On June 21, the U.S. Supreme Court ruled in South Dakota v. Wayfair that internet-based retailers had to pay state sales taxes even if they had no “physical presence” in the state where the tax was imposed. This represented not only a change in the law, but a direct reversal by the court of a decision it had made in 1992, when the internet was a mere teenager. While the decision reflects both changes in the nature of the internet and commerce generally, it has broader implications for the ability of one sovereign (South Dakota) to impose its laws and policies on entities whose “entry” into that jurisdiction consists exclusively of bits, bytes and electrons. So, more than the folks in Pierre being able to impose their will (and taxes) on Wayfair’s operations in Beantown, the case recognizes that much commerce—and human interaction—is no longer based on physical presence. We “visit” Sioux Falls or Rapid City or Aberdeen by a mouse-click, and not just through the Big Sioux river.

Sales Tax

For years, companies that made sales in a jurisdiction had to collect and remit taxes to the local treasury based on the sales in that jurisdiction. You have a news stand in midtown Manhattan, you pay sales tax to the city, the state and whomever based on your sales. With a multistate seller, such as the Sears and Roebuck Company, if it sells a washer-dryer from one of its stores in Vermont, it remits taxes to Vermont. If a transaction occurs in a store in Delaware, the seller remits to, well, nobody—Delaware has no state sales tax.

The trigger for the tax is the sale by the merchant within the state and/or the delivery of the product to be put into use within the state. So if I am a Delaware resident and I buy a fridge from a retailer in Dover, no tax. If I buy it from a retailer in Philly and have it shipped to Dover, either I pay no Pennsylvania tax or I can get a refund on the Pennsylvania sales tax.

But if a Pennsylvania resident buys something in Delaware (no tax) and has it shipped to Pennsylvania to be put into use there, the buyer has to pay taxes in Pennsylvania. But here’s the problem: Who has to collect and pay the tax in that case?

In 1992, the Supreme Court held that retailers were not required to collect and remit sales taxes for “out of state” sales unless that retailer maintained a “physical presence” within the state. So if you bought a dishwasher in Dover from Sears, and had it shipped to Philly (where Sears also has a store), the Dover store would have to collect and remit Pennsylvania sales taxes. But if you bought a tin of Fisher’s popcorn in Bethany Beach, Delaware, and had it shipped to your house in Philly (where Fisher’s had no store) it would be unreasonable to expect the popcorn store to collect and remit the taxes to Philly. That would require every retailer that ships products out of state to maintain a list of every taxing authority, their address and the sales taxes imposed in every single jurisdiction. What is the sales tax on popcorn in Petaluma? And does Petaluma tax caramel corn as a food or as something else?

So, as a result of the 1992 case, internet-based companies generally did not collect sales taxes while brick and mortar stores did. This put companies such as Amazon and eBay at a distinct competitive advantage over their 20th century counterparts. For a time. Now, the purchaser was still lawfully required to pay the sales taxes (as a “use” tax), and occasionally states would crack down on high-ticket items, but there was still disparity.

So South Dakota, which has no state income tax and relies on sales taxes to fund many operations, imposed a tax on out-of-state retailers’ sales to people within the state “as if” they had a physical presence in the state.

Lawsuits were filed, appeals perfected and the Supremes stepped in.

The Supremes

The court explicitly reversed the 1992 decision and a predecessor decision from 1967, which related to Illinois’ attempts to tax mail order shipments into the state. The court held that it was no longer necessary for an entity to have a physical presence within a state to be subject to their sovereignty or taxation. The court held that there just has to be a “substantial contact” with the state, and that selling stuff or shipping stuff into the state suffices.

The court took specific note of the way changes in technology have impacted how society operates. It observed that:

Modern e-commerce does not align analytically with a test that relies on the sort of physical presence defined in Quill. In a footnote, Quill rejected the argument that “title to ‘a few floppy diskettes’ present in a State” was sufficient to constitute a “substantial nexus,” … A company with a website accessible in South Dakota may be said to have a physical presence in the State via the customers’ computers. A website may leave cookies saved to the customers’ hard drives, or customers may download the company’s app onto their phones. Or a company may lease data storage that is permanently, or even occasionally, located in South Dakota.

What may have seemed like a “clear,” “bright-line tes[t]” when Quill was written now threatens to compound the arbitrary consequences that should have been apparent from the outset. The “dramatic technological and social changes” of our “increasingly interconnected economy” mean that buyers are “closer to most major retailers” than ever before—“regardless of how close or far the nearest storefront.”… This Court should not maintain a rule that ignores these substantial virtual connections to the State.

In other words, “Times change. The law should, too.”

Impact on Other Things

The movement away from “physical presence” to digital presence reflects the reality of how people interact, make purchases and sales and the fact that what was impossible in 1992 (finding the sales tax for Sioux City, for example) is trivial today. But don’t be too impressed by this technological wonder. Just as a sale by Wayfair to a South Dakota resident represents an incursion into the state sufficient to invoke its sovereign tax authority, online conduct can trigger other sovereign actions.

The same rule—you are where you are electronically—means that things you post, say or do online might subject you to the laws of jurisdictions where those things can be seen or where they have an impact. Mocking members of the UK Parliament with images taken from the livestream may seem fun and funny, but might subject you to the laws of the UK. Mocking the Malaysian head of state can get you killed. While the internet truly tears down walls, sometimes these walls protect things such as freedom of speech and freedom of expression. So it’s more than just revenue and taxes—it’s sovereignty and power.

When New York hotel and real estate mogul Leona Helmsley was prosecuted for, among other things, having expensive jewelry boxes shipped from Manhattan stores to her Connecticut residence to avoid NYC sales taxes (well, the boxes weren’t expensive, especially since they contained no actual jewels), the decried that “only fools pay taxes.”

Fools and internet purchasers, I suppose.

Featured eBook
The Complete Guide on Open Source Security

The Complete Guide on Open Source Security

This joint report by Microsoft and WhiteSource discusses the difference in finding & fixing vulnerabilities in open source components opposed to proprietary code, how to grasp the unique challenges of open source security and how to tackle them, as well as how to master the best practices of managing your open source security risks. This ... Read More
WhiteSource
Mark Rasch

Mark Rasch

Mark Rasch is a lawyer and computer security and privacy expert in Bethesda, Maryland. where he helps develop strategy and messaging for the Information Security team. Rasch’s career spans more than 25 years of corporate and government cybersecurity, computer privacy, regulatory compliance, computer forensics and incident response. He is trained as a lawyer and was the Chief Security Evangelist for Verizon Enterprise Solutions (VES). He is recognized author of numerous security- and privacy-related articles. Prior to joining Verizon, he taught courses in cybersecurity, law, policy and technology at various colleges and Universities including the University of Maryland, George Mason University, Georgetown University, and the American University School of law and was active with the American Bar Association’s Privacy and Cybersecurity Committees and the Computers, Freedom and Privacy Conference. Rasch had worked as cyberlaw editor for SecurityCurrent.com, as Chief Privacy Officer for SAIC, and as Director or Managing Director at various information security consulting companies, including CSC, FTI Consulting, Solutionary, Predictive Systems, and Global Integrity Corp. Earlier in his career, Rasch was with the U.S. Department of Justice where he led the department’s efforts to investigate and prosecute cyber and high-technology crime, starting the computer crime unit within the Criminal Division’s Fraud Section, efforts which eventually led to the creation of the Computer Crime and Intellectual Property Section of the Criminal Division. He was responsible for various high-profile computer crime prosecutions, including Kevin Mitnick, Kevin Poulsen and Robert Tappan Morris. Prior to joining Verizon, Mark was a frequent commentator in the media on issues related to information security, appearing on BBC, CBC, Fox News, CNN, NBC News, ABC News, the New York Times, the Wall Street Journal and many other outlets.

mark has 21 posts and counting.See all posts by mark