Yet you may still be skeptical. Even if most Internet activity is traceable using the technologies that I’ve described, you may still believe there are significant gaps. Indeed, the explosion of spam, viruses, ID theft, and the like are strong testimony to the fact that there’s still a lot of unregulable behavior. Commerce acting alone has not yet eliminated these threats, to both commerce and civil life. For reasons I explore later in this book, it’s not even clear commerce could.
But commerce is not the only actor here. Government is also an important ally, and the framework of regulability that commerce has built could be built on again by government.
Government can, in other words, help commerce and help itself. How it does so is the subject of the chapter that follows.
Chapter 5. Regulating Code
Commerce has done its part — for commerce, and indirectly, for governments. Technologies that make commerce more efficient are also technologies that make regulation simpler. The one supports the other. There are a host of technologies now that make it easier to know who someone is on the Net, what they’re doing, and where they’re doing it. These technologies were built to make business work better. They make life on the Internet safer. But the by-product of these technologies is to make the Net more regulable.
More regulable. Not perfectly regulable. These tools alone do a great deal. As Joel Reidenberg notes, they are already leading courts to recognize how behavior on the Net can be reached — and regulated.[1] But they don’t yet create the incentives to build regulability into the heart of the Net. That final step will require action by the government.[2]
When I wrote the first version of this book, I certainly expected that the government would eventually take these steps. Events since 1999 — including the birth of Z-theory described below — have only increased my confidence. In the United States, the identification of “an enemy” — terrorism — has weakened the resolve to resist government action to make government more powerful and regulation more effective. There’s a limit, or at least I hope there is, but there is also no doubt that the line has been moved. And in any case, there is not much more that the government would need to do in order to radically increase the regulability of the net. These steps would not themselves excite any significant resistance. The government has the means, and the motive. This chapter maps the opportunity.
The trick is obvious once it is seen. It may well be difficult for the government to regulate behavior directly, given the architecture of the Internet as it is. But that doesn’t mean it is difficult for the government to regulate the architecture of the Internet as it is. The trick, then, is for the government to take steps that induce the development of an architecture that makes behavior more regulable.
In this context, I don’t mean by “architecture” the regulation of TCP/IP itself. Instead, I simply mean regulation that changes the effective constraints of the architecture of the Internet, by altering the code at any layer within that space. If technologies of identification are lacking, then regulating the architecture in this sense means steps the government can take to induce the deployment of technologies of identification.
If the government takes these steps, it will increase the regulability of behavior on the Internet. And depending upon the substance of these steps taken, it could render the Internet the most perfectly regulable space we’ve known. As Michael Geist describes it, “governments may have been willing to step aside during the commercial Internet’s nascent years, but no longer.”[3]
Regulating Architecture: The regulatory two-step
We can call this the “regulatory two-step”: In a context in which behavior is relatively unregulable, the government takes steps to increase regulability. And once framed, there are any number of examples that set the pattern for the two-step in cyberspace.
Car Congestion
London had a problem with traffic. There were too many cars in the central district, and there was no simple way to keep “unnecessary” cars out.
So London did three things. It first mandated a license plate that a video camera could read, and then it installed video cameras on as many public fixtures as it would take to monitor — perpetually — what cars were where.
Then, beginning in February 2003, the city imposed a congestion tax: Initially ?5 per day (between 7 a.m. and 6:30 p.m.) for any car (save taxis and residents paying a special fee), raised to ?8 in July 2005. After 18 months in operation, the system was working “better than expected.” Traffic delays were down 32 percent, traffic within the city was down 15 percent, and delays on main routes into the zones were down 20 percent. London is now exploring new technologies to make it even easier to charge for access more accurately. These include new tagging technologies, as well as GPS and GSM technologies that would monitor the car while within London.[4]
Telephones
The architecture of telephone networks has undergone a radical shift in the past decade. After resisting the design of the Internet for many years[5], telephone networks are now shifting from circuit-switched to packet-switched networks. As with the Internet, packets of information are spewed across the system, and nothing ensures that they will travel in the same way, or along the same path. Packets take the most efficient path, which depends on the demand at any one time.
This design, however, creates problems for law enforcement — in particular, that part of law enforcement that depends upon wiretaps to do their job. In the circuit-switched network, it was relatively simple to identify which wires to tap. In the packet-switched network, where there are no predictable paths for packets of data to travel, wiretapping becomes much more difficult.
At least it is difficult under one design of a packet-switched network. Different designs will be differently difficult. And that potential led Congress in 1994 to enact the Communications Assistance for Law Enforcement Act (CALEA). CALEA requires that networks be designed to preserve the ability of law enforcement to conduct electronic surveillance. This requirement has been negotiated in a series of “safe harbor” agreements that specify the standards networks must meet to satisfy the requirements of the law.
