National Academies Press: OpenBook

The Internet's Coming of Age (2001)

Chapter: 5 Implications for Broad Public Policy

« Previous: 4 Collisions Between Existing Industries and Emerging Internet Industries: Telephony as a Case Study
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 177
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 178
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 179
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 180
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 181
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 182
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 183
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 184
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 185
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 186
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 187
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 188
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 189
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 190
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 191
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 192
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 193
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 194
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 195
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 196
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 197
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 198
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 199
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 200
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 201
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 202
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 203
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 204
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 205
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 206
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 207
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 208
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 209
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 210
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 211
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 212
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 213
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 214
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 215
Suggested Citation:"5 Implications for Broad Public Policy." National Research Council. 2001. The Internet's Coming of Age. Washington, DC: The National Academies Press. doi: 10.17226/9823.
×
Page 216

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

5 Implications for Broad Public Police INTRODUCTION So far, the bulk of this report has focused on the Internet from the inside out how its essential technologies are evolving and how the par- ties that build and operate it are evolving. In this chapter, the committee looks at the Internet from the outside in, examining some of the broader influences on the Internet that stem from the interests of the individuals and organizations that use it and the special concerns of governments, which have their own objectives and which can help balance and protect the interests of individuals and other parties that use the Internet. The Internet has become the basis for a widening set of social, politi- cal, and economic functions and is becoming ever more pervasive throughout society and its institutions. The benefits resulting from the Internet's intrinsic qualities have an accompanying cost: disruption of the social, political, legal, and economic conventions on which a wide variety of useful understandings have been based. While these consequences have been recognized for a number of years, they have grown in impor- tance as the Internet has become a key societal infrastructure. Reflecting the Internet's increased prominence, a diverse set of stakeholders both the existing players and new, Internet-focused ones are Having atten- tion to its impacts. 1 en tJ The scope of the discussion here is limited, consistent with the scope and resources of the project: a small but important and interconnected set of policy issues is outlined. The discussion is intended to illuminate the 177

178 THE INTERNET'S COMING OF AGE interplay of technical, economic/business, and public policy factors, drawing on the committee's experience in all three areas. Because the interplay is dynamic today's observations differ from yesterday's and will be overtaken by events tomorrow it can be hard to devise practical responses to perceived problems. Nevertheless, responses are being de- vised, and a variety of technical, business, and public policy actions are already being proposed or attempted. Understanding and monitoring the kinds of issues discussed here is important for making judgments about how individuals, organizations, and governments could or should act in using or shaping the Internet. The question is not just what the Internet does to policy but also what policy can do to the Internet. The second part of the question how policy affects the Internet asks how policy decisions that seek to impose particular technological solutions could adversely affect the Internet's architecture and growth as well as how policy decisions in areas such as privacy could affect user acceptance of the Internet and the services that run over it. How these issues are resolved is important to realizing (or limiting) the potential of the Internet. While they are not solely technological issues, their emergence as policy questions and the capacity to address them are shaped by technological developments. This chapter addresses how the architecture of the Internet creates new issues and challenges and requires new approaches from policy makers if policy goals are to be met consistent with the strengths of the design and architecture that underlie the Internet. The first set of issues privacy, autonomy, and identity, along with authentication arises from the sheer size of the Internet and from growth in the number of people and organizations that it interconnects increas- ingly, people communicate over the Internet with strangers and others of whom they have limited knowledge or control. This set of issues centers on how the Internet's design, which provides limited information about the identity or location of users, affects how we control our identity or evaluate the identities others present to use and what that means for our understanding of privacy and the uses of anonymity. The Internet pro- vides weak clues about location or identity. Its essential indifference to geography is, of course, valuable when it allows us to check our e-mail from New York one day and from Los Angeles the next, readily retrieve materials stored on a distant computer, or engage in a commercial trans- action with someone a continent away. Yet it also raises challenges to laws and practices that are premised on knowing the location of parties to a transaction. An IP address is only loosely related to the geographical location or identity of a user or networked computing resource this in- ~See, for example, Sherry Turkle. 1995. Life on the Screen: Identity in the Age of the Internet. New York: Simon & Schuster.

IMPLICATIONS FOR BROAD PUBLIC POLICY 179 formation can sometimes be inferred, perhaps after an exhaustive investi- gation, but it is not readily available.2 That some ISPs believe their net- work topology and the location of their facilities is sensitive proprietary information contributes to the lack of information about location. Nor do many of the applications that run over IP provide authoritative informa- tion on either identity or location. The absence of identifying information provides benefits in terms of free expression but raises serious issues about how we manage, recognize, or negotiate identifying information about people and things in the electronic world. The discussion in this chapter examines these competing directions and explores whether rel- evant design enhancements/changes should be left to competitive forces in the marketplace or require some focused attention by industry and/or government. The second set of issues taxation and universal service is related to government missions. Government is empowered to collect taxes to fund its operations, and it has an interest in both preserving its revenues while also fairly allocating the associated burdens, issues captured in debates about taxation of transactions conducted over the Internet. As the principal actor when it comes to social policy, governments have moved to promote equitable access to the Internet because of its growing value as a medium for economic, educational, civic, and other kinds of opportunities, much as they have done for other infrastructure, such as 2Interestingly, the Internet did not always have such a loose coupling between IP address and location. This quality stems less from the basic Internet design than from subsequent decisions related to address space management and security. In the early days of the ARPANET, interface message processors (IMPs) required a direct correlation of IP address to port number on the IMP, so one was more likely to be able to tell where a computer was located. There were, however, various ways in which hosts could be connected that would have made it harder to tell where they were located. Moreover, users generally interacted with the network via terminal devices attached to host computers, and these could be located far from the host computers. Also, before CIDR and address aggregation (described in Chapter 2), users did not receive their addresses from providers. Pre-CIDR, addresses were more likely to be globally routed, down to a much finer level of aggregation, which again made it easier to know where devices associated with particular IP addresses were located. Address allocation policies coupled with service issues, such as maintaining secu- rity and increasing the ease of getting an Internet connection, did induce large organiza- tions to route all traffic in and out of their entire enterprise, which could span many differ- ent locations, through one connection. But with the advent of CIDR and a crackdown on inefficient address space utilization, providers and users were forced into denser and more obscure addressing relationships. Motivated by address shortages and security issues, enterprises are using NAT and firewall technology, in which globally unique addresses are not used within corporate networks, further obscuring location information.

180 THE INTERNET'S COMING OF AGE telecommunications. To the degree that the Internet can credibly claim to be an essential infrastructure for transactions in commerce, political par- ticipation, basic education, and many other areas, it will become ripe for consideration for universal service arrangements, which are interventions premised on arguments that market mechanisms will not support wide- spread access affordable by all. The tradition of universal service was eventually attached to all important information infrastructures in the past—post, telephone, broadcasting, and, less obviously, basic education. PRIVACY, ANONYMITY, AND IDENTITY Driven in part by the ease with which information about individuals can be gathered, the Internet has amplified concerns about an interde- pendent set of issues privacy, anonymity, and identity (Box 5.1~. The closely associated subject of authentication is discussed in the following section. Also discussed here are the trade-offs that all of these might impose on privacy and individual rights. The section outlines important interactions among the Internet's technology, the Internet service pro- viders and related industry actors, Internet users, and policy develop- ment and identifies some avenues where progress might be expected. These issues are not new, but Internet growth and penetration have heightened attention to them and are influencing the context within which the Internet is evolving. Privacy Concerns about privacy have accompanied and been shaped by the development of technology for over a century.3 They have grown in 3see, for example, Samuel warren and Louis srandeis. 1890. ''The Right to Privacy., Harvard Law Review 4~193y, which laid out some of the fundamental arguments in favor of

IMPLICATIONS FOR BROAD PUBLIC POLICY 181 recent years with the introduction and widespread practice of such inno- vations as sophisticated customer profiling and telephone soliciting. The Internet has aggravated the situation. In surveys, people express concern about the amount of personal information available on the Internet, who controls that information, and how it may be used. For example, a 1998 Business Week survey4 found privacy to be the number one consumer issue facing the Internet, surpassing cost, ease of use, security, or spam. This survey found that 78 percent of online users would increase their use of the Internet if privacy practices were disclosed and that 61 percent of nonusers would be more likely to begin using the Internet if privacy practices were disclosed. (Survey answers notwithstanding, many people do provide personal information; most notably, some have chosen to pro- vide a good deal of personal information in exchange for free Internet access.) The absence of generally accepted, workable solutions is likely to continue to lead to calls for regulation, at least in the most troubling areas. For instance, concern about the online privacy of children in particular, information they might be induced to reveal about themselves or their families resulted in the passage of special legislation, the Children's Online Privacy Protection Act of 1998. Although there are pressures for broader change today,5 the outcome is uncertain. Historically, privacy advocates have been in the minority, people's actions belie the results of opinion surveys, and political pressure in the United States has been in- sufficient to invoke significant action. Mid-2000 debates over Federal Trade Commission interest in legislation related to online privacy are emblematic. In the United States, people continue to argue about privacy as a legal, protected right, while government-based inquiries into privacy policy have articulated principles for public policy and private action, notably so-called fair information practices. The essential elements of fair information practices are generally described as awareness, choice, data privacy in modern society. The article was occasioned in part by privacy issues created by developments in photography and photojournalism. see also Alan westin. 1967. Privacy and Freedom. New York: Atheneum; spiros simitis. 1987; ''Reviewing Privacy in an Infor- mation society. University of Pennsylvania Law Review 135:707-746; and James Katz and Annette Tessone. 1990. '~Public Opinion Trends: Privacy and Information Technology., Public Opinion Quarterly 54:125-143. 4As reported by TRUSTe at <http://www.truste.org/webpublishers/pub_bottom.html>. 5A survey in 2000 by Odyssey, a market research firm, found that 82 percent of online households in the United states agreed that the government needed to play a role in how companies use personal information and 92 percent expressed some distrust of companies when it comes to protecting the confidentiality of personal information. see Steve Lohr. 2000. '~survey Finds Few Trust Promises on Online Privacy., New York Times, May 17, p. C4.

182 THE INTERNET'S COMING OF AGE security, and customer access.6 First advanced in the 1970s by a congres- sionally chartered commission on information privacy,7 these practices were also discussed in the context of l990s policy making on the na- tional/global information infrastructure and electronic commerce.8 Privacy relates to the use, release, and availability of personal infor- mation,9 that is, any information that is linked to an individual's identity or to attributes closely associated with that individual's identity. Per- sonal information is collected or revealed both directly, as happens when a user enters information into a Web form and submits it, and indirectly, as happens when information is gathered from publicly available infor- mation such as an e-mail directory. Whether in physical space or cyber- space, individuals are motivated to provide information about themselves for a variety of reasons, including the following: to obtain a desired product, service, or end result (e.g., a loan commitment or a health claim benefit); to obtain better, more customized/personalized products and services (e.g., personalized news); to obtain specific information of value (e.g., stock quotes) or in anticipation of gaining some unspecified benefit (e.g., current bargains or offers); or to be rewarded with rebates and dis- counts, loyalty points, or frequent flyer miles. At the same time, people worry, sometimes with justification, that their personal information may fall into the wrong hands or be misused. These concerns include such undesirable results as receipt of annoying and unwanted information or sales pitches; denial of a desired product, service, or end result (e.g., health coverage, an auto loan, or a job); personal embarrassment; damage to one's reputation; loss of trade secrets; or becoming a victim of some criminal activity such as stalking, theft, fraud, or identity takeover. 6See Department of Commerce. 1998. "Elements of Effective Self-Regulation for Protec- tion of Privacy." Available online from <http://www.ntia.doc.gov/reports/privacydraft/ 198DFTPRIN.htm>. While all seem to agree on basic principles, there are variations in the privacy frameworks that are used. For example, the Federal Trade Commission added another element, enforcement/redress, in a recent report to Congress. This is not surpris- ing, given the FTC's nature as an agency that makes and enforces rules. See Federal Trade Commission. 1999. "Self-regulation and Privacy Online: A Report to Congress." Washing- ton, D.C.: Federal Trade Commission, July. 7Privacy Protection Study Commission. 1977. Personal Privacy in an Information Society. 8Similar principles are contained in the "Electronic Bill of Rights" presented in the First Annual Report of the U.S. Government Working Group on Electronic Commerce . See U.S. Government Working Group on Electronic Commerce. 1998. First Annual Report, Novem- ber, p. 17. Available online at <http://www.doc.gov/ecommerce/E-comm.pdf>. 9"Privacy" is distinct from confidentiality, which refers to the protection of all types of sensitive information and is not necessarily approached from the perspective of protection of personal information per se.

IMPLICATIONS FOR BROAD PUBLIC POLICY 183 One area of particular concern is that information provided with the user's knowledge can also be used for purposes other than that for which it was originally provided. Web servers can store personal information given by the user while visiting the site; Web site operators can subse- quently use that information for other purposes, such as marketing, or provide or sell it to third parties. Users do not necessarily understand or appreciate the value of the information they provide, especially when different bits of information can be combined and used for new purposes. An individual data item by itself might not appear to pose a privacy concern. But when information is combined or associated with other, seemingly harmless bits of information often collected under different circumstances to build a dossier on a user, it may provide insights the user would consider detrimental. For instance, behind-the-scenes track- ing of users by means of cookiesl° could permit address information en- tered at one Web site to be linked with tracking data indicating that a user had browsed several adult content Web sites. The result might be the unwanted, unexpected arrival in the mail of advertisements for adult films. In other cases, combining personal data from different sources can add value for customers. For example, an online bookseller that knows a customer enjoys Danielle Steel novels may send the customer a review of a new book by a different author that has been purchased by other cus- tomers with similar tastes.ll The customer never requested this informa- tion but may be glad to receive it. As another illustration, an airline Web site may refer a registered user who wants information about inexpensive vacations to a travel packager, who then e-mails the airline customer about bargain travel opportunities. In both examples a firm uses personal information to offer services and products that some customers perceive as valuable and others as a waste of time, offensive spam, or gratuitous . invasions or privacy. A second area of concern with respect to the Internet is that some personal information can be collected online without the user's direct 10A cookie is a small piece of information that a Web site stores on your Web browser on your PC and can later retrieve. The cookie cannot be read by a Web site other than the one that set the cookie. Cookies can be used for a number of administrative purposes for example, to store your preferences for certain kinds of information or to store a password so that you do not have to input it every time you visit a Web site. Most cookies last only through a single visit to a Web site. Users can set up their Web browser to inform them when cookies are set or to prevent cookies from being set. 1lThis type of service relies on collaborative filtering technology, which guides people's choices of what to read, view, purchase, etc. based on information gathered from other people, such as other customers with similar preferences or purchasing patterns.

184 THE INTERNET'S COMING OF AGE knowledge or consent (either implied or by opt-out or opt-in decisionsl2~. For example, a Web site can store personal information on the user's computer as cookies or as hidden fields in URLs and forms that are acces- sible by that or other Web sites. Not only can personal information be collected by all of the organiza- tions and businesses that people interact with on the Internet, but it can also be collected by the Internet service providers themselves. One such example is that ISPs can and do record information on user actions (for internal purposes or to comply with a court order). Such information could include which DNS names are looked up by a particular customer, which Web sites are visited by a customer at what times, and how much information is transferred. Though the technical capability exists, ISPs may or may not regularly gather such information. Considerations in- clude the potential for alienating their customers and the performance degradation that could result from extensive monitoring. Although it is becoming more widely known that service providers can collect personal information, many users are still unaware of this possibility and its impli- cations. Another privacy concern relates to Internet infrastructure databases. Information can be captured from user e-mail addresses or directories made public by Internet service providers. For example, records of do- main name registrations and address allocations have traditionally been available to the public to permit users in other domains to track down problems and get assistance in resolving them. Now, however, these databases are being captured and used for targeted marketing purposes, which has led to calls for not making the data public. This echoes recent litigation over whether the customer proprietary network information (CPNI) collected by telephone companies, which includes the duration, frequency, and location of calls, may be given or sold to telemarketers without the explicit permission of customers.l3 Similarly, when govern- ment information that is in principle public but in practice hard to ac- 12In recognition of both the positive and negative aspects of collecting personal informa- tion, privacy experts distinguish between opt-in and opt-out approaches to managing the use of personal information. The first requires that the individual specifically authorize the use to which the information is put, while the second requires only that individuals have the option to state that they do not wish the information to be used in a particular manner. 13In August 1999, the U.S. Tenth Circuit Court of Appeals issued a ruling vacating the FCC's CPNI rules. (U S WEST, Inc. v. FCC, 10th Circuit No. 98-9518, filed August 18,1999), holding that the FCC's CPNI rules "must fall under the First Amendment." The Tenth Circuit Court's mandate has not yet been issued. According to the FCC, further litigation is possible. (See FCC. 1999. Common Carrier Bureau's Homepage for the CNPI Proceeding. Common Carrier Bureau, FCC, September 9. Available online at <http://www.fcc.gov/ ccb /ppp /Cpni/welcome.html>~.

IMPLICATIONS FOR BROAD PUBLIC POLICY 185 cess such as property tax or motor vehicle records is made readily available over the Internet, this may be viewed as a violation of privacy.l4 "Online privacy" is generally understood to refer to information col- lected via e-mail, chat applications, user interactions with Web sites, and the like. The likely proliferation of networked appliances, sensors, and other embedded systems, which was discussed in Chapter 2, introduces new modes of information collection and new issues with respect to indi- vidual privacy on the Internet. Networked embedded devices are ex- pected to become a pervasive technology because of the powerful instru- mentation that can be achieved by placing sophisticated but low-cost sensor/actuators within physical environments.l5 Much as other net- worked resources have been used in novel and unexpected ways, it is also reasonable to foresee that networked devices will be used in ways that surpass the original intended uses of the collected data. Some of these will raise new privacy concerns and trigger debates similar to those sur- rounding online privacy. The same technologies that allow tracking people for legitimate purposes can also be used to monitor their activities invasively. This sort of debate has already arisen in the context of the recent Federal Communications Commission mandate that cellular tele- phone operators provide the means to determine much more precisely the position of callers when they place 911 (emergency) calls. These concerns are sure to grow in importance and attention as these devices are more and more widely deployed, as they almost surely will be. As a starting point, it appears reasonable to apply the same basic principles that have been applied to personal information to information that is passively collected by networked devices. That is, individuals should be informed that information about them is being collected and for what purpose, and they should be given the opportunity to view that information and make corrections. There are also issues of whether ex- plicit consent must be obtained (both for initial use and any subsequent uses). For consent to be meaningful and informed, it must be solicited in a carefully stipulated manner, and the individual must be given recourse. It is unclear, thus far, to what extent voluntary actions are addressing these privacy concerns. The most visible indicator may be statements of privacy policies verbal disclosures about what information is collected and how it is used. On the positive side, a study by Mary Culnan of the McDonough School of Business at Georgetown University found that 14A complementary situation where government seeks to capitalize on the broad reach of the Internet is the posting of information about individuals who have violated certain laws. 15A separate report from CSTB on these technologies is anticipated in 2001.

186 THE INTERNET'S COMING OF AGE nearly two-thirds (65.9 percent) of commercial Web sites that collect per- sonal information post some sort of privacy disclosure.l6 However, the same survey also indicates that only about 14 percent (and fewer than 10 percent of sites that collected personal information) provided privacy disclosure statements that addressed all four basic privacy elements (i.e., awareness, choice, data security, and customer access; for definitions see later in this chapter) and offered contact information to consumers with questions about the firm's privacy policies. A contemporaneous Forrester Research Briefl7 echoes this point, stating that "90 percent of sites fail to comply with the basic four privacy principles," and regular assessments by the Federal Trade Commission and privacy advocates raise questions about the willingness and ability of organizations to undertake this com- paratively simple measure. Technical Approaches to Protecting Privacy lust as Internet technology can accelerate and complicate the loss of privacy on the Internet, it can also protect that same privacy. For in- stance, as a countermeasure to the hidden gathering of information via cookies, Web browsers now can be set to deny loading of this personal information or to let users approve them on a case-by-case basis, and other software tools are available to help users manage these cookies. Web users are likely to find this a complex and tedious process, however, and some sites may not function with cookies disabled. As a conse- quence, new technologies are being developed to automate negotiations over privacy between users and the Web sites they wish to reach and to control the gathering of information based on these negotiations. All of the privacy-enhancement mechanisms are controversial; each embodies a particular set of features and trade-offs. Some have attracted many sup- porters, but there is thus far no consensus on the best mechanism. This is not surprising, because the technology is still evolving (through experi- mentation), as are privacy policies and procedures and attitudes about the mix of technical and nontechnical approaches. One new technological approach is the Platform for Privacy Prefer- ences (P3P), which is being developed by the World Wide Web Consor- 16Mary J. Culnan. 1999. Georgetown Internet Privacy Policy Survey: Report to the Federal Trade Commission. Washington, D.C.: McDonough School of Business, Georgetown Univer- sity, June. Available online at <http: / /www.msb.edu/faculty/culnanm/GIPPS/ mmrpt.PDF>. 17PaulR. Hagen. 1999. Privacy Wakeup Call. Cambridge, Mass.: ForresterResearchInc., September 1. Available online at <http: / /www.forrester.com/ER/Research/Brief/ Excerpt/0,1317,7803,FF.html>.

IMPLICATIONS FOR BROAD PUBLIC POLICY 187 tium.~8 P3P helps the user screen information requests and gives the user control over the delivery of requested information, including negotiation of privacy terms between the user and the service provider. It operates as a kind of digital analog to caller ID and caller ID blocking, whereby an answering party wishes to know who is phoning but may be denied this information if the calling party blocks the request. P3P increases the explicitness with which privacy policies are expressed, allowing the user and the service provider to specify the terms of use for each data item- i.e., how and for what purpose the information will be used and with whom it will be shared. P3P has the appeal of automation it can dimin- ish the need for ongoing monitoring and intervention by Internet users- but it requires significant setup effort. To specify privacy preferences down to each data element, a user may have to set 100 or more param- eters; alternatively, he or she can rely on a program that maps/infers these parameters from a smaller set of higher level preferences (or through learning user preferences by observing behavior). The system can also simply work with default settings that can be overridden by the user. Further complicating use of this technology is that user preferences may change frequently, making it hard to track what was agreed to for each data exchange. It is also an approach that requires multilateral actions- the installation and use of appropriate software by both providers and user. P3P has already been valuable for its contribution to the debate about online policy. As a sophisticated technical mechanism, it shows how the technology needs to be meshed with practice and procedure by individuals and organizations and illuminates some of the trade-offs in- volved in protecting on-line privacy. Policy and Regulatory Approaches to Privacy Protection The legal and regulatory environment surrounding privacy protec- tion on the Internet remains quite mixed and uncertain. The United States has generally dealt with privacy sector by sector, and policy has generally favored industry self-regulation or other nongovernmental solutions such as the technical approaches described above, although the government has articulated the fair information practices described above. Many firms participate in industry self-regulatory efforts, and many provide custom- )8World Wide Web Consortium (W3C). 2000. The Platform for Privacy Preferences 1.0 (P3P1.0) Specification, W3C Working Draft 10 May 2000. Cambridge, Mass.: W3C. Avail- able online at <http://www.w3.org/TR/P3P/>. See also Joseph Reagle and Lorrie Faith Cranor. 1999. "The Platform for Privacy Preferences." Communications of the ACM 42~2~: 48-55.

188 THE INTERNET'S COMING OF AGE ers with privacy guarantees that go beyond legislative or regulatory re- quirements, such as opt-in policies, which require explicit customer con- sent before sharing information. Under the opt-in approach, it is left to individuals to make their own judgments about which commercial firms (and other individuals) can be trusted to use their personal information wisely. In the case of commercial service providers, trust can be engen- dered and cultivated through a number of factors, including the firm's brand and reputation; the customer's experience and relationship with the service provider; referrals and testimony by third parties; the service provider's stated policies and guarantees, backed by appropriate recourse; third-party seals of approval that the service provider's policies are ac- ceptable; industry self-regulation; and enforceable contracts, laws, and regulations. There have been a number of exceptions to the prevailing self-regulation approach. Federal and state legislation has been passed to increase the privacy of individual records in certain sectors such as health care, credit reporting,l9 cable television, and video rentals, and legislation was passed aimed at protecting the privacy of children online (the Children's Online Privacy Protection Act). Ongoing debate over sector- specific protections attests to the importance attached to the protection of certain kinds of personal information; the prospects for generalizing that importance remain uncertain, however, although a number of cross- sectoral issues are getting more attention (e.g., the privacy of employees vis-a-vis their employers). The appointment in the late 1990s of a Chief Counselor for Privacy at the Office of Management and Budget has at least symbolic value and may be the beginning of a more comprehensive consideration of protecting information about individuals collected by the government as well as the private sector. Some other countries have acted more broadly or directly to protect privacy. In particular, the European Union (KU) has adopted a more 19A set of principles resembling those adopted for privacy protection is contained in the Fair Credit Reporting Act (Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq.) as amended by the Consumer Credit Reporting Reform Act of 1996 (Public Law 104-208, the Omnibus Consolidated Appropriations Act for Fiscal Year 1997, Title II, Subtitle D, Chapter 1), Section 311 of the Intelligence Authorization for Fiscal Year 1998 (Public Law 105-107), and the Consumer Reporting Employment Clarification Act of 1998 (Public Law 105-347~; see the discussion and full legislative text, available online at <http://www.ftc.gov/os/ statutes/fcra.htm>~. The FCRA requires consumer credit reporting agencies to inform individuals when information is being collected about them and for what purpose, and individuals have the right to see this information and to correct it if it is inaccurate. More- over, credit issuers must let customers know they may opt out of information sharing, which includes both using the data internally for cross-marketing and selling the data to third parties.

IMPLICATIONS FOR BROAD PUBLIC POLICY 189 inclusive, government-led regulatory framework for privacy protection. The EU Directive on Data Protection, which took effect in October 1998, permits EU members to block the transfer of personal information about EU citizens to other countries that do not offer adequate protection of privacy. To pass the threshold, organizations must fulfill a number of requirements: among other things, they must tell individuals when they collect information about them, disclose how it will be used, and provide individual access to the information. Individuals must provide informed consent before a company or other organization can legally use the data. Thus, the EU directive mandates opt-in usage policies rather than the opt- out policies common in the United States, lapan, and many other coun- tries. Each EU member nation must enact its own laws to implement the directive. The United States is one of the nations whose privacy protec- tions have not met the EU threshold.20 As a consequence, the United States and the European Commission (EC) of the EU have negotiated guidelines that would serve as a "safe harbor" for U.S. companies want- ing to receive information from the EU.21 The pressures to harmonize privacy policies on an international basis are a good example of the effect the Internet's global reach is having on national policies.22 20For example, the opt-out policies that are used by many U.S. firms, whereby customers must request that their personal information not be used or disclosed to others, do not meet the EU threshold of adequate privacy protection. U.S. firms also cite cases in which they use personal information obtained from others (e.g., mailing lists) and do not retain it, so that it would be impractical for them to give customers unconditional access to the informa- tion. 21The safe harbor guidelines state that U.S. organizations must inform individuals why they are collecting personal information, with whom they will share that information, and how individuals can limit its use and disclosure. Organizations must also offer individuals access to the information, as well as the opportunity to choose whether and how the per- sonal information they provide is used or disclosed to third parties. In addition, organiza- tions must take "reasonable measures to assure its [data] reliability for its intended use and reasonable precautions to protect it from loss, misuse, and unauthorized access, disclosure, alteration and destruction." The agreement also states that EU member states will be bound by the agreement; that it will be presumed that companies within the safe harbor provide data protection; that data flows to those companies will continue; that, generally, only the EC will be able to interrupt personal data flows; and that U.S. companies will have a grace period in which to implement the policies. See Electronic Commerce Task Force. 2000. "Safe Harbor Privacy Principles." Washington, D.C.: Electronic Commerce Task Force, In- ternational Trade Administration, U.S. Department of Commerce, Draft of June 9. Avail- able online at <http://www.ita.doc.gov/td/ecom/menu.html>. 22The recent activity associated with the EU privacy directive builds on a history of con- cern for transborder data flow that preceded the commercialization of the Internet. It builds on different national traditions relating to social policy and rights and responsibilities in

190 THE INTERNET'S COMING OF AGE A very different approach to privacy protection, advocated by some scholars more than 30 years ago, would have governments enact legisla- tion giving individuals explicit property rights to their personal informa- tion.23 Individuals would then be in a position to bargain with organiza- tions over the price and other terms for using their personal information; and they could legally enforce such agreements if violated. Some firms (e.g., Microsoft and Privaseek) are investigating how they might profit from commercially implementing such a system. Proponents of this ap- proach argue that, at least on the Internet, standardized agreements for the use of personal information, software technologies such as P3P, and agents acting for individuals could reduce transaction costs to a workable level assuming sufficient ease of implementation. Privacy could then become a matter of consumer choice, backed by normal commercial and consumer protection laws, rather than a difficult and often intractable political issue. Opponents contend, among other arguments, that imple- menting individual property rights to personal information would be unworkable; that it would unnecessarily impede the development of elec- tronic commerce; that those people most in need of privacy protection would be the least able to negotiate with large organizations; and that in any case, society should not let individuals bargain away their fundamen- tal rights to privacy.24 Anonymity Identification for the purpose of granting access to systems and infor- mation is a basic function of computer systems, and it has been an objec- tive of mechanisms and procedures put in place by managers of large computer systems for decades. At the same time, technologies are being developed that make it difficult or impossible to identify the origin of computer-mediated communications. general, and it also builds on the competitive posturing of nations. The EU's actions, for example, reflect concerns about privacy per se as well as European recognition of the com- petitive impact of U.S.-owned businesses that interact with Europeans. 23Alan Westin. 1967. Privacy and Freedom. New York: Atheneum, pp. 324-325; Arthur R. Miller. 1969. "Personal Privacy in the Computer Age: The Challenge of New Technology in an Information-Oriented Society," Michigan Law Review 67(April):1224-1225. 24Some argue that the "fundamental asymmetry between individuals and bureaucratic organizations all but guarantees the failure of the market for personal information." Oscar H. Gandy, Jr. 1996. "Legitimate Business Interests: No End in Sight? An Inquiry into the Status of Privacy in Cyberspace." University of Chicago Legal Forum 1996:77-137.

IMPLICATIONS FOR BROAD PUBLIC POLICY 191 Individuals have a variety of reasons for wishing to be anonymous. 25 Anonymity is of particular importance for some types of political speech26 and in other instances, such as when reporting certain kinds of incidents to the police or regulatory authorities. More generally, some people pre- fer to protect their privacy when they communicate or engage in commer- cial or other transactions in general or under certain circumstances.27 A counterweight to individual interests in anonymity is the demand by individuals, organizations, and society in general that other individuals and organizations be accountable for their actions, often to protect against fraud and illicit or improper actions. Identity can be important if a com- mercial dispute arises, if a crime or tort is suspected, or for taxation and other legitimate government purposes. Anonymity is perceived as unde- sirable when it becomes an enabler of such activities as libel, distributing pornography to minors, or engaging in money laundering. The Internet amplifies these conflicting needs by simultaneously making it easier to track and monitor individuals (sometimes invisibly) and making it easier for people to act anonymously. For example, Web sites often allow or encourage users to adopt anonymous or pseudonymous identities when participating in chat rooms and other public meeting places. E-mail users are free to take on pseudonymous identities (e.g., TohnDoe~example.com, guesswho~example.com) when using many e-mail services. Some be- lieve that the ease of assuming an anonymous identity on the Internet encourages unethical or illegal activities (such as spamming, harassment, 25For a recent examination of the role of anonymity online, see Al Teich, Mark S. Frankel, Rob Kling, and Ya-ching Lee. 1999. "Anonymous Communication Policies for the Internet: Results and Recommendations of the AAAS Conference." The Information Society 15~2~. 26See, for example, McIntyre v. Ohio Elections Commission, 514 U.S. 334 (1995~: . . . the interest in having anonymous works enter the marketplace of ideas unquestionably outweighs any public interest in requiring disclosure as a condi- tion of entry. Accordingly, an author's decision to remain anonymous, like other decisions concerning omissions or additions to the content of a publication, is an aspect of the freedom of speech protected by the First Amendment. Under our Constitution, anonymous pamphleteering is not a pernicious, fraudulent practice, but an honorable tradition of advocacy and of dissent.... The State may, and does, punish fraud directly. But it cannot seek to punish fraud indirectly by indiscriminately outlawing a category of speech, based on its content, with no necessary relationship to the danger sought to be prevented. 27English and American law also recognize the legitimacy of cash transactions where either the buyer or seller, or both, prefer not to be identified. However, the right to anonym- ity in commercial transactions is not absolute limits are imposed in the United States in instances such as hand gun purchases or, as a countermeasure to money laundering, cash deposits exceeding $10,000.

92 THE INTERNET'S COMING OF AGE defamation, pirating of music or software, stalking, or exchanging child pornography) and thus poses additional risks to society that require greater government surveillance and action.28 One area of particular con- cern because of its potential to damage an innocent third party without his knowledge or consent is masquerading, in which an anonymous en- tity transmits a libelous message or conducts a transaction that appears as if it came from another individual.29 The debate over anonymity on the Internet epitomizes the challenge posed by the sophisticated, complex, and poorly understood technology that underpins the Internet. People tend to act based on what they see and understand, and it appears that unless they have specialized techni- cal knowledge, people may have false expectations of anonymity. Service providers cooperate with government authorities that are investigating suspected criminal activity and may choose to cooperate with efforts to control other forms of undesirable behavior online. Employers may moni- tor online conduct, a practice that is reportedly growing, with uneven notification of employees. Individuals seeking anonymity may use ser- vices that provide less of that quality than they think, just as they may adopt information security measures such as encryption or firewalls that, because of their design or implementation details, are less effective than they think. Given that concerted efforts to identify an individual will only be made in particular circumstances, imperfect protections of ano- nymity may well have a silver lining. With experience, users may become more aware of what does and does not provide them the anonymity they desire, but this awareness may only come through bad experiences. Technology can significantly increase anonymity. E-mail senders can take measures to further hide their identities by using anonymous remailers, which strip off header information about the sender before forwarding the message to its destination.30 More sophisticated services 28This point was echoed in the report of a government task force looking at unlawful online conduct. (See President's Working Group on Lawful Conduct on the Internet. 2000. "The Electronic Frontier: The Challenge of Unlawful Conduct Involving the Use of the Internet: A Report of the President's Working Group on Unlawful Conduct on the Internet." March. Available online from <http: / /www.usdoj.gov/criminal/cybercrime/ unlawful.htm>.) 29This concern should be distinguished from issues related to anonymity in general. The names used for anonymous communications could, for example, be restricted to a special set reserved for just that purpose and thus not useful for masquerading; this is the ap- proach taken in RFC 1422, which defines an approach for privacy-enhanced Internet e-mail. (S. Kent. 1993. Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management, RFC 1422. Networking Working Group, Internet Engineering Task Force. Available online at <http://www.ietf.org/rfc/rfcl422.txt>.) 30A seminal paper on which practical designs have built is David L. Chaum. 1981. "Un- traceable Electronic Mail, Return Addresses, and Digital Pseudonyms." Communications of the ACM 24~2~.

IMPLICATIONS FOR BROAD PUBLIC POLICY 193 make use of encryption and transmission through a series of anonymous remailers (perhaps located in several different countries), which make tracing the message very difficult even if some of the remailers are com- promised.3~ Similar approaches can be used to anonymize Web transac- tions and the transmission of IP traffic across the Internet. These have progressed in status from being the subject of academic research to com- mercial deployment; Zero Knowledge Systems, for example, offers a com- mercial service called FreedomNet, which is designed to block the tracing of IP traffic back to its source and to provide tools that control other identifiers such as cookies.32 Meanwhile, e-mail software and Web-based e-mail services could al- low users to filter out anonymous messages if they do not want to receive them capabilities analogous to not accepting phone calls from callers who have disabled caller identification if an infrastructure is in place to ascertain the identity of senders. While they are imperfect solutions and address only one class of problem associated with anonymity, such capa- bilities show that technology can respond to some of the concerns raised by online anonymity. The legal status of anonymity on the Internet remains contentious and unresolved. Anonymity on the Internet has positive as well as nega- tive social value, suggesting that a blanket prohibition is unlikely. It is not an absolute right in all circumstances, however, and society generally expects that individuals be held accountable for harmful or illegal actions, whether or not under the cloak of anonymity. Thus, abuses of anonymity undoubtedly will bring political pressures to shut down anonymous ser- vices or impose close monitoring or registration requirements on them. Existing laws and regulations that govern the behaviors and actions of concern may or may not be deemed adequate to cope with online anony- mous behaviors. Some recent legislative proposals would make certain anonymous actions illegal, holding providers of anonymous e-mail services, as well as for a good discussion of current battles to preserve or defeat anonymity, see David Mazieres and M. Frans Kaashoek. 1998. ''The Design, Implementation and Operation of an Email Pseudonym server. Proceedings of the 5th ACM Conference on Computer and Communi- cations Security. Available online at <http://www.lcs.mit.edu/impact/perspect/9901.pdf>. 32Much of the design is traceable to research on onion routing. see P. syverson, M. Reed, and D. Goldschlag. 1997. '~Private Web srowsing.~, Journal of Computer Security 5~3~:237- 248; Michael G. Reed, Paul F. syverson, and David M. Goldschlag. 1998. ''Anonymous connections and Onion Routing,,, IEEE Journal on Selected Areas in Communication Special Issue on Copyright and Privacy Protection; and David M. Goldschlag, Michael G. Reed, and Paul F. syverson, onion Routing for Anonymous and Private Internet connections, Com- munications of the ACM 42~2~.

94 THE INTERNET'S COMING OF AGE message originators, responsible for message contents or even prohibit- ing anonymous messages altogether. Anonymous online conduct has also been the subject of international discussions on how to address a perceived rise in "cyber crime." Law enforcement agencies, in particular, seek ways to pierce the veil of anonymous remailers when investigating suspected criminal activities. Such efforts are constrained by the global nature of the Internet; anonymizers can be located in other countries and messages can be passed through servers in multiple countries. Some people, in the interest of combating child pornography, drug trafficking, and other crimes, would prohibit anonymous e-mail altogether. Others point to the value attached to anonymity in U.S. legal tradition, such as a 1995 U.S. Supreme Court decision that upheld an individual's right to send anonymous political leaflets,33 and argue that the same principles should apply to Internet communications as well. An interesting, unresolved question is the extent to which specific solutions might alleviate the need for wholesale use of the more general anonymity services discussed here. For example, some of the need for anonymity would go away if satisfactory solutions were found for pre- serving individual privacy. And some other needs for anonymity, such as those occasioned by political expression or whistleblowing without fear of reprisal, might be accommodated by special anonymous forums (e.g., an anonymous posting site) established for those particular pur- poses. Importantly, there are steps that the various interested parties can take to identify ways of resolving tensions associated with anonymous online communication. For instance, e-mail service providers, remailers, Web sites, and online communities can develop, publicize, and imple- ment specific policies about appropriate and inappropriate use of anony- mous or pseudonymous communications. Industry and user groups can work together to develop standard guidelines for such policies. Another useful step, in line with the practices of some services today, would be for such policies to clearly state the situations in which user identities may be disclosed to others. Identity Issues of privacy and anonymity ride on top of how we establish, manage, and even understand identity against a background of global networks and powerful databases. Controlling information about one's 33McIntyre v. Ohio Elections commission, 514 u.s. 334 1995.

IMPLICATIONS FOR BROAD PUBLIC POLICY 195 identity and the links to data about that identity is one way that we can achieve privacy. Anonymity can be thought of as one extreme of identifi- cation, namely, the absence of any personal identification. In this section, the committee presents some basic principles of "digital identity" that may help reconcile the conflicts surrounding information disclosure, pri- vacy, and accountability on the Internet. It hopes these principles will serve as a useful framework for future policy in the privacy area as well as for finding and implementing technical solutions in support of the vari- ous privacy requirements resulting from industry self-regulation and gov- ernment legal and regulatory actions. Individual identity is a complex concept. Each of us has different identities, with different roles and attributes, in different situations and at different times. A person can simultaneously be a parent, spouse, em- ployee, consumer, auction buyer or seller, patient, and member of various organizations. People often try to keep these different identities separate. They may do this by providing more, less, or simply different information to different persons, government organizations, or commercial service providers. To the extent that people are able to do so, they make it difficult for third parties to link the actions and activities of their different identities and conclude they belong to a single individual.34 The nature of Internet interactions and the explosive growth of electronic communities, sliced across a number of different geographic and demographic factors, amplify this need greatly and mean that more information is available from more sources and to more parties in a context that allows collecting pieces of information from disparate sources and matching them by tech- nical means. While the Internet indeed poses serious challenges related to identity, it also offers elegant and powerful tools for balancing individual and societal needs for privacy, anonymity, and accountability. Examples of the tools emerging include tools that allow the individual to manage and 34This is significantly easier to do in the United states, where the absence of a mandatory national identifier makes it easier for an individual to maintain separate identities that cannot be easily associated with one another. A number of other countries have measures in place that embrace a single, unique identifier for each person E.g., a national ID cardy, and some are moving to implement this approach electronically E.g., the '~qualified certin- cate concept expressed in a recent European union directive on public key certificates and work in the IETF,s Public-Key Infrastructure ~x.509' working group'. Not only does this run counter to u.s. practice and philosophy, it represents a more simplistic view of identity than the discussion here would argue for and enables the easy linking of one s various activities with a single individual profile. The widespread use of such common identifying information as the Social security number does, however, limit the extent to which one can separate identities.

196 THE INTERNET'S COMING OF AGE control "multiple identities," using one or more certifying authorities to validate various attributes where required. These tools also help the individual track and monitor what information is being collected and how this information is actually used. A caution, however, is that such tools depend in many cases on a foundation of effective security mecha- nisms and practices, including authentication capabilities that are not widely available (the exceptions being such instances as a merchant au- thenticating a customer's credit card account or two parties with prior relationship authenticating each other). It is possible for individuals to have multiple digital identities on the Internet for use in different contexts and situations. Personal informa- tion such as name, school, and job affiliations, home and business ad- dresses, telephone and fax numbers, e-mail addresses, drivers' licenses, passports, credit cards, and other identifying records can be stored and made selectively available on the Internet by the user, much as a person now physically takes out various cards from his or her wallet for different purposes. Today, users who make use of multiple services are likely to have established what effectively amounts to a portfolio of identities in which varying amounts of personal information have been provided, de- pending on the nature of the transaction, the information requested by the other party, and the type of information the user has chosen to pro- vide. In many cases these different identities can be linked using either information provided by the user (e.g., name and address matching) or information gained from cookies that different Web content and service providers have placed on user machines. But in many other cases, correct identity information is needed for accountability. When a firm gives an employee an e-mail address (IohnDoe~example.com) it in effect certifies that the person is affiliated with that company. Cookies on users' com- puters often contain a mixture of self-reported information and informa- tion certified by a provider. Certification authorities exist to authenticate characteristics of identity (such as age, location, or ability to pay) that are necessary to engage in certain activities or complete certain transactions.35 It is also possible to provide mechanisms that allow users to create digital identities that provide explicit control over what personal infor- mation is disclosed under what circumstances. Discussion groups and chat rooms, like e-mail, often tolerate if not encourage pseudonyms, and some online interactions, such as multiuser domains, encourage creation of artificial, even fantastic, identities in the spirit of play. Even when a transaction needs to be authenticated, a user's name does not need to be 35For a discussion of this approach to public key infrastructure, see s. Kent. 1997. "How Many Certification Authorities Are Enough., Proceedings of MILCOM 97 (unclassified pa- pers) 1 tNovembery: 61-68.

IMPLICATIONS FOR BROAD PUBLIC POLICY 197 disclosed; in a purchase transaction, it may be sufficient for a vendor to be able to associate an identity with a certification that the user has a valid credit card (or some other indication of ability to pay, such as an account at one of the new electronic money services).36 For example, the user can choose to send only a reference to the needed information and can use encryption or other authentication tools to make sure that only the in- tended party receives the information and that the receiving party is who or what it represents it is. The user is then able to give general instruc- tions to his or her digital identity agent about what information to release for which activities under what safeguards, or he or she can personally approve each use of data or each transaction. Such tools can provide distinct levels of digital identity on the Internet; these, in turn, can vary with the kind or degree of interaction and according to the stringency or authority with which the information about identity is established or at- tested to, ranging from the self-identified to private certification to gov- ernment certification of identity. A logical complement to relying on institutions with which one has established some relationship, such as a credit-card issuer, for identifying and certifying information is third-party repositories and/or certifiers. One approach may be user-controlled: the information making up one's digital identity can be stored in well-known places or managed by agents accessible to authorized parties on the Internet. Users of such a tool would be able to manage all components of their digital identity except for those that require certification, which will be controlled by the certify- ing entities. When organizations doing business on the Internet set out their privacy policies on their Web sites, users can instruct their digital identity agent to negotiate with the Web sites about release of personal data. This sort of automated process is, of course, only as good as the system and the user's choices. As described above, the P3P technology under development by the World Wide Web Consortium is one approach to facilitating the flow of necessary identifying information while still protecting individual privacy as defined by the user. An alternative is that, seeking greater convenience, people will choose not to maintain a high level of control over such information, electing instead to let third parties manage it for them. For example, users might use services that are less complex and less robust (e.g., there is no use of certifiers), relinquish- ing direct control over the use of their information. Examples of third- party systems now in the marketplace include Microsoft's Passport and Privaseek, online services that provide such features as password man- 36This is the approach used in the SET (secure electronic transactions) specification for payment card transactions over the Internet. See <htip://www.setco.org/set_specifica- [ions. htmb.

198 THE INTERNET'S COMING OF AGE agement and automatic completion of online forms based on saved infor- mation. Other services, such as Yodlee.com and VerticalOne work on behalf of the user by gathering the private information that users provide to diverse Web sites and aggregating them to present the user with a single, integrated view. These services are new, and the merits and con- sumer acceptance of approaches ranging from tight user control to del- egation of decisions to third parties remain to be proven. The prospect of third-party involvement in identity management begs the question of "identity portability" the ability to easily switch between identity agent services in an analogous fashion to number portability among telephone carriers meaning in this context that people's selected identities are not tied to a particular site or service. The emergence of technical approaches that allow individuals to man- age their online identities is a positive development. Such approaches depend on government and business cooperation. For example, respon- sible service providers will clearly state their privacy policies in digital form so that an individual's identity agent can readily determine whether or not to use the site. Privacy advocates argue that, in general, the amount of information required and revealed should be minimal for the purpose. It is also likely that we will see the emergence of tools and services that allow users to identify and document when privacy promises are vio- lated; such tools and services may be another alternative to regulation as a remedy. If digital identity is to become widely accepted, there will also need to be a legal framework for behaviors with respect to identity tech- nologies: Who, for instance, would be expected to decide who controls what about identity, and under what circumstances would they make this decision? How would conflicts be resolved? Some basic principles for such a framework include the following: · The information associated with each identity should be under the user's control. · The holder of a digital identity should not be compelled to reveal elements of that identity against his or her will except to the extent and under the circumstances dictated by law for a similar transaction offline. · An identity holder should be allowed to modify its elements as needed. · The theft or unauthorized modification of the elements of someone else's digital identity should be subject to appropriate penalties under either civil or criminal law. · Government-created or -certified identities need not be the default, although it may be necessary for governments to recognize certain certifi- cations as authoritative for official purposes. Such official certifications exist today, such as passports and drivers' licenses; these are issued for

IMPLICATIONS FOR BROAD PUBLIC POLICY 199 particular purposes and have specific regulatory criteria associated with them. AUTHENTICATION ON THE INTERNET Authentication the process of establishing that a particular claim about an entity's (e.g., a person's or organization's) identity is, in fact, valid is needed for many transactions, including electronic buying and selling, voting, access to health records, and so forth, and it is an essential element of the processes that bear on privacy and anonymity. But iden- tity authentication is a complex issue, not least owing to the multifaceted nature of identity. For example, e-commerce may not necessarily require verifying the identity of an individual but may instead require verifying whether an individual possesses certain properties relevant to a purchase (e.g., whether the individual is above a certain age, is authorized to make purchases using a particular payment mechanism, or is trusted to main- tain privacy/confidentiality). A related additional service, nonrepudia- tion, allows the receiver of a message to not only authenticate the sender but also be able to prove that the sender in fact originated the message. Authentication technology and practice build on a history of work in computer and communications security, including experience with people who have sought unauthorized access to information and systems, some- times by hiding or misrepresenting who they are. Because perfect secu- rity is a chimera, e-commerce security, like security in other domains, is generally thought of as a risk management process, whereby stronger and more costly technologies are introduced in response to the dynamics and magnitude of the risk. Issues such as buyer authentication and recourse for nonpayment arise in other commercial transactions, just as in e-commerce, and are dealt with in those contexts through a combination of technology, business practices, and sound risk management principles. Therefore the processes that are required to implement buyer protection, transaction enforceability, and dispute resolution for e-commerce can rely primarily on existing business risk management and legal frameworks. However, we do not yet have a large enough base of experience in types of risk and the legal and regulatory challenges a business faces when providing these authentication services over the Internet to fully under- stand what changes in business risk management and legal frameworks will be necessary, including clearly establishing the liabilities of authenti- cation providers. Support for authentication over the Internet is fragmented today. There is no standardized, widely accessible, cheap, and easy approach- in short, there is no single best-technology solution. Multiple technolo- gies for authenticating the identity or related attributes of individuals and

200 THE INTERNET'S COMING OF AGE organizations are in use and/or development. These range from simple solutions that make use of exchanging shared secrets (e.g., passwords) over secured communications links to more sophisticated systems that rely on the exchange of credentials or certificates that attest to the authen- ticity of an individual's identity or other attributes. User authentication mechanisms can be characterized as relying on something an individual knows (such as a password), something an individual has, and/or some- thing an individual is (an innate biological property). None of these is without shortcomings. To illustrate, a simple authentication mechanism is to challenge the other party with questions about a shared secret, such as a password, that only the intended recipient should know the correct answer to. This is what is generally used today in transactions with consumers over the Internet, typically in conjunction with secure sockets layer-based (SSL) encryption that makes it difficult for eavesdroppers to steal the con- sumer's password by monitoring network communications. Shared se- cret mechanisms such as passwords have a number of weaknesses; for instance, passwords chosen by users are often relatively easy to guess. The mechanisms can be strengthened by making the secrets dynamic, such as by using information contained in recent transactions or commu- nications (e.g., asking the customer what the amount of the first purchase listed on his most recent statement is). Because users are likely to make use of multiple services, there are ease-of-use issues when they have to manage multiple passwords potentially a separate password for each Internet account or service they use. Such considerations have led to commercial interest in services that offer to manage these passwords for consumers; several of these were discussed above in the section on iden- tity. And, more fundamentally, mechanisms that rely on shared secrets require that a relationship has already been established between the par- ties. The exception would be when the two parties do not know each other but do know and trust a third, neutral party who can use shared secrets with each to authenticate and vouch for each party on behalf of the other. Note, however, that third-party verification of individual identity is only as good as the verification conducted by the certifying authority- for example, How did it verify the identity of the individual? How much information has it certified?37 What guarantees and recourse does it pro- vide if the certified information proves false?38 37For example, if the certifying authority is not the same entity as the individuals agent in that arena berg., the credit card issuery can it responsibly perform that authorization E.g., authenticate that the individual is the rightful and authorized user of the cardy? 38There is an important distinction between authoritative certification authorities and

IMPLICATIONS FOR BROAD PUBLIC POLICY 201 Public key cryptography39 is commonly used to provide au~entica- tion and nonrepudiation services. A major challenge in public key cryp- tography work is distributing Me public keys in a secure manner so ~at, for example, an individual cannot be misled into using Me public key of someone who wishes to impersonate Mat individual by substituting Me impersonator's public key for the correct public key. Transacting parties Mat have a prior relationship can make use of already exchanged and validated public keys to validate the received digital signature. Other- wise, each could ask the other party to provide some sort of credential, such as one provided by a trusted third party that attests to Me au~entic- ity of Weir identity or some set of attributes including their public keys.40 The term public key infrastructure (PKI) is frequently used as a label for the technology, processes, and policies that underlie public key man- agement. PKI makes used of certificates that allow the identity of users to be authoritatively associated with their public key. One PKI model makes use of trusted third parties, known as certification authorities, who ~em- selves use public key cryptography to digitally sign certificates Mat bind Me identity of subscribers to a public key.41 PKI is a complex undertaking Mat requires the implementation of technical mechanisms, the establish- ment of procedures for the issuance and revocation of certificates, possi- bly updating directories, certificate revocation lists, and so form. The complicated nature of certificate management (e.g., registering, revoking, and updating certificates) is one hindrance to PKI's widespread use.42 trusted certification authorities. No one questions, for example, whether a company is trusted to identify its employees, because the company is understood to be the source of authoritative information on this subject. In contrast, an arbitrary third party does not have the same authoritative status. 39Public key cryptography also provides the basis for more robust encryption and au- thentication. The technique relies on a public, freely published key that is used to encrypt messages together with another, private key that is used for decryption. Importantly, the decryption key cannot be derived from the encryption key. This allows secret communica- tions where the only one who can decrypt a message is the holder of the private key that matches the public key that the message was encrypted in. 40Much of this discussion is based on the discussion of public key cryptography in Com- puter Science and Telecommunications Board (CSTB), National Research Council. 1998. Trust in Cyberspace. Washington, D.C.: National Academy Press, pp. 121-132. 41There are other PKI models; for example, Pretty Good Privacy (or PGP) makes use of a "web of trust" in which any user with a public key can issue a certificate for any other user. 42Specific difficulties include root and cross certifications, certificate revocation, and cer- tificate management. See Computer Science and Telecommunications Board (CSTB), Na- tional Research Council. 1998. Trust in Cyberspace. Washington, D.C.: National Academy Press, pp. 130-132. There are also questions as to when certificates need to be exchanged

202 THE INTERNET'S COMING OF AGE Lack of compatibility among different implementations is another ob- stacle. While there are base standards for PKI, they are not always fol- lowed, in part because some of today's systems were designed to be stand- alone systems. The technology is also still relatively costly, and its use incurs significant performance penalties; thus its use today requires suffi- cient transaction risk to justify the investment and some inconvenience in use. Biometrics, which is based on measurement of such physical charac- teristics as fingerprints, hand geometry, or iris shape, is also being used for identity authentication. Biometrics at first appears ideal because of its dependence on a physical feature that is unique to a person. However, its use of pattern matching carries the risk that an unauthorized user will be accepted or that an authorized user will be rejected and/or that the iden- tifying information will be misappropriated.43 The selection of an authentication technology entails trade-offs. For example, exchanging shared secrets has the disadvantage that these se- crets must be remembered and can be guessed or stolen, whereas more sophisticated authentication approaches, such as those that rely on PKI, often require certificate management, rely on sophisticated software and/ or hardware components, and cost more to deploy, along with other draw- backs. Biometrics technologies have issues with performance, such as user acceptance, the impact of compromise, and the risks of false rejection or acceptance. The use of two or more of these technologies (often called two-factor authentication) makes for stronger (harder to spoof) authenti- cation than the use of a single one but generally increases the cost and inconvenience. The ideal combination of authentication technologies for a given class of applications has yet to be agreed upon. Another set of tradeoffs must be made between the strength of the cryptographic algorithms required and the risk exposure associated with selecting lower strengths to reduce cost and system performance penal- ties. In addition, all systems, even those assumed to be strong, are suscep- tible to vulnerabilities associated with flaws in their implementation.44 and whether they can be stored and accessed via directories. For example, directory-based solutions have been proposed for simplifying some of the certificate management and pub- lic key distribution issues, but this is still relatively new and just emerging and not com- pletely compatible with current implementations. It is also important to distinguish be- tween when one needs certificates and when authentication can take place without certificates Where public keys are previously known or exchanged by other meansy. 43see computer science and Telecommunications Board ~csTsy, National Research coun- cil. 1998. Trust in Cyberspace. Washington, D.C.: National Academy Press, pp. 123-124. 44History has also shown that the adequacy of cryptographic algorithms is continually being challenged by inevitable advances in computer processor performance that makes code-breaking easier as well as by advances in code-breaking techniques and growth in the number of people who attempt to break cryptosystems.

IMPLICATIONS FOR BROAD PUBLIC POLICY 203 Deployed systems may not be as strong as they might at first glance appear. For example, in many implementations of digital signatures and certificates for authentication, the digital-signing software can itself be accessed through a simple password. Also, the strength of software-only systems is tied to the strength of the security mechanisms in the comput- ers on which they run; systems that run on personal computers are sub- ject to all of the well-known security limitations of these platforms. Addi- tionally, the vulnerability of a cryptographic algorithm will change over time with advances in computing and power cryptoanalysis techniques (and key lengths will be increased in response). Special-purpose hard- ware and token-based mechanisms, which rely on closed hardware de- vices such as smart cards or PC cards in place of software running on a user's PC, can offer greater security. The greater costs associated with hardware-based solutions may, however, make such solutions impracti- cal for many applications. These systems have their vulnerabilities as well, especially if they lack built-in displays and input devices, and one must rely on the PC for interaction with the user.45 The relation between these trade-offs and the various security technology options is poorly understood. It appears likely that, despite their many limitations, shared secrets (e.g., passwords) will continue to be used for consumer authentication for the foreseeable future and that stronger authentication technologies will first begin to be deployed in corporate and commercial applications where the larger risk exposure warrants the introduction of stronger, but more costly and intrusive, authentication approaches and where these ap- proaches can be implemented over a more limited and manageable num- ber of players and covered by contract law. Unfortunately, these solu- tions are likely to be deployed initially as proprietary islands, optimized to particular applications by competing service providers. This could forestall the emergence of a widespread standard approach sufficiently open and minimalist that interoperability can be enabled without innova- tion being stifled. Two challenges the chicken-and-egg challenge associated with de- ployment of authentication infrastructures, whereby authentication pro- viders and potential users wait for each other to make the first invest- ments in authentication, and the challenge of increasing the potential 45Another open question is what the right sort of dedicated authentication hardware would be: should one use a smart card, which offers a limited amount of data storage and processing power, or should one use a much simpler device such as a radio frequency identification (~ID) tag or, alternatively, a more powerful one such as a personal digital assistant?

204 THE INTERNET'S COMING OF AGE demand from a range of different users and uses suggest that wide- spread deployment awaits one or more first movers making significant investments. Both private and government actors can play a role in pro- pelling online authentication. Authentication is an area where govern- ments can and do intervene: at state, national, and international levels there has been support for a legal framework, for technology develop- ment, and for the implementation of specific authentication technologies such as biometrics and PKI. In their efforts to establish an enabling framework for authentication and nonrepudiation, Congress and state legislatures have moved forward with attempts to legitimize electronic signatures. Most notably, the Elec- tronic Signatures in Global and National Commerce Act was enacted in 2000. And, there are encouraging signs of moves to harmonize state laws, to eliminate the current inconsistencies among them. Other laws, such as the Government Paperwork Elimination Act and government programs that promote electronic transactions, especially over the Internet, within a government and between a government and its citizens, promote greater use of authentication. (They also raise new questions about the interac- tion of authentication, privacy, and anonymity considerations.) Efforts are also under way in such international forums as the ITU and the Euro- pean Union. Various online federal and state government initiatives have been launched that involve the widespread government deployment of au- thentication and nonrepudiation services. They include initiatives for online government purchase (by, for example, the General Services Ad- ministration), electronic voting (by, for example, the Department of De- fense), and online electronic tax filing. These initiatives are expected not just to satisfy government needs but also, it is hoped, to demonstrate technologies and practices in ways that make discussion of PKI less ab- stract. They could also lead to the transfer of knowledge to private indus- try and could serve as a critical mass for an authentication infrastructure. But, important as they are, legislative action and government invest- ment alone cannot address the many technical and business issues dis- cussed in this section that are the root causes for the lack of widespread acceptance of authentication technologies. The complexity of these issues and the range of relevant stakeholders across all levels of government, industry, and the population at large suggest that an in-depth inquiry by a joint industry-government advisory panel would be appropriate. The Congress, the Department of Commerce, and other federal agencies, as well as state and local agencies, would all benefit from an examination of the factors that are impeding the early introduction of authentication ser- vices and from an identification of the factors that might accelerate invest- ment in these services and ultimately their deployment.

IMPLICATIONS FOR BROAD PUBLIC POLICY TAXATION OF INTERNET-BASED COMMERCE 205 Taxation of commerce conducted over the Internet has emerged as a controversial, high-profile policy issue. Unlike over policy issues related to e-commerce, taxation is a nonmarket objective for which it may be harder to assume that voluntary action and self-interest by individuals and organizations can offer adequate solutions. It involves information and mechanisms that may bear on privacy and anonymity and it is likely to involve authentication at some point. The taxation issue is not only important in its own right, it also illustrates a large class of issues Mat are location- and identity-dependent. E-commerce benefits from its indepen- dence of geography, which allows retailers to offer bow specialty and mass-market products to a wide variety of customers without regard to where they live. In contrast, commerce in the physical world has been mostly governed by relatively independent, discrete geographic domains, and tax obligations have been enforced based on physical presence. Prob- lems arise, however, for governments that seek to impose laws deter- mined by geography, such as state or city sales tax, on e-commerce trans- actions.46 Any resolution of how to tax e-commerce transactions will have to take into account the inherent difficulties of verifying the location, identity, and residence of a seller or purchaser over the Internet. In We United States alone, considering We intersection of Me various levels of local, state, and national government, there are a very large number of separate geopolitical regions win differing tax structures. Presently, lo- cal governments in 34 states are authorized to impose local sales taxes; approximately 7,600 jurisdictions have chosen to do so, and this number could grow significantly if other local governments choose to exercise this option.47 International e-commerce, of course, raises an additional set of 46Existing u.s. sales tax law treats goods sold over the Internet the same way it treats goods sold from catalogs using mail or phone orders. A company without a physical presence in a state known as nexus' cannot be required to collect that state s sales tax even if the customer lives in the state. The purchaser is nonetheless responsible for remitting a use tax to his state of residence. For example, if a buyer in Boston orders a book from an online retailer located in Washington state that has no physical presence in Massachusetts, then Massachusetts cannot require the retailer to collect the use tax, even though the pur- chaser owes this use tax to Massachusetts. Instead, states must rely on self-reporting and payment by the customers. Compliance is, of course, harder to ensure with a use tax paid by the individual purchaser than it is with a sales tax collected by the merchant. see, for example, Austan Goolsbee and Jonathan zittrain. 1999. "Evaluating the costs and Renews of Taxing Internet commerce. National Tax Journal 52~3~:413428. 47National Tax Association UTAH. 1999. Communications and Electronic Commerce Tax Project: Final Report. Washington, D.C.: NTA, September 7, p. 12. Available online at <http: / /www.ntanet.org/ecommerce/final_report_cover.htm>.

206 THE INTERNET'S COMING OF AGE complications associated with the different tax rates and rules. There are different tax structures (e.g., national or state/regional) and different ap- proaches to taxation (e.g., a sales tax versus a value-added taxed. Poten- tially taxable transactions can cross even national borders without there being any traceability other than that contained in transaction audit trails on vendors' systems. Additionally, the Internet environment has been conducive to creating new forms of value, both nonmonetary (e.g., online barter exchanges) and monetary (new forms of currency such as flooz, beenz, and RocketCash), that portend further strains on tax structures at least until they become widespread and commonplace enough to be mon- etized. On the issue of taxing online transactions, governments have compet- ing interests. Many state and local government leaders do not want to lose sales tax revenue when purchases are made from companies without nexus in that state, while other policy makers are interested in not retard- ing the growth of commerce over the Internet. Another consideration is that changing the current tax policy could affect the volume and distribu- tion of commerce that is conducted over the Internet, which could in turn affect the way in which the Internet is used. There is a lot of ambiguity and uncertainty as to how a change in tax policy would affect tax revenues or, directly, the growth of the Internet. Work by Goolsbee49 gives empirical support to the idea that taxes (and other price differences) will have significant effects on the purchasing behavior of individuals living in a "world without borders." He projects that the price impact of applying existing sales taxes to Internet commerce might reduce the number of online buyers by up to 24 percent. To the extent that e-commerce is an important driver of investment in Internet infrastructure (and supports other Internet services via advertising), the outcome would affect the Internet's future development and growth. Forecasts of the volume of tax revenue at stake vary. The National Governors Association has quoted forecasts that by 2002 there may be more than $300 billion in commerce over the Web or through mail order and concluded that this would result in up to $20 billion in lost tax rev- enue,50 and similar numbers are often cited by advocates of Internet taxa- tion. Goolsbee and Zittrain51 offer a different perspective. They observe 48In June 2000, for example, the EU considered imposing a broad VAT obligation. 49Austan Goolsbee. 2000. ''In a World Without Borders The Impact of Taxes on Internet commerce. The Quarterly Journal of Economics 115~2~:561-576. 50Juliana Gruenwald. 1998. vote Bodes Ill for Internet Tax Agreement., Congressional Quarterly This Week, August 3. 5lAustan Goolsbee and Jonathan zittrain. 1999. ''Evaluating the costs and Renews of Taxing Internet commerce. National Tax Journal 52 <3~:413428. Available online at <http: / /papers.ssrn.com/paper.taf?AssTRAcT_ID=175666>.

IMPLICATIONS FOR BROAD PUBLIC POLICY 207 that the previously predicted amounts seem to include business-to-busi- ness as well as business-to-commerce sales; that they ignore the possibil- ity of trade creation; and that the calculations fail to account for the types of products being sold. They find that for the next several years, there is little tax revenue to be gained from enforcing taxes on Internet sales. When confronted with the issue of how to collect sales taxes for trans- actions conducted over the Internet, given that states and local munici- palities are the ones that levy sales tax, Congress passed the Internet Tax Freedom Act (ITFA), which put in place a 3-year moratorium on impos- ing new taxes associated with Internet transactions and established a con- gressional Advisory Commission on Electronic Commerce to study the question of sales tax revenue.52 This action was motivated by not wanting to do anything that could adversely impact the growth of commerce over the Internet and by the ambiguity resulting from the inherently borderless nature of the Internet. The ITFA, however, does not restrict the right of states to apply sales and use taxes to online commerce (these are not, after all, new taxes). Instead it primarily prevents states from applying new taxes to Internet access. The commission completed its work in April 2000 without the mandated supermajority of the committee reaching consen- sus. Resolution of the tensions between retaining a tax revenue base and fostering e-commerce are likely to remain a contentious political issue for some time.53 The difficulty of knowing the identity and location of parties to an e- commerce transaction is exacerbated by several factors. As discussed in an earlier section, the Internet enables a range of anonymous transactions, making it difficult to ascertain the identity of a purchaser let alone his or her location. The location capabilities that are offered by emerging wire- less data services may prove an exception, although they would be en- abled by mechanisms provided as part of the wireless service rather than conventional Internet connectivity provided through the wireless link. Also, digital systems acting on behalf of people or organizations, rather than the people or organizations themselves, can be the actors responsible for buying and distributing a product or service over the Internet. Of course in some instances location could still be established based on the delivery address. However, many goods are electronic (e.g., downloaded software or music) and many services can be delivered via communica- tions over the Internet, so these goods and services can be delivered to a 52Title XI of Public Law 105-277. 53Intel leader Andrew Grovels June 2000 statement supporting taxation of Internet-based commerce indicates that the high-tech industry does not have a uniform position on these issues.

208 THE INTERNET'S COMING OF AGE computer attached to the Internet without any physical goods being de- livered to a verifiable physical address. The recipient computer sits in a physical location, but associating a physical location with that computer's network address cannot be done with certainty in today's Internet. And internationally, even if there were agreements to collect taxes, enforce- ment of tax collection for physical goods shipped across national bound- aries would depend on customs agencies to block shipments or collect duty. One suggested remedy is to build into the Internet's infrastructure itself the ability to provide the location and/or identity of the parties to a transaction. However, efforts to embed solutions to the taxation problem at the network level would have far-reaching consequences for the Internet, which currently has no concept of locality in a geographical or geopolitical sense. As discussed in Chapter 1, a central design tenet of the Internet is the placing of applications and intelligence in the end systems rather than within the network. A solution to the taxation issue that relied on building into the network mechanisms that provide knowledge of the geographical location of a network element would violate this prin- ciple, as it would require a new, intelligent capability within that network that determines, and on request provides, the physical location of a de- vice or some surrogate, which is not easy to do in any case. Such a solution could also have adverse privacy implications. It would, in contrast, be possible to build such knowledge into end systems or higher- layer authentication infrastructures. It might, for example, be more pro- ductive to try to derive location information from authenticated informa- tion about a party to a transaction. Because Internet technology and e-commerce technology are evolving so rapidly, it is clearly preferable for solutions to avoid placing requirements on the Internet infrastructure that are dependent on a specific e-commerce technology. Given that the Internet generally ignores geography and makes it difficult for vendors or third parties to assure identification of a pur- chaser, there are significant difficulties associated with solutions that de- pend on ascertaining the location of the purchaser. This suggests, first, that if taxation policy relating to e-commerce must be changed, the changes should be as unspecific to geopolitical region as possible and, second, that today's sales tax system, which involves many thousands of distinct jurisdictions, would need to be simplified. And, in order to re- flect the Internet's architecture, including the dynamic nature of its rout- ing, taxation schemes should be based on the end points only and not on mechanisms embedded in intermediate points within the network. There are a number of solutions that avoid these problems. Some tax structures would not require a complex knowledge of geography to be built into the technology. A flat e-commerce sales tax collected by the

IMPLICATIONS FOR BROAD PUBLIC POLICY 209 seller at the time of payment would not be locality-sensitive, would re- quire no technology changes at the buyer's end, and would be easier for the vendor to implement. The collection of taxes would be simpler if they were added to each transaction at the point of sale, much as is done with a cash transaction at the physical point of sale today. (Such a scheme would also enable the appropriate tax to be collected even if the transac- tion were conducted anonymously.) Another simplification would be to separate the means of tax collection from the distribution and allocation of tax revenues. The issue of which governmental bodies get some of the tax collected and what portion of it they get could then be addressed separately by the respective governmental bodies. It would be easier to allocate revenue if such allocation did not depend on knowing the loca- tion of the purchaser. Of course other simplifying schemes could be devised that would not be such a radical departure from today's sales tax system. These approaches would help reconcile the tensions between those who want to preserve the tax revenue base for state and local gov- ernments and those who want to foster the growth of e-commerce, but striking a balance between these interests is likely to remain a contentious political issue for some time. UNIVERSAL SERVICE Equity in access to and use of the Internet is a matter of values and social policy. Such policy has been reflected in universal service for tele- phony, with access provided to people across all income classes.54 Uni- versal service programs fall into two general classes setting rates that benefit particular classes of customers (e.g., residential or rural users) who might otherwise face considerably higher rates and offering subsi- dized lifeline rates to low-income subscribers to expand the number of households with access to basic telephone service, thereby expanding opportunities for economic, community, and political participation and emergency (911) service. Universal service has long been an element of U.S. telecommunica- tions policy.55 Indeed, whether or not one agrees that universal service 54Universal service policies go beyond establishing uniform rates for service: they create subsidized ''lifeline,, rates for basic service at prices low enough to permit the poorest families to have access to the telephone network. 55sasic telephone service has long been regarded as a social good, universal access to which required a deliberate policy effort to achieve. However, the history of universal service policies can support a different interpretation. Milton Mueller argues that, given todays rates, universal access would easily have been achieved even without subsidiza- tion. see Milton Mueller. 1997. ''Universal service and the Telecommunications Act: Myth Made Law,,, Communications of the ACM 40~3~:3948.

210 THE INTERNET'S COMING OF AGE for networks is an appropriate objective of public policy, it is worm point- ing out that extension of universal service policies to new communica- tions networks has always enjoyed popular support. Historically, We government intervened to establish universal service at uniform rates for postal services as well as telephone service and to extend to remote areas and impoverished areas We benefits of such infrastructure as electrifica- tion and highway construction. Given the rapid pace at which Internet- . . .. .. . . . . . . . . . .. .. . . Dasecl applications and services are Demg Deployed In Dotn the private and public sectors, social and political demands for expanded access to Internet-based communications services, which are increasingly seen as essential for commerce, education, employment, or political participa- tion, can be expected to increase.56 There are several geography-related factors associated with Internet access. These geographical considerations are, of course, closely linked to economic factors. Places win less access will generally be Hose where We remoteness, the lower density of potential customers, or the lower ability (or willingness) of the population to pay make the provision of service a higher-cost undertaking or a less attractive investment. There are differences in We availability and price of dial-up access Mat depend on (1) the number of carriers Mat have established local access points (whereby dial-up access is via a local, typically flat-rate billed call) in a given location and (2) the availability of dial-up Internet access service providers. A recent study by Downes and Greenstein57 found ~at, as of We spring of 1998, most of the U.s. population had access to competitive dial-up Internet service. According to this research, more Man 90 percent of the population lived in areas served by more than 10 ISPs, while fewer than 1 percent lived in areas without any dial-up service.58 56Concerns about universal access to the Internet are not new. For example, in the fall of 1993, they were featured in an Administration policy statement (William Jefferson Clinton and Albert Gore. 1993. The National Information Infrastructure: Agenda for Action. Washing- ton, D.C., September 15. Available online at <http://metalab.unc.edu/nii/toc.html>~. The state of access to Internet and related services has also been the subject of a series of Na- tional Telecommunications and Information Administration (NTIA) reports from 1995 to the present. (NTIA, Department of Commerce. 1995. Falling Through the Net: A Survey of the "Have Nots" in Rural and Urban America. Washington, D.C.: NTIA, July. Available online at <http: / /www.ntia.doc.gov/ntiahome/fttn99/contents.html>.) 57Thomas A. Downes and Shane M. Greenstein. 1998. "Do Commercial ISPs Provide Universal Access?" Competition, Regulation, and Convergence: Current Trends in Telecommu- nications Policy Research. Sharon Gillet and Ingo Vogelsang, eds. Mahwah, N.J.: Lawrence Erlbaum. Available online at <http://skew2.kellogg.nwu.edu/~greenste/research/papers/ tprcbook.pdf>. 58Even in unserved areas, the upper bound on the cost of dial-up Internet is set by the roughly $4 to $5 hourly rate offered by a number of ISPs for access via toll-free numbers.

IMPLICATIONS FOR BROAD PUBLIC POLICY 211 High-speed (broadband) access is less widespread than lower-speed dial-up service.59 Constraints include technical factors (e.g., DSL services are limited to locations within a given distance from a local exchange, with the exact distance depending on the variant of DSL technology em- ployed, the bandwidth, and the condition of the phone lines); the extent to which the necessary telecommunications infrastructure is present (e.g., cable modem service is limited to locations passed by cable service, which is less prevalent in rural areas), and the pace at which investment is made in service deployment, including the associated required infrastructure improvements. With deployment of such services in its early stages, a few communities have both DSL and cable service and many have no high-speed services at all. Higher bandwidth services require investment in upgraded facilities (e.g., deployment of DSL facilities in the telephone local exchange or upgraded cable plants) and so are more likely to occur, at least in the earlier phases of deployment, in wealthier communities, where more customers are likely to purchase service as a result of an upgrade. Whether physical access to high-speed services will begin to approach the near-universal level seen for dial-up service as deployment continues remains to be seen. It is the subject of political and regulatory debate. Access to a service does not mean that it will be used; this can be seen in the history of telephone and television use. There have been a variety of studies conducted by both government and market research firms to monitor and describe patterns of Internet access and use. One such effort culminated in a series of reports from the National Telecommunications and Information Administration (NTIA). For example, a fuly 1999 NTIA report based on U.S. Census Bureau data from December 19986° indicates that, of the households able to access the Internet, the fraction that actu- ally subscribe to an ISP is far from 100 percent 41.1 percent of U.S. households owned computers and roughly 25 percent had Internet ser- vice. Such studies point not only to the persistence of disparities but also to their instability: whole groups can increase their use of the Internet between studies, and the implications of the findings are hard to pin down. A number of efforts have been made to understand the extent of 59sroadband last-mile technologies and local access are the concerns of a separate csTs study, to be completed in 2001. 60Nationa1 Telecommunications and Information Administration tNTIAy, u.s. Depart- ment of commerce. July 1999. Falling Through the Net: Defining the Digital Divide: A Report on the Telecommunications and Information Technology Gap in America. Washington, D.C.: NTIA. Available online at <http://www.ntia.doc.gov/ntiahome/digitaldivide/>.

212 THE INTERNET'S COMING OF AGE disparities in service, including those between high- and low-income households and between urban and rural status and those based on edu- cation or race. The situation is volatile, with a panoply of data showing both persistent disparities as well as instances where disparities have decreased over time. To what extent is the fraction of the population that has Internet access likely to broaden? Recent years have seen a drop in the cost of computer equipment required to access the Internet; relatively inexpen- sive PCs and a range of Internet access appliances have entered the mar- ket. Also, various new businesses are offering free Internet access or even free PCs along with Internet service in exchange for viewing advertising. Complementing home-based access, kiosks operated by public institu- tions and commercial enterprises make Internet access available in a num- ber of public places. One motivation for the federal e-rate program that provides subsidies to schools, libraries, and hospitals is to increase the number of public access points. Free e-mail services allow people unable to afford Internet service to maintain private e-mail accounts that are accessible from public locations. However, the long-term viability of new schemes and business models for providing Internet service remains to be proven. Pricing schemes and bundling are in flux as new business mod- els emerge. Declining costs and increasing utility may result in universal or nearly universal access to the Internet without any government action, but this outcome is neither certain nor guaranteed. Universal service programs applied to Internet-based services raise a number of social and political questions, including who should receive universal service benefits, what value judgments underlie these choices, whether funds should be obtained from service-specific sources or from general funds, what constitutes universal service (e.g., which collection of services, from personal/household access to access through public facili- ties), and even whether universal service programs should be imple- mented at all. In this section, the committee briefly reviews what is known about Internet penetration in the United States and then addresses some issues that would arise if one were to try to implement universal service policies for the Internet. It does not take a position on whether universal service programs should be extended to the Internet or on how they should be funded and managed, because to do so adequately would require full consideration of the costs and benefits over time, a complex matter well beyond the scope of this report. Universal service policies have, at their core, sought to ensure that price or geographical location is not a barrier to use. These policies com- bine two distinct elements universality of physical access and universal- ity of financial access. In the case of the Internet, the cost is the sum of several elements. First, there is the price of the Internet service itself.

IMPLICATIONS FOR BROAD PUBLIC POLICY 213 Second, there is the cost of access to the Internet (e.g., via cable modem, DSL, or dial-up services), which is frequently bundled together with the cost of Internet service or, in the case of dial-up access, already paid for as part of local telephone service. Third, there is the cost of the associated hardware (computer and modem or other connection device) and the communications software (generally available at little or no cost or bundled with a PC's operating system or with the Internet service). Fi- nally, there are additional costs associated with the use of particular online services, such as subscription fees for accessing particular content. The traditional universal service obligation applied to telecommuni- cations carriers was a bundle of obligations that users, service providers, and regulators experienced as a single package. The characteristics of universal telephone service such as expectations for quality and access to callers within the local area, to interexchange carriers, and to operator and emergency services were well defined and had been developed over the course of many years. Internet services stand in marked contrast. For the Internet user, service translates into a set of Internet applications (e.g., Web browsing, listening to audio programming, video conferencing, or banking online). What the user experiences as "service" depends on the software running on both his and an application provider's computer as well as the characteristics of the network links over which the commu- nication passes. The notion of guaranteeing a particular service to a broad class of potential subscribers needs to be revised, since service in the end- to-end model is in the control of applications running on machines at the edges of the network as well as the capacity and explicit quality of service mechanisms offered by a network operator.61 In some cases these appli- cations and services are offered as part of a bundle from the Internet service provider, but in general they are provided separately. The desired applications will vary from user to user, and the available mix will change over time as new Internet applications emerge and old ones fall out of favor (few, for example, make use of "gopher" today). Which services and applications (e.g., e-mail, Web, chat, telephony, or streaming video) 61Moreover, even in the telephony model, no single service was adequate to provide equivalent network access for all users. Users with disabilities, for example, were not well- served under the traditional universal service schemes. Interface and access issues were explored by the CSTB (Computer Science and Telecommunications Board (CSTB), National Research Council. 1997. More Than Screen Deep: Toward Every-Citizen Interfaces to the Nation's Information Infrastructure. Washington, D.C.: National Academy Press). Implement- ing provisions of section 255 of the 1996 Telecommunications Act and section 251(a)~2) of the Communications Act of 1934, the FCC issued rules on July 15, 1999, aimed increasing access to such telecommunications hardware as telephones and to services such as call- waiting and operator service.

214 THE INTERNET'S COMING OF AGE should be included in a universal service package, and at what perfor- mance level (e.g., speed of download) and quality level (e.g., reliability)? The emergence of alternatives to dial-up access for residential Internet access means there are more choices with respect to bandwidth and ser- vice quality as well a range of service and price options. Also, the Internet's default best-effort service quality allows no guarantees that adequate capacity and quality will be provided to support particular ap- plications. Approaches for providing explicit quality of service are emerg- ing, but there is neither broad agreement on which approaches to use nor widespread deployment, particularly for the home users who are the target of universal service policies. Also, while some applications would be provided by a customer's ISP directly, most require communications across Internet provider boundaries. In the case of the Internet, termina- tion would, at a minimum, mean that any Internet user could access any other user. By virtue of the arrangements that interlink the Internet's constituent networks, basic best-effort connectivity is provided to all net- work users. However, especially in the case of residential customers, there is generally no service level agreement nor are explicit quality-of- service mechanisms supported. One concern expressed by consumer ac- tivists is that people with subsidized or lowest-cost access might not re- ceive service that supports explicit quality of service and might therefore experience a significantly degraded Internet service or be unable to use certain demanding applications. Efforts have been made to define classes of Internet services. For instance, several years ago the Cross-Industry Working Team project led to the concept of "NII Class Profiles" for characterizing end-to-end per- formance.62 Such classification schemes are intended, for example, to simplify specification of the requirements of an application and the ability of equipment and services to meet those requirements. While such a classification might be useful to consumers for evaluating the technology options available to them, its use to define fixed bundles of service in a universal service policy would be too limiting. Because Internet technolo- gies are immature and still in the early stages of deployment, it would be premature to embody them in regulation. Even the application that was the basic element of traditional univer- sal service, voice telephony, presents difficulties from a universal service standpoint when it is offered as an Internet service. As the discussion in Chapter 4 indicates, there are many approaches to providing IP or Internet telephony, complicating efforts to define a standard service. There are 62Cross-Industry Working Team (XIWT). 1997. Class Profiles for the Current and Emerging NII. White paper. Reston, Va.: XIWT, Corporation for National Research Initiatives. Avail- able online from <http://www.xiwt.org/documents/ClassProfiles.html>.

IMPLICATIONS FOR BROAD PUBLIC POLICY 215 multiple tiers of service quality, some of which offer consumers a lower price in exchange for reduced guarantees of service quality. Moreover, the issue of guaranteed access to critical services such as 911 service, which is an element of telephony universal service obligations, is an espe- cially difficult one in an Internet context. While it can be anticipated that future obligations will build on those associated with today's 911 service, it is difficult to predict how expectations for critical services will evolve, how they will be shaped by new Internet capabilities, or how they will be implemented. In telephony, universal service programs, whether aimed at address- ing financial or geographical disadvantages, generally involve setting rates and fees so as to achieve a particular objective, whether it is to benefit particular subscribers, extend the telephone network, or increase the total number of subscribers. A number of mechanisms can be em- ployed, including cross-subsidies among service offerings (e.g., subsidiz- ing local calling at the expense of long-distance calling), different rates for different classes of users (e.g., lower rates for residential as opposed to business users), the establishment of particular service obligations in exchange for other regulatory relief, or, more recently, explicit fees.63 The Internet, by contrast, has a much richer assortment of service providers, ranging from single-niche service providers to full, vertically integrated service providers. Therefore, if it is decided that a universal service program aimed at households is warranted, a range of options for achieving this aim should be considered. The rapid change in Internet services and service offerings would argue for a technology-neutral ap- proach one that does not rely on mandates to service providers that specific types of service be made available at regulated, possibly subsi- dized rates. A recent example of this approach is the e-rate program, which has used a fee levied on telephone service to establish a fund to help schools, libraries, and hospitals to pay for Internet access. It is not necessary to transfer resources through cross-subsidies among classes of customer. Other options include subsidies funded by general tax revenue and used by needy citizens to purchase services of their choosing (within established guidelines) something more akin to food stamp programs. 63The committee has been careful to avoid labeling these mechanisms as cross-subsidies as there are arguments refuting the idea. For example, there are data that suggest and a number of state public utility commissions have accepted this viewpoint that residential rates fully cover the costs of providing that service, which suggests that there is not a transfer between business and residential customers. Also, since universal service pro- grams have network extension as one goal, it can be argued that what might appear to be a transfer of money is, in fact, the regulatory apparatus positioning subscribers to capture the network externality. In other words, if new subscribers come on the network, then there may or may not be a subsidy of the new user.

Next: Appendix: Biographies of Committee Members »
The Internet's Coming of Age Get This Book
×
Buy Paperback | $48.00 Buy Ebook | $38.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

What most of us know as "the Internet" is actually a set of largely autonomous, loosely coordinated communication networks. As the influence of the Internet continues to grow, understanding its real nature is imperative to acting on a wide range of policy issues.

This timely new book explains basic design choices that underlie the Internet's success, identifies key trends in the evolution of the Internet, evaluates current and prospective technical, operational, and management challenges, and explores the resulting implications for decision makers. The committee-composed of distinguished leaders from both the corporate and academic community-makes recommendations aimed at policy makers, industry, and researchers, going on to discuss a variety of issues:

  • How the Internet's constituent parts are interlinked, and how economic and technical factors make maintaining the Internet's seamless appearance complicated.
  • How the Internet faces scaling challenges as it grows to meet the demands of users in the future.
  • Tensions inherent between open innovation on the Internet and the ability of innovators to capture the commercial value of their breakthroughs.
  • Regulatory issues posed by the Internet's entry into other sectors, such as telephony.
  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!