<reagle@mit.edu>
Berkman Center for Internet and Society
Harvard Law School
* On Sabbatical from W3C/MIT
This is the fourth (very stable) public draft of this document. Comments to the author are encouraged. Some of the ideas presented in this paper are based on conversations with and comments from Lawrence Lessig and Andrew McLaughlin. I thank Daniel Dardailler for his comments on the draft. This paper uses a fairly novel format that heavily relies upon quotations, maxims, and primary source documents (as well as first hand experience) to communicate an understanding of Internet institutions and culture. Sources for quotations not provided within this document are listed in Appendix 1: Internet Quotations; quotations that capture Internet social norms or media perceptions – as described later – are highlighted.
Some of the concepts of this paper influenced the Economist article: Regulating the Internet: The Consensus Machine which I recommend if you're interested in a consise treatment of these issues in the context of standards and domain name governance.
This paper is an independent analysis and does not necessarily express the views of the W3C, MIT, Harvard, or the Berkman Center.
Copyright © 1998 Joseph M. Reagle Jr., All Rights Reserved. This document is best viewed with a W3C Stylesheet compliant application.
Many think the Internet is a good thing because it is unregulatable. The Internet is good, but not because it cannot be regulated. Like anything else, policies are voiced and implemented on the Internet. The true strength of the Internet is that, as an institution, it exhibits characteristics of policy formation that appeal to one's sense of liberty. This is not solely because of maxims like "The Net interprets censorship as damage and routes around it," or "No one knows you're a dog on the Internet." Free speech and privacy are laudable characteristics of the early Internet, however they are neither absolute nor guaranteed forever more. In fact, mechanisms of identifying oneself and controlling content can be useful as well as invasive. Instead, what makes the Internet a "good thing" is its anarchical characteristics of policy formation, such as decentralization, consensus, and openness that real world social structures have striven for – some with more success than others. I examine these characteristics in the context of popular Internet quotations (and anarchist principles) that act as the belief system of the Internet.
Thesis: Mechanisms of Internet governance have resolved most Internet technical and social problems well. Not only should real world governments tread lightly upon the Net, but they might learn something from it.
Appendices
"Some jerk infected the Internet with an outright lie. It shows how easy it is to do and how credulous people are." Kurt Vonnegut.
"Unlike a virus, which is encoded in DNA molecules, a meme is nothing more than a pattern of information, one that happens to have evolved a form which induces people to repeat that pattern. Typical memes include individual slogans, ideas, catch phrases, melodies, icons, inventions, and fashions. It may sound a bit sinister, this idea that people are hosts for mind-altering strings of symbols, but in fact this is what human culture is all about." Glenn Grant [Gran98].
Social norms, perceptions, and expectations regulate behavior. When one thinks of the Internet, one thinks of a decentralized, far flung, heterogeneous, and unregulatable space. However, there are strongly held social norms that regulate (affect) the behaviour of Net users. Designers and users of Cyberspace have created/captured these norms in pithy maxims – it seems appropriate that memes regulate a land of ideas. I claim that the maxims discussed below act as a particular type of social norm, regulation by meme:
1. "The Net interprets censorship as damage and routes around it." John Gilmore.
2. "In Cyberspace, the First Amendment is a local ordinance." John Perry Barlow.
As pointed out by Lessig [Less98a], there are in total four things that regulate cyberspace: laws (by government sanction and force), social norms (by expectation, encouragement, or embarrassment), markets (by price and availability), and architecture (what the technology permits, favors, dissuades, or prohibits). Interestingly, the social norm captured in the quotations above seems to side with its symbiotic partner, the dencentralized Internet architecture, and with the the laissez-faire market in order to challenge the power of law. Social norms, markets, and architectures do not always oppose law; however, in this instance, these memes challenge the authority of the government to control speech.
Another meme, which was not intended to attack regulation by law, humorously characterizes the anonymous nature of the Net (something that governments fear) and was born of the famous New Yorker cartoon with the byline:
3. "On the Internet, Nobody Knows You’re a Dog." Peter Steiner (Cartoonist at The New Yorker.) [picture]
This Triumvirate of quotes serve as a belief system of the Net. It challenges governments' ability to regulate identity and speech. In the past two years, the set of beliefs have become so powerful as to become generalized:
"The single unifying force is what we don't want government running things." Joe Simms (ICANN counsel.)
"The private sector should lead. Governments should avoid undue restrictions on electronic commerce." Ira Magaziner, (Former point man for electronic commerce within the Clinton Administration.)
While these latter quotations are not as pithy as the Triumvirate, they have become pervasive. However, regulation by norm is unstable. It cannot stand in opposition to law, divorced from architecture and markets. If the architecture or the market move in a different direction, norms often follow. Unfortunately, the concept of privacy in the US has been subject to this pressure. As companies collect ever more information through advances in technology, people's expectation of privacy (the social norm) declines. This is also why I believe the reaction to PICS, a mechanism of labeling content for filtration, was attacked by the believers of the Triumvirate. Or why paper titles such as "The Architectures of Mandated Access Controls" [LR98] frighten me: even well intended technical advances in selecting/filtering content, promoting identity, and policy analysis challenge present day social norms of unregulatability!
I believe the weakness of beneficial social norms divorced of law, architecture, or markets is why Lessig has called for us, "To understand government's role not as some unnecessary appendage ... but as an institution that makes possible a certain perspective on social life.... we will only do it well when we have abandoned this indulgent anti-governmentalism." [Less98c] To restate this position in the context of this paper, whereas governance and regulation by law are in opposition to the interests of the citizens, those citizens cannot afford to rely upon architecture and social norms to protect their interests forever – particularly when one does not view the market through rose colored glasses. It follows that the right thing to do is to engage governance and law such that they also reflect the interests of the citizens.
I agree with this position to a point. We cannot rely upon three quotations and a set of RFCs (IETF technical standards) to further civil interests indefinitely. However, I believe that a cautious attitude towards real world governments is well founded and that there is more to the Internet than RFCs and quips. The Internet is not good because of the three maxims, but because of how those maxims came to be. What is good about the Internet is the very process by which one builds and selects communities, and how their policies are proposed, tested, and implemented.
In this paper I examine the Internet as an instrument of policy formation, predicated on:
"Architecture is politics." Kapor, Mitchell. (EFF)
and my contemporaries [Less98*, Reid*, Boyle, GK96] subsequent analysis. If architecture is politics and code is law, what similarities and differences characterize the formation of Internet policy?
I first present a model of governance as a means of policy formation, deployment, and enforcement in the context of anarchist principles. (I refer to the Anarchist FAQ because of its content and because it an exemplar of the principles I speak of.) I then cast real world attempts at Internet governance in this model. However, the focus of this paper is in §4 which describes the institutional characteristics of the Internet as an instrument of governance and policy formation. I argue that the Internet is good because it supports mechanisms of discourse, consensus, and community that are often better than what we have in the real world. I argue that the advances made by the Internet are predicated on open participation and contributions; that the policies that emerge are intrinsically conservative in their scope, but rigorous and uniform in their application; that mechanisms of authority shed power rather than hoard it; and that the Internet has no gods, but leaders advanced by their technical merit rather than telegenic appeal. I conclude by recommending that Internet governance questions that do not benefit from the rigor of these characteristics should simulate them when possible. Finally, the case study appendices apply and test the arguments of this paper with real world Internet governance problems.
"Our identities have no bodies, so, unlike you, we cannot obtain order by physical coercion. We believe that from ethics, enlightened self-interest, and the commonwealth, our governance will emerge." John Perry Barlow (EFF).
I wish to introduce a simple model of governance for the purposes of this paper. My analysis is set in an anarchical context: I do not assume traditional governance is always a useful thing. Rather, a proposal for governance must justify itself in the context of the question, "why cannot people act for themselves and their own local communities?"
My model has two answers to the question above. Both answers address a scenario in which individual preferences (values, beliefs, and local policies) need to be combined to form a policy of broad scope. These answers apply equally to the governance of community and individual behavior:
choice: A single policy must be set that cannot help but affect all those within the scope of the community. Varied preference values must be aggregated such that the single value is acceptable and considered legitimate by the community.
: Even when individuals can act upon their individual preferences (values), an aggregate value set by a central institution may be more efficient or rational over a longer time frame for the individuals of the commuinity. In such cases, it is useful for a central authority to establish a single value rather than (1) requiring each individual to undertake the transaction cost of negotiation, or (2) permitting market failures and short term irrationality.
Examples of collective choice are related to problems of scarce resources and public goods. Scarce resources are those for which there demand exceeds a limited supply. For instance, there may only be so much bandwidth on a given network, so mechanisms of allocating portions of the bandwidth might be needed. Public goods are characterized by being non-rivalrous (one's consumption does not interfere with another's) and non-exclusive (one cannot exclude others). For instance, on a public email list everyone has the capability to produce and consume information without interfering with the ability of others; furthermore, it is difficult to preclude "lurkers" and "flamers" from benefiting from good posts without making their own worthwhile contributions. This may explain why many moderated lists tend to be of a higher quality than unmoderated ones.
An example of regulation motivated by efficiency is online privacy. The individual cost of understanding the varied and obscure privacy practices of every Web site is so high as to lead to a market failure: users will not be able to make informed and rational choices. Consequently, one could argue that a central governance mechanism should set privacy practices, or at least standardize disclosure upon uniform principles and terms.
The model of policy formation focuses on the flow and stages of its creation. Individual preferences are aggregated to yield a single policy. That policy is than deployed, implemented, and enforced. Policy is traditionally defined as the method by which an institution is administered. An Internet policy is an expressed goal about the use and operation of the Internet. Note, when I speak of Internet policy I'm speaking broadly; I'm speaking of informal or formal rules and expectations of conduct, behavior, and requirements over people, institutions, processes, and protocols.
One of the difficulties of speaking of policy arises from its inherent ambiguity. For instance, legislators might pass a law, the executive branch may enforce certain terms and let others lay dormant, and courts will issue rulings qualifying the law further. Is the actual statute written by the legislators the policy, or is its combined/emergent interactions of all these entities the real policy? I use "policy" in the emergent sense, and I use regulation to denote the formal expression of a governing institution.
Table 1: Flow and Stages of Policy Formation
| FLOW | STAGES |
| UPSTREAM: preferences, (representative) democracy, deliberative polling, boycotts, etc. |
expressed: values, information,
and preferences are manifested by individuals within the
community. aggregated: multiple sets of preferences are combined to set a common value for the community. |
| DOWNSTREAM: policies, rules, regulation, etc. |
deployed: policy is then
communicated to the community. implemented: mechanisms of changing (or sustaining) behavior required by the policy are put in place. enforced: those mechanisms are employed (by some force) to incent the deployed policy. |
| Centralized <--> Distributed <--> Dencentralized | |
Furthermore, upstream and downstream flows can be achieved through centralized, distributed, or decentralized mechanisms. [GK96] Centralized mechanisms require an authorative and exclusive set of entities (often one) to provide a service. With distributed mechanisms, services can be delegated from an authority to a lower level. For instance, the *.edu domain name authority delegates the naming of *.mit.edu to MIT. Decentralized mechanisms require no single authority for the provision of a service. For instance, a common way of being able to arbitrarily extend Web protocols is to provide a simple extensibility field within the protocol. Thus, if someone later wishes to say, "the resource at the URL 'http://w3.org/DSIG' defines the digital signatures extension" no central authority was needed to permit this action. Anyone can place any valid URLwithin that field. This is a different approach than that used by some protocols that require extensions or additions to be made at a central registry. (See Appendix 3.)
In the real world, the downstream promulgation of policies is often associated with coercive enforcement mechanisms. Governance need not be coercive, meaning it need not threaten by force of violence, imprisonment, or theft. Upstream centralization (often achieved through heirchary) is useful in aggregating preferences and setting a common value. If all participants agree to abide by that value, no downstream coercion is needed to enforce it. Participation is incentive enough – many technical standards are motivate by this reason. Granted, individuals will not always abide by every policy and coercive downstream mechanisms might be the only way to implement them.
Finally, one should realize that one tool of implementation can serve two policies. For instance, Web cookies were introduced as a way to permit a site to remember a user over multiple requests for Web pages. (This permits something like a shopping basket that stores selected items as the user browses.) This tool also served the related policy of user profiling users across different sites, an unintended but related policy.
"The Internet is a shallow and unreliable electronic repository of dirty pictures, inaccurate rumors, bad spelling and worse grammar, inhabited largely by people with no demonstrable social skills." Chronicle of Higher Education.
"The Internet, of course, is more than a place to find pictures of people having sex with dogs." Philip Elmer-Dewitt. (Time)
In the real world the balance achieved by modern democratic institutions is that of the rule of majority while protecting the rights of minorities. The degree to which citizens of a community are satisfied with the process of governance [Table 1] relates to (1) their satisfaction in the process's ability to yield rational, global policies akin to their own; and (2) and the integrity and trustworthiness of the process when the results are less than satisfactory to a minority.
The process in the real world is not perfect, but people – by and large – are satified with these democratic principles. In fact, mechanisms of real world democractic governance are sometimes offered as models for Internet goverannce. Before examining mechanisms of cyberspace policy formation, I want to briefly explore real world attempts at Internet regulation; it will serve as a useful contrast in subsequent analysis.
Generally, the scope of Internet regulation seems to fall within four categories:
It is interesting to note that the range of activities (1-3) falls within my rationale for governance: collective choice and efficiency. Behaviour (4) is something governments have trouble controlling on-line. This is partly because one of the strongest rationales for traditional governance is the prevention of physical harm. Real world governments use coercive physical methods (restraint and jail) to prevent coercive physical abuses (attacks to someone's person). On the Internet, it is not possible to physically reach out and harm someone's person. If there are no swords, Boyle's sovereign has a limited reach indeed: "If the king's writ reaches only as far as the king's sword, then much of the content on the Net might be presumed to be free from the regulation of any particular sovereign." [Boyle] Consequently, governments lack one of their strongest rationales as well as their method of enforcement!
As demonstrated by Lessig [Less98b], regulation is implemented by the following:
The US Constitution is an adept instrument of constraining direct legal regulation, "Congress shall make no law ...." However, modern regulation often is indirect, it sets incentives and disincentives for others (usually the market) to implement and enforce policies more effectively than the government ever could. Whereas Reidenberg suggests that governments should shift the "focus of government action away from direct regulation and towards indirect influence;" I find this trend to be frightening because he makes an assumption that I am unwilling to make: "The shift can, nevertheless, still preserve strong attributes of public oversight." [Reid97, 588] The US Constitution is poorly equipped to constrain indirect regulation.
Consider the following mechanisms of cyberspace regulation:
