Zoning Speech on the Internet: a Technical and Legal Model

Lessig, Lawrence and Paul Resnick (1999). "Zoning Speech on the Internet: A Legal and Technical Model." Michigan Law Review 98(2): 395-431. An earlier, shorter version was presented at the 1998 Telecommunications Policy Research Conference and appeared as: Lessig, Lawrence and Resnick, Paul. "The Architectures of Mandated Access Controls," in S. E. Gillett and I. Vogelsang, Competition, Regulation, and Convergence: Current Trends in Telecommunications Policy Research. Mahwah, NJ: Lawrence Erlbaum Associates 1999, 137-157.

Page proofs from Michigan Law Review (PDF format)

Abstract

This article proposes an abstract model of mandated access controls. It includes three types of actors: senders, intermediaries and recipients. Control decisions are based on three types of information: the item, the recipient’s jurisdiction, and the recipient’s type.

With the architecture of today’s Internet, senders are ignorant of the recipient’s jurisdiction and type, recipients are ignorant of an item’s type, and intermediaries are ignorant of both. It is easy to see, then, why, with today’s Internet architecture, governments are having a hard time mandating access controls. Any party on whom responsibility might be placed has insufficient information to carry out that responsibility.

While the Internet’s architecture is relatively entrenched, it is not absolutely immutable. Our abstract model suggests the types of changes that could enhance regulability. Senders could be given more information about recipient jurisdiction and type, either through recipients providing certificates, or through a database mapping IP addresses to jurisdictions. Recipients could be given more information about item types, either through senders providing labels or through government pre-clearance lists of permitted or prohibited items.

Since the two interventions are analogous, the analyses of their costs and effectiveness are analogous as well. In either case, there will be a natural incentive to provide information if the default action of the responsible party is to block access unless the information is provided (a prohibited unless permitted regime). Otherwise, there will be no natural incentive, and the government will have to require the provision of that information.

The secondary effects of these two infrastructures are also analogous, but quite different. The by-product of a certificate regime is a general ability to regulate based on jurisdiction and recipient characteristics, even for issues beyond content control, such as taxation and privacy. Such a regime also enables senders voluntarily to exclude recipients based on jurisdiction or type, a facility which might be used for negative as well as positive purposes. The by-product of a widely used labeling infrastructure is a general ability to regulate based on item characteristics, even characteristics that governments have no legitimate reason to regulate. Such a regime also enables intermediaries and recipients voluntarily to exclude some item types, a facility that may empower parents and teachers but may also be overused if it is poorly understood or difficult to configure.

If intermediaries are to be responsible for blocking, they will need both types of information. In addition, architectural changes will be necessary to enable application layer blocking of individual items rather than cruder network layer blocking of all traffic from or to an IP address. A requirement of application layer blocking, however, introduces significant costs in terms of openness to innovation and vulnerability to hardware and software failures. Intermediaries, then, are the most costly place to impose responsibility. On the other hand, they are the most easily regulated, since there are fewer of them, they are more stable, have assets and their governing jurisdictions are clear.

While our sensitivity analysis does suggest consequences that might not have been readily seen, our ultimate conclusion is one others have reached as well. It will be difficult for governments to mandate access controls for the Internet. Given today’s architecture, any such mandates would of necessity be draconian or ineffective. Changes to the technical infrastructure or social practices could enhance regulability, although such changes would entail both direct costs and would create secondary by-products whose value is debatable. Given that the costs of any such architectural change would be significant, it is important for governments to answer the fundamental question of how important such changes are: perhaps a lessening of governments’ traditional power to control the distribution of harmful information would be preferable.