Lessig, Lawrence and Paul Resnick (1999). "Zoning Speech on the Internet: A Legal and Technical Model." Michigan Law Review 98(2): 395-431. An earlier, shorter version was presented at the 1998 Telecommunications Policy Research Conference and appeared as: Lessig, Lawrence and Resnick, Paul. "The Architectures of Mandated Access Controls," in S. E. Gillett and I. Vogelsang, Competition, Regulation, and Convergence: Current Trends in Telecommunications Policy Research. Mahwah, NJ: Lawrence Erlbaum Associates 1999, 137-157.
Page proofs from Michigan Law Review (PDF format)
This article proposes an abstract model of mandated access controls. It includes three types of actors: senders, intermediaries and recipients. Control decisions are based on three types of information: the item, the recipients jurisdiction, and the recipients type.
With the architecture of todays Internet, senders are ignorant of the recipients jurisdiction and type, recipients are ignorant of an items type, and intermediaries are ignorant of both. It is easy to see, then, why, with todays Internet architecture, governments are having a hard time mandating access controls. Any party on whom responsibility might be placed has insufficient information to carry out that responsibility.
While the Internets architecture is relatively entrenched, it is not absolutely immutable. Our abstract model suggests the types of changes that could enhance regulability. Senders could be given more information about recipient jurisdiction and type, either through recipients providing certificates, or through a database mapping IP addresses to jurisdictions. Recipients could be given more information about item types, either through senders providing labels or through government pre-clearance lists of permitted or prohibited items.
Since the two interventions are analogous, the analyses of their costs and effectiveness are analogous as well. In either case, there will be a natural incentive to provide information if the default action of the responsible party is to block access unless the information is provided (a prohibited unless permitted regime). Otherwise, there will be no natural incentive, and the government will have to require the provision of that information.
The secondary effects of these two infrastructures are also analogous, but quite different. The by-product of a certificate regime is a general ability to regulate based on jurisdiction and recipient characteristics, even for issues beyond content control, such as taxation and privacy. Such a regime also enables senders voluntarily to exclude recipients based on jurisdiction or type, a facility which might be used for negative as well as positive purposes. The by-product of a widely used labeling infrastructure is a general ability to regulate based on item characteristics, even characteristics that governments have no legitimate reason to regulate. Such a regime also enables intermediaries and recipients voluntarily to exclude some item types, a facility that may empower parents and teachers but may also be overused if it is poorly understood or difficult to configure.
If intermediaries are to be responsible for blocking, they will need both types of information. In addition, architectural changes will be necessary to enable application layer blocking of individual items rather than cruder network layer blocking of all traffic from or to an IP address. A requirement of application layer blocking, however, introduces significant costs in terms of openness to innovation and vulnerability to hardware and software failures. Intermediaries, then, are the most costly place to impose responsibility. On the other hand, they are the most easily regulated, since there are fewer of them, they are more stable, have assets and their governing jurisdictions are clear.
While our sensitivity analysis does suggest consequences that might not have been
readily seen, our ultimate conclusion is one others have reached as well. It will be
difficult for governments to mandate access controls for the Internet. Given todays
architecture, any such mandates would of necessity be draconian or ineffective. Changes to
the technical infrastructure or social practices could enhance regulability, although such
changes would entail both direct costs and would create secondary by-products whose value
is debatable. Given that the costs of any such architectural change would be significant,
it is important for governments to answer the fundamental question of how important such
changes are: perhaps a lessening of governments traditional power to control the
distribution of harmful information would be preferable.