A Magna Carta for the Information Age

Published in The Seattle Times

NETIZENS — the community of Internet users — bear a strong resemblance to Americans of the
Wild West. They are fiercely independent, value their privacy and have a strong distrust of laws
made in Washington, D.C. Nonetheless, even the Wild West was tamed as the rule of law replaced frontier Justice.

The Internet already is home to some 40 million users and growing exponentially as networks
join networks. With a “point and click,” data and opinions move over the world. In such a wired
world, bringing law to the Internet will not be easy. In fact, it will not be possible at all if nations
act unilaterally, piecemealing the Internet into jurisdictions with conflicting laws and liabilities. We need what some have called a Magna Carta for the Information Age.

First, it must be understood that anything as massive as the Internet cannot be “regulated” in any meaningful manner. It was designed to be a self-healing network of diverse platforms capable of operating under the most adverse of conditions – nuclear holocaust. The Internet evolved from military use to link the world’s leading universities and research facilities together; and ultimately, it passed into private hands where its commercial growth has been astonishing.

Today, anyone can set up a “home page” on the World Wide Web and bring ideas to the
marketplace free of media filters or goverrunent censorship in this or other countries. In the
greatest of American traditions, the Internet has unleashed an army of pamphleteers” who are
‘udged, no doubt harshly sometimes, on the merit of their ideas in the marketplace. Increasingly, people also will get news from the Internet, a revolutionary change that will affect politics, culture and commerce forever. In short, the Internet has come too far to be constrained by any one government. For the putative regulator, the message is simple: Law will never keep up with the Internet.

For example, China could massacre students in Tiananmen Square but could not “ban” the
Internet from carrying the news of its infamy. Now the Chinese government itself is getting into
the Internet through deals with multinational telecommunications giants. But if China believes that it can control the Internet this way, it may find that the genie is already out of the bottle. The
Internet is bigger than China and it crosses all borders free of customs.

Then what is all of the talk about bringing law to Internet? As the Net has become more popular,
the public – or perhaps more correctly, the politicians — have discovered that there are some dark back alleys on the Internet where pornographers and fraudsters lie in wait for the next Internet tourist. But to listen to the politicians and the media outlets, one would think that the Internet was dominated by virtual voyeurs, techno-pedophiles and purveyors of electronic smut. Nothing could be further from the truth, as anyone who has visited the popular Louvre or the Smithsonian Web sites can attest.

Yet, as the Telecommunications Act of 1995 heads into a conference between the U.S. Senate
and House, one would think that the only important issue regarding the Internet is regulation of
pornography. There is a glaring absence of debate or discussion about the Internet overall, and
what exists is uninformed.

Some may prefer it that way, but there are a host of important legal issues raised by the Internet
that should occupy the minds of Congress. If commerce is to succeed on the Internet, certainty
and security are prerequisites. Here there is a need for bringing law to the Internet, and for care in doing so. Too much law may stifle the use of the Net for business purposes; too little law and the uncertainty associated with risks and liability of using these new technologies may dissuade some that would otherwise embrace such an open network for trade.

If security is to be achieved, we need to come to grips with the use and export of strong
encryption. (Encryption is a software lock and key that prevents others from viewing or altering
the content of communications without authorization key.) Recent stories about Netscape
Communications’ encryption standard being cracked in Europe carried the wrong headline. The
story should have decried the ban on export of software with stronger encryption, which Netscape makes and markets in the United States and which has not been compromised. Although the fact that some U.S. companies are put at a competitive disadvantage in the growing Internet applications market is important, there are strong privacy concerns associated with encryption and cryptography.

It was only a year ago that the government sought to hold the keys to every encrypted message
through a required “Clipper Chip.” The firestorm of opposition was great and the idea was
dropped. Now the Clinton administration proposes a system of public key encryption where a
trusted third party would hold the keys to the communication and the government would have
access only on the same basis as it would for a wiretap. It remains to be seen whether this
proposal will meet with the same opposition from Netizens concerned about their privacy in
cyberspace and the intrusion of government into the Net.

One thing is for sure, however, as the encryption debate progresses: There must be a careful
balance between legitimate privacy expectations and legitimate law-enforcement requirements.
Marry strong encryption to a secure network and the first subscriber will be the Cali drug cartel and
an army of money launderers. How will the government fight them without the capability to surf
the Net in pursuit of any criminal? Allow the government too much latitude on the Net and the
amount of information about our personal lives that can be gathered from monitoring our use of the
Internet is enormous, raising Big Brotherlike concerns. The public certainly deserves adequate
safeguards in the law against government intrusion as well as third-party misuse.

The same balance is needed in coping with credit-card misuse on the Net and by the coming use
of digital cash. The rule of law must be to punish the fraudster in the same way, whether his
medium of exchange is the Internet or a cold call over the telephone.

Indeed, this should be the standard for every aspect of law and regulation related to the Internet.
Where there is a legitimate regulatory concern – health, safety or welfare – there is room for a law
that proscribes the offending conduct. But the resulting law should be medium-neutral; that is,
fraud should be no more or less illegal because it occurs over the Internet.

We cannot leave it to distant or uninfon-ned politicians to devise the rules of the road, nor can we
rely exclusively on Internet frontier justice and custom and usage to achieve the certainty business
demands in today’s world of electronic commerce.