The Internet's Coming of Age (2001) / Chapter Skim
Currently Skimming:
5 Implications for Broad Public Policy
5 Implications for Broad Public Policy
Pages 177-216
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 177... ...
5 Implications for Broad Public Police INTRODUCTION So far, the bulk of this report has focused on the Internet from the inside out how its essential technologies are evolving and how the parties that build and operate it are evolving. In this chapter, the committee looks at the Internet from the outside in, examining some of the broader influences on the Internet that stem from the interests of the individuals and organizations that use it and the special concerns of governments, which have their own objectives and which can help balance and protect the interests of individuals and other parties that use the Internet.
|
From page 178... ...
Yet it also raises challenges to laws and practices that are premised on knowing the location of parties to a transaction. An IP address is only loosely related to the geographical location or identity of a user or networked computing resource this in~See, for example, Sherry Turkle.
|
From page 179... ...
The second set of issues taxation and universal service is related to government missions. Government is empowered to collect taxes to fund its operations, and it has an interest in both preserving its revenues while also fairly allocating the associated burdens, issues captured in debates about taxation of transactions conducted over the Internet.
|
From page 180... ...
The section outlines important interactions among the Internet's technology, the Internet service providers and related industry actors, Internet users, and policy development and identifies some avenues where progress might be expected. These issues are not new, but Internet growth and penetration have heightened attention to them and are influencing the context within which the Internet is evolving.
|
From page 181... ...
Mid-2000 debates over Federal Trade Commission interest in legislation related to online privacy are emblematic. In the United States, people continue to argue about privacy as a legal, protected right, while government-based inquiries into privacy policy have articulated principles for public policy and private action, notably so-called fair information practices.
|
From page 182... ...
While all seem to agree on basic principles, there are variations in the privacy frameworks that are used. For example, the Federal Trade Commission added another element, enforcement/redress, in a recent report to Congress.
|
From page 183... ...
But when information is combined or associated with other, seemingly harmless bits of information often collected under different circumstances to build a dossier on a user, it may provide insights the user would consider detrimental. For instance, behind-the-scenes tracking of users by means of cookiesl° could permit address information entered at one Web site to be linked with tracking data indicating that a user had browsed several adult content Web sites.
|
From page 184... ...
Not only can personal information be collected by all of the organizations and businesses that people interact with on the Internet, but it can also be collected by the Internet service providers themselves. One such example is that ISPs can and do record information on user actions (for internal purposes or to comply with a court order)
|
From page 185... ...
Networked embedded devices are expected to become a pervasive technology because of the powerful instrumentation that can be achieved by placing sophisticated but low-cost sensor/actuators within physical environments.l5 Much as other networked resources have been used in novel and unexpected ways, it is also reasonable to foresee that networked devices will be used in ways that surpass the original intended uses of the collected data. Some of these will raise new privacy concerns and trigger debates similar to those surrounding online privacy.
|
From page 186... ...
A contemporaneous Forrester Research Briefl7 echoes this point, stating that "90 percent of sites fail to comply with the basic four privacy principles," and regular assessments by the Federal Trade Commission and privacy advocates raise questions about the willingness and ability of organizations to undertake this comparatively simple measure. Technical Approaches to Protecting Privacy lust as Internet technology can accelerate and complicate the loss of privacy on the Internet, it can also protect that same privacy.
|
From page 187... ...
Policy and Regulatory Approaches to Privacy Protection The legal and regulatory environment surrounding privacy protection on the Internet remains quite mixed and uncertain. The United States has generally dealt with privacy sector by sector, and policy has generally favored industry self-regulation or other nongovernmental solutions such as the technical approaches described above, although the government has articulated the fair information practices described above.
|
From page 188... ...
can be trusted to use their personal information wisely. In the case of commercial service providers, trust can be engendered and cultivated through a number of factors, including the firm's brand and reputation; the customer's experience and relationship with the service provider; referrals and testimony by third parties; the service provider's stated policies and guarantees, backed by appropriate recourse; third-party seals of approval that the service provider's policies are acceptable; industry self-regulation; and enforceable contracts, laws, and regulations.
|
From page 189... ...
companies wanting to receive information from the EU.21 The pressures to harmonize privacy policies on an international basis are a good example of the effect the Internet's global reach is having on national policies.22 20For example, the opt-out policies that are used by many U.S. firms, whereby customers must request that their personal information not be used or disclosed to others, do not meet the EU threshold of adequate privacy protection.
|
From page 190... ...
Privacy could then become a matter of consumer choice, backed by normal commercial and consumer protection laws, rather than a difficult and often intractable political issue. Opponents contend, among other arguments, that implementing individual property rights to personal information would be unworkable; that it would unnecessarily impede the development of electronic commerce; that those people most in need of privacy protection would be the least able to negotiate with large organizations; and that in any case, society should not let individuals bargain away their fundamental rights to privacy.24 Anonymity Identification for the purpose of granting access to systems and information is a basic function of computer systems, and it has been an objective of mechanisms and procedures put in place by managers of large computer systems for decades.
|
From page 191... ...
Some believe that the ease of assuming an anonymous identity on the Internet encourages unethical or illegal activities (such as spamming, harassment, 25For a recent examination of the role of anonymity online, see Al Teich, Mark S Frankel, Rob Kling, and Ya-ching Lee.
|
From page 192... ...
People tend to act based on what they see and understand, and it appears that unless they have specialized technical knowledge, people may have false expectations of anonymity. Service providers cooperate with government authorities that are investigating suspected criminal activity and may choose to cooperate with efforts to control other forms of undesirable behavior online.
|
From page 193... ...
1998. ''Anonymous connections and Onion Routing,,, IEEE Journal on Selected Areas in Communication Special Issue on Copyright and Privacy Protection; and David M
|
From page 194... ...
For instance, e-mail service providers, remailers, Web sites, and online communities can develop, publicize, and implement specific policies about appropriate and inappropriate use of anonymous or pseudonymous communications. Industry and user groups can work together to develop standard guidelines for such policies.
|
From page 195... ...
They may do this by providing more, less, or simply different information to different persons, government organizations, or commercial service providers. To the extent that people are able to do so, they make it difficult for third parties to link the actions and activities of their different identities and conclude they belong to a single individual.34 The nature of Internet interactions and the explosive growth of electronic communities, sliced across a number of different geographic and demographic factors, amplify this need greatly and mean that more information is available from more sources and to more parties in a context that allows collecting pieces of information from disparate sources and matching them by technical means.
|
From page 196... ...
In many cases these different identities can be linked using either information provided by the user (e.g., name and address matching) or information gained from cookies that different Web content and service providers have placed on user machines.
|
From page 197... ...
Users of such a tool would be able to manage all components of their digital identity except for those that require certification, which will be controlled by the certifying entities. When organizations doing business on the Internet set out their privacy policies on their Web sites, users can instruct their digital identity agent to negotiate with the Web sites about release of personal data.
|
From page 198... ...
For example, responsible service providers will clearly state their privacy policies in digital form so that an individual's identity agent can readily determine whether or not to use the site. Privacy advocates argue that, in general, the amount of information required and revealed should be minimal for the purpose.
|
From page 199... ...
IMPLICATIONS FOR BROAD PUBLIC POLICY 199 particular purposes and have specific regulatory criteria associated with them. AUTHENTICATION ON THE INTERNET Authentication the process of establishing that a particular claim about an entity's (e.g., a person's or organization's)
|
From page 200... ...
38 37For example, if the certifying authority is not the same entity as the individuals agent in that arena berg., the credit card issuery can it responsibly perform that authorization E.g., authenticate that the individual is the rightful and authorized user of the cardy? 38There is an important distinction between authoritative certification authorities and
|
From page 201... ...
One PKI model makes use of trusted third parties, known as certification authorities, who ~emselves use public key cryptography to digitally sign certificates Mat bind Me identity of subscribers to a public key.41 PKI is a complex undertaking Mat requires the implementation of technical mechanisms, the establishment of procedures for the issuance and revocation of certificates, possibly updating directories, certificate revocation lists, and so form. The complicated nature of certificate management (e.g., registering, revoking, and updating certificates)
|
From page 202... ...
Biometrics at first appears ideal because of its dependence on a physical feature that is unique to a person. However, its use of pattern matching carries the risk that an unauthorized user will be accepted or that an authorized user will be rejected and/or that the identifying information will be misappropriated.43 The selection of an authentication technology entails trade-offs.
|
From page 203... ...
Unfortunately, these solutions are likely to be deployed initially as proprietary islands, optimized to particular applications by competing service providers. This could forestall the emergence of a widespread standard approach sufficiently open and minimalist that interoperability can be enabled without innovation being stifled.
|
From page 204... ...
Efforts are also under way in such international forums as the ITU and the European Union. Various online federal and state government initiatives have been launched that involve the widespread government deployment of authentication and nonrepudiation services.
|
From page 205... ...
Presently, local governments in 34 states are authorized to impose local sales taxes; approximately 7,600 jurisdictions have chosen to do so, and this number could grow significantly if other local governments choose to exercise this option.47 International e-commerce, of course, raises an additional set of 46Existing u.s. sales tax law treats goods sold over the Internet the same way it treats goods sold from catalogs using mail or phone orders.
|
From page 206... ...
will have significant effects on the purchasing behavior of individuals living in a "world without borders." He projects that the price impact of applying existing sales taxes to Internet commerce might reduce the number of online buyers by up to 24 percent. To the extent that e-commerce is an important driver of investment in Internet infrastructure (and supports other Internet services via advertising)
|
From page 207... ...
When confronted with the issue of how to collect sales taxes for transactions conducted over the Internet, given that states and local municipalities are the ones that levy sales tax, Congress passed the Internet Tax Freedom Act (ITFA) , which put in place a 3-year moratorium on imposing new taxes associated with Internet transactions and established a congressional Advisory Commission on Electronic Commerce to study the question of sales tax revenue.52 This action was motivated by not wanting to do anything that could adversely impact the growth of commerce over the Internet and by the ambiguity resulting from the inherently borderless nature of the Internet.
|
From page 208... ...
Because Internet technology and e-commerce technology are evolving so rapidly, it is clearly preferable for solutions to avoid placing requirements on the Internet infrastructure that are dependent on a specific e-commerce technology. Given that the Internet generally ignores geography and makes it difficult for vendors or third parties to assure identification of a purchaser, there are significant difficulties associated with solutions that depend on ascertaining the location of the purchaser.
|
From page 209... ...
55sasic telephone service has long been regarded as a social good, universal access to which required a deliberate policy effort to achieve. However, the history of universal service policies can support a different interpretation.
|
From page 210... ...
the availability of dial-up Internet access service providers. A recent study by Downes and Greenstein57 found ~at, as of We spring of 1998, most of the U.s.
|
From page 211... ...
Census Bureau data from December 19986° indicates that, of the households able to access the Internet, the fraction that actually subscribe to an ISP is far from 100 percent 41.1 percent of U.S. households owned computers and roughly 25 percent had Internet service.
|
From page 212... ...
It does not take a position on whether universal service programs should be extended to the Internet or on how they should be funded and managed, because to do so adequately would require full consideration of the costs and benefits over time, a complex matter well beyond the scope of this report. Universal service policies have, at their core, sought to ensure that price or geographical location is not a barrier to use.
|
From page 213... ...
The traditional universal service obligation applied to telecommunications carriers was a bundle of obligations that users, service providers, and regulators experienced as a single package. The characteristics of universal telephone service such as expectations for quality and access to callers within the local area, to interexchange carriers, and to operator and emergency services were well defined and had been developed over the course of many years.
|
From page 214... ...
Because Internet technologies are immature and still in the early stages of deployment, it would be premature to embody them in regulation. Even the application that was the basic element of traditional universal service, voice telephony, presents difficulties from a universal service standpoint when it is offered as an Internet service.
|
From page 215... ...
, the establishment of particular service obligations in exchange for other regulatory relief, or, more recently, explicit fees.63 The Internet, by contrast, has a much richer assortment of service providers, ranging from single-niche service providers to full, vertically integrated service providers. Therefore, if it is decided that a universal service program aimed at households is warranted, a range of options for achieving this aim should be considered.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.