Click for next page ( 178


The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 177
5 Implications for Broad Public Police INTRODUCTION So far, the bulk of this report has focused on the Internet from the inside out how its essential technologies are evolving and how the par- ties that build and operate it are evolving. In this chapter, the committee looks at the Internet from the outside in, examining some of the broader influences on the Internet that stem from the interests of the individuals and organizations that use it and the special concerns of governments, which have their own objectives and which can help balance and protect the interests of individuals and other parties that use the Internet. The Internet has become the basis for a widening set of social, politi- cal, and economic functions and is becoming ever more pervasive throughout society and its institutions. The benefits resulting from the Internet's intrinsic qualities have an accompanying cost: disruption of the social, political, legal, and economic conventions on which a wide variety of useful understandings have been based. While these consequences have been recognized for a number of years, they have grown in impor- tance as the Internet has become a key societal infrastructure. Reflecting the Internet's increased prominence, a diverse set of stakeholders both the existing players and new, Internet-focused ones are Having atten- tion to its impacts. 1 en tJ The scope of the discussion here is limited, consistent with the scope and resources of the project: a small but important and interconnected set of policy issues is outlined. The discussion is intended to illuminate the 177

OCR for page 177
178 THE INTERNET'S COMING OF AGE interplay of technical, economic/business, and public policy factors, drawing on the committee's experience in all three areas. Because the interplay is dynamic today's observations differ from yesterday's and will be overtaken by events tomorrow it can be hard to devise practical responses to perceived problems. Nevertheless, responses are being de- vised, and a variety of technical, business, and public policy actions are already being proposed or attempted. Understanding and monitoring the kinds of issues discussed here is important for making judgments about how individuals, organizations, and governments could or should act in using or shaping the Internet. The question is not just what the Internet does to policy but also what policy can do to the Internet. The second part of the question how policy affects the Internet asks how policy decisions that seek to impose particular technological solutions could adversely affect the Internet's architecture and growth as well as how policy decisions in areas such as privacy could affect user acceptance of the Internet and the services that run over it. How these issues are resolved is important to realizing (or limiting) the potential of the Internet. While they are not solely technological issues, their emergence as policy questions and the capacity to address them are shaped by technological developments. This chapter addresses how the architecture of the Internet creates new issues and challenges and requires new approaches from policy makers if policy goals are to be met consistent with the strengths of the design and architecture that underlie the Internet. The first set of issues privacy, autonomy, and identity, along with authentication arises from the sheer size of the Internet and from growth in the number of people and organizations that it interconnects increas- ingly, people communicate over the Internet with strangers and others of whom they have limited knowledge or control. This set of issues centers on how the Internet's design, which provides limited information about the identity or location of users, affects how we control our identity or evaluate the identities others present to use and what that means for our understanding of privacy and the uses of anonymity. The Internet pro- vides weak clues about location or identity. Its essential indifference to geography is, of course, valuable when it allows us to check our e-mail from New York one day and from Los Angeles the next, readily retrieve materials stored on a distant computer, or engage in a commercial trans- action with someone a continent away. Yet it also raises challenges to laws and practices that are premised on knowing the location of parties to a transaction. An IP address is only loosely related to the geographical location or identity of a user or networked computing resource this in- ~See, for example, Sherry Turkle. 1995. Life on the Screen: Identity in the Age of the Internet. New York: Simon & Schuster.

OCR for page 177
IMPLICATIONS FOR BROAD PUBLIC POLICY 179 formation can sometimes be inferred, perhaps after an exhaustive investi- gation, but it is not readily available.2 That some ISPs believe their net- work topology and the location of their facilities is sensitive proprietary information contributes to the lack of information about location. Nor do many of the applications that run over IP provide authoritative informa- tion on either identity or location. The absence of identifying information provides benefits in terms of free expression but raises serious issues about how we manage, recognize, or negotiate identifying information about people and things in the electronic world. The discussion in this chapter examines these competing directions and explores whether rel- evant design enhancements/changes should be left to competitive forces in the marketplace or require some focused attention by industry and/or government. The second set of issues taxation and universal service is related to government missions. Government is empowered to collect taxes to fund its operations, and it has an interest in both preserving its revenues while also fairly allocating the associated burdens, issues captured in debates about taxation of transactions conducted over the Internet. As the principal actor when it comes to social policy, governments have moved to promote equitable access to the Internet because of its growing value as a medium for economic, educational, civic, and other kinds of opportunities, much as they have done for other infrastructure, such as 2Interestingly, the Internet did not always have such a loose coupling between IP address and location. This quality stems less from the basic Internet design than from subsequent decisions related to address space management and security. In the early days of the ARPANET, interface message processors (IMPs) required a direct correlation of IP address to port number on the IMP, so one was more likely to be able to tell where a computer was located. There were, however, various ways in which hosts could be connected that would have made it harder to tell where they were located. Moreover, users generally interacted with the network via terminal devices attached to host computers, and these could be located far from the host computers. Also, before CIDR and address aggregation (described in Chapter 2), users did not receive their addresses from providers. Pre-CIDR, addresses were more likely to be globally routed, down to a much finer level of aggregation, which again made it easier to know where devices associated with particular IP addresses were located. Address allocation policies coupled with service issues, such as maintaining secu- rity and increasing the ease of getting an Internet connection, did induce large organiza- tions to route all traffic in and out of their entire enterprise, which could span many differ- ent locations, through one connection. But with the advent of CIDR and a crackdown on inefficient address space utilization, providers and users were forced into denser and more obscure addressing relationships. Motivated by address shortages and security issues, enterprises are using NAT and firewall technology, in which globally unique addresses are not used within corporate networks, further obscuring location information.

OCR for page 177
180 THE INTERNET'S COMING OF AGE telecommunications. To the degree that the Internet can credibly claim to be an essential infrastructure for transactions in commerce, political par- ticipation, basic education, and many other areas, it will become ripe for consideration for universal service arrangements, which are interventions premised on arguments that market mechanisms will not support wide- spread access affordable by all. The tradition of universal service was eventually attached to all important information infrastructures in the pastpost, telephone, broadcasting, and, less obviously, basic education. PRIVACY, ANONYMITY, AND IDENTITY Driven in part by the ease with which information about individuals can be gathered, the Internet has amplified concerns about an interde- pendent set of issues privacy, anonymity, and identity (Box 5.1~. The closely associated subject of authentication is discussed in the following section. Also discussed here are the trade-offs that all of these might impose on privacy and individual rights. The section outlines important interactions among the Internet's technology, the Internet service pro- viders and related industry actors, Internet users, and policy develop- ment and identifies some avenues where progress might be expected. These issues are not new, but Internet growth and penetration have heightened attention to them and are influencing the context within which the Internet is evolving. Privacy Concerns about privacy have accompanied and been shaped by the development of technology for over a century.3 They have grown in 3see, for example, Samuel warren and Louis srandeis. 1890. ''The Right to Privacy., Harvard Law Review 4~193y, which laid out some of the fundamental arguments in favor of

OCR for page 177
IMPLICATIONS FOR BROAD PUBLIC POLICY 181 recent years with the introduction and widespread practice of such inno- vations as sophisticated customer profiling and telephone soliciting. The Internet has aggravated the situation. In surveys, people express concern about the amount of personal information available on the Internet, who controls that information, and how it may be used. For example, a 1998 Business Week survey4 found privacy to be the number one consumer issue facing the Internet, surpassing cost, ease of use, security, or spam. This survey found that 78 percent of online users would increase their use of the Internet if privacy practices were disclosed and that 61 percent of nonusers would be more likely to begin using the Internet if privacy practices were disclosed. (Survey answers notwithstanding, many people do provide personal information; most notably, some have chosen to pro- vide a good deal of personal information in exchange for free Internet access.) The absence of generally accepted, workable solutions is likely to continue to lead to calls for regulation, at least in the most troubling areas. For instance, concern about the online privacy of children in particular, information they might be induced to reveal about themselves or their families resulted in the passage of special legislation, the Children's Online Privacy Protection Act of 1998. Although there are pressures for broader change today,5 the outcome is uncertain. Historically, privacy advocates have been in the minority, people's actions belie the results of opinion surveys, and political pressure in the United States has been in- sufficient to invoke significant action. Mid-2000 debates over Federal Trade Commission interest in legislation related to online privacy are emblematic. In the United States, people continue to argue about privacy as a legal, protected right, while government-based inquiries into privacy policy have articulated principles for public policy and private action, notably so-called fair information practices. The essential elements of fair information practices are generally described as awareness, choice, data privacy in modern society. The article was occasioned in part by privacy issues created by developments in photography and photojournalism. see also Alan westin. 1967. Privacy and Freedom. New York: Atheneum; spiros simitis. 1987; ''Reviewing Privacy in an Infor- mation society. University of Pennsylvania Law Review 135:707-746; and James Katz and Annette Tessone. 1990. '~Public Opinion Trends: Privacy and Information Technology., Public Opinion Quarterly 54:125-143. 4As reported by TRUSTe at . 5A survey in 2000 by Odyssey, a market research firm, found that 82 percent of online households in the United states agreed that the government needed to play a role in how companies use personal information and 92 percent expressed some distrust of companies when it comes to protecting the confidentiality of personal information. see Steve Lohr. 2000. '~survey Finds Few Trust Promises on Online Privacy., New York Times, May 17, p. C4.

OCR for page 177
182 THE INTERNET'S COMING OF AGE security, and customer access.6 First advanced in the 1970s by a congres- sionally chartered commission on information privacy,7 these practices were also discussed in the context of l990s policy making on the na- tional/global information infrastructure and electronic commerce.8 Privacy relates to the use, release, and availability of personal infor- mation,9 that is, any information that is linked to an individual's identity or to attributes closely associated with that individual's identity. Per- sonal information is collected or revealed both directly, as happens when a user enters information into a Web form and submits it, and indirectly, as happens when information is gathered from publicly available infor- mation such as an e-mail directory. Whether in physical space or cyber- space, individuals are motivated to provide information about themselves for a variety of reasons, including the following: to obtain a desired product, service, or end result (e.g., a loan commitment or a health claim benefit); to obtain better, more customized/personalized products and services (e.g., personalized news); to obtain specific information of value (e.g., stock quotes) or in anticipation of gaining some unspecified benefit (e.g., current bargains or offers); or to be rewarded with rebates and dis- counts, loyalty points, or frequent flyer miles. At the same time, people worry, sometimes with justification, that their personal information may fall into the wrong hands or be misused. These concerns include such undesirable results as receipt of annoying and unwanted information or sales pitches; denial of a desired product, service, or end result (e.g., health coverage, an auto loan, or a job); personal embarrassment; damage to one's reputation; loss of trade secrets; or becoming a victim of some criminal activity such as stalking, theft, fraud, or identity takeover. 6See Department of Commerce. 1998. "Elements of Effective Self-Regulation for Protec- tion of Privacy." Available online from . While all seem to agree on basic principles, there are variations in the privacy frameworks that are used. For example, the Federal Trade Commission added another element, enforcement/redress, in a recent report to Congress. This is not surpris- ing, given the FTC's nature as an agency that makes and enforces rules. See Federal Trade Commission. 1999. "Self-regulation and Privacy Online: A Report to Congress." Washing- ton, D.C.: Federal Trade Commission, July. 7Privacy Protection Study Commission. 1977. Personal Privacy in an Information Society. 8Similar principles are contained in the "Electronic Bill of Rights" presented in the First Annual Report of the U.S. Government Working Group on Electronic Commerce . See U.S. Government Working Group on Electronic Commerce. 1998. First Annual Report, Novem- ber, p. 17. Available online at . 9"Privacy" is distinct from confidentiality, which refers to the protection of all types of sensitive information and is not necessarily approached from the perspective of protection of personal information per se.

OCR for page 177
IMPLICATIONS FOR BROAD PUBLIC POLICY 183 One area of particular concern is that information provided with the user's knowledge can also be used for purposes other than that for which it was originally provided. Web servers can store personal information given by the user while visiting the site; Web site operators can subse- quently use that information for other purposes, such as marketing, or provide or sell it to third parties. Users do not necessarily understand or appreciate the value of the information they provide, especially when different bits of information can be combined and used for new purposes. An individual data item by itself might not appear to pose a privacy concern. But when information is combined or associated with other, seemingly harmless bits of information often collected under different circumstances to build a dossier on a user, it may provide insights the user would consider detrimental. For instance, behind-the-scenes track- ing of users by means of cookiesl could permit address information en- tered at one Web site to be linked with tracking data indicating that a user had browsed several adult content Web sites. The result might be the unwanted, unexpected arrival in the mail of advertisements for adult films. In other cases, combining personal data from different sources can add value for customers. For example, an online bookseller that knows a customer enjoys Danielle Steel novels may send the customer a review of a new book by a different author that has been purchased by other cus- tomers with similar tastes.ll The customer never requested this informa- tion but may be glad to receive it. As another illustration, an airline Web site may refer a registered user who wants information about inexpensive vacations to a travel packager, who then e-mails the airline customer about bargain travel opportunities. In both examples a firm uses personal information to offer services and products that some customers perceive as valuable and others as a waste of time, offensive spam, or gratuitous . invasions or privacy. A second area of concern with respect to the Internet is that some personal information can be collected online without the user's direct 10A cookie is a small piece of information that a Web site stores on your Web browser on your PC and can later retrieve. The cookie cannot be read by a Web site other than the one that set the cookie. Cookies can be used for a number of administrative purposes for example, to store your preferences for certain kinds of information or to store a password so that you do not have to input it every time you visit a Web site. Most cookies last only through a single visit to a Web site. Users can set up their Web browser to inform them when cookies are set or to prevent cookies from being set. 1lThis type of service relies on collaborative filtering technology, which guides people's choices of what to read, view, purchase, etc. based on information gathered from other people, such as other customers with similar preferences or purchasing patterns.

OCR for page 177
184 THE INTERNET'S COMING OF AGE knowledge or consent (either implied or by opt-out or opt-in decisionsl2~. For example, a Web site can store personal information on the user's computer as cookies or as hidden fields in URLs and forms that are acces- sible by that or other Web sites. Not only can personal information be collected by all of the organiza- tions and businesses that people interact with on the Internet, but it can also be collected by the Internet service providers themselves. One such example is that ISPs can and do record information on user actions (for internal purposes or to comply with a court order). Such information could include which DNS names are looked up by a particular customer, which Web sites are visited by a customer at what times, and how much information is transferred. Though the technical capability exists, ISPs may or may not regularly gather such information. Considerations in- clude the potential for alienating their customers and the performance degradation that could result from extensive monitoring. Although it is becoming more widely known that service providers can collect personal information, many users are still unaware of this possibility and its impli- cations. Another privacy concern relates to Internet infrastructure databases. Information can be captured from user e-mail addresses or directories made public by Internet service providers. For example, records of do- main name registrations and address allocations have traditionally been available to the public to permit users in other domains to track down problems and get assistance in resolving them. Now, however, these databases are being captured and used for targeted marketing purposes, which has led to calls for not making the data public. This echoes recent litigation over whether the customer proprietary network information (CPNI) collected by telephone companies, which includes the duration, frequency, and location of calls, may be given or sold to telemarketers without the explicit permission of customers.l3 Similarly, when govern- ment information that is in principle public but in practice hard to ac- 12In recognition of both the positive and negative aspects of collecting personal informa- tion, privacy experts distinguish between opt-in and opt-out approaches to managing the use of personal information. The first requires that the individual specifically authorize the use to which the information is put, while the second requires only that individuals have the option to state that they do not wish the information to be used in a particular manner. 13In August 1999, the U.S. Tenth Circuit Court of Appeals issued a ruling vacating the FCC's CPNI rules. (U S WEST, Inc. v. FCC, 10th Circuit No. 98-9518, filed August 18,1999), holding that the FCC's CPNI rules "must fall under the First Amendment." The Tenth Circuit Court's mandate has not yet been issued. According to the FCC, further litigation is possible. (See FCC. 1999. Common Carrier Bureau's Homepage for the CNPI Proceeding. Common Carrier Bureau, FCC, September 9. Available online at ~.

OCR for page 177
IMPLICATIONS FOR BROAD PUBLIC POLICY 185 cess such as property tax or motor vehicle records is made readily available over the Internet, this may be viewed as a violation of privacy.l4 "Online privacy" is generally understood to refer to information col- lected via e-mail, chat applications, user interactions with Web sites, and the like. The likely proliferation of networked appliances, sensors, and other embedded systems, which was discussed in Chapter 2, introduces new modes of information collection and new issues with respect to indi- vidual privacy on the Internet. Networked embedded devices are ex- pected to become a pervasive technology because of the powerful instru- mentation that can be achieved by placing sophisticated but low-cost sensor/actuators within physical environments.l5 Much as other net- worked resources have been used in novel and unexpected ways, it is also reasonable to foresee that networked devices will be used in ways that surpass the original intended uses of the collected data. Some of these will raise new privacy concerns and trigger debates similar to those sur- rounding online privacy. The same technologies that allow tracking people for legitimate purposes can also be used to monitor their activities invasively. This sort of debate has already arisen in the context of the recent Federal Communications Commission mandate that cellular tele- phone operators provide the means to determine much more precisely the position of callers when they place 911 (emergency) calls. These concerns are sure to grow in importance and attention as these devices are more and more widely deployed, as they almost surely will be. As a starting point, it appears reasonable to apply the same basic principles that have been applied to personal information to information that is passively collected by networked devices. That is, individuals should be informed that information about them is being collected and for what purpose, and they should be given the opportunity to view that information and make corrections. There are also issues of whether ex- plicit consent must be obtained (both for initial use and any subsequent uses). For consent to be meaningful and informed, it must be solicited in a carefully stipulated manner, and the individual must be given recourse. It is unclear, thus far, to what extent voluntary actions are addressing these privacy concerns. The most visible indicator may be statements of privacy policies verbal disclosures about what information is collected and how it is used. On the positive side, a study by Mary Culnan of the McDonough School of Business at Georgetown University found that 14A complementary situation where government seeks to capitalize on the broad reach of the Internet is the posting of information about individuals who have violated certain laws. 15A separate report from CSTB on these technologies is anticipated in 2001.

OCR for page 177
186 THE INTERNET'S COMING OF AGE nearly two-thirds (65.9 percent) of commercial Web sites that collect per- sonal information post some sort of privacy disclosure.l6 However, the same survey also indicates that only about 14 percent (and fewer than 10 percent of sites that collected personal information) provided privacy disclosure statements that addressed all four basic privacy elements (i.e., awareness, choice, data security, and customer access; for definitions see later in this chapter) and offered contact information to consumers with questions about the firm's privacy policies. A contemporaneous Forrester Research Briefl7 echoes this point, stating that "90 percent of sites fail to comply with the basic four privacy principles," and regular assessments by the Federal Trade Commission and privacy advocates raise questions about the willingness and ability of organizations to undertake this com- paratively simple measure. Technical Approaches to Protecting Privacy lust as Internet technology can accelerate and complicate the loss of privacy on the Internet, it can also protect that same privacy. For in- stance, as a countermeasure to the hidden gathering of information via cookies, Web browsers now can be set to deny loading of this personal information or to let users approve them on a case-by-case basis, and other software tools are available to help users manage these cookies. Web users are likely to find this a complex and tedious process, however, and some sites may not function with cookies disabled. As a conse- quence, new technologies are being developed to automate negotiations over privacy between users and the Web sites they wish to reach and to control the gathering of information based on these negotiations. All of the privacy-enhancement mechanisms are controversial; each embodies a particular set of features and trade-offs. Some have attracted many sup- porters, but there is thus far no consensus on the best mechanism. This is not surprising, because the technology is still evolving (through experi- mentation), as are privacy policies and procedures and attitudes about the mix of technical and nontechnical approaches. One new technological approach is the Platform for Privacy Prefer- ences (P3P), which is being developed by the World Wide Web Consor- 16Mary J. Culnan. 1999. Georgetown Internet Privacy Policy Survey: Report to the Federal Trade Commission. Washington, D.C.: McDonough School of Business, Georgetown Univer- sity, June. Available online at . 17PaulR. Hagen. 1999. Privacy Wakeup Call. Cambridge, Mass.: ForresterResearchInc., September 1. Available online at .

OCR for page 177
IMPLICATIONS FOR BROAD PUBLIC POLICY 187 tium.~8 P3P helps the user screen information requests and gives the user control over the delivery of requested information, including negotiation of privacy terms between the user and the service provider. It operates as a kind of digital analog to caller ID and caller ID blocking, whereby an answering party wishes to know who is phoning but may be denied this information if the calling party blocks the request. P3P increases the explicitness with which privacy policies are expressed, allowing the user and the service provider to specify the terms of use for each data item- i.e., how and for what purpose the information will be used and with whom it will be shared. P3P has the appeal of automation it can dimin- ish the need for ongoing monitoring and intervention by Internet users- but it requires significant setup effort. To specify privacy preferences down to each data element, a user may have to set 100 or more param- eters; alternatively, he or she can rely on a program that maps/infers these parameters from a smaller set of higher level preferences (or through learning user preferences by observing behavior). The system can also simply work with default settings that can be overridden by the user. Further complicating use of this technology is that user preferences may change frequently, making it hard to track what was agreed to for each data exchange. It is also an approach that requires multilateral actions- the installation and use of appropriate software by both providers and user. P3P has already been valuable for its contribution to the debate about online policy. As a sophisticated technical mechanism, it shows how the technology needs to be meshed with practice and procedure by individuals and organizations and illuminates some of the trade-offs in- volved in protecting on-line privacy. Policy and Regulatory Approaches to Privacy Protection The legal and regulatory environment surrounding privacy protec- tion on the Internet remains quite mixed and uncertain. The United States has generally dealt with privacy sector by sector, and policy has generally favored industry self-regulation or other nongovernmental solutions such as the technical approaches described above, although the government has articulated the fair information practices described above. Many firms participate in industry self-regulatory efforts, and many provide custom- )8World Wide Web Consortium (W3C). 2000. The Platform for Privacy Preferences 1.0 (P3P1.0) Specification, W3C Working Draft 10 May 2000. Cambridge, Mass.: W3C. Avail- able online at . See also Joseph Reagle and Lorrie Faith Cranor. 1999. "The Platform for Privacy Preferences." Communications of the ACM 42~2~: 48-55.

OCR for page 177
206 THE INTERNET'S COMING OF AGE complications associated with the different tax rates and rules. There are different tax structures (e.g., national or state/regional) and different ap- proaches to taxation (e.g., a sales tax versus a value-added taxed. Poten- tially taxable transactions can cross even national borders without there being any traceability other than that contained in transaction audit trails on vendors' systems. Additionally, the Internet environment has been conducive to creating new forms of value, both nonmonetary (e.g., online barter exchanges) and monetary (new forms of currency such as flooz, beenz, and RocketCash), that portend further strains on tax structures at least until they become widespread and commonplace enough to be mon- etized. On the issue of taxing online transactions, governments have compet- ing interests. Many state and local government leaders do not want to lose sales tax revenue when purchases are made from companies without nexus in that state, while other policy makers are interested in not retard- ing the growth of commerce over the Internet. Another consideration is that changing the current tax policy could affect the volume and distribu- tion of commerce that is conducted over the Internet, which could in turn affect the way in which the Internet is used. There is a lot of ambiguity and uncertainty as to how a change in tax policy would affect tax revenues or, directly, the growth of the Internet. Work by Goolsbee49 gives empirical support to the idea that taxes (and other price differences) will have significant effects on the purchasing behavior of individuals living in a "world without borders." He projects that the price impact of applying existing sales taxes to Internet commerce might reduce the number of online buyers by up to 24 percent. To the extent that e-commerce is an important driver of investment in Internet infrastructure (and supports other Internet services via advertising), the outcome would affect the Internet's future development and growth. Forecasts of the volume of tax revenue at stake vary. The National Governors Association has quoted forecasts that by 2002 there may be more than $300 billion in commerce over the Web or through mail order and concluded that this would result in up to $20 billion in lost tax rev- enue,50 and similar numbers are often cited by advocates of Internet taxa- tion. Goolsbee and Zittrain51 offer a different perspective. They observe 48In June 2000, for example, the EU considered imposing a broad VAT obligation. 49Austan Goolsbee. 2000. ''In a World Without Borders The Impact of Taxes on Internet commerce. The Quarterly Journal of Economics 115~2~:561-576. 50Juliana Gruenwald. 1998. vote Bodes Ill for Internet Tax Agreement., Congressional Quarterly This Week, August 3. 5lAustan Goolsbee and Jonathan zittrain. 1999. ''Evaluating the costs and Renews of Taxing Internet commerce. National Tax Journal 52 <3~:413428. Available online at .

OCR for page 177
IMPLICATIONS FOR BROAD PUBLIC POLICY 207 that the previously predicted amounts seem to include business-to-busi- ness as well as business-to-commerce sales; that they ignore the possibil- ity of trade creation; and that the calculations fail to account for the types of products being sold. They find that for the next several years, there is little tax revenue to be gained from enforcing taxes on Internet sales. When confronted with the issue of how to collect sales taxes for trans- actions conducted over the Internet, given that states and local munici- palities are the ones that levy sales tax, Congress passed the Internet Tax Freedom Act (ITFA), which put in place a 3-year moratorium on impos- ing new taxes associated with Internet transactions and established a con- gressional Advisory Commission on Electronic Commerce to study the question of sales tax revenue.52 This action was motivated by not wanting to do anything that could adversely impact the growth of commerce over the Internet and by the ambiguity resulting from the inherently borderless nature of the Internet. The ITFA, however, does not restrict the right of states to apply sales and use taxes to online commerce (these are not, after all, new taxes). Instead it primarily prevents states from applying new taxes to Internet access. The commission completed its work in April 2000 without the mandated supermajority of the committee reaching consen- sus. Resolution of the tensions between retaining a tax revenue base and fostering e-commerce are likely to remain a contentious political issue for some time.53 The difficulty of knowing the identity and location of parties to an e- commerce transaction is exacerbated by several factors. As discussed in an earlier section, the Internet enables a range of anonymous transactions, making it difficult to ascertain the identity of a purchaser let alone his or her location. The location capabilities that are offered by emerging wire- less data services may prove an exception, although they would be en- abled by mechanisms provided as part of the wireless service rather than conventional Internet connectivity provided through the wireless link. Also, digital systems acting on behalf of people or organizations, rather than the people or organizations themselves, can be the actors responsible for buying and distributing a product or service over the Internet. Of course in some instances location could still be established based on the delivery address. However, many goods are electronic (e.g., downloaded software or music) and many services can be delivered via communica- tions over the Internet, so these goods and services can be delivered to a 52Title XI of Public Law 105-277. 53Intel leader Andrew Grovels June 2000 statement supporting taxation of Internet-based commerce indicates that the high-tech industry does not have a uniform position on these issues.

OCR for page 177
208 THE INTERNET'S COMING OF AGE computer attached to the Internet without any physical goods being de- livered to a verifiable physical address. The recipient computer sits in a physical location, but associating a physical location with that computer's network address cannot be done with certainty in today's Internet. And internationally, even if there were agreements to collect taxes, enforce- ment of tax collection for physical goods shipped across national bound- aries would depend on customs agencies to block shipments or collect duty. One suggested remedy is to build into the Internet's infrastructure itself the ability to provide the location and/or identity of the parties to a transaction. However, efforts to embed solutions to the taxation problem at the network level would have far-reaching consequences for the Internet, which currently has no concept of locality in a geographical or geopolitical sense. As discussed in Chapter 1, a central design tenet of the Internet is the placing of applications and intelligence in the end systems rather than within the network. A solution to the taxation issue that relied on building into the network mechanisms that provide knowledge of the geographical location of a network element would violate this prin- ciple, as it would require a new, intelligent capability within that network that determines, and on request provides, the physical location of a de- vice or some surrogate, which is not easy to do in any case. Such a solution could also have adverse privacy implications. It would, in contrast, be possible to build such knowledge into end systems or higher- layer authentication infrastructures. It might, for example, be more pro- ductive to try to derive location information from authenticated informa- tion about a party to a transaction. Because Internet technology and e-commerce technology are evolving so rapidly, it is clearly preferable for solutions to avoid placing requirements on the Internet infrastructure that are dependent on a specific e-commerce technology. Given that the Internet generally ignores geography and makes it difficult for vendors or third parties to assure identification of a pur- chaser, there are significant difficulties associated with solutions that de- pend on ascertaining the location of the purchaser. This suggests, first, that if taxation policy relating to e-commerce must be changed, the changes should be as unspecific to geopolitical region as possible and, second, that today's sales tax system, which involves many thousands of distinct jurisdictions, would need to be simplified. And, in order to re- flect the Internet's architecture, including the dynamic nature of its rout- ing, taxation schemes should be based on the end points only and not on mechanisms embedded in intermediate points within the network. There are a number of solutions that avoid these problems. Some tax structures would not require a complex knowledge of geography to be built into the technology. A flat e-commerce sales tax collected by the

OCR for page 177
IMPLICATIONS FOR BROAD PUBLIC POLICY 209 seller at the time of payment would not be locality-sensitive, would re- quire no technology changes at the buyer's end, and would be easier for the vendor to implement. The collection of taxes would be simpler if they were added to each transaction at the point of sale, much as is done with a cash transaction at the physical point of sale today. (Such a scheme would also enable the appropriate tax to be collected even if the transac- tion were conducted anonymously.) Another simplification would be to separate the means of tax collection from the distribution and allocation of tax revenues. The issue of which governmental bodies get some of the tax collected and what portion of it they get could then be addressed separately by the respective governmental bodies. It would be easier to allocate revenue if such allocation did not depend on knowing the loca- tion of the purchaser. Of course other simplifying schemes could be devised that would not be such a radical departure from today's sales tax system. These approaches would help reconcile the tensions between those who want to preserve the tax revenue base for state and local gov- ernments and those who want to foster the growth of e-commerce, but striking a balance between these interests is likely to remain a contentious political issue for some time. UNIVERSAL SERVICE Equity in access to and use of the Internet is a matter of values and social policy. Such policy has been reflected in universal service for tele- phony, with access provided to people across all income classes.54 Uni- versal service programs fall into two general classes setting rates that benefit particular classes of customers (e.g., residential or rural users) who might otherwise face considerably higher rates and offering subsi- dized lifeline rates to low-income subscribers to expand the number of households with access to basic telephone service, thereby expanding opportunities for economic, community, and political participation and emergency (911) service. Universal service has long been an element of U.S. telecommunica- tions policy.55 Indeed, whether or not one agrees that universal service 54Universal service policies go beyond establishing uniform rates for service: they create subsidized ''lifeline,, rates for basic service at prices low enough to permit the poorest families to have access to the telephone network. 55sasic telephone service has long been regarded as a social good, universal access to which required a deliberate policy effort to achieve. However, the history of universal service policies can support a different interpretation. Milton Mueller argues that, given todays rates, universal access would easily have been achieved even without subsidiza- tion. see Milton Mueller. 1997. ''Universal service and the Telecommunications Act: Myth Made Law,,, Communications of the ACM 40~3~:3948.

OCR for page 177
210 THE INTERNET'S COMING OF AGE for networks is an appropriate objective of public policy, it is worm point- ing out that extension of universal service policies to new communica- tions networks has always enjoyed popular support. Historically, We government intervened to establish universal service at uniform rates for postal services as well as telephone service and to extend to remote areas and impoverished areas We benefits of such infrastructure as electrifica- tion and highway construction. Given the rapid pace at which Internet- . . .. .. . . . . . . . . . .. .. . . Dasecl applications and services are Demg Deployed In Dotn the private and public sectors, social and political demands for expanded access to Internet-based communications services, which are increasingly seen as essential for commerce, education, employment, or political participa- tion, can be expected to increase.56 There are several geography-related factors associated with Internet access. These geographical considerations are, of course, closely linked to economic factors. Places win less access will generally be Hose where We remoteness, the lower density of potential customers, or the lower ability (or willingness) of the population to pay make the provision of service a higher-cost undertaking or a less attractive investment. There are differences in We availability and price of dial-up access Mat depend on (1) the number of carriers Mat have established local access points (whereby dial-up access is via a local, typically flat-rate billed call) in a given location and (2) the availability of dial-up Internet access service providers. A recent study by Downes and Greenstein57 found ~at, as of We spring of 1998, most of the U.s. population had access to competitive dial-up Internet service. According to this research, more Man 90 percent of the population lived in areas served by more than 10 ISPs, while fewer than 1 percent lived in areas without any dial-up service.58 56Concerns about universal access to the Internet are not new. For example, in the fall of 1993, they were featured in an Administration policy statement (William Jefferson Clinton and Albert Gore. 1993. The National Information Infrastructure: Agenda for Action. Washing- ton, D.C., September 15. Available online at ~. The state of access to Internet and related services has also been the subject of a series of Na- tional Telecommunications and Information Administration (NTIA) reports from 1995 to the present. (NTIA, Department of Commerce. 1995. Falling Through the Net: A Survey of the "Have Nots" in Rural and Urban America. Washington, D.C.: NTIA, July. Available online at .) 57Thomas A. Downes and Shane M. Greenstein. 1998. "Do Commercial ISPs Provide Universal Access?" Competition, Regulation, and Convergence: Current Trends in Telecommu- nications Policy Research. Sharon Gillet and Ingo Vogelsang, eds. Mahwah, N.J.: Lawrence Erlbaum. Available online at . 58Even in unserved areas, the upper bound on the cost of dial-up Internet is set by the roughly $4 to $5 hourly rate offered by a number of ISPs for access via toll-free numbers.

OCR for page 177
IMPLICATIONS FOR BROAD PUBLIC POLICY 211 High-speed (broadband) access is less widespread than lower-speed dial-up service.59 Constraints include technical factors (e.g., DSL services are limited to locations within a given distance from a local exchange, with the exact distance depending on the variant of DSL technology em- ployed, the bandwidth, and the condition of the phone lines); the extent to which the necessary telecommunications infrastructure is present (e.g., cable modem service is limited to locations passed by cable service, which is less prevalent in rural areas), and the pace at which investment is made in service deployment, including the associated required infrastructure improvements. With deployment of such services in its early stages, a few communities have both DSL and cable service and many have no high-speed services at all. Higher bandwidth services require investment in upgraded facilities (e.g., deployment of DSL facilities in the telephone local exchange or upgraded cable plants) and so are more likely to occur, at least in the earlier phases of deployment, in wealthier communities, where more customers are likely to purchase service as a result of an upgrade. Whether physical access to high-speed services will begin to approach the near-universal level seen for dial-up service as deployment continues remains to be seen. It is the subject of political and regulatory debate. Access to a service does not mean that it will be used; this can be seen in the history of telephone and television use. There have been a variety of studies conducted by both government and market research firms to monitor and describe patterns of Internet access and use. One such effort culminated in a series of reports from the National Telecommunications and Information Administration (NTIA). For example, a fuly 1999 NTIA report based on U.S. Census Bureau data from December 19986 indicates that, of the households able to access the Internet, the fraction that actu- ally subscribe to an ISP is far from 100 percent 41.1 percent of U.S. households owned computers and roughly 25 percent had Internet ser- vice. Such studies point not only to the persistence of disparities but also to their instability: whole groups can increase their use of the Internet between studies, and the implications of the findings are hard to pin down. A number of efforts have been made to understand the extent of 59sroadband last-mile technologies and local access are the concerns of a separate csTs study, to be completed in 2001. 60Nationa1 Telecommunications and Information Administration tNTIAy, u.s. Depart- ment of commerce. July 1999. Falling Through the Net: Defining the Digital Divide: A Report on the Telecommunications and Information Technology Gap in America. Washington, D.C.: NTIA. Available online at .

OCR for page 177
212 THE INTERNET'S COMING OF AGE disparities in service, including those between high- and low-income households and between urban and rural status and those based on edu- cation or race. The situation is volatile, with a panoply of data showing both persistent disparities as well as instances where disparities have decreased over time. To what extent is the fraction of the population that has Internet access likely to broaden? Recent years have seen a drop in the cost of computer equipment required to access the Internet; relatively inexpen- sive PCs and a range of Internet access appliances have entered the mar- ket. Also, various new businesses are offering free Internet access or even free PCs along with Internet service in exchange for viewing advertising. Complementing home-based access, kiosks operated by public institu- tions and commercial enterprises make Internet access available in a num- ber of public places. One motivation for the federal e-rate program that provides subsidies to schools, libraries, and hospitals is to increase the number of public access points. Free e-mail services allow people unable to afford Internet service to maintain private e-mail accounts that are accessible from public locations. However, the long-term viability of new schemes and business models for providing Internet service remains to be proven. Pricing schemes and bundling are in flux as new business mod- els emerge. Declining costs and increasing utility may result in universal or nearly universal access to the Internet without any government action, but this outcome is neither certain nor guaranteed. Universal service programs applied to Internet-based services raise a number of social and political questions, including who should receive universal service benefits, what value judgments underlie these choices, whether funds should be obtained from service-specific sources or from general funds, what constitutes universal service (e.g., which collection of services, from personal/household access to access through public facili- ties), and even whether universal service programs should be imple- mented at all. In this section, the committee briefly reviews what is known about Internet penetration in the United States and then addresses some issues that would arise if one were to try to implement universal service policies for the Internet. It does not take a position on whether universal service programs should be extended to the Internet or on how they should be funded and managed, because to do so adequately would require full consideration of the costs and benefits over time, a complex matter well beyond the scope of this report. Universal service policies have, at their core, sought to ensure that price or geographical location is not a barrier to use. These policies com- bine two distinct elements universality of physical access and universal- ity of financial access. In the case of the Internet, the cost is the sum of several elements. First, there is the price of the Internet service itself.

OCR for page 177
IMPLICATIONS FOR BROAD PUBLIC POLICY 213 Second, there is the cost of access to the Internet (e.g., via cable modem, DSL, or dial-up services), which is frequently bundled together with the cost of Internet service or, in the case of dial-up access, already paid for as part of local telephone service. Third, there is the cost of the associated hardware (computer and modem or other connection device) and the communications software (generally available at little or no cost or bundled with a PC's operating system or with the Internet service). Fi- nally, there are additional costs associated with the use of particular online services, such as subscription fees for accessing particular content. The traditional universal service obligation applied to telecommuni- cations carriers was a bundle of obligations that users, service providers, and regulators experienced as a single package. The characteristics of universal telephone service such as expectations for quality and access to callers within the local area, to interexchange carriers, and to operator and emergency services were well defined and had been developed over the course of many years. Internet services stand in marked contrast. For the Internet user, service translates into a set of Internet applications (e.g., Web browsing, listening to audio programming, video conferencing, or banking online). What the user experiences as "service" depends on the software running on both his and an application provider's computer as well as the characteristics of the network links over which the commu- nication passes. The notion of guaranteeing a particular service to a broad class of potential subscribers needs to be revised, since service in the end- to-end model is in the control of applications running on machines at the edges of the network as well as the capacity and explicit quality of service mechanisms offered by a network operator.61 In some cases these appli- cations and services are offered as part of a bundle from the Internet service provider, but in general they are provided separately. The desired applications will vary from user to user, and the available mix will change over time as new Internet applications emerge and old ones fall out of favor (few, for example, make use of "gopher" today). Which services and applications (e.g., e-mail, Web, chat, telephony, or streaming video) 61Moreover, even in the telephony model, no single service was adequate to provide equivalent network access for all users. Users with disabilities, for example, were not well- served under the traditional universal service schemes. Interface and access issues were explored by the CSTB (Computer Science and Telecommunications Board (CSTB), National Research Council. 1997. More Than Screen Deep: Toward Every-Citizen Interfaces to the Nation's Information Infrastructure. Washington, D.C.: National Academy Press). Implement- ing provisions of section 255 of the 1996 Telecommunications Act and section 251(a)~2) of the Communications Act of 1934, the FCC issued rules on July 15, 1999, aimed increasing access to such telecommunications hardware as telephones and to services such as call- waiting and operator service.

OCR for page 177
214 THE INTERNET'S COMING OF AGE should be included in a universal service package, and at what perfor- mance level (e.g., speed of download) and quality level (e.g., reliability)? The emergence of alternatives to dial-up access for residential Internet access means there are more choices with respect to bandwidth and ser- vice quality as well a range of service and price options. Also, the Internet's default best-effort service quality allows no guarantees that adequate capacity and quality will be provided to support particular ap- plications. Approaches for providing explicit quality of service are emerg- ing, but there is neither broad agreement on which approaches to use nor widespread deployment, particularly for the home users who are the target of universal service policies. Also, while some applications would be provided by a customer's ISP directly, most require communications across Internet provider boundaries. In the case of the Internet, termina- tion would, at a minimum, mean that any Internet user could access any other user. By virtue of the arrangements that interlink the Internet's constituent networks, basic best-effort connectivity is provided to all net- work users. However, especially in the case of residential customers, there is generally no service level agreement nor are explicit quality-of- service mechanisms supported. One concern expressed by consumer ac- tivists is that people with subsidized or lowest-cost access might not re- ceive service that supports explicit quality of service and might therefore experience a significantly degraded Internet service or be unable to use certain demanding applications. Efforts have been made to define classes of Internet services. For instance, several years ago the Cross-Industry Working Team project led to the concept of "NII Class Profiles" for characterizing end-to-end per- formance.62 Such classification schemes are intended, for example, to simplify specification of the requirements of an application and the ability of equipment and services to meet those requirements. While such a classification might be useful to consumers for evaluating the technology options available to them, its use to define fixed bundles of service in a universal service policy would be too limiting. Because Internet technolo- gies are immature and still in the early stages of deployment, it would be premature to embody them in regulation. Even the application that was the basic element of traditional univer- sal service, voice telephony, presents difficulties from a universal service standpoint when it is offered as an Internet service. As the discussion in Chapter 4 indicates, there are many approaches to providing IP or Internet telephony, complicating efforts to define a standard service. There are 62Cross-Industry Working Team (XIWT). 1997. Class Profiles for the Current and Emerging NII. White paper. Reston, Va.: XIWT, Corporation for National Research Initiatives. Avail- able online from .

OCR for page 177
IMPLICATIONS FOR BROAD PUBLIC POLICY 215 multiple tiers of service quality, some of which offer consumers a lower price in exchange for reduced guarantees of service quality. Moreover, the issue of guaranteed access to critical services such as 911 service, which is an element of telephony universal service obligations, is an espe- cially difficult one in an Internet context. While it can be anticipated that future obligations will build on those associated with today's 911 service, it is difficult to predict how expectations for critical services will evolve, how they will be shaped by new Internet capabilities, or how they will be implemented. In telephony, universal service programs, whether aimed at address- ing financial or geographical disadvantages, generally involve setting rates and fees so as to achieve a particular objective, whether it is to benefit particular subscribers, extend the telephone network, or increase the total number of subscribers. A number of mechanisms can be em- ployed, including cross-subsidies among service offerings (e.g., subsidiz- ing local calling at the expense of long-distance calling), different rates for different classes of users (e.g., lower rates for residential as opposed to business users), the establishment of particular service obligations in exchange for other regulatory relief, or, more recently, explicit fees.63 The Internet, by contrast, has a much richer assortment of service providers, ranging from single-niche service providers to full, vertically integrated service providers. Therefore, if it is decided that a universal service program aimed at households is warranted, a range of options for achieving this aim should be considered. The rapid change in Internet services and service offerings would argue for a technology-neutral ap- proach one that does not rely on mandates to service providers that specific types of service be made available at regulated, possibly subsi- dized rates. A recent example of this approach is the e-rate program, which has used a fee levied on telephone service to establish a fund to help schools, libraries, and hospitals to pay for Internet access. It is not necessary to transfer resources through cross-subsidies among classes of customer. Other options include subsidies funded by general tax revenue and used by needy citizens to purchase services of their choosing (within established guidelines) something more akin to food stamp programs. 63The committee has been careful to avoid labeling these mechanisms as cross-subsidies as there are arguments refuting the idea. For example, there are data that suggest and a number of state public utility commissions have accepted this viewpoint that residential rates fully cover the costs of providing that service, which suggests that there is not a transfer between business and residential customers. Also, since universal service pro- grams have network extension as one goal, it can be argued that what might appear to be a transfer of money is, in fact, the regulatory apparatus positioning subscribers to capture the network externality. In other words, if new subscribers come on the network, then there may or may not be a subsidy of the new user.

OCR for page 177