|
Items in cart [0] |
Questions? Call 888-624-8373 |
PAPERBACK + PDF PAPERBACK PDF BOOK PDF CHAPTERS Free Resources |
||||||||||||||||
|
||||||||||||||||
|
|
|||||||||||||||
| ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
| Copyright © 2009. National Academy of Sciences. All rights reserved. Terms of Use and Privacy Statement |
Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 177
5
Implications for Broad Public Police
INTRODUCTION
So far, the bulk of this report has focused on the Internet from the
inside out how its essential technologies are evolving and how the par-
ties that build and operate it are evolving. In this chapter, the committee
looks at the Internet from the outside in, examining some of the broader
influences on the Internet that stem from the interests of the individuals
and organizations that use it and the special concerns of governments,
which have their own objectives and which can help balance and protect
the interests of individuals and other parties that use the Internet.
The Internet has become the basis for a widening set of social, politi-
cal, and economic functions and is becoming ever more pervasive
throughout society and its institutions. The benefits resulting from the
Internet's intrinsic qualities have an accompanying cost: disruption of the
social, political, legal, and economic conventions on which a wide variety
of useful understandings have been based. While these consequences
have been recognized for a number of years, they have grown in impor-
tance as the Internet has become a key societal infrastructure. Reflecting
the Internet's increased prominence, a diverse set of stakeholders both
the existing players and new, Internet-focused ones are Having atten-
tion to its impacts.
1 en tJ
The scope of the discussion here is limited, consistent with the scope
and resources of the project: a small but important and interconnected set
of policy issues is outlined. The discussion is intended to illuminate the
177
OCR for page 178
178
THE INTERNET'S COMING OF AGE
interplay of technical, economic/business, and public policy factors,
drawing on the committee's experience in all three areas. Because the
interplay is dynamic today's observations differ from yesterday's and
will be overtaken by events tomorrow it can be hard to devise practical
responses to perceived problems. Nevertheless, responses are being de-
vised, and a variety of technical, business, and public policy actions are
already being proposed or attempted. Understanding and monitoring
the kinds of issues discussed here is important for making judgments
about how individuals, organizations, and governments could or should
act in using or shaping the Internet. The question is not just what the
Internet does to policy but also what policy can do to the Internet. The
second part of the question how policy affects the Internet asks how
policy decisions that seek to impose particular technological solutions
could adversely affect the Internet's architecture and growth as well as
how policy decisions in areas such as privacy could affect user acceptance
of the Internet and the services that run over it. How these issues are
resolved is important to realizing (or limiting) the potential of the Internet.
While they are not solely technological issues, their emergence as policy
questions and the capacity to address them are shaped by technological
developments. This chapter addresses how the architecture of the Internet
creates new issues and challenges and requires new approaches from
policy makers if policy goals are to be met consistent with the strengths of
the design and architecture that underlie the Internet.
The first set of issues privacy, autonomy, and identity, along with
authentication arises from the sheer size of the Internet and from growth
in the number of people and organizations that it interconnects increas-
ingly, people communicate over the Internet with strangers and others of
whom they have limited knowledge or control. This set of issues centers
on how the Internet's design, which provides limited information about
the identity or location of users, affects how we control our identity or
evaluate the identities others present to use and what that means for our
understanding of privacy and the uses of anonymity. The Internet pro-
vides weak clues about location or identity. Its essential indifference to
geography is, of course, valuable when it allows us to check our e-mail
from New York one day and from Los Angeles the next, readily retrieve
materials stored on a distant computer, or engage in a commercial trans-
action with someone a continent away. Yet it also raises challenges to
laws and practices that are premised on knowing the location of parties to
a transaction. An IP address is only loosely related to the geographical
location or identity of a user or networked computing resource this in-
~See, for example, Sherry Turkle. 1995. Life on the Screen: Identity in the Age of the Internet.
New York: Simon & Schuster.
OCR for page 179
IMPLICATIONS FOR BROAD PUBLIC POLICY
179
formation can sometimes be inferred, perhaps after an exhaustive investi-
gation, but it is not readily available.2 That some ISPs believe their net-
work topology and the location of their facilities is sensitive proprietary
information contributes to the lack of information about location. Nor do
many of the applications that run over IP provide authoritative informa-
tion on either identity or location. The absence of identifying information
provides benefits in terms of free expression but raises serious issues
about how we manage, recognize, or negotiate identifying information
about people and things in the electronic world. The discussion in this
chapter examines these competing directions and explores whether rel-
evant design enhancements/changes should be left to competitive forces
in the marketplace or require some focused attention by industry and/or
government.
The second set of issues taxation and universal service is related
to government missions. Government is empowered to collect taxes to
fund its operations, and it has an interest in both preserving its revenues
while also fairly allocating the associated burdens, issues captured in
debates about taxation of transactions conducted over the Internet. As
the principal actor when it comes to social policy, governments have
moved to promote equitable access to the Internet because of its growing
value as a medium for economic, educational, civic, and other kinds of
opportunities, much as they have done for other infrastructure, such as
2Interestingly, the Internet did not always have such a loose coupling between IP address
and location. This quality stems less from the basic Internet design than from subsequent
decisions related to address space management and security. In the early days of the
ARPANET, interface message processors (IMPs) required a direct correlation of IP address
to port number on the IMP, so one was more likely to be able to tell where a computer was
located. There were, however, various ways in which hosts could be connected that would
have made it harder to tell where they were located. Moreover, users generally interacted
with the network via terminal devices attached to host computers, and these could be
located far from the host computers. Also, before CIDR and address aggregation (described
in Chapter 2), users did not receive their addresses from providers. Pre-CIDR, addresses
were more likely to be globally routed, down to a much finer level of aggregation, which
again made it easier to know where devices associated with particular IP addresses were
located. Address allocation policies coupled with service issues, such as maintaining secu-
rity and increasing the ease of getting an Internet connection, did induce large organiza-
tions to route all traffic in and out of their entire enterprise, which could span many differ-
ent locations, through one connection. But with the advent of CIDR and a crackdown on
inefficient address space utilization, providers and users were forced into denser and more
obscure addressing relationships. Motivated by address shortages and security issues,
enterprises are using NAT and firewall technology, in which globally unique addresses are
not used within corporate networks, further obscuring location information.
OCR for page 180
180
THE INTERNET'S COMING OF AGE
telecommunications. To the degree that the Internet can credibly claim to
be an essential infrastructure for transactions in commerce, political par-
ticipation, basic education, and many other areas, it will become ripe for
consideration for universal service arrangements, which are interventions
premised on arguments that market mechanisms will not support wide-
spread access affordable by all. The tradition of universal service was
eventually attached to all important information infrastructures in the
past—post, telephone, broadcasting, and, less obviously, basic education.
PRIVACY, ANONYMITY, AND IDENTITY
Driven in part by the ease with which information about individuals
can be gathered, the Internet has amplified concerns about an interde-
pendent set of issues privacy, anonymity, and identity (Box 5.1~. The
closely associated subject of authentication is discussed in the following
section. Also discussed here are the trade-offs that all of these might
impose on privacy and individual rights. The section outlines important
interactions among the Internet's technology, the Internet service pro-
viders and related industry actors, Internet users, and policy develop-
ment and identifies some avenues where progress might be expected.
These issues are not new, but Internet growth and penetration have
heightened attention to them and are influencing the context within
which the Internet is evolving.
Privacy
Concerns about privacy have accompanied and been shaped by the
development of technology for over a century.3 They have grown in
3see, for example, Samuel warren and Louis srandeis. 1890. ''The Right to Privacy.,
Harvard Law Review 4~193y, which laid out some of the fundamental arguments in favor of
OCR for page 181
IMPLICATIONS FOR BROAD PUBLIC POLICY
181
recent years with the introduction and widespread practice of such inno-
vations as sophisticated customer profiling and telephone soliciting. The
Internet has aggravated the situation. In surveys, people express concern
about the amount of personal information available on the Internet, who
controls that information, and how it may be used. For example, a 1998
Business Week survey4 found privacy to be the number one consumer
issue facing the Internet, surpassing cost, ease of use, security, or spam.
This survey found that 78 percent of online users would increase their use
of the Internet if privacy practices were disclosed and that 61 percent of
nonusers would be more likely to begin using the Internet if privacy
practices were disclosed. (Survey answers notwithstanding, many people
do provide personal information; most notably, some have chosen to pro-
vide a good deal of personal information in exchange for free Internet
access.) The absence of generally accepted, workable solutions is likely to
continue to lead to calls for regulation, at least in the most troubling areas.
For instance, concern about the online privacy of children in particular,
information they might be induced to reveal about themselves or their
families resulted in the passage of special legislation, the Children's
Online Privacy Protection Act of 1998. Although there are pressures for
broader change today,5 the outcome is uncertain. Historically, privacy
advocates have been in the minority, people's actions belie the results of
opinion surveys, and political pressure in the United States has been in-
sufficient to invoke significant action. Mid-2000 debates over Federal
Trade Commission interest in legislation related to online privacy are
emblematic. In the United States, people continue to argue about privacy
as a legal, protected right, while government-based inquiries into privacy
policy have articulated principles for public policy and private action,
notably so-called fair information practices. The essential elements of fair
information practices are generally described as awareness, choice, data
privacy in modern society. The article was occasioned in part by privacy issues created by
developments in photography and photojournalism. see also Alan westin. 1967. Privacy
and Freedom. New York: Atheneum; spiros simitis. 1987; ''Reviewing Privacy in an Infor-
mation society. University of Pennsylvania Law Review 135:707-746; and James Katz and
Annette Tessone. 1990. '~Public Opinion Trends: Privacy and Information Technology.,
Public Opinion Quarterly 54:125-143.
4As reported by TRUSTe at .
5A survey in 2000 by Odyssey, a market research firm, found that 82 percent of online
households in the United states agreed that the government needed to play a role in how
companies use personal information and 92 percent expressed some distrust of companies
when it comes to protecting the confidentiality of personal information. see Steve Lohr.
2000. '~survey Finds Few Trust Promises on Online Privacy., New York Times, May 17, p.
C4.
OCR for page 182
OCR for page 183
OCR for page 184
OCR for page 185
OCR for page 186
OCR for page 187
OCR for page 206
OCR for page 207
OCR for page 208
OCR for page 209
OCR for page 210
OCR for page 211
OCR for page 212
OCR for page 213
OCR for page 214
OCR for page 215
OCR for page 216
Representative terms from entire chapter:
universal service
182
THE INTERNET'S COMING OF AGE
security, and customer access.6 First advanced in the 1970s by a congres-
sionally chartered commission on information privacy,7 these practices
were also discussed in the context of l990s policy making on the na-
tional/global information infrastructure and electronic commerce.8
Privacy relates to the use, release, and availability of personal infor-
mation,9 that is, any information that is linked to an individual's identity
or to attributes closely associated with that individual's identity. Per-
sonal information is collected or revealed both directly, as happens when
a user enters information into a Web form and submits it, and indirectly,
as happens when information is gathered from publicly available infor-
mation such as an e-mail directory. Whether in physical space or cyber-
space, individuals are motivated to provide information about themselves
for a variety of reasons, including the following: to obtain a desired
product, service, or end result (e.g., a loan commitment or a health claim
benefit); to obtain better, more customized/personalized products and
services (e.g., personalized news); to obtain specific information of value
(e.g., stock quotes) or in anticipation of gaining some unspecified benefit
(e.g., current bargains or offers); or to be rewarded with rebates and dis-
counts, loyalty points, or frequent flyer miles. At the same time, people
worry, sometimes with justification, that their personal information may
fall into the wrong hands or be misused. These concerns include such
undesirable results as receipt of annoying and unwanted information or
sales pitches; denial of a desired product, service, or end result (e.g.,
health coverage, an auto loan, or a job); personal embarrassment; damage
to one's reputation; loss of trade secrets; or becoming a victim of some
criminal activity such as stalking, theft, fraud, or identity takeover.
6See Department of Commerce. 1998. "Elements of Effective Self-Regulation for Protec-
tion of Privacy." Available online from
IMPLICATIONS FOR BROAD PUBLIC POLICY
183
One area of particular concern is that information provided with the
user's knowledge can also be used for purposes other than that for which
it was originally provided. Web servers can store personal information
given by the user while visiting the site; Web site operators can subse-
quently use that information for other purposes, such as marketing, or
provide or sell it to third parties. Users do not necessarily understand or
appreciate the value of the information they provide, especially when
different bits of information can be combined and used for new purposes.
An individual data item by itself might not appear to pose a privacy
concern. But when information is combined or associated with other,
seemingly harmless bits of information often collected under different
circumstances to build a dossier on a user, it may provide insights the
user would consider detrimental. For instance, behind-the-scenes track-
ing of users by means of cookiesl° could permit address information en-
tered at one Web site to be linked with tracking data indicating that a user
had browsed several adult content Web sites. The result might be the
unwanted, unexpected arrival in the mail of advertisements for adult
films. In other cases, combining personal data from different sources can
add value for customers. For example, an online bookseller that knows a
customer enjoys Danielle Steel novels may send the customer a review of
a new book by a different author that has been purchased by other cus-
tomers with similar tastes.ll The customer never requested this informa-
tion but may be glad to receive it. As another illustration, an airline Web
site may refer a registered user who wants information about inexpensive
vacations to a travel packager, who then e-mails the airline customer
about bargain travel opportunities. In both examples a firm uses personal
information to offer services and products that some customers perceive
as valuable and others as a waste of time, offensive spam, or gratuitous
.
invasions or privacy.
A second area of concern with respect to the Internet is that some
personal information can be collected online without the user's direct
10A cookie is a small piece of information that a Web site stores on your Web browser on
your PC and can later retrieve. The cookie cannot be read by a Web site other than the one
that set the cookie. Cookies can be used for a number of administrative purposes for
example, to store your preferences for certain kinds of information or to store a password
so that you do not have to input it every time you visit a Web site. Most cookies last only
through a single visit to a Web site. Users can set up their Web browser to inform them
when cookies are set or to prevent cookies from being set.
1lThis type of service relies on collaborative filtering technology, which guides people's
choices of what to read, view, purchase, etc. based on information gathered from other
people, such as other customers with similar preferences or purchasing patterns.
184
THE INTERNET'S COMING OF AGE
knowledge or consent (either implied or by opt-out or opt-in decisionsl2~.
For example, a Web site can store personal information on the user's
computer as cookies or as hidden fields in URLs and forms that are acces-
sible by that or other Web sites.
Not only can personal information be collected by all of the organiza-
tions and businesses that people interact with on the Internet, but it can
also be collected by the Internet service providers themselves. One such
example is that ISPs can and do record information on user actions (for
internal purposes or to comply with a court order). Such information
could include which DNS names are looked up by a particular customer,
which Web sites are visited by a customer at what times, and how much
information is transferred. Though the technical capability exists, ISPs
may or may not regularly gather such information. Considerations in-
clude the potential for alienating their customers and the performance
degradation that could result from extensive monitoring. Although it is
becoming more widely known that service providers can collect personal
information, many users are still unaware of this possibility and its impli-
cations.
Another privacy concern relates to Internet infrastructure databases.
Information can be captured from user e-mail addresses or directories
made public by Internet service providers. For example, records of do-
main name registrations and address allocations have traditionally been
available to the public to permit users in other domains to track down
problems and get assistance in resolving them. Now, however, these
databases are being captured and used for targeted marketing purposes,
which has led to calls for not making the data public. This echoes recent
litigation over whether the customer proprietary network information
(CPNI) collected by telephone companies, which includes the duration,
frequency, and location of calls, may be given or sold to telemarketers
without the explicit permission of customers.l3 Similarly, when govern-
ment information that is in principle public but in practice hard to ac-
12In recognition of both the positive and negative aspects of collecting personal informa-
tion, privacy experts distinguish between opt-in and opt-out approaches to managing the
use of personal information. The first requires that the individual specifically authorize the
use to which the information is put, while the second requires only that individuals have
the option to state that they do not wish the information to be used in a particular manner.
13In August 1999, the U.S. Tenth Circuit Court of Appeals issued a ruling vacating the
FCC's CPNI rules. (U S WEST, Inc. v. FCC, 10th Circuit No. 98-9518, filed August 18,1999),
holding that the FCC's CPNI rules "must fall under the First Amendment." The Tenth
Circuit Court's mandate has not yet been issued. According to the FCC, further litigation is
possible. (See FCC. 1999. Common Carrier Bureau's Homepage for the CNPI Proceeding.
Common Carrier Bureau, FCC, September 9. Available online at
IMPLICATIONS FOR BROAD PUBLIC POLICY
185
cess such as property tax or motor vehicle records is made readily
available over the Internet, this may be viewed as a violation of privacy.l4
"Online privacy" is generally understood to refer to information col-
lected via e-mail, chat applications, user interactions with Web sites, and
the like. The likely proliferation of networked appliances, sensors, and
other embedded systems, which was discussed in Chapter 2, introduces
new modes of information collection and new issues with respect to indi-
vidual privacy on the Internet. Networked embedded devices are ex-
pected to become a pervasive technology because of the powerful instru-
mentation that can be achieved by placing sophisticated but low-cost
sensor/actuators within physical environments.l5 Much as other net-
worked resources have been used in novel and unexpected ways, it is also
reasonable to foresee that networked devices will be used in ways that
surpass the original intended uses of the collected data. Some of these
will raise new privacy concerns and trigger debates similar to those sur-
rounding online privacy. The same technologies that allow tracking
people for legitimate purposes can also be used to monitor their activities
invasively. This sort of debate has already arisen in the context of the
recent Federal Communications Commission mandate that cellular tele-
phone operators provide the means to determine much more precisely
the position of callers when they place 911 (emergency) calls.
These concerns are sure to grow in importance and attention as these
devices are more and more widely deployed, as they almost surely will
be. As a starting point, it appears reasonable to apply the same basic
principles that have been applied to personal information to information
that is passively collected by networked devices. That is, individuals
should be informed that information about them is being collected and
for what purpose, and they should be given the opportunity to view that
information and make corrections. There are also issues of whether ex-
plicit consent must be obtained (both for initial use and any subsequent
uses). For consent to be meaningful and informed, it must be solicited in
a carefully stipulated manner, and the individual must be given recourse.
It is unclear, thus far, to what extent voluntary actions are addressing
these privacy concerns. The most visible indicator may be statements of
privacy policies verbal disclosures about what information is collected
and how it is used. On the positive side, a study by Mary Culnan of the
McDonough School of Business at Georgetown University found that
14A complementary situation where government seeks to capitalize on the broad reach of
the Internet is the posting of information about individuals who have violated certain laws.
15A separate report from CSTB on these technologies is anticipated in 2001.
186
THE INTERNET'S COMING OF AGE
nearly two-thirds (65.9 percent) of commercial Web sites that collect per-
sonal information post some sort of privacy disclosure.l6 However, the
same survey also indicates that only about 14 percent (and fewer than 10
percent of sites that collected personal information) provided privacy
disclosure statements that addressed all four basic privacy elements (i.e.,
awareness, choice, data security, and customer access; for definitions see
later in this chapter) and offered contact information to consumers with
questions about the firm's privacy policies. A contemporaneous Forrester
Research Briefl7 echoes this point, stating that "90 percent of sites fail to
comply with the basic four privacy principles," and regular assessments
by the Federal Trade Commission and privacy advocates raise questions
about the willingness and ability of organizations to undertake this com-
paratively simple measure.
Technical Approaches to Protecting Privacy
lust as Internet technology can accelerate and complicate the loss of
privacy on the Internet, it can also protect that same privacy. For in-
stance, as a countermeasure to the hidden gathering of information via
cookies, Web browsers now can be set to deny loading of this personal
information or to let users approve them on a case-by-case basis, and
other software tools are available to help users manage these cookies.
Web users are likely to find this a complex and tedious process, however,
and some sites may not function with cookies disabled. As a conse-
quence, new technologies are being developed to automate negotiations
over privacy between users and the Web sites they wish to reach and to
control the gathering of information based on these negotiations. All of
the privacy-enhancement mechanisms are controversial; each embodies a
particular set of features and trade-offs. Some have attracted many sup-
porters, but there is thus far no consensus on the best mechanism. This is
not surprising, because the technology is still evolving (through experi-
mentation), as are privacy policies and procedures and attitudes about
the mix of technical and nontechnical approaches.
One new technological approach is the Platform for Privacy Prefer-
ences (P3P), which is being developed by the World Wide Web Consor-
16Mary J. Culnan. 1999. Georgetown Internet Privacy Policy Survey: Report to the Federal
Trade Commission. Washington, D.C.: McDonough School of Business, Georgetown Univer-
sity, June. Available online at
IMPLICATIONS FOR BROAD PUBLIC POLICY
187
tium.~8 P3P helps the user screen information requests and gives the user
control over the delivery of requested information, including negotiation
of privacy terms between the user and the service provider. It operates as
a kind of digital analog to caller ID and caller ID blocking, whereby an
answering party wishes to know who is phoning but may be denied this
information if the calling party blocks the request. P3P increases the
explicitness with which privacy policies are expressed, allowing the user
and the service provider to specify the terms of use for each data item-
i.e., how and for what purpose the information will be used and with
whom it will be shared. P3P has the appeal of automation it can dimin-
ish the need for ongoing monitoring and intervention by Internet users-
but it requires significant setup effort. To specify privacy preferences
down to each data element, a user may have to set 100 or more param-
eters; alternatively, he or she can rely on a program that maps/infers
these parameters from a smaller set of higher level preferences (or through
learning user preferences by observing behavior). The system can also
simply work with default settings that can be overridden by the user.
Further complicating use of this technology is that user preferences may
change frequently, making it hard to track what was agreed to for each
data exchange. It is also an approach that requires multilateral actions-
the installation and use of appropriate software by both providers and
user. P3P has already been valuable for its contribution to the debate
about online policy. As a sophisticated technical mechanism, it shows
how the technology needs to be meshed with practice and procedure by
individuals and organizations and illuminates some of the trade-offs in-
volved in protecting on-line privacy.
Policy and Regulatory Approaches to Privacy Protection
The legal and regulatory environment surrounding privacy protec-
tion on the Internet remains quite mixed and uncertain. The United States
has generally dealt with privacy sector by sector, and policy has generally
favored industry self-regulation or other nongovernmental solutions such
as the technical approaches described above, although the government
has articulated the fair information practices described above. Many firms
participate in industry self-regulatory efforts, and many provide custom-
)8World Wide Web Consortium (W3C). 2000. The Platform for Privacy Preferences 1.0
(P3P1.0) Specification, W3C Working Draft 10 May 2000. Cambridge, Mass.: W3C. Avail-
able online at . See also Joseph Reagle and Lorrie Faith
Cranor. 1999. "The Platform for Privacy Preferences." Communications of the ACM 42~2~:
48-55.
206
THE INTERNET'S COMING OF AGE
complications associated with the different tax rates and rules. There are
different tax structures (e.g., national or state/regional) and different ap-
proaches to taxation (e.g., a sales tax versus a value-added taxed. Poten-
tially taxable transactions can cross even national borders without there
being any traceability other than that contained in transaction audit trails
on vendors' systems. Additionally, the Internet environment has been
conducive to creating new forms of value, both nonmonetary (e.g., online
barter exchanges) and monetary (new forms of currency such as flooz,
beenz, and RocketCash), that portend further strains on tax structures at
least until they become widespread and commonplace enough to be mon-
etized.
On the issue of taxing online transactions, governments have compet-
ing interests. Many state and local government leaders do not want to
lose sales tax revenue when purchases are made from companies without
nexus in that state, while other policy makers are interested in not retard-
ing the growth of commerce over the Internet. Another consideration is
that changing the current tax policy could affect the volume and distribu-
tion of commerce that is conducted over the Internet, which could in turn
affect the way in which the Internet is used.
There is a lot of ambiguity and uncertainty as to how a change in tax
policy would affect tax revenues or, directly, the growth of the Internet.
Work by Goolsbee49 gives empirical support to the idea that taxes (and
other price differences) will have significant effects on the purchasing
behavior of individuals living in a "world without borders." He projects
that the price impact of applying existing sales taxes to Internet commerce
might reduce the number of online buyers by up to 24 percent. To the
extent that e-commerce is an important driver of investment in Internet
infrastructure (and supports other Internet services via advertising), the
outcome would affect the Internet's future development and growth.
Forecasts of the volume of tax revenue at stake vary. The National
Governors Association has quoted forecasts that by 2002 there may be
more than $300 billion in commerce over the Web or through mail order
and concluded that this would result in up to $20 billion in lost tax rev-
enue,50 and similar numbers are often cited by advocates of Internet taxa-
tion. Goolsbee and Zittrain51 offer a different perspective. They observe
48In June 2000, for example, the EU considered imposing a broad VAT obligation.
49Austan Goolsbee. 2000. ''In a World Without Borders The Impact of Taxes on Internet
commerce. The Quarterly Journal of Economics 115~2~:561-576.
50Juliana Gruenwald. 1998. vote Bodes Ill for Internet Tax Agreement., Congressional
Quarterly This Week, August 3.
5lAustan Goolsbee and Jonathan zittrain. 1999. ''Evaluating the costs and Renews of
Taxing Internet commerce. National Tax Journal 52 <3~:413428. Available online at
IMPLICATIONS FOR BROAD PUBLIC POLICY
207
that the previously predicted amounts seem to include business-to-busi-
ness as well as business-to-commerce sales; that they ignore the possibil-
ity of trade creation; and that the calculations fail to account for the types
of products being sold. They find that for the next several years, there is
little tax revenue to be gained from enforcing taxes on Internet sales.
When confronted with the issue of how to collect sales taxes for trans-
actions conducted over the Internet, given that states and local munici-
palities are the ones that levy sales tax, Congress passed the Internet Tax
Freedom Act (ITFA), which put in place a 3-year moratorium on impos-
ing new taxes associated with Internet transactions and established a con-
gressional Advisory Commission on Electronic Commerce to study the
question of sales tax revenue.52 This action was motivated by not wanting
to do anything that could adversely impact the growth of commerce over
the Internet and by the ambiguity resulting from the inherently borderless
nature of the Internet. The ITFA, however, does not restrict the right of
states to apply sales and use taxes to online commerce (these are not, after
all, new taxes). Instead it primarily prevents states from applying new
taxes to Internet access. The commission completed its work in April 2000
without the mandated supermajority of the committee reaching consen-
sus. Resolution of the tensions between retaining a tax revenue base and
fostering e-commerce are likely to remain a contentious political issue for
some time.53
The difficulty of knowing the identity and location of parties to an e-
commerce transaction is exacerbated by several factors. As discussed in
an earlier section, the Internet enables a range of anonymous transactions,
making it difficult to ascertain the identity of a purchaser let alone his or
her location. The location capabilities that are offered by emerging wire-
less data services may prove an exception, although they would be en-
abled by mechanisms provided as part of the wireless service rather than
conventional Internet connectivity provided through the wireless link.
Also, digital systems acting on behalf of people or organizations, rather
than the people or organizations themselves, can be the actors responsible
for buying and distributing a product or service over the Internet. Of
course in some instances location could still be established based on the
delivery address. However, many goods are electronic (e.g., downloaded
software or music) and many services can be delivered via communica-
tions over the Internet, so these goods and services can be delivered to a
52Title XI of Public Law 105-277.
53Intel leader Andrew Grovels June 2000 statement supporting taxation of Internet-based
commerce indicates that the high-tech industry does not have a uniform position on these
issues.
208
THE INTERNET'S COMING OF AGE
computer attached to the Internet without any physical goods being de-
livered to a verifiable physical address. The recipient computer sits in a
physical location, but associating a physical location with that computer's
network address cannot be done with certainty in today's Internet. And
internationally, even if there were agreements to collect taxes, enforce-
ment of tax collection for physical goods shipped across national bound-
aries would depend on customs agencies to block shipments or collect
duty.
One suggested remedy is to build into the Internet's infrastructure
itself the ability to provide the location and/or identity of the parties to a
transaction. However, efforts to embed solutions to the taxation problem
at the network level would have far-reaching consequences for the
Internet, which currently has no concept of locality in a geographical or
geopolitical sense. As discussed in Chapter 1, a central design tenet of the
Internet is the placing of applications and intelligence in the end systems
rather than within the network. A solution to the taxation issue that
relied on building into the network mechanisms that provide knowledge
of the geographical location of a network element would violate this prin-
ciple, as it would require a new, intelligent capability within that network
that determines, and on request provides, the physical location of a de-
vice or some surrogate, which is not easy to do in any case. Such a
solution could also have adverse privacy implications. It would, in
contrast, be possible to build such knowledge into end systems or higher-
layer authentication infrastructures. It might, for example, be more pro-
ductive to try to derive location information from authenticated informa-
tion about a party to a transaction. Because Internet technology and
e-commerce technology are evolving so rapidly, it is clearly preferable for
solutions to avoid placing requirements on the Internet infrastructure
that are dependent on a specific e-commerce technology.
Given that the Internet generally ignores geography and makes it
difficult for vendors or third parties to assure identification of a pur-
chaser, there are significant difficulties associated with solutions that de-
pend on ascertaining the location of the purchaser. This suggests, first,
that if taxation policy relating to e-commerce must be changed, the
changes should be as unspecific to geopolitical region as possible and,
second, that today's sales tax system, which involves many thousands of
distinct jurisdictions, would need to be simplified. And, in order to re-
flect the Internet's architecture, including the dynamic nature of its rout-
ing, taxation schemes should be based on the end points only and not on
mechanisms embedded in intermediate points within the network.
There are a number of solutions that avoid these problems. Some tax
structures would not require a complex knowledge of geography to be
built into the technology. A flat e-commerce sales tax collected by the
IMPLICATIONS FOR BROAD PUBLIC POLICY
209
seller at the time of payment would not be locality-sensitive, would re-
quire no technology changes at the buyer's end, and would be easier for
the vendor to implement. The collection of taxes would be simpler if they
were added to each transaction at the point of sale, much as is done with
a cash transaction at the physical point of sale today. (Such a scheme
would also enable the appropriate tax to be collected even if the transac-
tion were conducted anonymously.) Another simplification would be to
separate the means of tax collection from the distribution and allocation
of tax revenues. The issue of which governmental bodies get some of the
tax collected and what portion of it they get could then be addressed
separately by the respective governmental bodies. It would be easier to
allocate revenue if such allocation did not depend on knowing the loca-
tion of the purchaser. Of course other simplifying schemes could be
devised that would not be such a radical departure from today's sales tax
system. These approaches would help reconcile the tensions between
those who want to preserve the tax revenue base for state and local gov-
ernments and those who want to foster the growth of e-commerce, but
striking a balance between these interests is likely to remain a contentious
political issue for some time.
UNIVERSAL SERVICE
Equity in access to and use of the Internet is a matter of values and
social policy. Such policy has been reflected in universal service for tele-
phony, with access provided to people across all income classes.54 Uni-
versal service programs fall into two general classes setting rates that
benefit particular classes of customers (e.g., residential or rural users)
who might otherwise face considerably higher rates and offering subsi-
dized lifeline rates to low-income subscribers to expand the number of
households with access to basic telephone service, thereby expanding
opportunities for economic, community, and political participation and
emergency (911) service.
Universal service has long been an element of U.S. telecommunica-
tions policy.55 Indeed, whether or not one agrees that universal service
54Universal service policies go beyond establishing uniform rates for service: they create
subsidized ''lifeline,, rates for basic service at prices low enough to permit the poorest
families to have access to the telephone network.
55sasic telephone service has long been regarded as a social good, universal access to
which required a deliberate policy effort to achieve. However, the history of universal
service policies can support a different interpretation. Milton Mueller argues that, given
todays rates, universal access would easily have been achieved even without subsidiza-
tion. see Milton Mueller. 1997. ''Universal service and the Telecommunications Act: Myth
Made Law,,, Communications of the ACM 40~3~:3948.
210
THE INTERNET'S COMING OF AGE
for networks is an appropriate objective of public policy, it is worm point-
ing out that extension of universal service policies to new communica-
tions networks has always enjoyed popular support. Historically, We
government intervened to establish universal service at uniform rates for
postal services as well as telephone service and to extend to remote areas
and impoverished areas We benefits of such infrastructure as electrifica-
tion and highway construction. Given the rapid pace at which Internet-
. . .. .. . . . . . . . . . .. .. . .
Dasecl applications and services are Demg Deployed In Dotn the private
and public sectors, social and political demands for expanded access to
Internet-based communications services, which are increasingly seen as
essential for commerce, education, employment, or political participa-
tion, can be expected to increase.56
There are several geography-related factors associated with Internet
access. These geographical considerations are, of course, closely linked to
economic factors. Places win less access will generally be Hose where
We remoteness, the lower density of potential customers, or the lower
ability (or willingness) of the population to pay make the provision of
service a higher-cost undertaking or a less attractive investment. There
are differences in We availability and price of dial-up access Mat depend
on (1) the number of carriers Mat have established local access points
(whereby dial-up access is via a local, typically flat-rate billed call) in a
given location and (2) the availability of dial-up Internet access service
providers. A recent study by Downes and Greenstein57 found ~at, as of
We spring of 1998, most of the U.s. population had access to competitive
dial-up Internet service. According to this research, more Man 90 percent
of the population lived in areas served by more than 10 ISPs, while fewer
than 1 percent lived in areas without any dial-up service.58
56Concerns about universal access to the Internet are not new. For example, in the fall of
1993, they were featured in an Administration policy statement (William Jefferson Clinton
and Albert Gore. 1993. The National Information Infrastructure: Agenda for Action. Washing-
ton, D.C., September 15. Available online at ~. The
state of access to Internet and related services has also been the subject of a series of Na-
tional Telecommunications and Information Administration (NTIA) reports from 1995 to
the present. (NTIA, Department of Commerce. 1995. Falling Through the Net: A Survey of
the "Have Nots" in Rural and Urban America. Washington, D.C.: NTIA, July. Available online
at .)
57Thomas A. Downes and Shane M. Greenstein. 1998. "Do Commercial ISPs Provide
Universal Access?" Competition, Regulation, and Convergence: Current Trends in Telecommu-
nications Policy Research. Sharon Gillet and Ingo Vogelsang, eds. Mahwah, N.J.: Lawrence
Erlbaum. Available online at
IMPLICATIONS FOR BROAD PUBLIC POLICY
211
High-speed (broadband) access is less widespread than lower-speed
dial-up service.59 Constraints include technical factors (e.g., DSL services
are limited to locations within a given distance from a local exchange,
with the exact distance depending on the variant of DSL technology em-
ployed, the bandwidth, and the condition of the phone lines); the extent
to which the necessary telecommunications infrastructure is present (e.g.,
cable modem service is limited to locations passed by cable service, which
is less prevalent in rural areas), and the pace at which investment is made
in service deployment, including the associated required infrastructure
improvements. With deployment of such services in its early stages, a
few communities have both DSL and cable service and many have no
high-speed services at all. Higher bandwidth services require investment
in upgraded facilities (e.g., deployment of DSL facilities in the telephone
local exchange or upgraded cable plants) and so are more likely to occur,
at least in the earlier phases of deployment, in wealthier communities,
where more customers are likely to purchase service as a result of an
upgrade. Whether physical access to high-speed services will begin to
approach the near-universal level seen for dial-up service as deployment
continues remains to be seen. It is the subject of political and regulatory
debate.
Access to a service does not mean that it will be used; this can be seen
in the history of telephone and television use. There have been a variety
of studies conducted by both government and market research firms to
monitor and describe patterns of Internet access and use. One such effort
culminated in a series of reports from the National Telecommunications
and Information Administration (NTIA). For example, a fuly 1999 NTIA
report based on U.S. Census Bureau data from December 19986° indicates
that, of the households able to access the Internet, the fraction that actu-
ally subscribe to an ISP is far from 100 percent 41.1 percent of U.S.
households owned computers and roughly 25 percent had Internet ser-
vice. Such studies point not only to the persistence of disparities but also
to their instability: whole groups can increase their use of the Internet
between studies, and the implications of the findings are hard to pin
down. A number of efforts have been made to understand the extent of
59sroadband last-mile technologies and local access are the concerns of a separate csTs
study, to be completed in 2001.
60Nationa1 Telecommunications and Information Administration tNTIAy, u.s. Depart-
ment of commerce. July 1999. Falling Through the Net: Defining the Digital Divide: A Report
on the Telecommunications and Information Technology Gap in America. Washington, D.C.:
NTIA. Available online at .
212
THE INTERNET'S COMING OF AGE
disparities in service, including those between high- and low-income
households and between urban and rural status and those based on edu-
cation or race. The situation is volatile, with a panoply of data showing
both persistent disparities as well as instances where disparities have
decreased over time.
To what extent is the fraction of the population that has Internet
access likely to broaden? Recent years have seen a drop in the cost of
computer equipment required to access the Internet; relatively inexpen-
sive PCs and a range of Internet access appliances have entered the mar-
ket. Also, various new businesses are offering free Internet access or even
free PCs along with Internet service in exchange for viewing advertising.
Complementing home-based access, kiosks operated by public institu-
tions and commercial enterprises make Internet access available in a num-
ber of public places. One motivation for the federal e-rate program that
provides subsidies to schools, libraries, and hospitals is to increase the
number of public access points. Free e-mail services allow people unable
to afford Internet service to maintain private e-mail accounts that are
accessible from public locations. However, the long-term viability of new
schemes and business models for providing Internet service remains to be
proven. Pricing schemes and bundling are in flux as new business mod-
els emerge. Declining costs and increasing utility may result in universal
or nearly universal access to the Internet without any government action,
but this outcome is neither certain nor guaranteed.
Universal service programs applied to Internet-based services raise a
number of social and political questions, including who should receive
universal service benefits, what value judgments underlie these choices,
whether funds should be obtained from service-specific sources or from
general funds, what constitutes universal service (e.g., which collection of
services, from personal/household access to access through public facili-
ties), and even whether universal service programs should be imple-
mented at all. In this section, the committee briefly reviews what is known
about Internet penetration in the United States and then addresses some
issues that would arise if one were to try to implement universal service
policies for the Internet. It does not take a position on whether universal
service programs should be extended to the Internet or on how they should
be funded and managed, because to do so adequately would require full
consideration of the costs and benefits over time, a complex matter well
beyond the scope of this report.
Universal service policies have, at their core, sought to ensure that
price or geographical location is not a barrier to use. These policies com-
bine two distinct elements universality of physical access and universal-
ity of financial access. In the case of the Internet, the cost is the sum of
several elements. First, there is the price of the Internet service itself.
IMPLICATIONS FOR BROAD PUBLIC POLICY
213
Second, there is the cost of access to the Internet (e.g., via cable modem,
DSL, or dial-up services), which is frequently bundled together with the
cost of Internet service or, in the case of dial-up access, already paid for as
part of local telephone service. Third, there is the cost of the associated
hardware (computer and modem or other connection device) and the
communications software (generally available at little or no cost or
bundled with a PC's operating system or with the Internet service). Fi-
nally, there are additional costs associated with the use of particular online
services, such as subscription fees for accessing particular content.
The traditional universal service obligation applied to telecommuni-
cations carriers was a bundle of obligations that users, service providers,
and regulators experienced as a single package. The characteristics of
universal telephone service such as expectations for quality and access
to callers within the local area, to interexchange carriers, and to operator
and emergency services were well defined and had been developed
over the course of many years. Internet services stand in marked contrast.
For the Internet user, service translates into a set of Internet applications
(e.g., Web browsing, listening to audio programming, video conferencing,
or banking online). What the user experiences as "service" depends on
the software running on both his and an application provider's computer
as well as the characteristics of the network links over which the commu-
nication passes. The notion of guaranteeing a particular service to a broad
class of potential subscribers needs to be revised, since service in the end-
to-end model is in the control of applications running on machines at the
edges of the network as well as the capacity and explicit quality of service
mechanisms offered by a network operator.61 In some cases these appli-
cations and services are offered as part of a bundle from the Internet
service provider, but in general they are provided separately. The desired
applications will vary from user to user, and the available mix will change
over time as new Internet applications emerge and old ones fall out of
favor (few, for example, make use of "gopher" today). Which services
and applications (e.g., e-mail, Web, chat, telephony, or streaming video)
61Moreover, even in the telephony model, no single service was adequate to provide
equivalent network access for all users. Users with disabilities, for example, were not well-
served under the traditional universal service schemes. Interface and access issues were
explored by the CSTB (Computer Science and Telecommunications Board (CSTB), National
Research Council. 1997. More Than Screen Deep: Toward Every-Citizen Interfaces to the
Nation's Information Infrastructure. Washington, D.C.: National Academy Press). Implement-
ing provisions of section 255 of the 1996 Telecommunications Act and section 251(a)~2) of
the Communications Act of 1934, the FCC issued rules on July 15, 1999, aimed increasing
access to such telecommunications hardware as telephones and to services such as call-
waiting and operator service.
214
THE INTERNET'S COMING OF AGE
should be included in a universal service package, and at what perfor-
mance level (e.g., speed of download) and quality level (e.g., reliability)?
The emergence of alternatives to dial-up access for residential Internet
access means there are more choices with respect to bandwidth and ser-
vice quality as well a range of service and price options. Also, the
Internet's default best-effort service quality allows no guarantees that
adequate capacity and quality will be provided to support particular ap-
plications. Approaches for providing explicit quality of service are emerg-
ing, but there is neither broad agreement on which approaches to use nor
widespread deployment, particularly for the home users who are the
target of universal service policies. Also, while some applications would
be provided by a customer's ISP directly, most require communications
across Internet provider boundaries. In the case of the Internet, termina-
tion would, at a minimum, mean that any Internet user could access any
other user. By virtue of the arrangements that interlink the Internet's
constituent networks, basic best-effort connectivity is provided to all net-
work users. However, especially in the case of residential customers,
there is generally no service level agreement nor are explicit quality-of-
service mechanisms supported. One concern expressed by consumer ac-
tivists is that people with subsidized or lowest-cost access might not re-
ceive service that supports explicit quality of service and might therefore
experience a significantly degraded Internet service or be unable to use
certain demanding applications.
Efforts have been made to define classes of Internet services. For
instance, several years ago the Cross-Industry Working Team project led
to the concept of "NII Class Profiles" for characterizing end-to-end per-
formance.62 Such classification schemes are intended, for example, to
simplify specification of the requirements of an application and the ability
of equipment and services to meet those requirements. While such a
classification might be useful to consumers for evaluating the technology
options available to them, its use to define fixed bundles of service in a
universal service policy would be too limiting. Because Internet technolo-
gies are immature and still in the early stages of deployment, it would be
premature to embody them in regulation.
Even the application that was the basic element of traditional univer-
sal service, voice telephony, presents difficulties from a universal service
standpoint when it is offered as an Internet service. As the discussion in
Chapter 4 indicates, there are many approaches to providing IP or Internet
telephony, complicating efforts to define a standard service. There are
62Cross-Industry Working Team (XIWT). 1997. Class Profiles for the Current and Emerging
NII. White paper. Reston, Va.: XIWT, Corporation for National Research Initiatives. Avail-
able online from .
IMPLICATIONS FOR BROAD PUBLIC POLICY
215
multiple tiers of service quality, some of which offer consumers a lower
price in exchange for reduced guarantees of service quality. Moreover,
the issue of guaranteed access to critical services such as 911 service,
which is an element of telephony universal service obligations, is an espe-
cially difficult one in an Internet context. While it can be anticipated that
future obligations will build on those associated with today's 911 service,
it is difficult to predict how expectations for critical services will evolve,
how they will be shaped by new Internet capabilities, or how they will be
implemented.
In telephony, universal service programs, whether aimed at address-
ing financial or geographical disadvantages, generally involve setting
rates and fees so as to achieve a particular objective, whether it is to
benefit particular subscribers, extend the telephone network, or increase
the total number of subscribers. A number of mechanisms can be em-
ployed, including cross-subsidies among service offerings (e.g., subsidiz-
ing local calling at the expense of long-distance calling), different rates for
different classes of users (e.g., lower rates for residential as opposed to
business users), the establishment of particular service obligations in
exchange for other regulatory relief, or, more recently, explicit fees.63
The Internet, by contrast, has a much richer assortment of service
providers, ranging from single-niche service providers to full, vertically
integrated service providers. Therefore, if it is decided that a universal
service program aimed at households is warranted, a range of options for
achieving this aim should be considered. The rapid change in Internet
services and service offerings would argue for a technology-neutral ap-
proach one that does not rely on mandates to service providers that
specific types of service be made available at regulated, possibly subsi-
dized rates. A recent example of this approach is the e-rate program,
which has used a fee levied on telephone service to establish a fund to
help schools, libraries, and hospitals to pay for Internet access. It is not
necessary to transfer resources through cross-subsidies among classes of
customer. Other options include subsidies funded by general tax revenue
and used by needy citizens to purchase services of their choosing (within
established guidelines) something more akin to food stamp programs.
63The committee has been careful to avoid labeling these mechanisms as cross-subsidies
as there are arguments refuting the idea. For example, there are data that suggest and a
number of state public utility commissions have accepted this viewpoint that residential
rates fully cover the costs of providing that service, which suggests that there is not a
transfer between business and residential customers. Also, since universal service pro-
grams have network extension as one goal, it can be argued that what might appear to be a
transfer of money is, in fact, the regulatory apparatus positioning subscribers to capture the
network externality. In other words, if new subscribers come on the network, then there
may or may not be a subsidy of the new user.
