Lessons Learned Too Well: The Evolution of Internet Regulation (1)

A week ago I gave a public address as part of my installation as the Laurie Silvers and Mitchell Rubenstein Endowed Distinguished Professorship, a rotating chair I’ll hold for a three year period.  Here’s part one of the prepared text, with the next three parts to follow daily. I plan to write a fuller version, with lots of footnotes, over the summer.

Laurie Silvers & Mitchell Rubenstein, the generous benefactors of this rotating chair, were instrumental in the creation of the SciFi network, but left it before it changed its spelling and got into wrestling matches and strange animal combinations like – I am not making this up – the Sharktopus.  Because of this SCI-FI connection, my friends have been asking me what sort of chair this is, and they seem awfully disappointed when I tell them that while it is a rotating chair, it isn’t a captain’s chair located in the center of a starship’s bridge, and doesn’t come with little panels you can manipulate to make exciting things happen.

But this virtual chair does come with an opportunity to talk to you about the evolution of internet regulation, and for that I would like to thank Laurie Silvers & Mitchell Rubenstein, and all of you for coming this afternoon.


Let me start by taking you back to the early 1990s, which by lucky coincidence is when I started writing about the law of the Internet. Before I do that, however, I should perhaps begin by explaining how it was that although I was hired by the University of Miami on the assumption, which I shared, that I would write about Administrative law and Constitutional Law, I instead turned into a law cyber-geek.

When I started at UM, it was possible to get an internet account, if you asked the people who ran the VAX over in the Unger building and then logged in via a modem. I got myself an account, and started playing with the Internet long into the night. One day – well, it was almost daybreak anyway – my wife, Caroline Bradley, came into my study and asked if I’d been up all night on the computer again. When I said that I had, she said the words that changed my career: “Either stop playing with it or start writing about it.” Fortunately for once I had the sense to listen.

The Morris worm of November 1988 had already foreshadowed the Internet’s coming loss of innocence, but it is interesting to note that the ordinary legal system found a way to deal with the MIT student who accidentally unleashed the first widely-deployed Internet pest. Robert T. Morris was convicted of violating the computer Fraud and Abuse Act, and sentenced to three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision. No new law was needed.

In 1992, when I arrived at UM, the Internet was already past its toddler years, and on the cusp of a precocious adolescence. Most of us used DOS, or Windows 3.1, or the Apple MacIntosh on the machines we used to get online. Most interactions were still text based; graphics tended to be attachments, files to download, or maybe ASCII art. The search for serious reference material sometimes required recourse to gopher space. There were many walled gardens like AOL. The first web server apparently dates to August 1991, the first web-based photo (an image of the European Organization for Nuclear Research (CERN) house band Les Horribles Cernettes) is said to date to 1992, but most of us who were online then primarily used email, mailing lists, or USENET or maybe a text-based web browser like Lynx. Some of the cooler folks – not me – were exploring text-based online virtual reality systems like MUDs (multiple user dungeons), or early social sites like the WELL.

Users of the internet tended to be academics, engineers, hobbyists and hackers. And I mean “hackers” in the nicest possible sense of the term “hackers” – they were people who played with tools, not people who broke things or even, in the main, broke into things.

If you wanted to learn how to get into this world, you bought (not downloaded) a book: The Whole Internet User’s Guide and Catalog (1992). In the ’90s a million people bought that book.

In 1990 there was basically no targeted Internet law as such, although there was of course a lot of law that could apply to people who used the Internet, just as it applies to people who use any other tool. Most Internet connections between computers ran over telephone lines, with the last mile connection starting with a modem or perhaps a very local area network. The Bell System’s monopoly on what could be connected to telephones had been broken, so the heavy hand of its contracts was as absent as the FCC. There was, however, a great deal of critical self-regulation not just at the protocol level in the form of the RFC’s issued by the Internet Engineering Task Force, the IETF, but also in the management of common user forums like USENET.

This extensive and generally effective self-regulation dovetailed with, and indeed fed, an ethos of empowerment and, at least in the minds of its adherents, optimism. (It would later feed into the anti-regulatory idea that the Internet should be treated as a legally autonomous area, but that never caught on, nor did it deserve to.)

The packet-switching that underlies the Internet famously decentralizes communication and makes censorship difficult. Thus the first part of the optimists’ credo, now almost a cliché, the ‘net treats censorship as damage and routes around it. Even worse from the censor’s point of view, strong cryptography was now available to the masses for the price of a download — that is, zero unless you had to pay for your phone connection.

Packet-switching + strong crypto seemed to herald total communicative freedom. And to the libertarian-leaning types (whether or not they styled themselves cypherpunks) who were greatly over-represented in the early online community, that sounded really good. Among the things this new freedom promised were decentralization, lower transaction costs, the empowerment of the periphery over center. Thus the optimistic enthusiasts predicted a number of goodies many of which did come to pass:

  • The replacement of the one-to-many model by a many-to-many model
  • A globalized, decentralized, subsidiarity-loving, empowered, mass culture, in which news and information flows would move chaotically around the network rather than down the narrow channels of mass media and centralized opinion formation.
  • New online communities, allowing widely scattered groups to coalesce ranging from the ‘World union of concerned butterfly fanciers’, to global diasporic communities
  • Enhancement of democracy via better citizen information, better communication with government, and especially via better organization of citizens groups and NGOs
  • Anti-censorship software, proxies, and the use of anonymizing browsers or cryptographically enhanced ‘tunneling’ software would mean that no government would be able to prevent information from entering. Thus, the catchphrase ‘information wants to be free‘. (To which the copyright owners would soon respond, ‘No, information wants to be paid for.‘)
  • Regulatory arbitrage: to the extent that things of value could be digitized (information, some services, stocks, and soon – it was confidently believed – currency), they could be traded an moved across borders to the regime with the most attractive regulatory climate. Thus the other catchphrase, Local laws are just speed bumps on the information superhighway.

For those who saw much more good than bad in these visions, these were heady days. We were going to change the world — make it freer, more efficient, more just and democratic.

Indeed, in the ’90s there were literally people – well at least one person, Patrick Ball of the AAAS – traveling around the world to teach democratic political movements in repressive societies how to use cryptography and the Internet to protect their organizing and communications. In the highest risk cases, the activists would not only be trained how to encrypt their records, but also how to store them in encrypted databases located abroad. Indeed, the people who put information into the databases did not have the codes to get it out again; thus membership lists were safe even from so-called ‘rubber hose cryptoanalysis’.

But not everyone saw the effects of this new technology as benign: some saw the prophesied erosion of state power as an invitation to anarchy, or as opening the door to the very evils that the state power was being deployed to prevent. And even some who might have weighed the overall balance as positive saw it as their duty to enforce the national rules that cyber-enthusiasts were happily undermining.

It was in the mid-1990s that the Internet really began to change as a result of multiple stresses. There was a flood of new users, and of new types of users, people for whom the internet was a tool, not a dissertation or a toy, and who due to their large numbers and disparate backgrounds and goals were not as easily socialized into the informal norms that had tended to keep things orderly. As the number of users grew, so too did the visible potential, and then the dollar value, of e-commerce. And a number of more proactive governments began to get excited about existing and imagined capabilities of this growing tide of Internet users.


This entry was posted in Law: Internet Law, Talks & Conferences. Bookmark the permalink.

One Response to Lessons Learned Too Well: The Evolution of Internet Regulation (1)

  1. mkhall says:

    It’s always great to read about the experiences of someone who’s been on-line as long as I have, and as one of my first obsessions was the concept of law on the digital frontier — I blame Kibo and Mark Frauenfelder and Mondo 2000 and EFF — I eagerly anticipate the rest of this series.

    It seems as though The September That Never Ended was just yesterday.

Comments are closed.