These protections are built into the systems through code. But code can also be used to circumvent such protections. (Remember the copy protection systems for software common in the early 1980s, and the cracking software used to defeat them.) Using circumvention software, then, users could defeat the protection that code creates.

Congress responded to this threat.¹ In the 1998 Digital Millennium Copyright Act, Congress made it a felony to write and sell software that circumvents copyright management schemes.² In the judgment of Congress, regulating users alone would be difficult but regulating the code that users use would not be as difficult.

Certification and Regulability

All six of these examples describe a behavior that the government wants to regulate, but which it cannot (easily) regulate directly. So government regulates behavior indirectly by regulating architectures, which in turn influence or constrain behavior differently. This indirect regulation, at times quite effective, suggests a way of thinking about the example that started us down this road—certification.

At the start of this chapter we asked: What steps could government take, not to regulate a particular behavior, but to increase the regulability of behavior in cyberspace generally? My claim was that this goal could be achieved by increasing the capacity of sites on the Net to identify whom they are dealing with—to know either who the user is or what credentials, or features, he or she possesses.

Regulability then depends in part on identification—not perfect identification (the police do not need to know my name to tell me to slow my car down), but enough for the government to know what regulations the user is subject to, and when he has violated them.

How can the government facilitate this identification—assuming, of course, that commerce has not by itself created a sufficient demand for credentials?

It seems clear from the six examples above that the best target of such regulation will not be the individual. If the government required all individuals to carry a digital ID, there would no doubt be a revolution. Americans are antsy enough about a national identity card.³ They are not likely to be interested in an Internet identity card.

But it does not follow that government cannot create incentives for people to adopt identification technologies, even without directly mandating them. There is no requirement that all citizens have a driver’s license, but you would find it very hard to get around without one, even if you do not drive. The government does not require that you keep state-issued identification on your person, but if you want to fly to another city, you must show at least one form of such identification. The lesson is simple: make the incentive to carry ID so strong that no government requirement is necessary.

In the same way, the government could create incentives to enable digital IDs, not by regulating individuals directly but by regulating intermediaries. Intermediaries are fewer, their interests are usually commercial, and they are ordinarily pliant targets of regulation.

Footnotes

¹ The idea was suggested in the Clinton administration’s 1995 White Paper; see Pamela Samuelson, “Regulation of Technologies to Protect Copyrighted Works,” Communications of the ACM [Association for Computing Machinery] 39 (1996): 17. Edit Delete

² Digital Millennium Copyright Act, Public Law 105–304, 112 Stat 2860 (1998). Edit Delete

³ Former Attorney General Richard Thornburgh, for example, has called a national ID card “an infringement on rights of Americans”; see Ann Devroy, “Thornburgh Rules Out Two Gun Control Options; Attorney General Objects to Registration Card for Gun Owners, National Identification Card,” Washington Post, June 29, 1989, A41. The Immigration Reform and Control Act of 1986 (Public Law 99–603, 100 Stat 3359 [1986], 8 USC 1324a[c] [1988]) eschews it: “Nothing in this section shall be construed to authorize directly or indirectly, the issuance or use of national identification cards or the establishment of national identification cards.” Given the power of the network to link data, however, this seems to me an empty protection. Edit Delete