Consider some of the means that the government could employ to achieve this end:

• Sites on the Net have the ability to condition access based on whether someone carries the proper credential. The government has the power to require sites to impose a condition that users carry the proper credentials. For example, the state could require that gambling sites check the age and residency of anyone trying to use the site. Many sites could be required to check the citizenship of potential users, or any number of other credentials. As more and more sites complied with this requirement, individuals would have a greater and greater incentive to carry the proper credentials. The more credentials they carried, the easier it would be to impose regulations on them.¹

• The government could give a $50 tax break to anyone who filed his or her income tax signed by a properly certified authority; it could certify these authorities based on whether they coded certificates in the way the government wanted, and whether they permitted the certificates to be used for purposes beyond the government’s limited use.

• The government could impose a 10 percent Internet sales tax and then exempt anyone who purchased goods with a certificate that authenticated their state of residence; the state would then be able to collect whatever local tax applied when it was informed of the purchase.²

• The government could charge users for government publications unless they gained access to the site with a properly authenticated certificate.

• As in other Western democracies, the government could mandate voting³ —and then establish Internet voting; voters would come to the virtual polls with a digital identity that certified them as registered.

All these alternatives would use the same strategy of indirect regulation that marked the original six examples. The state would regulate intermediate providers, enabling those providers to regulate users, who would find their access conditioned on providing credentials, which make it easier for the state to regulate. The state would be using the market to regulate individuals, and to make the Net itself more regulable.

We can extend this model of regulation to the regulation of code itself. The government could require Internet service providers (ISPs), for example, to employ software that facilitates traceability by conditioning access on the user’s providing some minimal level of identification. Call this a “traceability regulation.” Many ISPs would resist it, but the government could then require that major commercial institutions (including credit institutions) be prohibited from dealing with any ISP not certified to be in compliance with the traceability regulation. Some major institutions, in turn, might resist this requirement, but not many. For major institutions in a competitive market, the threat of governmental prosecution far outweighs any incentive to violate the law. These two steps would create a great incentive for local ISPs to facilitate traceability.

Such a rule, of course, raises serious constitutional questions. I consider some of them in the chapters that follow. My aim here is simply to sketch the techniques that could enable an effective ID requirement in cyberspace. The point is that within an integrated commercial and noncommercial network the government’s power over commercial entities leverages into a power over noncommercial entities. Bringing commerce to the Net was the first, essential, and perhaps sufficient step in making the Net regulable. More active intervention by the government will make it even more so.

So far, however, governments have not been good at encouraging an architecture of identification. Not only have they been slow, but through clumsy legislation they have inhibited its growth.⁴ In my view, however, these errors are short-term. We cannot count on the government making errors forever, especially when so much hangs on the construction of an effective PKI architecture.

Footnotes

¹ Notice that this would be an effective end-run around the protections that the Court recognized in Reno v American Civil Liberties Union, 117 SCt 2329 (1997). There are many “activities” on the Net that Congress could easily regulate (such as gambling). Regulation of these activities could require IDs before access to these activities would be permitted. To the extent that such regulation increases the incidence of IDs on the Net, other speech-related access conditions would become easier to justify. Edit Delete

² Arthur Cordell and T. Ran Ide have proposed the consideration of a bit tax; see Arthur J. Cordell et al., The New Wealth of Nations: Taxing Cyberspace (Toronto: Between the Lines, 1997). Their arguments are compelling from the perspective of social justice and economics, but what they do not account for is the architecture that such a taxing system would require. A Net architected to meter a bit tax could be architected to meter just about anything. Edit Delete

³ Countries with such a requirement include Argentina, Australia, Belgium, Greece, Italy, and Switzerland; see Richard L. Hasen, “Law, Economics, and Norms: Voting Without Law?” University of Pennsylvania Law Review 144 (1996): 2135. Edit Delete

⁴ See Baker and Hurst, The Limits of Trust, 255–73. Edit Delete