The Tech - Online EditionMIT's oldest and largest
newspaper & the first
newspaper published
on the web
Boston Weather: 72.0°F | Mostly Cloudy

Legislators Should Be Careful when Regulating Internet

The letter written by Shamsul A. Sopiee '97 ["United States Needs Internet Regulations," May 27] raises an important issue regarding Internet, but only skims its surface. The solution offered is little more than a meaningless blank statement. However, the topic is one which should be explored further.

Internet has traditionally been the domain of academia. As such, it was self-regulated. And such self-regulation worked. However, it has become increasingly accessible to others during the past decade, and with such commercial online services as Delphi and America Online offering connections to Internet, the door has been opened for further accessibility. Businesses, too, are using Internet to greater degrees. The global impact of Internet, allowing persons around the world to communicate instantaneously, is enormous. The question is whether self-regulation can continue to effectively govern the rapidly-expanding Internet.

Self-regulation continues to work. When rules are transgressed, the offender is ostracized from Internet. Case in point: a few months ago, a lawyer decided to use Internet to advertise his company's services in helping aliens in the annual green card lottery. He proceeded to post the announcement in every Usenet newsgroup he had access to. The response to this commercial use of Internet was overwhelmingly unfavorable. The system administrator of the site the lawyer was using was flooded with messages urging him to cut the lawyer's access, which he readily did. Self-regulation works.

The issue now is not whether Internet should be regulated. It is clear that regulation is antithetical to the research and Internet traditions. The issue, rather, is whether government should introduce legislation governing crimes that occur through Internet and what the philosophy of such legislation should be.

The problem of legislation is much deeper than the problem of teenagers pulling pornography from the Internet. Sopiee touches briefly upon some of the problems involved with Internet, namely the problems of crackers, privacy, and authentication. A full discussion of each of these issues takes far more space than I have now.

Let us focus specifically upon the case that hits closest to home: the David A. LaMacchia '95 case. Countless letters have been written to newspapers concerning the case and many have probably already passed judgment on LaMacchia, as "un-American" as that may be. The LaMacchia case is a useful base for this discussion since it demonstrates the inadequacy of existing legislation to handle the intricacies involved with cases involving Internet.

Since regional boundaries are blurred when dealing with Internet, it is never clear whether such a case should be prosecuted at the state, federal, or international level. When information travels through Internet, it may pass through state boundaries via wire, air, or even through satellites orbiting the Earth, even when its destination is a computer down the street. Information does not discriminate by physical proximity; neither should the law in such cases. It is inappropriate to call the LaMacchia case an international conspiracy.

Mail is often an issue in such cases, as it was in the Steve Jackson case, where a bulletin board was seized and investigators read the electronic mail exchanged between users on the system. In that case, Jackson won damages under the Electronic Communications Privacy Act because of the seizure of the mail. However, the judge did not rule for Jackson on the complaint that the agents had "intercepted" the mail when they read it. It is difficult for legislators and judges to make the mental leap to understand the analogy between electronic mail and physical mail. Most people have the same expectation of privacy when they write electronic mail to others as they do when they send a letter to a friend through the U.S. Postal Service. Both pieces of mail should be protected under the same laws.

Evidence in computer crimes is easily falsified. The techniques for falsifying electronic mail are well known and easily utilized. It is trivial for an individual to frame another through faked mail. There is very little one can do to trace the origins of a file that is found on a system. Authentication is a continuing problem on Internet. Evidence found on a computer system should never be taken at face value. The analogy between reality and cyberspace must not extend into this realm. A simple plain-text signature is simply not enough to prove authorship of a letter any more than a written name is enough to show who wrote a note; otherwise, we would have no need for signatures and handwriting analysis.

In the LaMacchia case, a piece of mail allegedly written by LaMacchia is a key part of the prosecution's evidence. But is a simple plain-text signature at the end of the file enough to prove authorship? Let us hope it does not. Digital signatures are slowly coming into use. The universal adoption of such authentication tools is years in the future.

Many people have dismissed the LaMacchia case as just another pirate bulletin board system that was "busted." However, this case does have some very serious implications for the whole of Internet. Is the operator of a bulletin board responsible for all the traffic which is going through it? Even if the operator knows what is going through the board, does he have a responsibility to put an end to it? To expect an operator to know everything that is going through a bulletin board is ridiculous. To many, it's just a hobby that they spend an hour working on every night. These people have no desire to wade through the endless sea of networked newsgroups and conferences. Such a task would be a full-time job.

To make LaMacchia responsible is to make MIT responsible for what goes on in every Usenet newsgroup. Let us assume for the moment that LaMacchia knew fully well that people were exchanging copyrighted software through his board. Note that his board was only the means of exchange. To my knowledge, there is no solid proof that LaMacchia took any personal part in the exchange. The bulletin-board operator is like a newspaper editor. The editor knows that some advertisements for escort services are just fronts for prostitution rings, yet he doesn't have to reject these ads. To make LaMacchia responsible for what others did on his bulletin board is to make the editor responsible for printing the ad.

Fundamentally, legislators must understand where the analogies between real-space and cyberspace are and are not appropriate. This requires getting the lawmakers connected to Internet so they understand what their laws will be doing. The solution is NOT regulation of Internet per se, but rather the passage of laws that recognize the electronic medium as a legitimate means of communication.

Victor Y. Tsou '97