We are at the dawn of the Internet of Things—a world full of smart devices equipped with sensors, all hooked up to a digital universe that will become as omnipresent as the air we breathe. Imagine every appliance in your home, every machine in your office, and every device in your car constantly communicating with a network and offering you a fully customizable, personalized experience. Besides neato gadgets and productivity gains, this hyper-connected future will also mean a new wave of policy wars, as politicians panic over privacy, security, intellectual property, occupational disruptions, technical standards, and more.
Behind these battles will be a grander clash of visions over the future course of technology. The initial boom of digital entrepreneurship was powered by largely unfettered experiments with new technologies and business models. Will we preserve and extend this ethos going forward? Or will technological reactionaries pre-emptively eliminate every hypothetical risk posed by the next generation of Internet-enabled things, perhaps regulating them out of existence before they even come to be?
The first generation of Internet policy punditry was dominated by voices declaring that the world of bits was, or at least should be, a unique space with a different set of rules than the world of atoms. Digital visionary John Perry Barlow set the tone with his famous 1996 essay, "A Declaration of the Independence of Cyberspace," which argued not just that governments should leave the Internet unregulated but that Internet regulation was not really feasible in the first place.
Barlow's vision thus embodied both Internet exceptionalism and technological determinism. Internet exceptionalism is the notion that the Net is a special medium that shouldn't be treated like earlier media and communications platforms, such as broadcasting or telephony. Technological determinism is the belief that technology drives history, and (in the extreme version) that it almost has an unstoppable will of its own.
First-generation exceptionalists and determinists included Nicholas Negroponte, the former director of the MIT Media Lab, and George Gilder, a technology journalist and historian. "Like a force of nature, the digital age cannot be denied or stopped," Negroponte insisted in his 1995 polemic, Being Digital. But Barlow's declaration represented the high-water mark of the early exceptionalist era. "Governments of the Industrial World," he declared, "are not welcome among us [and] have no sovereignty where we gather." The "global social space we are building," he added, is "naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear."
It turned out we had reasons to fear after all. If the first era of Internet policy signified A New Hope, the second generation—beginning about the time the dot-com bubble burst in 2000—could be called The Empire Strikes Back. From taxes to surveillance to network regulation, governments gradually learned that by applying enough pressure in just the right places, citizens and organizations will submit.
A second generation of Internet scholars cheered on these developments. The scholar-activists at Harvard's Berkman Center for Internet and Society, such as Lawrence Lessig, Jonathan Zittrain, and Tim Wu, joined with a growing assortment of policy activists with tangential pet peeves they wanted governments to address. Together they revolted against the earlier ethos and called for stronger powers for governments to direct social and commercial activities online.
In the new narrative, the real threat to our freedom was not public law but private code. "Left to itself," Lessig famously predicted, "cyberspace will become a perfect tool of control." Thus, government controls were called for. Later, Wu would advocate a forcible disintegration of the information economy via a "separations principle" that would segregate information providers into three buckets—creators, distributors, and hardware makers—and force them to stay put. All in the name of keeping us safe from "information monopolies."
Spurred on by this crowd, governments across the globe are clamoring for even greater control over people in cyberspace. But the second generation's narrative has proved overly simplistic in two ways.
First, the exceptionalists and techno-determinists were partially right—the Internet, while not being unregulatable per se, really has proven more resistant to government control than analog-era communications systems. The combination of highly decentralized networks, a global scale, empowered end-users, and the unprecedented volume of information created in the process has created formidable enforcement challenges for would-be censors and economic regulators.
With each passing year, the gap between "Internet time" and "government time" is widening. As the technology analyst Larry Downes argued in his 2009 book The Laws of Disruption, information-age "technology changes exponentially, but social, economic, and legal systems change incrementally." His examples ranged from copyright law, where bottling up published works is growing harder, to online privacy, where personal information is flowing faster than the ability of the law to control it.
This leads to the second way in which the Empire Strikes Back narrative falls short. As the Internet changes the way people connect with one another, governments have had to change the way they try to impose their wills on the rest of us. The old command-and-control models just don't work on highly distributed and decentralized networks.
Consider regulation of speech. Outright censorship has proven extremely difficult to enforce, and not just in the United States, where we have a First Amendment keeping the police at bay. Although some atavistic regimes still try to clamp down on content and communications, most attempt to shape behavior by encouraging firms and organizations to adopt recommended codes of conduct for online speech, often in the name of protecting children.
A similar phenomenon is at play for data privacy and cybersecurity policy. While some comprehensive regulatory frameworks have been floated, the conversations are shifting toward alternative methods of encouraging compliance. Many governments are choosing the softer road of encouraging codes of conduct and "best practices."
Economic regulations have evolved, too. Price and entry controls are almost never suggested as a first-order solution to concerns over market concentration. Instead of hard-nosed, top-down diktats, governments are increasingly using "nudges," convening "multistakeholder" meetings and workshops, and deploying what Tim Wu calls "agency threats." The Obama administration's Commerce Department and Federal Trade Commission (FTC) have already used this approach in their attempts to influence "big data" collection, biometrics, online advertising, mobile app development, and other emerging sectors and technologies.
Think of it as a "soft power" approach to tech policy: Policy makers dangle a regulatory Sword of Damocles over the heads of Internet innovators and subtly threaten them with vague penalties—or at least a lot of bad press—if they don't fall into line. The sword doesn't always have to fall to be effective; the fact that it's hanging there is enough to intimidate many firms into doing what regulators want. It's similar to the approach that the Food and Drug Administration has employed for decades with many food or medical device manufacturers: constantly harping on them about how to better develop their products, often without ever implementing formal regulations clarifying exactly how to do so.