Brian L. Glassberg

I. Introduction

The Internet promises to be one of the most influential developments for society as the twenty-first century approaches. It provides instantaneous access to a wealth of information unparalleled in human history. Net users can consult sources down the street or from the farthest reaches of the globe. The rapid growth of the Net in the last decade only reinforces this idea. However, the Internet also presents unique challenges to national sovereignty, raising questions whether governments and their legal systems will be able to effectively apply regulation to sectors of society which they have traditionally regulated.

As the Internet becomes more ubiquitous and essential to American life, business, and education, increasing attention has focused upon the negative effects that accrue with the benefits of a networked society. Obviously, the Communications Decency Act and the resulting dispute over attempts to regulate access to pornography on the Internet have drawn the most scrutiny. ¹ Some other areas that have raised concern are harmful speech, infringement of intellectual property rights, privacy, and Internet gambling. Certainly, these are not the only problems that will challenge governmental ability to regulate society. However, they are especially important, since the ability or inability of nations to exercise their control over these traditional areas of regulation may determine whether they will be able to confront other problems in the future.

This paper will attempt to show how a government, in this case the United States, can make inroads in applying federal law to the Internet. I do not wish to address the moral and political issues associated with a prohibition on Internet gambling; ² rather, I only hope to illustrate how the government could effectively prohibit Internet gambling by integrating technology within legislative and legal mechanisms. By embracing technology as a supplement to traditional enforcement means, a government may successfully implement their regulatory goals in hopes of structuring the Internet in their vision. Part II of this paper will discuss what problem the Internet poses for the regulation of Net gambling and why traditional means of enforcement are inadequate. Part III will illustrate an alternative vision of Internet regulation through the use of "code." Parts IV, V and VI will attempt to identify different technological tools that are currently available and hypothesize how the federal government could use them to enforce their anticipated ban on Internet gambling. ³

II.The Problem: Feel Like Gambling? Take the Virtual Superhighway to the Casino of Your Choice From the Comfort of Your Own Home!

A. Background of the Internet

"The Internet is a network of networks." ⁴ It grew out of a military program founded in 1968 called "ARPANET." ⁵ The goal was to create a distributed network of computers which would still be able to communicate if a portion of the network was destroyed in a nuclear attack. ⁶ The distinguishing feature of a distributed network is that there is no central point of control. Rather, each network of computers is interconnected to the Internet (a "super-network" or "network of networks," if you will), which can be accessed from any other point on the Internet. ⁷

These separate networks can communicate easily despite their different types and uses without the need for internal changes, because of the development of TCP/IP. ⁸ This protocol was adopted as a universal standard in 1983, allowing disparate networks to communicate within this structure by providing a common standard for the addressing and routing of data between them. ⁹ Thus, a global structure for addressing allows for networks to interact without knowledge of their geographical location. ¹⁰ Each computer on the Internet is assigned an IP (Internet Protocol) address. ¹¹ A domain name address, such as "law.harvard.edu," is the mnemonic equivalent of the numeric IP address, making IP addressing more user-friendly. ¹² Domain names are registered with a domain name registry, such as Network Solutions, Inc. ("NSI"), where they are matched to an IP address. ¹³ Thus, if a user wanted to reach the Internet site for Harvard Law School, they would simply type "http://www.law.harvard.edu" into their browser.

A final important feature of the Internet is the use of packet-switching. ¹⁴ This technique splits data into small "packets" as they are transmitted. ¹⁵ Each packet is given the final address of its destination, but the packets do not necessarily follow the same route. Rather, packets are sent from router to router, with each router calculating the best path for that packet to reach its destination at that particular moment. ¹⁶ This allows for the efficient transmission of data around points where the network is down or heavily congested.

The critical development in the Internet was the creation of an advanced Web browser in 1993, which could read HTML and display images as well as text, creating an appealing feature that drew more users to the Internet. ¹⁷ This has resulted in the widespread usage of the Internet by the general populace, changing it from a primarily scientific network to a global commercial enterprise. ¹⁸ The Internet has grown from four initial host computers to more than thirty million. In the United States, it has been recently estimated that there are more than sixty-four million Internet users. ¹⁹ Certainly, these figures will continue to grow as the Internet moves into the next century.

B. Internet Gambling

One application on the Internet has been the emergence of gambling through cyberspace. Online gambling appears to have first emerged in 1995, but has only recently burgeoned into a large industry. ²⁰ As late as January 1997, there were only an estimated fifteen gambling web sites. ²¹ However, current estimates show that Internet gambling sites have blossomed, with somewhere between 140 and 200 sites now available. ²² The Justice Department has estimated that $600 million is spent at online gambling sites and projections reach $10 billion by the year 2000. ²³

Gambling sites on the Internet vary in content and source. ²⁴ One can gamble on sporting events ²⁵ ("sports books"), casino games ²⁶ (e.g., blackjack, poker, etc.), and lotteries. ²⁷ Indeed, one site will even accept bets on whether President Clinton will be impeached! ²⁸ Most of these businesses are controlled and operated offshore, outside of the United States. Many Caribbean nations allow gambling operations legally. For example, a license in Antigua is subject to a background check and a license fee of $100,000 for casinos and $75,000 for sports books. ²⁹ Another sports book is licensed by the Austrian government. ³⁰ The government of Liechtenstein runs a lottery site directly and claims to donate up to 25% to charities, such as the International Red Cross. ³¹

Typically, a user desiring to participate on one of these sites accesses the appropriate web page by clicking on a hypertext link to the site on another page (such as a search engine or a gambling directory) or by typing the name of the URL (Uniform Resource Locator) into their web browser, much as one would to contact Harvard Law School or CNN on the Internet. Once at the site, the user must establish an account with the site owner. This is performed by entering personal information and possibly downloading software to participate, if necessary. Online gambling sites usually require a deposit, either through a credit card, electronic cash, wire transfer, or by physically mailing a payment. This money may be kept on deposit with the site owner or the site may require that the user establish an account at a bank of the site owner’s choice. Once registration is complete, a user may begin participating in the games at that location. Losses are debited and winnings are credited to the user’s established account. ³²

The relative ease of Internet gambling has raised a great amount of concern on behalf of state and federal governments. No longer do individuals have to rely upon state sanctioned gaming, such as a State lottery or horse track. Instead, with the click of a mouse button, users can wager any amount of money from the comfort of their own homes.

C. Gambling Law

The Internet has been coined the "Information Superhighway" and has been likened to a "virtual post office," where users can receive information almost immediately instead of waiting for delivery through traditional physical means (if that is even possible). However, for the topic of Internet Gambling, I would like to restrict these descriptions to that of a "Virtual Superhighway." The difference is subtle, but important. Unlike much of the activity on the Net where there are freedom of speech interests, gaming is conduct. ³³ There are very few conceivable expressive elements in playing blackjack online, besides those of an owner who seeks to express himself through some type of civil disobedience. The Internet differs with respect to gambling in the sense that here it is not a conduit through which information is flowing. Rather, it is simply the infrastructure which is "virtually transporting" the casino to individual user’s homes or vice versa.

Under United States law, there is no general right to gamble or to be a patron of a gambling establishment. ³⁴ Indeed, "[gambling] implicates no constitutionally protected right; rather it falls into a category of ‘vice’ that could be, and frequently has been, banned altogether." ³⁵ Despite this power to prohibit, gambling has survived and been allowed to exist in varying degrees throughout the history of the United States. ³⁶

States typically regulate the gambling industry within their borders. Currently, forty-eight states allow some type of gaming to exist. ³⁷ Some states have tried to regulate Internet gambling by prosecuting sites that have allowed their residents to gamble online, when such conduct would not be permitted within their borders with traditional gaming or wagering. ³⁸ Minnesota Attorney General Hubert Humphrey III has posted notice that Internet gambling within the state is illegal and included his intention to pursue violators. ³⁹ Although states traditionally regulate gambling, this paper will focus upon federal regulation of gambling on the Internet because of the unique international and jurisdictional aspects of Net gaming. ⁴⁰

Federal authority to regulate gambling is based upon its Commerce power under the Constitution. ⁴¹ Federal statutes generally allow states to decide what forms of gambling will be available within their borders, but restrict gambling that reaches Interstate Commerce. ⁴² Currently, there are no federal statutes that explicitly prohibit gambling over the Internet and it is uncertain whether existing statutes would apply. ⁴³

The most pertinent existing federal statute is the Interstate Wire Act ⁴⁴ , which prohibits a "person engaged in the business of wagering or betting" from using "a wire communications facility for the transmission in interstate or foreign commerce of bets or wagers or information assisting in the placing of bets or wagers on any sporting event or contest. . ." ⁴⁵ The clear intent of the Act was to prohibit professional betting on sports events through the use of telephones across state lines. As a result, this would not prohibit casual bettors, nor would it prohibit other forms of gambling, such as casinos and lotteries. ⁴⁶ Although the Act was not drafted with contemplation of the Internet, most agree that it at least prohibits professional sports books on the Internet. ⁴⁷

Another relevant statute is the general Conspiracy statute, ⁴⁸ which makes it a crime to conspire to commit a crime. Federal law enforcement officials have used this statute to prosecute U.S. citizens running offshore sports books in the Caribbean, charging them with conspiracy to violate the Interstate Wire Act. ⁴⁹ These Acts, as well as others, may be successful in prohibiting some forms of online gambling, but harbor some uncertainty.

Due to these deficiencies in current statutes, Senator Kyl of Arizona has proposed the Internet Gambling Prohibition Act (the "Act") in the 1997 and 1998 sessions of Congress. The most current version of the Act passed the Senate by a 90-10 vote on July 23, 1998 and was attached to the Department of Commerce appropriations bill. ⁵⁰ It was withdrawn from the final 1999 Omnibus Spending Measure due to time constraints, but is planned to be reintroduced next year. ⁵¹ The bill, in its most recent version, would have created a new section 1085 in the Interstate Wire Act and prohibited almost all forms of Internet gambling. ⁵² It would have authorized criminal penalties against site owners ⁵³ and casual bettors, ⁵⁴ as well as injunctive relief against those gambling businesses. ⁵⁵ As well, Internet Service Providers ("ISPs") whose service is used by bettors or gambling sites in violation of the Act are subject to injunctions requiring the termination of those accounts ⁵⁶ or any other relief "technically feasible." ⁵⁷

Despite the attempts of Congress to explicitly address Internet gambling in the Internet Gambling Prohibition Act, it is likely they will prove unsuccessful in their enforcement as currently drafted because of the nature of the Internet. The Department of Justice has indicated that it has no intention of pursuing individual gamblers, ⁵⁸ although penalties are available under the proposed Act. ⁵⁹ The prosecution of gambling sites appears to be the goal of the Act, but this course of action is wrought with difficulties since most of these businesses are (or will be) conducted outside of national borders, implicating the extraterritorial jurisdictional issues discussed below.

D. Jurisdiction

As stated earlier, the Internet allows data to freely travel between states and between nations. Indeed, the Internet knows no borders. ⁶⁰ Whether federal law can effectively prohibit online gambling is dependent upon jurisdiction. Because of the threat of criminal liability in the United States, most gambling site operators have located outside of the U.S. and some have changed their citizenship. ⁶¹ As a result, any attempts to regulate Net gaming will be limited by extraterritorial jurisdiction and principles of national sovereignty, since the foreign nations where the sites are located have either licensed the sites or operate them directly. ⁶² In these situations, application of American law would directly conflict with those of the nations where the gambling operations are legal.

The principles of international law and jurisdiction are difficult and unclear. The one aspect that is clear is that the U.S. will have jurisdiction over its own citizens, including those abroad. ⁶³ However, in order to prosecute a foreign operator in another country, the United States must first assert that its law will be applied extraterritorially. ⁶⁴ The proposed Internet Gambling Prohibition Act, as currently written, does not state that it will be applied extraterritorially. ⁶⁵ Under current circumstances, the Act will be of limited effectiveness if it is not given extraterritorial effect.

Assuming that the Act is intended to be applied against foreign operators, enforcement would require that foreign authorities arrest and release the accused individual(s) to the United States. ⁶⁶ International custom generally requires compliance with a formal extradition treaty between the countries. ⁶⁷ American extradition treaties generally have the following characteristics: "reciprocity, a [formal] treaty, dual criminality, the political offense exception, specialty, and procedural requirements." ⁶⁸ The most relevant characteristic for this discussion is that of dual criminality, which simply requires that the act be a crime in both countries. ⁶⁹ All American extradition treaties include this requirement. ⁷⁰ Assuming that the online gambling operation is legal in the foreign country where it is being operated, it is unlikely that those individuals will be subject to extradition for violation of U.S. gambling laws.

Another basis for extradition is the notion of comity. Comity is a "discretionary doctrine," where courts honor the decisions of those in another country for reasons of "diplomatic etiquette" rather than as a legal obligation. ⁷¹ Requests of this nature are rarely made, and Congress has required that "there must be a treaty or convention" in order to extradite a U.S. citizen to another country. ⁷²

The only other manner in which the U.S. could seek to obtain the removal of a foreign operator for trial in American courts under established legal principals is by forcible removal. ⁷³ This would entail the capture and abduction of the accused gambling operator by American agents. Courts have upheld personal jurisdiction over criminal defendants physically brought into the United States. ⁷⁴ However, it seems unlikely that the U.S. government would authorize such actions, since the seriousness of the crime does not seem to be sufficient to warrant such an aggressive use of power.

Since the United States will likely lack the power to enforce any federal gambling prohibition against foreign operators, the Internet Gambling Prohibition Act or any other laws will be of little consequence in regulating online gaming. A Department of Justice spokesman has been quoted stating, "‘If the casinos are outside the United States, there’s not a thing we can do about it. . .’" ⁷⁵ Even if foreign countries complied with American requests to respect Internet gambling prohibitions, there may be negative consequences. An attorney for the Justice Department has indicated that the U.S. must then be willing to act upon foreign requests for assistance regarding conduct that may be completely legal or Constitutionally protected in the United States. ⁷⁶ As a result, Internet gambling operators who remain outside of U.S. borders and do not have any assets in America will be effectively outside of the American legal system, only subject to arrest if they travel to the U.S. ⁷⁷

Because of these legal and practical difficulties, many commentators have conceded that a federal prohibition on Net gaming will be ineffective and have suggested alternative approaches. Suggestions range from seeking foreign or international regulation of gambling sites, ⁷⁸ to an international convention for extradition addressing computer crimes, ⁷⁹ to self-regulation by users. ⁸⁰ Having addressed the problems of attempting to regulate or prohibit Internet gambling, this paper will attempt to elucidate in the remaining sections how the federal government could implement effective online gambling legislation through the use of technological tools. Instead of "throwing in the towel" or passing a law that would be primarily symbolic, legislators should thoroughly examine other means which may be more successful.

III. The Code of Law or the Law of Code?

So far I have examined the problems which Internet gambling presents for traditional conceptions of regulation. The obvious question that presents itself is whether this forecloses all attempts at effective governance on the Internet. In the absence of a central international governmental body, which would destroy nation sovereignty anyway, is it impossible to regulate conduct on the global network? Does the acceptance of this emerging technology effectively inhibit a nation’s traditional areas of control in the physical world with respect to all areas of presence in the virtual world? In other words, is the only manner in which a government can maintain control limited to refusing participation on the Internet (if this is even possible for those nations that have embraced the technology)? If so, then nations must forsake the benefits for the Internet in order to control its negative aspects.

Rather than accepting defeat, some academics have proposed a different theory, which requires a reconceptualization of the traditional means of regulation. In the physical world, law is primarily concerned with control within a particular set of geographical borders. ⁸¹ This relationship is based upon a link between physical boundaries and considerations such as power to exert control over that area, the effects of law within that territory, the legitimacy of control over that space, and the ability to provide notice of which legal rules apply within that boundary. ⁸² However, since the Internet is ajurisdictional, it undermines the relationship between borders and law. Global data traffic destroys this connection, by eliminating these considerations. States no longer have control over what occurs within their boundaries. The effects of online actions may not occur within those areas. A sovereign’s legitimacy within those borders is weakened, since there is no ability to control what actions occur on the Internet within that physical space. Finally, there is no notice on the Net that boundaries have been crossed and different legal rules may apply. ⁸³ As a result, a new system of rules needs to be considered and traditional conceptions should be questioned.

One writer has argued that there are four different types of constraints on human behavior. ⁸⁴ So far, I have only been concerned with one, that being the use of law to restrict Internet gambling. ⁸⁵ However, this is not the only manner in which behavior can be regulated. Social norms can restrict behavior. ⁸⁶ One may not desire to participate in an online gaming site if they were concerned how others might view them. However, because Internet gambling can be accessed from the privacy of one’s home, the individual may be able to limit others’ knowledge of their participation and eliminate any stigma attached to gambling. A third form of constraint is the market. ⁸⁷ The costs associated with gambling may limit an individual’s access. However, these costs are not necessarily specific to online gaming, since traditional forms of gambling have their own. Indeed, the Internet may reduce other costs, such as traveling expenses and hotel fees, if a customer had to travel to reach a casino. Instead, the user can access the online casino at any time from the comfort of their own home.

The final constraint is that of nature or architecture. ⁸⁸ There are many examples that can illustrate this point. One cannot get from point A to point B walking faster than one could run. Similarly, one cannot get from the tenth floor of a building to the bottom without using the stairs, an elevator or a ladder.

Code or software is an example of the constraint of architecture in cyberspace. ⁸⁹ Software defines what we can access and what we can see on the Internet. ⁹⁰ Imagine a bouncer at your local pub. In order to enter, you must get past the bouncer. This typically involves showing an ID and paying a cover charge. These rules define your ability to enter this physical space. In the cyberspace world, code is the bouncer, or the "virtual doorkeeper." ⁹¹ Code sets the rules for your entrance into an area of the Internet. Indeed, the Net is only what the software allows it to be. ⁹²

The use of code to determine rules or constraints is arguably more effective than others, such as law. Law is primarily an ex post constraint, i.e., its effect are usually apparent after a violation. Code differs because it can be applied ex ante. ⁹³ It can assure greater compliance than law or other constraints, since it defines the environment in which one can participate. ⁹⁴ As well, code is more adaptable to the rapid change of a highly technological world. As technology renders legal rules obsolete and archaic, code can be changed to accommodate new conditions, preserving or redefining the interaction between the user and the online world. ⁹⁵

The use of code does not render legal rules obsolete. Certainly, private software programmers and ISPs could impose their own rules in the absence of government direction. However, nations can use code to supplement legal rules. In the area of Internet gambling, legal rules can indirectly prohibit online gambling through the direct regulation of code. ⁹⁶ Thus, a sovereign can achieve greater compliance indirectly than with direct regulation on conduct. By utilizing code, a government can construct its own bouncer or "virtual doorkeeper" on the Internet, preventing its populace from entering areas that it desires to regulate or prohibit.

I think it is important to note that no constraint is absolute. For example, while gravity may be a constraint on my ability to leap tall buildings, it cannot prevent me from flying with the assistance of an aircraft. A wall may prevent me from spying on you directly, but cameras and wiretaps can supplement my lost ability to observe directly. The same principles apply online. No constraint of code is likely to be absolute. As one writer has stated, "hackers are special." ⁹⁷ Because of their unique knowledge and skills, they may be able to opt out of any system of constraint imposed by code. ⁹⁸ However, it is hard to imagine any constraints that are absolute. There will be some that can choose whether to participate in such a system, but from a systemic perspective, code may provide for a more efficient, more effective means of controlling behavior on the Internet.

Obviously, legislators need to comprehend that traditional means of regulation are not applicable in a borderless online world. Legal, social and market constraints are less effective in the electronic world of the "Virtual Superhighway." The current version of the Internet Gambling Prohibition Act shows promise that the Congress is beginning to recognize this new conceptualization of regulation. For example, one of the considerations for a court to consider in a request for injunctive relief against an ISP is whether an "injunction to prevent a violation [of the Act] by a gambling business . . . outside the United States . . . is more burdensome than taking comparably effective steps to block access to specific, identified sites used [by the gambling business]. . . . " ⁹⁹ Additionally, the Act would require the Secretary of Commerce to submit a report within three years after enactment, including "an analysis of existing and potential methods or technologies for filtering or screening transmissions in violation [of the Act] that originate outside of the territorial boundaries of any State or the United States. . . ." ¹⁰⁰ These provisions indicate that the federal government has begun to contemplate the use of code as an effective tool of enforcing legal rules in cyberspace.

Equally important, the Supreme Court has acknowledged that code may be useful in "zoning" cyberspace. Justice O’Connor, joined by Chief Justice Rehnquist, wrote a separate opinion in Reno v. ACLU, in which she cited Lawrence Lessig for the proposition that it is possible to create borders in cyberspace through code, which could then be used to zone adult material into a separate sphere. ¹⁰¹ Although she found the technology lacking at the existing moment, "the prospects for the eventual zoning of the Internet appear promising." ¹⁰²

Depending upon your perspective, this slow recognition by government leaders of the potential use of code in establishing behavior is either long awaited or disturbing. "At some point, legislators will recognize the role of software and discover that software can be employed to . . . make access to . . . resources cumbersome." ¹⁰³ This recognition will be essential in order to regulate online behavior. The following sections will attempt to elucidate current or potential technological tools that could accomplish this goal of prohibiting Internet gambling in the United States.

IV. The Virtual Doorkeepers: Digital Certificates

A. Background

One of the promising features of the Internet will be the extent to which commerce ("E-commerce") will take place in the virtual world. The benefits are readily apparent. Customers can shop from their computers, viewing products and placing orders online. For example, if you wish to send flowers to a certain person, you can either go to a flower shop and choose an arrangement or place an order with a telephone call. The disadvantages are that you must either take the time to travel to the store, or place a verbal order without being able to view the assortment of arrangements. Of course, if you know what you want to send, such as a dozen long-stem roses, then these negative aspects aren’t as relevant. However, a potential buyer can now access a flower shop online and view the various arrangements and prices, and place the order with a few keystrokes. The benefits of saved time and cost are obvious. Our "virtual superhighway" has enabled you to travel to the flower shop and choose your product from your desk. ¹⁰⁴

The same benefits are present for commercial exchanges between more sophisticated parties. Instead of traveling to your purchaser or supplier, contracts and orders can be negotiated online. Or negotiations can occur between multiple potential suppliers without having to travel to each separate location. E-commerce presents an opportunity for unparalleled convenience and time management. It is this promise that many hold for the future of the Internet.

However, in order to for E-commerce to proliferate, some inherent deficiencies of the Internet must be corrected: trust and confidence. ¹⁰⁵ When two parties who have never met attempt to negotiate a transaction, they are not sure whether they are speaking with the actual parties. ¹⁰⁶ Suppose I send an order to the flower shop by email. I might state, "Please send a dozen long-stem roses to _______ and bill my account. Thank you, Brian Glassberg." The store owner might know me personally, but they cannot be sure that the email they received is actually from me. Someone may have "spoofed" my name in the identifier of the email and had flowers sent to their friend, knowing that I had an account with the store owner. Numerous other possibilities are easily imaginable.

Code has stepped in to provide the trust and confidence that is arguably inhibiting the development of E-commerce. Private parties have developed means, through the use of cryptography, digital signatures and digital certificates, that seek to ameliorate these concerns. In the physical world, we have driver’s licenses and Social Security numbers that serve as means to confirm we are whom we claim to be. Code is attempting to translate those tools into virtual identification devices.

In order to understand digital ID’s, a brief review of cryptography is necessary. Cryptography, or encryption, is the use of algorithms that use mathematical "keys" to create ciphered text from plain text. ¹⁰⁷ Thus, the ciphered or encrypted text cannot be read unless it is decrypted with a corresponding "key." The strength of the encryption is determined by the length of the keys — the longer the key, the more difficult it is to guess the key. ¹⁰⁸ There are two types of cryptography: symmetric (or secret key) or asymmetric (or public key). ¹⁰⁹ Symmetric key cryptography was the traditional means of encryption, requiring both parties to have the same key. In order to maintain secrecy, the key must be kept secure from others. ¹¹⁰ Thus, symmetric cryptography would not be available for a mass commercial market usage, since parties would have to keep multitudes of secret keys for every other party they dealt with.

The development of the asymmetric key system in the late 1970's solves this problem of distribution. ¹¹¹ Public key encryption utilizes two distinct, but related keys for encryption. Either key can be used to encrypt or decrypt. ¹¹² One key is the "public key," which can be freely distributed and given to anyone. The owner keeps the other "private" key secure. ¹¹³ Thus, if I want to create a secure line of communication with the flower shop, we can exchange our public keys. If I encrypt my order to the flower shop with my private key, then the flower shop can be assured that the message only came from me, because when they use my public key to decrypt the message, they know that the only key which could have encrypted the message was the owner of the corresponding private key. ¹¹⁴

The problem with asymmetric key cryptography is performance. The process can be time consuming to encrypt each entire message, especially if it is large. ¹¹⁵ For my email message requesting a flower delivery, I do not particularly care whether anyone can read it. Rather, the store and I are both concerned with a third party impersonating me and defrauding my account with the flower shop.

Digital signatures have developed to alleviate this problem, where identity is the concern and not necessarily secrecy. Remember, my unencrypted email message to the flower shop probably has my name on the header, and I might "sign" the message by writing, "Thanks, /s/ Brian Glassberg." The flower shop receiving this message would be concerned whether: (a) the request actually came from me or (b) depending upon my relationship with them, whether I may attempt to repudiate the order at some future point. In the physical world, the flower shop could ask to see my driver’s license to confirm my identity and require that I physically sign the purchase order.

Digital signature technology supplements these "real world" means of identification and non-repudiation, providing the trust and confidence that is currently lacking with E-commerce. ¹¹⁶ To attach a digital signature to an unencrypted message, a software program reviews the message and creates a "hash" or digest of the text. This hash is encrypted by the sender’s private key, along with the digital signature, and appended to the bottom of the message. ¹¹⁷ When the flower shop receives my request, they run their own digest program of the same message. The sender’s public key is used to decipher the message and the hashes are compared. If the digests are the same, the flower shop can be assured that the message has not been altered, since any changes would have created a different hash. As well, the digital signature could have only been encrypted by the holder of the private key, authenticating that the request was sent by me. ¹¹⁸

There is one final piece to the puzzle: how does one know if the pair of keys actually came from the person they claim to be? For example, if someone wants to impersonate me at the flower shop, they could create a pair of asymmetrical keys and send the public key to the flower shop and any other business, claiming to be me. ¹¹⁹

This problem is addressed through the use of digital certificates. A digital certificate "is a digitally signed statement by a [third party] that provides independent confirmation of an individual proffering a digital signature." ¹²⁰ The third party is usually referred to as a Certificate Authority ("CA") or Trusted Third Party ("TTP"), whose business is to certify the association of a public key with a particular individual. ¹²¹ Generally, I would create my key pair and send my public key to the CA. Depending upon the level of scrutiny the CA applies for the certificate I requested, the CA verifies who I am and creates a certificate. This certificate contains my public key and provides information about the holder of the matching private key. The CA then applies their own digital signature to the certificate. ¹²²

Thus, when I wish to distribute my public key, I simply send the digital certificate to the flower shop which contains the key. They can then examine the certificate to confirm that I am the owner of the key and rely upon the CA’s representation that I am the owner. ¹²³ Of course, then one may wonder why the CA should be trusted. CA’s could certify each other to provide further assurance, but ultimately, we must trust one party. The CA’s reputation for authenticity is the foundation of its business, which will provide the incentive to confirm the accuracy of their certification. ¹²⁴ Similarly, government could provide an additional incentive through the limitation of liability for inaccurate certifications, provided they comply with certain procedures. ¹²⁵ Within this framework, digital certificates provide the basis for determining some identifying characteristics of users, which will not only assist in fostering the widespread development of E-commerce, but may also provide a means for regulating access to Internet sites which violate laws in the jurisdiction where the user is present, but not in the jurisdiction of an offending web site.

2. Applying Digital Certificates to Governmental Regulation of Internet Gambling

The technology described herein may be one means in which governments could apply their traditional forms of regulation within territorial borders to the seemingly borderless world of cyberspace. The use of digital certificates can promote the facilitation of a digital driver’s license, which site owners could use to determine the eligibility of their visitors to view or participate on the site, based upon the visitor’s age, citizenship, or other criterion.

An example is currently available with regard to pornography. Adult verification systems are available on the Internet, such as Adultcheck. ¹²⁶ An adult can receive an identification number from this service by providing a credit card number and paying a nominal annual fee. Since a credit card cannot be issued to an applicant unless that person is at least eighteen years old, this service can rely upon the valid credit card as proof of age. Site owners also sign up with the service for free and place a link to the Adultcheck screening service on the front page of their web site. ¹²⁷ Thus, when someone attempts to enter their web pages, they can only enter if they have successfully entered their Adultcheck identification number. The owner of the site can therefore protect himself against providing materials that would not be suitable to minors. ¹²⁸

Digital certificates can provide a similar means to identify an individual to gambling sites, in much the same manner that a credit card suffices as proof of age for adult verification services. Upon a "hit" from an Internet user, the gambling site owner could have his site query a request for a digital certificate from the person accessing the site. Software could be designed to scan the certificate to make sure the person is not a United States citizen (or a citizen of any other country which seeks to prevent online gaming). ¹²⁹ The certificate could provide various types of information, such as geographic location, age, name, etc. ¹³⁰ Indeed, digital certificates received from a reputable TTP may provide greater assurance to the web site with pornographic materials than would the current adult verification services.

Naturally, this "solution" to the identification problem on the Internet assumes a good deal. First, digital certificates are not widely used by Internet users at the moment. However, all indications are that some type of digital signature and certificate regime will be prevalent in the future. Banks are beginning to serve as CA’s, issuing certificates to their customers as greater security for online banking transactions. ¹³¹ Software companies are marketing digital certificate software to large companies, which would allow these businesses to offer them to employees and customers for Internet transactions. ¹³² Other companies, such as Verisign, are offering digital ID’s to consumers directly. Currently, one can get a Verisign Class 1 digital ID for $10 annually, which simply verifies the email address of the applicant, or a Class 2 digital ID for $20 annually, which "authenticates your name and personal identity." ¹³³

It is not unreasonable to presume that governments could serve as CA’s themselves. For example, each state could use its Department of Motor Vehicles offices to serve as CA’s, in much the same way that driver’s licenses are currently issued. In fact, driver’s licenses and passports could possibly be replaced by "smartcards," which are cards that contain a microprocessor. ¹³⁴ These cards could store everything from health records, to electronic cash, to personal identification and access, to digital certificates and digital signatures. ¹³⁵ Indeed, Verisign has announced that it will be bundling its Class 1 digital ID’s with smartcards, calling them "digital driver’s license[s]." ¹³⁶ Certainly, it is possible, if not likely, that digital identifications will be the norm in the future, although that is not the case currently.

A much larger assumption is whether gambling sites would be willing to screen for citizenship and limit access of participants. Some sites have stated that they will voluntarily refuse wagers from American citizens if Congress passes the Internet Gambling Prohibition Act. ¹³⁷ Many sites claim to have already refused to offer service to American bettors. ¹³⁸ Despite these statements by gambling operators, there is no manner in which they can be enforced. For example, a gambling site in Pennsylvania reached an agreement with the Missouri Attorney General’s office to refuse applications from Missouri residents until the date of a scheduled preliminary hearing. However, the site continued to accept applications after the agreement. ¹³⁹ There is no reason to assume that offshore casinos, outside of U.S. jurisdiction, would be any more willing to sacrifice profits from American bettors. ¹⁴⁰

A body that may be able to enforce or persuade offshore gambling operators to screen for citizenship is a self regulating organization, such as the Interactive Gaming Council (formerly the Interactive Services Association). This is a trade association of electronic gambling operators which is trying to implement a self-regulatory association until an international regulatory body is created. ¹⁴¹ Members have adopted a Code of Conduct, which states in relevant part that, "IGC members shall use their best efforts to obtain any binding legislative or judicial determinations which prohibit or limit operation in another jurisdiction and shall abide by those limitations to the greatest extent technically feasible." ¹⁴²

By assisting voluntary organizations in developing technological tools to screen for citizenship, governments could indirectly prevent access to those gaming sites. Although site owners could request a FAXed copy of a driver’s license or some other identification, this is both burdensome and unreliable. Thus, code could be used to develop screening software that would require digital certificates from reputable CA’s, which the site owners could employ on their web pages. Similarly, it may be possible to develop a centralized system similar to an adult verification service, which could be controlled by a trade association such as the IGC and with links made available to site owners. Funding and software assistance by nations against online gaming would provide an additional incentive.

This situation could similarly apply through international regulation, either in bilateral or multilateral agreements with nations that license Internet gambling sites. This arrangement may be the most favorable to all parties involved. It respects the sovereignty of both the nation licensing gambling sites, as well as the state seeking to enforce its online gaming prohibitions within its borders. ¹⁴³ Countries that license such businesses would regulate their operations, requiring them to block access to the site by citizens of countries where prohibitions exist. ¹⁴⁴ Technical and monetary assistance would encourage a more complete implementation worldwide.

Unfortunately, there are many problems with both the trade association and international model of screening for citizenship. First, as discussed earlier, digital certificates are not widely used currently. This would require all legal customers to obtain these digital ID’s before they could access their gambling site of choice. As a result, gambling operators are likely to suffer a revenue shortfall in the short term as their customers obtain their ID’s and lose some of their customers permanently due to consumer lethargy.

More importantly, there is a strong incentive toward regulatory arbitrage, i.e., gambling operators will attempt to evade regulatory schemes that are more burdensome than others. ¹⁴⁵ Membership in a trade association of online gambling operators is not mandatory. Some nations where gambling operations are based do not regulate those businesses, such as the Dominican Republic. ¹⁴⁶ As such, citizens that are prohibited from gambling online could simply seek out those that do not conform to the screening models. Businesses will have incentives to elude such regulation, since there will be less competition for American bettors and others that would be denied access, which may bring increased profits to those owners who will provide access to those customers.

Even if such controls could be implemented at all Internet gambling sites, it is likely that a black market would emerge for "fake" digital certificates, much as there is among underage drinkers in the United States. If screening services tried to discriminate among Certificate Authorities, then there will be problems in deciding which CA is valid and which is not. This could be further compounded if the nefarious or careless CA is the nation itself in which some gaming sites are operated. It would be difficult, if not impossible, to persuade that country to require effective screening if the identifications which it sells are less than certain.

Digital certificates, as a form of digital identification, could assist in strengthening national borders on the global Internet. Nations and their traditional forms of regulation could coexist on the Virtual Superhighway without offending traditional notions of sovereignty. However, their success is primarily dependent upon voluntary acceptance and implementation by countries where offending sites are located. Ultimately, this is a prisoner’s dilemma on a global level. Every nation is better off if each nation’s laws could be respected on the Internet, but there is an incentive for countries to defect. The result is regulatory arbitrage or a "race to the bottom." Although this is arguably the ideal model philosophically for regulating online gaming with code, other schemes must be considered if such regulation is to be effective.

V. The Virtual Doorkeepers: Filtering/Blocking

The weaknesses in attempting to regulate Internet gambling sites located outside of the United States territorial borders are apparent. Although law enforcement officials could certainly shut down domestic sites operated in violation of existing laws (or under the proposed Internet Gambling Prohibition Act), they are generally powerless to proscribe gaming operators abroad. Any potential solutions, such as the extraterritorial application of American gambling prohibitions or the screening of bettors based on citizenship, will depend upon cooperation with other nations and private gambling businesses, whose interests are likely to differ with those of the U.S. government. ¹⁴⁷

The decentralized nature of the Internet allows for the efficient transmission of data across packet-switched networks, but also inhibits any attempts for centralized controls. Instead of attacking the source of harmful or illegal materials, efforts have focused on preventing the receipt of those sources. This process is generally referred to as filtering or blocking and may be implemented in a variety of ways.

The following section will describe how these technologies work and attempt to illustrate how they may be utilized by government regulators as a means to enforce Internet gambling prohibitions.

1. User-Based Controls

"Internet filtering software is hot . . . [and it] is here." ¹⁴⁸ Since the Supreme Court struck down the Communications Decency Act in Reno v. ACLU, ¹⁴⁹ filters have captured the attention of both critics and supporters. Notably, this focus is primarily on restricting access to "inappropriate" or "harmful" materials by children, while preserving both the freedom of adults to view this material and the freedom of others to freely express themselves online. ¹⁵⁰

However, the concept could be similarly adopted for Internet gambling. ¹⁵¹ Thus, filtering could provide a way to prospectively prevent violations of Net gambling laws, while respecting the rights of other nations which seek to allow such web sites. In this way, code is the "virtual doorkeeper" for American citizens, even if they don’t realize it. Users could query a request to an offshore gambling site, but that site would be checked by the "doorkeeper" before it was allowed to communicate with the user.

There are different types filters that could be installed on a computer, but the premise for all of them is the same — they allow some content to pass through and they block access to other content, which is determined by some selection criteria. The software can be configured to be more or less restrictive, depending upon the user’s choice. ¹⁵² Thus, the program can either use a "whitelist," where the only Internet pages that can be viewed are those specifically enumerated in the database, or it can use a "blacklist," allowing access to all sites, except for those prohibited in the software profile. ¹⁵³

The "objectionable material" that is blocked or filtered is determined by differing methods. Older or "first generation" versions simply contained an enumerated list of URLs (Uniform Resource Locators) to be blocked, which could be updated with periodic downloads from the software manufacturer. ¹⁵⁴ The problem with such lists is that the incredible expansion and growth of the Internet reduces the efficacy of such lists. ¹⁵⁵ Newer versions of blocking programs include "keyword" searches or variants that employ "intelligent phrase filtering," ¹⁵⁶ which blocks those sites containing the offending words in their pages. The shortcoming of filters that block based on keywords is well documented in the press and academic literature. For example, a site containing information about a child’s soccer club was blocked because it contains the words "boys 12 and under." ¹⁵⁷

Since filters are marketed as parental control devices, they allow the user installing the software to alter the restrictions, both by URL and keywords. ¹⁵⁸ Further, adults can turn off the filter by entering a password, so that they can use the same computer to access blocked material at their discretion. ¹⁵⁹

Besides their less than complete filtering capability, the software imposes additional burdens upon parents who seek to employ this form of child protection. The software requires an initial investment to purchase the software, which must then be installed on the system by the user. In order to keep pace with the ever-changing array of pages on the Internet, customers have to purchase "updates" of restricted sites and keywords from the manufacturers. ¹⁶⁰ Of course, if the customer wishes to tailor their software, they must invest also time to review the databases of the filters and sites available on the Internet.

Returning to the discussion of Internet gambling, user-based software filters can be used to block access to the online gambling sites. For example, the Interactive Gaming Council has formed a cooperative partnership with SurfWatch, one of the leading software filter manufacturers, to ensure that filters block gaming sites from children. ¹⁶¹ Although filtering software is used to prevent children from accessing sites deemed "unsuitable" for them, the government could attempt to utilize this software to prevent bettors from gambling on the Internet.

Certainly, user-based software filters could inhibit access to gambling sites on the Internet. However, practical difficulties render this model ineffective. First, Internet users are not currently required to have such software on their systems. Those that wish to visit gaming sites could simply not install the software on their systems or use a terminal that does not have such restrictions. ¹⁶² Legislators could mandate that all new computers be equipped with such software, either on a standalone basis, or potentially embedded in the operating system. However, a crafty user could simply uninstall the filter or attempt to disable it.

Even assuming that blocking code could be included on all computers, there is still the problem of the evolving Internet. Gaming sites can change URLs and design their pages to evade keyword searches. ¹⁶³ New sites will arise and will not be contained in the database of restricted sites. Thus, there must be some means to update the restricting databases in the filters. The software could have been programmed so that it automatically updates the restricted list of gaming sites. This would seem to raise some serious Constitutional concerns over due process and privacy. Whether the government could mandate that such information be added to each citizen’s computer without their consent would seem to violate these Constitutional principles. It would appear that all of these obstacles together may prove insurmountable and would undermine attempts to prohibit gambling with user operated filtering software.

An alternative to standalone filtering software is to employ the use of PICS, the Platform for Internet Content Selection, which is "a set of technical specifications that defines a standard format for rating labels describing materials available on the Internet and a standard mechanism for distributing those labels." ¹⁶⁴ It is considered an alternative to the all-or-nothing blocking format of software filters and allows for individuals to customize what types of sites they wish to view on differing criteria. ¹⁶⁵

PICS relies upon the use of labels to allow users to screen undesirable material. Prior to the development of this protocol, there was no common standard available for creating labels. ¹⁶⁶ With PICS, different organizations can create labels for any site on the World Wide Web. Indeed, any particular web page may have multiple labels. ¹⁶⁷ Rating systems attempt to provide standard categories and objective levels of content so that labels may be assigned in accordance with them. For example, the Recreational Software Advisory Council (RSACi) has developed its own rating system, which utilizes four categories (violence, language, sex, and nudity), within which there are five levels (0-5), depending upon the degree of content matching that category. ¹⁶⁸ Any organization can rate web sites using RSACi’s system, another rating system, or they can devise their own. ¹⁶⁹

A publisher of a web page can label the site in accordance with any labeling system. The label is then embedded in the web page itself, which can be reviewed by the screening software when that page is requested by a user. Third parties can also label the page and store them at a different server for distribution on the Internet. ¹⁷⁰ Thus, if a parent is concerned that a publisher may under- or over- rate their own site, they can query or download labels from an organization they trust, such as the Christian Coalition. ¹⁷¹

The final step for the implementation of a PICS based filtering system is to define the filtering criteria, or what is known as the profile. If a parent was concerned about their children viewing sexual or violent materials, but not as worried about language, they could specify those filtering rules to be less or more tolerant. The rules, in accordance with the information provided by the label(s), determine whether the page will be blocked or not. ¹⁷² PICSRules is a language for expressing these profiles and could be freely distributed by different organizations. Therefore, if a parent did not want to specify the profiles for their children, they could download the profile from a trusted organization like the Christian Coalition. ¹⁷³

The PICS system is only a filtering protocol; it needs to be implemented with PICS compatible software to work. ¹⁷⁴ It is envisioned that PICS will be built into Internet browsers and will be widely available so that consumers can tailor their own filtering, although many standalone filtering products also incorporate its capabilities. ¹⁷⁵ Browsers will be able to decode the labels, and if the label identifies a site as inaccessible under the PICSRules, the browser will then block it. ¹⁷⁶ Microsoft has already built this capability into its Internet Explorer browser ¹⁷⁷ and Netscape has followed. ¹⁷⁸

As with standalone filtering software, the federal government could mandate that browser manufacturers incorporate mandatory PICS filtering for gambling sites within the browser. ¹⁷⁹ Other filtering criteria, such as violence, etc., could remain at the option of the user. Indeed, it is likely that the browser could be designed to have gambling criteria enabled without the user even knowing. The criteria could be very simple: 0 if there is no gambling and 1 if there is gambling present on the site. Equally important, the browser would need to be configured to consult a government or government-sponsored labeling bureau to obtain the labels for gambling sites when a URL query is sent. Thus, the government could act as a third party labeling service for gambling sites, leaving individuals to tailor any other PICS compliant filtering options they chose. ¹⁸⁰

The advantages of using PICS over other filtering techniques is that this system can be mandatory without requiring any assistance from the consumer. A government agency could monitor the Internet for offshore gambling sites and create or modify labels for these sites as necessary. Instead of relying on keyword searches or database updates, mandatory PICS filtering of gambling can be narrowly tailored and expedient. Although some gambling pages may "slip through the cracks" temporarily, the government would be assured of an opportunity to quickly respond once they became aware of such violation. Equally important, one of the major disadvantages for parents seeking to voluntarily filter content with PICS is the lack of available labels, which is not present when the government only seeks to label gambling sites, not the entire Internet. ¹⁸¹ Law enforcement must only keep track of gambling sites, which is not an easy task, but more realistic than a comprehensive labeling of the whole Internet.

The problem that undermines this model is that individuals can opt out of this regulation by simply installing another browser onto their computer. ¹⁸² Older browsers, such as ones currently available, are not configured for mandatory filtering of gambling sites with government labels. ¹⁸³ A black market for browsers without the mandatory filtering would probably emerge. ¹⁸⁴ Equally daunting is that browser manufacturers (whether domestic or a new foreign corporation) would likely provide "normal" PICS-compliant browsers in other countries, where there is no gambling prohibition. Copies of these browsers could be downloaded by American citizens and circumvent attempts to prohibit gambling online.

PICS is a promising approach to the problem of unsuitable content on the Internet. However, it too fails scrutiny when implemented through a user-based filtering system, as most other conceivable filtering techniques would, since the user will most likely have ways to circumvent the regulation. A determined bettor, without a high degree of technological sophistication, would be able to ignore gambling prohibitions. As a result, the next logical inquiry is to discern whether filtering can be employed at points on the Internet outside of the user’s control.

B. Server- or ISP- based Controls

Filtering or blocking remains a sound concept for regulating activity within national borders, without affecting enterprises that may be legal in other nations. The difficulty with imposing the regulation on users is that they can simply avoid using the restrictive code the government wants them to use. However, utilizing filters on ISPs can be more successful since compliance can be enforced to a higher degree. Users simply do not have the option of turning it off, removing it from their system, or using a nonrestrictive alternative. ¹⁸⁵

ISPs can implement filtering on a broad scale by installing filtering software or PICS compliant programs upstream. ¹⁸⁶ This requires the use of proxy servers, which many ISPs currently use. ¹⁸⁷ Generally speaking, a proxy server serves as a buffer between local users of the ISP and other Internet servers and web sites. ¹⁸⁸ All requests from ISP customers are directed through these servers, as are all incoming traffic from external web sites. ¹⁸⁹ At this point, blocking software can examine the outgoing requests to review against a list of URLs to be blocked. If the request is allowable, the data traffic is sent on its way in the normal manner. ¹⁹⁰ However, if requested URL is on the blacklist, then access is not allowed. ¹⁹¹ The proxy server could send a default response to the user that the page is blocked and not accessible, or simply relay the ever frustrating "Error 404" page. A clever ISP network engineer may program the response to be no response at all, allowing the user to wonder if there the foreign server is operating or not. In any event, the net result is that the would-be bettor cannot access the offshore gambling site.

Many businesses are marketing such a system to ISPs currently. For example, Cyber Patrol offers it software for integration with the proxy servers of ISPs and corporations. ¹⁹² Others offer installation of both software and proxy servers, which automatically update every day without burdening the ISP with such tasks. ¹⁹³ Finally, some ISPs have already begun to offer proxy based filtering to their customers, marketing their ease of use, non-avoidability, and faster database updates which standalone software cannot. ¹⁹⁴

PICS can also be implemented at the ISP level through the use of proxy servers. ¹⁹⁵ For each URL request, the proxy server would simultaneously retrieve the document and also solicit a PICS module. The PICS module could contain labels stored locally or in its cache, or it could query a label from a third party labeling bureau. ¹⁹⁶ The PICS module would then return an allow or deny access command to the proxy server, which would then provide the requested URL page or send another page indicating that the desired URL is blocked, not available, etc. ¹⁹⁷ Indeed, the ISP could run the filtering software at the server level, but allow customers to decide what filtering criteria (PICSRules) will be applied. ¹⁹⁸ One service has offered such a system which allows each customer of the ISP establish their own profile for URL blocking, which matches their assigned IP address upon login to their database profile. ¹⁹⁹ As well, PICS compliant proxy servers are already available on the market. ²⁰⁰

One additional method in which filtering can occur at the ISP level is through the use of packet filtration on routers. Remember that the TCP/IP protocol is the common standard which allows the multitude of networks around the world to interact with each other, forming one "super-network," or what has become known as the Internet. IP, or Internet Protocol, is the universal addressing of computers. ²⁰¹ Each host computer on the Internet is assigned a numeric IP address, which allows computers to locate and interact with other specific machines. ²⁰² TCP is the Transmission Control Protocol. This protocol is responsible for splitting data in small pieces, called "packets." Each packet is identified with the recipient’s IP address on a header and is sent on its way. ²⁰³ Since the Internet is a distributed, packet-switched network, ²⁰⁴ each packet is "routed" toward its final destination in the most efficient path at that moment in time. Packets may take different paths to the recipient computer, the only requirement being that they all make it to their destination, at which point, they are reassembled into the original data and able to be used by the recipient. ²⁰⁵

Routers are computers with software whose purpose is to examine the header and direct the packet toward its final destination. ²⁰⁶ Most networks will need a router to communicate with other routers across the Internet. ²⁰⁷ Packet filtration is software for the router which creates filtering rules. It tells the router, in addition to directing traffic based on the IP header, to filter packets according to an unacceptable IP list. ²⁰⁸ If the packets, coming from the internal network, external servers, or both, contain IPs which are to be blocked, the router simply drops those packets and they do not reach their destination. ²⁰⁹ Packet filtration provides another means available to ISPs in which gambling sites could be blocked from access by users. ²¹⁰

Each of these three alternatives for filtering at the ISP level have their own advantages and disadvantages. Not all ISPs have proxy servers installed on their networks, so packet filtration on routers may be the most "democratic" of all approaches, and since most ISPs will need routers to connect to the Internet, the costs are minimal. ²¹¹ As well, "[y]ou do not pay a performance penalty for packet filtering," since routers are optimized for these functions. ²¹²

With these factors in mind, one might wonder why this approach has not been utilized already. First, packet filtration only filters IP addresses. ²¹³ The IP address only identifies the machine, where as URLs can be much more exact and focus upon specific pages. Thus, packet filtration is a very "blunt" instrument, which could block many sites located on a machine which may or may not be targeted by the filters, ²¹⁴ such as with virtual web hosts. Although I would presume that online gaming sites utilize their own dedicated servers to house their pages and to run the requisite software for the games and accounting, there may be situations where a gambling operator allows other valuable sites to operate on his server or he may post his pages with a virtual web hosting service.

The other difficulty with packet filtration is that programming filtering rules can be difficult, cumbersome and requires a high level of skill which some ISP operators may not possess. ²¹⁵ A mistake could shut down the entire network (e.g., if the router is mistakenly programmed to deny all incoming packets from external hosts, etc.). Equally important, some routers have to be programmed manually or individually, which can be time consuming if the ISP has many routers. ²¹⁶ There are some new products available that allow for simplified programming and centralized implementation to assist with these problems, but again, this would require an investment by the ISP. ²¹⁷ In any event, these problems would inhibit an ISPs ability to respond to new sites that emerge or existing sites that can simply change or "spoof" their IP addresses.

Filtering with PICS compliant software or a simple URL exclusion list does have certain advantages over packet filtration which are important. First, since they are based upon URLs they can be much more precise in what pages are blocked. ²¹⁸ Equally important, filters can be altered to account for evasion attempts much easier and more quickly. A list of blocked URLs could be downloaded nightly. PICS labels can be changed at a third party (government- sponsored) labeling bureau or can be downloaded into a local database on a regular basis.

Despite these advantages, there are two significant drawbacks: cost and performance. Installing proxy servers will entail significant costs in hardware and maintenance. These costs must be borne by ISPs, or more likely, will be shifted onto customers as a "value-added service." ²¹⁹ Equally important, the use of proxy servers requires that all traffic be directed through them, creating a choke-point. Although these servers will be able to cache frequently accessed documents for local retrieval (as many corporate servers and ISPs already do), there will be some performance costs, depending on how the network is designed and the amount of traffic flowing through it. ²²⁰

From a policy perspective, some sort of blocking at the ISP level seems to be the ideal approach. Law can create the desired goal of restricting online gambling indirectly by directly regulating ISPs and mandating their use of code. Thus, an effective gambling prohibition act would "impos[e] liability on various network actors, and law may provide immunity or safe harbors for implementation of technical rules." ²²¹ The government does not need to specify which form of filtering ISPs must use; rather, they can simply assist by locating the offending sites and allow ISPs to implement their filters as they wish. For example, a government agency, such as the Department of Justice, could establish a labeling bureau, which would post PICS compliant labels. The server could also list URLs and IP addresses, which could also be downloaded by ISPs or filtering software services. Finally, the government server could also be programmed to send the labels/IPs/URLs to ISPs on a regular interval, ²²² supplemented with a digital signature to ensure authenticity.

ISPs have stated that they have the technology to block access to the gaming sites, but have vigorously protested any imposition of liability up to this point. America Online (AOL) has admitted that access could be blocked, although it would be a major burden, especially upon smaller ISPs. ²²³ However, ISPs can and do block "Spam" (unsolicited email), which is an equally onerous burden. ²²⁴

Critics of filtering online gambling sites note that this policy will not be effective, since URLs and IP addresses can be changed by offshore operators. Hence, this will only be a "cat-and-mouse game," ²²⁵ which would impose additional burdens upon ISPs if they had to police all of the sites passing through their networks. ²²⁶ These are both valid criticisms, which should be addressed by any policy imposing liability upon ISPs.

First, there is no way to prevent foreign operators from attempting to avoid blocking techniques, short of voluntary compliance. It is very simple to alter IPs addresses, domain names and directories or pages within web sites. However, the advantage of filtering at the server level is that these attempts at evasion can be quickly remedied through frequent downloads of URLs, IPs or labels, or by querying a government-sponsored labeling bureau. By making these updates at the ISP level, a greater percentage of compliance is available, since these changes will affect all of the ISPs users. Further, frequent changes to the location of the gambling site will create a disincentive for users to gamble at offshore gambling sites. If the user must deposit money up-front, they could be sufficiently worried about being able to locate the gaming site if it is blocked, or whether the foreign operator will simply acquiesce to the blocking of his site in the U.S., leaving the user without a means to obtain a refund.

Second, the liability imposed upon ISPs could provide a safe harbor for compliance, based upon whether the notice has been posted by the government at its servers. Thus, the ISP can escape liability by showing that it has attempted to filter only those sites the government has requested, not those which have escaped federal scrutiny. Obviously, if the ISP had the duty to screen all material which flowed through its network lest it suffer statutory penalties, it would find this impossible and might rationally decide that the cost is not worth the burden and shut down its service. ²²⁷ Therefore, the burden for policing the Internet should be shifted to the government, along with voluntary assistance from other organizations (such as anti-gambling groups or state attorney generals).

This model for Internet governance is not without its exceptions. Any user can opt of the system by dialing into an ISP which does not comply with the laws requiring filtration. Fines could be sufficiently high for ISPs that violate the laws as a deterrent. Similarly, the government need not police each ISP to ensure compliance. A few well-publicized prosecutions may encourage compliance.

Determined gamblers could still access sites blocked by their ISP by logging into a foreign ISP or into the gambling site directly. Indeed, there is no way to prevent all gambling, for if the user is sufficiently determined and willing to pay the additional costs, they will be able to escape the regulation. However, no prohibition is absolute, but this model poses a chance for higher compliance than with most laws.

For example, if state governments were determined to enforce speed limits, they could place a "speed trap" at every quarter mile interval. Of course, the costs would exceed the benefits from such a policy. Currently, states seem to rely upon highly visible stops of vehicles as a deterrent to others. We have all slowed down when we have approached a police officer sitting in a "speed trap" or pulling someone else over for a citation. However, if the governments were very determined, they could impose liability upon car manufacturers for not designing their automobiles to prevent drivers from exceeding fifty-five MPH (when that was the national limit). This would seemingly limit speeding on highways, but would come with increased costs to consumers. Such a policy is similar to filtering gambling sites on the "virtual superhighway." It too is not absolute, for a skilled mechanic could simply bypass such a mechanical limitation, just as a skilled Internet user could find a path around the regulation. But in both cases, most people would comply, which achieves a larger percentage of compliance than simply punishing offenders ex post.

Given the benefits of this model of regulation through the use of law and code, the final question is whether such a policy would be legal. The F.C.C. has not yet attempted to regulate ISPs and it is not certain whether it would have the authority to do so without explicit statutory authority. ²²⁸ The Interstate Wire Act provides some guidance, in that it allows law enforcement officials to order common carriers to terminate the service of a customer upon reasonable notice, when the service "is being used or will be used for the purpose of transmitting or receiving gambling information in interstate or foreign commerce in violation of Federal, State or local law. . . ." ²²⁹ This provision has been upheld against claims of unconstitutionality. ²³⁰

The Internet Gambling Prohibition Act, as currently drafted, only allows injunctive relief against ISPs when one of their customers is using their account in violation of the Act. ²³¹ Thus, if a gambling site is located offshore, injunctive relief could only be sought if one of the ISPs’ customers is accessing that site and gambling in violation of the Act. ²³² Further, that relief would not require other ISPs to block access to that same site, unless injunctive relief is also sought against them. With the costs and time to institute legal proceedings, these remedies will prove ineffective.

If the government follows the proposed model in this paper and seeks to impose liability upon ISPs for allowing access to gambling sites, the question remains whether the government must obtain a judgement or an injunction against each gambling site before it can request ISPs to filter access to that site. There would certainly be some due process implications if the government could deem a site "in violation" of its gambling prohibition, without notice and the opportunity to contest the allegations. However, attempting to prosecute foreign operators implicates the very problems with extraterritorial application of American laws discussed earlier. ²³³ Further, although gambling itself does not enjoy the same constitutional protections as other expressive conduct, ²³⁴ gambling advertisements are entitled to limited protection under the First Amendment for commercial speech. ²³⁵

The legal questions regarding any proposed model of Internet governance relying upon the use of code are difficult and will need to be resolved in the future. However, given the limitations of using traditional legal tools to regulate the Internet, these legal rules should be altered to the greatest extent possible (consistent with principles of freedom) if the nation is to remain a viable source of protection and regulation over its citizens in cyberspace. Otherwise, laws regulating Internet conduct, such as the proposed Internet Gambling Prohibition Act, will serve no purpose beyond providing notice that such conduct is illegal. Such notice may fall upon deaf ears, since it will be practically impossible to enforce such a prohibition without the enlistment of technological tools in the legal regime.

VI. The Virtual Doorkeepers: Other Methods

Although I feel that ISP-based filtering is the most viable means of regulating Internet gambling, other methods which could be used by a government to restrict access to Internet sites will be briefly addressed.

A. National Firewalls & Filtering on a National Level

Some governments, such as China and Singapore, have developed national firewalls or intranets to restrict what content flows through their borders. ²³⁶ The premise is the same as filtering with proxy servers at the ISP level: all traffic from inside or outside of the firewall flows between government proxy servers, where it is filtered using some type of filtration device. ²³⁷ As well, it is subject to the same problems as those that are present with ISPs: cost, performance, and evasion. Since all traffic entering and exiting its national borders flows through this gateway, there is a need for tremendous computing power, which would be especially prevalent in a country such as the U.S., where there is considerably more Internet traffic. Equally important, Internet performance has suffered considerably, so much so that it threatens the opportunities for economic potential on the Internet for those countries. ²³⁸ Finally, any user seeking to escape the firewall can simply obtain access by dialing into a network outside of the borders, ²³⁹ at the risk of punishment under national laws.

Certainly, the United States (or individual states) could attempt to create such a framework. However, the federal government has remained persistent in allowing the private sector to flourish on the Internet. ²⁴⁰ As well, the costs and infrastructure requirements would not seem to justify the benefits of restricting Internet gambling. Besides philosophical principles of freedom, the government could achieve the same result by imposing liability upon ISPs, which though burdensome, would be less intrusive and threatening than a national filter.

Similar to this approach, filters could be placed on domain name servers. As you will recall, domain names are the mnemonic equivalent of numeric IP addresses. ²⁴¹ When a web site is sought by the user, such as a page within "www.law.harvard.edu," the request is sent to the primary DNS server. ²⁴² If that server contains the matching IP address within its database, the request is returned to the user. Otherwise, it is forwarded to a "root" server, where it proceeds through the DNS hierarchy until the IP address is located. ²⁴³

Filters could be placed on these servers, or through proxy servers, where they could refuse any request for sites that are in violation of the gambling prohibition. As with national firewalls, this approach is subject to limitations of cost and efficiency. However, there are additional problems with evasion. First, a user could simply input the numeric IP address into their browser instead of the domain name. The domain name’s purpose is only for ease of use; it is not required to connect to another site. Second, a user can simply designate her primary DNS server with one that is not subject to filtration without much difficulty. ²⁴⁴ Although this arrangement may frustrate the efforts of some would-be gamblers, it is not very difficult to opt out of the regulation. Thus, in order for this system to be very effective, some other form of blocking must accompany it, such as a national firewall or filtering at the ISP-level, which would seem to defeat the purpose of filtering DNS servers.

2. Illegal Means

Finally, perhaps the most cost-efficient method for the United States to limit access to foreign gambling sites would be to destroy them, not with guns and bombs, but with code, in the form of viruses or some other harmful program. Surely, this would be illegal and offends all notions of justice, but it is certainly a possibility. Government officials could simply target those sites that refuse to screen U.S. citizens from their sites. I presume that an experienced hacker could introduce a virus upon the offending site’s servers, which would disrupt or prevent the gambling service from operating on that machine. Of course, I do not advocate such an approach, but it would be an interesting solution because it would be cost effective, efficient, and targeted against a specific offender. Despite these benefits, it is doubtful that such events would occur under government sponsorship, or at least I would hope.

VII. Conclusion

As the twenty-first century quickly approaches, the Internet continues its amazing growth and is quickly securing a dominant presence in everyday life. The benefits which accompany this technology are astounding. A wealth of information and services unparalleled in history are now at the fingertips of everyone with access to the Internet. Businesses, governments and individuals are rushing to secure their own position on the "Information Superhighway."

However, within this panoply of advantages and efficiency lies the burdens which accompany this technology. Many activities that are illegal in the physical world are attempting a resurgence in the virtual world. Online gambling is one of the burgeoning industries which threatens a government’s ability to protect and regulate its citizens. The advantageous technological aspects of the Internet are also those which inhibit attempts to control behavior upon it.

As I have attempted to elucidate, traditional legal and legislative mechanisms are not suited for regulation in cyberspace. The power which a state can exercise within its borders is not easily accommodated in a space where there are no corresponding boundaries, such as the Internet. In a global networked environment, regulatory arbitrage thrives since there is an incentive for illegal behavior to migrate to less restrictive regimes without any significant additional costs. Although Congress has not yet passed the Internet Gambling Prohibition Act, such behavior has already occurred as online gaming operators have located in other nations that sanction or promote such activity. From the picturesque environs of the Carribean, many Internet gambling site owners solicit business from American citizens without a realistic threat of prosecution by United States law enforcement.

Law could attempt to keep pace with technology, perhaps by creating agreements with other nations for enforcement of domestic laws on the Internet. However, there are inherent difficulties in following this path. Certainly, there will be a large time-lag between the emergence of the prohibited activity and the agreement to enforce that regulation abroad. More importantly, some nations may refuse to honor such requests, desiring instead to receive the economic benefits from allowing such activities to be based within their physical borders.

Instead, law should co-opt technology for its own purposes, using it to enforce policies which it cannot easily do otherwise in a virtual, networked environment. In this framework, code becomes the law. It defines what is possible and what is not. Indeed, code is preferable to law as an enforcement mechanism, by enforcing appropriate behavior ex ante instead of relying upon ex post punishment.

This approach is not unprecedented. Congress has adopted technological enforcement mechanisms in other situations. The "V-Chip" legislation will allow parents to filter what their children may view on television, by requiring television manufacturers to incorporate the code into the television. ²⁴⁵ Copyrights are protected from infringement with digital audio recording devices by requiring that manufacturers install copying controls into the machines, seeking to dictate appropriate behavior ex ante. ²⁴⁶

Technology can fulfill a similar role in prohibiting online gambling. Digital certificates and filtering are two possible approaches for limiting access to Internet gaming sites by American bettors. Instead of attempting to punish bettors or operators, which is costly, difficult and ultimately ineffective, policy makers can institute a more successful constraint by removing access to those sites by U.S. citizens. Not only does this achieve the regulatory goal in an efficacious manner, it respects the rights of foreign nationals to conduct activities which are perfectly legal in their own jurisdictions. Equally important, code can be narrowly tailored and is flexible, allowing it to adapt to the ever-changing conditions present on the Internet.

Code is the basis of the Internet. It is what creates the Internet and all of its benefits and its burdens. Code has created this virtual space, which lives above and beyond the constraints of the physical world. If government desires to control activity which occurs in cyberspace, it must recognize the primacy of code and incorporate it. Otherwise, legislative acts such as the Internet Gambling Prohibition Act are likely to be a losing bet.

Sec. 1085. Internet gambling

FOOTNOTES

1. See, e.g., Reno v. ACLU, 117 S.Ct. 2329, 138 L.Ed.2d 874 (1997) (striking provisions in the CDA prohibiting transmission of obscene or indecent communications to minors through an interactive computer service). A new attempt to regulate Net porn was recently signed into law on October 21, 1998, the Child Online Protection Act (dubbed the “CDA II” or the “Son of the CDA” by opponents), and will certainly be the focus of forthcoming debates on Internet regulation. Courtney Macavinta, What Congress Really Did, Oct. 23, 1998 (last visited Oct. 27, 1998) <http://www.news.com/SpecialFeatures/0.5,27903,00.html>.

4. Kevin Werback, Digital Tornado: The Internet and Telecommunications Policy, OPP Working Paper No. 29, Mar. 1997 at 10. (last visited Oct. 29, 1998) <http://www.fcc.gov/Bureaus/Wireless/OPP/working_papers/Opp29pdf.html>.

13. For more information on registering domain names, please visit NSI at <http://www.nsi.com> (last visited Oct. 1, 1998). The domain name registration process is currently being examined by the World Intellectual Property Organization (“WIPO”) in hopes of recommending an international, self-regulating solution to domain name disputes on the Internet. For more information, please visit WIPO’s Domain Process site at <http://www2.wipo.int> (last visited Oct. 29, 1998).

18. For a concise time line of the Internet and its development, visit Hobbes’ Internet Time Line, (last visited Oct. 30, 1998) <http://info.isoc.org/guest/zakon/Internet/History/HIT.htm/>.

20. See Lance Rose, Online Gambling: Killer App or Sucker Bet? (last visited Oct. 28, 1998) <http://boardwatch.internet.com/mag/96/jan/bwm20.html>; New Things to Regulate: Internet Gambling Generates Gambling, Las Vegas Review-Journal, May 24, 1998 (last visited Oct. 17, 1998) <http://www.lvrj.com/lvrj_home/1998/May-24-Sun-1998/opinion/7549225.html>.

21. Betting Money on the Web, N.Y. Times, Mar. 5, 1998 (last visited Oct. 17, 1998) <http://www.nytimes.com/library/national/05internet-gambling-sidebar.html>.

22. Id. (“there are at least 140 such sites around the world”); See also, New Things to Regulate, supra note 20, (“mushroomed to more than 150 web sites”); In Focus: Regulating the Internet, USA Today, Sept. 23, 1998, (last visited Oct. 17, 1998) <http://www.usatoday.com> (“nearly 200 online sites . . . up from 15 just last year”). Note that these are estimates of actual sites on the Internet that offer gambling services online. Some estimates have ranged as high as 100,000 based upon searches in a search engine for web pages that mention “gambling.” Testimony of [New York] Attorney General Dennis C. Vacco to the Senate Standing Committee on Racing, Gambling and Wagering, Mar. 12, 1997 (last visited Oct. 22, 1998) <http://www.oag.state.ny.us/press/mar97/testimony.html>.

23. Wendy R. Leibowitz, Senate Bans Most ‘Net Gambling: Many Bet on Poor Enforcement, Law Journal Extra!, Aug. 10, 1998 (last visited Oct. 17, 1998) <http://www. ljx.com/topstories/080798new2.htm>.

24. Some web sites only provide “links” or directories of online gambling sites. See, e.g., Rolling Good Times Online (last visited Oct. 29, 1998) at <http://www.rgtonline.com> or Where to Bet (last visited Oct. 29, 1998) at <http://www.wheretobet.com>.

25. For an example, visit the Sportsfanatik (last visited Oct. 29, 1998) <http://www.sportsfanatik.com>.

26. For an example, visit the Golden Palace Online Casino (last visited Oct. 29, 1998) <http://www.goldenpalace.com>.

27. For an example, visit the Interlotto (last visited Oct. 29, 1998) <http://www.interlotto.com>.

30. Interwetten Sports Book (last visited Oct. 29, 1998) <http://www.interwetten.com>.

31. The site is run by a Liechtenstein government agency, the Interlotto. Their site is located at <http://www.interlotto.com>.

38. State of Minnesota v. Granite Gate Resorts, Inc., 568 N.W.2d 715 (Minn. Ct. App. 1997), aff’d 576 N.W.2d 747 (Minn. 1998) (finding that Nevada corporation, in association with Belizian gambling site, was subject to personal jurisdiction in Minnesota for deceptive trade practices, false advertising, and consumer fraud). See also, State of Missouri v. Interactive Gaming and Communications Corp., No. CV97-7808 (Cir. Ct. of Jackson Co., May 22, 1997) (granting permanent injunction against online gambling corporation in Pennsylvania, restricting the acceptance of wagers from Missouri residents) (available online at <http://www.bna.com/e-law/cases/intergame.htm>>).

39. Warning to All Internet Users and Providers, (last visited Oct. 17, 1998) <http://www.state.mn.us/ebranch/ag/memo.txt>.

43. Anthony Cabot and Kevin D. Doty, Internet Gambling Report II, March 1, 1998 at [10] (last visited Oct. 17, 1998) <http://www.hotelcasinomedia.com/trace/chapter10.html>.

49. Benjamin Weiser, U.S. Charges 14 With Online Sports Betting Operations, N.Y. Times, Mar. 5, 1998 (visited Oct. 17, 1998) <http://www.nytimes.com>.

51. See, e.g., Macavinta, supra note 1; Kyl Bill Pronounced Dead for the Year, Oct. 20, 1998 (visited Oct. 22, 1998) <http://www.rgtonline.com/index.cfm?BodyLoc=/N/artlisting.cfm/2831>.

58. See, e.g., Peter Lewis, Can Lawmakers Control Online Gambling?, N.Y. Times, Sept. 22, 1997 (last visited Oct. 17, 1998) <http://www.nytimes.com>; Playstar Responds to Kyl Bill, July 31, 1998 (last visited Oct. 17, 1998) <http://www.wheretobet.com/news/c23.html>.

61. See, e.g., Brett Pulley, On Antigua, It’s Sun, Sand and 1-800 Betting, N.Y. Times, Jan. 31, 1998 (last visited Oct. 17, 1998) <http://www.nytimes.com>; Philip Palmer McGuigan, Stakes are High in Battle to Bar Internet Gambling, The National Law Journal, Nov. 3, 1997 (last visited Oct. 23, 1998). <http://www.ljextra.com/internet/1103gambling.html>.

76. Dan Goodin, DOJ: Gaming Bill too Broad, June 12, 1998, (last visited Oct. 27, 1998) <http://www.news.com/News/Item/0.4,23138,00.html>.

77. Kelly Flaherty, Feds’ Internet Bet Case Avoids ‘Cyber’ Issues, The Recorder, Mar. 6, 1998 (last visited Oct. 23, 1998) <http://www.ljextra.com/internet/0306betjuris.html>.

102. Id., at 2354. Congress, presumably in response to this language in O’Connor’s opinion, has recently passed the Child Online Protection Act, or the “CDA II”, which would hold commercial site operators liable if they made “harmful” material available to children. However, the law provides an affirmative defense if the site owner checks the online visitor’s identification, which can be done automatically through an adult verification system. See Macavinta, supra note 1. For an example of an online verification service, please visit Adultcheck. (last visited Oct. 24, 1998) <http://www.adultcheck.com>.

104. For an example, visit 1-800-FLOWERS at <http://1800flowers.com> (last visited Oct. 25, 1998).

126. Adultcheck, <http://www.adultcheck.com> (last visited Oct. 24, 1998).

128. See discussion of the Child Online Protection Act, supra note 102. An additional incentive for webmasters are the royalty payments available if they refer a customer to Adultcheck and that person enrolls in the service. Adultcheck, <http://www.adultcheck.com/cgi-bin/merchant.cgi?9999> (last visited Oct. 24, 1998).

131. >o?Banks Converge on Certificates, Oct. 21, 1998 (last visited Oct. 26, 1998) <http://www.wired.com/news/news/technology/story/15749.htm>.

132. Jennifer Sullivan, Trusting Entrust, Aug. 14, 1998 (last visited Oct. 12, 1998) <http://www.wired.com/news/news/technology/story/14448.htm>.

133. Verisign, <http://www.verisign.com/client/enrollment/index.html> (last visited Oct. 26, 1998).

136. James Glave, Digital ID’s Bust Out of Hard Drives, Nov. 21, 1997 (last visited Oct. 26, 1998) <http://www.wired.com/news/news/technology/story/8723.html>. Smartcards provide an advantage because of their portability, since digital signatures and private keys are normally stored on the user’s computer. However, the promise of smartcards is in the future, since the infrastructure (such as card readers) is not currently available.

137. For example, the CEO of Galaxiworld casino (<http://www.galaxiworld.com>) has stated that they will block access by U.S. players if the Internet Gambling Prohibition Act is passed. Lisa Napoli, Online Casino Unfazed by Proposed U.S. Ban, N.Y. Times, June 1, 1998 (last visited Oct. 17, 1998) <http://www.nytimes.com>.

138. Id.; However, many sites randomly sampled did not refuse service to American gamblers; rather, the disclaimers simply stated that the user must abide by their country’s laws and the user must disclaim liability to the site owner. See, e.g., New York Casino (last visited Oct. 29, 1998) <http://www.newyorkcasino.com/help/intro.html>; Ace’s Casino and Sportsbook (last visited Oct. 29, 1998) <http://www.acescasino.net/livesports/disclaimer.html>.

139. State of Missouri v. Interactive Gaming & Comm. Corp., No. CV97-7808 (Cir. Ct. of Jackson Co., Mo. May 22, 1997) at ¶ 4 (l) & (m). (available online at <http://www.bna.com/e-law/cases/intergame.html>) (last visited Oct. 28, 1998).

140. One development which may encourage gambling operators to refuse service to American citizens is a lawsuit filed in California against credit card companies. A California resident has claimed that she is not liable for her credit card bills accruing from online gambling. Experts have speculated that if her claim is victorious, it could cause Internet gaming businesses to collapse, since most wagers are made with credit cards. See Online Gambler Sues Credit Card Companies, Washington Post, Aug. 17, 1998 (last visited Oct. 17, 1998) <http://www.washingtonpost.com>. Although other means of wagering are available, businesses would be skeptical of accepting credit card wagers by American citizens, even if the card is issued by an offshore bank, since American courts may not enforce any debts from Internet gambling. As a result, they may voluntarily seek to prevent U.S. bettors from accessing their sites.

141. Jeri Clausing, Online Gambling Industry Seeks Regulation to Save Itself, N.Y. Times, Dec. 23, 1997, (last visited Oct. 17, 1998) <http://www.nytimes.com>.

142. Interactive Gaming Council, Code of Conduct, posted May 9, 1997 (last visited Oct. 22, 1998) <http://www.igcouncil.org/code.html>.

144. For example, Australian regulatory models of Australian gambling sites would require the operator to set up accounts for bettors, verifying identities and addresses, so that winnings can be taxed before they are distributed. See Jeri Clausing, Ban Online Gambling? Australia Would Rather Tax It, N.Y. Times, Oct. 16, 1997, (last visited Oct. 17, 1998) <http://www.nytimes.com>.

145. See, e.g., A. Michael Froomkin, The Internet as a Source of Regulatory Arbitrage, presented Jan. 29, 1996, at § II (last visited Oct. 26, 1998) <http://www.law.miami.edu/~froomkin/articles/arbitr.htm>.

146. Internet Gambling Booming in Caribbean, N.Y. Times, Dec. 17, 1997 (last visited Oct. 17, 1998) <http://www.nytimes.com>.

147. For example, the Dominican Republic has been in a dispute with the U.S. over banana import policies and is unlikely to assist American law enforcement with internal gambling laws. See John Borland, Oversees Policies Undermine U.S. Gambling Ban, July 20, 1998 (last visited Oct. 17, 1998) <http://www.techweb.com/wire/story/TWB19980720S0011>.

151. In fact, many software filters that seek to prevent access to pornographic materials by children also block access to Internet gambling sites. See, e.g., SurfWatch (last visited Nov. 1, 1998) <http://www1.surfwatch.com/filteringcriteria/index.html>; Cyber Patrol (last visited Nov. 1, 1998) <http://www.cyberpatrol.com/fact.htm>.

157. Matt Richtel, Some Filters Examine the Intent Under Content, N.Y. Times, Jan. 31, 1998 (last visited Oct. 17, 1998) <http://www.nytimes.com>. Richtel notes that some software companies continue to block based on URLs which are manually reviewed, since the keyword searches are susceptible to over- and under- filtering sites, especially if the web page owner is attempting evade such blocking.

161. IGC and SurfWatch Team up to Promote Responsible Gaming Online, IGC Press Release posted May 20, 1998 (last visited Oct. 17, 1998) <http://www.igcouncil.org/news/surfwatch0525.html>.

166. Paul Resnick and James Miller, PICS: Internet Access Controls Without Censorship, (last visited Oct. 18, 1998) <http://www.w3.org/PICS/iacwcv2.htm>.

169. Harry Hochheiser, Filtering FAQ, Computer Professionals for Social Responsibility, Version 1.1, Dec. 25, 1997 (last visited Oct. 19, 1998) <http://quark.cpsr.org/~harryh/faq.html>.

170. Paul Resnick, Filtering Information on the Internet, Scientific American, Mar. 1997, (last visited Oct. 19, 1998) <http://www.sciam.com/0397/issue/0397resnick.html>.

173. Paul Resnick, PICS, Censorship, and Intellectual Freedom FAQ, version 1.14, last revised Jan. 26, 1998 (last visited Oct. 18, 1998) <http://www.si.umich.edu/~presnick/pics/intfree/FAQ.html>.

178. Netscape’s latest browser, Communicator 4.5, includes PICS filtering. (last visited Nov. 14, 1998) <http://help.netscape.com/kb/client/981105-1.html>.

182. See Simon Garfinkel, Good Clean PICS, May 1997 (last visited Oct. 19, 1998) <http://www.hotwired.com/packet/packet/garfinkel/97/05/index2a.html>. Of course, if the browser allowed users to simply turn off the filtering, this would be a much easier route around regulation.

184. Netscape has offered its source code to its browsers so that savvy programmers can make alterations as long as a license is provided to Netscape to allow them to incorporate any advancements into new versions of their browser. (last visited Nov. 14, 1998) <http://home.netscape.com/browsers/future/faq.html>.

186. See Wayne B. Salamonsen & Roland Yeo, PICS-Aware Proxy System vs. Proxy Server Filters, (last visited Oct. 18, 1998) <http://www.irdu.nus.sg/~wayne/paper.html>.

192. Cyber Patrol, (last visited Oct. 23, 1998) <http://www.cyberpatrol.com/buisness/cpbs.htm>.

193. See, e.g., Surfwatch, (last visited Oct. 18, 1998) <http://www1.surfwatch.com/datasheets/proserver-sdk/>; N2H2, (last visited Oct. 26, 1998) <http://www.n2h2.com/main_isps-bottom.htm&t;.

194. FamilyConnect, (last visited Oct. 28, 1998) <http://www.familyConnect.com/filter.htm>.

199. NetPartners, (last visited Oct. 26, 1998) <http://www.netpartners.com/products/s_isp.html>.

200. See, e.g., I.B.M., (last visited Oct. 19, 1998) <http://www1.raleigh.ibm.com/pics/press/Javelin.html>; Net Shepherd, (last visited Oct. 19, 1998) <http://www.netshepherd.com/Solutions/intel%20net%20filtering.html>.

215. See, e.g., Chapman & Zwicky, supra note 188, at 176-177; Check Point (last visited Oct. 26, 1998) <http://www.checkpoint.com/products/firewall-1/descriptions/routermgmt.html>.

217. Id.; Peter Heywood, Filters Without Fuss, May 21, 1998 (last visited Oct. 28, 1998) <http://webinsite.data.com/roundups/filters> (describing new router filtering products).

219. The Internet Law and Policy Forum Working Group on Content Blocking, § III(A)(1) (last visited Oct. 20, 1998) <http://www.ilpf.org/work/content/tech.htm>.

223. See e.g., Napoli, supra note 137; Christine Stubbs, Government Wants to Pull Plug on Internet Gambling, Red Herring Magazine, Nov. 1998 (last visited Oct. 17, 1998) <http://www.herring.com/issue60/policy.html>.

224. See e.g., Erols, a regional ISP in the Northeastern U.S., does block email from a list of IP addresses, which it publishes at its site. Erols, (last visited Oct. 23, 1998) <http://www.erols.com/abuse/block1.html> & <http://www.erols.com/abuse/block4.html>.

240. President William J. Clinton & Albert Gore, Jr., A Framework for Global Electronic Commerce, July 1, 1997, (last visited Oct. 22, 1998) <http://www.iitf.nist.gov/eleccomm/ecomm.htm>.

242. See David Hakala & Jack Rickard, A Domain Name by any Other Name!, Oct. 1996, (last visited Oct. 18, 1998) <http://boardwatch.internet.com/mag/96/oct/bwm9.html>.