So You Think the Government Can't Regulate Internet Gambling? Don't Bet On It

Brian L. Glassberg

I. Introduction

The Internet promises to be one of the most influential developments for society as the twenty-first century approaches. It provides instantaneous access to a wealth of information unparalleled in human history. Net users can consult sources down the street or from the farthest reaches of the globe. The rapid growth of the Net in the last decade only reinforces this idea. However, the Internet also presents unique challenges to national sovereignty, raising questions whether governments and their legal systems will be able to effectively apply regulation to sectors of society which they have traditionally regulated.

As the Internet becomes more ubiquitous and essential to American life, business, and education, increasing attention has focused upon the negative effects that accrue with the benefits of a networked society. Obviously, the Communications Decency Act and the resulting dispute over attempts to regulate access to pornography on the Internet have drawn the most scrutiny. 1 Some other areas that have raised concern are harmful speech, infringement of intellectual property rights, privacy, and Internet gambling. Certainly, these are not the only problems that will challenge governmental ability to regulate society. However, they are especially important, since the ability or inability of nations to exercise their control over these traditional areas of regulation may determine whether they will be able to confront other problems in the future.

This paper will attempt to show how a government, in this case the United States, can make inroads in applying federal law to the Internet. I do not wish to address the moral and political issues associated with a prohibition on Internet gambling; 2 rather, I only hope to illustrate how the government could effectively prohibit Internet gambling by integrating technology within legislative and legal mechanisms. By embracing technology as a supplement to traditional enforcement means, a government may successfully implement their regulatory goals in hopes of structuring the Internet in their vision. Part II of this paper will discuss what problem the Internet poses for the regulation of Net gambling and why traditional means of enforcement are inadequate. Part III will illustrate an alternative vision of Internet regulation through the use of "code." Parts IV, V and VI will attempt to identify different technological tools that are currently available and hypothesize how the federal government could use them to enforce their anticipated ban on Internet gambling. 3

II.The Problem: Feel Like Gambling? Take the Virtual Superhighway to the Casino of Your Choice From the Comfort of Your Own Home!

A. Background of the Internet

"The Internet is a network of networks." 4 It grew out of a military program founded in 1968 called "ARPANET." 5 The goal was to create a distributed network of computers which would still be able to communicate if a portion of the network was destroyed in a nuclear attack. 6 The distinguishing feature of a distributed network is that there is no central point of control. Rather, each network of computers is interconnected to the Internet (a "super-network" or "network of networks," if you will), which can be accessed from any other point on the Internet. 7

These separate networks can communicate easily despite their different types and uses without the need for internal changes, because of the development of TCP/IP. 8 This protocol was adopted as a universal standard in 1983, allowing disparate networks to communicate within this structure by providing a common standard for the addressing and routing of data between them. 9 Thus, a global structure for addressing allows for networks to interact without knowledge of their geographical location. 10 Each computer on the Internet is assigned an IP (Internet Protocol) address. 11 A domain name address, such as "," is the mnemonic equivalent of the numeric IP address, making IP addressing more user-friendly. 12 Domain names are registered with a domain name registry, such as Network Solutions, Inc. ("NSI"), where they are matched to an IP address. 13 Thus, if a user wanted to reach the Internet site for Harvard Law School, they would simply type "" into their browser.

A final important feature of the Internet is the use of packet-switching. 14 This technique splits data into small "packets" as they are transmitted. 15 Each packet is given the final address of its destination, but the packets do not necessarily follow the same route. Rather, packets are sent from router to router, with each router calculating the best path for that packet to reach its destination at that particular moment. 16 This allows for the efficient transmission of data around points where the network is down or heavily congested.

The critical development in the Internet was the creation of an advanced Web browser in 1993, which could read HTML and display images as well as text, creating an appealing feature that drew more users to the Internet. 17 This has resulted in the widespread usage of the Internet by the general populace, changing it from a primarily scientific network to a global commercial enterprise. 18 The Internet has grown from four initial host computers to more than thirty million. In the United States, it has been recently estimated that there are more than sixty-four million Internet users. 19 Certainly, these figures will continue to grow as the Internet moves into the next century.

B. Internet Gambling

One application on the Internet has been the emergence of gambling through cyberspace. Online gambling appears to have first emerged in 1995, but has only recently burgeoned into a large industry. 20 As late as January 1997, there were only an estimated fifteen gambling web sites. 21 However, current estimates show that Internet gambling sites have blossomed, with somewhere between 140 and 200 sites now available. 22 The Justice Department has estimated that $600 million is spent at online gambling sites and projections reach $10 billion by the year 2000. 23

Gambling sites on the Internet vary in content and source. 24 One can gamble on sporting events 25 ("sports books"), casino games 26 (e.g., blackjack, poker, etc.), and lotteries. 27 Indeed, one site will even accept bets on whether President Clinton will be impeached! 28 Most of these businesses are controlled and operated offshore, outside of the United States. Many Caribbean nations allow gambling operations legally. For example, a license in Antigua is subject to a background check and a license fee of $100,000 for casinos and $75,000 for sports books. 29 Another sports book is licensed by the Austrian government. 30 The government of Liechtenstein runs a lottery site directly and claims to donate up to 25% to charities, such as the International Red Cross. 31

Typically, a user desiring to participate on one of these sites accesses the appropriate web page by clicking on a hypertext link to the site on another page (such as a search engine or a gambling directory) or by typing the name of the URL (Uniform Resource Locator) into their web browser, much as one would to contact Harvard Law School or CNN on the Internet. Once at the site, the user must establish an account with the site owner. This is performed by entering personal information and possibly downloading software to participate, if necessary. Online gambling sites usually require a deposit, either through a credit card, electronic cash, wire transfer, or by physically mailing a payment. This money may be kept on deposit with the site owner or the site may require that the user establish an account at a bank of the site owner’s choice. Once registration is complete, a user may begin participating in the games at that location. Losses are debited and winnings are credited to the user’s established account. 32

The relative ease of Internet gambling has raised a great amount of concern on behalf of state and federal governments. No longer do individuals have to rely upon state sanctioned gaming, such as a State lottery or horse track. Instead, with the click of a mouse button, users can wager any amount of money from the comfort of their own homes.

C. Gambling Law

The Internet has been coined the "Information Superhighway" and has been likened to a "virtual post office," where users can receive information almost immediately instead of waiting for delivery through traditional physical means (if that is even possible). However, for the topic of Internet Gambling, I would like to restrict these descriptions to that of a "Virtual Superhighway." The difference is subtle, but important. Unlike much of the activity on the Net where there are freedom of speech interests, gaming is conduct. 33 There are very few conceivable expressive elements in playing blackjack online, besides those of an owner who seeks to express himself through some type of civil disobedience. The Internet differs with respect to gambling in the sense that here it is not a conduit through which information is flowing. Rather, it is simply the infrastructure which is "virtually transporting" the casino to individual user’s homes or vice versa.

Under United States law, there is no general right to gamble or to be a patron of a gambling establishment. 34 Indeed, "[gambling] implicates no constitutionally protected right; rather it falls into a category of ‘vice’ that could be, and frequently has been, banned altogether." 35 Despite this power to prohibit, gambling has survived and been allowed to exist in varying degrees throughout the history of the United States. 36

States typically regulate the gambling industry within their borders. Currently, forty-eight states allow some type of gaming to exist. 37 Some states have tried to regulate Internet gambling by prosecuting sites that have allowed their residents to gamble online, when such conduct would not be permitted within their borders with traditional gaming or wagering. 38 Minnesota Attorney General Hubert Humphrey III has posted notice that Internet gambling within the state is illegal and included his intention to pursue violators. 39 Although states traditionally regulate gambling, this paper will focus upon federal regulation of gambling on the Internet because of the unique international and jurisdictional aspects of Net gaming. 40

Federal authority to regulate gambling is based upon its Commerce power under the Constitution. 41 Federal statutes generally allow states to decide what forms of gambling will be available within their borders, but restrict gambling that reaches Interstate Commerce. 42 Currently, there are no federal statutes that explicitly prohibit gambling over the Internet and it is uncertain whether existing statutes would apply. 43

The most pertinent existing federal statute is the Interstate Wire Act 44 , which prohibits a "person engaged in the business of wagering or betting" from using "a wire communications facility for the transmission in interstate or foreign commerce of bets or wagers or information assisting in the placing of bets or wagers on any sporting event or contest. . ." 45 The clear intent of the Act was to prohibit professional betting on sports events through the use of telephones across state lines. As a result, this would not prohibit casual bettors, nor would it prohibit other forms of gambling, such as casinos and lotteries. 46 Although the Act was not drafted with contemplation of the Internet, most agree that it at least prohibits professional sports books on the Internet. 47

Another relevant statute is the general Conspiracy statute, 48 which makes it a crime to conspire to commit a crime. Federal law enforcement officials have used this statute to prosecute U.S. citizens running offshore sports books in the Caribbean, charging them with conspiracy to violate the Interstate Wire Act. 49 These Acts, as well as others, may be successful in prohibiting some forms of online gambling, but harbor some uncertainty.

Due to these deficiencies in current statutes, Senator Kyl of Arizona has proposed the Internet Gambling Prohibition Act (the "Act") in the 1997 and 1998 sessions of Congress. The most current version of the Act passed the Senate by a 90-10 vote on July 23, 1998 and was attached to the Department of Commerce appropriations bill. 50 It was withdrawn from the final 1999 Omnibus Spending Measure due to time constraints, but is planned to be reintroduced next year. 51 The bill, in its most recent version, would have created a new section 1085 in the Interstate Wire Act and prohibited almost all forms of Internet gambling. 52 It would have authorized criminal penalties against site owners 53 and casual bettors, 54 as well as injunctive relief against those gambling businesses. 55 As well, Internet Service Providers ("ISPs") whose service is used by bettors or gambling sites in violation of the Act are subject to injunctions requiring the termination of those accounts 56 or any other relief "technically feasible." 57

Despite the attempts of Congress to explicitly address Internet gambling in the Internet Gambling Prohibition Act, it is likely they will prove unsuccessful in their enforcement as currently drafted because of the nature of the Internet. The Department of Justice has indicated that it has no intention of pursuing individual gamblers, 58 although penalties are available under the proposed Act. 59 The prosecution of gambling sites appears to be the goal of the Act, but this course of action is wrought with difficulties since most of these businesses are (or will be) conducted outside of national borders, implicating the extraterritorial jurisdictional issues discussed below.

D. Jurisdiction

As stated earlier, the Internet allows data to freely travel between states and between nations. Indeed, the Internet knows no borders. 60 Whether federal law can effectively prohibit online gambling is dependent upon jurisdiction. Because of the threat of criminal liability in the United States, most gambling site operators have located outside of the U.S. and some have changed their citizenship. 61 As a result, any attempts to regulate Net gaming will be limited by extraterritorial jurisdiction and principles of national sovereignty, since the foreign nations where the sites are located have either licensed the sites or operate them directly. 62 In these situations, application of American law would directly conflict with those of the nations where the gambling operations are legal.

The principles of international law and jurisdiction are difficult and unclear. The one aspect that is clear is that the U.S. will have jurisdiction over its own citizens, including those abroad. 63 However, in order to prosecute a foreign operator in another country, the United States must first assert that its law will be applied extraterritorially. 64 The proposed Internet Gambling Prohibition Act, as currently written, does not state that it will be applied extraterritorially. 65 Under current circumstances, the Act will be of limited effectiveness if it is not given extraterritorial effect.

Assuming that the Act is intended to be applied against foreign operators, enforcement would require that foreign authorities arrest and release the accused individual(s) to the United States. 66 International custom generally requires compliance with a formal extradition treaty between the countries. 67 American extradition treaties generally have the following characteristics: "reciprocity, a [formal] treaty, dual criminality, the political offense exception, specialty, and procedural requirements." 68 The most relevant characteristic for this discussion is that of dual criminality, which simply requires that the act be a crime in both countries. 69 All American extradition treaties include this requirement. 70 Assuming that the online gambling operation is legal in the foreign country where it is being operated, it is unlikely that those individuals will be subject to extradition for violation of U.S. gambling laws.

Another basis for extradition is the notion of comity. Comity is a "discretionary doctrine," where courts honor the decisions of those in another country for reasons of "diplomatic etiquette" rather than as a legal obligation. 71 Requests of this nature are rarely made, and Congress has required that "there must be a treaty or convention" in order to extradite a U.S. citizen to another country. 72

The only other manner in which the U.S. could seek to obtain the removal of a foreign operator for trial in American courts under established legal principals is by forcible removal. 73 This would entail the capture and abduction of the accused gambling operator by American agents. Courts have upheld personal jurisdiction over criminal defendants physically brought into the United States. 74 However, it seems unlikely that the U.S. government would authorize such actions, since the seriousness of the crime does not seem to be sufficient to warrant such an aggressive use of power.

Since the United States will likely lack the power to enforce any federal gambling prohibition against foreign operators, the Internet Gambling Prohibition Act or any other laws will be of little consequence in regulating online gaming. A Department of Justice spokesman has been quoted stating, "‘If the casinos are outside the United States, there’s not a thing we can do about it. . .’" 75 Even if foreign countries complied with American requests to respect Internet gambling prohibitions, there may be negative consequences. An attorney for the Justice Department has indicated that the U.S. must then be willing to act upon foreign requests for assistance regarding conduct that may be completely legal or Constitutionally protected in the United States. 76 As a result, Internet gambling operators who remain outside of U.S. borders and do not have any assets in America will be effectively outside of the American legal system, only subject to arrest if they travel to the U.S. 77

Because of these legal and practical difficulties, many commentators have conceded that a federal prohibition on Net gaming will be ineffective and have suggested alternative approaches. Suggestions range from seeking foreign or international regulation of gambling sites, 78 to an international convention for extradition addressing computer crimes, 79 to self-regulation by users. 80 Having addressed the problems of attempting to regulate or prohibit Internet gambling, this paper will attempt to elucidate in the remaining sections how the federal government could implement effective online gambling legislation through the use of technological tools. Instead of "throwing in the towel" or passing a law that would be primarily symbolic, legislators should thoroughly examine other means which may be more successful.

III. The Code of Law or the Law of Code?

So far I have examined the problems which Internet gambling presents for traditional conceptions of regulation. The obvious question that presents itself is whether this forecloses all attempts at effective governance on the Internet. In the absence of a central international governmental body, which would destroy nation sovereignty anyway, is it impossible to regulate conduct on the global network? Does the acceptance of this emerging technology effectively inhibit a nation’s traditional areas of control in the physical world with respect to all areas of presence in the virtual world? In other words, is the only manner in which a government can maintain control limited to refusing participation on the Internet (if this is even possible for those nations that have embraced the technology)? If so, then nations must forsake the benefits for the Internet in order to control its negative aspects.

Rather than accepting defeat, some academics have proposed a different theory, which requires a reconceptualization of the traditional means of regulation. In the physical world, law is primarily concerned with control within a particular set of geographical borders. 81 This relationship is based upon a link between physical boundaries and considerations such as power to exert control over that area, the effects of law within that territory, the legitimacy of control over that space, and the ability to provide notice of which legal rules apply within that boundary. 82 However, since the Internet is ajurisdictional, it undermines the relationship between borders and law. Global data traffic destroys this connection, by eliminating these considerations. States no longer have control over what occurs within their boundaries. The effects of online actions may not occur within those areas. A sovereign’s legitimacy within those borders is weakened, since there is no ability to control what actions occur on the Internet within that physical space. Finally, there is no notice on the Net that boundaries have been crossed and different legal rules may apply. 83 As a result, a new system of rules needs to be considered and traditional conceptions should be questioned.

One writer has argued that there are four different types of constraints on human behavior. 84 So far, I have only been concerned with one, that being the use of law to restrict Internet gambling. 85 However, this is not the only manner in which behavior can be regulated. Social norms can restrict behavior. 86 One may not desire to participate in an online gaming site if they were concerned how others might view them. However, because Internet gambling can be accessed from the privacy of one’s home, the individual may be able to limit others’ knowledge of their participation and eliminate any stigma attached to gambling. A third form of constraint is the market. 87 The costs associated with gambling may limit an individual’s access. However, these costs are not necessarily specific to online gaming, since traditional forms of gambling have their own. Indeed, the Internet may reduce other costs, such as traveling expenses and hotel fees, if a customer had to travel to reach a casino. Instead, the user can access the online casino at any time from the comfort of their own home.

The final constraint is that of nature or architecture. 88 There are many examples that can illustrate this point. One cannot get from point A to point B walking faster than one could run. Similarly, one cannot get from the tenth floor of a building to the bottom without using the stairs, an elevator or a ladder.

Code or software is an example of the constraint of architecture in cyberspace. 89 Software defines what we can access and what we can see on the Internet. 90 Imagine a bouncer at your local pub. In order to enter, you must get past the bouncer. This typically involves showing an ID and paying a cover charge. These rules define your ability to enter this physical space. In the cyberspace world, code is the bouncer, or the "virtual doorkeeper." 91 Code sets the rules for your entrance into an area of the Internet. Indeed, the Net is only what the software allows it to be. 92

The use of code to determine rules or constraints is arguably more effective than others, such as law. Law is primarily an ex post constraint, i.e., its effect are usually apparent after a violation. Code differs because it can be applied ex ante. 93 It can assure greater compliance than law or other constraints, since it defines the environment in which one can participate. 94 As well, code is more adaptable to the rapid change of a highly technological world. As technology renders legal rules obsolete and archaic, code can be changed to accommodate new conditions, preserving or redefining the interaction between the user and the online world. 95

The use of code does not render legal rules obsolete. Certainly, private software programmers and ISPs could impose their own rules in the absence of government direction. However, nations can use code to supplement legal rules. In the area of Internet gambling, legal rules can indirectly prohibit online gambling through the direct regulation of code. 96 Thus, a sovereign can achieve greater compliance indirectly than with direct regulation on conduct. By utilizing code, a government can construct its own bouncer or "virtual doorkeeper" on the Internet, preventing its populace from entering areas that it desires to regulate or prohibit.

I think it is important to note that no constraint is absolute. For example, while gravity may be a constraint on my ability to leap tall buildings, it cannot prevent me from flying with the assistance of an aircraft. A wall may prevent me from spying on you directly, but cameras and wiretaps can supplement my lost ability to observe directly. The same principles apply online. No constraint of code is likely to be absolute. As one writer has stated, "hackers are special." 97 Because of their unique knowledge and skills, they may be able to opt out of any system of constraint imposed by code. 98 However, it is hard to imagine any constraints that are absolute. There will be some that can choose whether to participate in such a system, but from a systemic perspective, code may provide for a more efficient, more effective means of controlling behavior on the Internet.

Obviously, legislators need to comprehend that traditional means of regulation are not applicable in a borderless online world. Legal, social and market constraints are less effective in the electronic world of the "Virtual Superhighway." The current version of the Internet Gambling Prohibition Act shows promise that the Congress is beginning to recognize this new conceptualization of regulation. For example, one of the considerations for a court to consider in a request for injunctive relief against an ISP is whether an "injunction to prevent a violation [of the Act] by a gambling business . . . outside the United States . . . is more burdensome than taking comparably effective steps to block access to specific, identified sites used [by the gambling business]. . . . " 99 Additionally, the Act would require the Secretary of Commerce to submit a report within three years after enactment, including "an analysis of existing and potential methods or technologies for filtering or screening transmissions in violation [of the Act] that originate outside of the territorial boundaries of any State or the United States. . . ." 100 These provisions indicate that the federal government has begun to contemplate the use of code as an effective tool of enforcing legal rules in cyberspace.

Equally important, the Supreme Court has acknowledged that code may be useful in "zoning" cyberspace. Justice O’Connor, joined by Chief Justice Rehnquist, wrote a separate opinion in Reno v. ACLU, in which she cited Lawrence Lessig for the proposition that it is possible to create borders in cyberspace through code, which could then be used to zone adult material into a separate sphere. 101 Although she found the technology lacking at the existing moment, "the prospects for the eventual zoning of the Internet appear promising." 102

Depending upon your perspective, this slow recognition by government leaders of the potential use of code in establishing behavior is either long awaited or disturbing. "At some point, legislators will recognize the role of software and discover that software can be employed to . . . make access to . . . resources cumbersome." 103 This recognition will be essential in order to regulate online behavior. The following sections will attempt to elucidate current or potential technological tools that could accomplish this goal of prohibiting Internet gambling in the United States.

IV. The Virtual Doorkeepers: Digital Certificates

A. Background

One of the promising features of the Internet will be the extent to which commerce ("E-commerce") will take place in the virtual world. The benefits are readily apparent. Customers can shop from their computers, viewing products and placing orders online. For example, if you wish to send flowers to a certain person, you can either go to a flower shop and choose an arrangement or place an order with a telephone call. The disadvantages are that you must either take the time to travel to the store, or place a verbal order without being able to view the assortment of arrangements. Of course, if you know what you want to send, such as a dozen long-stem roses, then these negative aspects aren’t as relevant. However, a potential buyer can now access a flower shop online and view the various arrangements and prices, and place the order with a few keystrokes. The benefits of saved time and cost are obvious. Our "virtual superhighway" has enabled you to travel to the flower shop and choose your product from your desk. 104

The same benefits are present for commercial exchanges between more sophisticated parties. Instead of traveling to your purchaser or supplier, contracts and orders can be negotiated online. Or negotiations can occur between multiple potential suppliers without having to travel to each separate location. E-commerce presents an opportunity for unparalleled convenience and time management. It is this promise that many hold for the future of the Internet.

However, in order to for E-commerce to proliferate, some inherent deficiencies of the Internet must be corrected: trust and confidence. 105 When two parties who have never met attempt to negotiate a transaction, they are not sure whether they are speaking with the actual parties. 106 Suppose I send an order to the flower shop by email. I might state, "Please send a dozen long-stem roses to _______ and bill my account. Thank you, Brian Glassberg." The store owner might know me personally, but they cannot be sure that the email they received is actually from me. Someone may have "spoofed" my name in the identifier of the email and had flowers sent to their friend, knowing that I had an account with the store owner. Numerous other possibilities are easily imaginable.

Code has stepped in to provide the trust and confidence that is arguably inhibiting the development of E-commerce. Private parties have developed means, through the use of cryptography, digital signatures and digital certificates, that seek to ameliorate these concerns. In the physical world, we have driver’s licenses and Social Security numbers that serve as means to confirm we are whom we claim to be. Code is attempting to translate those tools into virtual identification devices.

In order to understand digital ID’s, a brief review of cryptography is necessary. Cryptography, or encryption, is the use of algorithms that use mathematical "keys" to create ciphered text from plain text. 107 Thus, the ciphered or encrypted text cannot be read unless it is decrypted with a corresponding "key." The strength of the encryption is determined by the length of the keys — the longer the key, the more difficult it is to guess the key. 108 There are two types of cryptography: symmetric (or secret key) or asymmetric (or public key). 109 Symmetric key cryptography was the traditional means of encryption, requiring both parties to have the same key. In order to maintain secrecy, the key must be kept secure from others. 110 Thus, symmetric cryptography would not be available for a mass commercial market usage, since parties would have to keep multitudes of secret keys for every other party they dealt with.

The development of the asymmetric key system in the late 1970's solves this problem of distribution. 111 Public key encryption utilizes two distinct, but related keys for encryption. Either key can be used to encrypt or decrypt. 112 One key is the "public key," which can be freely distributed and given to anyone. The owner keeps the other "private" key secure. 113 Thus, if I want to create a secure line of communication with the flower shop, we can exchange our public keys. If I encrypt my order to the flower shop with my private key, then the flower shop can be assured that the message only came from me, because when they use my public key to decrypt the message, they know that the only key which could have encrypted the message was the owner of the corresponding private key. 114

The problem with asymmetric key cryptography is performance. The process can be time consuming to encrypt each entire message, especially if it is large. 115 For my email message requesting a flower delivery, I do not particularly care whether anyone can read it. Rather, the store and I are both concerned with a third party impersonating me and defrauding my account with the flower shop.

Digital signatures have developed to alleviate this problem, where identity is the concern and not necessarily secrecy. Remember, my unencrypted email message to the flower shop probably has my name on the header, and I might "sign" the message by writing, "Thanks, /s/ Brian Glassberg." The flower shop receiving this message would be concerned whether: (a) the request actually came from me or (b) depending upon my relationship with them, whether I may attempt to repudiate the order at some future point. In the physical world, the flower shop could ask to see my driver’s license to confirm my identity and require that I physically sign the purchase order.

Digital signature technology supplements these "real world" means of identification and non-repudiation, providing the trust and confidence that is currently lacking with E-commerce. 116 To attach a digital signature to an unencrypted message, a software program reviews the message and creates a "hash" or digest of the text. This hash is encrypted by the sender’s private key, along with the digital signature, and appended to the bottom of the message. 117 When the flower shop receives my request, they run their own digest program of the same message. The sender’s public key is used to decipher the message and the hashes are compared. If the digests are the same, the flower shop can be assured that the message has not been altered, since any changes would have created a different hash. As well, the digital signature could have only been encrypted by the holder of the private key, authenticating that the request was sent by me. 118

There is one final piece to the puzzle: how does one know if the pair of keys actually came from the person they claim to be? For example, if someone wants to impersonate me at the flower shop, they could create a pair of asymmetrical keys and send the public key to the flower shop and any other business, claiming to be me. 119

This problem is addressed through the use of digital certificates. A digital certificate "is a digitally signed statement by a [third party] that provides independent confirmation of an individual proffering a digital signature." 120 The third party is usually referred to as a Certificate Authority ("CA") or Trusted Third Party ("TTP"), whose business is to certify the association of a public key with a particular individual. 121 Generally, I would create my key pair and send my public key to the CA. Depending upon the level of scrutiny the CA applies for the certificate I requested, the CA verifies who I am and creates a certificate. This certificate contains my public key and provides information about the holder of the matching private key. The CA then applies their own digital signature to the certificate. 122

Thus, when I wish to distribute my public key, I simply send the digital certificate to the flower shop which contains the key. They can then examine the certificate to confirm that I am the owner of the key and rely upon the CA’s representation that I am the owner. 123 Of course, then one may wonder why the CA should be trusted. CA’s could certify each other to provide further assurance, but ultimately, we must trust one party. The CA’s reputation for authenticity is the foundation of its business, which will provide the incentive to confirm the accuracy of their certification. 124 Similarly, government could provide an additional incentive through the limitation of liability for inaccurate certifications, provided they comply with certain procedures. 125 Within this framework, digital certificates provide the basis for determining some identifying characteristics of users, which will not only assist in fostering the widespread development of E-commerce, but may also provide a means for regulating access to Internet sites which violate laws in the jurisdiction where the user is present, but not in the jurisdiction of an offending web site.

2. Applying Digital Certificates to Governmental Regulation of Internet Gambling

The technology described herein may be one means in which governments could apply their traditional forms of regulation within territorial borders to the seemingly borderless world of cyberspace. The use of digital certificates can promote the facilitation of a digital driver’s license, which site owners could use to determine the eligibility of their visitors to view or participate on the site, based upon the visitor’s age, citizenship, or other criterion.

An example is currently available with regard to pornography. Adult verification systems are available on the Internet, such as Adultcheck. 126 An adult can receive an identification number from this service by providing a credit card number and paying a nominal annual fee. Since a credit card cannot be issued to an applicant unless that person is at least eighteen years old, this service can rely upon the valid credit card as proof of age. Site owners also sign up with the service for free and place a link to the Adultcheck screening service on the front page of their web site. 127 Thus, when someone attempts to enter their web pages, they can only enter if they have successfully entered their Adultcheck identification number. The owner of the site can therefore protect himself against providing materials that would not be suitable to minors. 128

Digital certificates can provide a similar means to identify an individual to gambling sites, in much the same manner that a credit card suffices as proof of age for adult verification services. Upon a "hit" from an Internet user, the gambling site owner could have his site query a request for a digital certificate from the person accessing the site. Software could be designed to scan the certificate to make sure the person is not a United States citizen (or a citizen of any other country which seeks to prevent online gaming). 129 The certificate could provide various types of information, such as geographic location, age, name, etc. 130 Indeed, digital certificates received from a reputable TTP may provide greater assurance to the web site with pornographic materials than would the current adult verification services.

Naturally, this "solution" to the identification problem on the Internet assumes a good deal. First, digital certificates are not widely used by Internet users at the moment. However, all indications are that some type of digital signature and certificate regime will be prevalent in the future. Banks are beginning to serve as CA’s, issuing certificates to their customers as greater security for online banking transactions. 131 Software companies are marketing digital certificate software to large companies, which would allow these businesses to offer them to employees and customers for Internet transactions. 132 Other companies, such as Verisign, are offering digital ID’s to consumers directly. Currently, one can get a Verisign Class 1 digital ID for $10 annually, which simply verifies the email address of the applicant, or a Class 2 digital ID for $20 annually, which "authenticates your name and personal identity." 133

It is not unreasonable to presume that governments could serve as CA’s themselves. For example, each state could use its Department of Motor Vehicles offices to serve as CA’s, in much the same way that driver’s licenses are currently issued. In fact, driver’s licenses and passports could possibly be replaced by "smartcards," which are cards that contain a microprocessor. 134 These cards could store everything from health records, to electronic cash, to personal identification and access, to digital certificates and digital signatures. 135 Indeed, Verisign has announced that it will be bundling its Class 1 digital ID’s with smartcards, calling them "digital driver’s license[s]." 136 Certainly, it is possible, if not likely, that digital identifications will be the norm in the future, although that is not the case currently.

A much larger assumption is whether gambling sites would be willing to screen for citizenship and limit access of participants. Some sites have stated that they will voluntarily refuse wagers from American citizens if Congress passes the Internet Gambling Prohibition Act. 137 Many sites claim to have already refused to offer service to American bettors. 138 Despite these statements by gambling operators, there is no manner in which they can be enforced. For example, a gambling site in Pennsylvania reached an agreement with the Missouri Attorney General’s office to refuse applications from Missouri residents until the date of a scheduled preliminary hearing. However, the site continued to accept applications after the agreement. 139 There is no reason to assume that offshore casinos, outside of U.S. jurisdiction, would be any more willing to sacrifice profits from American bettors. 140

A body that may be able to enforce or persuade offshore gambling operators to screen for citizenship is a self regulating organization, such as the Interactive Gaming Council (formerly the Interactive Services Association). This is a trade association of electronic gambling operators which is trying to implement a self-regulatory association until an international regulatory body is created. 141 Members have adopted a Code of Conduct, which states in relevant part that, "IGC members shall use their best efforts to obtain any binding legislative or judicial determinations which prohibit or limit operation in another jurisdiction and shall abide by those limitations to the greatest extent technically feasible." 142

By assisting voluntary organizations in developing technological tools to screen for citizenship, governments could indirectly prevent access to those gaming sites. Although site owners could request a FAXed copy of a driver’s license or some other identification, this is both burdensome and unreliable. Thus, code could be used to develop screening software that would require digital certificates from reputable CA’s, which the site owners could employ on their web pages. Similarly, it may be possible to develop a centralized system similar to an adult verification service, which could be controlled by a trade association such as the IGC and with links made available to site owners. Funding and software assistance by nations against online gaming would provide an additional incentive.

This situation could similarly apply through international regulation, either in bilateral or multilateral agreements with nations that license Internet gambling sites. This arrangement may be the most favorable to all parties involved. It respects the sovereignty of both the nation licensing gambling sites, as well as the state seeking to enforce its online gaming prohibitions within its borders. 143 Countries that license such businesses would regulate their operations, requiring them to block access to the site by citizens of countries where prohibitions exist. 144 Technical and monetary assistance would encourage a more complete implementation worldwide.

Unfortunately, there are many problems with both the trade association and international model of screening for citizenship. First, as discussed earlier, digital certificates are not widely used currently. This would require all legal customers to obtain these digital ID’s before they could access their gambling site of choice. As a result, gambling operators are likely to suffer a revenue shortfall in the short term as their customers obtain their ID’s and lose some of their customers permanently due to consumer lethargy.

More importantly, there is a strong incentive toward regulatory arbitrage, i.e., gambling operators will attempt to evade regulatory schemes that are more burdensome than others. 145 Membership in a trade association of online gambling operators is not mandatory. Some nations where gambling operations are based do not regulate those businesses, such as the Dominican Republic. 146 As such, citizens that are prohibited from gambling online could simply seek out those that do not conform to the screening models. Businesses will have incentives to elude such regulation, since there will be less competition for American bettors and others that would be denied access, which may bring increased profits to those owners who will provide access to those customers.

Even if such controls could be implemented at all Internet gambling sites, it is likely that a black market would emerge for "fake" digital certificates, much as there is among underage drinkers in the United States. If screening services tried to discriminate among Certificate Authorities, then there will be problems in deciding which CA is valid and which is not. This could be further compounded if the nefarious or careless CA is the nation itself in which some gaming sites are operated. It would be difficult, if not impossible, to persuade that country to require effective screening if the identifications which it sells are less than certain.

Digital certificates, as a form of digital identification, could assist in strengthening national borders on the global Internet. Nations and their traditional forms of regulation could coexist on the Virtual Superhighway without offending traditional notions of sovereignty. However, their success is primarily dependent upon voluntary acceptance and implementation by countries where offending sites are located. Ultimately, this is a prisoner’s dilemma on a global level. Every nation is better off if each nation’s laws could be respected on the Internet, but there is an incentive for countries to defect. The result is regulatory arbitrage or a "race to the bottom." Although this is arguably the ideal model philosophically for regulating online gaming with code, other schemes must be considered if such regulation is to be effective.

V. The Virtual Doorkeepers: Filtering/Blocking

The weaknesses in attempting to regulate Internet gambling sites located outside of the United States territorial borders are apparent. Although law enforcement officials could certainly shut down domestic sites operated in violation of existing laws (or under the proposed Internet Gambling Prohibition Act), they are generally powerless to proscribe gaming operators abroad. Any potential solutions, such as the extraterritorial application of American gambling prohibitions or the screening of bettors based on citizenship, will depend upon cooperation with other nations and private gambling businesses, whose interests are likely to differ with those of the U.S. government. 147

The decentralized nature of the Internet allows for the efficient transmission of data across packet-switched networks, but also inhibits any attempts for centralized controls. Instead of attacking the source of harmful or illegal materials, efforts have focused on preventing the receipt of those sources. This process is generally referred to as filtering or blocking and may be implemented in a variety of ways.

The following section will describe how these technologies work and attempt to illustrate how they may be utilized by government regulators as a means to enforce Internet gambling prohibitions.

1. User-Based Controls

"Internet filtering software is hot . . . [and it] is here." 148 Since the Supreme Court struck down the Communications Decency Act in Reno v. ACLU, 149 filters have captured the attention of both critics and supporters. Notably, this focus is primarily on restricting access to "inappropriate" or "harmful" materials by children, while preserving both the freedom of adults to view this material and the freedom of others to freely express themselves online. 150

However, the concept could be similarly adopted for Internet gambling. 151 Thus, filtering could provide a way to prospectively prevent violations of Net gambling laws, while respecting the rights of other nations which seek to allow such web sites. In this way, code is the "virtual doorkeeper" for American citizens, even if they don’t realize it. Users could query a request to an offshore gambling site, but that site would be checked by the "doorkeeper" before it was allowed to communicate with the user.

There are different types filters that could be installed on a computer, but the premise for all of them is the same — they allow some content to pass through and they block access to other content, which is determined by some selection criteria. The software can be configured to be more or less restrictive, depending upon the user’s choice. 152 Thus, the program can either use a "whitelist," where the only Internet pages that can be viewed are those specifically enumerated in the database, or it can use a "blacklist," allowing access to all sites, except for those prohibited in the software profile. 153

The "objectionable material" that is blocked or filtered is determined by differing methods. Older or "first generation" versions simply contained an enumerated list of URLs (Uniform Resource Locators) to be blocked, which could be updated with periodic downloads from the software manufacturer. 154 The problem with such lists is that the incredible expansion and growth of the Internet reduces the efficacy of such lists. 155 Newer versions of blocking programs include "keyword" searches or variants that employ "intelligent phrase filtering," 156 which blocks those sites containing the offending words in their pages. The shortcoming of filters that block based on keywords is well documented in the press and academic literature. For example, a site containing information about a child’s soccer club was blocked because it contains the words "boys 12 and under." 157

Since filters are marketed as parental control devices, they allow the user installing the software to alter the restrictions, both by URL and keywords. 158 Further, adults can turn off the filter by entering a password, so that they can use the same computer to access blocked material at their discretion. 159

Besides their less than complete filtering capability, the software imposes additional burdens upon parents who seek to employ this form of child protection. The software requires an initial investment to purchase the software, which must then be installed on the system by the user. In order to keep pace with the ever-changing array of pages on the Internet, customers have to purchase "updates" of restricted sites and keywords from the manufacturers. 160 Of course, if the customer wishes to tailor their software, they must invest also time to review the databases of the filters and sites available on the Internet.

Returning to the discussion of Internet gambling, user-based software filters can be used to block access to the online gambling sites. For example, the Interactive Gaming Council has formed a cooperative partnership with SurfWatch, one of the leading software filter manufacturers, to ensure that filters block gaming sites from children. 161 Although filtering software is used to prevent children from accessing sites deemed "unsuitable" for them, the government could attempt to utilize this software to prevent bettors from gambling on the Internet.

Certainly, user-based software filters could inhibit access to gambling sites on the Internet. However, practical difficulties render this model ineffective. First, Internet users are not currently required to have such software on their systems. Those that wish to visit gaming sites could simply not install the software on their systems or use a terminal that does not have such restrictions. 162 Legislators could mandate that all new computers be equipped with such software, either on a standalone basis, or potentially embedded in the operating system. However, a crafty user could simply uninstall the filter or attempt to disable it.

Even assuming that blocking code could be included on all computers, there is still the problem of the evolving Internet. Gaming sites can change URLs and design their pages to evade keyword searches. 163 New sites will arise and will not be contained in the database of restricted sites. Thus, there must be some means to update the restricting databases in the filters. The software could have been programmed so that it automatically updates the restricted list of gaming sites. This would seem to raise some serious Constitutional concerns over due process and privacy. Whether the government could mandate that such information be added to each citizen’s computer without their consent would seem to violate these Constitutional principles. It would appear that all of these obstacles together may prove insurmountable and would undermine attempts to prohibit gambling with user operated filtering software.

An alternative to standalone filtering software is to employ the use of PICS, the Platform for Internet Content Selection, which is "a set of technical specifications that defines a standard format for rating labels describing materials available on the Internet and a standard mechanism for distributing those labels." 164 It is considered an alternative to the all-or-nothing blocking format of software filters and allows for individuals to customize what types of sites they wish to view on differing criteria. 165

PICS relies upon the use of labels to allow users to screen undesirable material. Prior to the development of this protocol, there was no common standard available for creating labels. 166 With PICS, different organizations can create labels for any site on the World Wide Web. Indeed, any particular web page may have multiple labels. 167 Rating systems attempt to provide standard categories and objective levels of content so that labels may be assigned in accordance with them. For example, the Recreational Software Advisory Council (RSACi) has developed its own rating system, which utilizes four categories (violence, language, sex, and nudity), within which there are five levels (0-5), depending upon the degree of content matching that category. 168 Any organization can rate web sites using RSACi’s system, another rating system, or they can devise their own. 169

A publisher of a web page can label the site in accordance with any labeling system. The label is then embedded in the web page itself, which can be reviewed by the screening software when that page is requested by a user. Third parties can also label the page and store them at a different server for distribution on the Internet. 170 Thus, if a parent is concerned that a publisher may under- or over- rate their own site, they can query or download labels from an organization they trust, such as the Christian Coalition. 171

The final step for the implementation of a PICS based filtering system is to define the filtering criteria, or what is known as the profile. If a parent was concerned about their children viewing sexual or violent materials, but not as worried about language, they could specify those filtering rules to be less or more tolerant. The rules, in accordance with the information provided by the label(s), determine whether the page will be blocked or not. 172 PICSRules is a language for expressing these profiles and could be freely distributed by different organizations. Therefore, if a parent did not want to specify the profiles for their children, they could download the profile from a trusted organization like the Christian Coalition. 173

The PICS system is only a filtering protocol; it needs to be implemented with PICS compatible software to work. 174 It is envisioned that PICS will be built into Internet browsers and will be widely available so that consumers can tailor their own filtering, although many standalone filtering products also incorporate its capabilities. 175 Browsers will be able to decode the labels, and if the label identifies a site as inaccessible under the PICSRules, the browser will then block it. 176 Microsoft has already built this capability into its Internet Explorer browser 177 and Netscape has followed. 178

As with standalone filtering software, the federal government could mandate that browser manufacturers incorporate mandatory PICS filtering for gambling sites within the browser. 179 Other filtering criteria, such as violence, etc., could remain at the option of the user. Indeed, it is likely that the browser could be designed to have gambling criteria enabled without the user even knowing. The criteria could be very simple: 0 if there is no gambling and 1 if there is gambling present on the site. Equally important, the browser would need to be configured to consult a government or government-sponsored labeling bureau to obtain the labels for gambling sites when a URL query is sent. Thus, the government could act as a third party labeling service for gambling sites, leaving individuals to tailor any other PICS compliant filtering options they chose. 180

The advantages of using PICS over other filtering techniques is that this system can be mandatory without requiring any assistance from the consumer. A government agency could monitor the Internet for offshore gambling sites and create or modify labels for these sites as necessary. Instead of relying on keyword searches or database updates, mandatory PICS filtering of gambling can be narrowly tailored and expedient. Although some gambling pages may "slip through the cracks" temporarily, the government would be assured of an opportunity to quickly respond once they became aware of such violation. Equally important, one of the major disadvantages for parents seeking to voluntarily filter content with PICS is the lack of available labels, which is not present when the government only seeks to label gambling sites, not the entire Internet. 181 Law enforcement must only keep track of gambling sites, which is not an easy task, but more realistic than a comprehensive labeling of the whole Internet.

The problem that undermines this model is that individuals can opt out of this regulation by simply installing another browser onto their computer. 182 Older browsers, such as ones currently available, are not configured for mandatory filtering of gambling sites with government labels. 183 A black market for browsers without the mandatory filtering would probably emerge. 184 Equally daunting is that browser manufacturers (whether domestic or a new foreign corporation) would likely provide "normal" PICS-compliant browsers in other countries, where there is no gambling prohibition. Copies of these browsers could be downloaded by American citizens and circumvent attempts to prohibit gambling online.

PICS is a promising approach to the problem of unsuitable content on the Internet. However, it too fails scrutiny when implemented through a user-based filtering system, as most other conceivable filtering techniques would, since the user will most likely have ways to circumvent the regulation. A determined bettor, without a high degree of technological sophistication, would be able to ignore gambling prohibitions. As a result, the next logical inquiry is to discern whether filtering can be employed at points on the Internet outside of the user’s control.

B. Server- or ISP- based Controls

Filtering or blocking remains a sound concept for regulating activity within national borders, without affecting enterprises that may be legal in other nations. The difficulty with imposing the regulation on users is that they can simply avoid using the restrictive code the government wants them to use. However, utilizing filters on ISPs can be more successful since compliance can be enforced to a higher degree. Users simply do not have the option of turning it off, removing it from their system, or using a nonrestrictive alternative. 185

ISPs can implement filtering on a broad scale by installing filtering software or PICS compliant programs upstream. 186 This requires the use of proxy servers, which many ISPs currently use. 187 Generally speaking, a proxy server serves as a buffer between local users of the ISP and other Internet servers and web sites. 188 All requests from ISP customers are directed through these servers, as are all incoming traffic from external web sites. 189 At this point, blocking software can examine the outgoing requests to review against a list of URLs to be blocked. If the request is allowable, the data traffic is sent on its way in the normal manner. 190 However, if requested URL is on the blacklist, then access is not allowed. 191 The proxy server could send a default response to the user that the page is blocked and not accessible, or simply relay the ever frustrating "Error 404" page. A clever ISP network engineer may program the response to be no response at all, allowing the user to wonder if there the foreign server is operating or not. In any event, the net result is that the would-be bettor cannot access the offshore gambling site.

Many businesses are marketing such a system to ISPs currently. For example, Cyber Patrol offers it software for integration with the proxy servers of ISPs and corporations. 192 Others offer installation of both software and proxy servers, which automatically update every day without burdening the ISP with such tasks. 193 Finally, some ISPs have already begun to offer proxy based filtering to their customers, marketing their ease of use, non-avoidability, and faster database updates which standalone software cannot. 194

PICS can also be implemented at the ISP level through the use of proxy servers. 195 For each URL request, the proxy server would simultaneously retrieve the document and also solicit a PICS module. The PICS module could contain labels stored locally or in its cache, or it could query a label from a third party labeling bureau. 196 The PICS module would then return an allow or deny access command to the proxy server, which would then provide the requested URL page or send another page indicating that the desired URL is blocked, not available, etc. 197 Indeed, the ISP could run the filtering software at the server level, but allow customers to decide what filtering criteria (PICSRules) will be applied. 198 One service has offered such a system which allows each customer of the ISP establish their own profile for URL blocking, which matches their assigned IP address upon login to their database profile. 199 As well, PICS compliant proxy servers are already available on the market. 200

One additional method in which filtering can occur at the ISP level is through the use of packet filtration on routers. Remember that the TCP/IP protocol is the common standard which allows the multitude of networks around the world to interact with each other, forming one "super-network," or what has become known as the Internet. IP, or Internet Protocol, is the universal addressing of computers. 201 Each host computer on the Internet is assigned a numeric IP address, which allows computers to locate and interact with other specific machines. 202 TCP is the Transmission Control Protocol. This protocol is responsible for splitting data in small pieces, called "packets." Each packet is identified with the recipient’s IP address on a header and is sent on its way. 203 Since the Internet is a distributed, packet-switched network, 204 each packet is "routed" toward its final destination in the most efficient path at that moment in time. Packets may take different paths to the recipient computer, the only requirement being that they all make it to their destination, at which point, they are reassembled into the original data and able to be used by the recipient. 205

Routers are computers with software whose purpose is to examine the header and direct the packet toward its final destination. 206 Most networks will need a router to communicate with other routers across the Internet. 207 Packet filtration is software for the router which creates filtering rules. It tells the router, in addition to directing traffic based on the IP header, to filter packets according to an unacceptable IP list. 208 If the packets, coming from the internal network, external servers, or both, contain IPs which are to be blocked, the router simply drops those packets and they do not reach their destination. 209 Packet filtration provides another means available to ISPs in which gambling sites could be blocked from access by users. 210

Each of these three alternatives for filtering at the ISP level have their own advantages and disadvantages. Not all ISPs have proxy servers installed on their networks, so packet filtration on routers may be the most "democratic" of all approaches, and since most ISPs will need routers to connect to the Internet, the costs are minimal. 211 As well, "[y]ou do not pay a performance penalty for packet filtering," since routers are optimized for these functions. 212

With these factors in mind, one might wonder why this approach has not been utilized already. First, packet filtration only filters IP addresses. 213 The IP address only identifies the machine, where as URLs can be much more exact and focus upon specific pages. Thus, packet filtration is a very "blunt" instrument, which could block many sites located on a machine which may or may not be targeted by the filters, 214 such as with virtual web hosts. Although I would presume that online gaming sites utilize their own dedicated servers to house their pages and to run the requisite software for the games and accounting, there may be situations where a gambling operator allows other valuable sites to operate on his server or he may post his pages with a virtual web hosting service.

The other difficulty with packet filtration is that programming filtering rules can be difficult, cumbersome and requires a high level of skill which some ISP operators may not possess. 215 A mistake could shut down the entire network (e.g., if the router is mistakenly programmed to deny all incoming packets from external hosts, etc.). Equally important, some routers have to be programmed manually or individually, which can be time consuming if the ISP has many routers. 216 There are some new products available that allow for simplified programming and centralized implementation to assist with these problems, but again, this would require an investment by the ISP. 217 In any event, these problems would inhibit an ISPs ability to respond to new sites that emerge or existing sites that can simply change or "spoof" their IP addresses.

Filtering with PICS compliant software or a simple URL exclusion list does have certain advantages over packet filtration which are important. First, since they are based upon URLs they can be much more precise in what pages are blocked. 218 Equally important, filters can be altered to account for evasion attempts much easier and more quickly. A list of blocked URLs could be downloaded nightly. PICS labels can be changed at a third party (government- sponsored) labeling bureau or can be downloaded into a local database on a regular basis.

Despite these advantages, there are two significant drawbacks: cost and performance. Installing proxy servers will entail significant costs in hardware and maintenance. These costs must be borne by ISPs, or more likely, will be shifted onto customers as a "value-added service." 219 Equally important, the use of proxy servers requires that all traffic be directed through them, creating a choke-point. Although these servers will be able to cache frequently accessed documents for local retrieval (as many corporate servers and ISPs already do), there will be some performance costs, depending on how the network is designed and the amount of traffic flowing through it. 220

From a policy perspective, some sort of blocking at the ISP level seems to be the ideal approach. Law can create the desired goal of restricting online gambling indirectly by directly regulating ISPs and mandating their use of code. Thus, an effective gambling prohibition act would "impos[e] liability on various network actors, and law may provide immunity or safe harbors for implementation of technical rules." 221 The government does not need to specify which form of filtering ISPs must use; rather, they can simply assist by locating the offending sites and allow ISPs to implement their filters as they wish. For example, a government agency, such as the Department of Justice, could establish a labeling bureau, which would post PICS compliant labels. The server could also list URLs and IP addresses, which could also be downloaded by ISPs or filtering software services. Finally, the government server could also be programmed to send the labels/IPs/URLs to ISPs on a regular interval, 222 supplemented with a digital signature to ensure authenticity.

ISPs have stated that they have the technology to block access to the gaming sites, but have vigorously protested any imposition of liability up to this point. America Online (AOL) has admitted that access could be blocked, although it would be a major burden, especially upon smaller ISPs. 223 However, ISPs can and do block "Spam" (unsolicited email), which is an equally onerous burden. 224

Critics of filtering online gambling sites note that this policy will not be effective, since URLs and IP addresses can be changed by offshore operators. Hence, this will only be a "cat-and-mouse game," 225 which would impose additional burdens upon ISPs if they had to police all of the sites passing through their networks. 226 These are both valid criticisms, which should be addressed by any policy imposing liability upon ISPs.

First, there is no way to prevent foreign operators from attempting to avoid blocking techniques, short of voluntary compliance. It is very simple to alter IPs addresses, domain names and directories or pages within web sites. However, the advantage of filtering at the server level is that these attempts at evasion can be quickly remedied through frequent downloads of URLs, IPs or labels, or by querying a government-sponsored labeling bureau. By making these updates at the ISP level, a greater percentage of compliance is available, since these changes will affect all of the ISPs users. Further, frequent changes to the location of the gambling site will create a disincentive for users to gamble at offshore gambling sites. If the user must deposit money up-front, they could be sufficiently worried about being able to locate the gaming site if it is blocked, or whether the foreign operator will simply acquiesce to the blocking of his site in the U.S., leaving the user without a means to obtain a refund.

Second, the liability imposed upon ISPs could provide a safe harbor for compliance, based upon whether the notice has been posted by the government at its servers. Thus, the ISP can escape liability by showing that it has attempted to filter only those sites the government has requested, not those which have escaped federal scrutiny. Obviously, if the ISP had the duty to screen all material which flowed through its network lest it suffer statutory penalties, it would find this impossible and might rationally decide that the cost is not worth the burden and shut down its service. 227 Therefore, the burden for policing the Internet should be shifted to the government, along with voluntary assistance from other organizations (such as anti-gambling groups or state attorney generals).

This model for Internet governance is not without its exceptions. Any user can opt of the system by dialing into an ISP which does not comply with the laws requiring filtration. Fines could be sufficiently high for ISPs that violate the laws as a deterrent. Similarly, the government need not police each ISP to ensure compliance. A few well-publicized prosecutions may encourage compliance.

Determined gamblers could still access sites blocked by their ISP by logging into a foreign ISP or into the gambling site directly. Indeed, there is no way to prevent all gambling, for if the user is sufficiently determined and willing to pay the additional costs, they will be able to escape the regulation. However, no prohibition is absolute, but this model poses a chance for higher compliance than with most laws.

For example, if state governments were determined to enforce speed limits, they could place a "speed trap" at every quarter mile interval. Of course, the costs would exceed the benefits from such a policy. Currently, states seem to rely upon highly visible stops of vehicles as a deterrent to others. We have all slowed down when we have approached a police officer sitting in a "speed trap" or pulling someone else over for a citation. However, if the governments were very determined, they could impose liability upon car manufacturers for not designing their automobiles to prevent drivers from exceeding fifty-five MPH (when that was the national limit). This would seemingly limit speeding on highways, but would come with increased costs to consumers. Such a policy is similar to filtering gambling sites on the "virtual superhighway." It too is not absolute, for a skilled mechanic could simply bypass such a mechanical limitation, just as a skilled Internet user could find a path around the regulation. But in both cases, most people would comply, which achieves a larger percentage of compliance than simply punishing offenders ex post.

Given the benefits of this model of regulation through the use of law and code, the final question is whether such a policy would be legal. The F.C.C. has not yet attempted to regulate ISPs and it is not certain whether it would have the authority to do so without explicit statutory authority. 228 The Interstate Wire Act provides some guidance, in that it allows law enforcement officials to order common carriers to terminate the service of a customer upon reasonable notice, when the service "is being used or will be used for the purpose of transmitting or receiving gambling information in interstate or foreign commerce in violation of Federal, State or local law. . . ." 229 This provision has been upheld against claims of unconstitutionality. 230

The Internet Gambling Prohibition Act, as currently drafted, only allows injunctive relief against ISPs when one of their customers is using their account in violation of the Act. 231 Thus, if a gambling site is located offshore, injunctive relief could only be sought if one of the ISPs’ customers is accessing that site and gambling in violation of the Act. 232 Further, that relief would not require other ISPs to block access to that same site, unless injunctive relief is also sought against them. With the costs and time to institute legal proceedings, these remedies will prove ineffective.

If the government follows the proposed model in this paper and seeks to impose liability upon ISPs for allowing access to gambling sites, the question remains whether the government must obtain a judgement or an injunction against each gambling site before it can request ISPs to filter access to that site. There would certainly be some due process implications if the government could deem a site "in violation" of its gambling prohibition, without notice and the opportunity to contest the allegations. However, attempting to prosecute foreign operators implicates the very problems with extraterritorial application of American laws discussed earlier. 233 Further, although gambling itself does not enjoy the same constitutional protections as other expressive conduct, 234 gambling advertisements are entitled to limited protection under the First Amendment for commercial speech. 235

The legal questions regarding any proposed model of Internet governance relying upon the use of code are difficult and will need to be resolved in the future. However, given the limitations of using traditional legal tools to regulate the Internet, these legal rules should be altered to the greatest extent possible (consistent with principles of freedom) if the nation is to remain a viable source of protection and regulation over its citizens in cyberspace. Otherwise, laws regulating Internet conduct, such as the proposed Internet Gambling Prohibition Act, will serve no purpose beyond providing notice that such conduct is illegal. Such notice may fall upon deaf ears, since it will be practically impossible to enforce such a prohibition without the enlistment of technological tools in the legal regime.

VI. The Virtual Doorkeepers: Other Methods

Although I feel that ISP-based filtering is the most viable means of regulating Internet gambling, other methods which could be used by a government to restrict access to Internet sites will be briefly addressed.

A. National Firewalls & Filtering on a National Level

Some governments, such as China and Singapore, have developed national firewalls or intranets to restrict what content flows through their borders. 236 The premise is the same as filtering with proxy servers at the ISP level: all traffic from inside or outside of the firewall flows between government proxy servers, where it is filtered using some type of filtration device. 237 As well, it is subject to the same problems as those that are present with ISPs: cost, performance, and evasion. Since all traffic entering and exiting its national borders flows through this gateway, there is a need for tremendous computing power, which would be especially prevalent in a country such as the U.S., where there is considerably more Internet traffic. Equally important, Internet performance has suffered considerably, so much so that it threatens the opportunities for economic potential on the Internet for those countries. 238 Finally, any user seeking to escape the firewall can simply obtain access by dialing into a network outside of the borders, 239 at the risk of punishment under national laws.

Certainly, the United States (or individual states) could attempt to create such a framework. However, the federal government has remained persistent in allowing the private sector to flourish on the Internet. 240 As well, the costs and infrastructure requirements would not seem to justify the benefits of restricting Internet gambling. Besides philosophical principles of freedom, the government could achieve the same result by imposing liability upon ISPs, which though burdensome, would be less intrusive and threatening than a national filter.

Similar to this approach, filters could be placed on domain name servers. As you will recall, domain names are the mnemonic equivalent of numeric IP addresses. 241 When a web site is sought by the user, such as a page within "," the request is sent to the primary DNS server. 242 If that server contains the matching IP address within its database, the request is returned to the user. Otherwise, it is forwarded to a "root" server, where it proceeds through the DNS hierarchy until the IP address is located. 243

Filters could be placed on these servers, or through proxy servers, where they could refuse any request for sites that are in violation of the gambling prohibition. As with national firewalls, this approach is subject to limitations of cost and efficiency. However, there are additional problems with evasion. First, a user could simply input the numeric IP address into their browser instead of the domain name. The domain name’s purpose is only for ease of use; it is not required to connect to another site. Second, a user can simply designate her primary DNS server with one that is not subject to filtration without much difficulty. 244 Although this arrangement may frustrate the efforts of some would-be gamblers, it is not very difficult to opt out of the regulation. Thus, in order for this system to be very effective, some other form of blocking must accompany it, such as a national firewall or filtering at the ISP-level, which would seem to defeat the purpose of filtering DNS servers.

2. Illegal Means

Finally, perhaps the most cost-efficient method for the United States to limit access to foreign gambling sites would be to destroy them, not with guns and bombs, but with code, in the form of viruses or some other harmful program. Surely, this would be illegal and offends all notions of justice, but it is certainly a possibility. Government officials could simply target those sites that refuse to screen U.S. citizens from their sites. I presume that an experienced hacker could introduce a virus upon the offending site’s servers, which would disrupt or prevent the gambling service from operating on that machine. Of course, I do not advocate such an approach, but it would be an interesting solution because it would be cost effective, efficient, and targeted against a specific offender. Despite these benefits, it is doubtful that such events would occur under government sponsorship, or at least I would hope.

VII. Conclusion

As the twenty-first century quickly approaches, the Internet continues its amazing growth and is quickly securing a dominant presence in everyday life. The benefits which accompany this technology are astounding. A wealth of information and services unparalleled in history are now at the fingertips of everyone with access to the Internet. Businesses, governments and individuals are rushing to secure their own position on the "Information Superhighway."

However, within this panoply of advantages and efficiency lies the burdens which accompany this technology. Many activities that are illegal in the physical world are attempting a resurgence in the virtual world. Online gambling is one of the burgeoning industries which threatens a government’s ability to protect and regulate its citizens. The advantageous technological aspects of the Internet are also those which inhibit attempts to control behavior upon it.

As I have attempted to elucidate, traditional legal and legislative mechanisms are not suited for regulation in cyberspace. The power which a state can exercise within its borders is not easily accommodated in a space where there are no corresponding boundaries, such as the Internet. In a global networked environment, regulatory arbitrage thrives since there is an incentive for illegal behavior to migrate to less restrictive regimes without any significant additional costs. Although Congress has not yet passed the Internet Gambling Prohibition Act, such behavior has already occurred as online gaming operators have located in other nations that sanction or promote such activity. From the picturesque environs of the Carribean, many Internet gambling site owners solicit business from American citizens without a realistic threat of prosecution by United States law enforcement.

Law could attempt to keep pace with technology, perhaps by creating agreements with other nations for enforcement of domestic laws on the Internet. However, there are inherent difficulties in following this path. Certainly, there will be a large time-lag between the emergence of the prohibited activity and the agreement to enforce that regulation abroad. More importantly, some nations may refuse to honor such requests, desiring instead to receive the economic benefits from allowing such activities to be based within their physical borders.

Instead, law should co-opt technology for its own purposes, using it to enforce policies which it cannot easily do otherwise in a virtual, networked environment. In this framework, code becomes the law. It defines what is possible and what is not. Indeed, code is preferable to law as an enforcement mechanism, by enforcing appropriate behavior ex ante instead of relying upon ex post punishment.

This approach is not unprecedented. Congress has adopted technological enforcement mechanisms in other situations. The "V-Chip" legislation will allow parents to filter what their children may view on television, by requiring television manufacturers to incorporate the code into the television. 245 Copyrights are protected from infringement with digital audio recording devices by requiring that manufacturers install copying controls into the machines, seeking to dictate appropriate behavior ex ante. 246

Technology can fulfill a similar role in prohibiting online gambling. Digital certificates and filtering are two possible approaches for limiting access to Internet gaming sites by American bettors. Instead of attempting to punish bettors or operators, which is costly, difficult and ultimately ineffective, policy makers can institute a more successful constraint by removing access to those sites by U.S. citizens. Not only does this achieve the regulatory goal in an efficacious manner, it respects the rights of foreign nationals to conduct activities which are perfectly legal in their own jurisdictions. Equally important, code can be narrowly tailored and is flexible, allowing it to adapt to the ever-changing conditions present on the Internet.

Code is the basis of the Internet. It is what creates the Internet and all of its benefits and its burdens. Code has created this virtual space, which lives above and beyond the constraints of the physical world. If government desires to control activity which occurs in cyberspace, it must recognize the primacy of code and incorporate it. Otherwise, legislative acts such as the Internet Gambling Prohibition Act are likely to be a losing bet.


PROPOSED 18 U.S.C. 1085

Sec. 1085. Internet gambling

(a) DEFINITIONS- In this section:

(1) CLOSED-LOOP SUBSCRIBER-BASED SERVICE- The term `closed-loop subscriber-based service' means any information service or system that uses--

(A) a device or combination of devices--

(i) expressly authorized and operated in accordance with the laws of a State for the purposes described in subsection (e); and

(ii) by which a person located within a State must subscribe to be authorized to place, receive, or otherwise make a bet or wager, and must be physically located within that State in order to be authorized to do so;

(B) a customer verification system to ensure that all applicable Federal and State legal and regulatory requirements for lawful gambling are met; and

(C) appropriate data security standards to prevent unauthorized access.

(2) GAMBLING BUSINESS- The term `gambling business' means a business that is conducted at a gambling establishment, or that--

(A) involves--

(i) the placing, receiving, or otherwise making of bets or wagers; or

(ii) offers to engage in placing, receiving, or otherwise making bets or wagers;

(B) involves 1 or more persons who conduct, finance, manage, supervise, direct, or own all or part of such business; and

(C) has been or remains in substantially continuous operation for a period in excess of 10 days or has a gross revenue of $2,000 or more during any 24-hour period.

(3) INTERACTIVE COMPUTER SERVICE- The term `interactive computer service' means any information service, system, or access software provider that uses a public communication infrastructure or operates in interstate or foreign commerce to provide or enable computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet.

(4) INTERNET- The term `Internet' means the international computer network of both Federal and non-Federal interoperable packet switched data networks.

(5) PERSON- The term `person' means any individual, association, partnership, joint venture, corporation, State or political subdivision thereof, department, agency, or instrumentality of a State or political subdivision thereof, or any other government, organization, or entity.

(6) PRIVATE NETWORK- The term `private network' means a communications channel or channels, including voice or computer data transmission facilities, that use either--

(A) private dedicated lines; or

(B) the public communications infrastructure, if the infrastructure is secured by means of the appropriate private communications technology to prevent unauthorized access.

(7) STATE- The term `State' means a State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, or a commonwealth, territory, or possession of the United States.



(1) PROHIBITION- Subject to subsection (e), it shall be unlawful for a person knowingly to use the Internet or any other interactive computer service--

(A) to place, receive, or otherwise make a bet or wager with any person; or

(B) to send, receive, or invite information assisting in the placing of a bet or wager with the intent to send, receive, or invite information assisting in the placing of a bet or wager.

(2) PENALTIES- A person who violates paragraph (1) shall be--

(A) fined in an amount that is not more than the greater of--

(i) three times the greater of--

(I) the total amount that the person is found to have wagered through the Internet or other interactive computer service; or

(II) the total amount that the person is found to have received as a result of such wagering; or

(ii) $500;

(B) imprisoned not more than 3 months; or

(C) both.


(1) PROHIBITION- Subject to subsection (e), it shall be unlawful for a person engaged in a gambling business knowingly to use the Internet or any other interactive computer service--

(A) to place, receive, or otherwise make a bet or wager; or

(B) to send, receive, or invite information assisting in the placing of a bet or wager.

(2) PENALTIES- A person engaged in a gambling business who violates paragraph (1) shall be--

(A) fined in an amount that is not more than the greater of--

(i) the amount that such person received in bets or wagers as a result of engaging in that business in violation of this subsection; or

(ii) $20,000;

(B) imprisoned not more than 4 years; or

(C) both.

(d) PERMANENT INJUNCTIONS- Upon conviction of a person under this section, the court may, as an additional penalty, enter a permanent injunction enjoining the transmission of bets or wagers or information assisting in the placing of a bet or wager.


(1) IN GENERAL- Subject to paragraph (2), the prohibitions in this section shall not apply to any--

(A) otherwise lawful bet or wager that is placed, received, or otherwise made wholly intrastate for a State lottery or a racing or parimutuel activity, or a multi-State lottery operated jointly between 2 or more States in conjunction with State lotteries, (if the lottery or activity is expressly authorized, and licensed or regulated, under applicable Federal or State law) on--

(i) an interactive computer service that uses a private network, if each person placing or otherwise making that bet or wager is physically located at a facility that is open to the general public; or

(ii) a closed-loop subscriber-based service that is wholly intrastate; or

(B) otherwise lawful bet or wager for class II or class III gaming (as defined in section 4 of the Indian Gaming Regulatory Act (25 U.S.C. 2703)) that is placed, received, or otherwise made on a closed-loop subscriber-based service or an interactive computer service that uses a private network, if--

(i) each person placing, receiving, or otherwise making that bet or wager is physically located on Indian land; and

(ii) all games that constitute class III gaming are conducted in accordance with an applicable Tribal-State compact entered into under section 11(d) of the Indian Gaming Regulatory Act (25 U.S.C. 2701(d)) by a State in which each person placing, receiving, or otherwise making that bet or wager is physically located.

(2) INAPPLICABILITY OF EXCEPTION TO BETS OR WAGERS MADE BY AGENTS OR PROXIES- An exception under subparagraph (A) or (B) of paragraph (1) shall not apply in any case in which a bet or wager is placed, received, or otherwise made by the use of an agent or proxy using the Internet or an interactive computer service. Nothing in this paragraph shall be construed to prohibit the owner operator of a parimutuel wagering facility that is licensed by a State from employing an agent in the operation of the account wagering system owned or operated by the parimutuel facility.

(f) STATE LAW- Nothing in this section shall be construed to create immunity from criminal prosecution or civil liability under the law of any State.'.

(2) TECHNICAL AMENDMENT- The analysis for chapter 50 of title 18, United States Code, is amended by adding at the end the following:

`1085. Internet gambling.'.


(1) IN GENERAL- The district courts of the United States shall have original and exclusive jurisdiction to prevent and restrain violations of section 1085 of title 18, United States Code, as added by this section, by issuing appropriate orders.


(A) INSTITUTION BY FEDERAL GOVERNMENT- The United States may institute proceedings under this section. Upon application of the United States, the district court may enter a temporary restraining order or an injunction against any person to prevent a violation of section 1085 of title 18, United States Code, as added by this section, if the court determines, after notice and an opportunity for a hearing, that there is a substantial probability that such violation has occurred or will occur.


(i) IN GENERAL- Subject to subclause (ii), the attorney general of a State (or other appropriate State official) in which a violation of section 1085 of title 18, United States Code, as added by this section, is alleged to have occurred, or may occur, after providing written notice to the United States, may institute proceedings under this subsection. Upon application of the attorney general (or other appropriate State official) of the affected State, the district court may enter a temporary restraining order or an injunction against any person to prevent a violation of section 1085 of title 18, United States Code, as added by this section, if the court determines, after notice and an opportunity for a hearing, that there is a substantial probability that such violation has occurred or will occur.

(ii) INDIAN LANDS- With respect to a violation of section 1085 of title 18, United States Code, as added by this section, that is alleged to have occurred, or may occur, on Indian lands (as defined in section 4 of the Indian Gaming Regulatory Act (25 U.S.C. 2703)), the enforcement authority under clause (i) shall be limited to the remedies under the Indian Gaming Regulatory Act (25 U.S.C. 2701 et seq.), including any applicable Tribal-State compact negotiated under section 11 of that Act (25 U.S.C. 2710).

(C) ORDERS AND INJUNCTIONS AGAINST INTERNET SERVICE PROVIDERS- Notwithstanding subparagraph (A) or (B), the following rules shall apply in any proceeding instituted under this paragraph in which application is made for a temporary restraining order or an injunction against an interactive computer service:


(I) If the violation of section 1085 of title 18, United States Code, originates with a customer of the interactive computer service's system or network, the court may require the service to terminate the specified account or accounts of the customer, or of any readily identifiable successor in interest, who is using such service to place, receive or otherwise make a bet or wager, engage in a gambling business, or to initiate a transmission that violates such section 1085.

(II) Any other relief ordered by the court shall be technically feasible for the system or network in question under current conditions, reasonably effective in preventing a violation of section 1085, of title 18, United States Code, and shall not unreasonably interfere with access to lawful material at other online locations.

(III) No relief shall issue under clause (i)(II) if the interactive computer service demonstrates, after an opportunity to appear at a hearing, that such relief is not economically reasonable for the system or network in question under current conditions.

(ii) CONSIDERATIONS- In the case of an application for relief under clause (i)(II), the court shall consider, in addition to all other factors that the court shall consider in the exercise of its equitable discretion, whether--

(I) such relief either singularly or in combination with such other injunctions issued against the same service under this paragraph, would seriously burden the operation of the service's system or network compared with other comparably effective means of preventing violations of section 1085 of title 18, United States Code;

(II) in the case of an application for a temporary restraining order or an injunction to prevent a violation of section 1085 of title 18, United States Code, by a gambling business (as is defined in such section 1085) located outside the United States, the relief is more burdensome to the service than taking comparably effective steps to block access to specific, identified sites used by the gambling business located outside the United States; and

(III) in the case of an application for a temporary restraining order or an injunction to prevent a violation of section 1085 of title 18, United States Code, as added by this section, relating to material or activity located within the United States, whether less burdensome, but comparably effective means are available to block access by a customer of the service's system or network to information or activity that violates such section 1085.

(iii) FINDINGS- In any order issued by the court under this paragraph, the court shall set forth the reasons for its issuance, shall be specific in its terms, and shall describe in reasonable detail, and not by reference to the complaint or other document, the act or acts sought to be restrained and the general steps to be taken to comply with the order.

(D) EXPIRATION- Any temporary restraining order or preliminary injunction entered pursuant to this paragraph shall expire if, and as soon as, the United States, or the attorney general (or other appropriate State official) of the State, as applicable, notifies the court that issued the injunction that the United States or the State, as applicable, will not seek a permanent injunction.


(A) IN GENERAL- In addition to proceedings under paragraph (2), a district court may enter a temporary restraining order against a person alleged to be in violation of section 1085 of title 18, United States Code, as added by this section, upon application of the United States under paragraph (2)(A), or the attorney general (or other appropriate State official) of an affected State under paragraph (2)(B), without notice and the opportunity for a hearing, if the United States or the State, as applicable, demonstrates that there is probable cause to believe that the transmission at issue violates section 1085 of title 18, United States Code, as added by this section.

(B) EXPIRATION- A temporary restraining order entered under this paragraph shall expire on the earlier of--

(i) the expiration of the 30-day period beginning on the date on which the order is entered; or

(ii) the date on which a preliminary injunction is granted or denied.

(C) HEARINGS- A hearing requested concerning an order entered under this paragraph shall be held at the earliest practicable time.

(4) RULE OF CONSTRUCTION- In the absence of fraud or bad faith, no interactive computer service (as defined in section 1085(a) of title 18, United States Code, as added by this section) shall be liable for any damages, penalty, or forfeiture, civil or criminal, for a reasonable course of action taken to comply with a court order issued under paragraph (2) or (3) of this subsection.

(5) PROTECTION OF PRIVACY- Nothing in this section or the amendments made by this section shall be construed to authorize an affirmative obligation on an interactive computer service--

(A) to monitor use of its service; or

(B) except as required by an order of a court, to access, remove or disable access to material where such material reveals conduct prohibited by this section and the amendments made by this section.

(6) NO EFFECT ON OTHER REMEDIES- Nothing in this subsection shall be construed to affect any remedy under section 1084 or 1085 of title 18, United States Code, as amended by this section, or under any other Federal or State law. The availability of relief under this subsection shall not depend on, or be affected by, the initiation or resolution of any action under section 1084 or 1085 of title 18, United States Code, as amended by this section, or under any other Federal or State law.

(7) CONTINUOUS JURISDICTION- The court shall have continuous jurisdiction under this subsection to enforce section 1085 of title 18, United States Code, as added by this section.

(e) REPORT ON ENFORCEMENT- Not later than 3 years after the date of enactment of this Act, the Attorney General shall submit a report to Congress that includes--

(1) an analysis of the problems, if any, associated with enforcing section 1085 of title 18, United States Code, as added by this section;

(2) recommendations for the best use of the resources of the Department of Justice to enforce that section; and

(3) an estimate of the amount of activity and money being used to gamble on the Internet.

(f) REPORT ON COSTS- Not later than 3 years after the date of enactment of this Act, the Secretary of Commerce shall submit a report to Congress that includes--

(1) an analysis of existing and potential methods or technologies for filtering or screening transmissions in violation of section 1085 of title 18, United States Code, as added by this section, that originate outside of the territorial boundaries of any State or the United States;

(2) a review of the effect, if any, on interactive computer services of any court ordered temporary restraining orders or injunctions imposed on those services under this section;

(3) a calculation of the cost to the economy of illegal gambling on the Internet, and other societal costs of such gambling; and

(4) an estimate of the effect, if any, on the Internet caused by any court ordered temporary restraining orders or injunctions imposed under this section.

(g) SEVERABILITY- If any provision of this section, an amendment made by this section, or the application of such provision or amendment to any person or circumstance is held to be unconstitutional, the remainder of this section, the amendments made by this section, and the application of the provisions of such to any person or circumstance shall not be affected thereby.


1. See, e.g., Reno v. ACLU, 117 S.Ct. 2329, 138 L.Ed.2d 874 (1997) (striking provisions in the CDA prohibiting transmission of obscene or indecent communications to minors through an interactive computer service). A new attempt to regulate Net porn was recently signed into law on October 21, 1998, the Child Online Protection Act (dubbed the “CDA II” or the “Son of the CDA” by opponents), and will certainly be the focus of forthcoming debates on Internet regulation. Courtney Macavinta, What Congress Really Did, Oct. 23, 1998 (last visited Oct. 27, 1998) <,27903,00.html>.

2. For the record, I would like to state that I prefer a libertarian approach to this issue, i.e., individuals should make the choice whether they wish to partake in this activity and assume the risks inherent therein. However, since Internet gambling is less concerned with freedom of expression principles, it is much easier to illustrate the use of technological enforcement mechanisms for Internet regulation than with other issues.

3. The Internet Gambling Prohibition Act, discussed infra at Section II (B).

4. Kevin Werback, Digital Tornado: The Internet and Telecommunications Policy, OPP Working Paper No. 29, Mar. 1997 at 10. (last visited Oct. 29, 1998) <>.

5. Reno, supra note 1, 117 S.Ct. at 2334.

6. Michael A. Geist, The Reality of Bytes: Regulating Economic Activity in the Age of the Internet, 73 Wash. L. Rev. 521, 527 (1998).

7. Werback, supra note 4, at 17.

8. TCP/IP is more fully discussed infra at Section V (B).

9. Werback, supra note 4, at 17. See also Geist, supra note 6, at 528.

10. Geist, supra note 6, at 528.

11. Gayle Weiswasser, Domain Names, the Internet, and Trademarks: Infringement in Cyberspace, 13 Santa Clara Computer and High Tech. L.J. 137, 145 (1997).

12. Id.

13. For more information on registering domain names, please visit NSI at <> (last visited Oct. 1, 1998). The domain name registration process is currently being examined by the World Intellectual Property Organization (“WIPO”) in hopes of recommending an international, self-regulating solution to domain name disputes on the Internet. For more information, please visit WIPO’s Domain Process site at <> (last visited Oct. 29, 1998).

14. Packet-switching is different than circuit-switching, which is traditionally used in telephone networks. While circuit-switching requires a dedicated connection between both end points to transmit data, packet-switching does not. It is this feature that allows packets to circumvent routes where a connection is broken or heavily congested, requiring only that the packets reach the destination point, regardless of the route they take. Werback, supra note 4, at 17.

15. Id.

16. Id.

17. Geist, supra note 6, at 530.

18. For a concise time line of the Internet and its development, visit Hobbes’ Internet Time Line, (last visited Oct. 30, 1998) <>.

19. Geist, supra note 6, at 530.

20. See Lance Rose, Online Gambling: Killer App or Sucker Bet? (last visited Oct. 28, 1998) <>; New Things to Regulate: Internet Gambling Generates Gambling, Las Vegas Review-Journal, May 24, 1998 (last visited Oct. 17, 1998) <>.

21. Betting Money on the Web, N.Y. Times, Mar. 5, 1998 (last visited Oct. 17, 1998) <>.

22. Id. (“there are at least 140 such sites around the world”); See also, New Things to Regulate, supra note 20, (“mushroomed to more than 150 web sites”); In Focus: Regulating the Internet, USA Today, Sept. 23, 1998, (last visited Oct. 17, 1998) <> (“nearly 200 online sites . . . up from 15 just last year”). Note that these are estimates of actual sites on the Internet that offer gambling services online. Some estimates have ranged as high as 100,000 based upon searches in a search engine for web pages that mention “gambling.” Testimony of [New York] Attorney General Dennis C. Vacco to the Senate Standing Committee on Racing, Gambling and Wagering, Mar. 12, 1997 (last visited Oct. 22, 1998) <>.

23. Wendy R. Leibowitz, Senate Bans Most ‘Net Gambling: Many Bet on Poor Enforcement, Law Journal Extra!, Aug. 10, 1998 (last visited Oct. 17, 1998) <http://www.>.

24. Some web sites only provide “links” or directories of online gambling sites. See, e.g., Rolling Good Times Online (last visited Oct. 29, 1998) at <> or Where to Bet (last visited Oct. 29, 1998) at <>.

25. For an example, visit the Sportsfanatik (last visited Oct. 29, 1998) <>.

26. For an example, visit the Golden Palace Online Casino (last visited Oct. 29, 1998) <>.

27. For an example, visit the Interlotto (last visited Oct. 29, 1998) <>.

28. Claire Ann Koegler, Here Come the Cybercops 3: Betting on the Net, 22 Nova L. Rev. 545, 552 (1998).

29. I. Nelson Rose, Internet Gambling: Domestic and International Developments, SC91 ALI-ABI 131, 134 (1998).

30. Interwetten Sports Book (last visited Oct. 29, 1998) <>.

31. The site is run by a Liechtenstein government agency, the Interlotto. Their site is located at <>.

32. See generally, John T. Fojut, Ace in the Hole: Regulation of Internet Service Providers Saves the Internet Gambling Prohibition Act of 1997, 8 DePaul-LCA J. Art. & Ent. L. 155, 159 (1997); Mark G. Tratos, Gaming on the Internet, 3 Stan. J.L. Bus. & Fin. 101, 103, 111 (1997).

33. This line of argument is strictly focused upon the act of gambling. Certainly, there are sites that discuss gambling, such as, which do not offer the services to actually gamble.

34. See, e.g., Ziskis v. Kowalski, 726 F.Supp. 902, 905 (D. Conn. 1989) (holding that gambling patron had no due process property or liberty interest in gambling and no First Amendment right to associate with other gamblers).

35. U.S. v. Edge Broadcasting Co., 509 US 418, 426 (1993) (finding that federal prohibition on gambling advertisements did not violate the First Amendment). There is some uncertainty in the case law regarding prohibitions of gambling advertisements, since they must pass the Central Hudson test for regulation of commercial speech. See, e.g., Greater New Orleans Broadcasting Assoc. v. U.S., 69 F.3d 1296 (5th Cir. 1995), vacated 117 S.Ct. 39, 136 L.Ed.2d 3 (1996); Players Internat’l, Inc. v. U.S., 988 F.Supp. 497 (D.N.J. 1997). However, these rulings protecting gambling advertisements do not undermine a government’s ability to regulate the underlying conduct.

36. I. Nelson Rose, Gambling and the Law - Update 1993, 15 Hastings Comm/Ent. L.J. 93, 94-99 (1992). This article provides an in-depth examination of the history of government regulation of traditional forms of gambling, which is beyond the scope of this paper.

37. Koegler, supra note 28, at 552.

38. State of Minnesota v. Granite Gate Resorts, Inc., 568 N.W.2d 715 (Minn. Ct. App. 1997), aff’d 576 N.W.2d 747 (Minn. 1998) (finding that Nevada corporation, in association with Belizian gambling site, was subject to personal jurisdiction in Minnesota for deceptive trade practices, false advertising, and consumer fraud). See also, State of Missouri v. Interactive Gaming and Communications Corp., No. CV97-7808 (Cir. Ct. of Jackson Co., May 22, 1997) (granting permanent injunction against online gambling corporation in Pennsylvania, restricting the acceptance of wagers from Missouri residents) (available online at <>>).

39. Warning to All Internet Users and Providers, (last visited Oct. 17, 1998) <>.

40. The Florida Attorney General has supported this preposition, arguing that the federal government should step in to regulate Internet gambling. See Stephen Wilske & Teresa Schiller, International Jurisdiction in Cyberspace: Which States May Regulate the Internet?, 50 Fed. Comm. L.J. 117, 135 (1997). Although this paper will focus upon federal legislative and legal mechanisms, it is important to note that many of these could equally apply to state initiatives.

41. U.S. Const., Art. I, Sect. 8.

42. One exception is the Amateur and Professional Sports Protection Act, 28 U.S.C. 3701-3704, which prohibits State and Indian sponsored sports betting. States that had previously established sports books (Nevada) or lotteries based on sports events (Oregon and Delaware) were grandfathered. The constitutionality of this act has been questioned by some authorities. See Rose, Internet Gambling, supra note 29, at 144.

43. Anthony Cabot and Kevin D. Doty, Internet Gambling Report II, March 1, 1998 at [10] (last visited Oct. 17, 1998) <>.

44. 18 U.S.C. 1084 (1998).

45. 18 U.S.C. 1084 (a) (1998).

46. Scott M. Montpas, Gambling On-Line: For a Hundred Dollars, I Bet you Government Regulation will not Stop the Newest Form of Gambling, 22 U. Dayton L. Rev. 163, 180-181 (1996).

47. See, e.g., id.; Cabot, supra note 43; Rose, Internet Gambling, supra note 29, at 143-144; Tratos, supra note 32, at 104-105.

48. 18 U.S.C. 371 (1998).

49. Benjamin Weiser, U.S. Charges 14 With Online Sports Betting Operations, N.Y. Times, Mar. 5, 1998 (visited Oct. 17, 1998) <>.

50. See, e.g., Leibowitz, supra note 23.

51. See, e.g., Macavinta, supra note 1; Kyl Bill Pronounced Dead for the Year, Oct. 20, 1998 (visited Oct. 22, 1998) <>.

52. H.R. 4276, Department of Commerce, Justice, and State, the Judiciary, and Related Agencies Appropriations Act, 1999 (Engrossed Senate Amendment). A copy of the proposed Act in its most recent formulation is attached as Appendix A.

53. Proposed 18 U.S.C. 1085 (c).

54. Proposed 18 U.S.C. 1085 (b).

55. Proposed 18 U.S.C. 1085 (d) and ([g])(2).

56. Proposed 18 U.S.C. 1085 ([g])(2)(C)(i)(I).

57. Proposed 18 U.S.C. 1085 ([g])(2)(C)(i)(II).

58. See, e.g., Peter Lewis, Can Lawmakers Control Online Gambling?, N.Y. Times, Sept. 22, 1997 (last visited Oct. 17, 1998) <>; Playstar Responds to Kyl Bill, July 31, 1998 (last visited Oct. 17, 1998) <>.

59. Proposed 18 U.S.C. 1085 (b)(2).

60. Seth Gorman and Antony Loo, Blackjack or Bust: Can U.S. Law Stop Internet Gambling?, 16 Loy. L.A. Ent. L.J. 667, 708 (1996).

61. See, e.g., Brett Pulley, On Antigua, It’s Sun, Sand and 1-800 Betting, N.Y. Times, Jan. 31, 1998 (last visited Oct. 17, 1998) <>; Philip Palmer McGuigan, Stakes are High in Battle to Bar Internet Gambling, The National Law Journal, Nov. 3, 1997 (last visited Oct. 23, 1998). <>.

62. Gorman & Loo, supra note 60, at 689.

63. U.S. v. Juda, 46 F.3d 961, 967 (9th Cir. 1995).

64. Gorman & Loo, supra note 60, at 686.

65. Proposed 18 U.S.C. 1085.

66. Fojut, supra note 32, at 170.

67. John T. Soma et al., Transnational Extradition for Computer Crimes: Are New Treaties and Laws Needed? 34 Harv. J. on Legis. 317, 322 (1997).

68. Id.

69. Fojut, supra note 32, at 170.

70. Soma, supra note 67, at 324.

71. Fojut, supra note 32, at 170.

72. Soma, supra note 67, at 323, citing 18 U.S.C. 3183-3184.

73. Fojut, supra note 32, at 170-171.

74. This doctrine is often referred to as the Ker-Frisbie doctrine. See Ker v. Illinois, 119 U.S. 436 (1886); Frisbie v. Collins, 342 U.S. 519 (1951).

75. Koegler, supra note 28, at 556.

76. Dan Goodin, DOJ: Gaming Bill too Broad, June 12, 1998, (last visited Oct. 27, 1998) <,23138,00.html>.

77. Kelly Flaherty, Feds’ Internet Bet Case Avoids ‘Cyber’ Issues, The Recorder, Mar. 6, 1998 (last visited Oct. 23, 1998) <>.

78. Tratos, supra note 32, at 115.

79. Soma, supra note 67, at 363.

80. Montpas, supra note 46, at 182.

81. David R. Johnson & David Post, Law and Borders - The Rise of Law in Cyberspace, 48 Stan. L. Rev. 1367, 1368 (1996). Johnson and Post have taken a contrary position to that which I will be arguing. They claim that this lack of relationship between law and territorial borders will prove fatal to imposing legal rules on the Internet. As such, they propose a more self-regulating system by Internet stakeholders when online activities are not of “vital” interest to the sovereign.

82. Id., at 1369-1371.

83. Id., at 1370-1371.

84. Lawrence Lessig, The New Chicago School, 27 J. Legal Stud. 661, 662 (1998).

85. Id.

86. Lawrence Lessig, Constitution and Code, 27 Cumb. L. Rev. 1, 2 (1996).

87. Lessig, Chicago, supra note 84, at 663.

88. Id.

89. Lessig, Constitution, supra note 86, at 3.

90. M. Ethan Katsh, Software Worlds and the First Amendment: Virtual Doorkeepers in Cyberspace, 1996 U. Chi. Legal F. 335, 340 (1996).

91. Id., at 341.

92. Id.

93. Joel Reidenberg, Lex Informatica: The Formulation of Information Policy Rules Through Technology, 76 Tex. L. Rev. 553, 581 (1998).

94. Lessig, Constitution, supra note 86, at 4.

95. Katsh, supra note 90, at 341.

96. Lessig, Chicago, supra note 84, at 666.

97. Lessig, Constitution, supra note 86, at 3.

98. However, this is not necessarily a terrible occurrence. Certainly, a group of hackers may be able to wreck havoc with a country’s technological systems. Despite these abilities, hackers seem to have a certain respect for what they do, rarely seeming to do what they could do, but rather, proving that they could do it. This is useful in some respects. By identifying weak points in a system, programmers are able to strengthen constraints imposed by code, presumably ensuring greater compliance by the general users under the imposed rules.

99. Proposed 18 U.S.C. 1085 ([g])(2)(C)(ii)(II).

100. Id., at 1085 ([i])(1).

101. Reno v. ACLU, 117 S.Ct. 2329, 2353-2354 (1997).

102. Id., at 2354. Congress, presumably in response to this language in O’Connor’s opinion, has recently passed the Child Online Protection Act, or the “CDA II”, which would hold commercial site operators liable if they made “harmful” material available to children. However, the law provides an affirmative defense if the site owner checks the online visitor’s identification, which can be done automatically through an adult verification system. See Macavinta, supra note 1. For an example of an online verification service, please visit Adultcheck. (last visited Oct. 24, 1998) <>.

103. Katsh, supra note 90, at 352.

104. For an example, visit 1-800-FLOWERS at <> (last visited Oct. 25, 1998).

105. European Union Considers Regulatory Framework for Electronic Commerce, 16 No. 12 Banking Policy Report 10 (June 16, 1997).

106. A. Michael Froomkin, The Essential Role of Trust Third Parties in Electronic Commerce, 75 Ore. L. Rev. 49, 51 (1996).

107. Jane Kaufman Winn, Open Systems, Free Markets, and Regulation of Internet Commerce, 72 Tul. L. Rev. 1177, 1198 (1998).

108. Id. As many are aware, the U.S. government has been very concerned with the spread of high encryption software, which they feel could prevent law enforcement or national security forces from monitoring and infiltrating criminal or terrorist groups. The debate over “key escrow” is over whether the government should have access to such keys, either in the government’s direct possession or in the hands of a secure escrow agent, who would be required to turn over the key upon a court order. This technological policy dispute is very interesting, but well beyond the scope of this paper.

109. Winn, supra note 107, at 1199.

110. Id.

111. Jane Kaufman Winn, Couriers Without Luggage: Negotiable Instruments and Digital Signatures, 49 S.C. L. Rev. 739, 763 (1998).

112. Id.

113. Winn, Open Systems, supra note 107, at 1200.

114. Id. The opposite process could also be used. For example, if I wanted to be sure that the flower shop was the only party that could read my message, then I could use their public key to encrypt the message, assuring myself that only the flower shop could decipher the message with their private key.

115. Id.

116. See generally, Winn, Couriers, supra note 111, at 764; Froomkin, supra note 106, at 54-55.

117. Winn, Couriers, supra note 111, at 764.

118. Froomkin, supra note 106, at 54-55.

119. Winn, Open Systems, supra note 107, at 1201.

120. Froomkin, supra note 106, at 58.

121. Winn, Open Systems, supra note 107, at 1202.

122. Id.

123. Id.

124. Froomkin, supra note 106, at 58.

125. Froomkin describe the Utah digital signature act, which would provide a safe harbor for CA’s from liability, provided the CA’s comply “with relatively onerous requirements.” Id., at 108-109. A bill in the House of Representatives would create a private organization of CA’s, of which membership would be mandatory. CA’s in this proposed organization would be required to comply with the organization’s membership guidelines. See Philip S. Corwin, Electronic Authentication: The Emerging Federal Role, 38 Jurismetrics J. 261, 269-270 (1998).

126. Adultcheck, <> (last visited Oct. 24, 1998).

127. Id.

128. See discussion of the Child Online Protection Act, supra note 102. An additional incentive for webmasters are the royalty payments available if they refer a customer to Adultcheck and that person enrolls in the service. Adultcheck, <> (last visited Oct. 24, 1998).

129. Froomkin, supra note 106, at 62-63. Prof. Froomkin uses the example of a site owner whom allows a visitor to download encryption software, but may request an authorizing digital certificate to prove that the user is a U.S. citizen. The site owner would be reducing his personal liability under the U.S. export restrictions under I.T.A.R.

130. Id., at 63.

131. >o?Banks Converge on Certificates, Oct. 21, 1998 (last visited Oct. 26, 1998) <>.

132. Jennifer Sullivan, Trusting Entrust, Aug. 14, 1998 (last visited Oct. 12, 1998) <>.

133. Verisign, <> (last visited Oct. 26, 1998).

134. Janine S. Hiller & Don Lloyd Cook, From Clipper Ships to Clipper Chips: The Evolution of Payment Systems for Electronic Commerce, 17 J.L. & C. 53, 80-81 (1997).

135. See, e.g., id.; Brian W. Smith, Digital Signatures: The State and the Law, 114 Banking L.J. 506, 514 (1997).

136. James Glave, Digital ID’s Bust Out of Hard Drives, Nov. 21, 1997 (last visited Oct. 26, 1998) <>. Smartcards provide an advantage because of their portability, since digital signatures and private keys are normally stored on the user’s computer. However, the promise of smartcards is in the future, since the infrastructure (such as card readers) is not currently available.

137. For example, the CEO of Galaxiworld casino (<>) has stated that they will block access by U.S. players if the Internet Gambling Prohibition Act is passed. Lisa Napoli, Online Casino Unfazed by Proposed U.S. Ban, N.Y. Times, June 1, 1998 (last visited Oct. 17, 1998) <>.

138. Id.; However, many sites randomly sampled did not refuse service to American gamblers; rather, the disclaimers simply stated that the user must abide by their country’s laws and the user must disclaim liability to the site owner. See, e.g., New York Casino (last visited Oct. 29, 1998) <>; Ace’s Casino and Sportsbook (last visited Oct. 29, 1998) <>.

139. State of Missouri v. Interactive Gaming & Comm. Corp., No. CV97-7808 (Cir. Ct. of Jackson Co., Mo. May 22, 1997) at 4 (l) & (m). (available online at <>) (last visited Oct. 28, 1998).

140. One development which may encourage gambling operators to refuse service to American citizens is a lawsuit filed in California against credit card companies. A California resident has claimed that she is not liable for her credit card bills accruing from online gambling. Experts have speculated that if her claim is victorious, it could cause Internet gaming businesses to collapse, since most wagers are made with credit cards. See Online Gambler Sues Credit Card Companies, Washington Post, Aug. 17, 1998 (last visited Oct. 17, 1998) <>. Although other means of wagering are available, businesses would be skeptical of accepting credit card wagers by American citizens, even if the card is issued by an offshore bank, since American courts may not enforce any debts from Internet gambling. As a result, they may voluntarily seek to prevent U.S. bettors from accessing their sites.

141. Jeri Clausing, Online Gambling Industry Seeks Regulation to Save Itself, N.Y. Times, Dec. 23, 1997, (last visited Oct. 17, 1998) <>.

142. Interactive Gaming Council, Code of Conduct, posted May 9, 1997 (last visited Oct. 22, 1998) <>.

143. There would be serious doubts as to whether international law and extradition treaties would be amended to allow for extradition for violation of a foreign country’s criminal law, when the activity is sanctioned, if not encouraged in the nation where the gambling site operates. This is further compounded by the fact that some countries directly operate the gaming businesses. cf. Soma, supra note 67, at 362-364 (calling for amendments to bilateral treaties and a multilateral convention for extradition of computer criminals).

144. For example, Australian regulatory models of Australian gambling sites would require the operator to set up accounts for bettors, verifying identities and addresses, so that winnings can be taxed before they are distributed. See Jeri Clausing, Ban Online Gambling? Australia Would Rather Tax It, N.Y. Times, Oct. 16, 1997, (last visited Oct. 17, 1998) <>.

145. See, e.g., A. Michael Froomkin, The Internet as a Source of Regulatory Arbitrage, presented Jan. 29, 1996, at II (last visited Oct. 26, 1998) <>.

146. Internet Gambling Booming in Caribbean, N.Y. Times, Dec. 17, 1997 (last visited Oct. 17, 1998) <>.

147. For example, the Dominican Republic has been in a dispute with the U.S. over banana import policies and is unlikely to assist American law enforcement with internal gambling laws. See John Borland, Oversees Policies Undermine U.S. Gambling Ban, July 20, 1998 (last visited Oct. 17, 1998) <>.

148. Jonathan Weinberg, Rating the Net, 19 Hastings Comm/Ent. L.J. 453, 454 (1997).

149. Reno v. ACLU, 117 S.Ct. 2329, 2326, 2347 (1997) (noting that filtering software exists and will soon be available, which provides a “reasonably effective method by which parents can prevent their children from accessing . . . material which parents may believe is inappropriate for their children.”).

150. See generally, id.; Weinberg, supra note 148, at 454.

151. In fact, many software filters that seek to prevent access to pornographic materials by children also block access to Internet gambling sites. See, e.g., SurfWatch (last visited Nov. 1, 1998) <>; Cyber Patrol (last visited Nov. 1, 1998) <>.

152. John T. Delacourt, The International Impact of Internet Regulation, 38 Harv. Int’l L.J. 207, 229 (1997).

153. Ari Staiman, Shielding Internet Users From Undesirable Content: The Advantages of a PICS Based Rating System, 20 Fordham Int’l L.J. 866, 886 (1997); Cyber Patrol, one these software manufacturers, has both a CyberYes list (whitelist) and a CyberNot Block list (blacklist). See James V. Dobeus, Rating Internet Content and the Spectre of Government Regulation, 16 J. Marshall J. Computer and Info. L. 625, 633 (1998).

154. Delacourt, supra note 152, at 229-230.

155. Id.

156. “Intelligent phrase filtering” is simply an attempt to refine keyword filtering so that the program can examine the offending word in the context in which it is used. Delacourt, supra note 152, at 229.

157. Matt Richtel, Some Filters Examine the Intent Under Content, N.Y. Times, Jan. 31, 1998 (last visited Oct. 17, 1998) <>. Richtel notes that some software companies continue to block based on URLs which are manually reviewed, since the keyword searches are susceptible to over- and under- filtering sites, especially if the web page owner is attempting evade such blocking.

158. Brian M. Werst, A Survey of the First Amendment “Indecency” Legal Doctrine and its Inapplicability to Internet Regulation: A Guide for Protecting Children from Internet Indecency After Reno v. ACLU, 33 Gonz. L. Rev. 207, 227-228 (1997-1998).

159. Id.

160. Id., at 228-229. In addition to these expenses, generally a home user must have also purchased a computer and contracted for service from an Internet Service Provider.

161. IGC and SurfWatch Team up to Promote Responsible Gaming Online, IGC Press Release posted May 20, 1998 (last visited Oct. 17, 1998) <>.

162. These same problems plague attempts to prevent access by children to Internet pornography.

163. Delacourt, supra note 152, at 231.

164. Reidenberg, supra note 93, at 558-559.

165. Weinberg, supra note 148, at 457-458.

166. Paul Resnick and James Miller, PICS: Internet Access Controls Without Censorship, (last visited Oct. 18, 1998) <>.

167. Id.

168. C. Dianne Martin and Joseph M. Reagle, An Alternative to Government Regulation and Censorship: Content Advisory System for the Internet, 15 Cardozo Arts & Ent. L.J. 409, 413 (1997).

169. Harry Hochheiser, Filtering FAQ, Computer Professionals for Social Responsibility, Version 1.1, Dec. 25, 1997 (last visited Oct. 19, 1998) <>.

170. Paul Resnick, Filtering Information on the Internet, Scientific American, Mar. 1997, (last visited Oct. 19, 1998) <>.

171. Id.

172. See, e.g., Resnick & Miller, supra note 166.

173. Paul Resnick, PICS, Censorship, and Intellectual Freedom FAQ, version 1.14, last revised Jan. 26, 1998 (last visited Oct. 18, 1998) <>.

174. Resnick & Miller, supra note 166.

175. Dobeus, supra note 153, at 632-33.

176. Martin & Reagle, supra note 168, at 419.

177. Id., at 421.

178. Netscape’s latest browser, Communicator 4.5, includes PICS filtering. (last visited Nov. 14, 1998) <>.

179. Currently, a user has the option to activate PICS within Microsoft Internet Explorer. See Martin & Reagle, supra note 168, at 419.

180. Besides principles against censorship and favoring individual choice, this would hopefully avoid some of the more troubling problems that would beset federal or state attempts to label pornographic or other “harmful” sites, which may enjoy some First Amendment protection.

181. A major criticism of PICS is the lack of labels available on the Internet. Further, the sheer size and rate of growth inhibits attempts at comprehensive labeling. Browsers can be configured to block or allow any unlabeled sites, but this defeats the goal of filtering on a wide scale. See, e.g., Weinberg, supra note 148, at 470-471.

182. See Simon Garfinkel, Good Clean PICS, May 1997 (last visited Oct. 19, 1998) <>. Of course, if the browser allowed users to simply turn off the filtering, this would be a much easier route around regulation.

183. Although consumers may eventually upgrade their browsers to take advantage of new features, a crafty user could retain an older version on his computer just to visit gambling sites.

184. Netscape has offered its source code to its browsers so that savvy programmers can make alterations as long as a license is provided to Netscape to allow them to incorporate any advancements into new versions of their browser. (last visited Nov. 14, 1998) <>.

185. See, e.g., Garfinkel, supra note 182.

186. See Wayne B. Salamonsen & Roland Yeo, PICS-Aware Proxy System vs. Proxy Server Filters, (last visited Oct. 18, 1998) <>.

187. Hochheiser, supra note 169.

188. Id.; A more technical definition of a proxy server is “[a] program that deals with external servers on behalf of internal clients. Proxy clients talk to proxy servers, which relay approved proxy requests on to real servers, and relay answers back to clients.” See D. Brent Chapman & Elizabeth D. Zwicky, Building Internet Firewalls (1995).

189. Hochheiser, supra note 169.

190. Id.

191. Salamonsen & Yeo, supra note 186.

192. Cyber Patrol, (last visited Oct. 23, 1998) <>.

193. See, e.g., Surfwatch, (last visited Oct. 18, 1998) <>; N2H2, (last visited Oct. 26, 1998) <;.

194. FamilyConnect, (last visited Oct. 28, 1998) <>.

195. Resnick, PICS, Censorship, and Intellectual Freedom FAQ, supra note 173.

196. Salamonsen & Yeo, supra note 186.

197. Id.

198. Resnick, PICS, Censorship, and Intellectual Freedom FAQ, supra note 173. Obviously, if the goal is to prevent access to gaming sites, the customer should not be able to alter that criterion.

199. NetPartners, (last visited Oct. 26, 1998) <>.

200. See, e.g., I.B.M., (last visited Oct. 19, 1998) <>; Net Shepherd, (last visited Oct. 19, 1998) <>.

201. Ed Krol, The Whole Internet: User’s Guide and Catalog 26-27 (Academic Edition, Adapted by Bruce C. Klopfenstein 1996).

202. The immediate analogy is to that of the telephone system. You can dial your best friend’s phone number and be assured that she is the only person with that number.

203. Krol, id., at 28-29.

204. See discussion, supra Part II.

205. Krol, id., at 29-30.

206. Simson Garfinkel & Gene Spafford, Practical UNIX and Internet Security 458-59 (2nd Edition 1996).

207. William Stallings, Internet Security Handbook 46 (1995). It is difficult to generalize this subject matter, since network engineers can configure their networks in a variety of ways. Some may have a gateway, where all traffic is sent through this one point, while others may have a different configuration with many routers for redundancy. I will proceed on the assumption that each network employs at least one router to direct traffic between internal hosts and external servers. This assumption would apply, even if a very small ISP simply leases traffic from another ISP without performing its own routing, since the larger ISP can perform the filtering on its own routers, which would equally affect those hosts at the smaller ISP.

208. William R. Cheswick & Steven M. Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker 55 (1994).

209. Id.

210. UNIX servers can also be programmed to perform similar tasks with a “Wrappers” program, but since there are other types of servers available, such as Windows NT, etc., these will not be focused upon. See, e.g., Garfinkel & Spafford, supra note 206, at 675-687.

211. See, e.g., Cheswick & Bellovin, supra note 208, at 55.

212. Id., at 74.

213. Salamonsen & Yeo, supra note 186.

214. Resnick, PICS, Censorship, and Intellectual Freedom FAQ, supra note 173.

215. See, e.g., Chapman & Zwicky, supra note 188, at 176-177; Check Point (last visited Oct. 26, 1998) <>.

216. Check Point, Id.

217. Id.; Peter Heywood, Filters Without Fuss, May 21, 1998 (last visited Oct. 28, 1998) <> (describing new router filtering products).

218. See, e.g., Resnick, PICS, Censorship, and Intellectual Freedom FAQ, supra note 173.

219. The Internet Law and Policy Forum Working Group on Content Blocking, III(A)(1) (last visited Oct. 20, 1998) <>.

220. See, e.g., id., at III(A)(2); Salamonsen & Yeo, supra note 186; Aron Mefford, Lex Informatica: Foundations of Law on the Internet, 5 Ind. J. Global Legal Stud. 211, 215 (1997).

221. Reidenberg, supra note 93, at 583.

222. Fojut, supra note 32, at 171.

223. See e.g., Napoli, supra note 137; Christine Stubbs, Government Wants to Pull Plug on Internet Gambling, Red Herring Magazine, Nov. 1998 (last visited Oct. 17, 1998) <>.

224. See e.g., Erols, a regional ISP in the Northeastern U.S., does block email from a list of IP addresses, which it publishes at its site. Erols, (last visited Oct. 23, 1998) <> & <>.

225. Leibowitz, supra note 23.

226. Napoli, supra note 137.

227. Montpas, supra note 46, at 175.

228. Werbach, supra note 4, at 26-27.

229. 18 U.S.C. 1084 (d) (1998).

230. Telephone News System, Inc. v. Illinois Bell Telephone Co., 220 F.Supp. 621 (N.D. Ill. 1963).

231. Proposed 18 U.S.C. 1085 ([g])(2)(C)(i)(I).

232. Obviously, if the site was located on a domestic ISP, law enforcement officials could request that the ISP remove the site or seek an injunction ordering such removal. However, the threat of liability under U.S. laws would likely prompt all gambling site operators to locate their businesses outside of the U.S.

233. See Discussion infra, at II (d).

234. U.S. v. Edge Broadcasting Co., 509 U.S. 418, 426 (1993).

235. See, e.g., Valley Broadcasting Co. v. U.S., 107 F.3d 1328 (9th Cir. 1997).

236. See, e.g., Resnick, Filtering Information on the Internet, supra note 170 ; Froomkin, Regulatory Arbitrage, supra note 145, at II(A)(1).

237. See, e.g., Resnick, PICS, Censorship, and Intellectual Freedom FAQ, supra note 173.

238. See, e.g., Timothy Wu, Cyberspace Sovereignty? - The Internet and the International System, 10 Harv. J.L. & Tech. 647, 659-660.

239. Resnick, PICS, Censorship, and Intellectual Freedom FAQ, supra note 173.

240. President William J. Clinton & Albert Gore, Jr., A Framework for Global Electronic Commerce, July 1, 1997, (last visited Oct. 22, 1998) <>.

241. Weiswasser, supra note 11, at 145.

242. See David Hakala & Jack Rickard, A Domain Name by any Other Name!, Oct. 1996, (last visited Oct. 18, 1998) <>.

243. Id.

244. This can be done by simply changing the settings in Windows 95/98 to an alternate DNS server. For example, if you wished to use Alternic instead of the Internic system, one must only change their primary DNS settings to an Alternic DNS server.

245. See 47 U.S.C. 303 nt (1998).

246. See 17 U.S.C. 1001 et seq., (1998).