Speech, it is said,1 divides into three sorts — (1) speech that everyone has a right to (political speech, speech about public affairs); (2) speech that no one has a right to (obscene speech, child porn); and (3) speech that some have a right to but others do not (in the United States, Ginsberg2 speech, or speech that is “harmful to minors,” to which adults have a right but kids do not). Speech-protective regimes, on this view, are those where category (1) speech predominates; speech-repressive regimes are those where categories (2) and (3) prevail.
This divide has meaning for speech and regulation within a single jurisdiction, but it makes less sense across jurisdictions. For when viewed across jurisdictions, most controversial speech falls into category (3) — speech that is permitted to some in some places, but not to others in other places. What constitutes “political speech” in the United States (Nazi speech) is banned in Germany; what constitutes “obscene” speech in Tennessee is permitted in Holland; what constitutes porn in Japan is child porn in the United States; what is “harmful to minors” in Bavaria is Disney in New York. Every jurisdiction controls access to some speech — what we call “mandatory access con-trols” — but what that speech is differs from jurisdiction to jurisdiction.
This diversity creates a problem (for governments at least) when we consider speech within cyberspace. Within cyberspace, mandated access controls are extremely difficult. If access control requires knowing (a) the identities of the speaker and receiver, (b) the jurisdictions of the speaker and receiver, and (c) the content of the speech at issue, then as cyberspace was initially designed, none of these data are easily determined. As a result, real space laws do not readily translate into the context of cyberspace.
One possible response to the change caused by the initial architecture of the Internet (“Net”) would have been for governments simply to give up on access controls. Experience suggests that this is unlikely. As the popularity of the Net has grown, governments have shown an increasing interest in reestablishing mandated access controls over certain kinds of speech now published on the Internet. In the United States, this speech is sex or spam-related; in Germany, it is both sexand Nazi-related; in parts of Asia, it is anything critical of Asian governments. Across the world, governments seek to reregulate access to speech in cyberspace, so as to reestablish local control.
We take as given this passion for reregulation. It features prominently in the current political reality of cyberspace. This reality should push us to consider the options that regulators face — not because regulators need encouragement, but because we should understand the consequences of any particular regulatory strategy. Some strategies pose greater costs than others; some strike at more fundamental features of the Net than do others. We aim to understand the tradeoffs that this reregulation presents.
This inquiry is particularly salient in the United States just now. In what may have become a biannual event, the United States Congress in 1998 passed its second attempt at regulating “indecent speech” on the Net — the Child Online Protection Act(“COPA”). Its first statute, the Communications Decency Act of 1996 (“CDA”), was struckdown by the Supreme Court in 1997. Now two years later, a federal district court in Philadelphia has enjoined enforcement of COPA. And if the ACLU succeeds in striking this statute, Congress no doubt will be at it again. Among the headaches of Y2K will be another CDA; and among the more significant (if repetitive) cases of 2001 will be ACLU v. [the next attorney general].
Congress may never pass a statute that satisfies the Court, but we think it could. There exists a type of “decency act,” which we sketch here, that would pass constitutional muster. That act is not COPA. To see why this “decency act” would be constitutional where COPA was not, and to understand this alternative act, requires a broader view. It requires an analysis that makes clear the different values at stake.
Our aim in this essay is to provide just such a perspective. We offer in Part I a model of mandated access control that will clarify the issues in play. While this model will help resolve the constitutional questions raised by COPA, it will also help see the issues that mandated access controls present more generally. Given that different jurisdictions will want different restrictions, and given that those restrictions would be differentially costly, we provide in Part II a map of the different architectures and assignments of responsibility that might effect these restrictions. We then consider the trade-offs among these alternatives — both generally, and in particular in the American context.