Whose job should it be to see that terrorists don't unleash a computer virus that cripples the air traffic control system? Who will prevent enemy nations from stealing nuclear weapons secrets from U.S. government computers over the Internet? Who should keep rival entrepreneurs from downloading trade secrets from your company's computers or those of another firm? Who should regulate the Internet?
Right now, the closest thing to a global Internet regulatory body is the Internet Corporation for Assigned Names and Numbers (ICANN), a private organization based in Marina Del Rey, California. But ICANN isn't much of a regulator. It's concerned with how to set up and run the domain-name system that gives us .com, .org and .net as well as country-connected domain names such as .uk for the United Kingdom and newer domains like .biz. "We don't really regulate," says ICANN's Mary Hewitt. "We're a technical coordinating body." The organization has just half a dozen employees and an annual budget of $5 million, scarcely sufficient to coordinate the concerns of its 243 member governments, from Ascension Island (.ac) to Zimbabwe (.zw). Its interest in security is to protect the small number of global high-level domain-name servers.
If not ICANN, then who? There is a short list of candidates, few really viable. The International Telecommunication Union (ITU) is a 140-year-old global organization that might have the worldwide reach and credibility to pull it off. But the ITU has said it's not interested in taking over even ICANN's limited role. The Department of Commerce, which already oversees many aspects of online commerce through the FTC and its other agencies, is a candidate. The department is the entity that grants ICANN the authority to do its job and so, presumably, could take it back. But it recently extended the organization's contract and has expressed satisfaction with ICANN's work.
The new Department of Homeland Security (DHS) is another candidate. DHS has taken over some Internet regulation and security jobs from the Department of Commerce as well as from the FBI, part of the Department of Justice. If it follows recommendations in the cybersecurity report from President Bush, DHS will also create an Internet-wide monitoring system aimed at detecting and stopping viruses and other threats by encouraging network centers, ISPs and others to share information. But an agency charged with homeland security can't play much of a global role.
Michael Froomkin, a University of Miami School of Law law professor and critic of ICANN (he's a founding editor of www.icannwatch.org), sees little need for additional regulations to police the Internet. "It's already illegal to send somebody a virus," he notes, and online advertising, commerce, privacy and other issues are addressed to varying degrees by a patchwork of rules. Froomkin feels security issues will be adequately addressed if the government secures its own computers, encourages software makers to engineer better-protected products, and promotes efforts to inform users about how to protect their systems from worms, viruses and other threats.
Local, state and federal laws and a similar variety in other countries already control online commerce, privacy, pornography, hacking and other issues. State attorneys general, county prosecutors, state trade commissions and even Better Business Bureaus all play active but geographically limited roles in keeping Internet activity within legal and ethical boundaries. While China's Draconian controls haven't been widely imitated, countries such as Finland and Australia have been debating Internet censorship and content-control laws that are milder than China's but still more strict than any in use in those countries today.
The Internet may never be run by a single entity. Instead, its governance is likely to be the end result of a mass of individual laws, regulations, conventions, agencies and organizations that is growing at local, state, national and global levels. Together, these will result in an online world that protects the interests of those who use it for legitimate purposes and thwarts those who would use it for wrongdoing.