CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

Bad laws, bad code, bad behavior

CNET's Declan McCullagh explains why laws regulating technology often invoke an even more powerful rule: the law of uninintended consequences.

A congressional hearing on Internet porn last week illustrates what happens when politicians try to ban technology they don't like or understand.

The topic of Thursday's meeting of the House of Representatives' consumer protection subcommittee was a bill intended to require that programs like Kazaa and Grokster obtain parental consent before installation. Peer-to-peer software is starting "to lure our children from the perceived safety of the family living room out into the dangers of the Internet wilderness," subcommittee chairman Cliff Stearns, R-Fla., warned.

The only problem: The bill that Stearns and his colleagues suggest as a solution is so broadly worded that it regulates far more than just peer-to-peer applications. Anyone distributing instant-messaging programs, File Transfer Protocol software or Internet Relay Chat clients would have to follow a complicated set of regulations to be published by the Federal Trade Commission, which might as well be renamed the Federal Software Regulatory Commission.

Software distribution sites like those of SourceForge and the Comprehensive Perl Archive Network would be outlawed, if they did not follow these byzantine legal rules, which include obtaining "verifiable parental consent," if the downloader is a minor, ensuring that the software can be readily uninstalled, keeping "records of its compliance" and so on. Anyone running such a Web site outside the United States would be required to hire a "resident agent" and file reports with the FTC--hardly a boon to the burgeoning global open-source movement.

The so-called Protecting Children from Peer-to-Peer Pornography Act is just one example of politicians attempting to write rules for software--often with a worthwhile goal in mind--that end up hurting legitimate programmers, network administrators and end users. In other words, state and federal laws regulating technology often invoke an even more powerful rule: the law of unintended consequences.

Other examples include:

• A California state senator's attempt to ban Google's Gmail actually covers all Web e-mail services instead. The bill would make it illegal for companies to offer features like in-box searching or turning ":-)" smiley faces into graphics. The measure would also prohibit reviewing incoming messages to make clickable hyperlinks out of text phrases like ""

• A bill sponsored by Rep. Mary Bono, R-Calif., to ban spyware, goes much further. Bono defines spyware as "any software" that "transmits" personal information--a category that would include any e-mail client (because it transmits a "From: address") and many Unix utilities. FTC officials recently criticized it as a bad idea.

These problems arise not because all politicians are dumb--most are not--but because software is infinitely malleable and resists being pigeonholed by lawyers.
• Three U.S. House of Representatives members say they want to ban peer-to-peer software that fails to warn that it "could create a security and privacy risk." But the fine print of their bill says anyone who makes huge categories of software--including Web browsers, instant-messaging clients and e-mail utilities--publicly available must include the warning or go to prison for up to six months.

• The Can-Spam Act that President George W. Bush signed in December regulates far more than just junk e-mail. Its rules apply to anyone sending "any commercial electronic e-mail message"--including contractors submitting business proposals, or a freelance photographer contacting National Geographic.

• In 2002, Sen. Fritz Hollings, D-S.C., introduced the Consumer Broadband and Digital Television Promotion Act. It was touted as an antipiracy measure, but the fine print says the only code that programmers and software firms would be able to distribute must have embedded copy-protection schemes approved by the federal government.

• Two allegedly antispam proposals could end up banning anonymous remailers, free Internet services that strip off information that identifies the sender of an e-mail message and forwards it to the recipient anonymously. One proposal is sponsored by Sen. Chuck Schumer, D-N.Y. The second, introduced by Rep. Bob Goodlatte, R-Va., outlaws software designed to conceal the "source or routing information" of e-mail messages.

A better solution
These problems arise not because all politicians are dumb--most are not--but because software is infinitely malleable and resists being pigeonholed by lawyers. A program may be a Web browser one day and an instant-messaging client, as well, the next.

The U.S. Supreme Court spent decades agonizing over the definition of obscenity, prompting Justice Potter Stewart's famous quip about porn in Jacobellis v. Ohio: "I know it when I see it." Software is even trickier to define.

Instead of prohibiting bad code, a better solution is to prohibit bad behavior. That could mean, for example, a general rule against fraud instead of trusting tech-impaired politicos to draw up a list of every type of possible code that could perform fraudulent acts.

"Banning behavior is going to be a lot more effective than banning code," said Will Rodger, policy director at the Computer and Communications Industry Association, a trade association that includes Sun Microsystems, Intuit and Yahoo. "Sometimes, it feels good to pass these laws, but they're not going to have an effect on the problem...We often see bills come through with the greatest of intentions. But as they say elsewhere, you can't suspend the laws of physics."