Simple solutions are often wrong

One of the longest-running problems with the Internet is the assumption by too many people that it is simpler to control than it is. This problem manifests itself in many ways but shows up most reliably when lawmakers try to write legislation covering the Internet. Almost always the laws are atheistic in regard to the way the Internet works.

The laws demand that someone do something that cannot be done or only can be done by significantly changing the network itself or by affecting far more people than the law is intended to impact. An example of the latter was the subject of a federal district court decision on Sept. 10. In this case, as it has been in a number of others, the court seems far more willing to think than lawmakers do.

In 2002, Pennsylvania adopted the Internet Child Pornography Act. This act required ISPs to “remove or disable access to child pornography items residing on or accessible through its service in a manner accessible to persons located within this commonwealth within five business days” of when the ISP was notified by the Pennsylvania attorney general. This must have sounded like an easy thing for an ISP to do to the Pennsylvania lawmakers, but that is not the case.

That requirement might not be that hard to meet for child porn residing on an ISP’s own servers because the service provider could just remove the bad content. Things got much harder if the content was somewhere outside the ISP’s reach. In those cases the ISP needed to block the bad content based on the IP address or URL that the attorney general provided to the ISP. But it’s not easy to block just the bad content because of the capabilities of today’s equipment and because of the realities of ISP operations.

At first glance it might seem an ISP easily could meet the law’s requirements by blocking access only to the IP address or by tweaking its routing tables and blocking the URL by tweaking its name servers. But these techniques will have significant side effects because many Web sites can share the same IP address or domain name. Blocking access to an IP address can block as many as a half-million Web sites. In fact, during the time that this law was in effect the attorney general asked ISPs to block access to about 400 sites based on the claim that child porn was present. This resulted in the ISPs blocking access to as many as 1.6 million innocent Web sites. This side effect didn’t seem to bother the attorney general. The Pennsylvania attorney general was sued over the less-than-limited impact of the blocking and other issues. A U.S. federal court has just ruled that the act violates the Constitution for a number of reasons, including the wholesale blocking of innocent Web sites. The court’s decision is very clearly written and carefully reasoned, descriptors that cannot be applied to the act itself.

Child porn is and deserves to be illegal everywhere. But that doesn’t mean lawmakers should disregard technical reality when trying to control it. The Pennsylvania act did nothing to limit child porn – instead it hurt innocent bystanders and again demonstrated that lawmakers frequently think it’s more important to do something than to do something useful.

Disclaimer: I don’t know if Harvard’s JFK School of Government has a class in technical reality, but I hope so. In any case the above is my own view.

Bradner is a consultant with Harvard University’s University Information Systems. He can be reached at sob@sob.com.