The Carrot & Stick Approach to Internet Pollution
Lawmakers on Capitol Hill are once again debating whether to extend a soon-to-expire ban on taxing consumer access to the Internet. Proponents of such a ban say they want to keep the Internet free from the shackles of regulation, and that the lack of said regulation is what has helped the Web grow and mature to its current powerhouse status as a major driver of the U.S. economy.
But by some measures, the lack of oversight and regulation is precisely the reason that some of the world's largest Internet service providers and Web hosting firms can get away with failing to police their own networks for security threats that jeopardize the health and stability of the Internet as a whole.
Study after study show that ISPs in the United States lead the way in providing connectivity to computers that are a major source of malicious activity online, from bot-infected, spam-spewing PCs to compromised computers acting as download sites for malicious software or hosts for phishing Web sites. While it is true that some network providers do a much better job than others in cleaning up problem sites and PCs that are part of their networks, in far too many cases problematic customers are allowed to pollute the Internet for weeks or even months at a time.
Experts say it often costs ISPs more to field a support call from a customer seeking help in cleaning up a virus-infected PC than the provider will make from that customer in an entire year. The result is that -- unless problematic customers are consuming way more than their share of Internet bandwidth -- network providers often find it more cost-effective to simply ignore problematic customers.
I'm not suggesting that taxing online access is the way to fix this problem. But perhaps the time has come for Congress to at least hold out the threat of more government involvement in this space as a means of encouraging Internet providers to do the right thing on security.
Government can be most effective in areas where the free market fails to address a problem. Pollution, for example, is a scourge that economists like to call an "externality," or a market failure that happens when a transaction generates a cost that is not necessarily paid by the buyer or seller, but rather by society as a whole.
The problem with externalities is that businesses that do the right thing -- in this example, invest in non-polluting technologies or take active steps to clean up polluted areas -- are at a market disadvantage as long as their competitors are not required to do the same.
Several years ago, the U.S. entertainment industry won passage of the Digital Millennium Copyright Act, a controversial law that -- among other things -- requires ISPs to take offline any Web site or content that makes available copyrighted content without permission from the content owners. The law holds ISPs free from liability provided that they respond and remove the offending content within a short time of receiving legal notice, usually 24-48 hours.
The DMCA is a far from perfect law, but this particular notice-and-takedown provision has proven to work. I'd wager that the mere threat of instituting a similar provision for infected PCs and malicious Web sites would be enough to galvanize a fair number of ISPs to take action.
What might that action entail? A number of ISPs, notably Cox Communications and a fair share of the Canadian-based providers, have instituted a practice known as the "walled garden." This approach basically attempts to alert problematic users to invaders within their machines by confining users -- temporarily or permanently -- to a small portion of the Web where they can go to retrieve the tools and instructions needed to clean up their machines.
Would this approach work to help consumers rid their machines of the most advanced malware out there today? Perhaps not. Would it measurably help reduce the pollution of the Internet by spam, malicious Web sites and denial-of-service attacks? Almost certainly.
Either way, it is time for policymakers to consider this increasingly obvious fact: In order to address the global problem of cyber crime, which disproportionately targets U.S. consumers and businesses, our country is going to need to foster more cooperation among network providers, law enforcement and regulators in other nations. But without a more concerted effort to clean up the Internet pollution problem in our own backyard, the United States will only hinder efforts to enlist other nations (e.g. Russia) in fighting this battle.
Posted by: anon | October 18, 2007 10:56 AM | Report abuse
Posted by: Network Operator | October 19, 2007 6:32 PM | Report abuse
Posted by: Ombudsman | October 21, 2007 12:38 PM | Report abuse
Posted by: Llew | October 21, 2007 2:31 PM | Report abuse
Posted by: Rick | October 23, 2007 3:34 PM | Report abuse
The comments to this entry are closed.