The software soon arrived in the mail. But it didn’t work. And the dealer that had sold it no longer existed. No Web page, no address, no recourse for Ms. Fischer and certainly no money back. She called the Federal Trade Commission (FTC) but no one knew where the company had gone, where it had come from or, indeed, that it had ever existed. It had taken Ms. Fischer’s money and vanished into cyberspace without leaving a footprint.
This experience only confirmed what Ms. Fischer already knew: The Internet is far from the paradise that conventional wisdom would have it be. There’s no doubt that it has made products cheaper and information more accessible. But from Matt Drudge’s unsubstantiated mudslinging through fly-by-night software companies, the Internet continually extends society’s lowest standards. Moreover, as the Net has become increasingly unruly and inscrutable, Congress and the Clinton administration have made little effort to protect consumers. After writing the report that shapes the central organizing principles for the Clinton administration on Internet issues, special adviser Ira Magaziner emphatically declared, “The Internet doesn’t need government.”
The Internet was conceived of in the late 1960s at the Defense Department as a means to help the United States keep going in the aftermath of a nuclear war. Twenty years later, it had become a medium for computer programmers to exchange code. In 1991, Netscape developed its Navigator browser and made it easy for everyday computer users to get online.
In those first heady days, the Web looked to be the ultimate medium for increasing power from the ground up. Any entrepreneur could start a business; any researcher could find near-limitless data; any consumer could choose among 43 brands of nail clippers. The Net promised to inspire democratic initiative all over the world, from shoppers in Lincoln, Nebraska to oppressed minorities on the Burmese border.
As the Net started growing, small, idealistic companies were siphoning money and market power from large corporations. A frenetic 30-year-old named Jeff Bezos founded Amazon.com in a Seattle van. Even though he soon had enough cash to wipe out the external debt of Honduras, money didn’t seem to be the only thing driving him and he still operated from behind his first desk, an old door balanced on a sawhorse. According to Bezos, Amazon began with noble ideals: to kill sprawling strip malls and to bring cheap books to the people. Did he want to sell books that people weren’t interested in? No, he said: “What consumerism really is, at its worst, is getting people to buy things that don’t actually improve their lives . That’s approaching evil.”
Unfortunately, getting people to buy things that don’t actually improve their lives is a good way to get rich, and it wasn’t long before the lure of major league fortunes crushed the principles of Internet visionaries. Soon, people began to put businesses online, not out of high ideals, but because they wanted to have their smiling billion-dollar photographs on the cover of Wired magazine.
Amazon certainly couldn’t escape the change in attitude; last spring, the company was caught offering positive reviews and prominent placement to publishers who dropped bags of gold on the sawhorse. For $10,000 a publisher could get a top slot on the company’s home page for its favored book, an author profile, and “complete Amazon.com editorial review treatment.” That’s trying to get people to buy things they don’t want and that don’t improve their lives. That’s approaching evil. When caught, Amazon abandoned the practice and now disavows it. Still, their action raises serious doubts about whether or not they are sticking to the ideals that Bezos apparently used to hold so dear.
But Amazon isn’t the worst Internet company or even close to it. Other Web sites have jumped into the game and many don’t just approach evil, they careen right through it. Go online and you’ll have no problem finding pyramid stock schemes, virtual slot machines, sites publishing and promoting bungled science that would be rejected by the drunkest editor, and pretty much anything else disreputable you can imagine. Almost overnight, the New York Public Library has become Caesar’s Palace—and Caesar’s hasn’t gotten around to hiring bouncers yet.
Perhaps the clearest way to see the threat that flat-out unregulated commerce poses to consumers is to log on to one of the nearly 400 drugstores that have appeared on the Internet in the past few years. Visiting many of these sites is like going to Tijuana, except better: You can get almost anything you want without having to worry about paying for the gas to drive to the border. Is your doctor reluctant to prescribe a pill that you just know you need? Log on, order, pop it in your mouth, and rock ‘n’ roll.
The Food, Drug and Cosmetic Act of 1938 requires that a patient consult a licensed doctor before getting a prescription filled, but, like most laws, Internet companies can dodge it. Customers fill out a generic form online which some staff doctor looking for a little extra dough just has to rubber stamp: no physical exam, no waiting rooms, no blood tests.
Ideally, there would be a way to make these online drugstores follow the same rules in letter and in spirit as brick and mortar stores. But trying to wrap current laws around the Internet is often like trying to put a gorilla into loafers. Laws are always tricky and somewhat subjective and they get trickier when companies can relocate overseas with one click of the mouse. As became clear during congressional hearings last July, state governments and the FDA are often unable even to figure out the drug companies’ e-mail addresses or location information. And as it stands now, without any government regulation, even if the law could catch up to the drugstore cowboys, the culprits no doubt have maps to the virtual roads heading out of town. A devious Internet company doesn’t even have warehouses to pack up if the authorities start sniffing around: A simple command at a Unix prompt “rm -r www” can wipe out all evidence that it ever existed.
The drugstore issue also exposes another great danger of the Net, that corporations will be able to manipulate customer preferences through the blurring of the lines between content and advertising. Peter Neupert, CEO of drugstore.com (an online firm 44 percent owned by Amazon.com) unwittingly made the point while criticizing his offline competitors: “People have lots of questions, like which of the 10 Saint John’s Wort products should I take? Should I even take Saint John’s Wort? Retail stores just aren’t set up to answer those questions.”
If Brand X Saint John’s Wort buys lots of ad space, maybe, just maybe, Mr. Neupert will recommend it to his customers and prominently cite studies that assert its particular virtues. Think about a drugstore with two equally sound, competing products: one high-margin and expensive, one low-margin and cheaper. The company is going to promote the former and pretend that it is better for its customers’ health. “Should I even take St. John’s Wort?” “Of course. Try this one.” Any company that didn’t would soon find itself out of business. People don’t have to be immoral, yet alone evil, to be mesmerized by money; much of the time, they just have to want to survive.
The driving logic of the Net has been to eliminate the middleman, like your doctor and the drugstore clerk. But informed, relatively disinterested middlemen are often central to consumer protection and to eliminate them is to destroy an important safeguard. As one crafty scoundrel who had succeeded in defrauding customers in an online auction wrote, “Ha Ha Ha Ha. All you people are really quite ridiculous. You make a deal via e-mail, never see the person, never speak with the person, and then get upset when you get ripped off. You must be a bunch of morons.”
The Net also has the ability to do more than sell us products that are harmful or make us buy things that we don’t need. It can also take away our last shreds of privacy.
Many companies send out packets of information known as cookies when you visit their pages. These cookies attach themselves to your browser and then trigger information within the companies’ databases on your next visit to their sites. There are advantages to this: If a page (like The New York Times site) requires a password for you to access its information, cookies are what allow you to visit again and again without having to retype your password each time. However, cookies are also how, in the not-very-distant future, Web pages will be able to cough up your shopping history along with your astrological sign, hair color, and phone number. A company called DoubleClick has already compiled a database of 50 million people and is currently working to integrate these data with other companies (like L.L. Bean) that have long-running and extensive data series on specific customers.
According to privacy expert Jason Catlett, companies like DoubleClick will soon be “able to do some really scary things. For instance, say you’re browsing a favorite Web newspaper site, and you spend time reading an article on financial planning. Two minutes later, the telephone rings, and it’s a guy trying to sell you life insurance Companies will pay a lot of money for getting someone at the time when they might be receptive to their pitch.”
Even more chillingly, a whole industry has sprung up around gathering private, personal, and critical information. Go online and search for someone’s credit history or medical records and there’ll be no middlemen concerned that you don’t match the ID and that you’ve already asked for six other names that very day. Nor will any cop be around to track you; just run yourself through anonymizer.com and you’re virtually invisible. Similarly, it’s extremely difficult for individuals to retain copyright protection. The Net is open-source; anyone can copy the code used to create a certain page (go to your browser and click on “view source”). This means that, within minutes, I can create a Web page that looks exactly like The New York Times with exactly the same content, colors, and graphics. It’s all available and very easy to steal.
Less sinister, but still thoroughly irritating, is the ease with which companies can get e-mail addresses and pummel recipients with untraceable, unwanted e-mail known as “spam.” If you’ve ever gone online, you’ll know what I mean. But the government has done basically nothing at all—perhaps because congressional aides serve as middlemen, filtering out the junk e-mail flooding upon congressmen before it can irritate them. Ralph Nader’s Consumer Project on Technology has advocated that all e-mail be tagged so that senders of spam can be identified. But, like all other consumer protection regulation for the Net, this bill is buried in a file on some congressman’s desk, next to a coffee mug that hasn’t been cleaned in three months. It wasn’t put in the “urgent” folder where so many of the bills to help large Internet companies (like the one protecting them from Y2K liabilities) have gone.
Elliott Maxwell, a senior advisor for the digital economy at the Department of Commerce, has felicitously said that he wants the Net to become “a clean, well-lighted place.” The concept is a good one but the administration’s approach of complete private self-regulation is not.
The first principle of Magaziner’s grand report of 1997, “A Framework for Global Electronic Commerce” begins: “The Internet should develop as a market-driven arena, not a regulated industry,” and the report plunges on from there. The Internet is “changing classic business and economic paradigms.” The administration “will encourage the creation of private forces to take the lead in areas requiring self-regulation such as privacy, content ratings, and consumer protection.”
The first justification for this paean is the classic laissez-faire mantra that private industry will self-regulate because it has a vested interest in doing so. Nothing would destroy Amazon.com faster than a large-scale onslaught of fraud on the Net. If people can’t trust their credit card numbers, people won’t buy books online. If enough people die from sub- (or non-) standard drugs from online drugstores, the customers left on their feet are going to race straight back to their neighborhood corner shops.
It’s as though Magaziner has resigned himself to a world in which, at most, the government can play Elmer Fudd to the Net’s Bugs Bunny. The Net’s just too fast, too smart, and too darn hard to catch up with. Surely, part of Magaziner’s reluctance to do anything comes from his having burnt his fingers on health care. Part of it also flows from Bill Clinton’s desire to remain the smiling Buddha of our economic expansion—not really sure of what he is doing, but surrounded by assurances that whatever he’s doing is right. Still, Clinton should know better. As his attempts at health care, environmental protection (see Robert Worth’s article in this issue) and tobacco regulation have shown, self-interest has not been repealed and freedom for the wolves is still death for the sheep. Private companies are not going to serve the public interest, they’re going to serve their private interest. Sometimes the two will overlap, sometimes not. As even the famous free-marketer Adam Smith wrote in 1776, when people of “the same trade” meet together, inevitably “the conversation ends in a conspiracy against the public, or in some contrivance to raise prices.”
There are two primary ways for the government to regulate the Net. The first way is to try to restrict activity. Examples include a law mandating that every business disclose its full address and location information in large type on its home page or a law making it illegal to sell or exchange private credit information. The second way is to offer support for people online. Examples include publishing consumer tips online or offering subsidies to people like Ms. Fischer who are trying to limit Net fraud.
Magaziner and Clinton reject both types of regulation. With regards to restrictions, they’re mostly right. With regards to supporting consumers, they’re dead wrong.
Moreover, this country’s lax approach to restriction has certainly allowed the U.S. online industry to leap ahead of other nations that have taken a plodding, institutional approach to the Internet. France, for example, is still slogging through negotiations over cultural content. Unsurprisingly, we’re wired and they’re not. A friend of mine in Paris whipped out a hand calculator last year that could tell what time of day it was in both Sydney and in London, gloating that this was the (new) new thing. With the United States running full steam ahead and everyone else sipping wine, 70 percent of all electronic commerce now is transacted in the United States.
But the difficulty of restrictive regulation is not an excuse to do nothing. There’s still a great deal that the government can and should do to ensure that consumers come out winners in the new bacchanal.
A good place to start government regulation would be to develop a system through the Department of Commerce that certifies Web sites that comply with privacy rules and consumer protection statutes—much like the system that Ms. Fischer was trying to develop when the software company took her $277. If a Web page is completely based in the United States, follows binding U.S. rules, and practices full disclosure, give it the Department of Commerce stamp. If it doesn’t, don’t. If a program like this were sufficiently publicized, companies like drugstores would fall over themselves to make sure they could qualify and no one would have to worry about seedy companies vanishing into thin air after picking their customers’ pockets. Already, a few organizations like TRUSTe offer this service. Yes, there will be lobbyists and redundant lawyers. But at times even bureaucracy is better than being totally on your own.
Second, the government needs to completely reverse its position on encryption so that consumers are more able to protect their personal information from online thieves. It may not be possible to ban the sale of private credit information if it’s easy for the thieves and merchants to operate from servers based in Djibouti; but it is possible to make the task of stealing much much harder. Until early September there was a ban on the export of strong encryption software by U.S. companies which, in effect, meant a ban on its development (who’s going to make Internet software that you can’t even put online?). Effective blocking software known as Pretty Good Privacy (PGP) already exists that allows consumers to have secure places where they can make transactions and store their data. Now that the government has reversed its wrong-headed ban, it should take the further step of helping to bring PGP to the public.
A third step would be to develop a consumer protection code that would activate when first-time users start their browsers. The Department of Commerce has developed a page that explains what to be wary of on the Net, how to navigate, and how to make sure that you don’t get duped. It’s a great page but it’s buried deep. To bring information like this to the mainstream, the government would have to lean on Netscape and Internet Explorer (perhaps in the same way that tobacco companies were forced to put the Surgeon General’s warning on their products) to get them to post an informational notice like this as their browser’s original starting point. Then, every new user would come to this page the first time she gets online. While people with experience do make mistakes (Napoleon did go into Russia and Ms. Fischer did blow $277) Net fraud threatens new users far more than experienced ones, and a page explaining the potential dangers of the Net could be an important first line of defense.
But most importantly, the government needs to get the glaze out of its eyes and start thinking its basic responsibilities through. The more something is repeated, the more it becomes an unexamined truth—and this is starting to happen with the Net. Everyone “knows” that the Net shouldn’t be regulated, but few people can offer a serious rationale. It’s a shibboleth, sleepily repeated over and over with only timid voices trying to shout it down. The more time that passes before the government starts to build a regulatory and supportive infrastructure, the more damage will have already been done and the harder the task of regulation will be.
The Net does need to become a “clean, well-lighted place.” And it should be the government’s job to start sweeping the streets and building the lampposts as soon as possible.