This document is intended to serve as an introduction to W3C
work (initiated by the Technical Architecture Group) on the
relationships of governance and Web architecture. It outlines
areas where the nature of the relationship between users,
computers, services, and content and the behavior of the systems
involved are impacted by society's regulation.
This is still an early draft, retargeted to those who want an "executive summary".
Introduction
Governance is the process by which society
defines expectations, grants power, or verifies performance, through
laws, regulations, or other means. Societies govern communication,
for example, to support copyright, privacy, or to help manage
defamatory or illegal material. As the Internet becomes increasingly
central to the way people communicate, it is also increasingly
subject to governance.
Unfortunately, a number of problems commonly arise when dealing
with governance of the Internet.
- Regulations often don’t match the technology.
Ordinarily, we use analogies to talk about technology; for example,
we talk about “publishing a page”, but the actual process of putting
up a web page is very different from physical publishing by making
and distributing printed paper. So a rule “It’s okay to read this
page, but you can’t make a copy of it” doesn’t acknowledge that, in
order to read a page, the bits that make the page must necessarily
be copied to the reader’s computer.
- Different goals conflict. Law enforcement might
require that a site owner keep records of everyone who posts
information, in order to be able to track down those who post
illegal or defamatory material, while, at the same time, privacy
regulation might insist that the same site owner not keep records.
- The internet is global, but governance is
local. The jurisdiction of law, regulation and social
values are geographically based, but the Internet has no simple
boundaries. Yet values, regulation, laws from different
jurisdictions are inconsistent, and often conflicting. Is it
possible to conform to the norms of everyone from a single web site?
Audience
Technology standards can help reduce some of the difficulties by
providing appropriate terminology, guidance and standards. For
example, W3C Recommendations for accessibility have helped reduce some of
the unnecessary variability between accessibility guidelines in
various countries.
There is a clear path for voluntary industry standards to make
their way into contractional obligations and ultimately into
law.[[Hemenway]]
As a community of technologists focusing on bringing the web to
its full potential, documenting the intended or accepted practice
for new technology areas can help influence the legal
community. It is common that judges will ask what the consensus
practice or standard is in a technical community when forming
judgments.
Even if seemingly "stating the obvious", putting together a
technical introduction to those developing governance methods
we hope will be useful to lawyers, judges, legislators, administrators.
This can take the form of a framework, a set of definitions, or a
set of roles and relationships, an analysis, etc.
Whatever its form, it must take a stand of some kind - not a
legal stand, but an engineering stance. The lawyers already know
the law, so talking about legal situations would be out of
order. Taking a stand is not "this is what I think the law should
be" and the statement shouldn't say anything about law. Rather it
is: "This is how we think about the technology, and what the
technology is for."
Governance requirements constrain architecture
In order to build systems such that those responsible for the
systems are capable of meeting expectations, it is often the case
that governance adds requirements to the overall architecture of
the system. For example, an obligation to keep records of use
requires system data paths to gather the required records; an
obligation to avoid publication of certain categories of material
requires some means of distinguishing wanted from unwanted
content.
On the other hand, to be clear, effective and fair, rules,
regulations, laws and expectations need to be written in terms
that match the technology. New technologies often allow novel
means of communication, where relationship such as causality,
responsibility, speed of access, and distribution policies are
widely different from earlier technology. A mismatch between
governance and actual usage often leads to mandated requirements
which cannot be easily and consistently interpreted.
Governance areas
This section lists some governance areas of special
impact to the web, and notes some of the issues to consider.
(The order is not significant.)
- Privacy. The Web allows an unprecedented
opportunity for gathering, distributing, and otherwise using
information about individuals that might otherwise be considered
"private". The increased capabilities, along with the
difficulty of understsanding the impact of technology choices, has
lead to increased legislative concern for privacy.
- Copyright. Copyright is concerned with
creating and maintaining the rights of creators and publishers
of work with regard to limiting the redistribution and reuse of
their work.
- Censorship. Censorship is concerned with
restricting unwanted content. Content can be
unwanted for many reasons: it is considered offensive
(pornography), seditious, defamatory, or otherwise considered
harmful. Censorship is practiced by all societies, but the
nature of what is wanted or unwanted can vary widely.
- Accessibility. Insuring that the Web is
accessible to individuals with disabilities is central to many,
Web accessibility includes making content and interfaces
accessible, as well as providing tools that are
accessible.
- Open Data. Beyond publishing content
as text or in other human-sensible forms, there is increasing
demand for availability of data in processable form.
- Law Enforcement.Many jurisdictions require
Web operators to keep records relating to the operation of
Web services, to aid not only in enforcing of other direct
governance areas, but also for non-communication crimes.
- ... uniformity ... anonymity ... archiving ...
Policy consequences
The consequences of providing products and services on the web
that do not comply with governance requirements can range
widely.
- At the mildest, there is no enforcement other that public
pressure -- "bad PR", e.g., for the company selling
the offending product or service. This is a form of
enforcing community consensus which is at the core of
voluntary standards.
- Regulation might prevent or limit sales in some
segments. (E.g., government departments will not purchase a
product/service that does not comply with government
accessibility standards.) For example, if copyright laws
consider the manipulation of copyrighted photographs a
violation, products and services aimed at photo manipulation
might be favored less.
- More seriously, legislation and regulation might cause fines
or even criminal liability, e.g., when data protection
regulations are not met or when illegal content is
hosted.
Technology areas
This section lists some of the technology areas that an
examination of the interaction of governance and web architecture
might cover.
- Publishing and Linking. As covered
In the TAG document "Publishing and Linking On the Web",
we examine the releationship of publishing to governance
areas such as copyright and censorship.
- Logging, tracking. Most services
and users keep logs of previous behavior. These logs
however also serve as a basis for supporting or interfering
with the governance areas of law enforcement and privacy.
- Cookies, local state. These mechanisms
are architecturally useful and sometimes in service of
tracking, but are also in the critical path of the
user's actions.
- Initiated communication.Web servers
and processes that send mail, initiate instant messages
interact with governance around privacy.
- Authentication, Signatures Determining
that the communication is from an auhtorizated user.
Determining that the user intended to send the message.