Governance and Web Architecture

This document is intended to serve as an introduction to W3C work (initiated by the Technical Architecture Group) on the relationships of governance and Web architecture. It outlines areas where the nature of the relationship between users, computers, services, and content and the behavior of the systems involved are impacted by society's regulation.

Introduction

Governance is the process by which society defines expectations, grants power, or verifies performance, through laws, regulations, or other means. Societies govern communication, for example, to support copyright, privacy, or to help manage defamatory or illegal material. As the Internet becomes increasingly central to the way people communicate, it is also increasingly subject to governance.

Unfortunately, a number of problems commonly arise when dealing with governance of the Internet.

Regulations often don’t match the technology. Ordinarily, we use analogies to talk about technology; for example, we talk about “publishing a page”, but the actual process of putting up a web page is very different from physical publishing by making and distributing printed paper. So a rule “It’s okay to read this page, but you can’t make a copy of it” doesn’t acknowledge that, in order to read a page, the bits that make the page must necessarily be copied to the reader’s computer.
Different goals conflict. Law enforcement might require that a site owner keep records of everyone who posts information, in order to be able to track down those who post illegal or defamatory material, while, at the same time, privacy regulation might insist that the same site owner not keep records.
The internet is global, but governance is local. The jurisdiction of law, regulation and social values are geographically based, but the Internet has no simple boundaries. Yet values, regulation, laws from different jurisdictions are inconsistent, and often conflicting. Is it possible to conform to the norms of everyone from a single web site?

Audience

Technology standards can help reduce some of the difficulties by providing appropriate terminology, guidance and standards. For example, W3C Recommendations for accessibility have helped reduce some of the unnecessary variability between accessibility guidelines in various countries.

There is a clear path for voluntary industry standards to make their way into contractional obligations and ultimately into law.[[Hemenway]]

As a community of technologists focusing on bringing the web to its full potential, documenting the intended or accepted practice for new technology areas can help influence the legal community. It is common that judges will ask what the consensus practice or standard is in a technical community when forming judgments.

Even if seemingly "stating the obvious", putting together a technical introduction to those developing governance methods we hope will be useful to lawyers, judges, legislators, administrators.

This can take the form of a framework, a set of definitions, or a set of roles and relationships, an analysis, etc.

Whatever its form, it must take a stand of some kind - not a legal stand, but an engineering stance. The lawyers already know the law, so talking about legal situations would be out of order. Taking a stand is not "this is what I think the law should be" and the statement shouldn't say anything about law. Rather it is: "This is how we think about the technology, and what the technology is for."

Governance requirements constrain architecture

In order to build systems such that those responsible for the systems are capable of meeting expectations, it is often the case that governance adds requirements to the overall architecture of the system. For example, an obligation to keep records of use requires system data paths to gather the required records; an obligation to avoid publication of certain categories of material requires some means of distinguishing wanted from unwanted content.

On the other hand, to be clear, effective and fair, rules, regulations, laws and expectations need to be written in terms that match the technology. New technologies often allow novel means of communication, where relationship such as causality, responsibility, speed of access, and distribution policies are widely different from earlier technology. A mismatch between governance and actual usage often leads to mandated requirements which cannot be easily and consistently interpreted.

Governance areas

This section lists some governance areas of special impact to the web, and notes some of the issues to consider. (The order is not significant.)

Privacy. The Web allows an unprecedented opportunity for gathering, distributing, and otherwise using information about individuals that might otherwise be considered "private". The increased capabilities, along with the difficulty of understsanding the impact of technology choices, has lead to increased legislative concern for privacy.
Copyright. Copyright is concerned with creating and maintaining the rights of creators and publishers of work with regard to limiting the redistribution and reuse of their work.
Censorship. Censorship is concerned with restricting unwanted content. Content can be unwanted for many reasons: it is considered offensive (pornography), seditious, defamatory, or otherwise considered harmful. Censorship is practiced by all societies, but the nature of what is wanted or unwanted can vary widely.
Accessibility. Insuring that the Web is accessible to individuals with disabilities is central to many, Web accessibility includes making content and interfaces accessible, as well as providing tools that are accessible.
Open Data. Beyond publishing content as text or in other human-sensible forms, there is increasing demand for availability of data in processable form.
Law Enforcement.Many jurisdictions require Web operators to keep records relating to the operation of Web services, to aid not only in enforcing of other direct governance areas, but also for non-communication crimes.
... uniformity ... anonymity ... archiving ...

Policy consequences

The consequences of providing products and services on the web that do not comply with governance requirements can range widely.

At the mildest, there is no enforcement other that public pressure -- "bad PR", e.g., for the company selling the offending product or service. This is a form of enforcing community consensus which is at the core of voluntary standards.
Regulation might prevent or limit sales in some segments. (E.g., government departments will not purchase a product/service that does not comply with government accessibility standards.) For example, if copyright laws consider the manipulation of copyrighted photographs a violation, products and services aimed at photo manipulation might be favored less.
More seriously, legislation and regulation might cause fines or even criminal liability, e.g., when data protection regulations are not met or when illegal content is hosted.

Technology areas

This section lists some of the technology areas that an examination of the interaction of governance and web architecture might cover.

Publishing and Linking. As covered In the TAG document "Publishing and Linking On the Web", we examine the releationship of publishing to governance areas such as copyright and censorship.
Logging, tracking. Most services and users keep logs of previous behavior. These logs however also serve as a basis for supporting or interfering with the governance areas of law enforcement and privacy.
Cookies, local state. These mechanisms are architecturally useful and sometimes in service of tracking, but are also in the critical path of the user's actions.
Initiated communication.Web servers and processes that send mail, initiate instant messages interact with governance around privacy.
Authentication, Signatures Determining that the communication is from an auhtorizated user. Determining that the user intended to send the message.