People Protocols

"Arguing in My Spare Time" No. 2.23

by Arnold Kling

May not be redistributed commercially without the author's permission.
Index

The week of November 29, the city of Seattle was the scene of an uninformed mob feebly attempting by anachronistic methods to alter the shape of the future. While I could be referring to the demonstrators protesting the meeting of the World Trade Organization, in fact what I mean is the WTO itself. What these international government bureaucrats have to do with anything escapes me.

Six years ago, I attended a talk by Vinton Cerf, who helped shape the governance of the Internet. His description of the Internet’s decision-making processes was one of the most fascinating parts of the presentation.

The standards and protocols that are at the core of the Internet were arrived at using a system that one might call "just-in-time government." As a problem arose, the engineers with the biggest concerns about it formed task forces to come up with solutions. If two groups had different views of how a standard should be formulated, it was almost certain that each group would be represented on the task force. Progress involved gaining consensus among the most intensely interested parties.

The standards of the Internet were promulgated as "Requests for Comment" (RFC’s). That is, a task force would draft a standard and publish the proposal as an RFC. In theory, this is an interim step, which would be followed by comments and then a final proposal. In practice, the RFC became the final standard, unless amended by a later RFC.

One reason that the RFC’s were final is that most interested parties already had input into the RFCs. Another reason is that there often were many software programs and products whose launch was being held up pending the publication of a standard. The typical competitive practice was to release these products as soon as possible after the publication of the RFC, under the assumption that the standards of the RFC would be final. The results of this practice were self-fulfilling. The rapid release of products that conformed to an RFC tended to make it a de facto standard.

The purpose of the RFC process was to develop the Internet Protocols. These protocols enable computers to communicate with one another. However, the usage of the Internet has moved beyond the connection of computers. It evolved into a tool by which people communicate.

Many of the most irksome problems with the Internet, such as unsolicited email, complexity of online transactions, and privacy-invading profiling, are due fundamentally to the fact that we lack People Protocols. Computers have identity and standing on the Internet. People do not. Computers have IP addresses, cookies, and firewalls. People have no fixed address, no identity, and no way to enforce boundaries on our personal Internet property, including our email box.

Here are some of the characteristics that I believe that People Protocols should have.

1. I should be able to establish a unique identity. Wherever I might use the Internet, I should be able to use this identity. One way to implement this would be to have a smart card that responds only to me (perhaps it uses my voiceprint) that in turn I can use to log onto telephones, computers, or other devices.
2. I should be able to know when someone is attempting to forge someone else’s identity. If someone is attempting to impersonate someone else in an email, or set up a web site that purports to belong to someone else, this should be immediately obvious.
3. Although I should have a unique identity, I might specify multiple roles. One role could be related to my family. Another role could be related to my business. Another role could be related to a club in which I am active. Both email that I send and email that I receive could contain optional information that indicates a specific role. But all of my email can still go to a single address, and then be sorted by role.
4. An organization should be able to set up generic addresses to receive some types of inbound emails, such as customer service inquiries. However, outbound emails should come from people, not from generic addresses.
5. I should have the option of remaining anonymous. However, people should have the option to filter out anonymous correspondence.
6. More generally, I should have the ability to control what information about me is visible to different people and organizations. In a chess-playing forum, I may want only my chess rating to be visible. I may want all of my past book purchases to be visible to a book recommendation service, which might or might not be affiliated with a bookstore. Access to one piece of information about me should not imply access to other information.

The Internet will operate differently with People Protocols in place. The key, in my opinion, is item (1), the unique individual identity. Once you have that, then solutions to common Internet problems are at hand.

For example, with a unique individual identity, it becomes easier to control unsolicited email. Today, most of the remedies that are available for spam are taken against an email account. For example, I can block email from that address, or I can notify the service provider, who may delete the account. But the spammer always can go get a new account. If these remedies were taken against the person, rather than the email account, they would be much more effective.

With a unique individual identity, I would no longer have to trade off convenience for privacy. I could reject all cookies, and instead only deal with sites that allow me to specify the way in which I make information available to them. Negotiations about privacy and security could be open conversations between me and other organizations rather than clandestine transactions between our respective computers.

With a clear identity, I am more likely to be able to realize the potential of a digital wallet. If the identity belongs to me instead of my computer, then it becomes portable. I can use it when I shop in the mall, not just when I shop on line. The stores in the mall just need to have terminals that can read my smart card. Using those terminals and bar code readers, they can provide me with fully automated checkout.

Using my smart card and an Internet terminal at a shopping mall will reduce the difference between the payment process at a store and the payment process at home using a computer. With this difference reduced, the long-anticipated phenomena of Internet banking and micro-payments are more likely to reach fruition.

Many people are looking to the government to provide leadership in areas such as privacy protection and unsolicited email. My guess is that we no longer are in an environment in which government can operate effectively. The People Protocols, like the Internet Protocols, probably will be developed by ad hoc task forces and implemented as companies compete to take advantage of important new standards.