Cyber & Technology

Invisible Hands and Iron Fists: Challenges in Regulating the Innovation Economy

By Megan Stifel, Jamil N. Jaffer
Thursday, August 17, 2017, 1:49 PM

Have you heard of “Regulators in Cyberia”? No, it’s not the latest thriller on the silver screen. Rather, it’s a white paper recently released by the Federalist Society’s Regulatory Transparency Project that explores the challenges existing regulatory approaches pose to technological innovation.

The paper, whose writers are an ideologically diverse group of participants in the RTP’s Cyber and Privacy Working Group, is the first phase of multi-year project to examine the impact regulations have on the modern American economy. Neither the project nor the paper itself purport to provide a complete solution to important questions about whether and when, if ever, governmental entities should establish regulations or standards, particularly when it comes to rapidly changing sectors. Instead, the paper aims to set out and analyze several questions across multiple topic areas to aid such an assessment. At the same time, the paper’s overall analysis suggests healthy skepticism is warranted when it comes to potential regulation in such environments. Below is a summary of its assessment and findings.

The Internet’s pioneers hardly envisioned the dramatic growth and transformation that characterize today’s Internet. A relative lack of regulation accelerated early digital innovation. The paper then highlights five examples that illustrate the hazards that can result when regulations predating the Internet revolution make first contact with the economic and social opportunities unleashed by interconnected technologies. Among other things, they demonstrate that the impact of Moore’s Law—the doubling of computer processing power every 18-24 months—makes regulation a particularly weak tool to achieve policy objectives, including privacy and security, arguing instead that in a rapidly changing technological environment, these goals can often be most effectively met through the use of market incentives. In recent years, the specter of regulation has threatened the viability of the sharing economy and the broad availability and export of cybersecurity products and could hamper the rapid innovation that currently characterizes the evolution of the so-called “Internet of Things.”

Many of the examples will resonate with Lawfare readers. For instance, readers likely remember the recent uproar over whether (and how) certain cybersecurity products ought to be covered by the Wassenaar Accord’s export control regime. To be sure, the issue was hotly debated in certain circles, but common wisdom among many technologists is that this debate—and the deeply flawed outcomes it engendered—demonstrates the inability of government bureaucrats to effectively address technological innovation. Indeed, the effort to regulate the transfer of these products suffered deeply overbroad definitions, which swept within the proposed modification’s mandate not only tools commonly used in run-of-the-mill penetration testing, but also tools used to identify compromised machines. Equally as concerning, the effort overlooked the crucial fact that the activities of greatest concern—the distribution of crimeware by criminal groups—would rarely (if ever) become the subject of an export licensing request under the Wassenaar regime. Given the broad availability of such tools on the black market, all the licensing controls in the world won’t keep the tools out of the hands of bad actors, authoritarian regimes and criminals alike.

The paper offers several other examples of regulatory incongruity, noting that it is easy to forget today that innovators like Uber, Lyft, Kickstarter, Airbnb—products that enable consumers to directly connect with each other to allocate excess capacity and satisfy demand for services—once faced stiff opposition from entrenched and (sometimes highly) regulated incumbents. In some geographies, this opposition continues. Entrenched local and regional industries engage in rent-seeking behavior to stifle new competition. For example, with Uber and Lyft, existing market players voiced ostensibly safety- or privacy-related concerns and argued to regulate the innovators in a manner similar to the incumbents. Luckily for those who (like the authors of this post) use Uber and Lyft with reckless abandon, consumers were able to band together to successfully oppose such anti-competitive efforts: in response to numerous municipal efforts to apply ill-suited regulations to ride sharing, 41 states adopted a streamlined approach that satisfied public safety concerns while also enabling the economic benefits of the sharing economy to expand.

The paper, which covers a range of other topics, including the implementation of the Americans with Disabilities Act (ADA) to the Internet of Things, is available on the Regulatory Transparency Project’s website here.

The Project is crowdsourcing experiences with regulations: improve this effort by sharing your own experience here.