Equally important as what is regulated is how it’s made compliant
The first question is what is regulated? The knee jerk response is the technology, but that’s not what would be most effective here. The technology is already regulated at least partially, by what is and isn’t allowed beyond certain borders. The technology also changes so quickly, trying to regulate it solely isn’t feasible.
In the United States efforts have been made to both regulate and control Internet usage. You need only to look as far as existing governing bodies, such as the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC). They have the blueprints of the what needs to be regulated, but their regulations are based on delivery systems much more limited than the Internet so they aren’t as effective as they could be. As for control, just look at the RIAA and the ongoing battle against Net Neutrality. This “Carve out our piece of the pie” approach fails because it doesn’t take into account the rights and relationships of the Business Partners, Clients and Customers and protects no one but the interest group that’s pushing its own agenda.
So start with the what of regulations, based on the rights and relationships and the existing blueprints. Some things will need to be thought of internationally and some nationally, asking the experts in their fields for input. And it needs to be mandated (yes, that means government). This is possibly the easier of the tasks, but by no means will it be simple.
Where regulating the Internet will succeed or fail will be in compliance. Compliance needs to be scalable and seriously determined by those implementing the regulations. In turn the implementing parties will be held accountable on every level for being compliant. And what is the basis for the scalability? Ability and Resources. There are three main reasons/examples of this.
- If you’ve ever been involved on any front of bringing a legacy system into compliance with new regulations, you know it’s a completely different process than building a new system to compliance. Both ability and resources come into play on this. So two different companies have two different methods of compliance based on the systems they have and how they have to reach compliance. In some cases that answer is to start from scratch.
- Different types of service providers have different needs and concerns toward compliance. ISPs, whether they be DSL, Cable, WiFi or other delivery systems need to approach compliance differently from Application Service Provider, so Verizon, AT&T and Comcast, et al. have a different set of needs than Facebook, Netvibes, Microsoft and Apple.
- Those with with most resources have the most to protect through the regulation, multibillion dollar corporations as compared to startups. Any acquisitions of smaller companies will automatically scale compliance based on the gains by the acquiring company/corporation. Those protections will also be shaped by the relationships between business partners, clients and customers.
How does all this happen? By an implementation period as a part of the regulatory process. During this period all the parties responsible for implementing regulations must document what they determine to be compliance based on the best of their ability and resources. Then meet those standards of compliance by the end of the implementation period. The implementing company/partner/corporation will be held accountable to those standards. If they cannot provide the proper documentation or their standards through documentation are found to be inadequate or inappropriate, they are held responsible and are open to any and all penalties for non-compliance. For example, if a Terms of Service Agreement written as a part of compliance is found unreasonable or unenforceable, it’s non-compliant. It serves everyone to be as thorough as possible and it will also provide a basis to be proactive. Anything developed after the implementation period needs to either be compliant to existing documentation or have new documentation completed prior to its roll-out.
It’s not a new approach, nor is it quick, simple or easily understood. It is workable and scalable even as new technology replaces old. It all comes down to this: Publicly available doesn’t mean unprotected and we need to get started on this as soon as possible.
That’s a 30,000 foot view, what do you think?