It’s Time To Regulate The Internet… But Thoughtfully

Chris Riley
6 min readSep 3, 2020

[Note: This piece was originally published on TechDirt.]

The internet policy world is headed for change, and the change that’s coming isn’t just a matter of more regulations but, rather, involves an evolution in how we think about communications technologies. The most successful businesses operating at what we have, up until now, called the internet’s “edge” are going to be treated like infrastructure more and more. What’s ahead is not exactly the “break them up” plan of the 2019 Presidential campaign of Senator Warren, but something a bit different. It’s a positive vision of government intervention to generate an evolution in our communications infrastructure to ensure a level playing field for competition; meaningful choices for end users; and responsibility, transparency, and accountability for the companies that provide economically and socially valuable platforms and services.

We’ve seen evolutions in our communications infrastructure a few times before: first, when the telephone network became infrastructure for the internet protocol stack; again when the internet protocol stack became infrastructure for the World Wide Web; and then again when the Web became infrastructure on which key “edge” services like search and social media were built. Now, these edge services themselves are becoming infrastructure. And as a consequence, they will increasingly be regulated.

Throughout its history, the “edge” of the internet sector has — for the most part — always enjoyed a light regulatory yoke, particularly in the United States. Many treated the lack of oversight as a matter of design, or even as necessarily inherent, given the differences between the timetables and processes of technology innovation and legislation. From John Perry Barlow’s infamous “Declaration of the Independence of Cyberspace” to Frank Easterbrook’s “Cyberspace and the Law of the Horse” to Larry Lessig’s “Code is law,” an entire generation of thinkers were inculcated in the belief that the internet was too complex to regulate directly (or too critical, too fragile, or, well, too “something”).

We didn’t need regulatory change to catalyze the prior iterations of the internet’s evolution. The phone network was already regulated as a common carrier service, creating ample opportunity for edge innovation. And the IP stack and the Web were built as fully open standards, structurally designed to prevent the emergence of vertical monopolies and gatekeeping behavior. In contrast, from the get-go, today’s “edge” services have been dominated by private sector companies, a formula that has arguably helped contribute to their steady innovation and growth. At the same time, limited government intervention results in limited opportunity to address the diverse harms facing internet users and competing businesses.

As the cover of the November 17, 2019 New York Times magazine so well illustrated the internet of today is no utopia. I won’t try to summarize the challenges, but I’ll direct anyone interested in unpacking them to my former employer Mozilla’s Internet Health Report ( as a starting point. We are due for another evolution of the internet, but in contrast to prior iterations, the market isn’t set up for change on its own — we need government action to force the issue.

I’m not alone in observing that the internet regulatory tide has turned. Governments are no longer bystanders. We are witnessing an inexorable rise in intervention. This is scary to many people: private companies operating in the sector worried about new costs and changes, academics and think tanks who celebrate the anti-regulatory approach we’ve had thus far, and human rights advocates concerned about future risks to speech and other freedoms. The internet has been an incredible socioeconomic engine, and continuing the benefits it brings requires preserving its fundamental good characteristics.

While new laws are not without risk of harm, further regulatory change today seems both necessary and inevitable. The open question is whether the effect will be, on balance, good or bad. If these imminent changes are done well, the power of government oversight will be harnessed to increase accountability and meaningful transparency, promote openness and interoperability, and center the future on user agency and empowerment to help make markets work to their fullest. If on the other hand these changes are done poorly, we risk, among other undesirable outcomes, reinforcing the status quo of centralized power, barriers to entry and growth, and business models that don’t empower users but instead subject them to ever-worsening garbage.

I’m an optimist; I think we’re on a course to make the internet better through good government intervention. From my perspective, we can already see the framework of the future comprehensive internet regulation that is to come, for better or for worse. Think of it as the Internet Communications Act of 2024, to use a U.S. naming convention; or the General Internet Sector Regulation, following the E.U. style. Advocates for a better internet can either sit on the sidelines as these developments continue, decrying the (legitimate) risks and concerns; or they can get into the mix, put forward some good ideas, and build strategies and coalitions to help shape the outcome so that it best serves the public’s interest.

Where are the key policy fights taking place? Geographically, over the past few years, we’ve seen the center of internet policy shift from Washington D.C. to Brussels, and that’s where we can see the future emerging most clearly today. The GDPR illustrates this shift, as despite its imperfections, it established a new paradigm for data protection that has been echoed in Kenya and California, with more to come.

This isn’t just a story about Europe, or about privacy, though. Competition reform is racing forward with major investigations and reports around the world; the United Kingdom has done perhaps the most work here, with its eye-opening Final Report of July 2020 (all 437 pages and 27 appendices of it!). Many countries are undertaking antitrust investigations of specific companies or reevaluating the modern day fitness of their competition legal frameworks.

Meanwhile social media companies and, more broadly, internet companies as intermediaries for user communications online, have come under fire all around the world, with Pakistan and India making some of the most aggressive moves so far. The European Union is advancing its own comprehensive regulatory vision for online content through the Digital Services Act, just as the United States is reevaluating its historical intermediary liability safe harbor, Section 230.

In the United States, we’re seeing a moment that bears many similarities to the late 1960s in the buildup to the Clean Air Act of 1970. That law had powerful bipartisan support, and commensurate industry opposition. Just as with those early climate political wars, advocates for reform are facing the weaponization of uncertainty as a tactic to resist government intervention, with the abuse of data and science and metrics to advocate for an outcome of inaction. As with climate change, inaction to address the harms presented by the internet ecosystem today is itself is a policy choice, and it’s the wrong one for the future health of the internet. I believe change will come though, and as with the Clean Air Act, eventually we’ll look back and appreciate the sea change we made by intervening at a critical moment. (Sorry, that pun was mostly inadvertent — and, in fact, a bit unfortunate given the current state of play of climate politics and the climate crisis… but that’s a piece for another author, another day.)

Considering that the Clean Air Act established the Environmental Protection Agency, perhaps in the U.S. we need what Harold Feld and his colleagues at Public Knowledge have been calling for in the Digital Platform Act, establishing something akin to an Internet Protection Agency. Or perhaps, as I’ve supported in the past, we need a revamped Federal Trade Commission with greater authority, building on that agency’s success at integrating technologists into its consumer protection work. Increasingly, I’m inclined towards the idea that what we need is an expanded Federal Communications Commission, given that agency’s relatively broad authority (no matter how circumscribed by the current leadership) and the nature of this evolution as advancing what feels like modern day communications infrastructure. The United Kingdom has decided to go in this direction for content regulation, for example, appointing OFCOM to manage future “duty of care” obligations for online platforms. The technologies and businesses are very different between the traditional telecom sector and the internet ecosystem, though, and substantial evolution of the regulatory model would be necessary.

Regardless of where you situate the future policymaking and enforcement function within the U.S. government, we’re still at the normative development stage on these policy issues. And frankly, the internet policy world needs some new ideas for what comes next. So, over the next few posts in this series, I’m going to share a few fresh thoughts that I’ve been mulling over. Stay tuned!



Chris Riley

Disruptive internet policy engineer, beverage connoisseur, gregarious introvert, contrarian order Muppet, and proud husband & father. Not in order.