STANDARDIZING GOVERNMENT STANDARD-SETTING POLICY FOR ELECTRONIC COMMERCE

 

By Mark A. Lemley

ABSTRACT

The U.S. government's policy towards open standards in electronic commerce is inconsistent. On the one hand, the Magaziner Report endorses the idea of interoperable standards and open standard-setting processes for electronic commerce. It also suggests that governments should not be involved in setting technical standards. On the other hand, the Report also endorses government intervention in the standard-setting process in the case of encryption. Further, it recommends expanding intellectual property rights, without acknowledging the difficulties this can cause for open standards. Professor Lemley's article draws attention to this inconsistency, and suggests ways that the government could help promote open standards if it truly wished to do so.

The Framework for Global Electronic Commerce ("Magaziner Report" or "Report") contains strong language concerning the proper development of technological standards for electronic commerce. 1 Consistent with its general anti-government tenor, the Report takes a strong position against government standard-setting in its section on Technical Standards.2 Somewhat more surprisingly, the Report also takes the position that technical standards should be open and promote interoperability,3 and strongly suggests that the standards be set by industry groups rather than individual companies.4

Unfortunately, an examination of government policy towards electronic commerce reveals that the government's actual approach to standard-setting is internally inconsistent. Further, the broad general endorsement of open standards in the Report leaves a number of important issues unaddressed, including the role of intellectual property and antitrust law in standard setting. How these questions are dealt with in practice will have a significant impact on the way in which electronic commerce develops.

I. Network Effects and the Need for Standards

The Magaziner Report does not speak of standards for electronic commerce in a vacuum. Rather, it identifies a number of different areas where some sort of standard is necessary for electronic commerce to flourish. These areas include electronic payment systems (electronic funds transfers, e-cash, smart cards and the like), security infrastructure (encryption standards), contract infrastructure (standards for authentication, integrity, and non-repudiation), telecommunications, and data interchange.5

Virtually all of these issues arise in markets characterized by network effects,6 usually fairly strong ones. Thus, the interoperability of global telecommunications systems is obviously a precondition to international electronic commerce; if data from a buyer's system can never reach a seller's system, there can be no transaction. Similarly, electronic commerce between a particular buyer and a particular seller requires them to agree on a method of payment, a method of assuring performance, a method of security, and a method of product delivery.7

It is possible, of course, to design such agreements for each transaction on an ad-hoc basis. Early electronic commerce has sometimes taken this form. In the absence of a widely-used email encryption program, for example, particular parties in an ongoing business relationship (say, lawyers and clients) will sometimes agree on an encryption mechanism for communications between them. But there are strong social benefits to having most parties use the same system, just as there are strong benefits to having most computer users work on the same operating system or word processing program. If everyone used the same encryption system or the same standards for data downloads, electronic commerce would be cheaper and easier than in a world without a dominant standard. The benefits are even more stark where there is little intrinsic difference between competing standards. There may be no inherent reason to prefer one brand of smart cards to another, for example, but there are certainly strong benefits to having a smart card that works in a large variety of vendors' machines.

In short, much of the infrastructure of electronic commerce would benefit from uniform standards. There are three basic ways to produce such standards. First, the government can mandate the choice of a particular standard, as happened historically in telecommunications and broadcasting. Second, industry players can come together in a standard-setting organization to select a single standard on which they will base their products. Finally, if the economic incentives for standardization are strong enough, no one needs to "choose" a standard at all: the market will "tip" to favor one particular product (a new, de facto standard) at the expense of competing products.8 Each approach has advantages and disadvantages.9

II. Government Participation in Setting Electronic Commerce Standards

The Magaziner Report takes a strong position against government-imposed standard setting for electronic commerce. It includes strong rhetoric on the importance of standards being set in the marketplace, not by a bureaucracy. This rhetoric seems to be directed abroad more than at home. Indeed, the First Annual Report of the U.S. government's Working Group on Electronic Commerce touts as a major accomplishment a resolution it pushed at the Global Standards Conference in 1997 in which government participants agreed to let the private sector lead in standard-setting.10 While there is talk of a limited role for government science agencies in facilitating development of open standards,11 a reader of the Magaziner Report could be forgiven for thinking that the major project of the government in setting Internet standards will be to get out of the way.

Despite this strong rhetoric, the Administration has shown no hesitation in jumping into the standard-setting process when doing so would further its substantive goals. The most glaring example involves encryption policy. The government has for many years tried every means at its disposal, short of an outright ban, to prevent industry from coalescing around a strong encryption standard.12 The Report claims that it is "encouraging the development of a voluntary, market-driven key management infrastructure," or at least that "in partnership with industry, [it] is taking steps to promote the development of market-driven standards."13 This is nonsense. For several years, the government has "encouraged" key escrow encryption by refusing to let industry export anything else14 and by refusing to buy products that don't meet its idea of a proper standard.15 Even today, in a period of liberalization, the government still prohibits general commercial export of strong encryption products. One can agree or disagree with the government's arguments against strong encryption and in favor of a back door for law enforcement. I, for one, am largely agnostic on the subject. However, it is clear that in the area of encryption, the government has hardly left voluntary standard setting to take its own course.

Two other examples help illustrate this point. First, the Administration pushed Congress for years to enact some sort of criminal copyright statute regulating the development of so-called "circumvention devices" that facilitate copying.16 Indeed, its support for such a law is one of the centerpieces of the Magaziner Report.17 The Administration finally succeeded in 1998, when Congress passed the Digital Millennium Copyright Act ("DMCA").18 The primary purpose of the DMCA is to intervene in the innovation marketplace, by imposing what one might call "unilateral technological disarmament" on designers of encryption-breaking systems.19 Not only has the government once again intervened in the technological marketplace to promote its agenda, but it did so here in a way that is almost diametrically opposed to its efforts to push key escrow. One can perhaps discern a consistent government policy here-something along the lines of "the U.S. government should have the means to break encryption, but no one else should"-but it is hardly one consistent with the overarching principle that "the private sector should lead."20

Finally, it is worth considering the Report's approach to telecommunications regulation. True, the government has pushed quite strongly for telecommunications deregulation both here and abroad. But the Report also indicates that government telecommunications policy must be founded in part on "guaranteeing open access to networks on a non-discriminatory basis."21 I happen to think this is sound policy,22 and it does leave a good deal of room for private companies to maneuver. But a policy of open interconnection certainly contemplates government setting, if not the actual technical standards for telecommunications companies, at least the framework for those standards.

III. Open vs. Closed Standards

The Magaziner Report's commitment to open, interoperable standards in telecommunications raises a more general issue for technical standard setting: the role of intellectual property in standards. Computer software is eligible for patent, copyright, trademark, and trade secret protection, as well as protection by contract.23 While there is some debate over the scope of some of these rights as applied to industry standards, particularly copyright,24 there seems no question today that a single company can at least own patent rights that dominate a standard25 and probably copyright rights in a standard as well.26 Recent developments make possible intellectual property ownership not merely of technical standards, but of entire business models in the electronic commerce environment.27 The Magaziner Report generally endorses strengthening intellectual property rights in the electronic commerce environment.28

It should be evident, however, that the goal of strengthening intellectual property protection is in some tension with the goal of promoting open standards for electronic commerce. While some intellectual property owners might choose to open their standards to competition-Sun Microsystems has done so with Java, for example29-as a rule intellectual property ownership in a de facto standard is inimical to open standard setting.30 The way to achieve a truly open, interoperable standard is to put the standard itself in the public domain. TCP/IP and HTML are good examples of public domain standards that nonetheless inspire both collaborative work to improve the standards (in the Internet Engineering Task Force ("IETF"), among other places) and the development of proprietary content for and extensions to the standards. One can imagine a world in which Microsoft owned the intellectual property rights in both TCP/IP and HTML, but it is hard to believe that the course of Internet development would have been the same.

Standard-setting organizations do offer a potential way to preserve open standards despite the presence of intellectual property. Many standard-setting organizations, including the IETF, have by-laws that restrict the ability of members to own or assert intellectual property rights in standards adopted by the group. These rules take a variety of forms. Some groups ban the ownership of intellectual property rights in standards altogether. Other groups may impose rules forbidding a member from asserting intellectual property rights in the standard altogether, or at least from asserting them against another member. Both of these approaches amount in effect to a royalty-free compulsory license. Still other groups allow members to retain intellectual property rights in a standard, but require that the intellectual property be licensed on "reasonable, nondiscriminatory terms" to those who wish to use the standard. Finally, some standard setting organizations merely require advance disclosure by members of any intellectual property rights that might cover a potential standard, so that the organization can use that information in deciding whether to adopt the proposed standard.

Such by-laws offer the possibility of preserving open standards even in a world of strong intellectual property rights. The by-laws are not without their problems, however. First, their enforceability is limited. Standard-setting organization by-laws obviously cannot bind companies who are not members of the organization; a company that is large enough (or that has a strong enough intellectual property portfolio) may simply choose to go it alone and develop a proprietary standard. Further, there is some question as to how internal rules will be enforced against members that violate those rules. Will agreeing to license a patent on nondiscriminatory terms actually bar a patent owner from filing suit for infringement? Will it limit her remedies under patent law? Or is such an agreement simply a contractual obligation enforceable only in a separate suit? Similarly, how can members of a standard-setting organization enforce a by-law that requires only disclosure of intellectual property rights, but not relinquishment or licensing of those rights? These are complex questions, and the law so far doesn't have entirely satisfactory answers.31 This uncertainty may make it hard to keep a standard open in the face of a determined effort by an intellectual property owner to close it.

Furthermore, the antitrust laws may restrict the rules standard-setting organizations can impose and enforce. A number of recent cases suggest that standard-setting organizations may not be free to compel members to license their intellectual property rights. One case, Addamax v. Open Software Foundation,32 went so far as to hold that the collective action of competitors in a standard-setting organization might itself violate the antitrust laws. While this case seems wrongly decided,33 it may serve to deter standard-setting organizations from regulating member behavior at all. Further, standard-setting organizations that negotiate with patent owners on behalf of their members risk being characterized as a buyer's cartel trying to coerce a license at an artificially low price. The Antitrust Division of the Department of Justice has even taken action against the European Telecommunications Standards Institute for compelling members to relinquish claims of ownership in the standards it promulgates.34 Finally, the Federal Trade Commission and a private company recently filed actions against Intel alleging that Intel wrongfully retaliated against intellectual property owners that sued it by barring their access to Intel's own intellectual property.35 While these cases don't directly concern standard setting organization rules, they may give such groups some hesitation about attempting to coerce compliance with their rules.

In short, we cannot be confident that standard-setting organizations can maintain open standards in the face of strong intellectual property rights governing those standards. As the number of companies that claim to own part or all of a standard increases, so does the likelihood that the standard produced by the marketplace will be owned by one competitor or another. The chance that a standard will truly be open correspondingly decreases.

IV. Lessons for Electronic Commerce

It is certainly possible to overstate the importance of group standard setting to electronic commerce. Electronic commerce can occur without a universal open standard set by a standards body. Indeed, the phenomenal growth now occurring has taken place largely without the benefit of universal standards.36

Nonetheless, there seems no question that the growth of electronic commerce could be both faster and more efficient if a number of the infrastructure problems noted in the Magaziner Report were dealt with. A number of commentators in particular have noted that the widespread deployment of electronic payment systems-particularly smart cards and electronic cash-has been delayed by the lack of a single, interoperable standard for their use.37 This is a classic network problem. Consumers won't invest in smart cards until they are widely accepted, and merchants won't accept them unless they expect consumers to use them. The problem is exacerbated by the fact that competitors' cards work on different standards, and so there is no guarantee that a given consumer's card will work with a given merchant's machine. The problem may be solved eventually if one competitor's card gains a dominant share of the market, but the uncertainty of the intervening period will delay widespread adoption of electronic commerce tools.38 Further, the fact that one company owns the resulting standard may limit total market penetration of the standard in the medium run even after the company has won the de facto standards competition. Consumers and vendors locked into the losing standard, or who are prevented by exclusive dealing arrangements from dealing with the victor, will not be able to use the dominant standard.39 In a network market, if significant participants are excluded from the standard, everybody loses.

The right choice between open and closed standards is a complex one. Factors that go into determining social welfare include the technical quality of the standards, the possibility of improving those standards over time, the variety and price of products that embody the standards, and the size of the market that will result, as well as the speed of adoption and durability of the winning standard. But in the context of electronic payment systems or transaction security, where the most important consideration is getting everyone speaking the same language, there are good reasons to think that open systems have a natural advantage. Certainly, the rhetoric of the Magaziner Report suggests the government is of that view.

If the government truly wants to promote open systems for electronic commerce, what should it do? Several possibilities come to mind. At a minimum, the government really should get out of the way of private standard setting organizations that promote open standards. The Administration's efforts to date have focused primarily on getting foreign governments not to intervene in the standard setting process.40 But U.S. rules affect standard setting organizations as well. Antitrust challenges to organization rules that promote interoperability seem more likely to injure competition than to promote it. Also, the government should at least be aware that its efforts to block or alter a standard to achieve other policy goals-as it has done in the encryption context-will impose real costs on efforts to achieve a standard by consensus.41

But the government could take a more positive role in supporting the development of open standards. It could endorse interoperability in the marketplace in the same way it has endorsed key escrow: by refusing to buy or use products that rely on a closed proprietary standard. Alternatively, the government could simply require interoperability, particularly in markets that have historically been subject to regulation.42 The Magaziner Report itself endorses just such a requirement where telecommunications standards are concerned; perhaps the government's historic role in regulating currency and payment systems43 could justify a similar requirement there. Finally, Congress or the courts could promote interoperability by erecting some limits on the scope of intellectual property protection, for example by precluding ownership of industry standards altogether or by permitting the copying of APIs where necessary to achieve interoperability. Copyright law has already made some strides in this direction;44 it may be that patent law should contain such an exception as well.

Whether or not the government decides to stand behind the Magaziner Report's rhetoric in favor of open and private technical standards for electronic commerce, two things should be clear. First, the government is perfectly willing to intervene in the development of market standards when it has an interest in the outcome. Second, the choice between open and closed standards is an important one for the development of electronic commerce, and rhetoric alone won't produce the right outcome.