The State of the States

David G. Post                                                                                                                Back to DPost home page
American Lawyer, "Plugging In," September 1998

*************************************************
Feel free to redistribute this column, but please retain author attribution if you do so. If you are not on the mailing list to receive this column and would like to be, send a message "Subscribe" to me at Postd@erols.com
*************************************************

Call it "devolution," or "new federalism," or what-have-you -- it is hard to deny that the past decade or two has seen a rather significant re-orientation of regulatory philosophy in this country, a shift in power down the regulatory hierarchy towards a more vigorous role for local institutions. My guess is, however, that at least with respect to online activities (a category, as I have stressed any number of times in this column, assuming greater and greater importance) the golden age of State lawmaking may have already reached its apogee.

Consider one issue getting a fair bit of play in the media these days -- Internet gambling. A number of State governments view the Internet's potential to allow easy access to virtual casinos with alarm -- perhaps because they are concerned with protecting their citizens against fraud and reducing the corrosive effects of gambling on the moral fabric of the community, perhaps because they are concerned with protecting their lottery revenues from competition. Minnesota and Missouri, for example, have each begun civil proceedings against Internet gambling operations, and several States (including my home state of Pennsylvania) -- have begun discussing legislation aimed at prohibiting these practices.
 

Reasonable people, of course, might suggest, for reasons having nothing to do with the special character of Internet gambling, that this is the sort of purely private, consensual conduct that States should leave alone. But putting aside, for the moment, any doubts one might have about the need for legislation of this kind, the more interesting point for my purposes here is that even assuming that States have a legitimate interest in protecting its citizens from the evils of Internet gambling, the Internet itself severely constrains the States' power to do so. More interesting still is the paradox that even if I'm wrong, and State law could reduce the incidence of Internet gambling, the Constitution would probably prohibit it from doing so.

I had occasion to ponder these issues when I was asked to testify before the Pennsylvania General Assembly in regard to several recently-introduced bills dealing with the problem of Internet gambling. The two proposed Pennsylvania bills nicely illustrate the spectrum of means for approaching the problem of regulating online conduct. One of the bills (HR 2271) focuses on the actions of individual bettors; it would make it a crime for individuals to "participate in on-line gambling over the Internet or through an interactive computer service."

Will HR 2771, if enacted into law, serve as a deterrent for the conduct at issue? Suppose I had spent several hours this morning at my office computer (at Temple University Law School in Philadelphia) wagering at one of the available Internet gambling sites; let's call this site "www.webcasino.com." I fired up my Internet browser (using Temple's Internet gateway as my "service provider"), logged onto the site, entered some identifying information (name, credit card number, etc.), and placed $100 on the Baltimore Orioles to win the American League pennant. If HR 2771 is to deter this conduct, law enforcement officials must be able to detect violations such as mine; how will that detection be accomplished? How will prosecutors ever gain access to the information that individuals have violated these statutory provisions?

It is, to be sure, not impossible for them to do so. There may indeed be a record of the fact that I visited this gambling site. Many web browsers, for example, store a record of the web sites that users have visited; so on my hard drive, at this moment, there may well be a record of my having visited the webcasino.com site. Similarly, my Internet Service Provider -- in this case, Temple University, the entity through whose computer I connect to the Internet -- has the capability to store a record of all Internet sites that I have visited.

But even putting aside the intrusiveness on the personal privacy of Pennsylvania Internet users that would be required to obtain evidence of my wrongdoing, reliance on these records for enforcement of this bill will prove ineffective because these detection mechanisms can so easily be evaded. For example, it is trivially easy -- three mouseclicks, to be precise -- for me to disable that feature of my web browser that stores on my hard disk this record of the sites I have visited. And as far as the record stored by my Internet Service Provider is concerned, while evasion takes a tad more ingenuity and familiarity with computers, it is hardly difficult to ensure that my Service Provider's records do not reveal my movements through cyberspace. I can, for example, go to one of the widely available "anonymizer" sites that assign me an encrypted "alias" as I move from website to website, effectively eliminating any record that this particular user ("DPOST" from the Temple University Internet server) took any particular steps on the Internet. Additionally, there is a widely-available tool available on the Internet -- known as the "Telnet" protocol -- that allows users to use remote Internet computers (i.e., computers other than the ones provided by the user's service provider) as the user's "host" computer for an Internet session. Again, were I to utilize this technique, my service provider would have no record of the sites that I visited after I "switched" to the other host.

While these evasion techniques can currently be used only by "sophisticated" computer users, it is a virtual certainty that public awareness of these tools, and their availability to "unsophisticated" users, will increase precisely to the extent that activities like Internet gambling -- i.e. activities that people, for whatever complicated reasons, desire to engage in -- are outlawed. HR 2271 is analogous to prohibitions on drug use in a context where the evidence of that use can be easily made to disappear by the users -- not a formula for effective law enforcement or effective deterrence.

The second bill (HR 2438), on the other hand, goes after the "intermediaries" -- the actual providers of gambling services -- rather than the individual Internet users. It makes it a crime for those "engaged in the business of betting or wagering" to use any computer "for the transmission or receipt of bets or wagers," if (1) the person placing the bet or wager, (2) the computer receiving the bet or wager, or (3) any communication facility used in transmitting the bet or wager, is located in Pennsylvania.

Detecting violations of this statute (unlike HR 2771) will be relatively easy; those "in the business of betting," after all, generally advertise their services as a means of attracting customers, and it would hardly be difficult for someone in the Pennsylvania Attorney General's office, for example, to compile a regularly-updated list of Internet sites at which bets and wagers are being placed in violation of this statute. And if the www.webcasino.com "server" is located within Pennsylvania, it will be relatively straightforward to institute an action against the operators under the terms of this bill.

Thus, if the purpose of this legislation is to eliminate those machines that provide gambling services from within Pennsylvania, it may well accomplish that goal. But one should not harbor the misapprehension that forcing such operations to migrate to other jurisdictions (many of which, in the United States or elsewhere, permit gambling operations of this kind) will have any appreciable impact on the accessibility of Internet gambling to Pennsylvania residents. A critical design feature of the Internet -- indeed, its most revolutionary feature -- is that physical location is irrelevant, in the sense that network servers and online addressees are equally accessible from everywhere. Any Web site in any odd corner of the network can be accessed with essentially equivalent transmission speed and message quality from any other corner of the network. The effects of whatever information is available at a given site are felt simultaneously and equally in all jurisdictions, independent of their "distance" from one another.

Internet servers outside Pennsylvania can thus be no less "conveniently" accessed by Pennsylvania Internet users than those within the Commonwealth. So, if the goal of this legislation is to reduce the availability of Internet gambling sites to Pennsylvanians, it will be entirely ineffective -- unless the provisions of this statute can be enforced "extraterritorially," i.e., against operators whose computers are located in other jurisdictions. Indeed, the statutory language appears to contemplate such extraterritorial scope; by criminalizing the use of computers for the receipt of bets or wagers whenever the "person placing the bet or wager" is located in Pennsylvania, and whenever "any communication facility used in transmitting the bet or wager" is located in Pennsylvania, the statute would appear to be enforceable against the www.webcasino.com site even if it is located in Nevada, or Belize.

Traditional jurisdictional principles might indeed support these assertions of extraterritorial jurisdiction, on the ground that Pennsylvania has a legitimate interest in prosecuting those whose actions outside Pennsylvania have an "effect" inside Pennsylvania. But assertions of extraterritorial jurisdiction are inherently destabilizing double-edged swords. Pennsylvania (like all States) will seek an expansive reading of extraterritorial power when it is enforcing its law against wrongdoers from outside, while seeking a restrictive reading when citizens of other States seek to enforce their law against Pennsylvania residents. As all fifty States begin to reach out more and more to attempt to control out-of-state activity -- as they must, if they seek to regulate Internet activity -- each actor in online commerce, wherever he or she may be located, is faced with a welter of overlapping and quite possibly inconsistent obligations with which to comply.

If it sounds chaotic, it is -- precisely why it is forbidden under the Constitution. The so-called "dormant Commerce Clause" has long been held, in the Supreme Court's words, to "preclude[] the application of a state statute to commerce that takes place wholly outside the State's borders, whether or not the commerce has effects within the State." Where conduct takes place on an interstate "network," the Commerce Clause requires a "cohesive national scheme of regulation" so that users can be "reasonably able to determine their obligations" and can avoid becoming "lost in a welter of inconsistent laws, imposed by different states with different priorities" As it was with the interstate railway network, see Wabash, St. L. & P. Ry. Co. v. Illinois, 118 U.S. 557 (1886) and Southern Pac. Co. v. Arizona ex rel. Sullivan, 325 U.S. 761 (1945), and the interstate highway network, see Bibb v. Navajo Freight Lines, Inc., 359 U.S. 520 (1959), so, too, with the Internet: the compact between the States to form the federal Union prohibits State interference, at least where the practical effect of such regulation is to require conformance with local laws by out-of-staters.

This constitutional principle -- somewhat overshadowed thus far in the annals of Internet jurisprudence by its sexier cousin, the First Amendment -- has already made its appearance in a significant but under-publicized decision (American Library Association et al v. Pataki, 969 F. Supp. 160 (SDNY 1997)) in which the court struck down New York's attempt to control the transmission of "indecent" material on the Internet on just these grounds. Any Pennsylvania legislative scheme that requires extraterritorial enforcement similarly runs afoul, I would suggest, of this constitutional prohibition. This problem -- assuming, again, that it is a problem, and all others like it, simply cannot be attacked by a prohibition at the State level.

So its national regulation we need -- and its national regulation we may well get. As I write this, the Senate has just passed the Internet Gambling Prohibition Act of 1998, a bill essentially mirroring HR 2771 in making it a federal crime to gamble on the Internet. And here's where things get interesting. The Internet, of course, is as much an international, as it is an interstate, network; recognizing this, the Senate bill contains (as it must, if it is to be effective) an endorsement of extraterritorial application of the statute's terms. But at this level of the legal system -- as regards the relations between individual nations, rather than individual States -- there is no binding Commerce Clause to refrain extraterritoriality, no mutually accepted legal principle that constrains individual units from trying to impose their laws on residents of other units. We are about to see, that is, precisely why the Commerce Clause was a good idea, and how chaotic legal relationships become without it. And anyone who even hazards a guess as to where this system ultimately ends up is a bigger fool than I.