Who Controls the Internet?

Last updated 5 days ago. Our resources are updated regularly but please keep in mind that links, programs, policies, and contact information do change.

The internet feels like a lawless frontier where information flows freely across invisible borders.

That impression masks a complex reality: your online experience is shaped by rules, regulations, and corporate decisions that determine what you can see, say, and do in the digital world.

These internet policies affect every American daily, from the speed of your streaming video to whether your personal data gets sold to advertisers. They decide which startups can challenge tech giants, how much you pay for internet service, and what content gets removed from social media platforms.

The fight for control happens largely out of public view, involving federal agencies, tech companies, advocacy groups, and international organizations. Their decisions create the invisible architecture that shapes online life for billions of people.

Unlike traditional governance, no single authority runs the internet. Instead, power is scattered among competing institutions with different missions and philosophies. This fragmented system creates ongoing conflicts over fundamental questions: Should the internet be treated like a public utility? Can tech platforms moderate content without becoming censors? How much personal data should companies collect?

Why It Matters

The stakes extend far beyond technology policy. Internet governance increasingly determines economic opportunity, democratic participation, and individual freedom in the digital age. Understanding how these systems work and who controls them has become essential for informed citizenship.

The current model emerged from the internet’s origins as a decentralized research network. But as the digital world has become central to commerce, communication, and culture, governments worldwide are asserting greater control over online activities within their borders. This tension between the internet’s global architecture and national sovereignty drives many of today’s most contentious policy debates.

The Governance Puzzle

Internet governance refers to the collaborative process by which governments, companies, technical experts, and advocacy groups develop principles and rules for the internet’s evolution. This multi-stakeholder approach reflects the network’s distributed design: no single entity can unilaterally control a system that spans every country.

Internet policy, by contrast, consists of the specific laws and regulations that implement governance principles. If governance is the constitutional convention, policy is the resulting legislation and enforcement actions.

This distinction creates fundamental tensions. Global technical standards ensure the internet works seamlessly across borders, managed by international bodies like the Internet Corporation for Assigned Names and Numbers. But national governments increasingly want to impose their own rules on online activities within their territories.

The result can be internet fragmentation: the global network splitting into regional systems with different capabilities and restrictions. Countries like China and Russia have built extensive domestic internet infrastructure that allows them to control or block international traffic during crises.

Even democratic countries contribute to fragmentation through conflicting laws. European privacy regulations, American free speech protections, and authoritarian censorship requirements force global platforms to create different experiences for users in different countries.

The Multi-Stakeholder Model

The internet’s governance philosophy emphasizes inclusion of diverse voices rather than top-down control by governments or corporations. This multi-stakeholder model brings together:

• Governments: Provide legal frameworks, fund research and infrastructure, and represent national interests in international negotiations.
• Private Sector: Builds and operates internet infrastructure, develops new technologies, and creates the services people use online.
• Technical Community: Engineers and researchers who develop internet protocols, manage critical infrastructure, and ensure technical coordination.
• Civil Society: Non-profit organizations, advocacy groups, and academic institutions that represent public interests and marginalized communities.

This inclusive approach enables innovation and prevents any single actor from dominating internet development. But it also creates slow decision-making processes and difficulty resolving conflicts between stakeholders with opposing interests.

The model works well for technical coordination but struggles with political and economic disputes. When commercial interests clash with privacy rights, or when national security concerns conflict with open access, the consensus-based system often produces a stalemate rather than a clear resolution.

Global vs. Local Control

The fundamental tension in internet governance is between its global technical architecture and local political authority. Internet protocols and addressing systems must work consistently worldwide, but countries want to apply their own laws and values to online activities.

This creates a complicated jurisdictional puzzle. When a user in California posts content to a server in Ireland that’s viewed by someone in Germany, which country’s laws apply? Different nations assert various forms of jurisdiction based on where users are located, where companies are incorporated, where servers are housed, or where content is accessed.

The European Union has been particularly aggressive in asserting global reach for its regulations. The General Data Protection Regulation affects any company that processes European users’ data, regardless of where the company is based. This “Brussels effect” extends European privacy standards worldwide as companies find it easier to implement a single global standard than maintain separate systems.

Similarly, authoritarian governments increasingly demand that global platforms comply with local censorship requirements or face being blocked entirely. This forces companies to choose between access to large markets and maintaining consistent global policies.

The result is growing pressure on the unified global internet. Rather than one network with universal rules, we’re moving toward a system where your online experience depends heavily on your physical location and the domestic policies of your government.

Key American Players

Internet policy in the United States emerges from interactions among several powerful institutions with overlapping but distinct authorities.

Congress Sets the Framework

As the primary lawmaking body, Congress establishes the legal foundation for internet regulation through landmark statutes that define agency powers and basic rights.

Major internet laws passed by Congress include the Communications Decency Act of 1996, which created Section 230’s liability protections for platforms hosting user content. The Digital Millennium Copyright Act of 1998 established procedures for removing copyrighted material from websites.

Congress also controls federal spending on internet-related programs, allocating billions for rural broadband deployment, cybersecurity initiatives, and digital inclusion efforts. The Infrastructure Investment and Jobs Act of 2021 included over $65 billion for broadband infrastructure and affordability programs.

Congressional oversight hearings have become major forums for internet policy debates. Tech executives regularly face questions from lawmakers about content moderation, data privacy, market competition, and national security concerns.

But Congress moves slowly by design, making it difficult to keep pace with rapid technological change. Laws written for earlier internet eras often get applied to technologies their authors never imagined, creating legal uncertainty and regulatory gaps.

The institution’s deliberate pace also means that much internet policy gets made by federal agencies interpreting broad congressional mandates rather than through specific legislation. This gives agencies significant discretion but also makes policies vulnerable to changes with new administrations.

The FCC’s Regulatory Authority

The Federal Communications Commission is an independent agency that regulates interstate communications, including broadband internet service. The FCC’s internet authority stems from its power to oversee the companies that provide internet access to homes and businesses.

The commission’s most visible internet responsibility involves net neutrality: rules governing how internet service providers can manage traffic on their networks. The FCC has repeatedly changed these rules as different political parties have gained control, treating broadband alternatively as a heavily regulated utility or a lightly regulated information service.

Beyond net neutrality, the FCC manages spectrum allocation for wireless internet services, oversees internet infrastructure deployment, and administers programs to expand broadband access to underserved communities. The agency also handles internet-related accessibility requirements and emergency communications planning.

The FCC operates through a five-member commission appointed by the President and confirmed by the Senate. No more than three commissioners can be from the same political party, but the party controlling the White House typically sets policy direction through its choice of chairperson.

This structure makes FCC policies susceptible to political shifts. Major internet rules often get reversed when control changes parties, creating regulatory uncertainty for businesses and inconsistent protections for consumers.

The commission’s authority is also limited by the statutes Congress has given it. The FCC regulates internet service providers but has little direct authority over internet content, applications, or most of the companies people interact with online.

The FTC’s Consumer Protection Role

The Federal Trade Commission has become America’s de facto internet privacy regulator through its broad authority to police “unfair or deceptive practices” in commerce. This mandate, originally designed for traditional business fraud, has proven remarkably adaptable to digital age challenges.

The FTC uses this authority to pursue companies that mishandle consumer data, violate their own privacy policies, or make deceptive security claims. Major enforcement actions have targeted tech giants like Facebook, Google, and Amazon for various privacy and data security violations.

The agency also enforces sector-specific internet laws passed by Congress, including the Children’s Online Privacy Protection Act, which restricts data collection from children under 13.

Recently, the FTC has expanded its focus to include antitrust enforcement against major technology companies. High-profile cases seek to break up what regulators see as illegal monopolies in social media, e-commerce, and digital advertising.

The FTC operates through both rulemaking and enforcement actions. The agency can issue regulations that apply broadly to entire industries, but it more commonly pursues individual companies for specific violations and negotiates settlement agreements that establish precedents for future cases.

Like the FCC, the FTC’s leadership changes with presidential administrations, leading to shifts in enforcement priorities and regulatory philosophy. This creates uncertainty about which practices will be tolerated and which will trigger government action.

Technical Coordination Through ICANN

The Internet Corporation for Assigned Names and Numbers (ICANN) manages the Internet’s technical infrastructure that allows computers worldwide to connect to each other. ICANN coordinates the domain name system that translates human-readable website addresses into numerical Internet Protocol (IP) addresses that computers use for routing.

This technical coordination function is essential for maintaining a unified global internet. ICANN ensures that every domain name points to a unique location and that new internet addresses don’t conflict with existing ones.

Despite its technical mission, ICANN often faces political pressure because control over domain names can affect access to information. Governments and advocacy groups lobby the organization over policies for country-code domains, new generic domains, and procedures for removing websites from the domain system.

The organization operates through a multi-stakeholder process that includes representatives from governments, businesses, technical experts, and civil society groups. This inclusive approach reflects internet governance principles but can make decision-making slow and contentious.

ICANN’s policies affect global internet users, but the organization is incorporated in California and contracts with the U.S. Department of Commerce. This arrangement has created international tensions as other countries seek greater influence over internet governance.

Recent years have seen growing pressure for the internationalization of internet governance functions. Some countries want to transfer ICANN’s role to intergovernmental organizations where they would have more direct control over decisions affecting their digital sovereignty.

A 2025 joint report by ICANN and the Internet Society (ISOC) warned that rising geopolitical tensions and growing national-level controls threaten the stability and openness of the global internet. The report urged governments and stakeholders to recommit to the collaborative, multistakeholder governance model as essential to preserving a secure and interoperable network.

Industry and Advocacy Groups

Private companies and civil society organizations play crucial roles in shaping internet policy through lobbying, advocacy, and participation in regulatory proceedings.

Technology Companies: Major internet platforms and service providers spend millions annually on lobbying and employ large policy teams to influence regulations affecting their businesses. These companies often have conflicting interests—content platforms may oppose liability rules while supporting net neutrality, while internet service providers may take opposite positions.

Trade Associations: Industry groups like the Internet Association, Telecommunications Industry Association, and Computer & Communications Industry Association coordinate policy positions among multiple companies and provide expertise to policymakers.

Civil Society Organizations: Groups like the Electronic Frontier Foundation, Public Knowledge, and Center for Democracy & Technology advocate for public interest values including privacy, free expression, and open access. These organizations often provide counterbalance to industry influence in policy debates.

Academic and Technical Communities: Researchers and engineers contribute expertise to policy discussions through academic papers, technical standards development, and participation in advisory bodies. Organizations like the Internet Society bridge technical and policy communities.

The influence of these groups varies by issue and political context. Industry groups typically have more resources for lobbying and campaign contributions, while advocacy organizations may have greater credibility on consumer protection issues.

The revolving door between government agencies and private organizations also shapes policy development. Former FCC and FTC officials often join tech companies or law firms representing internet businesses, while industry experts move into government roles, creating networks of relationships that influence decision-making.

The Net Neutrality Wars

No internet policy issue has generated more sustained public attention than net neutrality—the principle that internet service providers should treat all data equally rather than blocking, slowing, or prioritizing certain content.

The debate reflects fundamental disagreements about whether internet access should be regulated like a public utility or managed through market competition. It also demonstrates how internet policies can become political symbols that extend far beyond their technical specifics.

What Net Neutrality Means

Net neutrality requires internet service providers to act as neutral conduits for information rather than gatekeepers that control what users can access. The principle prohibits several specific practices:

Blocking: ISPs cannot prevent access to legal websites, applications, or services.

Throttling: ISPs cannot intentionally slow down specific content or services.

Paid Prioritization: ISPs cannot create “fast lanes” for companies that pay extra fees while relegating other traffic to slower service.

The analogy often used is that ISPs should function like electric utilities, providing a connection that customers use as they choose, without the utility company favoring certain appliances or charging extra based on how electricity gets used.

Net neutrality advocates argue this prevents ISPs from becoming internet gatekeepers who could block competitors, censor disfavored content, or extract additional fees from both consumers and content providers. They point to the internet’s history of innovation by companies that started small and grew by reaching users directly rather than negotiating with intermediary gatekeepers.

Critics argue that net neutrality rules prevent ISPs from experimenting with new business models and may discourage investment in network infrastructure. They contend that market competition provides adequate consumer protection without heavy-handed government regulation.

The Regulatory Pendulum

Net neutrality rules have changed repeatedly as political control has shifted between parties, creating a regulatory pendulum that reflects broader philosophical differences about government’s role in the economy.

2005-2010: Early Guidelines The FCC under Republican leadership established informal net neutrality principles but didn’t create enforceable rules. When Comcast was found to be secretly blocking peer-to-peer file sharing applications, the commission issued a cease-and-desist order that courts later overturned for lack of legal authority.

2010: Open Internet Order The Obama administration’s FCC adopted formal net neutrality rules but classified broadband as an “information service” under Title I of the Communications Act. This light-touch regulatory classification limited the agency’s enforcement authority.

2014: Court Challenges Federal courts struck down key portions of the 2010 rules, finding that the FCC couldn’t impose common carrier obligations on services classified as information services. The decision forced the agency to choose between stronger rules requiring utility-style regulation or weaker rules under the existing classification.

2015: Title II Classification After massive public pressure, including over 4 million comments, the FCC reclassified broadband as a “telecommunications service” under Title II, giving the agency common carrier authority similar to traditional telephone regulation. This enabled strong net neutrality rules prohibiting blocking, throttling, and paid prioritization.

2017: Restoration of Freedom Order The Trump administration’s FCC reversed the 2015 decision, reclassifying broadband as an information service and eliminating federal net neutrality rules. The agency argued that competition and transparency requirements would protect consumers better than prescriptive regulations.

2021-2024: Biden Administration Efforts The Biden FCC attempted to restore Title II classification and net neutrality rules but faced procedural obstacles and industry legal challenges. The agency issued a new net neutrality order in 2024 that restored most 2015 protections.

2025: Legal Uncertainty Federal courts struck down the 2024 rules following the Supreme Court’s elimination of Chevron deference, which had previously allowed agencies significant discretion in interpreting ambiguous statutes. Courts now must independently determine whether broadband fits better under Title I or Title II classification.

This regulatory whiplash has created enormous uncertainty for businesses trying to plan long-term investments and for consumers unsure what protections they can expect from their internet service.

The Post-Chevron Landscape

The Supreme Court’s 2024 decision in Loper Bright Enterprises v. Raimondo eliminated the Chevron deference doctrine that had allowed federal agencies to interpret ambiguous statutes within broad bounds. This fundamentally changed the net neutrality debate by removing the FCC’s flexibility to reclassify broadband based on policy preferences.

Under the old system, courts would defer to the FCC’s “reasonable” interpretation of whether broadband should be classified as a telecommunications service or information service under the Communications Act. This allowed the agency to flip classifications as administrations changed.

Now, courts must independently interpret the statute to determine broadband’s proper classification. Early post-Chevron decisions have favored Title I information service classification, potentially ending the regulatory pendulum by establishing a fixed legal interpretation.

This shift moves the net neutrality battle from agencies to Congress and courts. If courts consistently reject Title II classification, net neutrality advocates will need new legislation rather than regulatory changes to achieve their goals.

The legal uncertainty has intensified lobbying efforts by both sides to influence how courts interpret existing statutes and to push Congress toward comprehensive communications law reform that would clarify regulatory authority.

Arguments and Evidence

The net neutrality debate involves competing claims about economics, innovation, and free expression that are difficult to resolve through empirical evidence.

Innovation and Investment Arguments: Net neutrality supporters argue that non-discrimination rules foster innovation by ensuring startups can reach users without paying gatekeepers. They point to companies like Netflix, Google, and Facebook that grew by connecting directly with consumers rather than negotiating with intermediaries.

Opponents contend that utility-style regulation discourages network investment and prevents ISPs from offering differentiated services that could benefit consumers. They argue that prohibiting paid prioritization prevents ISPs from offering specialized services for applications requiring guaranteed performance.

Competition and Market Power: The debate often centers on whether ISP market competition provides adequate consumer protection. Net neutrality advocates note that most Americans have limited choices for high-speed internet service, giving ISPs significant market power that could be abused without regulatory constraints.

ISPs and their supporters argue that competition from mobile broadband, emerging technologies like satellite internet, and content delivery networks provides sufficient competitive pressure to prevent consumer harm.

Free Expression Concerns: Net neutrality supporters worry that ISPs could block or slow content for political or commercial reasons, effectively becoming censors of online speech. They point to documented cases of ISPs interfering with specific applications or services.

Critics argue that government regulation poses greater censorship risks than private company decisions, noting that ISPs face competitive and reputational pressure that government agencies don’t experience.

Economic Evidence: Studies of net neutrality’s economic effects have produced mixed results that both sides cite selectively. Some research suggests that strict rules encourage innovation, while other studies find negative effects on infrastructure investment.

The challenge is separating correlation from causation in a rapidly evolving market influenced by many factors beyond net neutrality regulations. Changes in investment levels or innovation rates could result from technological advances, economic conditions, or other policy changes rather than net neutrality rules specifically.

State-Level Responses

As federal net neutrality rules have changed repeatedly, some states have enacted their own protections to provide regulatory certainty within their borders.

California passed the most comprehensive state net neutrality law in 2018, creating rules similar to the FCC’s 2015 federal protections. The law prohibits ISPs from blocking, throttling, or prioritizing content for California residents.

Other states have adopted more limited measures, such as requiring state government contracts to include net neutrality provisions or prohibiting ISPs that receive state funding from violating net neutrality principles.

These state laws create a complex compliance environment for ISPs operating across multiple states. Some companies have chosen to apply the strictest state requirements nationwide rather than maintain separate systems for different jurisdictions.

Industry groups have challenged state net neutrality laws in court, arguing that internet infrastructure operates across state lines and shouldn’t be subject to inconsistent local regulations. These legal challenges could ultimately require Supreme Court clarification of state authority over internet services.

The state-level activity demonstrates how internet policy federalism works in practice—when federal action is blocked or uncertain, states fill regulatory gaps according to their own political preferences, creating a patchwork of rules that reflects regional differences in internet governance philosophy.

Platform Power and Section 230

Section 230 of the Communications Decency Act provides legal immunity to websites and platforms that host content created by their users. This 26-word provision has been called “the most important law protecting internet speech” and “the 26 words that created the internet.”

The law enables platforms to host billions of user posts without facing constant lawsuits over content they didn’t create. It also allows them to moderate content in good faith without becoming legally liable for editorial decisions.

But Section 230 has become controversial as social media platforms have gained enormous influence over public discourse. Critics across the political spectrum argue the law enables harmful content while suppressing legitimate speech.

The Legal Foundation

Section 230 creates a legal “safe harbor” that protects interactive computer services from liability for content posted by third parties. The key language states: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”

This protection applies broadly to any online service that hosts third-party content, including social media platforms, review sites, comment sections, and even individual users who share others’ posts.

The law emerged from early internet court cases that created problematic incentives for content moderation. In the 1990s, one online service that did not do content moderation was held not liable for user posts, while another service that tried to moderate content was found liable as a publisher for posts it failed to remove.

Congress passed Section 230 to eliminate this “moderator’s dilemma” by protecting platforms whether they chose to moderate content or not. The law specifically encourages platforms to remove content they consider “obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable.”

Section 230’s broad immunity has enabled the development of user-generated content platforms that host billions of posts daily. Without this protection, platforms would likely restrict user contributions to avoid legal risk, fundamentally changing the nature of online communication.

Modern Controversies

Section 230 faces criticism from across the political spectrum, but for different reasons that reflect broader disagreements about platform responsibility and free speech online.

Content Moderation Concerns: Many liberals and progressives argue that Section 230’s immunity allows platforms to profit from harmful content without accountability. They point to problems like harassment campaigns, election misinformation, health fraud, and violent extremism that platforms struggle to control effectively.

These critics often focus on algorithmic amplification—the way platforms use recommendation systems to promote engaging content that may also be harmful. They argue that platforms shouldn’t receive immunity when their own algorithms actively promote dangerous content to users.

Censorship Allegations: Many conservatives argue that large platforms use their content moderation authority to suppress legitimate viewpoints, particularly on controversial political topics. They contend that platforms have become the new “digital public square” and shouldn’t be able to silence perspectives they disagree with.

These critics often focus on high-profile content removals or account suspensions that they view as politically motivated. They argue that platforms receive government-granted legal immunity but don’t provide the free speech protections associated with traditional public forums.

Scale and Market Power: Both sides express concern about the enormous influence wielded by a few large platforms over public discourse. Critics argue that Section 230 helped create platform monopolies by making it easier for large companies to host user content at massive scale without legal risk.

The combination of network effects, data advantages, and legal immunity creates barriers to entry that help dominant platforms maintain their market position even when users are dissatisfied with their content policies.

Reform Proposals

The widespread criticism has generated numerous proposals to modify Section 230, ranging from targeted changes to complete repeal.

Carve-outs for Specific Harms: Congress has already removed Section 230 protection for content that facilitates sex trafficking through the FOSTA-SESTA Act of 2018. Similar proposals would create carve-outs for child exploitation, terrorism, or other serious crimes.

The challenge with this approach is defining categories precisely enough to avoid capturing legitimate speech while still addressing genuine harms. Overly broad carve-outs could force platforms to remove legal content to avoid liability risk.

Algorithmic Liability: Some proposals would maintain Section 230 immunity for content posted by users but remove protection when platforms actively promote harmful content through recommendation algorithms.

This approach recognizes a distinction between passive hosting and active promotion of content. Platforms would remain protected for user posts, but could face liability for algorithmic amplification that causes harm.

The main challenge is defining when algorithms cross the line from neutral distribution to editorial promotion. Even chronological feeds involve some algorithmic processing that could trigger liability under poorly written rules.

Conditional Immunity: Other proposals would require platforms to meet certain standards to maintain their Section 230 protection. These might include transparency requirements, appeals processes, or “reasonable” content moderation policies.

The appeal of this approach is that it could improve platform practices without eliminating legal immunity entirely. But determining what constitutes “reasonable” moderation at the scale of billions of posts presents enormous practical challenges.

Political Neutrality Requirements: Some proposals would condition Section 230 immunity on platforms maintaining political neutrality in their content moderation decisions. This approach reflects concerns about platforms censoring particular viewpoints.

The major challenge is defining political neutrality in practice. Removing content that violates platform rules will inevitably affect some political perspectives more than others, making true neutrality difficult to achieve or verify.

Economic and Innovation Effects

Section 230 is deeply intertwined with the business models that have driven internet platform growth over the past two decades. The law’s liability immunity enabled platforms to scale user-generated content without prohibitive legal costs.

This scale became the foundation for digital advertising business models that rely on collecting user data to target ads precisely. Platforms offer free services to attract users whose data and attention they monetize through advertising.

The same algorithms designed to maximize user engagement for advertising purposes often amplify controversial or false content because it generates strong emotional reactions. This creates tension between platforms’ business incentives and public welfare.

Major changes to Section 230 could force platforms to redesign their systems to prioritize safety over engagement, potentially making them less profitable. Some platforms might shift to subscription models that don’t rely on advertising-driven engagement metrics.

Smaller platforms and new entrants could be affected even more dramatically. The legal and compliance costs of operating without Section 230 protection might be manageable for large companies but prohibitive for startups and independent platforms.

This creates a paradox for Section 230 critics—the law they blame for enabling big tech platforms might also be essential for maintaining competitive alternatives to those same platforms.

International Comparisons

Other countries have taken different approaches to platform liability that provide examples of alternatives to Section 230’s broad immunity.

The European Union’s Digital Services Act maintains some platform immunity but requires large platforms to implement comprehensive content moderation systems and submit to external audits. The law also requires transparency reports and gives users appeal rights for content decisions.

Germany’s Network Enforcement Act requires platforms to remove clearly illegal content within 24 hours and other illegal content within seven days. Platforms that fail to comply face significant fines, but they retain immunity for content they’re not required to remove.

The United Kingdom is developing an Online Safety Act that would require platforms to protect users from legal but harmful content through codes of practice developed with regulatory oversight. The law creates a “duty of care” rather than specific content requirements.

These approaches generally involve more government oversight of platform operations while maintaining some form of liability protection. They reflect different balances between free expression, public safety, and platform responsibility than the American approach.

Early evidence suggests these laws are changing platform behavior, with companies investing more in content moderation and safety systems. But critics worry they could lead to over-removal of legal content and increased costs that favor large platforms over smaller competitors.

Privacy in the Patchwork Nation

Data privacy has become one of the most pressing internet policy issues as digital services collect unprecedented amounts of personal information about users’ activities, preferences, and relationships.

Unlike Europe’s comprehensive approach through the General Data Protection Regulation, the United States has developed a complex patchwork of sector-specific federal laws and varying state regulations that create an inconsistent landscape of privacy protections.

The American Approach

U.S. privacy law evolved through separate statutes targeting specific types of sensitive information rather than a comprehensive framework covering all personal data.

Health Information: The Health Insurance Portability and Accountability Act (HIPAA) protects medical records and health information held by healthcare providers, insurers, and their business associates.

Financial Information: The Gramm-Leach-Bliley Act requires financial institutions to explain their information-sharing practices and protect sensitive data.

Children’s Privacy: The Children’s Online Privacy Protection Act (COPPA) restricts online data collection from children under 13 and requires parental consent for certain activities.

Educational Records: The Family Educational Rights and Privacy Act (FERPA) protects student education records and gives parents and students certain rights over their information.

This sector-specific approach leaves gaps where emerging technologies and business models don’t fit neatly into existing categories. Social media platforms, data brokers, and many mobile apps operate largely outside specific privacy statutes, subject only to the FTC’s general authority over unfair and deceptive practices.

The fragmented system also creates compliance challenges for businesses that handle multiple types of data or operate across different sectors. A healthcare app might need to comply with HIPAA, COPPA, and various state laws depending on its users and functionality.

State Leadership

Frustrated by federal inaction, states have begun passing comprehensive privacy laws that grant residents broad rights over their personal information.

California’s Pioneering Role: California passed the Consumer Privacy Act (CCPA) in 2018 and expanded it through the California Privacy Rights Act (CPRA) in 2020. These laws grant California residents several important rights:

• Right to Know: Consumers can request detailed information about what personal data companies collect, how it’s used, and who it’s shared with.
• Right to Delete: Consumers can demand deletion of their personal information, with some exceptions for legitimate business needs.
• Right to Opt-Out: Consumers can prohibit companies from selling or sharing their personal information for advertising purposes.
• Right to Correct: Consumers can request correction of inaccurate personal information.
• Right to Limit Sensitive Data Use: Consumers can restrict how companies use sensitive information like health data, precise location, or biometric identifiers.

The CCPA applies to businesses that operate in California and meet certain thresholds for revenue, data processing volume, or data sales. Because the internet operates across state lines, many companies apply CCPA requirements nationwide rather than maintaining separate systems for different states.

Growing State Activity: Following California’s lead, numerous other states have enacted comprehensive privacy laws with varying requirements and timelines:

• Virginia: Passed the Consumer Data Protection Act with rights similar to CCPA but different enforcement mechanisms
• Colorado: Enacted the Colorado Privacy Act with additional requirements for profiling and algorithm transparency
• Connecticut: Adopted the Connecticut Data Privacy Act with unique provisions for children’s data
• Utah: Passed a more limited Consumer Privacy Act with fewer requirements than other states

By 2025, privacy laws are expected to be in effect in at least 16 states, creating a complex compliance environment for businesses operating nationally.

The California Effect

California’s economic size and position as home to the technology industry give its privacy laws outsized national influence. Companies often find it easier to implement California’s requirements nationwide rather than maintaining separate systems for different jurisdictions.

This “California Effect” means that privacy rights granted to California residents often extend to users in other states through business decisions rather than legal requirements. Companies like Apple and Google have made CCPA-style privacy controls available to all U.S. users.

The phenomenon demonstrates how economically powerful states can drive national policy in the absence of federal action. When compliance costs favor uniform national practices over state-by-state variation, the most demanding jurisdiction effectively sets standards for everyone.

But this approach has limitations. Companies retain discretion over which rights to extend nationally, and business decisions can change more easily than legal requirements. Users in other states don’t have enforceable rights even when they receive similar protections through company policies.

The patchwork approach also creates uncertainty about long-term privacy protections. Companies might retreat from voluntary nationwide application of state laws if compliance costs become too high or if business models change.

International Comparisons

The European Union’s General Data Protection Regulation represents a fundamentally different approach to privacy that emphasizes individual control over personal data processing.

GDPR Principles:

• Lawful Basis: Companies must have specific legal justification for processing personal data, such as legitimate business needs or explicit user consent
• Data Minimization: Collection should be limited to what’s necessary for specified purposes
• Purpose Limitation: Data should only be used for the original stated purposes unless users consent to new uses
• Storage Limitation: Personal data should be kept only as long as necessary for the specified purposes

User Rights Under GDPR:

• Right of Access: Users can obtain detailed information about how their data is processed
• Right to Rectification: Users can correct inaccurate personal data
• Right to Erasure: Users can request deletion of their personal data under certain circumstances
• Right to Data Portability: Users can obtain their data in a machine-readable format to transfer to other services
• Right to Object: Users can object to processing for direct marketing or other purposes

Enforcement and Penalties: GDPR enforcement occurs through national data protection authorities that can impose fines up to 4% of annual global revenue or €20 million, whichever is higher. Major enforcement actions have resulted in hundreds of millions in penalties for companies like Meta, Amazon, and Google.

The Opt-In vs. Opt-Out Divide

A fundamental philosophical difference separates U.S. and European approaches to data processing consent.

European Opt-In Model: GDPR generally requires companies to obtain explicit, affirmative consent before processing personal data for many purposes. Users must actively agree to data collection and use, and consent must be freely given, specific, informed, and revocable.

This creates a presumption against data processing that places the burden on companies to justify their data practices and obtain permission from users.

American Opt-Out Model: Most U.S. privacy laws allow companies to collect and use personal data by default, but give consumers right to opt out of certain practices like data sales or targeted advertising.

This creates a presumption in favor of data processing that places the burden on consumers to take action if they want to limit data use.

The difference reflects broader cultural and legal traditions around privacy, government regulation, and business freedom. European approaches emphasize precaution and individual autonomy, while American approaches emphasize innovation and market solutions.

Federal Trade Commission Enforcement

In the absence of comprehensive federal privacy legislation, the FTC has become America’s primary privacy enforator through its authority over unfair and deceptive practices.

The agency pursues companies that fail to implement reasonable data security measures, violate their own privacy policies, or make deceptive claims about data protection. Major FTC privacy enforcement actions have targeted companies across all sectors of the digital economy.

Notable FTC Cases:

• Facebook/Meta: Multiple settlements totaling billions of dollars for privacy violations, including the Cambridge Analytica scandal
• Google/YouTube: Settlements for violations of children’s privacy laws and deceptive location tracking practices
• Amazon: Actions for privacy violations related to voice assistants and inadequate security measures
• TikTok: Ongoing investigation into data practices and potential national security risks

The FTC’s approach focuses on holding companies accountable for their stated policies rather than mandating specific privacy practices. This flexibility allows the agency to address emerging threats but provides less predictability for businesses and consumers.

Recent years have seen the FTC taking more aggressive enforcement stances, including seeking monetary penalties and operational changes rather than just policy agreements. The agency has also begun challenging business models that it views as inherently unfair to consumers.

The Federal Legislation Debate

Efforts to pass comprehensive federal privacy legislation have repeatedly stalled in Congress despite bipartisan recognition of the need for national standards.

Key Challenges:

• Preemption: Whether federal law should override state privacy laws or allow states to maintain stronger protections
• Private Right of Action: Whether individuals should be able to sue companies directly for privacy violations or rely on government enforcement
• Scope and Coverage: Which businesses and types of data should be covered by federal requirements
• Enforcement Mechanisms: Which agencies should enforce federal privacy law and what penalties should apply

Industry vs. Advocacy Positions: Technology companies generally support federal legislation that would create uniform national standards and preempt varying state requirements. They argue that regulatory certainty would enable innovation while providing consistent consumer protections.

Privacy advocates often oppose preemption provisions that would weaken existing state laws and prefer strong private enforcement rights that allow individuals to seek damages for privacy violations.

The deadlock reflects deeper disagreements about the proper balance between innovation and privacy protection, as well as the appropriate roles of federal and state governments in internet regulation.

Recent legislative proposals have attempted various compromises, but political polarization and industry lobbying have prevented consensus on major privacy legislation.

Breaking Up Big Tech

The concentration of market power among a handful of technology companies has triggered the most significant antitrust enforcement effort in decades, with government agencies pursuing cases that could fundamentally reshape the digital economy.

These lawsuits represent a shift away from traditional antitrust analysis focused primarily on consumer prices toward broader concerns about innovation, competition, and democratic accountability in digital markets.

The New Antitrust Philosophy

Traditional antitrust enforcement in the United States emphasized the “consumer welfare standard” that measured competition primarily through effects on prices and output. This approach struggled to address technology markets where dominant companies often provide services to consumers for free.

Modern antitrust theory recognizes additional forms of competitive harm that may not show up in traditional price analysis:

Innovation Harm: Dominant companies may reduce their own innovation efforts or acquire potential competitors to prevent disruptive technologies from emerging.

Quality Degradation: Companies with market power may reduce service quality, limit features, or compromise user privacy because consumers lack viable alternatives.

Ecosystem Lock-In: Dominant platforms may use their control over essential infrastructure to favor their own services and disadvantage competitors.

Data Advantages: Companies that collect more user data can improve their services and advertising targeting, creating competitive advantages that are difficult for rivals to overcome.

Political and Social Power: Extreme market concentration may enable companies to influence democratic processes and social discourse in ways that harm the public interest.

This broader view of competitive harm has enabled regulators to challenge practices that might have been permissible under traditional analysis focused primarily on consumer prices.

The Google Search Monopoly

The Department of Justice’s case against Google represents the most significant antitrust action since the Microsoft prosecution in the 1990s. In August 2024, a federal judge ruled that Google had illegally maintained its monopoly in general search and search advertising markets.

The Government’s Case: Prosecutors argued that Google used exclusionary contracts to lock in its dominance, particularly by paying Apple and other device manufacturers billions of dollars annually to make Google the default search engine on smartphones and web browsers.

The government contended that these default positions are extremely valuable because most users never change their device settings. By securing defaults, Google prevented competitors from gaining the user base and data necessary to improve their own search algorithms.

Google’s Defense: Google argued that it wins default positions because it provides the best search experience, not because of anticompetitive conduct. The company contended that users could easily switch to alternative search engines if they preferred them.

Google also argued that it faces significant competition from specialized search services like Amazon for product searches and from social media platforms where users increasingly discover content.

The Court’s Ruling: Judge Amit Mehta found that Google possessed monopoly power in general search and used anticompetitive means to maintain that position. The court determined that Google’s default agreements foreclosed a substantial portion of the market and enabled the company to charge supracompetitive prices for search advertising.

The ruling particularly emphasized how default positions create powerful competitive advantages that are difficult for rivals to overcome, even with superior products.

Remedies Phase: The case has moved to a remedies phase where the court will determine what actions Google must take to restore competition. Potential remedies range from behavioral constraints on Google’s contracting practices to structural changes like divesting the Chrome browser or Android operating system.

The Justice Department has suggested that simply prohibiting exclusionary contracts may not be sufficient to restore competition, given Google’s entrenched advantages. More dramatic interventions may be necessary to create opportunities for rival search engines to compete effectively.

Google’s Ad Tech Monopoly

A separate Justice Department case targets Google’s dominance in digital advertising technology—the complex systems that publishers and advertisers use to buy and sell ads across the internet.

Market Structure: The digital advertising market involves multiple interconnected roles:

• Publishers (websites and apps) have ad space to sell
• Advertisers want to purchase ad space to reach consumers
• Ad Exchanges operate marketplaces where ads are bought and sold
• Supply-Side Platforms help publishers sell their ad inventory
• Demand-Side Platforms help advertisers purchase ad space

Google’s Alleged Monopolization: The government argues that Google used anticompetitive acquisitions and practices to gain control over multiple parts of this chain, allowing it to extract excessive fees from both publishers and advertisers.

Key allegations include:

• Manipulating auction mechanisms to favor Google’s own ad exchange
• Restricting publisher access to competing ad networks
• Using inside information from its publisher tools to advantage its own advertising business
• Tying different ad tech services together to prevent competitors from offering alternatives

Industry Impact: If proven, these practices could have cost publishers billions in lost revenue while inflating advertising costs for businesses across the economy. The concentration of ad tech services also gives Google significant influence over online media economics.

In April 2025, a federal court found Google liable for monopolizing ad tech markets, setting up another remedies phase to determine appropriate relief.

Meta’s Social Media Empire

The Federal Trade Commission’s case against Meta (formerly Facebook) challenges the company’s acquisitions of Instagram and WhatsApp as an illegal strategy to eliminate competitive threats.

The “Buy or Bury” Strategy: The FTC alleges that Meta systematically identified emerging social media platforms that could threaten Facebook’s dominance and either acquired them or used anticompetitive tactics to undermine them.

The case focuses particularly on:

• Instagram (2012): Acquired for $1 billion when it was a small photo-sharing app with 13 employees
• WhatsApp (2014): Acquired for $19 billion when it was a popular messaging service

Competitive Analysis: The government argues these acquisitions eliminated potential competitors that could have evolved into full-featured social networks, challenging Facebook’s dominance. Internal Meta documents show executives viewed these companies as significant competitive threats.

The FTC contends that without these acquisitions, users would have more choices for social networking, potentially leading to better privacy protections, more innovation, and reduced market concentration.

Meta’s Defense: Meta argues that it competes vigorously with platforms like TikTok, YouTube, Twitter, and Snapchat. The company contends that social media markets are dynamic and competitive, with new platforms regularly emerging to challenge incumbents.

Meta also argues that its acquisitions improved Instagram and WhatsApp by providing resources for growth and development that the companies couldn’t have achieved independently.

Remedial Challenges: If the government prevails, forcing Meta to divest Instagram and WhatsApp would present enormous technical and operational challenges. After more than a decade, these services are deeply integrated with Facebook’s infrastructure and business operations.

The complexity of unwinding these acquisitions highlights the challenges of using antitrust law to address retrospective mergers that have fundamentally altered market structure.

Amazon’s Marketplace Power

The FTC’s case against Amazon targets the company’s alleged abuse of its dominant position in online retail to harm both consumers and sellers.

Market Dominance: Amazon controls approximately 40% of U.S. e-commerce and an even higher percentage of online marketplace transactions where third-party sellers list products. This dominance gives Amazon significant influence over online retail conditions.

Alleged Anticompetitive Practices: The FTC alleges that Amazon uses several tactics to maintain its monopoly:

• Anti-discounting measures: Punishing sellers who offer lower prices on other websites
• Tying arrangements: Requiring sellers to use Amazon’s logistics services to qualify for Prime eligibility
• Self-preferencing: Using non-public seller data to develop competing products
• Search manipulation: Burying products from sellers who don’t use Amazon’s services

Harm to Competition: The government argues these practices keep prices artificially high across the internet while forcing sellers to pay excessive fees for Amazon’s services. The case also alleges that Amazon’s conduct stifles innovation in e-commerce and logistics.

Amazon’s Response: Amazon contends that it faces intense competition from retailers like Walmart, Target, and specialized e-commerce platforms. The company argues that its practices benefit consumers through lower prices, faster delivery, and greater selection.

Amazon also emphasizes that sellers voluntarily choose to use its platform and services, suggesting that market forces rather than coercion drive these relationships.

Apple’s App Store Ecosystem

The Justice Department’s case against Apple focuses on the company’s control over the iPhone ecosystem and its alleged efforts to maintain smartphone market dominance.

Ecosystem Control: Apple tightly controls the iPhone experience through its hardware, operating system, and App Store. This integrated approach gives Apple significant influence over how users interact with their devices and access services.

Alleged Monopolization: The government argues that Apple uses its ecosystem control to suppress technologies that would make it easier for users to switch to competing smartphones:

• Messaging: Degrading text messaging with Android users (“green bubbles”) to encourage iPhone use
• Super Apps: Blocking the development of comprehensive apps that could reduce reliance on iPhone-specific features
• Cloud Gaming: Restricting cloud-based gaming services that could make device hardware less important
• Digital Wallets: Limiting third-party payment systems’ access to iPhone features

Consumer Lock-In: The case alleges that these practices create switching costs that keep users locked into the iPhone ecosystem even when competing devices might better serve their needs.

Apple’s Defense: Apple argues that its integrated approach provides superior user experience, privacy protection, and security compared to more open systems. The company contends that users value this integration and choose iPhones because of their quality rather than lock-in effects.

Apple also emphasizes that it faces significant competition from Android manufacturers and that smartphone markets remain competitive and innovative.

Potential Outcomes and Challenges

These antitrust cases could result in various remedies ranging from behavioral changes to structural breakups of major technology companies.

Behavioral Remedies: Courts might require companies to change specific practices while allowing them to remain intact. Examples could include prohibiting certain contract terms, mandating access to competitors, or requiring non-discrimination in platform access.

Structural Remedies: More dramatic relief could involve breaking up companies or forcing divestiture of specific assets. This might include separating Google’s search business from its advertising technology or requiring Meta to sell Instagram and WhatsApp.

Implementation Challenges: Effective remedies must address the underlying sources of market power while avoiding unintended consequences that could harm consumers or innovation. The technical complexity and global nature of these businesses make remedy design particularly challenging.

The cases also face significant legal and political obstacles. Companies are vigorously defending themselves with extensive legal resources, and appeals could delay final resolution for years.

Political changes could also affect enforcement priorities, though bipartisan concern about big tech market power suggests sustained government interest in these issues.

Digital Divide Challenges

While policy debates often focus on regulating online activities, millions of Americans still lack adequate access to the digital world. This digital divide represents one of the most persistent challenges in internet policy, with implications for economic opportunity, educational achievement, and democratic participation.

The divide has evolved from simple questions of access to complex issues involving affordability, skills, and the quality of internet connections available to different communities.

Dimensions of Digital Inequality

Modern digital inequality operates across multiple dimensions that interact to create varying levels of digital inclusion.

Infrastructure Access: Physical availability of broadband internet service remains a challenge, particularly in rural and remote areas where low population density makes network deployment expensive. The FCC estimates that approximately 21 million Americans lack access to fixed broadband service at minimum speeds.

Tribal lands face particular challenges, with significantly lower broadband availability than other rural areas. Historical underinvestment and complex sovereignty issues have created persistent infrastructure gaps in Native communities.

Even in areas with infrastructure, service quality can vary dramatically. Some communities have access only to older technologies like DSL that provide limited speeds, while others enjoy high-speed fiber optic connections.

Economic Barriers: Affordability represents the most significant barrier to broadband adoption. Monthly internet service costs consume a much larger percentage of income for low-income households, making broadband effectively unaffordable for many families.

Device costs create additional barriers. While smartphones provide internet access, they’re inadequate for many important activities like job applications, online education, or telehealth services that require larger screens and full computing capabilities.

The total cost of internet access includes not just monthly service fees but also equipment rentals, installation charges, and the need for technical support that can add significantly to household internet expenses.

Digital Skills: Even with access and affordable service, many Americans lack the digital literacy skills needed to use internet resources effectively. This includes basic computer skills, understanding of online privacy and security, and knowledge of how to evaluate online information credibility.

Skills gaps particularly affect older Americans, who may not have developed digital competencies during their education or early careers. Language barriers can also limit digital participation for immigrant communities.

Digital skills requirements continue evolving as online services become more complex. What constituted adequate digital literacy a decade ago may be insufficient for navigating today’s internet environment.

Relevance and Trust: Some non-users don’t see internet access as relevant to their lives or don’t trust online services with their personal information. This can reflect past negative experiences, cultural factors, or concerns about privacy and security.

Language availability affects relevance for non-English speakers who may find limited content and services in their preferred languages. Cultural relevance also matters for communities whose needs and interests aren’t well-served by mainstream online services.

Demographic Disparities

Digital inequality reflects and reinforces broader social and economic disparities across various demographic dimensions.

Income Effects: Household income strongly predicts internet adoption and quality of access. High-income households are nearly universal broadband adopters, while low-income households show much lower adoption rates despite significant gains over time.

The income gap extends beyond simple access to include differences in connection quality, device types, and digital skills that affect how effectively households can use internet resources.

Geographic Variations: Rural areas continue to lag urban and suburban areas in broadband availability and adoption. This rural-urban divide reflects both infrastructure challenges and economic factors that make broadband less accessible in less densely populated areas.

Within metropolitan areas, neighborhood-level disparities often reflect income differences and historical patterns of investment in infrastructure and services.

Racial and Ethnic Disparities: Significant gaps persist in broadband adoption between racial and ethnic groups, even after controlling for income differences. These disparities reflect complex interactions of economic, educational, and cultural factors.

Historic patterns of discrimination in housing, education, and economic opportunity have created neighborhood segregation that affects infrastructure investment and service quality.

Age and Education: Older Americans show lower rates of internet adoption and digital skills, though these gaps have narrowed over time as more seniors become internet users. Educational attainment also strongly predicts internet adoption and digital competency.

Disability Status: Americans with disabilities face additional barriers to internet participation, including websites and services that aren’t accessible and assistive technologies that may not work well with standard internet services.

Policy Responses

Government efforts to address digital inequality have involved massive infrastructure investments, affordability programs, and digital equity initiatives.

Infrastructure Investment: The Infrastructure Investment and Jobs Act of 2021 included over $65 billion for broadband infrastructure and digital equity programs, representing the largest federal investment in internet access in U.S. history.

The Broadband Equity, Access, and Deployment (BEAD) program allocates $42.5 billion to states for broadband infrastructure deployment in unserved and underserved areas. States must develop plans for using these funds and prioritize reaching areas with no existing broadband access.

Affordability Programs: The Affordable Connectivity Program provided monthly internet subsidies of $30 (or $75 on Tribal lands) to eligible low-income households. The program served over 23 million households at its peak and demonstrably increased broadband adoption.

Despite its success and bipartisan origins, Congress failed to renew funding for the ACP, and the program expired in June 2024. This left millions of households facing higher internet bills or loss of service.

The Lifeline program continues to provide smaller subsidies for phone and internet service to low-income households, but at much lower benefit levels than the ACP provided.

Digital Equity Initiatives: The Infrastructure Act also created a Digital Equity Act that provides funding for digital inclusion activities like skills training, device access, and technical support.

These programs recognize that infrastructure and affordability alone aren’t sufficient to ensure meaningful internet access. Digital equity initiatives focus on helping people develop skills and confidence to use internet resources effectively.

Device Access Programs: Various federal, state, and local programs provide low-cost devices to help bridge the hardware gap. These include refurbished computer programs, device lending libraries, and partnerships with manufacturers to offer discounted equipment.

Smartphone Dependency

A crucial aspect of modern digital inequality is the growing reliance on smartphones as the primary or only internet access device for many Americans.

Mobile-Only Users: Approximately 15% of American adults are “smartphone-only” internet users who own smartphones but lack traditional home broadband connections. This percentage rises dramatically for low-income households.

While smartphones provide valuable internet access, they’re inadequate tools for many important online activities like job applications, homework, telehealth consultations, or financial management that benefit from larger screens and full computing capabilities.

Quality and Limitations: Mobile internet access often involves data caps, throttling after certain usage levels, and higher per-gigabyte costs than fixed broadband. These limitations can restrict how people use internet services.

Smartphone interfaces also limit the types of content people can effectively access and create, potentially affecting educational and economic opportunities that require more sophisticated digital interactions.

Digital Redlining: Some critics argue that offering mobile-only solutions to low-income communities represents a form of “digital redlining” that provides inferior service to marginalized populations while maintaining the appearance of universal access.

This concern reflects broader questions about whether different qualities of internet access create lasting inequalities in educational and economic opportunity.

Educational Impacts

The digital divide has profound implications for educational equity, particularly highlighted during COVID-19 pandemic school closures.

Homework Gap: Students without reliable home internet access face significant disadvantages in completing school assignments, participating in online learning, and developing digital skills necessary for academic success.

The homework gap affects an estimated 15-21 million students nationwide and contributes to persistent achievement gaps between students from different economic backgrounds.

Remote Learning Challenges: Pandemic-related school closures revealed the extent of digital inequality among students. Those without adequate internet access or devices often fell behind academically during periods of remote instruction.

These learning losses may have lasting effects on educational attainment and economic opportunity, particularly for students from low-income families and communities of color.

Higher Education Access: Digital divides also affect access to higher education as colleges increasingly rely on online applications, virtual campus tours, and digital communication with prospective students.

Students without adequate internet access may face barriers to researching colleges, completing applications, and accessing financial aid information necessary for higher education participation.

Economic Opportunity

Internet access has become essential for economic participation in the modern economy, making digital divides increasingly consequential for employment and economic mobility.

Job Search and Applications: Most job postings now appear online, and many employers require online applications. Workers without internet access face significant barriers to finding and applying for employment opportunities.

The shift toward online job searching particularly affects older workers and those in industries that have traditionally relied on in-person hiring processes.

Remote Work Opportunities: The growth of remote work, accelerated by the COVID-19 pandemic, requires reliable high-speed internet access. Workers without adequate connections can’t participate in this expanding segment of the economy.

Geographic differences in internet infrastructure affect where remote workers can live and work, potentially limiting economic development in underserved areas.

Digital Skills Requirements: An estimated 82% of middle-skill jobs now require digital proficiency, making internet access and digital literacy essential for economic advancement.

Workers without digital skills face shrinking employment opportunities as more jobs require computer competency and online interaction capabilities.

Entrepreneurship and Small Business: Internet access enables small business development through e-commerce platforms, digital marketing, and online financial services. Entrepreneurs without adequate internet access face barriers to starting and growing businesses.

The digital economy offers opportunities for individuals to monetize skills and services through online platforms, but participation requires reliable internet access and digital competency.

Health and Social Services

The digitization of healthcare and social services has made internet access increasingly necessary for accessing essential services.

Telehealth Services: Telemedicine has expanded dramatically, particularly during the COVID-19 pandemic. Patients without reliable internet access may be unable to participate in virtual healthcare appointments.

This digital health divide can exacerbate existing health disparities by limiting access to convenient and affordable healthcare options for digitally excluded populations.

Government Services: Many government services have moved online, from tax filing to benefit applications to voter registration. Citizens without internet access face barriers to civic and social participation.

The shift toward digital government services can improve efficiency and convenience but may exclude populations that lack digital access or skills.

Social Connections: Internet access enables social connections through social media, video calling, and online communities. Digital exclusion can contribute to social isolation, particularly among older adults.

The social benefits of internet access became particularly apparent during pandemic lockdowns when online connections provided crucial social support for many people.

Emerging Technology Challenges

As policymakers grapple with established internet governance issues, rapidly advancing technologies are creating new regulatory challenges that could reshape the digital landscape.

Artificial intelligence, synthetic media, and cybersecurity threats present novel questions about how to govern technologies that didn’t exist when current internet policies were developed.

Artificial Intelligence Governance

The rapid development and deployment of AI systems has triggered intense policy debates about how to maximize benefits while minimizing risks from this transformative technology.

Current AI Policy Landscape: The Biden administration issued a comprehensive Executive Order on AI in October 2023 that addresses safety, security, and trustworthiness concerns across multiple agencies.

The National Institute of Standards and Technology has developed an AI Risk Management Framework to help organizations identify and mitigate AI-related risks in their systems and operations.

Congress has introduced numerous AI-related bills addressing issues like algorithmic accountability, bias prevention, workforce impacts, and national security implications of AI development.

Safety and Security Concerns: AI systems can exhibit unpredictable behaviors, particularly as they become more sophisticated. Concerns include systems that could be used to develop weapons, conduct cyberattacks, or manipulate democratic processes.

The potential for AI systems to exhibit bias or discriminatory outcomes has led to calls for algorithmic auditing and fairness requirements, particularly for AI used in hiring, lending, and criminal justice decisions.

Innovation vs. Regulation Balance: Policymakers face pressure to avoid stifling AI innovation through premature or overly restrictive regulations while addressing legitimate safety and ethical concerns.

The challenge is developing governance frameworks that can adapt to rapidly evolving technologies while providing sufficient predictability for businesses and protection for the public.

International Coordination: AI governance increasingly requires international cooperation as AI systems and their effects cross national borders. The U.S. participates in various international forums aimed at developing shared AI governance principles.

Competition with China over AI development adds national security dimensions to AI policy, with concerns about maintaining American leadership in beneficial AI while preventing authoritarian uses of the technology.

Synthetic Media and Deepfakes

AI-generated synthetic media, particularly “deepfakes” that create realistic but false audio and video content, pose significant challenges for information integrity and personal privacy.

Technology Capabilities: Modern AI systems can create convincing fake videos, audio recordings, and images that are increasingly difficult to distinguish from authentic content. These capabilities are becoming accessible to non-technical users through consumer applications.

Deepfake technology can be used to create non-consensual intimate imagery, impersonate public figures, or generate false evidence for harassment or fraud.

Disinformation Threats: Synthetic media could undermine trust in authentic information by making it easier to create convincing false content. This “liar’s dividend” effect occurs when the possibility of faked content allows people to dismiss authentic but inconvenient evidence.

Political deepfakes could influence elections by spreading false information about candidates or creating fake endorsements and statements.

Legal and Policy Responses: Several states have enacted laws criminalizing malicious deepfakes, particularly non-consensual intimate imagery and election-related disinformation.

The challenge is crafting laws that address genuine harms while protecting legitimate uses of synthetic media for entertainment, education, and artistic expression.

Detection and Mitigation: Technology companies are developing systems to detect synthetic media and label it appropriately. However, detection technologies often lag behind generation capabilities.

Platform policies increasingly prohibit malicious deepfakes, but enforcement remains challenging due to the volume of content and sophistication of synthetic media.

Cybersecurity Policy

Increasing frequency and severity of cyberattacks have made cybersecurity a top national security priority requiring coordination between the government and the private sector.

Critical Infrastructure Protection: Many essential services depend on internet-connected systems that are vulnerable to cyberattacks. This includes power grids, water systems, transportation networks, and financial services.

The Cybersecurity and Infrastructure Security Agency (CISA) works with critical infrastructure operators to improve security practices and coordinate responses to major incidents.

Incident Reporting Requirements: Various federal agencies require different sectors to report cyber incidents, creating a complex and sometimes contradictory set of obligations for businesses.

Efforts to harmonize reporting requirements through a centralized system aim to reduce compliance burdens while improving government situational awareness of cyber threats.

Supply Chain Security: Global technology supply chains create vulnerabilities where adversaries could insert malicious components or gain access to sensitive systems.

Recent policy initiatives focus on securing critical technology supply chains and reducing dependence on potentially hostile suppliers for essential technologies.

International Cooperation: Cybersecurity threats often originate from foreign countries, requiring international cooperation for an effective response. This includes law enforcement cooperation, diplomatic engagement, and shared threat intelligence.

The challenge is balancing cybersecurity needs with international trade and economic relationships, particularly when security concerns involve major trading partners.

Blockchain and Cryptocurrency

Distributed ledger technologies and digital currencies present novel regulatory challenges that don’t fit neatly into existing financial and technology oversight frameworks.

Regulatory Uncertainty: Cryptocurrencies and related technologies operate across traditional regulatory boundaries, creating uncertainty about which agencies have authority and what rules apply.

Different agencies have taken varying approaches to cryptocurrency regulation, leading to fragmented oversight and compliance challenges for businesses operating in this space.

Financial Stability Concerns: The growth of cryptocurrency markets and their increasing integration with traditional financial systems raise concerns about potential systemic risks and consumer protection.

Regulatory agencies are developing frameworks to address risks while allowing beneficial innovation in financial technologies.

Privacy and Law Enforcement: Blockchain technologies can provide enhanced privacy and security for financial transactions, but these same features can facilitate illicit activities like money laundering and tax evasion.

Balancing legitimate privacy interests with law enforcement needs requires careful policy design that addresses criminal uses without undermining beneficial applications.

Platform and Content Governance Evolution

Existing internet governance frameworks struggle to address new challenges posed by algorithmic content distribution, virtual and augmented reality environments, and emerging social media formats.

Algorithmic Transparency: Increasing attention focuses on how platforms use algorithms to determine what content users see and how these systems might amplify harmful content or create filter bubbles.

Proposals for algorithmic auditing and transparency requirements aim to make these systems more accountable while preserving trade secrets and competitive advantages.

Virtual Reality Governance: Immersive virtual environments create new questions about content moderation, harassment, and user safety that don’t map neatly onto existing platform governance models.

The embodied nature of VR experiences may make harmful content more psychologically damaging, requiring different approaches to user protection.

Decentralized Platforms: Emerging decentralized social media platforms that operate without central corporate control challenge traditional content moderation and platform liability frameworks.

These systems may provide greater user control and resistance to censorship, but they also complicate efforts to address harmful content and coordinate security measures.

The regulatory challenges posed by emerging technologies demonstrate the ongoing tension between innovation and governance in internet policy. As new technologies develop faster than regulatory frameworks can adapt, policymakers must balance competing priorities of promoting beneficial innovation, protecting public safety, and maintaining democratic values.

The solutions developed for today’s emerging technologies will likely shape the governance frameworks for tomorrow’s innovations, making current policy decisions particularly consequential for the future direction of internet development.

The internet’s evolution from a research network to an essential infrastructure for modern life has created governance challenges that extend far beyond traditional technology policy. Today’s internet policies determine economic opportunity, democratic participation, and individual freedom in ways that affect every American.

The current system of shared governance between multiple agencies, companies, and advocacy groups reflects the internet’s decentralized architecture but often produces fragmented and inconsistent policies. Major debates over net neutrality, platform liability, privacy protection, and market competition reveal fundamental disagreements about the internet’s role in American society.

As new technologies like artificial intelligence and virtual reality reshape online experiences, existing governance frameworks will face even greater stress. The institutions and principles developed during the internet’s early decades may prove inadequate for governing more sophisticated and consequential digital systems.

Our articles make government information more accessible. Please consult a qualified professional for financial, legal, or health advice specific to your circumstances.