Perhaps the most common thread running through our studies of "wired community" developments is the importance of e-mail, chat lines, and forums as an "easy entry" service to engage people's interests.

Physical Access

As mentioned earlier, we assume that about 50 percent of U.S. households will have PCs by the year 2000. A key technical issue, then, is how the remainder of the households--and particularly those in the lower quartile of income and education--will obtain access to cyberspace.

The following devices may be used for access. (In this discussion, we distinguish between devices for access and location of those devices; location options are discussed separately below.)

• Desktop ("personal") computers (either personally owned, or available in a public place).

• Game machines, such as Nintendo or Sega machines that use a television as the display, supplemented by a keyboard.

• TV set-top boxes, such as the cable TV controller device, supplemented by a keyboard.

• Dedicated low-cost devices specialized for e-mail, attachable to either a telephone line or cable TV.

• Wireless access devices (such as Newton and MagicLink).

• Telephone with display screens, supplemented by keyboards.

Some of the above-mentioned devices may not support all of the features we listed in our definition of e-mail, such as storage of messages for later retrieval and reuse. However, such storage can be provided remotely by an e-mail service provider and merely accessed over a telecommunication line by one of these devices.

Below, we outline the pros and cons of each device in light of the various niches each will serve.

Personal Computers
Pros	Cons
* There are existing standards for both hardware and software * Powerful enough to handle all technical requirements * Huge installed base ensures continued development, availability	* Expensive (new units likely to remain at the $500+ level)--but see discussion of used PCs below * Most low SES groups have had minimal exposure to computers and may therefore be intimidated by them
* Hardware, software, and knowledge to allow training all widely available

Game Machines (e.g., Sega, and Nintendo)
Pros	Cons
* Many low SES households own television sets and TV- based game machines * Lower cost than personal computers, because they use TV as display * Huge installed base ensures continued development, availability * Family members (especially children) are familiar with their use	* Essentially no interactive software available except for games * No operating system standard to allow development of application programs * Little or no organized training and support * Shared TV use among family members may preclude some e-mail use * TV is often not in a good physical location for messaging use * Low resolution of current TVs

Set-Top Boxes (other than game machines)
Pros	Cons
* Many low SES households own television sets and receive cable	* No existing standard for either hardware or software[5]
* Lower cost than personal computers because they use existing TV as display	* So far, no standard for keyboard attachment* Shared TV use among family members may preclude some e-mail use

Dedicated Device (e.g., Minitel terminal)
Pros	Cons
* Can be optimized for particular services, such as a dedicated e-mail device * Can be designed specifically as a low cost "entry-level" device	* Would require strong and lasting commitment to establish the standard and keep it viable until wide commercial acceptance is achieved * Minitel is often viewed as a "dead-end" system without sufficient growth options
	* The display on an inexpensive device is likely to be small for cost reasons
	* No large existing base of programs and third- party software

Wireless Device
Pros	Constr
* Location independence * If based on personal computer architectures, there is a large installed base of software, training, etc.	* With batteries, radio transmission link, etc., cost is likely to remain high (relative to stationary, plugged devices * If a unique architecture, there is no mass market for software applications, training, etc.
	* Display may be small to enhance portability
	* Unless based on PC architecture, no large existing base of programs and third-party software

Telephone with Display Screen
Pros	Cons
* Has multiple purposes (voice, other uses for the display) that could help make it ubiquitous and a "commodity" with reasonable pricing * Could have substantial support, documentation, training, etc., from phone companies *	Display screen is likely to be small, perhaps noncolor, precluding some uses * Likely to have a unique architecture, without an initial large installed base of software, training, etc.

Location

In Home
Pros	Cons
* Maximum ease of access * Increases user comfort level, and makes use more likely * More likely to involve all family members	* Depending on the hardware system used, may require a high level of subsidization or grants to get systems into the home * Difficult to provide training and support to such distributed sites

At Work
Pros	Cons
* If in normal workplace setting, provides ease of access * Equipment costs are usually borne by employer or organization	* Only relevant for those having jobs * Likely to exclude family members without work access * May exclude personal and social uses
* Training and support usually available

Schools
Pros	Cons
* Children likely to be first to learn this new technology; can bring understanding and use home to parents	* Excludes some family members* Wiring for communications of school classrooms can be expensive
* Equipment costs borne by schools; ultimately by taxpayers * Some training and support usually available	* May exclude personal and social uses * Excludes people with no children in school * Restricted hours of public access
* Can be integrated into learning experiences; encourages writing and reading
* Reaches those not in a "household" situation
* Shared usage may promote peer helping and shared experiences
* Requires no phone line, cable, etc., into the home

"Common" Areas (Libraries, Post Offices, Community Centers, Kiosks)
Pros	Cons
* Does not require a system to be provided to each home; cheaper	* Requires people to come out of the home to use the system
* Shared usage may promote peer helping and shared experiences	* Might require waiting in line * Hours of access may be limited
* Easier to provide some training and support * Hardware and software maintained and serviced by others * Requires no phone line, cable, etc., into the home * Reaches those not in a "household" situation	* Subject to vandalism * Not convenient for "spur of the moment" communication * May not allow continuity of use to carry on "dialog" or "multilog" with others * Not convenient for extended uses over time
* Can access when away from home environment

It does not take much analysis to conclude that, other than PCs and possibly game machines, none of the other devices mentioned will "sweep the market." The economics of the installed base makes the wide adoption of any other alternative unlikely, absent a strong commitment on the part of government (as in the case of the French Minitel) to establish a new hardware standard. Without such commitment, it is unlikely that the developers of software, training, and support services will be willing to divert resources from the more profitable PC market. The president of Forrester Research Inc., a private research and consulting firm, in a 1995 interview put that viewpoint in stark terms:

[W]e do not believe that interactive television will be a factor in this century, primarily because of the expense . . . the personal computer will be the primary engine of technology in the home in this decade. (Hill, 1995a.)

Given that market economics point to dominance by the personal computer, location becomes the variable that policy can influence. It certainly will be too expensive to provide every household with a personal computer, but programs could be pursued to make PCs more widely available. For example

• increased tax deductions for donation of used PCs, and

• provision of PCs to libraries and schools.

The option of widespread reliance on provision and support of "used PCs" is an interesting one. On one hand, many corporations and individuals assume that the useful lifetime of a personal computer is about three to four years and have deliberate policies of routine upgrading, making large numbers of well-performing used PCs available. These would certainly be adequate for e-mail access and often for the richer graphical access of Web browsers, etc.[7]

On the other hand, used PCs come with a variety of operating systems, hard disks, floppy disk formats, displays, and so forth--making uniform training and service programs problematic and labor-intensive. There is certainly an opportunity for some organization to acquire (e.g., from corporate donations) large quantities of "fairly standard" PCs (e.g., using the Intel chip architecture, that is, "IBM compatible," with at least one 3.5-inch floppy-disk drive), installing a standard suite of software for e-mail access and other basic operations, and making these machines available to targeted households and individuals who could not otherwise afford household PCs.

Convergence of Device Types

One complication affecting our listing of device types arises from the convergence of PCs and game machines. For example, the Apple "Pippin" device has strong Apple Macintosh similarities and compatibilities but uses a TV set as the display device. Current trade press discussion of its specifications indicates that it will include 6 megabytes (MB) of RAM, a quad-speed compact disk-read only memory (CD- ROM), 16-bit stereo sound, and various serial ports and will be available for approximately $500 (Hess, 1995). It will support a keyboard. It will compete mainly in the "game machine" market but will have many PC features although with no built-in floppy-disk drive. It is likely to be completely adequate for e-mail purposes. A recent news report indicates that Sega Enterprises Ltd. will offer an Internet interface to its Saturn 64-bit video game player and is considering offering keyboards for the machine (Standing, 1995). In addition, a series of announcements released as this document was going to press indicate that Oracle Corporation (Pitta, 1995), Sun Microsystems, and Philips Electronics N.V. (Bloomberg, 1995), among others, are preparing to sell low- cost network-oriented computers priced at or below $500. These Internet access devices will support access to e-mail services. These examples illustrate how categories will blur in the next several years and how prices for significant computing technology will fall.

A second blurring of categories comes from the integration of computers with telephones. Recently, an Enterprise Computer Telephony Forum has been formed to promote an open, competitive market for computer and telephone integration. Microsoft has developed a Telephony Application Programming Interface, and Novell has a similar proposal that it developed with AT&T (Cheek, 1995). The marriage of a PC and its display with the telephone will offer features that further integrate telephony, voice mail technology (store, forward, and replay), and personal computing and will further stimulate the use of home PCs. It also leads to the concept of a "universal mailbox" supporting retrieval and submission of voice, video, e-mail, and other information from and to the same mailbox address. As Negroponte (1995a) emphasizes, they are all just bitstreams, hence processable in a uniform manner.

As if the above blurring of categories were not enough, next- generation TV set-top boxes (and then TV sets themselves) will contain significant computing power, leading to digital, interactive television that has many more capabilities than currently (Minoli, 1995). Because the cost of these advanced TV-based systems likely will remain high for approximately the next decade, in this report we do not emphasize their availability and features for the provision of universal e- mail services.

The Cost of PCs

Personal computers have remained quite expensive (e.g., over $1,000) for years, in spite of the drastic increases in computing power per dollar that have been occurring for decades. We attribute this at least to the following factors:

• The technology continues to evolve rapidly, so new features and innovations (e.g., CD-ROMs, high-resolution color displays) are attractive to purchasers and must be written off quickly by developers before they become obsolete.

• There is more profit in high-end machines than in "commodity" machines with significant price competition.

• Software makers continue to compete by adding features, requiring larger and faster machines to operate the resulting software packages.

Negroponte gives similar reasons in a recent article (1995b). In that article he argues that simple but highly usable "commodity" PCs could be produced for $200 each or even given away free:

Today, there are more than 100 million computer screens in the United States. Think of every screen as a potential billboard. Let's assume that each one is turned on once a day and, lo and behold, each day a new advertising message appears--the screen saver for the day . . . . Advertisers would pay to gain access to what turns out to be about 2,000 acres of advertising space (changeable per square inch, per day, or per hour). That money could subsidize the cost of the computer and even pay for you to use it . . . . I am no great fan of advertising, but it does represent a quarter-of-a-trillion-dollar industry, and there must be a way to use its size to make computing affordable to all Americans.

Given the motivation to provide computing access to all U.S. households, such innovative schemes might provide a mechanism to accomplish this goal.

It may be comforting to assume that PCs will become low-cost commodities like telephones, TVs, and VCRs, and that the universal access problem will resolve itself. After all, each of these technologies had "early adopters" that leapt ahead in use of the technologies (just as the top two quartiles of U.S. households in education and income are rapidly acquiring PCs today), but then the rest of the population caught up as price competition brought the technology into the reach of (almost) all.

For the reasons given above, we believe, for the next several decades at least, that this is a false hope. The difference with PCs may be threefold: (1) A "killer app"[8] has not yet emerged for personal computing that makes a PC a "must have" appliance in every household (as, for example, prerecorded movies did for VCRs) such that mass demand would create the market for a "commodity" PC; (2) the technology is not stabilizing so that "commoditization" can occur;[9] and (3) there are recurring telecommunication costs, including possible need for a second phone line to avoid tying up the family phone.

However, the new under-$500 "network access terminals" mentioned in the previous subsection can play a vital role in providing inexpensive access.

Assuming some provision of a physical access device and an accessible location for it, we next address the user interface to e-mail services that it provides.

User Interface and Tools

Interfaces Usable by "Everyone"

The "interfaces" that software programs present to the user for handling electronic mail range from Spartan command- driven ones to Windows and Macintosh application programs with myriad buttons, menus, "drag-and-drop," and subwindows features.

We have been unable to locate in the social science and "human-computer interface" literature studies of the usability of these existing interfaces for persons in the lowest quartile of income and education in the United States- -persons less likely to be "computer literate" and therefore possibly unfamiliar with the many metaphors on which these interfaces are based.

Microsoft's "Bob"[10] and Apple Computer's "Pippin"[11] represent a class of new, "simpler" human-computer interfaces. Corporate research underlying these developments may have resulted in interfaces to such applications as e-mail systems that are usable by "everyone."[12] For now, we believe it is still unclear whether the basic commands required by an e- mail interface (compose and edit a message; file and retrieve messages; send a message, reply to a message, forward a message--all to one or more addressees; organize messages and address lists; etc.) can be made sufficiently natural that their use quickly becomes "obvious," or whether substantial training and education are required for any usefully powerful system.

Some data are becoming available from "wired community" experiments, especially those in lower income and education communities; see, for example, the analyses of some of these experiments in Chapter Five. However, some of these initiatives are only now commencing, and data are still limited on the usability of e-mail systems by persons who are not the primary market for PC-based software application programs.

One of the most promising possibilities for a "universal" interface is the "point-and-click" interface promoted by Web "browsers" such as Mosaic and Netscape. Such an interface is not only appropriate for accessing "pages" of information but also for "fill-in-the-blanks" creation of information (such as messages) for transmission. These browser interfaces, as they continue to evolve, might well be the best candidate for a universal interface to e-mail and many other information services. Further study of the usability of such interfaces in lowest-quartile income and education households is merited.

Handling Volume

Many users of e-mail systems currently receive more than 100 messages a day. After a week out of contact with the system (for example due to travel, illness, equipment malfunction), 500 or more messages may be waiting to be read, organized, responded to, forwarded, discarded--a daunting task for the returning user. Most e-mail systems today are used by businesses to exchange internal information. What if "everyone" were on-line? Would we be deluged with thousands of messages a day? If so, what could be done about it? The bad news is that volume would be a problem. The good news is that there are reasonable technical means to handle it.

In a universal e-mail system (and at present), each time you send a message there is a likely chance that the recipient will retain for future use your return electronic address. If you post messages to popular bulletin boards or other public locales, it is very likely that someone is collecting the electronic addresses, forming a database, and reusing it or selling it for "bulk" mailings. Similarly, directories will be available on-line (see the discussion of Directories, below, under Standards) with tens of thousands of names, e- mail addresses, and other personal attributes that have either been volunteered by people and organizations or extracted from their transactions. These databases and directories will be used to broadcast messages to thousands of people. The e-mail world could increasingly resemble our present world of "junk" paper mail, unsolicited publications, and some desired (e.g., first-class) mail mixed in with the rest. The problem is exacerbated by the current economics of e-mail, in which the cost of sending messages is insensitive to the volume sent. In fact, one argument for charging per message is that it would hold the volume down.

Computers are powerful tools for organizing such information. E-mail systems now, and will increasingly in the future, provide tools for "filtering" incoming mail based on a set of rules supplied by the user. Mail can automatically be placed in "folders," or even discarded automatically, based on various criteria (sender, keywords appearing in the "Subject" line, or priority) to be read later. Since all of these features are available today,[13] the remaining question is: Can "ordinary" (nonprogramming, noncomputer-literate) persons use such features to maintain control over their e-mail environment and not be overwhelmed? This is a subject that could benefit from more research, especially field research concentrating on lower-SES households and individuals. However, we are quite confident that contemporary computer software technology is up to this challenge, for example, by using some mix of techniques such as allowing the user to provide illustrative examples of undesirable messages, having a "user agent" program "look over the shoulder" of users as they handle messages, searching for patterns on which rules for handling messages may be based.

In summary, we believe that volume of e-mail is a problem that can be handled straightforwardly by a combination of technical (software) and market responses.

Handling Objectionable Materials

Users may want to filter out material that is objectionable, either to themselves or to other family members such as children. (We note, however, that objectionable materials do not appear to be a problem to date in the civic networks we have investigated, described in Chapter Five.) Technical means exist not only to block access to entire classes of Internet sites but also to facilitate access to selected sites. Users can constrain access to Internet sites by using software that permits packets only to or from preselected addresses or that rejects packets destined for certain other addresses.[14]

Another approach to facilitating user access to Internet information would be to establish content classification and ratings, analogous to those developed for movies or computer games. For example, video stores organize tapes by category (drama, comedy) and provide ratings (G, PG, PG-13) for each tape within each category. If similar categories and ratings were established for content on the Internet, it would be technically straightforward to build browsers and other client software to seek out appropriate content and block unwanted (or unrated) materials. These techniques, however, work best for moderated discussions or other controlled information sources, but not necessarily for e-mail, chat, or unmoderated discussions. Recently, three software industry leaders, including Microsoft, announced their intent to create and implement standards that would enable users to "lock-out" access to materials they deem inappropriate.

In summary, using relatively straightforward technology, it is possible today to give users greater control of their own access to Internet content without limiting the free flow of information to other users or infringing on the First Amendment rights of content providers.

Standards

In considering the question of standards that might prove relevant to a future national e-mail system, one should first look at standards in use in current networking systems, because they may suffice and they already have a large installed base. Given the extremely large installed bases enjoyed by such current systems (e.g., the Internet) and the difficulty in getting agreement on theoretical standards, it seems most likely that any future national e-mail system will evolve from what currently exists.

Regarding the setting of standards in general, there are two main paradigms: the national and international standards bodies whose committees promulgate standards after considerable discussion and negotiation, and the more informal, practically oriented procedures used by the Internet Engineering Task Force (IETF) over the past decade.[15] The latter are well described by Crocker (1993). A useful feature of the IETF model is that prospective standards, each embodied in a "request for comments" (RFC), are not ratified until they are embodied in working systems that have been tested, evaluated, and found useful.

We discuss below standards for addressing and mail protocols, and directories. We then discuss relevant system architectures for universal e-mail, and standards and other considerations relevant to the provision of confidentiality, authentication, anonymity, privacy, and integrity in messages.

Addressing and Mail Protocols

Two issues are involved in addressing. The first is the standard by which symbolic addresses are turned into physical addresses. Currently, two addressing standards are in wide use: the Internet Domain Name System (DNS)[16] and the addressing described by portions of the X.400 standard of the International Telecommunication Union (ITU),[17] formerly CCITT. These addresses are in turn embedded in standardized message "headers," with the two primary contenders being the Internet's Simple Mail Transfer Protocol (SMTP)[18] and the ITU's X.400.

It now appears that the DNS, having the advantage of the huge and rapidly growing installed base of the Internet, will dominate future developments. Therefore, any future U.S. system will almost certainly be based on DNS or its descendants. However, X.400 continues to enjoy the support of standards organizations and governments, particularly in Europe. Although simultaneous international use of conflicting standards could cause short-run problems, temporary "gateways" providing (less than complete!) translation between these standards can alleviate the problems. Because gateways lose information,[19] they are not an adequate long-term solution to the implementation of a national and international e-mail system (Stefferud and Pliskin, 1994). As one form of gateway, there exists at least one DNS-to- X.400 (two-way) address converter on the Web, at http://relay.surfnet.nl/index.gb.html. The Internet's RFC 1327[20] specifies mapping between X.400 and Internet mail.

The second issue, the assignment of symbolic addresses (i.e., the addresses people actually use, for example Jane_Doe@rand.org), has important implications for universal access. To achieve anything close to universal access, particularly among economically disadvantaged groups, either (1) the symbolic addressing scheme must be reasonably intuitive, so that people find and understand the addresses of their correspondents with a minimum of effort or (2) there must be good directory services so that names and other attributes of people can be used effectively to locate their e-mail addresses. (See the discussion of directories, below.)

Affiliation (i.e., domain) structures for those in low-SES groups might be the local community center or housing project. The question in providing access to these groups is what type of affiliation structure, and thus address structure, should be used so that these users will understand it and be able to find counterparts with whom to communicate.

Under the DNS, a symbolic address consists of two components, the user name and the domain name. The address follows the general form "user_name@domain_name." The domain name consists of several subdomain components (for example, "rand.org," "cidmac.ecn.purdue.edu") and is generally assigned to an organization. There is, however, provision within DNS to form domains based on geography; for example, a final suffix of ".us" refers to a domain within the United States, ".fi" refers to Finland, etc. It is possible for more than one addressing scheme to coexist, with both possibly providing access to a common site. For example, The Well in the San Francisco area has the DNS addresses "well.com" and "well.sf.ca.us". Assignment of user names is left to each individual domain.

We believe there should be a "universal" addressing scheme, providing at least a default e-mail address for all U.S. citizens. Such a scheme could be implemented within either the existing Internet Domain Name System or X.400. We use the DNS format in the examples below. Such an address could be derived in a straightforward way from an existing attribute of the person, such as his/her home address: "John_Doe@123_Main_Street.02356-2344.us" or based on some other ID, such as a telephone number.

A disadvantage of this approach, however, is that it removes the advantage of the location-independence of e-mail addressing. With the existing relatively high turnover rates in addresses and telephone numbers in the United States, there would be considerable addressing "churn." Two solutions are (1) use of a "P.O. box" independent of location as an e-mail address (but with less mnemonic value) or (2) use of a "remailer" service that forwards mail to one's current address (such as the new "pobox.com" commercial service discussed in Chapter Four). The topic of address portability (as users change location, and among different e- mail services) is complex. Address portability is discussed further in Chapter Four.

A new white paper is also available from the Cross-Industry Working Team (XIWT), based at the Corporation for National Research Initiatives (CNRI) in Reston, Virginia, on "Nomadicity in the NII" (XIWT, 1995b), which contains a provocative introduction of some of the issues involved because networks are used by "nomads" (people who can easily access services, other people, and content while they are on the move, at intermediate stops, and at arbitrary destinations). Among other points, this document points out that people operate within different contexts (work, home, hobby). People at different locations may share contexts. These contexts can provide focus for e-mail and other interactions and should be taken into account. They also discuss the need for "location coordinators" to keep track of the individuals, devices, and communications system capabilities as changes occur. If the ideas of this working group are fully instantiated in future evolutions of the NII, the problems of address portability may be solved within a larger architectural context.

For those without (or not wanting to be identified by) a physical address, "John_Doe@General_Post_Office.02356- 2344.us" might be an option, or even just some identifier to make the name unique, such as "John_Doe_1023.us".

The advantage of using home addresses or telephone numbers is that a correspondent could make an "educated guess" at an e- mail address without knowing it explicitly, given other more familiar information about the recipient. Such educated guesses are handy and already in use; for example, any RAND staff member may receive mail as "firstname_lastname@rand.org". Other organiza-tions use the first letter of the first name followed by the last name, as in "JRogers@company.com".

Any addressing scheme must, of course, allow for (and assume) worldwide addressing, just as postal mail and telephone services are worldwide, but handling of addresses can be deferred to local "domains," just as mail addresses and telephone numbers are today. There need be no universal registration, database, or authority for e-mail addresses, as long as they are assigned within overall naming domains established by some central clearinghouse.

Some services, such as multiple mailboxes per person, might well be considered "extra" features to be provided by third parties, at some cost, as long as they are not precluded by the basic system architecture. (For additional discussion of architectural principles underlying universal e-mail access, see "System Architecture," below.)

Directories

Much about an e-mail system is new and unfamiliar, but the accepted telephone directory metaphors of white pages and yellow pages translate very well into the world of the e-mail system. White pages list subscribers, useful primarily to allow individual users to contact other users. Yellow pages allow businesses to advertise their presence to potential customers. While the white/yellow page distinction may remain the same, the differences between the telephone system and a national e-mail system will cause their implementation to differ.

For white pages, the telephone system offers a directory service baseline. Anyone can obtain basic contact information about any other subscriber (who has not explicitly chosen to be unlisted) by knowing only the subscriber's name and area code, which is a proxy for geographic location. It is the responsibility of each local phone company to maintain its own subscriber database.

This system works because each local phone company is a monopoly having access to information on all the subscribers in a given locality, allowing it to compile and publish a local database that is both complete (for each locality) and self-contained. Long distance companies allow their customers access to the directories of other localities for a fee.

The lack of a usable white pages is a problem in the Internet today. Two potential problems complicate establishing a white pages model in the context of an e-mail system. First, geography is no longer the only, or even the best, criterion by which one person would search for another. Within virtual communities, it may be desirable to list people's coordinates in a multidimensional database with extensive cross- references, including such nontraditional data as profession, organizational membership, and personal interests. Users could determine by which attributes they would like to be listed.

The second, and more important, problem is that the e-mail system is unlikely to be serviced by access providers that are local monopolies. If each access provider maintains only the directory database of its own relatively small number of subscribers, a way of combining directories so that every user has access to every directory must be found if the white pages are to be generally useful. Maintenance and synchronization become important technical considerations. A system modeled along the lines of the current domain name or gopher servers may be appropriate, i.e., each piece is separately maintained, yet the collection appears to the user as a seamless whole. One assumes provision must be made for "unlisted numbers" and other such means of assuring privacy.

The yellow pages model translates into the e-mail world nearly unchanged. The publishers of the current yellow pages (once again, the local telephone monopolies, but with increasing competition from other publishers) sell space to local businesses allowing them to advertise in a directory that is indexed by type of business. However, geography has always been a prime consideration.

In an e-mail system not organized along geographical lines, this distinction becomes problematic. For businesses selling "soft goods" (i.e., goods that can be delivered as digital streams through the e-mail system), geographical location is not a factor. Furthermore, in an age when anything can be delivered overnight, geography is generally much less important. Therefore, the issue becomes one of how large can the yellow pages become and who, if anyone, will publish and maintain a global yellow pages? Will the yellow pages be useful at all if it is not reasonably comprehensive?

It seems certain that several yellow pages will be set up by competing businesses and, over time, mergers and cooperative agreements will cause consolidation.

A standard for directories has been defined by the ITU as X.500. A good introductory description of X.500, with links to other sources, appears at http://www.earn.net/gnrt/x500.html. It states in part

X.500 is a protocol which specifies a model for connecting local directory services to form one distributed global directory. Local databases hold and maintain a part of the global database and the directory information is made available via a local server called a Directory System Agent (DSA). The user perceives the entire directory to be accessible from the local server. X.500 also supports data management functions (addition, modification and deletion of entries).

Each item (entry) in the X.500 directory describes one object (e.g., a person, a network resource, an organization) and has a unique identifier called a Distinguished Name (DN). The entry consists of a collection of attributes (e.g., for a person this might be last name, organization name, e-mail address). The entries are found by navigating through a Directory Information Tree (DIT). At the top of the tree is the World, which is subdivided at the next level into countries, and at the next into organizations. Information on people, resources, etc., is stored within organizations . . . .

X.500 is an OSI (Open System Interconnection) protocol, named after the number of the CCITT (International Telegraph and Telephone Consultative Committee) Recommendation document containing its specification.

It appears that, as the main extant specification for a distributed directory system, X.500 will continue to emerge as the standard for implementing linked network directories.

System Architecture

We believe the essential principles of a system architecture within which universal e-mail services can flourish are best described in a recent publication by the Computer Science and Telecommunications Board (CSTB) of the National Research Council.[21] We call particular attention to its Chapter 2. Using their terminology, an open data network (ODN):

is one that is capable of carrying information services of all kinds, from suppliers of all kinds, to customers of all kinds, across network service providers of all kinds, in a seamless accessible fashion. (P. 43.)

The CSTB report provides a number of challenging technical and organizational objectives for an ODN:

• technology independence,

• scalability,

• decentralized operation,

• appropriate architecture and supporting standards,

• security,

• flexibility in providing network services,

• accommodation of heterogeneity, and

• facilitation of accounting and cost recovery.

The above list is based primarily on successful experiences with the Internet architecture and policies to date, although it diverges in some details.

To implement an ODN, the CSTB describes a four-layer architecture as a conceptual model:[22]

1. Bearer Service. At the lowest level, there is an abstract bit-level transport service that implements a specified range of qualities of service to support. At this level, "bits are bits, and nothing more."[23] This bearer service resides on a network technology substrate, which may comprise a variety of communication links (copper, fiber, microwave) and switches (packet or ATM switches, store-and-forward switches, circuit switches).

2. Transport Layer. Services at this level typically include reliable, sequenced delivery, flow control, and end- point connection establishment. Also included are conventions for the format of data being transported across the network.

3. Middleware. These functions are a toolkit for application implementors. Such tools would include file system support, privacy protection, authentication and other security functions, storage repositories, name servers, and directory services of other types.

4. Applications. At this level resides e-mail, airline reservations systems, interactive education programs, etc.

The bearer service is central for an ODN. The CSTB report argues that services at this level must be priced separately from the higher-level services so that higher-level services can be implemented by providers different from those of the bearer service. The bearer service must also be independent of any specific technology choice. The authors remark that "The [Internet Protocol]'s decoupling from specific technologies is one of the keys to the success of the Internet, and this lesson should not be lost in designing the [ODN]."[24]

The relationship among these levels, and examples of the services provided by each, are captured in the book's Figure 2.1, which provides examples of services at each layer. The "hourglass shape" is meant to indicate the relative sparseness of services and protocols at each level (see Figure 3.1).

Note that portions of a universal e-mail service are "middleware" (e.g., directories, connection services) and other portions are "applications." With a proper ODN architecture, a universal e-mail service can be independent of particular network technology substrates, such as telcos, satellite, cable, and microwave.

The "pinched middle" of the hourglass shape in Figure 3.1 is also consistent with a point made repeatedly by an expert consultant in e-mail technologies, Einar Stefferud. He argues that in decentralized systems such as nationwide e- mail provision, it is essential to have simplicity at the core of the system (e.g., particularly in the transport layer), with whatever complexity is necessary pushed to the "edges" of the system (e.g., in the application layer, residing in desktop PCs).[25] The Internet community's adoption of MIME (Multipurpose Internet Mail Extensions)[26 ]for multipurpose mail is a case in point in proper use of this paradigm: All that is required for MIME's use by two correspondents is their use of MIME-compatible software in their computers (at the "edges"). No change whatsoever is needed in the "core" of e-mail transmission on the Internet (i.e., use of the basic SMTP protocol).

The interested reader is directed to the CSTB report in its entirety for further details on an appropriate architecture for nationwide (or global) service such as universal access to e-mail. The report captures the best of what has been learned from the Internet experience, generalizing it as needed for more commercial and robust applications. It also delineates the key roles that government, industry, and other players can provide within an evolving services system based on an open architecture in which no one provider is dominant.

A recent white paper developed by the XIWT, based at CNRI in Reston, Virginia, also addresses an architectural framework for the NII (XIWT, 1995a). It contains conclusions and recommendations similar to those above but chooses to describe an architectural framework in three layers: physical infrastructure, enabling services, and applications. It argues that each layer must be considered from three related aspects: functionality, trust, and control. This white paper is apparently the first of a planned series on NII architecture. Persons interested in this topic should consider monitoring the XIWT web site (http://www.cnri.reston.va.us/xiwt) for updated postings.

This section has concentrated on physical infrastructure and software, but it is important to remember that a "service infrastructure" is equally important for success of universal access to e-mail. Chapters Four and Five provide more information on services required and the market dynamics involved in providing them.

Security and Integrity Services[27]

Electronic mail is different from traditional mail, and direct application of methods used to alleviate security and privacy concerns about paper mail require alteration in the e-mail environment. What measures must be taken for e-mail to provide a level of trust at least as great as the public's confidence in the U.S. Postal Service (USPS)?

Before considering these measures, however, it is useful to clarify some terminology. These definitions are taken from Ware (1993):

• Confidentiality--a status accorded to information to indicate that it is sensitive for stated reasons, that it must be protected, and that access to it must be controlled.

  Privacy (informational privacy or data privacy)--a broad term referring to the utilization, sometimes even exploitation, of information about people for various purposes. It is an information-use issue, although the word is sometimes used loosely as a synonym for confidentiality or even secrecy.

  Security--the totality of safeguards in a computer- based information system that protects both it and its information against some defined threat, and limits access to the system and its data to authorized users in accordance with an established policy. Hence, system security contributes to the assurance of confidentiality, and to conformance with access restrictions, and is obviously a precursor for honoring privacy restrictions.

Differences Between Postal and E-Mail. In considering security, integrity of messages, and so on, some relevant differences between postal and electronic mail are the following:

Legal Status. USPS mail is protected by a number of different legal safeguards. Postal statutes, case law, and long experience all reinforce each other and the concept of paper mail as a virtually inviolate and safe method of transmitting information. For example, the USPS and its agents cannot legally divulge enveloped mail to any third party, except as may be specified by a court order or federal search warrant. No such statement can be made about e-mail at the present time. Case law provides methods for the use of USPS mail for legally binding commercial transactions. The only statute directed at providing some legal protection for e-mail is the Electronic Communications Privacy Act, which falls far short of the extensive coverage provided by the postal statutes. There is almost no case law establishing a framework for e-mail as a commercial medium.

Infinite Duplicability and Monitoring. An unlimited number of identical copies of any electronic message can be produced. Such copies could be made invisibly, by unknown parties, and very selectively. At present, very few e-mail systems incorporate the analog of a "sealed envelope" for mail, leaving the contents of the e-mail message legible at all stages of message transit. Even if the message contents are not legible (e.g., because the sender had encrypted the text of a message), the e-mail message is marked with the sender and the recipient addresses, allowing a third party to monitor the traffic to or from a specific individual. When performed by the USPS, this is referred to as a "mail cover" and is carried out only with proper administrative authorization. There is no effective difference between performing a "mail cover" and tracing the sender of each item of e-mail addressed to an individual; however, there is a tremendous difference in the level of effort required to do the job.

Ability to Identify the Sender. In conducting commerce via mailed communications, it is particularly important to establish and verify the identity of the sender. Recipients of USPS mail can recognize either the signature of the sender or the letterhead on the paper or can obtain partial assurance from the return address or postmark. In e-mail, there is no signature or letterhead in the traditional sense. Instead, a cryptographic technique called a "digital signature" is sometimes used to provide near-perfect assurance that the person who claims to have sent an electronic message actually did send it, if both the sender and the recipient agree in advance to use this method. Most current e-mail systems provide some information about the originator of the message; however, this information is not necessarily reliable and can be tampered with.

Because e-mail is unlikely to be provided to all as a free service, there may need to be some (as yet undetermined) electronic equivalent of postage.[28] (See the discussion of costs in Chapter Four.) This could take the form of an account against which charges are accrued and billing is performed, or a paid-in-advance service similar to the "farecards" in use on some transit systems. Such accounting systems may provide strong evidence regarding the sender of a given message, but the recipient cannot have much confidence in that information, because standards for identification and authentication vary widely from system to system and because the message may have been altered either at the source or in transit.

Given the above uncertainties, electronic commerce and other activities requiring authentication and integrity of messages will initially be conducted within electronic "enclaves" in which users share common systems, authentication mechanisms, and so forth.

Integrity. The sealed envelope in which paper mail is contained gives a reasonably high level of assurance that the contents are exactly what was sent. Most e-mail systems do not provide an analogous mechanism, although encryption schemes can be used among consenting parties to ensure integrity of message contents.

In summary, as typically implemented, e-mail systems lack strong safeguards to ensure the confidentiality of message contents, uniform mechanisms to establish the authenticity of the sender, a commonly accepted way to ensure integrity of the message, anything to prevent the unauthorized duplication and sending of a message to other parties, and features resembling any of the special USPS mail services (e.g., certified, insured, return receipt).[29] Nonetheless, e-mail is widely accepted by a broad class of people who use it for many business and personal purposes. Further, except for the very limited use of cryptographic techniques, e-mail systems today operate quite successfully on faith, good will, and mutual trust.

Privacy. The difficulties inherent in current e-mail systems, described above, involve a threat posed by a malevolent third party external to the electronic mail discourse. This third party may wish to read private mail, divert it, forge it, etc. However, distinct from such a threat, there are issues relating to the privacy of e-mail communications and how these communications are treated by their recipient. These privacy issues involve how information freely given by a person in the context of a written communication may be used.

Case law has established that an item mailed via traditional USPS mail is legally given to the recipient by the sender as soon as it is placed into the mailbox; that is, senders relinquish their rights to ownership of the physical items (e.g., the paper on which letters are written). The author of a message does not relinquish all rights to the words written on a piece of paper and the order in which they are arranged; that is protected to some degree by copyright law.

Electronic mail sends the message without sending the paper. The exact applicability of existing statutes to this new paradigm is uncertain; however, presumably the recipient is free to share the item with anyone, subject to legal constraints such as copyright, defamation, or violation of trade secrets. While there is no specific privacy law broadly governing how all received USPS mail can be used or shared with others, many laws constrain divulgence to third parties based on the content of the material. There are also social customs and general expectations of personal behavior that combine to suppress privacy concerns about USPS mail. It should also be noted that many persons use e-mail through the facilities of their employer, and many employers assume the right to monitor and restrict such uses--sometimes as part of a written corporate e-mail policy--for example, restricting use to valid business purposes. Such policies are an additional factor in a user's choice of location for e-mail access, as discussed above.

Electronic mail, however, implies a ready ability for the recipient to duplicate, share, or publish for the world to see anything that is sent. Because of this, there may be a latent privacy issue for e-mail that must be addressed to support its wide acceptance. The recipient of a traditional letter is simply not able to press a button and make the contents of that letter known to millions of people, as is entirely possible with e-mail.

Additional considerations and discussion of case law regarding privacy and intellectual property rights in electronic media may be found in Branscomb (1994).

Anonymity. Anonymous remailers are unique to the e-mail environment. These services accept an incoming message (which contains information indicating its originator), remove all identifying characteristics from that message, and remail it to the intended recipient. We are unaware of the existence of such services for postal mail; people apparently feel sufficiently comfortable with the anonymity achieved by more conventional methods (e.g., sending letters without return addresses).

With e-mail, however, there is no convenient and entirely reliable method of concealing the identity of the sender without using an anonymizing service. Many such services exist today, usually operated as a public service by a privacy-conscious individual or group. These anonymous remailers can play a useful role: They allow people who might feel stigmatized or uncomfortable by being personally identified with the contents of their messages (e.g., victims of sexual abuse or harassment, whistleblowers).

Some e-mail anonymous remailers discard the records of incoming messages as they arrive, so a reply cannot be sent using records of the remailer. Most anonymous servers currently operate as "two-way," in that they are able to establish a link between in- and outbound messages. This requires keeping a database, so the users must trust the remailer--and the remailer operator--not to reveal their identity.

The legal status of anonymous remailers--what records they must keep, what information they must furnish to law enforcement authorities--is completely unsettled. In at least one instance, the operator of an anonymous remailer cooperated with law enforcement and revealed the identity of a single user of the service. Situations like this become especially obscure legally when the anonymous remailer is in a foreign country under a different legal jurisdiction.

What Is Needed? This discussion leads to a set of questions rather than answers: Are the following technical features essential in an electronic mail system having wide societal appeal and acceptance:

• an electronic "envelope" (with verifiable "postmark" and date/time stamp)?

• digital signatures?

• a feature ensuring the integrity of the message content?

The fact remains that electronic mail systems are widely used for many purposes today, and they run more or less successfully on trust and good faith. But there is no reason to believe that the status quo will prevail over the long term, when there is much wider use of e-mail by people who are less grounded in the traditions and etiquette of this unique communications medium, the scale factor of more users, increased sophistication of threats from computer "crackers," and much greater use of the Internet and e-mail for "electronic commerce." For example, many initiatives are under way to provide secure commercial transactions, and even "electronic money," on the Internet;[30] these initiatives will inevitably lead to additional facilities for security, privacy, and authentication of e- mail and other transactions in cyberspace.

Assuming that some action must be taken to improve upon the security and privacy offered by electronic mail systems that exist today, policymakers must determine the priority in which the technical features noted above must be included in any officially sanctioned e-mail system. As it happens, using currently available technology to implement an electronic envelope or digital signature can also provide assurance that the integrity of the message has not been compromised (or, more accurately, that if the integrity of the message has been compromised, it will be immediately evident to the recipient).

The Technical "Bottom Line"

The primary message of this chapter is that there are no fundamental technical barriers to the provision of universal access to e-mail within the United States. In particular, the standards that have evolved over 15 years within the ARPAnet/Internet for electronic mail (SMTP, DNS, MIME) provide a robust, proven backbone for a set of core services adequate for the evolution of a nationwide e-mail system.

Other conclusions and recommendations that have been mentioned above are summarized with those of other chapters in Chapter Seven.

[2]See http://ntiaunix1.ntia.doc.gov:70/0/papers/documents/giiagend.html.

[3]Estimates of PC penetration into households by the year 2000 vary from about 40-60 percent. For the purposes of this report, whether the actual penetration is at the low, middle, or high end of this range does not significantly affect our conclusions and recommendations. Note that this trend indicates considerably slower penetration of PCs into U.S. households than that which occurred with television sets.

[4]Soft goods transactions are the sale and purchase of electronic data stream commodities. Soft goods include information purchased from private databases, such as stock quotes from Dow Jones, software, videos, text, and anything else that can be delivered to the buyer in digital format. Soft goods sales can be transacted entirely within the e-mail system. Pricing of these items can be connected to direct measures, such as connect time or volume of information delivered, or they may be priced as individual items just like hard goods. Payment schemes may be similar to that of current computer network services such as CompuServe or to that of telephone companies for 976 calls. Delivery is completed electronically.

[5]Note, however, that big players are entering the scene and may be bringing substantial standards with them. See Multimedia Week (May 15, 1995) and Multimedia Week (May 8, 1995).

[6]This discussion of location assumes the telecommunication cost to be roughly equivalent from the various listed locations. Further discussion of costs related to e-mail is presented in Chapter Four.

[7]As one example of the utility of older PCs, a program called "Minuet" has recently been announced that provides e-mail and gopher access, plus Web browsing, on DOS PCs, even those using DOS 2.1 and with only 512K KB of random access memory (RAM). It is shareware, offered at $50, but with site licenses available. See http://www.MR.Net/~cdh/minuet.html.

[8]"Killer app" is common terminology in the computing field, referring to an application that is so compelling that it drives demand for the relevant device(s) to operate that application. In the early days of the PC, spreadsheets (VisiCalc and Lotus 1-2-3) were such a killer app for business usage of PCs and for some households. Could a killer app for governmental involvement in universal e-mail be submission of income tax returns, Medicare claims, etc., and responses to them electronically?

[9]Just when we think that an "IBM compatible" PC is a commodity, along comes CD-ROM (then double, triple, and quad-speed), laptops and notebooks, virtual reality devices, PCMCIA cards, 28.8-kilobit-per- second modems, software that requires 12 MB minimum to run effectively, and so forth. As an example of "featuritis" keeping the price of PCs high, a recent newspaper article indicated (giving as its source, Dataquest Inc.) that in the year 2000, $1,800 will buy: an eighth-generation 600 MHz processor (Octium?), 64 MB of RAM, over 8 gigabytes (GB) of storage, a 14-inch high-quality color monitor, a six-times speed CD-ROM, and a built-in network connection at up to 100 million bits per second. Such a device will offer access to Web offerings including video and high-quality videophone capability and will have voice recognition and speech-to-text transcription on some models (Hill, 1995b).

[10]See http://www.microsoft.com/mshome/showcase/bob/ for an introduction to Bob.

[11]Hess (1995).

[12] We put "everyone" in quotes because, of course, no computer interface will be appropriate for all users. We are interested in an interface that can become a "default" interface used by disparate classes of people as a first step up the path of greater computer literacy and control.

[13]As one example, the UNIX "mh" mail system, widely distributed with UNIX, has a folder facility and a powerful "pick" command for extracting messages based on Boolean combinations of attributes. When combined with the programming features of the UNIX shell(s), shell programs can be developed to tailor the mail system to the user's specific wishes. Other systems are distributed with what has become known informally as "bozo filters."

[14]One commercially available software package that accomplishes this is SurfWatch; for more information, see http://www.surfwatch.com.

[15]Branscomb and Kahin (1995) describe three models for standards development. Their thoughtful analysis considers appropriate government roles in standards setting for the NII.

[16]The Internet Domain Name System is described by RFC 882, which is available at http://ds.internic.net/rfc/rfc882.txt. Other relevant RFCs are 883 and 973, which are accessible similarly.

[17]The ITU's Web home page is at http://www.itu.ch/. The ITU, which is headquartered in Geneva, Switzerland, is an international organization within which governments and the private sector coordinate global telecom networks and services.

[18]The SMTP, the basic Internet e-mail protocol, is defined in RFC 821, available at http://ds.internic.net/rfc/rfc821.txt.

[19]If gateways did not lose information, at least in one direction, the two standards would be equivalent in all respects. In that case, there would not be two competing standards.

[20]RFC 1327 is available at: http://ds.internic.net/rfc/rfc1327.txt.

[21]CSTB (1994).

[22]The reader should be aware that there is also an International Standards Organization (ISO) Open Systems Interconnection (OSI) seven-level architecture model. Its layers are physical, data link, network, transport, session, presentation, application. See, for example, Rose (1989), section 2.3.

[23]CSTB (1994), p. 47.

[24]CSTB (1994), p. 54.

[25]Stefferud (1995).

[26]MIME is described by RFC 1521, which is available on the Web at http://ds.internic.net/rfc/rfc1521.txt. This RFC is updated by RFC 1590, which is accessible similarly. See also Borenstein (1993). In addition to its other features, MIME was designed to be compatible with both the Internet's mail system and X.400.

[27]This subsection was written by Mark Gabriele, based on an extended outline provided by Willis H. Ware.

[28]However, simple e-mail riding on top of other services may be "too cheap to meter" and bundled in at a fixed low monthly net access rate, therefore not requiring the accounting mechanisms described in this paragraph. In addition, some services have recently been announced that plan to provide free e-mail in conjunction with advertising. See Juno at http://www.juno.com and Freemark at http://www.freemark.com.

[29]The USPS plans to introduce relevant electronic services, however. A March 1995 briefing on USPS "Electronic Commerce Services" listed the following products and services as ones they intend to offer: (1) public key certificate authority management, and (2) electronic correspondence services: Postmark and Seal, Archive, Authenticate. The briefing has been given to various groups by Robert A.F. Reisner, Vice President for Technology Applications, USPS.

[30]As one example of many recent articles, see Holland and Cortese (1995).