From the start, there were skeptics. I have been one. Self-regulation is intended as a tool for individuals to control access to content. My concern was that these tools would be designed to filter much more than porn, and by people other than parents. Technologies such as the Platform for Internet Content Selection were general solutions to a particular problem. They could become standards to filter all sorts of content at any point in the distribution chain (the school, the business, the nation). They would be a technology for re-empowering the censors, so that we could better control our kids. To some, this seems like a bazooka trained on a gnat - H-bomb developer Edward Teller's solution to the problem of kids and porn.

But self-regulation is the order of the day, and filters and blocking software are still the fancy of many. So we get a glimpse of the future from this debate in Munich - both the good and the bad.

The most chilling is a subtle redefinition of what self-regulation is all about. The question is no longer how to let individuals regulate; the question is how government can get commerce to regulate for it. In a paper about law enforcement, the author observed that the problem is not porn; rather the problem is that the relationship between commerce and the government "is not in an ideal state." There is an "unnecessary confrontation" that could be remedied through a simple quid pro quo: Commerce would promise to help the government if the government would promise to leave commerce alone. Let business regulate, while the government pretends to do nothing. Self-regulation becomes regulation by business in exchange for no regulation of business.

I say give me direct regulation by government (tempered and modest) any day. For in this world where business regulates instead of government, what do we do when business goes too far? What checks would there be on the scope of these filters? Who would you complain to, and what rights would you have?

We've spent 200 years refining the limitations on government's power to regulate speech. It's called the First Amendment. This obsession with self-regulation gives that tradition up. We forgo these restrictions on regulatory power by letting an entity outside the reach of the amendment do the government's censoring for it. There will be more speech censored - and less we can do about it - in a world where foundations like Bertelsmann fund filters than there would have been in a world where a tamed Communications Decency Act simply regulated that one narrow aspect of speech at stake: porn.

But there were hopeful aspects to this debate at Munich as well. Indeed, there was actually something new. It came from a well-known First Amendment scholar, Jack Balkin of Yale Law School. In response to the problem of censorship enabled by filters, Balkin suggested a solution: Encrypt the ratings with a very weak key. The idea is genius. We usually use encryption to keep secrets or to certify. But the aim of encryption in Balkin's proposal is neither. Instead, encryption here is designed to disable censors by simply making it too burdensome to decrypt the ratings. While the burden to process these weakly encrypted ratings on an individual machine would be slight, the burden on anyone trying to censor globally would be punishing. Speed bumps for censors. Encryption would make it difficult to use ratings to censor the Net. It would use code to tilt against centralized control, while enabling local control instead.

I'm still in the no-filter camp. If the government wants to keep kids from porn, let it regulate that, and only that. But if filters are our future, then we should code them to protect values from our past. A rating system that enables individual control while disabling centralized control is an improvement - much better than the solutions that would re-empower the censors, just because we have a problem keeping our kids from porn.

- Lawrence Lessig (lessig@pobox.com) is Berkman Professor of Law at Harvard Law School.