Theories of cyberspace regulation

� The problem: Cyberspace is a different context from the physical world.� We may need to rethink how regulation of

behaviour works.

� The question: What regulates? � What different forms of regulation are there?

Forms of regulation

� Lawrence Lessig's answers: � 4 things regulate - Norms; Markets, Law and 'Code'

(environment)� Law also regulates the other 3 - indirect regulation by

law � Effectiveness is very different in cyberspace

� Lessig's main lesson: Consider all 4 and how they interact

� Criticism: Surveillance is a 5th form of regulation

1 Norms, morality and self-regulation

� Real space norms cause disapproval and guilt

� Cyberspace has its own 'netiquette'� Examples: using CAPITALS; attachments

sent to lists

� Effectiveness in cyberspace increased by surveillance� The morality of the goldfish bowl

2 Markets

� Market constrains work in cyberspace� Unpopular 'code' can perish

� Selling region-blocked DVD players in HK?� Surveillance damaged DoubleClick's share

price

� Prices can affect norms� Are CD / DVD prices considered fair?� Is DVD region blocking fair?

3 'Code’ (environment)

� In real space - Natural and built environment -� Bank robberies - Laws and morality help; but walls,

locks, glass & guns are better� Immigration - Distance and lack of borders� Easy to ignore, often because unchangeable

� In cyberspace - ‘Code’ is the equivalent� Can control access, and monitor it� Determines what actions are possible and impossible� ‘A set of constraints on how one can behave’ -Lessig� The walls, bridges, locks and cameras of cyberspace

‘Code' or 'architecture'?

� 'Code' is cute but confusing� East coast code (Washington) vs West coast code

(Redmond)� The US Code vs hackers' code

� 'Architecture' is more accurate� Cyberspace is more than software

� Protocols (non-material artefacts)� Hardware (material artefacts) � Biology and geography (natural environment)

� 'Code' is part of cyberspace architecture

4 Law - direct and indirect

� Law increasingly directly regulates cyberspace behaviour

� But it indirectly regulates the other 3 constraints

� Legal regulation of architecture is the key� It is the most effective strategy for

governments� It is also vital for limiting private power

Effective regulation

� Finding the best mix of constraints� How to prevent discrimination?

� Prohibition; education; building codes

� How to stop people smoking?� Age limits; prohibited places; education; warnings;

taxes

Surveillance: 5th constraint

� A relationship of knowledge� Knowledge by the watcher of those watched� Foucault's 'discipline'; Bentham's Panopticon� Facilitated by architecture, but not part of it� Facilitates observance of norms and laws, but

independent

� More important in cyberspace regulation� The normal context of identification is

removed� Identification, not anonymity, is the default

Law modifying surveillance

� Law acts indirectly to modify surveillance� Data protection laws protect privacy

� Eg Personal Data (Privacy) Ordinance

� Laws mandate compliance� eg smart ID card

� Laws prevent circumvention � eg DRMS anti-circumvention

Cyber-regulation is different

� Cyberspace architecture is mainly artefact� Greater immediacy of application

� Cyberspace architecture is often self-executing

� Most architecture has high plasticity� Its easier to change cyberspace

� Architecture's legitimacy is questionable� We should ask the pedigree of any regulation� What should private companies control?

Example: Copyright, DRMS and anti-circumvention

� DRMS - The new paradigm for content protection� Copyright law was the old paradigm

� Content owners want to control 3 parties� Content consumers� Consumer hardware manufacturers� Content intermediaries

� (DRMS diagram modified from Bechtold)

Digital content owners

Content intermediaries(licensed)

Pirate distributors

Publishers, retailers,

DRMS intermediaries, theatres, TV, etc

Consumer hardware manufacturers

(DRMSlicencees)

Circumvention device mfgs;unlicensed hardware mfgs.

Content consumers(purchasers)

Illegal consumer copiers; borrowers, renters etc

Contract

Technological measures

Technology protection legislation

Content protection legislation

Importance of 'commons'

� Lessig's argument in ’The Future of Ideas'� The Internet is an 'innovation commons’� It is in danger of losing that character

� 'Commons' - Resources from which no-one may be excluded - the 'free'

� Commons are not necessarily 'tragic':� Not if they are non-rivalrous (eg protocols)� Not if you control over-consumption� Both require sufficient incentives to create

Internet as an 'innovation commons'

� Benefits of the Internet as a commons � Benefits to freedom (first book)� Benefits to innovation (second book)

� Must consider each Internet 'layer'� Physical layer, 'code' layer (protocols and

applications) and content layer� Each could be a commons or controlled� Currently, each layer is partly controlled� Changes imperil the mix providing innovation

E2e: 'code' layer commons

� e2e ('end to end') network design� Philosophy of the original Internet designers� 'Smart' features are at the margins� Anyone can add a new application to the net� Network controllers do not decide

applications allowed

� Innovation irrespective of the wishes of network owners� 'Code' helps determine the level of innovation

Lessig's recipe for innovation (1)

� 1 'Physical' layer reforms� Spectrum allocation for wireless Internet

� 2 'Code' layer reforms� Government encouragement of open code

� US government uses proprietary programs� [The PRC government has done this already]

� Require 'code neutrality' by carriers, by� (a) Banishment from providing Internet services; or� (b) Requirement to provide open access; or� (c) No TCP/IP without observing e2e

Lessig's recipe for innovation (2)

� 3a Content layer - Copyright law reforms� Short renewable terms

� Eldred v Ashmore: stop the term being extended� [Shorter or renewable terms would breach US

treaty obligations]

� For software, 5 year term only, renewable once

� A defence for new technologies� 'No breach if no harm to copyright owner'

� Compulsory licensing of music for file-sharing

Lessig's recipe for innovation (3)

� 3a Content layer - Copyright law reforms (cont)� Tax benefits for putting works into the public

domain� A 'right to hack' DRMS to protect fair use

('Cohen theorem')� Stop contract law undermining copyright law

� 3b Content layer - Patent law reforms� Moratorium on patents for software and

business methods

References(1)

� Works by Lawrence Lessig• Lawrence Lessig 'The Law of the Horse: What Cyberlaw

Might Teach' (PDF only) (1999) 113 Harvard Law Review 501 (drafts were available from 1997)

• Lawrence Lessig Code and Other Laws of Cyberspace Basic Books 1999

• Lawrence Lessig 'Cyberspace's Architectural Constitution' (June 2000, Text of lecture at www9, Amsterdam)

• Lawrence Lessig The Future of Ideas: The Fate of the Commons in a Connected World Random House, 2001

• See his home page for links to these and others

References(2)

� Works by others• James Boyle 'Surveillance, Sovereignty, and Hard-Wired

Censors' (1997)• Graham Greenleaf 'An Endnote on Regulating

Cyberspace: Architecture vs Law? (1998) University of New South Wales Law Journal Volume 21, Number 2

• Stefan Bechtold 'From Copyright to Information Law - Implications of Digital Rights Management'. Workshop on Security and Privacy in Digital Rights Management 2001. 5. November 2001, Philadelphia, USA.

• See the Timetable for further reading