Theories of
cyberspace regulation
Internet Governance, Topic 3
Professor Graham Greenleaf
Cyberspace regulation?
The problem: Cyberspace is a different
context from the physical world.
We may need to rethink how regulation of
behaviour works.
The questions:
(i) What regulates? - What different forms of
regulation are there?
(ii) Who regulates? - Who controls the forms
of regulation, and what is their legitimacy?
Theorists and theories
‘Digital libertarians’/ anarchists
Theorists
Barlow’s ‘Cyberspace Declaration of Independence’ (1996)
Self-governance theorists (eg David Post)
Theories criticising:
Irrelevance of legal concepts based on matter
Ineffectiveness and illegitimacy of territorially-based
government in cyberspace
Scepticism about international agreements or institutions
(even self-governing ones)
Theories favouring
Effectiveness of self-governing cyberspace institutions
Arguments for the most decentralised forms of regulation,
and for ‘private orderings’ based on contract
Other theorists
Trotter Hardy - most decentralised level of
regulation is the ‘proper regime’ (1994)
Joel Reidenberg - ‘Lex Informatica’
The Internet (somehow) provides the
appropriate technical devices for regulation
Do theories describe or / and
prescribe?
Barlow
Regulation will fail; Nations have no
Internet cannot be right to regulate
‘new realm of
regulated
mind’
Post
Self-regulation
can work
Self-regulation
should be left to
work
Hardy
Decentralised
regulation is
efficient
Decentralised is
the ‘proper
regime’
Description and/or prescription
Reidenberg’s
lex informatica
Technology
Regulators should
provides effective use infrastructure
tools for regulation to regulate
Lessig
Cyberspace is
regulated by all 4
modes; code is
increasingly
effective
Legitimacy of
those controlling
code should be
questioned
‘Digital realists’
Lawrence Lessig (best known), James Boyle
Lessig's answers to what and who regulates:
4 things regulate - Norms; Markets, Law and 'Code'
Law also regulates the other 3 - indirect regulation
Effectiveness is very different in cyberspace
Main lesson: Consider all 4 and their interaction
Criticisms:
‘code’ does not capture all of ‘architecture’
misses other forms of regulation (informal sanctions;
surveillance?)
Constraint 1 -Norms,
morality, conventions
Real space norms cause disapproval and guilt
Cyberspace has its own 'netiquette'
Examples: using CAPITALS; attachments sent to lists
Some Internet self-regulation creates norms
Eg observance of Robot Exclusion Standard
Observance is by voluntary conduct, not code
Numerous other Internet governance conventions
Effectiveness increased by surveillance
The morality of the goldfish bowl
‘In cyberspace no one knows you’re a dog’ is false
Constraint 2 - Markets
Market constrains work in cyberspace
Unpopular 'code' can perish
Selling region-blocked DVD players in HK?
Surveillance damaged DoubleClick's share price
Prices can affect norms
Are CD / DVD prices considered fair?
Is DVD region blocking fair?
Theories of network economics are important
Constraint 3 - 'Code’
In real space - Natural and built environment Bank robberies - Laws and morality help; but walls,
locks, glass & guns are better
Immigration - Distance and lack of borders
Easy to ignore, often because unchangeable
In cyberspace - ‘Code’ is the equivalent
Can control access, and monitor it
Determines what actions are possible and impossible
‘A set of constraints on how one can behave’ -Lessig
The walls, bridges, locks and cameras of cyberspace
E2e: 'code' layer commons
e2e ('end to end') network design
Philosophy of the original Internet designers
'Smart' features are at the margins
Anyone can add a new application to the net
Network controllers do not decide applications allowed
Innovation irrespective of the wishes of network
owners
'Code' helps determine the level of innovation
Absence of control by code here enables innovation
‘Code' or 'architecture'?
'Code' is cute but confusing
East coast code (Washington) vs West coast code
(Redmond)
The US Code vs hackers' code
'Architecture' is more accurate
Cyberspace is more than software
Protocols (non-material artefacts)
Hardware (material artefacts)
Biology and geography (natural environment)
'Code' is part of cyberspace architecture
More confusion:
Code and ‘code layer’
‘physical layer’
‘Computers and wires that
link them’
‘code layer’
Includes Internet protocols
(or ‘logical layer’)
‘content layer’
(‘material served across the
network’)
From Lessig ‘The
Internet Under Siege’
Includes applications
software (still called ‘code’,
but not in the ‘code layer’)
Cyberspace architecture:
why it is different
It is almost entirely artefact
It has generally high plasticity
Its easier to change cyberspace, even when built
Exceptions: Internet protocols; open source code
Greater immediacy of application
It is often self-executing
Its legitimacy is questionable
We should ask the pedigree of any regulation
What should private companies control?
4 Law - direct and indirect
Law increasingly directly regulates cyberspace
behaviour - both national and international
But it indirectly regulates the other 3 constraints
Legal regulation of architecture is the key
It is the most effective strategy for governments
Anti-circumvention laws protect private control of
architecture
It is also vital for limiting private power
The digital libertarians were wrong
Effective regulation
Finding the best mix of constraints
How to prevent discrimination?
Prohibition; education; building codes
How to stop people smoking?
Age limits; prohibited places; education;
warnings; taxes
Q: Does Lessig’s model describe adequately
the range of constraints? ….
5th constraint?:
Informal sanctions
Much regulation is by informal sanctions:
Ability to exclude (taking your ball home)
Ability to use physical force / intimidation
Informal sanctions (IS) do not necessarily
require any of the other constraints:
Much law aims at limiting IS
IS may but need not support norms
Q: In cyberspace, are informal sanctions largely
dependent on control of architecture?
6th constraint?: Surveillance
A relationship of knowledge
Knowledge by the watcher of those watched
Foucault's 'discipline'; Bentham's Panopticon
Facilitated by architecture, but not part of it
Facilitates observance of norms and laws, but independent
More important in cyberspace regulation
The normal context of identification is removed
Identification, not anonymity, is the default
Q: In cyberspace, does surveillance depend on
control of architecture?
Law modifying surveillance
Law acts indirectly to modify surveillance
Data protection laws protect privacy
Eg Personal Data (Privacy) Ordinance
Laws mandate compliance
eg smart ID card
Laws prevent circumvention
Eg illegal to modify smart card, or possess
eg DRMS anti-circumvention …
Example: Copyright, DRMS
and anti-circumvention
DRMS - The new paradigm for content
protection
Copyright law was the old paradigm
Content owners want to control 3 parties
Content consumers
Consumer hardware manufacturers
Content intermediaries
(DRMS diagram modified from Bechtold)
Content
intermediaries
(licensed)
Publishers, retailers,
DRMS intermediaries ,
theatres , TV, etc
Digital
content
owners
Pirate distributors
Contract
Technological measures
Technology protection legislation
Contentprotection legislation
Consumer
hardware
manufacturers
(DRMS
licencees)
Circumvention device mfgs;
unlicensed hardware mfgs.
Content
consumers
(purchasers)
Illegal consumer copiers ;
borrowers, renters etc
Technological measures
Distinguish content-protection
technologies and systems (aka DRMS)
Technologies are broadly either for copyprotection or access-prevention
Contract’s new role in IP
‘Click wrap’ contracts with consumers
Contracts go beyond © law
Can impose contracts on all consumers
Recognised in ProCD v Zeidenberg (USA, 1996); no
equivalent HK development yet
Distribution licences with intermediaries
Stronger anti-circumvention and RMI
DRMS licences with hardware makers
Ensuring hardware enforces copy-protection
Technology protection legislation
Hong Kong Copyright Ordinance
Q: Does the Ordinance prohibit actions which
are not breaches of ©?
s273 - Devices to circumvent copy-protection
s274 - interference with rights management
information (RMI)
Residual role of © law
Copyright legislation no longer the
principal protection of content ‘owners’
Some content owners wish to eliminate
consumer rights in © laws
Control over content outside © law is one
objective: eg works out of ©; database
content
DRMS, theory and innovation
DRMS are one of the best examples of
the interaction between forms of Internet
regulation
Lessig also attempts to demonstrate how
the Internet is losing its character as an
‘innovation commons’, partly through
changes to IP law and regulation
Importance of 'commons'
Lessig's argument in ’The Future of Ideas'
The Internet is an 'innovation commons’
It is in danger of losing that character
'Commons' - Resources from which no-one
may be excluded - the 'free'
Commons are not necessarily 'tragic':
Not if they are non-rivalrous (eg protocols)
Not if you control over-consumption
Both require sufficient incentives to create
Internet as an 'innovation
commons'
Benefits of the Internet as a commons
Benefits to freedom (first book)
Benefits to innovation (second book)
Must consider each Internet 'layer'
Physical layer, 'code' layer (protocols and
applications) and content layer
Each could be a commons or controlled
Currently, each layer is partly controlled
Changes imperil the mix providing innovation
Lessig's innovation recipe (1)
1
'Physical' layer reforms
Spectrum allocation for wireless Internet
2
'Code' layer reforms
Government encouragement of open code
• US government uses proprietary programs
• [The PRC government has done this already]
Require 'code neutrality' by carriers, by
• (a) Banishment from providing Internet services; or
• (b) Requirement to provide open access; or
• (c) No TCP/IP without observing e2e
Lessig's innovation recipe (2)
3a
Content layer - Copyright law reforms
Short renewable terms
• Eldred v Ashmore: stop the term being extended
• [Shorter or renewable terms would breach US treaty
obligations]
For software, 5 year term only, renewable once
A defence for new technologies
• 'No breach if no harm to copyright owner'
Compulsory licensing of music for file-sharing
Lessig's innovation recipe (3)
3a
Content layer - Copyright law reforms
(cont)
Tax benefits for putting works into the public
domain
A 'right to hack' DRMS to protect fair use ('Cohen
theorem')
Stop contract law undermining copyright law
3b
Content layer - Patent law reforms
Moratorium on patents for software and business
methods
References(1)
Works by Lawrence Lessig
• Lawrence Lessig 'The Law of the Horse: What Cyberlaw
Might Teach' (PDF only) (1999) 113 Harvard Law Review
501 (drafts were available from 1997)
• Lawrence Lessig Code and Other Laws of Cyberspace
Basic Books 1999
• Lawrence Lessig 'Cyberspace's Architectural
Constitution' (June 2000, Text of lecture at www9,
Amsterdam)
• Lawrence Lessig The Future of Ideas: The Fate of the
Commons in a Connected World Random House, 2001
• See his home page for links to these and others
References(2)
Works by others
• James Boyle 'Surveillance, Sovereignty, and Hard-Wired
Censors' (1997)
• Graham Greenleaf 'An Endnote on Regulating
Cyberspace: Architecture vs Law? (1998) University of
New South Wales Law Journal Volume 21, Number 2
• Stefan Bechtold 'From Copyright to Information Law Implications of Digital Rights Management'. Workshop
on Security and Privacy in Digital Rights Management
2001. 5. November 2001, Philadelphia, USA.
• See the Timetable for further reading