Theories of

cyberspace regulation

Internet Governance, Topic 3

Professor Graham Greenleaf

Cyberspace regulation?
The problem: Cyberspace is a different
context from the physical world.
We may need to rethink how regulation of
behaviour works.
The questions:
(i) What regulates? - What different forms of
regulation are there?
(ii) Who regulates? - Who controls the forms
of regulation, and what is their legitimacy?

Theorists and theories
Digital libertarians/ anarchists
Theorists
Barlows Cyberspace Declaration of Independence (1996)
Self-governance theorists (eg David Post)
Theories criticising:
Irrelevance of legal concepts based on matter
Ineffectiveness and illegitimacy of territorially-based government in
cyberspace
Scepticism about international agreements or institutions (even self-
governing ones)
Theories favouring
Effectiveness of self-governing cyberspace institutions
Arguments for the most decentralised forms of regulation, and for private
orderings based on contract

Other theorists
Trotter Hardy - most decentralised level of
regulation is the proper regime (1994)
Joel Reidenberg - Lex Informatica
The Internet (somehow) provides the
appropriate technical devices for regulation

Do theories describe or / and
prescribe?
Barlow Regulation will fail; Nations have no
Internet cannot be right to regulate
regulated new realm of
mind
Post Self-regulation can Self-regulation
work should be left to
work

Hardy Decentralised Decentralised is

regulation is the proper regime
efficient

Description and/or prescription

Reidenbergs Technology Regulators should

lex informatica provides effective use infrastructure
tools for regulation to regulate

Lessig Cyberspace is Legitimacy of

regulated by all 4 those controlling
modes; code is code should be
increasingly questioned
effective

Digital realists
Lawrence Lessig (best known), James Boyle
Lessig's answers to what and who regulates:
4 things regulate - Norms; Markets, Law and 'Code'
Law also regulates the other 3 - indirect regulation
Effectiveness is very different in cyberspace
Main lesson: Consider all 4 and their interaction
Criticisms:
code does not capture all of architecture
misses other forms of regulation (informal sanctions;
surveillance?)


Constraint 1 - Norms,
morality, conventions
Real space norms cause disapproval and guilt
Cyberspace has its own 'netiquette'
Examples: using CAPITALS; attachments sent to lists
Some Internet self-regulation creates norms
Eg observance of Robot Exclusion Standard
Observance is by voluntary conduct, not code
Numerous other Internet governance conventions
Effectiveness increased by surveillance
The morality of the goldfish bowl
In cyberspace no one knows youre a dog is false

Constraint 2 - Markets
Market constrains work in cyberspace
Unpopular 'code' can perish
Selling region-blocked DVD players in HK?
Surveillance damaged DoubleClick's share price
Prices can affect norms
Are CD / DVD prices considered fair?
Is DVD region blocking fair?
Theories of network economics are important

Constraint 3 - 'Code
In real space - Natural and built environment -
Bank robberies - Laws and morality help; but walls,
locks, glass & guns are better
Immigration - Distance and lack of borders
Easy to ignore, often because unchangeable
In cyberspace - Code is the equivalent
Can control access, and monitor it
Determines what actions are possible and impossible
A set of constraints on how one can behave -Lessig
The walls, bridges, locks and cameras of cyberspace

E2e: 'code' layer commons
e2e ('end to end') network design
Philosophy of the original Internet designers
'Smart' features are at the margins
Anyone can add a new application to the net
Network controllers do not decide applications allowed
Innovation irrespective of the wishes of network
owners
'Code' helps determine the level of innovation
Absence of control by code here enables innovation

Code' or 'architecture'?
'Code' is cute but confusing
East coast code (Washington) vs West coast code
(Redmond)
The US Code vs hackers' code
'Architecture' is more accurate
Cyberspace is more than software
Protocols (non-material artefacts)
Hardware (material artefacts)
Biology and geography (natural environment)
'Code' is part of cyberspace architecture

More confusion:
Code and code layer
physical layer Computers and wires that
link them

code layer Includes Internet protocols

(or logical layer)

content layer Includes applications

(material served across the software (still called code,
network) but not in the code layer)

From Lessig The

Internet Under Siege

Cyberspace architecture:
why it is different
It is almost entirely artefact
It has generally high plasticity
Its easier to change cyberspace, even when built
Exceptions: Internet protocols; open source code
Greater immediacy of application
It is often self-executing
Its legitimacy is questionable
We should ask the pedigree of any regulation
What should private companies control?

4 Law - direct and indirect
Law increasingly directly regulates cyberspace
behaviour - both national and international
But it indirectly regulates the other 3 constraints
Legal regulation of architecture is the key
It is the most effective strategy for governments
Anti-circumvention laws protect private control of
architecture
It is also vital for limiting private power
The digital libertarians were wrong

Effective regulation
Finding the best mix of constraints
How to prevent discrimination?
Prohibition; education; building codes
How to stop people smoking?
Age limits; prohibited places; education; warnings;
taxes
Q: Does Lessigs model describe adequately
the range of constraints? .

5th constraint?:
Informal sanctions

Much regulation is by informal sanctions:

Ability to exclude (taking your ball home)
Ability to use physical force / intimidation
Informal sanctions (IS) do not necessarily
require any of the other constraints:
Much law aims at limiting IS
IS may but need not support norms
Q: In cyberspace, are informal sanctions largely
dependent on control of architecture?

6th constraint?: Surveillance
A relationship of knowledge
Knowledge by the watcher of those watched
Foucault's 'discipline'; Bentham's Panopticon
Facilitated by architecture, but not part of it
Facilitates observance of norms and laws, but independent
More important in cyberspace regulation
The normal context of identification is removed
Identification, not anonymity, is the default
Q: In cyberspace, does surveillance depend on
control of architecture?

Law modifying surveillance
Law acts indirectly to modify surveillance
Data protection laws protect privacy
Eg Personal Data (Privacy) Ordinance
Laws mandate compliance
eg smart ID card
Laws prevent circumvention
Eg illegal to modify smart card, or possess
eg DRMS anti-circumvention

Example: Copyright, DRMS
and anti-circumvention
DRMS - The new paradigm for content
protection
Copyright law was the old paradigm
Content owners want to control 3 parties
Content consumers
Consumer hardware manufacturers
Content intermediaries
(DRMS diagram modified from Bechtold)

 Content
intermediaries
(licensed) Digital
Publishers, retailers, content
DRMS intermediaries, owners
theatres, TV, etc

Pirate distributors

Contract

Technological measures

Technology protection legislation

Content protection legislation

Consumer Content
hardware consumers
manufacturers (purchasers)
(DRMS
licencees)

Circumvention device mfgs; Illegal consumer copiers;

unlicensed hardware mfgs. borrowers, renters etc

Technological measures
Distinguish content-protection
technologies and systems (aka DRMS)
Technologies are broadly either for copy-
protection or access-prevention

Contracts new role in IP
Click wrap contracts with consumers
Contracts go beyond law
Can impose contracts on all consumers
Recognised in ProCD v Zeidenberg (USA, 1996); no
equivalent HK development yet
Distribution licences with intermediaries
Stronger anti-circumvention and RMI
DRMS licences with hardware makers
Ensuring hardware enforces copy-protection

Technology protection legislation

Hong Kong Copyright Ordinance

Q: Does the Ordinance prohibit actions which
are not breaches of ?
s273 - Devices to circumvent copy-protection

s274 - interference with rights management

information (RMI)

Residual role of law
Copyright legislation no longer the
principal protection of content owners
Some content owners wish to eliminate
consumer rights in laws
Control over content outside law is one
objective: eg works out of ; database
content

DRMS, theory and innovation

DRMS are one of the best examples of

the interaction between forms of Internet
regulation
Lessig also attempts to demonstrate how
the Internet is losing its character as an
innovation commons, partly through
changes to IP law and regulation

Importance of 'commons'
Lessig's argument in The Future of Ideas'
The Internet is an 'innovation commons
It is in danger of losing that character
'Commons' - Resources from which no-one
may be excluded - the 'free'
Commons are not necessarily 'tragic':
Not if they are non-rivalrous (eg protocols)
Not if you control over-consumption
Both require sufficient incentives to create

Internet as an 'innovation
commons'
Benefits of the Internet as a commons
Benefits to freedom (first book)
Benefits to innovation (second book)
Must consider each Internet 'layer'
Physical layer, 'code' layer (protocols and
applications) and content layer
Each could be a commons or controlled
Currently, each layer is partly controlled
Changes imperil the mix providing innovation

Lessig's innovation recipe (1)

1 'Physical' layer reforms

Spectrum allocation for wireless Internet
2 'Code' layer reforms
Government encouragement of open code
US government uses proprietary programs
[The PRC government has done this already]
Require 'code neutrality' by carriers, by
(a) Banishment from providing Internet services; or
(b) Requirement to provide open access; or
(c) No TCP/IP without observing e2e

Lessig's innovation recipe (2)

3a Content layer - Copyright law reforms

Short renewable terms
Eldred v Ashmore: stop the term being extended
[Shorter or renewable terms would breach US treaty
obligations]
For software, 5 year term only, renewable once
A defence for new technologies
'No breach if no harm to copyright owner'
Compulsory licensing of music for file-sharing

Lessig's innovation recipe (3)

3a Content layer - Copyright law reforms

(cont)
Tax benefits for putting works into the public
domain
A 'right to hack' DRMS to protect fair use ('Cohen
theorem')
Stop contract law undermining copyright law
3b Content layer - Patent law reforms
Moratorium on patents for software and business
methods

References(1)
Works by Lawrence Lessig
Lawrence Lessig 'The Law of the Horse: What Cyberlaw
Might Teach' (PDF only) (1999) 113 Harvard Law
Review 501 (drafts were available from 1997)
Lawrence Lessig Code and Other Laws of Cyberspace
Basic Books 1999
Lawrence Lessig 'Cyberspace's Architectural
Constitution' (June 2000, Text of lecture at www9,
Amsterdam)
Lawrence Lessig The Future of Ideas: The Fate of the
Commons in a Connected World Random House, 2001
See his home page for links to these and others

References(2)
Works by others
James Boyle
'Surveillance, Sovereignty, and Hard-Wired Censors' (1997)
Graham Greenleaf
'An Endnote on Regulating Cyberspace: Architecture vs
Law? (1998) University of New South Wales Law Journal
Volume 21, Number 2
Stefan Bechtold
'From Copyright to Information Law - Implications of Digita
l Rights Management'
. Workshop on Security and Privacy in Digital Rights
Management 2001. 5. November 2001, Philadelphia, USA.
See the Timetable for further reading