Lawrence Lessig originally wrote “Code and Other Laws of Cyberspace” in 1999, updating this landmark book in 2006 as “Code Version 2.0”. Lessig is a lawyer, and this book is about regulation. His great contribution to the literature of open source and networked communication structures consists of expanding the notion of regulation to include not only legal structures, but technological ones as well. Regulation is written into legal codes, but it is also written into hardware and software codes. This is summed up in his dictum: “code is law.” Originally, in the context of the late 90s, Lessig was reacting to the euphoric cyberlibertarianism that flourished at the time. This creed had two components: one descriptive (“the Internet by its very nature is unregulable by government”) and one political and prescriptive (“government should not attempt to regulate the Internet”). Lessig attacks both points by noting that law is only one small component of a complex, interconnected system of regulation that depends on the market, cultural norms, architectural design (code), and finally government. The Internet is the product of design; it’s initial design has made it very difficult to regulate, but there is nothing “natural”about it. In fact, that architecture is changing, largely due to commerce, and the result is not freedom from regulation, but actually tighter regulation than we have ever been subjected to previously. The balance of Lessig’s book argues that our basic freedoms are in the process of being eroded, and that proactive steps (including limited government regulation) are necessary to reset the balance, not only to protect our basic values and freedoms, but to better harness the potential of the Internet for continuing innovation.
In 2006, as Lessig notes in his preface, the 90s euphoria has died, and his argument is no longer as controversial. The net no longer seems as free as it once was: commerce has significantly encroached on our experience of cyberspace and the dangers of the Net are becoming more obvious and frightening (identity theft, erosion of anonymity, spam bombardment). Lessig’s book, however, has now been updated to catalog a progression of architectural changes that were largely only prediction in the first version, and his argument is more necessary than ever.
The strength of the TCP/IP architecture, which enabled and runs the Internet, is that it is an end-to-end network. The core of the network is very simple, making no judgments about the packets of data it receives and sends: it is blind, doesn’t check to see who is sending or receiving the information (authentication), and doesn’t know what it’s sending. This architecture is so effective at enabling cyberspace because it scales easily and can be utilized in many different ways (for instance, it can be used for sending and receiving files, or it can be used for email, or it can be used for the Web, or it can be used for video streaming, etc.). This is why it has enabled innovation on such a mass scale: it was designed for maximum flexibility and expandability. Complexity is pushed to the edges of the network, which effectively makes it a multi-tool of innovation. In such a network, anonymity is the given. This is one reason that the Net’s architecture was originally protective of freedom: without any built-in authentication, it was impossible to track the happenings of cyberspace to individuals or places in the physical world. In Lessig’s terms, “everyone was invisible,” and it’s nearly impossible to control an invisible person.
Now, however, all that is changing, not due to government interference but due to the marketplace: commerce cannot function efficiently without a way to track people, and thus browser cookies and various authentication technologies were born. These now live in a separate layer, on top of the TCP/IP architecture, and effectively eliminate anonymity on the net for most people. This, however, is inevitable, and has enabled many technologies that we like. The problem, for Lessig, is that code can regulate behavior far more effectively than law, and many of the basic rights we take for granted in the physical world, and which enable a great deal of creativity and innovation, were only guaranteed because they were essentially unregulable. The law has always taken that into consideration, striking a careful balance between architecture (what is possible and practical given the state of technology), law, cultural norms, and market controls. Now, however, Internet code has completely upset that balance, making areas of our lives that were never regulable easy to regulate. Code is simply a more effective regulator. Because each of these tools of regulation is also a check against the others, when code streaks ahead, the others will need to compensate if we are to maintain the freedoms we had in the past.
One of Lessig’s primary concerns is copyright. Copyright law is designed to encourage innovation by striking a balance between incentivizing creators to create more works (by giving them limited monopolies on their creations, allowing them to market them) while at the same time providing for a cultural commons that itself acts as a pool for innovation (i.e., the raw materials for others to create derivative works). In general, this system mostly works because so much use falls outside the purview of copyright, not due to the law but due to enforceability: copyright is infringed all the time, but because it is done so in a local way that doesn’t actually disincentivize creators, it is effectively overlooked. This includes everything from amateur bands to blogs to startup businesses. In cyberspace, however, code can absolutely regulate behavior: it is at least theoretically possible, once a stronger system of authentication is deployed on the Net, for code to prevent anyone from infringing copyright under any circumstances. DRM is a good example of how this works: it doesn’t just threaten punishment if one copies a film or song and distributes it to others; the code actually prevents one from being able to do so. This brings out a salient difference between “East Coast code”(law) and “West Cost code” (hardware and software architecture): the law involves judgment, and is thus challengable: you can always choose to break the law and then fight its applicability or constitutionality in court. No such choice exists with code. For the same reason, if you’ve accidentally been placed on a server blacklist and can no longer send email, you have no legal recourse. Code, then, can be used to control behavior to an absolute extent, and that, according to Lessig, is exactly where it is heading.
Lessig’s plea is that we acknowledge the controlling potential of code, recognize how different architectures embody different fundamental values, and choose our architectures according to the values we wish to preserve. One way to do that is to use law, in conjunction with norms and the market, to place limits on code regulation. In contrast to the cyberlibertarian call to keep law out of the business of regulating code in order to keep cyberspace free, then, Lessig argues that such an approach is exactly what is making cyberspace unfree, and the remedy is to bring in law to constrain code in order to keep cyberspace free.
Of course, as code can be all-controlling, we also have to be careful about who controls the code. We do not want a single company with proprietary code to regulate our behavior (as is the case with Diebold voting machines) any more than we want the government to control us with their code. When code is used to regulate, then, it is to everyone’s benefit that it be open code; that is, that it be open source. The primary value that is preserved by open code is transparency, essential to all regulation, according to Lessig. That is, open code acts as a restraint on power by allowing users to verify what it is doing. It is the equivalent of having the law codes published so that the public can learn how they function. Proprietary code may be acceptible in cases where it doesn’t regulate our behavior, but when code acts as law (as with almost all Internet code), we cannot allow it to be closed source: “open code is a foundation to an open society” (153).
Besides being open, Lessig believes that code should be modular: “Modularity ensures that better components could be substituted for worse. And from a competitive perspective, modularity permits greater competition in the development of improvements in a particular coding project.” (328) Modularity is the key to most open source software (see Weber) for this very reason: it both scales well in distributed architectures of innovation and encourages innovation and improvement directly. When code regulates, it is all the more important that it be improvable if we are to maintain dynamic control over the structures that constrain and enable our behavior.
Lessig ends his book on a dour note: we are not, he believes, culturally ready for this technological revolution. The technology is controlling us instead of the other way around. To regain the steering wheel, we must have the foresight and courage to construct cyberspace in such a way as to embody the values that we wish to preserve. If they are openness, transparency, creativity, innovation, and freedom, then we must act quickly before code that is out of our control eradicates all of these.
Purchase it on Amazon.Tagged with: authentication • code is law • constitution • cyberspace • innovation • Internet • law • open-source • TCP/IP