Ten Years of Code: Best of the Blogs

Here are some of the most thought-provoking reactions to the debate at Cato Unbound this month.

David Post at the Volokh Conspiracy writes,

Code’s a very important book, in my view (and, I think, objectively speaking, in the view of pretty much everyone involved in thinking about law and regulation on the Net). Lessig got a lot of things right in Code; most fundamentally, the idea around which much of the book is organized — that “code is law” on the global network — is a very rich one, and even a profound one, and it has been central to a great deal of very productive thinking in the field. Code got some things wrong, too — most fundamentally, when Lessig argued that it is fruitless (and perhaps even dangerous) to talk about cyberspace’s “nature.” [If I could explain my reasons for saying that he was wrong about that without having to write a whole book, I would do so; but I can’t, so you’ll just have to read the book if you’re interested].

I’ve written a fair bit about Code, in my book and elsewhere, and I won’t repeat what I’ve already said — in fact, one of the interesting things about Code and its role within the cyberlaw debates of the last decade is that the book actually helped move the conversation forward. Lessig positioned the book as an attack on, and a direct response to, the “cyber-libertarians.” The “cyber-libertarians,” in turn — myself among them — took him to task for that. But after duking it out for a while, it turns out that there wasn’t as much there as we thought: that debate isn’t where the interesting action is, in cyberspace. There’s plenty to argue about, regarding cyberspace law and policy; but arguing about the labels isn’t too useful or productive. That’s precisely the interesting thing about cyberspace; as Lessig puts it, “what drew me to cyberlaw originally was that it (originally) obscured politics. It confused intuitions. And in that confusion, people were forced to think. No crude shorthands. No summary judgment based upon a supposed set of affinities with debates almost a century old.”

Timothy B. Lee at Freedom to Tinker writes,

My ideological sympathies are with Declan and Adam, but rather than pile on to their ideological critiques, I want to focus on some of the specific technical predictions Lessig made in Code. People tend to forget that in addition to describing some key theoretical insights about the nature of Internet regulation, Lessig also made some pretty specific predictions about how cyberspace would evolve in the early years of the 21st Century. I think that enough time has elapsed that we can now take a careful look at those predictions and see how they’ve panned out.

Lessig’s key empirical claim was that as the Internet became more oriented around commerce, its architecture would be transformed in ways that undermined free speech and privacy. He thought that e-commerce would require the use of increasingly sophisticated public-key infrastructure that would allow any two parties on the net to easily and transparently exchange credentials. And this, in turn, would make anonymous browsing much harder, undermining privacy and making the Internet easier to regulate.

This didn’t happen, although for a couple of years after the publication of Code, it looked like a real possibility. At the time, Microsoft was pushing a single sign-on service called Passport that could have been the foundation of the kind of client authentication facility Lessig feared. But then passport flopped. Consumers weren’t enthusiastic about entrusting their identities to Microsoft, and businesses found that lighter-weight authentication processes were sufficient for most transactions. By 2005 companies like eBay started dropping Passport from their sites. The service has been rebranded Windows Live ID and is still limping along, but no one seriously expects it to become the kind of comprehensive identity-management system Lessig feared.

Lessig concedes that he was “wrong about the particulars of those technologies,” but he points to the emergence of a new generation of surveillance technologies—IP geolocation, deep packet inspection, and cookies—as evidence that his broader thesis was correct. I could quibble about whether any of these are really new technologies. Lessig discusses cookies in Code, and the other two are straightforward extensions of technologies that existed a decade ago. But the more fundamental problem is that these examples don’t really support Lessig’s original thesis. Remember that Lessig’s prediction was that changes to Internet architecture—such as the introduction of robust client authentication to web browsers—would transform the previously anarchic network into one that’s more easily regulated. But that doesn’t describe these technologies at all. Cookies, DPI, and geolocation are all technologies that work with vanilla TCP/IP, using browser technologies that were widely deployed in 1999. Technological changes made cyberspace more susceptible to regulation without any changes to the Internet’s architecture.

Indeed, it’s hard to think of any policy or architectural change that could have forestalled the rise of these technologies. The web would be extremely inconvenient if we didn’t have something like cookies. The engineering constraints on backbone routers make roughly geographical IP assignment almost unavoidable, and if IP addresses are tied to geography it’s only a matter of time before someone builds a database of the mapping. Finally, any unencrypted networking protocol is susceptible to deep packet inspection. Short of mandating that all traffic be encrypted, no conceivable regulatory intervention could have prevented the development of DPI tools.

Of course, now that these technologies exist, we can have a debate about whether to regulate their use. But Lessig was making a much stronger claim in 1999: that the Internet’s architecture (and, therefore, its susceptibility to regulation) circa 2009 would be dramatically different depending on the choices policymakers made in 1999. I think we can now say that this wasn’t right. Or, at least, the technologies he points to now aren’t good examples of that thesis.

Blaise Alleyne at Unity Behind Diversity writes,

I get so frustrated when people rationalize the locked down nature of the iPhone by saying that they can just unlock it. Unlocking an iPhone is not freedom. (1) It still rewards Apple, the maker of the chains, through the purchase; (2) it’s a disservice to the vast majority of people who don’t have the skills to unlock their devices.

I strongly believe that if geeks want to do something useful to solve the problems that Lessig and Zittrain identify, it has to involve supporting free (libre) technologies that don’t have any chains, instead of just buying into proprietary technologies and removing their own chains.

And finally, Ryan Calo is a fellow at the Center for Internet and Society at Stanford Law School, which Prof. Lessig founded. He writes via e-mail,

I agree that Code remains incredibly salient ten years in. But I question whether the Internet is really where we should continue to look for its impact.

We’re learning to manipulate more than just bits. Construction and design costs are falling, and we’re able to act more and more precisely on the human body and brain. Loitering has long been illegal. Now a municipality in England is ripping out public steps that teens gather to sit on and putting less comfortable stairs in their place. Building owners are using pink lights (which highlight acne) and high-pitch noises (which only the young can hear) to discourage the after school crowd. Vaccines are in development that render cocaine inert. Drugs cause intense nausea upon a sip of alcohol. And so forth.

If anything, the importance of the Internet is that it has expanded the realm of what seems possible. Take the context of online advertising. A central reason online ads continue to gain on traditional ads is that they allow for sophisticated targeting and analytics. You can know where a user has surfed and what she is looking at, so you can advertise to her based on relatively good intelligence about her preferences. And you can follow her clicks and views to determine the most effective sales strategy.

Not coincidentally, it now occurs to outdoor advertising companies to listen to what is playing on your car radio and change the billboards you see accordingly. Suddenly advertisers place cameras in billboards to detect demographic and other information about the people who look at ads. Today’s malls can follow you around using your cell phone signal as you shop to rearrange their store displays for maximum impact. For more on this, including sources, see my blog post of March 30, 2009.

We face scarier social challenges at the precise moment when we begin to overcome major technological obstacles of all kinds. This is Jonathan Zittrain’s great insight. The result is that there is everywhere both a will and a way to regulate by design over law. This presents opportunities to finally win worthwhile wars against destructive conduct, and it presents great dangers around decreased ability to resist and challenge. After all, there is no separation of powers, no civil disobedience, no defense of necessity where the underlying conduct is rendered impossible.

If anything, though, we should be much more worried about offline fallout. A clever hacker can get around digital rights management. Can she rip up stairs or counter a vaccine?

This entry was posted on Tuesday, May 19th, 2009 at 12:46 pm and is filed under The Conversation. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.