Continuing the Work of Code

I wrote Code to explain an academic insight. Writing Code launched me on an activist project.

The insight was a reminder (for as I said in the book, of course the point had been made throughout history): More than law regulates. And that if we find ourselves in a particularly happy moment — when the liberty and prosperity of the time make us wish that things as they are might always be — we need to remember that it’s not just law that can muck things up. John Stuart Mill was not just worried about Parliament in On Liberty. He was more worried about British norms that stifled dissent. Stanford Professor — and Reagan’s Assistant Attorney General for Antitrust — William Baxter was not just worried about backward regulation at the FCC. When he launched his effort to break up AT&T, he was also worried about market power that was stifling competition in telecommunications. French revolutionaries in the mid-19th century were not just worried about stupid edicts from a failing emperor — indeed, they thrived on such silliness. What worried them more was that Napoleon III had rebuilt Paris with wide boulevards and multiple passages, making it very difficult for them to bring the city to a standstill. What each of these actors recognized was the first point of Code: Again, that more than law regulates.

That point led to a second: That if we’re to preserve a state of liberty, we need to worry about much more than bad law. No doubt, laws might be changed to take away a liberty (think: the USA-PATRIOT Act). But so too, norms might change to make dissent costly (think: the Dixie Chicks). Markets could become concentrated, reducing the opportunity for innovation (think about the extraordinary re-concentration in telecom access to the Internet). And architecture, or “code” could change, to take away a freedom that too many had taken for granted (think: do you really know who knows what about where you go on the Internet?).

Point two then led to a final point three: That for the Internet, we (circa 1999) were paying plenty of attention to changes in law. We were not paying enough attention to changes in code. And indeed, for obvious reasons, those who controlled much of the code (what I unhelpfully called “commerce”) circa 1999 had plenty of reasons to change that code in ways that better enabled their own control, and as a byproduct (whether intended or not), control by the government. As I wrote, “Commerce, like government, fares better in a well-regulated world. Commerce would, whether directly or indirectly, help supply resources to build a well-regulated world.” (p. xiii)

When Code was published, my biggest fear was that these points were too obvious. That ten years later writers of the prominence of Adam Thierer still don’t get them at least gives me confidence that the effort was not unnecessary. (More on Adam later). But it is clear enough from Declan’s essay that he gets all this. And any differences between his intelligent and fair criticism of Code and my own current view are very small. Indeed, had the Editors of Cato Unbound not insisted I respond, I would have been happy to let his restatement be understood for my own argument, if only to let the point be understood by a broader and important community.

But if I must quibble, let me focus on the charge that I am Plato in disguise (or more accurately, a Plato-wannabe): That I “prefer,” as Declan puts it, “what probably could be called technocratic philosopher kings.”

This isn’t right. No doubt, Code argues that democratic government must take responsibility for the liberty that the Net preserves. By that I mean simply that democratic government can’t assume that the other regulators have liberty in their objective function. Corporations (at least public corporations) have maximizing shareholder value as their objective function — even corporations that promise not to be “evil.” Norms (thankfully) have no central command. And architectures (or codes) get built just as those who build them want — so the proprietary part built by commerce will follow commerce’s objective function, and the free software part built by hackers and the like will follow the norms of their own community. Thus, a liberty-loving democratic government must at least monitor to assure that the mix of regulating modalities doesn’t weaken liberty, or at least the liberty the democracy wants.

But Code grinds on endlessly about the limits in our current forms of democratic government. It explicitly argued that courts could not take this responsibility: “If there are decisions about where we should go, and choices about the values this space will include, then these are choices we can’t expect our courts to make.” (p. 319) And it emphatically concurred with the well-justified skepticism about democratic government more generally. As I wrote:

“[W]e are weary of governments. We are profoundly skeptical about the product of democratic politics. We believe, rightly or not, that these processes have been captured by special interests more concerned with individual than collective values. Although we believe that there is a role for collective judgments, we are repulsed by the idea of placing the design of something as important as the Internet into the hands of governments.” (p. 321)

But even though I shared then (and because I’ve continued to read Declan since then, I believe even more today) the view that governments as we know them are hopeless, I believed then (and even more today), that we can’t simply give up on making government work. That indeed, to allow the corruption that is government to continue would be catastrophic.

In the decade since Code, nobody makes the catastrophic point more effectively than Zittrain (The Future of the Internet and How to Stop It). The real hole in Code was the mechanism: I said there was an obvious union of interests between commerce and government. Neither liked the relative anonymity of the Internet circa 1995. Both would have an interest in layering onto the Net technologies that would make it easier to know who did what when. I was wrong about the particulars of those technologies. Digital certificates have not become ubiquitous. Certifying infrastructure is still crude.

But you’d have to be willfully oblivious to how the Net has changed not to concede that the general point was right: There were no ubiquitous and cheap technologies for deep packet sniffing in 1995. There are today. There was no simple way to identify with any confidence where in physical space someone was when someone was on the Internet. That technology is literally free (as in free speech) on the Internet today. There was no widely adopted infrastructure for tracing who did what in 1995. But the potential today through sophisticated cookies deployment for tracing your every move is almost unlimited, and we have no clue about the actual data-sharing agreements between the commercial entities that now “give” us the Internet.

All of these technologies (and many others as well) have been built by “commerce.” None has been developed by the government. They all have been built to serve legitimate commercial ends. But the argument of Code was that the unintended consequence of this “new and improved” Internet (from the perspective of commerce at least) would be newly empowered governments. And governments, as Zittrain rightly shows, are slowly coming to recognize this valuable gift.

Here again, the examples are endless. We could point with self-righteousness to Yahoo! France, where a court pointed to commercially developed IP-mapping technology as a justification for a rule that required Yahoo! to filter auctions on the basis of the user’s geo-location. Or we could point to Cisco routers, said to be used by the Chinese government to better control speech in China. Or we could practice a rare bit of domestic humility, and recall that just last year the U.S. government granted telecom providers like AT&T immunity for using privately developed technology to give the U.S. government after 9/11 an almost unimaginable ability to spy on the Internet — at least, unimaginable in 1995.

So I do stand with the core argument of Code, as any non-ideologue should: The Net is massively more regulable (as I put it) in 2008 than it was in 1995 — at least for , as I put it, the “bovine” among us. For this is the crucial qualification that many careless readers of Code overlook. As I wrote:

A fundamental principle of bovinity is operating here and elsewhere. Tiny controls, consistently enforced, are enough to direct very large animals. The controls of a certificate-rich Internet are tiny, I agree. But we are large animals. I think it is as likely that the majority of people would resist these small but efficient regulators of the Net as it is that cows would resist wire fences. This is who we are, and this is why these regulations work. (p. 73)

Substitute the current array of Net-based control technologies for “certificate-rich Internet,” and the same point is true: Whether hackers can crack the iPhone or not, the vast majority of the Internet lives life as the code permits.

But what that core argument missed — the “hole” as I put it above — was the mechanism that might move us from a better-enabled-surveillance Internet to the “dark” picture that Code warns of. And the clue is the non-bovine part of the Internet. As I have written elsewhere, we cheerleaders for the Internet have not done enough to make salient the real dangers non-bovinity presents. No doubt, great innovation comes from the non-bovine. But the point we cheerleaders suppressed was that not all great innovation is good — think spam, zombie-bots, or malware more generally.

This is the core anxiety that drives Zittrain’s fantastic book. That as the malicious on the Internet catches up with the good, it creates a new threat to liberty. At some point, Zittrain convincingly argues, the Net will face a catastrophic event caused directly or indirectly by these bad actors. That catastrophe will give the government the political will it needs to radically remake the Internet. Think about the USA-PATRIOT Act, and how it remade civil rights in America. Now think about an iPatriot Act, fundamentally remaking cyber-liberties. As I have written elsewhere, I once asked a senior government official whether there was an iPatriot Act in waiting. “Of course there is,” he told me, “and Vint Cerf is not going to like it very much.”

There is more reason today to worry about what the Net might become than there was in 1999, because there’s less reason today to trust longstanding norms of liberty or the rule of law than there was in 1999. Who would have predicted who we would become after 9/11? Who in the face of that reality could believe the Internet is any more secure? And “worry” not in the sense that we need to believe it will happen. But just in the sense that a parent worries about a car accident every time she buckles her toddler into a car seat — knowing not that an accident will happen, but just that if it does, it would have been inexcusable to have been so careless with the gift that that child is. So too do I believe about the liberty that the Internet has given us.

So of course there is reason galore for being skeptical about democratic government doing anything sensible to protect that liberty. Of course, there is an endless (and apparently never ending) list of useless (and worse) legislation that our government has enacted and threatens to enact. But the fact that there is no surgeon on hand does not mean your exploding appendix is any less dangerous. And likewise, the fact that Declan and I can agree about the uselessness of the current corruption we call government does not mean that there is no need for democracy to take responsibility for the liberty of the Internet and preserve it. As Zittrain notes, it is for that reason that I have shifted my own work away from the IP scholarship (in both the Internet Protocol and Intellectual Property senses of that term) of the last 15 years, and the activism of the last decade, to devote as much effort as I can to reforming the corruption that is our government.

One last note about Adam: I’ve argued that things aren’t quite a simple as some libertarians would suggest. That there’s not just bad law. There’s bad code. That we don’t need to worry just about Mussolini. We also need to worry about DRM or the code AT&T deploys to help the government spy upon users. That public threats to liberty can be complemented by private threats to liberty. And that the libertarian must be focused on both.

Adam translates my concern about private threats to liberty into “collectivism.” As if only Karl Marx could be concerned with the code commerce develops that might help government regulate more fiercely, or as if the Free Culture movement should be spending more time understanding the collected works of Lenin.

I still don’t buy the equation.

Collectivists want to limit individual liberty. The Free Culture movement wants to expand it. EFF fights DRM to advance its important civil liberties agenda. Neither it, nor I, aspire to a world where any “collective” gets to say how I or anyone else gets to deploy our liberty.

Likewise, I still reject the “since only law has the death penalty, we only need to worry about law’s effect on liberty” argument for giving private threats to liberty a free pass. Adam writes, “Lessig spends so much time trying to prove that ‘code is law’ that he seems utterly oblivious to the fact that ‘law is law,’ too, and has a much greater impact in shaping markets and human behavior.”

Of course, law is law. Who could be oblivious to that? And who would need a book to explain it? But the fact that “law is law” does not imply that it has a “much greater impact in shaping markets and human behavior.” Sometimes it does — especially when that “law” is delivered by a B1 bomber. But ask the RIAA whether it is law or code that is having a “greater impact in shaping markets” for music. Or ask the makers of Second Life whether the citizens of that space find themselves more constrained by the commercial code of their geo-jurisdiction or by the fact that the software code of Second Life doesn’t permit you simply to walk away (so to speak) with another person’s scepter. Whether and when law is more effective than code is an empirical matter — something to be studied, and considered, not dismissed by banalities spruced up with italics.

Finally, Adam spends an enormous chunk of his reply arguing that Code was wrong because some of the darker predictions I made in the book haven’t come true. “Trusted systems” aren’t everywhere (or they effectively are, but put that detail aside). DRM is dissolving (at least with music). And “just about every proprietary digital system is quickly cracked open and modified or challenged by open source and free-to-the-world Web 2.0 alternatives.”

But this is just to belittle the extraordinary work done by a world of activists who have over the past decade (and sometimes more) fought against these technologies of control. Replay the last decade without the EFF, the Free Software Foundation, Public Knowledge, the Open Rights Group, EPIC, and the ACLU and the story today would have been quite different. Certainly Code was not a prediction that these important groups would fail. Indeed, quite the opposite: It was the argument that their activism, and the activism of many others, was necessary if the liberty of the Internet circa 1995 was to survive.

I am very happy that these activists have proven the darkest predictions of Code wrong — so far. I am even more happy to see how many accept the basic framework of Code, and the insights and attention it demands. These insights were not mine. Mitch Kapor, William Mitchell, and Joel Reidenberg had all published points similar to mine before Code was published (as Code acknowledged). And the power of these insights has moved well beyond my work (again, see Zittrain).

But I would be happier still if we could move beyond red-baiting, and focus on a large number of difficult questions that remain. Questions not just about how to preserve the liberty of the Net against a host of threats, both public and private, but also about how to preserve the liberty of society and the Net against the ever-expanding harm caused by the captured corruption that we call democratic government.

[Editors’ note: The full text of Lessig’s Code Version 2.0 is available as a free download here. Page numbers refer to this edition.]

Also from this issue

Lead Essay

  • Journalist Declan McCullagh offers a mixed assessment of Lawrence Lessig’s Code and Other Laws of Cyberspace: Although Lessig was right that preserving individual liberty on the Internet is important, and although he was right to note the crucial importance of infrastructure and basic rulemaking in preserving individual choice, Lessig was mistaken in at least two ways. Lawmakers haven’t lived up to Lessig’s high expectations, and the “threat” of commercialization has largely failed to materialize.

Response Essays

  • Jonathan Zittrain argues that the differences between Lawrence Lessig and Declan McCullagh aren’t really ideological. They’re about process and approach. He personally finds much common ground with cyberlibertarians, but also believes that a great deal of effort must be put forth to create institutions that will preserve an open Internet. Neither the government nor traditional, market-based firms are necessarily well-suited to the task.

  • Adam Thierer condemns Lessig’s Code for its pessimism and inaccurate predictions. Where Code predicted that the future would consist largely of online “walled gardens” offering total corporate control, the walled-garden model has proven a failure. Lessig has recently claimed that he is even more confident today of the predictions he made ten years ago; Thierer doubts whether any evidence supports him. Thierer views Code and the intellectual movement it spawned as essentially one that justifies government control where no such control is warranted. He laments this movement’s growing influence.

  • Lawrence Lessig is happy that many of the bleaker predictions of Code have not come to pass. This is not to be taken, however, as a sign that freedom is easily gained or kept. It took an enormous amount of work on the part of many theorists, activists, coders, and lawyers to preserve liberty on the Internet. If Code looks wrong in hindsight, we have them to thank. Yet new threats loom large today, and Lessig in particular praises Jonathan Zittrain’s The Future of the Internet and How to Stop It as a warning to a new generation seeking to preserve liberty on the Internet. Future activists will have to continue the work of preserving freedom, because, he concludes, democratic government often isn’t up to the task.