IP: Godwin review of Lessig's CODE

[Dave Farber <farber () cis upenn edu>]

> Date: Tue, 14 Dec 1999 12:33:15 -0500
> To: farber () cis upenn edu
> From: Mike Godwin <mnemonic () well com>
>
>
> Dave, here's my take on Lessig's book.
>
>
> --Mike
>
>
>
> Lessig's CODE puts cyberspace at center of new constitutional debate.
> Review of CODE AND OTHER LAWS OF CYBERSPACE (Basic Books, 1999)
> By Mike Godwin
> For E-Commerce Law Weekly
>
> Imagine that you could somehow assemble the pioneers of the Internet
> and the first political theorists of cyberspace in a room and poll
> them as to what beliefs they have in common. Although there'd be lots
> of heated discussion and no unanimity on any single belief, you might
> find a majority could get behind something like the following four
> premises.
>
> 1) The Internet does not lend itself to regulation by governments.
>
> 2) The proper way to guarantee liberty is to limit the role of
> government and to prevent government from acting foolishly with
> regard to the Internet.
>
> 3) The structure of the Internet-the "architecture" of cyberspace, if
> you will-is politically neutral and cannot easily be manipulated by
> government or special interests.
>
> 4) The expansion of e-commerce and the movement of much of our public
> discourse to the online world will increase our freedom both as
> citizens and as consumers.
>
> But what if each of these premises is at best incomplete and at worse
> false or misleading? (Leave aside the likelihood that they're not
> entirely consistent with one another.) What if the architecture of
> the Net can be changed by government and the dynamism of e-commerce?
> What if the very developments that enhance electronic commerce also
> undermine political freedom and privacy? The result might be that
> engineers and activists who are concerned about preserving democratic
> values in cyberspace were focusing their efforts in the wrong
> direction. By viewing governmental power as the primary threat to
> liberty, autonomy, and dignity, they'd blind themselves to the real
> threats-threats that it may require government to block or remedy.
>
> It is precisely this situation in which Harvard law professor
> Lawrence Lessig believes we find ourselves. In his new book CODE AND
> OTHER LAWS OF CYBERSPACE (Basic Books, 1999), Lessig explores at
> length his thesis that the existing accounts of the political and
> legal framework of cyberspace are incomplete, and that their very
> incompleteness may prevent us from preserving the aspects of the
> Internet we value most. CODE is a direct assault on the libertarian
> perspective that informs much Internet policy debate these days.
> What's more, Lessig knows that he's swimming against the tide here,
> but he nevertheless takes on in CODE a project that, although focused
> on cyberspace, amounts to nothing less than the relegitimization of
> the liberal (in the American sense) philosophy of government.
>
> It is a measure of Lessig's thoroughness and commitment to this
> project that he mostly succeeds in reopening the debate about the
> proper role of government with regard to the Net -- this in an era in
> which, with the exception of a few carveouts like Internet gambling
> and cybersquatting, Congress and the White House have largely thrown
> up their hands when it comes to Internet policy. While this
> do-nothingism is arguably an improvement over the kind of panicky,
> ill-informed interventionism of 1996's Communications Decency Act
> (which Lessig terms "[a] law of extraordinary stupidity" that
> "practically impaled itself on the First Amendment), it also falls
> far short, he says, of preserving fundamental civil values in a
> landscape reshaped by technological change.
>
> The Architecture Is Not Static
>
> To follow Lessig's reasoning in CODE you need to follow his
> terminology. This is not always easy to do, since the language by
> which he describes the Internet as it is today and as it might
> someday become is deeply metaphorical. Perhaps the least problematic
> of his terms is "architecture," which Lessig borrows from Mitchell
> Kapor's Internet aphorism that "architecture is politics." Although
> his use of the term is a little slippery, Lessig mostly means for us
> to understand the term "architecture" to refer to both (a) the
> underlying software and protocols on which the Internet is based and
> (b) the kinds of applications that may run "on top of that Internet
> software infrastructure. And while the first kind of architecture is
> not by itself easily regulable, Lessig says, the second kind might
> make it so-for example by incorporating the various monitoring and
> identification functions that already exist on proprietary systems
> and corporate intranets.
>
> More difficult to get a handle on is his use of the word "code,"
> which seems to expand and contract from chapter to chapter. At some
> bedrock level, Lessig means "code" to signify the hardware and software
> that makes up the Internet environment (akin to the sense of "code" that
> programmers use). But he's also fond of metaphoric uses of "code"
> that muddy the waters. "Code is law," Lessig writes at several
> points, by which we may take him to mean that the Internet's software
> constrains and shapes our behavior with as much force as law does.
> (And of course the book's title equates code and law.)
>
> Elsewhere, however, he writes that code is something qualitatively
> different from law in that it does not derive from legislative or
> juridical action or community norms, yet may affect us more than laws
> or norms do, while providing us less opportunity for amendment or
> democratic feedback. It doesn't help matters when he refers to things
> like bicycle locks as "real-world code." But if you can suspend your
> lexical disbelief for a while, the thrust of Lessig's argument
> survives any superficial confusions wrought by his terminology.
>
> That argument depends heavily on the first point Lessig makes about
> Internet architecture, which is simply that it's malleable-shapeable
> by human beings who may wish to implement an agenda. The initial
> architecture of the Internet, he says correctly, emphasized openness
> and flexibility but provided little support for identifying or
> authenticating actual individuals or monitoring them or gathering
> data about them. "On the Internet it is both easy to hide that you
> are a dog and hard to prove that you are not," Lessig writes. But
> this is a version of the Internet, he says, that is already being
> reshaped by e-commerce, which has reasons for wanting to identify
> buyers, share financial data about them, and authenticate the
> participants in transactions. At the center of e-commerce-wrought
> changes is the technology of encryption, which, while it has the
> ability to render communications and transactions secret in transit,
> also enables an architecture of identification (through, e.g.,
> encryption-based certification of identity and digital signatures).
> The key to the creation of such an architecture, Lessig writes, is
> not that a government will require people to hold and use certified
> Ids.  Instead, he writes, "The key is incentives: systems that build
> the incentives for individuals voluntarily to hold IDs." Adds Lessig:
> "When architectures accommodate users who come with an ID installed
> and make life difficult for users who refuse to bear an ID,
> certification will spread quickly."
>
> But even if you don't believe that e-commerce alone will establish an
> architecture of identification, he writes, there are reasons to
> believe that government will want to help such an architecture along.
> After all, a technology that enables e-commerce merchants to identify
> you and authorize your transactions may also have an important
> secondary usefulness to a government that wants to know where you've
> been and what you've been up to on the Internet.
>
> And if the government wants to change the technological architecture
> of the Internet, there's no reason to believe it wouldn't succeed, at
> least to some extent. After all, Lessig says, the government is
> already involved in mandating changes in existing architectures in
> order to effectuate policy. Among the examples of this kind of
> architectural intervention, he says, are (a) the Communications
> Assistance to Law Enforcement Act of 1994, in which Congress
> compelled telephone companies to make their infrastructure more
> conducive to successful wiretaps, (b) Congress's requiring the
> manufacturers of digital recording devices to incorporate
> technologies that limit the extent to which perfect copies can be
> made, and (c) the requirement in the Telecommunications Act of 1996
> that the television industry design and manufacture a V-chip to
> facilitate individuals' ability to automatically block certain kinds
> of televised content.
>
> With an identification architecture in place, Lessig argues, what
> previously might seem to be an intractable Internet-regulation
> problem, like the prohibition of Internet gambling, might become
> quite manageable.
>
> The Government and Code
>
> An account of social activity on the Internet that deals solely with
> the legal framework is inadequate, Lessig argues.  In Lessig's view,
> the actual "regulators" of social behavior come from four sources,
> each of which has its own dynamic. Those sources of social
> constraints are: the market, the law, social norms, and architecture
> (here "architecture" means "the constructed environment in which
> human beings conduct their activities).  "But these separate
> constraints obviously don't simply exist as givens in a social life,"
> Lessig writes. "They are neither found in nature nor fixed by God,"
> he writes, adding that each constraint "can be changed, although the
> mechanism of changing each is complex." The legal system, he says,
> "can have a significant role in this mechanics."
>
> So can the open-source movement, which Lessig refers to as "open
> code." The problem with "architectural" constraints, and the thing
> that distinguishes them from any other kind, is that they don't
> depend on human awareness or judgment to function.  You may choose
> whether or not to obey a law or a social norm, for example, and you
> may choose whether or not to buy or sell something in the market, but
> (to use the metaphor) you can't enter a building through a door if
> there's no door there, and you can't open a window if there's no
> window. Open code-software that is part of a code "commons," that is
> not owned by any individual or business, and that can be inspected
> and modified-can provide a "a check on state power," Lessig writes,
> insofar as it makes any government-mandated component of the
> architecture of the Net both visible to, and (potentially) alterable
> by, citizens. Open code, which still makes up a large part of the
> Internet infrastructure, is thus a way of making architecture
> accountable and subject to democratic feedback, he argues. "I
> certainly believe that government must be constrained, and I endorse
> the constraints that open code imposes, but it is not my objective to
> disable government generally," Lessig writes. But, he adds, "some
> values can be achieved only if government intervenes."
>
> A Jurisprudence of Cyberspace?
>
> One way that government intervenes, of course, is through the court
> system. And as Lessig notes, it may be the courts that are first
> called upon to interpret and preserve our social values when
> technology shifts the effective balance of rights for individuals.  A
> court faced with such a shift often must engage in "translation" of
> longstanding individual rights into a new context, he says. Take
> wiretapping, for example. Once upon a time, it was not so easy for
> law-enforcement agents to get access to private conversations. But
> once telephones had become commonplace and (as Lessig puts it) "life
> had just begun to move onto the wires," the government began to tap
> phones in order to gather evidence in criminal investigations. Does
> wiretapping raise Fourth Amendment concerns? The Supreme Court first
> answered this question in Olmstead v. United States (1928) -- the
> answer for the majority was that wiretapping (at least when the tap
> was placed somewhere other than on a tappee's property) did not raise
> Fourth Amendment issues since the precise language of the Fourth
> Amendment does not address the nontrespassory overhearing of
> conversations. That's one mode of translation, Lessig writes-the
> court preserved the precise language of the Fourth Amendment in a way
> that contracted the scope of the zone of privacy protected by the
> Fourth Amendment.
>
> But that's only one way to translate constitutional values, Lessig
> argues. Another, and arguably preferable approache, he says, would be
> to follow Justice Louis Brandeis's approach in his dissent in
> Olmstead-an approach that preserves the scope of the privacy zone
> while departing from a strict adherence to the literal language of
> the Amendment. (Brandeis's dissent, arguing that the capture of
> private conversations does implicate the Fourth Amendment, was
> adopted by the Supreme Court forty years after Olmstead.)
>
> But what if technology raises a question for a court for which it's
> not clear which interpretative choice comes closer to preserving or
> "translating" the values inherent in the Bill of Rights? Borrowing
> from contract law, Lessig calls such a circumstance a "latent
> ambiguity." He further suggests (this is perhaps the most
> unfashionable of his arguments) that, instead of simply refusing to
> act and referring the policy question to the legislature, courts
> might simply attempt to make the best choice at preserving
> constitutional values in the hope that its choice will at minimum
> "spur a conversation about these fundamental values ... to focus a
> debate that may ultimately be resolved elsewhere" (e.g., the
> legislature).
>
> All this begins to seem far afield from the law of cyberspace, but
> Lessig's larger point is that the changes wrought by the Internet and
> related technologies are likely to raise significant "latent
> ambiguity" problems. He focuses on three areas in which technologies
> raise important questions about values but for which a passive or
> overliteral "translation" approach would not be sufficient.  Those
> areas are intellectual property, privacy, and freedom of speech. In
> each case, the problem Lessig sees is one that is based on "private
> substitutes for public law"-private, non-governmental decisionmaking
> that undercuts the values the Constitution and Bill of Rights were
> meant to preserve.
>
> With intellectual property, and with copyright in particular,
> technological changes raises new problems that the nuanced
> established legal balances built into the law don't address. Lessig
> challenges the longstanding assertion (in Internet circles, at least)
> that the very edifice of copyright law is likely to crumble in the
> era of the Internet, which enables millions of perfect copies of a
> creative work to be duplicated and disseminated for free, regardless
> of whether the copyright holder has granted anyone a license. In
> response to that perceived threat, Lessig observes, the copyright
> holders have moved to force changes in technology and changes in the
> law.
>
> As a result, technologically implemented copyright-protection and
> copyright-management schemes are coming online, and the government
> has already taken steps to prohibit the circumvention of such
> schemes. This has created a landscape in which the traditional
> exercise of one's rights to "fair use" of another's work under the
> Copyright Act may become meaningless. The fact that one technically
> has a right to engage in fair use is of no help when one can't engage
> in any unauthorized copying. Complicating this development, Lessig
> believes, is the oncoming implementation of an ID infrastructure on
> the Internet, which may make it impossible for individuals to engage
> in anonymous reading.
>
> This bears some explaining. Consider that if you buy a book in a
> bookstore with cash, or if you read it in the library, nobody knows
> what you're buying and reading.  By contrast, a code-based licensing
> scheme in which you identify yourself online in order to obtain or
> view a copy of a copyrighted work may undercut your anonymity,
> especially if there's an Internet I.D. Infrastructure already in
> place.) That the technology changes are "private" ones-they don't
> involve anything we'd call "state action" and thus do not raise what
> we normally would call a constitutional problem-but they affect
> public values just as deeply as traditional constitutional problems
> do.
>
> A similar argument can be made about how the Internet alters our
> privacy rights and expectations.  Because the Internet both makes our
> backgrounds more "searchable" and our current behavior more
> monitorable, Lessig reasons, the privacy protections in our Bill of
> Rights may become meaningless. Once again, when the searching and
> monitoring is done by someone other than the government, it means
> that the "state action" trigger for invoking the Bill of Rights is
> wholly absent. What's more, such searching and monitoring, whether
> done by the government or otherwise, may be invisible to the person
> being investigated. You'll have lost your right to any meaningful
> privacy and you won't even know it's gone until it's too late.
> Lessig's analysis of the problem here is convincing, even though his
> proposed solution, a "property regime" for personal data that would
> replace today's "liability regime" is deeply problematic. This is
> partly because it would transmute invasions of privacy into property
> crimes (aren't the jails full enough without adding gossips to the
> inmates?) and partly because the distinction he draws between
> property regimes and liability regimes as to which benefits the
> individual more is (in my view) illusory in practical terms.
>
> Perhaps Lessig's most controversial position with regard to the
> threat of private action to public values is the one he's explored
> previously in a number of articles for law reviews and popular
> publications-the argument that some version of the Communications
> Decency Act (perhaps one that required minors to identify themselves
> as such so as to be blocked from certain kinds of content) is less
> dangerous to freedom of speech than is the private use of
> technologies that filter content.  It's important to understand that
> Lessig is not actually calling for a new CDA here, although that
> nuance might escape some legislators.
>
> Lessig interprets such a version of the CDA (and the architecture
> that might be created by it) as a kind of "zoning," which he sees as
> preferable to private, non-legislated filtering because, he says,
> zoning "builds into itself a system for its limitation. A site cannot
> block someone from the site without that individual knowing it." By
> contrast, he says, a filtering regime such as (now widely regarded as
> moribund) Platform for Internet Content Selection enables all sorts
> of censorship schemes, not just nominally child-protecting ones.
> PICS, because it can scale to function at the server or even network
> level, can be used by a government to block, say, troubling political
> content. And because PICS support can be integrated into the
> architecture of the Internet, it could be used to create compelling
> private incentives for people to label their Internet content. Worse,
> he says, such blocking would (he says) be invisible to individuals.
>
> There are many problems with Lessig's analysis here, and while it
> would take more space than I have here to discuss them in depth, I
> can at least indicate what some of the problems are. First of all,
> it's not at all clear that one couldn't create a "zoning" solution
> that kept the zoning-excluded users from knowing (directly at least)
> that they've been excluded. Second, if a zoning scheme works to
> exclude users identified as kids, is there any reason to think it
> wouldn't work equally well in excluding users identified as Iranians
> or Japanese or Americans? (Don't forget that incipient I.D.
> architecture, after all.)
>
> Third, a PICS-like scheme, implemented at the server level or higher,
> is actually less threatening to freedom of speech than key-word or
> other content filtering at the server level or higher. PICS, in order
> to function, requires that some high percentage of the content
> producers in the world buy into the self-labelling scheme before a
> repressive government could use it to block its citizens from
> disapproved content. Brute-force key-word filtering, by contrast,
> doesn't require anyone else's cooperation-a repressive government
> could choose its own PICS-independent criteria and implement them at
> the server level or elsewhere.
>
> Fourth, there's nothing inherent in the architecture of a PICS-style
> scheme (in the unlikely event that such a scheme were implemented) or
> any other server-level filtering scheme that requires that users not
> be notified that blocking took place. In short, you could design that
> architecture so that its operation is visible.
>
> Lessig is right to oppose the implementation of anything that might
> be called an architecture of filtering. But one wonders why he is so
> intent on saying that zoning is better than filtering when both
> models can operate as tools of repression. Lessig answers that
> question by letting us know what his real worry is, which is that
> individuals with filtering tools will block out those who need to be
> heard. Says Lessig: "[F]rom the standpoint of society, it would be
> terrible if citizens could simply tune out problems that were not
> theirs.... We must confront the problems of others and think about
> problems that affect our society. This exposure makes us better
> citizens." His concern is that we'll use filtering tools to bar us
> from that salutary exposure.
>
> Leaving aside the question of whether his value here is one we should
> embrace (it's hard to harmonize it with what Brandeis in his Olmstead
> dissent termed "the right to be let alone"), it seems worth noting
> that the Internet does not really stand as evidence to Lessig's
> assumption that people will use their new tools to avoid
> confrontation with those holding different opinions. Indeed, much of
> the evidence seems to point the other way, as anyone who's ever
> viewed a long-running Internet flame war or inspected dueling Web
> sites can attest. Nothing forces combatants on the Internet to stay
> engaged, but they do anyway. The fact is, we like to argue with each
> other-as Deborah Tannen has pointed out, we have embraced an
> "argument culture." (Whether that culture is healthy is another
> question, of course.)
>
> But even if one disagrees with Lessig's analysis of certain
> particular issues, this doesn't detract from his main argument, which
> is that private decisionmaking, enhanced by new technologies and
> implemented as part of the "architecture" of the Internet, may
> undercut the democratic values (freedom of speech, privacy, autonomy,
> access to information) at the core of our society. Implicit in his
> argument is that the traditional focus of civil-libertarians, which
> is to challenge government interventions in speech and privacy
> arenas, may be counterproductive in this new context. If I read him
> right, Lessig is calling for a new constitutional philosophy, one
> rooted perhaps in Mill's essay "On Liberty," in which government can
> function as a positive public tool to preserve from private
> encroachments the liberty values we articulated in the Constitution
> in terms of constraints on government. Such a philosophy would
> require a very imaginative "translation" of constitutional values
> indeed to get past the objection that the Bill of Rights is only
> about limiting "state action."
>
> What CODE is really about is the need for political liberals to put a
> positive face on the role of government without embracing statism or
> seeming to.  Although this is clearly Lessig's project, he's
> pessimistic about its success-in the public debate about Internet
> policy, he complains, the libertarians have essentially won the
> field. What he'd like to see, perhaps, is a constitutional structure
> in which something like the Bill of Rights could be invoked against
> challenges to personal liberty or autonomy, regardless of whether the
> challenges come from public or private sources. The ideology of
> libertarianism, he believes, will interpret the changes wrought by
> e-commerce and other private action as a given, like the weather. "We
> will watch as important aspects of privacy and free speech are erased
> by the emerging architecture of the panopticon, and we will speak,
> like modern Jeffersons, about nature making it so-forgetting that
> here, we are nature," he writes in a somewhat forlorn final chapter.
> Lessig may be right in his gloomy predictions, but let's suppose his
> worst fears are not realized, and a new debate begins about the
> proper role of government in cyberspace and about appropriate
> limitations on private crafting of the online architecture. At least
> some of the thanks for that development will have to go to Lessig's
> CODE.
>
> ----------------------------------------------------------------------------
> "I speak the password primeval .... I give the sign of democracy ...."
>             --Walt Whitman
> Mike Godwin can be reached by phone at 202-721-8432.
> His book, CYBER RIGHTS, can be ordered at
>         http://www.panix.com/~mnemonic .
> ----------------------------------------------------------------------------
>
>
> ----------------------------------------------------------------------------
> "I speak the password primeval .... I give the sign of democracy ...."
>             --Walt Whitman
> Mike Godwin can be reached by phone at 202-721-8432.
> His book, CYBER RIGHTS, can be ordered at
>         http://www.panix.com/~mnemonic .
> ----------------------------------------------------------------------------