Code and Other Laws of Cyberspace

Lessig leads us through the new controversies in intellectual property, privacy, free speech, and national sovereignty. What about a computer worm that can search every American's PC for top-secret NSA documents? It sounds obviously unconstitutional, but the worm code can't read your letters, bust down your door, scare you, or arrest anyone innocent. If you're not guilty, you won't even know you were searched. The coded architecture of the Net also enforces certain freedoms: via the Net, we have now globally exported a more extreme form of free speech than the First Amendment encodes in old-fashioned law. The once-important Pentagon Papers case would be meaningless today: instead of fighting to publish secret government documents, The New York Times could simply leak them to a USENET newsgroup. The Constitution is rife with ambiguities the framers couldn't have imagined, and virtual communities such as AOL and LamdaMOO are organizing themselves in ways governed largely by code--strikingly different ones.

We've got tough choices ahead. Do we want to protect intellectual property or privacy? How do we keep cyberporn from kids--by brain-dead decency laws, censoring filters, or code that identifies kid users? (Lessig advocates code.) Lessig demonstrates that legal structures are too slow and politics-averse to regulate cyberspace. "Courts are disabled, legislatures pathetic, and code untouchable." Code writers are the unacknowledged legislators of the new world, backed by the law and commerce. Lessig thinks citizens must recognize the need to be the architects of their own fate, or they'll find themselves coded into a world they never made. --Tim Appelo

Customer Reviews:

Review #1: Important ideas on the future in a wired world
2005-11-16
As it is, I spend a lot of time thinking about systems and issues like architectures, law, policy, and even individual expectations. My 2001 book Developing Trust looked at how we can deal with the policy and technology issues that make our infrastructure trustworthy. Though I dealt with the Internet and Web specifically and showed specific examples of actual failures, some readers have suggested that the discussion was somewhat theoretical, or at the very least, blazing the way for practice instead of reflecting it. My recently-published Brute Force is very different, dealing specifically with the issue of Internet cryptography.

Looking at the fall of the data encryption standard through the lens offered by Lessig's Code is instructive. Consider the state of the world in 1997, when RSA launched its DES Challenge.

As a matter of policy, the U.S. Government promoted a cryptographic standard that would be secure against exhaustive key-search attacks for a relatively short period of time. As a matter of law (in the form of regulation), the Government also limited the strength of the systems that could be exported outside of the United States. As a matter of architecture, the Internet is open and easy to access, in many cases using topologies that will allow anyone in the middle to observe traffic being routed from one system to another. As a matter of expectation, individual Internet users considered their online purchases secured, such that attackers would not be able to intercept and illicitly to use their credit card numbers. As another matter of expectation, many in Congress imagined that even the limited strength of the systems allowed by Government policy were "secure enough."

The DESCHALL Project (and RSA's 1997 DES Challenge that it answered) used architecture to change expectations of both lawmakers and citizens. When it succeeded, law (in this case, the regulation) changed to allow a much freer use and export of cryptographic products. Policy followed, with the Advanced Encryption Standard (AES) being adopted.

After talking recently with Peter Swire, Esther Dyson, and John Gilmore in Seattle earlier this year at CFP 2005 (with "Panopticon" as its theme), I was reminded of Lessig's Code, in which he argued that it is wrong to imagine as some have that the Internet is inherently impossible to regulate, that it can never be restricted the way that the real world has been.

When I returned from Seattle, I re-read some critical parts of Lessig's book. One part that struck me was its central theme, that four primary forces regulate: law, market, norms, and code.

Limited scope helped to made DESCHALL successful. We didn't seek (directly) to change the law or government policy. The project didn't overreach, attempting to use traditional mechanisms of marketing to affect the expectations (or, in Lessig's words, norms) of individual users. Nor did it preach to the proverbial choir, either in the form of those interested in public policy (law) or those trying to bring their products to international customers who demanded them (market). We were attempting to address an area of architecture (code) that created a vulnerability in the form of an attacker's ability to intercept traffic. While many expected that the issue was addressed through "good enough" cryptography, we used the one tool of our focus (code) to demonstrate that it was out of sync with the demands of the market and the needs to enforce the norms of society.

In the six years since Lessig's book was released, things have changed. Some of the less dramatic changes have come in the form of architecture, the code that implements the global computation and communication infrastructure. Mobile phones and PDAs now have greater utility as gateways to the network and these devices have more tracking capability than in 1999, both in the form of a GPS device to determine the unit's position and in the form of wireless personal area networks such as Bluetooth that have side-effects that can be invasive of privacy.

Norms have not changed significantly; as these deal with the attitudes and expectations of people, norms are always slow to evolve. The market has not changed dramatically for the most part. While a whole dot-com boom and bust took place, the simple fact is that companies that offered good services enabled by the Internet succeeded (eBay and Amazon spring to mind), while those that were using the Internet for its own sake failed-the demand for online haircuts and shoeshines never materialized.

The law is one area where there has been more dramatic change, as local, state, and federal lawmakers strive to update their codes to reflect the world's heavy dependence upon Claude Shannon's binary units. Many laws designed to protect consumers and their digital identities have been passed and now organizations that handle personal information are subjected to civil and criminal penalties for failure to adhere to some norms for protecting information.

Further changes have been ushered in by lawmakers' attempts to show their constituents that they care about the citizenry of this country and are doing all they can to protect them from the threat of terrorist attack. Congress is now debating extension of the Patriot Act and adoption of its successor, Patriot II. In Code, Lessig worries about the impact of law on cyberspace, in particular how regulation will cause infrastructures to be built with new provisions that allow the Government to achive its objective to control its citizenry without being accountable as in a transparent legal system. Given the reaction to the Patriot Act-in particular its provision to search library and bookstore records without a warrant-it would seem that Lessig's concerns have been understood and adopted by a significant number of people working in the area of public policy.

Much of the public debate over digital rights has been in the form of negative reaction to proposed restrictions on personal liberty, privacy, and other rights. Someone proposes that the Patriot Act stay on the books rather then expire (as the Act itself called for as passed in 2001) and people react in the negative. Someone proposes national identification cards for each U.S. citizen and people react in the negative. A cartel proposes a combination of technical and legal standards to limit how consumers can use their products and people react in the negative.

In Code, Lessig argues that society must decide what rights it wants to guarantee, what sort of a society cyberspace is to be, from which implementation in code will follow, shaping both the architecture of the markets and the norms of cyberspace. Despite the passage of six years and the huge number of genuinely bad ideas that have been floated, we have very few good ideas proposed to stave off the flow or influence of the bad. There is very little guidance to show how the Bill of Rights applies in cyberspace. Worse, there is apparently no mechanism by which the government cannot hire private industry to do the work that it, by virtue of the U.S. Constitution, would be forbidden from undertaking. There has been a lot of talking, but remarkably little action, and I suspect that will remain true until there is a clear and concise assertion of what privileges and rights are to be built into cyberspace. As Lessig concludes, if our society fails to take advantage of the opportunity that is now present, liberty will find herself on the losing end of a revolution and it'll be over before any critical mass notices.

Review #2: Regardless of its style and structure, this is a IMPORTANT book.
2005-06-26
Lawrence Lessig is not a writer, he is a lawyer. Don't expect his book to be easy nor entertaining. However, it is the more insightful writing of its time on the subject of mass media communication and control. For me the strong points are:
1, the Internet has no nature and if you think that it is a place of total freedom, this book will should you how wrong you are.
2, as a counter effect of point 1, the Internet might well become (if not yet) the most powerful element of control on mass population, leaving television and radio their its poor alpha version.
3, Dr Lessig considers the code used to create the Internet as being the laws of cyberspace, showing us the important distinction between between them: code is not something you can oppose to. It is simply a power you are inclined to accept, or put it differently there are *invisible* rules you are *dictated* to follow. That is the theme of the book.
I recommend this book for my Digital Media and New Media students and anyone using the Internet regurlarly and interested in its politics.

Review #3: Good overview for outsiders - common sense for many
2004-11-20
The premise of Code is that the architecture of the internet and not any one country's laws controls what one can do on it. One clear evidence of architecture controlling our lives is our dependence on cars. Most American cities grew large after the car had become common. Hence they have limited transportation. Hence one is expected to own a car to live a normal life. Similarly the architecture of the internet will make certain activities much easier than others. The difference is the internet is currently being formed and we can choose what we want it to be if we act now (or in 1999 anyway).

Lessig identifies four factors that influence what any individual can and will do on or offline: law, architecture (physics in the real world), social norms, market forces (since corporations have so much control over what gets done). This way of looking at things combined with the cute little diagrams may clarify things you already know about the internet. There is also much discussion threaded through the book of legal issues in the past that may prove applicable to cyberspace now.

Basically I tried to read this, but found it a bit dumbed down. I skimmed it and it was good for me to look closer at some of the relationships in play on the development of the internet, or maybe to solidify things in my head. However it didn't tell me much and Lessig keeps repeating himself blah blah blah and then going into rapturous praise of open source code and newsgroups and other old hat thing on the internet. (I realize that this was published in 1999 but I don't feel that it would have been new info for me then either.)

If you are the sort of person who has read the Jargon File, then you are unlikely to get much out of Code (except if you are interested in legal history about privacy, IP etc - but then again the premise of the book is that architecture more than law influences what can and can't be done online). However, for an outsider interested in learning about the subcultures that exist online and more about the sociology type aspects of computing this would be a useful introduction.

Review #4: Great book on Cyberspace and a must read for people in the t
2004-06-07
This is another great book that discusses what is going on in cyberspace today (or 1999 when it was written) first by defining cyberspace as a place where we can create personalities and have the ability to speak like we would never do in the real world. The book then goes on to discuss how the internet is regulated or not regulated and what the internet can and should become.

The book starts out by discussing multiple forms of regulation and just because technology makes it easier to monitor or regulate does not mean that it is right or legal. The book also discusses what things should be regulated and how and who should regulate it. The next chapters go into Free Speech, Intellectual Property, Privacy and other freedoms we have and should fight to protect. The book talks about Open Source vrs Closed Source software and how regulation can and is added to each. One of the solutions of the book is to offer transparent regulation that allows user to know what is regulated. This is possible and is happening now in Open Source software but is not happening in closed source software. This is an excellent book that should help call us to action that will help provide the right kind of regulation while ensuring our freedoms or not reduced. This is a great book and I would recommend it..

Review #5: Beautiful Style
2003-02-25
I am impressed with the ease of reading of this book. Also Lessig repeats himself constantly. It is very easy to get at what he is saying. Mind you this a law course text book and the laws are American which are only obliquely useful to us Canadians.