IP: Godwin review of Lessig's CODE

[Dave Farber <farber@cis.upenn.edu>]

>Date: Tue, 14 Dec 1999 12:33:15 -0500
>To: farber@cis.upenn.edu
>From: Mike Godwin <mnemonic@well.com>
>
>
>Dave, here's my take on Lessig's book.
>
>
>--Mike
>
>
>
>Lessig's CODE puts cyberspace at center of new constitutional debate.
>Review of CODE AND OTHER LAWS OF CYBERSPACE (Basic Books, 1999)
>By Mike Godwin
>For E-Commerce Law Weekly
>
>Imagine that you could somehow assemble the pioneers of the Internet
>and the first political theorists of cyberspace in a room and poll
>them as to what beliefs they have in common. Although there'd be lots
>of heated discussion and no unanimity on any single belief, you might
>find a majority could get behind something like the following four
>premises.
>
>1) The Internet does not lend itself to regulation by governments.
>
>2) The proper way to guarantee liberty is to limit the role of
>government and to prevent government from acting foolishly with
>regard to the Internet.
>
>3) The structure of the Internet-the "architecture" of cyberspace, if
>you will-is politically neutral and cannot easily be manipulated by
>government or special interests.
>
>4) The expansion of e-commerce and the movement of much of our public
>discourse to the online world will increase our freedom both as
>citizens and as consumers.
>
>But what if each of these premises is at best incomplete and at worse
>false or misleading? (Leave aside the likelihood that they're not
>entirely consistent with one another.) What if the architecture of
>the Net can be changed by government and the dynamism of e-commerce?
>What if the very developments that enhance electronic commerce also
>undermine political freedom and privacy? The result might be that
>engineers and activists who are concerned about preserving democratic
>values in cyberspace were focusing their efforts in the wrong
>direction. By viewing governmental power as the primary threat to
>liberty, autonomy, and dignity, they'd blind themselves to the real
>threats-threats that it may require government to block or remedy.
>
>It is precisely this situation in which Harvard law professor
>Lawrence Lessig believes we find ourselves. In his new book CODE AND
>OTHER LAWS OF CYBERSPACE (Basic Books, 1999), Lessig explores at
>length his thesis that the existing accounts of the political and
>legal framework of cyberspace are incomplete, and that their very
>incompleteness may prevent us from preserving the aspects of the
>Internet we value most. CODE is a direct assault on the libertarian
>perspective that informs much Internet policy debate these days.
>What's more, Lessig knows that he's swimming against the tide here,
>but he nevertheless takes on in CODE a project that, although focused
>on cyberspace, amounts to nothing less than the relegitimization of
>the liberal (in the American sense) philosophy of government.
>
>It is a measure of Lessig's thoroughness and commitment to this
>project that he mostly succeeds in reopening the debate about the
>proper role of government with regard to the Net -- this in an era in
>which, with the exception of a few carveouts like Internet gambling
>and cybersquatting, Congress and the White House have largely thrown
>up their hands when it comes to Internet policy. While this
>do-nothingism is arguably an improvement over the kind of panicky,
>ill-informed interventionism of 1996's Communications Decency Act
>(which Lessig terms "[a] law of extraordinary stupidity" that
>"practically impaled itself on the First Amendment), it also falls
>far short, he says, of preserving fundamental civil values in a
>landscape reshaped by technological change.
>
>The Architecture Is Not Static
>
>To follow Lessig's reasoning in CODE you need to follow his
>terminology. This is not always easy to do, since the language by
>which he describes the Internet as it is today and as it might
>someday become is deeply metaphorical. Perhaps the least problematic
>of his terms is "architecture," which Lessig borrows from Mitchell
>Kapor's Internet aphorism that "architecture is politics." Although
>his use of the term is a little slippery, Lessig mostly means for us
>to understand the term "architecture" to refer to both (a) the
>underlying software and protocols on which the Internet is based and
>(b) the kinds of applications that may run "on top of that Internet
>software infrastructure. And while the first kind of architecture is
>not by itself easily regulable, Lessig says, the second kind might
>make it so-for example by incorporating the various monitoring and
>identification functions that already exist on proprietary systems
>and corporate intranets.
>
>More difficult to get a handle on is his use of the word "code,"
>which seems to expand and contract from chapter to chapter. At some
>bedrock level, Lessig means "code" to signify the hardware and software
>that makes up the Internet environment (akin to the sense of "code" that
>programmers use). But he's also fond of metaphoric uses of "code"
>that muddy the waters. "Code is law," Lessig writes at several
>points, by which we may take him to mean that the Internet's software
>constrains and shapes our behavior with as much force as law does.
>(And of course the book's title equates code and law.)
>
>Elsewhere, however, he writes that code is something qualitatively
>different from law in that it does not derive from legislative or
>juridical action or community norms, yet may affect us more than laws
>or norms do, while providing us less opportunity for amendment or
>democratic feedback. It doesn't help matters when he refers to things
>like bicycle locks as "real-world code." But if you can suspend your
>lexical disbelief for a while, the thrust of Lessig's argument
>survives any superficial confusions wrought by his terminology.
>
>That argument depends heavily on the first point Lessig makes about
>Internet architecture, which is simply that it's malleable-shapeable
>by human beings who may wish to implement an agenda. The initial
>architecture of the Internet, he says correctly, emphasized openness
>and flexibility but provided little support for identifying or
>authenticating actual individuals or monitoring them or gathering
>data about them. "On the Internet it is both easy to hide that you
>are a dog and hard to prove that you are not," Lessig writes. But
>this is a version of the Internet, he says, that is already being
>reshaped by e-commerce, which has reasons for wanting to identify
>buyers, share financial data about them, and authenticate the
>participants in transactions. At the center of e-commerce-wrought
>changes is the technology of encryption, which, while it has the
>ability to render communications and transactions secret in transit,
>also enables an architecture of identification (through, e.g.,
>encryption-based certification of identity and digital signatures).
>The key to the creation of such an architecture, Lessig writes, is
>not that a government will require people to hold and use certified
>Ids.  Instead, he writes, "The key is incentives: systems that build
>the incentives for individuals voluntarily to hold IDs." Adds Lessig:
>"When architectures accommodate users who come with an ID installed
>and make life difficult for users who refuse to bear an ID,
>certification will spread quickly."
>
>But even if you don't believe that e-commerce alone will establish an
>architecture of identification, he writes, there are reasons to
>believe that government will want to help such an architecture along.
>After all, a technology that enables e-commerce merchants to identify
>you and authorize your transactions may also have an important
>secondary usefulness to a government that wants to know where you've
>been and what you've been up to on the Internet.
>
>And if the government wants to change the technological architecture
>of the Internet, there's no reason to believe it wouldn't succeed, at
>least to some extent. After all, Lessig says, the government is
>already involved in mandating changes in existing architectures in
>order to effectuate policy. Among the examples of this kind of
>architectural intervention, he says, are (a) the Communications
>Assistance to Law Enforcement Act of 1994, in which Congress
>compelled telephone companies to make their infrastructure more
>conducive to successful wiretaps, (b) Congress's requiring the
>manufacturers of digital recording devices to incorporate
>technologies that limit the extent to which perfect copies can be
>made, and (c) the requirement in the Telecommunications Act of 1996
>that the television industry design and manufacture a V-chip to
>facilitate individuals' ability to automatically block certain kinds
>of televised content.
>
>With an identification architecture in place, Lessig argues, what
>previously might seem to be an intractable Internet-regulation
>problem, like the prohibition of Internet gambling, might become
>quite manageable.
>
>The Government and Code
>
>An account of social activity on the Internet that deals solely with
>the legal framework is inadequate, Lessig argues.  In Lessig's view,
>the actual "regulators" of social behavior come from four sources,
>each of which has its own dynamic. Those sources of social
>constraints are: the market, the law, social norms, and architecture
>(here "architecture" means "the constructed environment in which
>human beings conduct their activities).  "But these separate
>constraints obviously don't simply exist as givens in a social life,"
>Lessig writes. "They are neither found in nature nor fixed by God,"
>he writes, adding that each constraint "can be changed, although the
>mechanism of changing each is complex." The legal system, he says,
>"can have a significant role in this mechanics."
>
>So can the open-source movement, which Lessig refers to as "open
>code." The problem with "architectural" constraints, and the thing
>that distinguishes them from any other kind, is that they don't
>depend on human awareness or judgment to function.  You may choose
>whether or not to obey a law or a social norm, for example, and you
>may choose whether or not to buy or sell something in the market, but
>(to use the metaphor) you can't enter a building through a door if
>there's no door there, and you can't open a window if there's no
>window. Open code-software that is part of a code "commons," that is
>not owned by any individual or business, and that can be inspected
>and modified-can provide a "a check on state power," Lessig writes,
>insofar as it makes any government-mandated component of the
>architecture of the Net both visible to, and (potentially) alterable
>by, citizens. Open code, which still makes up a large part of the
>Internet infrastructure, is thus a way of making architecture
>accountable and subject to democratic feedback, he argues. "I
>certainly believe that government must be constrained, and I endorse
>the constraints that open code imposes, but it is not my objective to
>disable government generally," Lessig writes. But, he adds, "some
>values can be achieved only if government intervenes."
>
>A Jurisprudence of Cyberspace?
>
>One way that government intervenes, of course, is through the court
>system. And as Lessig notes, it may be the courts that are first
>called upon to interpret and preserve our social values when
>technology shifts the effective balance of rights for individuals.  A
>court faced with such a shift often must engage in "translation" of
>longstanding individual rights into a new context, he says. Take
>wiretapping, for example. Once upon a time, it was not so easy for
>law-enforcement agents to get access to private conversations. But
>once telephones had become commonplace and (as Lessig puts it) "life
>had just begun to move onto the wires," the government began to tap
>phones in order to gather evidence in criminal investigations. Does
>wiretapping raise Fourth Amendment concerns? The Supreme Court first
>answered this question in Olmstead v. United States (1928) -- the
>answer for the majority was that wiretapping (at least when the tap
>was placed somewhere other than on a tappee's property) did not raise
>Fourth Amendment issues since the precise language of the Fourth
>Amendment does not address the nontrespassory overhearing of
>conversations. That's one mode of translation, Lessig writes-the
>court preserved the precise language of the Fourth Amendment in a way
>that contracted the scope of the zone of privacy protected by the
>Fourth Amendment.
>
>But that's only one way to translate constitutional values, Lessig
>argues. Another, and arguably preferable approache, he says, would be
>to follow Justice Louis Brandeis's approach in his dissent in
>Olmstead-an approach that preserves the scope of the privacy zone
>while departing from a strict adherence to the literal language of
>the Amendment. (Brandeis's dissent, arguing that the capture of
>private conversations does implicate the Fourth Amendment, was
>adopted by the Supreme Court forty years after Olmstead.)
>
>But what if technology raises a question for a court for which it's
>not clear which interpretative choice comes closer to preserving or
>"translating" the values inherent in the Bill of Rights? Borrowing
>from contract law, Lessig calls such a circumstance a "latent
>ambiguity." He further suggests (this is perhaps the most
>unfashionable of his arguments) that, instead of simply refusing to
>act and referring the policy question to the legislature, courts
>might simply attempt to make the best choice at preserving
>constitutional values in the hope that its choice will at minimum
>"spur a conversation about these fundamental values ... to focus a
>debate that may ultimately be resolved elsewhere" (e.g., the
>legislature).
>
>All this begins to seem far afield from the law of cyberspace, but
>Lessig's larger point is that the changes wrought by the Internet and
>related technologies are likely to raise significant "latent
>ambiguity" problems. He focuses on three areas in which technologies
>raise important questions about values but for which a passive or
>overliteral "translation" approach would not be sufficient.  Those
>areas are intellectual property, privacy, and freedom of speech. In
>each case, the problem Lessig sees is one that is based on "private
>substitutes for public law"-private, non-governmental decisionmaking
>that undercuts the values the Constitution and Bill of Rights were
>meant to preserve.
>
>With intellectual property, and with copyright in particular,
>technological changes raises new problems that the nuanced
>established legal balances built into the law don't address. Lessig
>challenges the longstanding assertion (in Internet circles, at least)
>that the very edifice of copyright law is likely to crumble in the
>era of the Internet, which enables millions of perfect copies of a
>creative work to be duplicated and disseminated for free, regardless
>of whether the copyright holder has granted anyone a license. In
>response to that perceived threat, Lessig observes, the copyright
>holders have moved to force changes in technology and changes in the
>law.
>
>As a result, technologically implemented copyright-protection and
>copyright-management schemes are coming online, and the government
>has already taken steps to prohibit the circumvention of such
>schemes. This has created a landscape in which the traditional
>exercise of one's rights to "fair use" of another's work under the
>Copyright Act may become meaningless. The fact that one technically
>has a right to engage in fair use is of no help when one can't engage
>in any unauthorized copying. Complicating this development, Lessig
>believes, is the oncoming implementation of an ID infrastructure on
>the Internet, which may make it impossible for individuals to engage
>in anonymous reading.
>
>This bears some explaining. Consider that if you buy a book in a
>bookstore with cash, or if you read it in the library, nobody knows
>what you're buying and reading.  By contrast, a code-based licensing
>scheme in which you identify yourself online in order to obtain or
>view a copy of a copyrighted work may undercut your anonymity,
>especially if there's an Internet I.D. Infrastructure already in
>place.) That the technology changes are "private" ones-they don't
>involve anything we'd call "state action" and thus do not raise what
>we normally would call a constitutional problem-but they affect
>public values just as deeply as traditional constitutional problems
>do.
>
>A similar argument can be made about how the Internet alters our
>privacy rights and expectations.  Because the Internet both makes our
>backgrounds more "searchable" and our current behavior more
>monitorable, Lessig reasons, the privacy protections in our Bill of
>Rights may become meaningless. Once again, when the searching and
>monitoring is done by someone other than the government, it means
>that the "state action" trigger for invoking the Bill of Rights is
>wholly absent. What's more, such searching and monitoring, whether
>done by the government or otherwise, may be invisible to the person
>being investigated. You'll have lost your right to any meaningful
>privacy and you won't even know it's gone until it's too late.
>Lessig's analysis of the problem here is convincing, even though his
>proposed solution, a "property regime" for personal data that would
>replace today's "liability regime" is deeply problematic. This is
>partly because it would transmute invasions of privacy into property
>crimes (aren't the jails full enough without adding gossips to the
>inmates?) and partly because the distinction he draws between
>property regimes and liability regimes as to which benefits the
>individual more is (in my view) illusory in practical terms.
>
>Perhaps Lessig's most controversial position with regard to the
>threat of private action to public values is the one he's explored
>previously in a number of articles for law reviews and popular
>publications-the argument that some version of the Communications
>Decency Act (perhaps one that required minors to identify themselves
>as such so as to be blocked from certain kinds of content) is less
>dangerous to freedom of speech than is the private use of
>technologies that filter content.  It's important to understand that
>Lessig is not actually calling for a new CDA here, although that
>nuance might escape some legislators.
>
>Lessig interprets such a version of the CDA (and the architecture
>that might be created by it) as a kind of "zoning," which he sees as
>preferable to private, non-legislated filtering because, he says,
>zoning "builds into itself a system for its limitation. A site cannot
>block someone from the site without that individual knowing it." By
>contrast, he says, a filtering regime such as (now widely regarded as
>moribund) Platform for Internet Content Selection enables all sorts
>of censorship schemes, not just nominally child-protecting ones.
>PICS, because it can scale to function at the server or even network
>level, can be used by a government to block, say, troubling political
>content. And because PICS support can be integrated into the
>architecture of the Internet, it could be used to create compelling
>private incentives for people to label their Internet content. Worse,
>he says, such blocking would (he says) be invisible to individuals.
>
>There are many problems with Lessig's analysis here, and while it
>would take more space than I have here to discuss them in depth, I
>can at least indicate what some of the problems are. First of all,
>it's not at all clear that one couldn't create a "zoning" solution
>that kept the zoning-excluded users from knowing (directly at least)
>that they've been excluded. Second, if a zoning scheme works to
>exclude users identified as kids, is there any reason to think it
>wouldn't work equally well in excluding users identified as Iranians
>or Japanese or Americans? (Don't forget that incipient I.D.
>architecture, after all.)
>
>Third, a PICS-like scheme, implemented at the server level or higher,
>is actually less threatening to freedom of speech than key-word or
>other content filtering at the server level or higher. PICS, in order
>to function, requires that some high percentage of the content
>producers in the world buy into the self-labelling scheme before a
>repressive government could use it to block its citizens from
>disapproved content. Brute-force key-word filtering, by contrast,
>doesn't require anyone else's cooperation-a repressive government
>could choose its own PICS-independent criteria and implement them at
>the server level or elsewhere.
>
>Fourth, there's nothing inherent in the architecture of a PICS-style
>scheme (in the unlikely event that such a scheme were implemented) or
>any other server-level filtering scheme that requires that users not
>be notified that blocking took place. In short, you could design that
>architecture so that its operation is visible.
>
>Lessig is right to oppose the implementation of anything that might
>be called an architecture of filtering. But one wonders why he is so
>intent on saying that zoning is better than filtering when both
>models can operate as tools of repression. Lessig answers that
>question by letting us know what his real worry is, which is that
>individuals with filtering tools will block out those who need to be
>heard. Says Lessig: "[F]rom the standpoint of society, it would be
>terrible if citizens could simply tune out problems that were not
>theirs.... We must confront the problems of others and think about
>problems that affect our society. This exposure makes us better
>citizens." His concern is that we'll use filtering tools to bar us
>from that salutary exposure.
>
>Leaving aside the question of whether his value here is one we should
>embrace (it's hard to harmonize it with what Brandeis in his Olmstead
>dissent termed "the right to be let alone"), it seems worth noting
>that the Internet does not really stand as evidence to Lessig's
>assumption that people will use their new tools to avoid
>confrontation with those holding different opinions. Indeed, much of
>the evidence seems to point the other way, as anyone who's ever
>viewed a long-running Internet flame war or inspected dueling Web
>sites can attest. Nothing forces combatants on the Internet to stay
>engaged, but they do anyway. The fact is, we like to argue with each
>other-as Deborah Tannen has pointed out, we have embraced an
>"argument culture." (Whether that culture is healthy is another
>question, of course.)
>
>But even if one disagrees with Lessig's analysis of certain
>particular issues, this doesn't detract from his main argument, which
>is that private decisionmaking, enhanced by new technologies and
>implemented as part of the "architecture" of the Internet, may
>undercut the democratic values (freedom of speech, privacy, autonomy,
>access to information) at the core of our society. Implicit in his
>argument is that the traditional focus of civil-libertarians, which
>is to challenge government interventions in speech and privacy
>arenas, may be counterproductive in this new context. If I read him
>right, Lessig is calling for a new constitutional philosophy, one
>rooted perhaps in Mill's essay "On Liberty," in which government can
>function as a positive public tool to preserve from private
>encroachments the liberty values we articulated in the Constitution
>in terms of constraints on government. Such a philosophy would
>require a very imaginative "translation" of constitutional values
>indeed to get past the objection that the Bill of Rights is only
>about limiting "state action."
>
>What CODE is really about is the need for political liberals to put a
>positive face on the role of government without embracing statism or
>seeming to.  Although this is clearly Lessig's project, he's
>pessimistic about its success-in the public debate about Internet
>policy, he complains, the libertarians have essentially won the
>field. What he'd like to see, perhaps, is a constitutional structure
>in which something like the Bill of Rights could be invoked against
>challenges to personal liberty or autonomy, regardless of whether the
>challenges come from public or private sources. The ideology of
>libertarianism, he believes, will interpret the changes wrought by
>e-commerce and other private action as a given, like the weather. "We
>will watch as important aspects of privacy and free speech are erased
>by the emerging architecture of the panopticon, and we will speak,
>like modern Jeffersons, about nature making it so-forgetting that
>here, we are nature," he writes in a somewhat forlorn final chapter.
>Lessig may be right in his gloomy predictions, but let's suppose his
>worst fears are not realized, and a new debate begins about the
>proper role of government in cyberspace and about appropriate
>limitations on private crafting of the online architecture. At least
>some of the thanks for that development will have to go to Lessig's
>CODE.
>
>----------------------------------------------------------------------------
>"I speak the password primeval .... I give the sign of democracy ...."
>             --Walt Whitman
>Mike Godwin can be reached by phone at 202-721-8432.
>His book, CYBER RIGHTS, can be ordered at
>         http://www.panix.com/~mnemonic .
>----------------------------------------------------------------------------
>
>
>----------------------------------------------------------------------------
>"I speak the password primeval .... I give the sign of democracy ...."
>             --Walt Whitman
>Mike Godwin can be reached by phone at 202-721-8432.
>His book, CYBER RIGHTS, can be ordered at
>         http://www.panix.com/~mnemonic .
>----------------------------------------------------------------------------