Docstoc

An Endnote on Regulating Cyberspace Architecture vs Law

Document Sample
An Endnote on Regulating Cyberspace Architecture vs Law Powered By Docstoc
					   An Endnote on Regulating
Cyberspace: Architecture vs Law
               Author:
               Graham Greenleaf.
               Presented by:
               Oliver Bannatyne,

               28th May 2002
The Context Of The Article.

   The author is a legal academic writing for
    lawyers, policymakers, and technologists.

   The article is a critique of Larry Lessig‟s
    techno-legal philosophy of “Code as Law”.

   “Code As Law” is a theory of Internet
    Governance that tries to answer the questions:
The Issues of Internet Governance

   1.) Why should Cyberspace be regulated?
   2.) By Whom should Cyberspace be
    regulated?
   3.) How should Cyberspace be regulated?

This presentation will mainly focus on the third
  issue, starting with a brief discussion of first
  issue.
Why Regulate Cyberspace

  The why issue becomes:
   Is there a sufficient difference between
   cyberspace and “realspace” so that the former
   should be regulated differently to the latter.
If the answer is yes, should cyberspace be a
 A realm of freedom (lightly regulated), or
 A realm of surveillance (heavily regulated).
Why Regulate Cyberspace?
Realm Of Freedom                 Realm Of Surveillance
 Users are anonymous.           The net pervades
 Information should be           modern life.
  free.                          The privacy of users is
 The Net is decentralised,       being abused.
  and beyond control.
                                 The real/digital persona
 The Net is international.
                                  needs protection.
 Cyberspace is different
  to „realspace‟.                To ensure identity of
                                  users and data.
Code/Architecture As Law:
Regulating Through Architecture

                               Law


               Market                          Norms

                               Code
               Activity being regulated
               Indirection regulation by law
               Direct regulation
   Figure 1 - Regulation as a function of four types of
    constraints (Adapted from G Greenleaf, L Lessig[33])
The Four Constraints On Human
Activity

1.   Norms, Morality and Self Regulation.

2.   Markets.

3.   Code/Architecture.

4.   Law.
Law as a Direct And Indirect
Behavioural Constraint.

Law
Means –
 Directly Regulating individual behavior
   through social compliance/punishment.
“Person X must not activity Y, failure to do activity
   Y causes punishment Z.”
2. Indirectly regulating norms, markets, and the
   code/architechture.
Non-legal Behavioral Constraints
cyberspace
Norms, Morality and Self Regulation.
Means - These regulate by the the fear of social
  embarrassment.
Example
Activity - An Email containing racist/sexist jokes.
Regulator - Email Monitoring.

Greenleaf says: Markets are an ineffective regulator
  because embarassment lessened by geograhic
  distance and unlikelihood of getting caught.
Non-legal Behavioral Constraints
Cyberspace.
Markets
Means – Markets are a form of economic regulation.
Example
Activity – choosing a product.
Regulator – “Network Effects” – A product (e.g. ICQ)
    becomes more valuable to consumers the more users
    it has using it.
Greenleaf says: Markets are another powerful regulator in
    cyberspace.
Code/Architecture As Law:
Regulating Through Architecture

                           Law


            Market                          Norms

                       Architecture
            Activity being regulated
            Indirection regulation by law
            Direct regulation
   Figure 2 - Regulation as a function of four types of
    constraints (Adapted from G Greenleaf, L Lessig)
Non-legal Behavioral Constraints
Cyberspace.

Architecture
In realspace, Architecture is the physical
    constraints of nature, which are normally
    taken for granted since they are non-
    malleable as a constraint.
However, in cyberspace the architecture is
    different.
The Five Features of Architecture
1.   Architecture is More than Software -.
     It includes software, hardware, standards, & human
     biology (biometrics).

2.   Architecture has Immediacy as a Constraint -.
     Changes to the architecture can have direct
     immediate effect. (i.e. Changing an access control
     system block users access instantaneously.)

3.   Most Architecture has High Plasticity -.
     The architecture is easily altered.
The Five Features of Architecture

4.   The legitimacy of architecture depends on
     who controls it
     If architecture/code is law then have the code-writers
         become the new sovereign? (e.g. like a state, king,
         or ruler.)
     Are they are legitimate sovereign?
     In whose interests are they working?

5.   Default settings give regulation by default.
An Example To Illustrate – The
Robot Exclusion Standard.

   Internet search engines use robots
    (webcrawlers) to catalogue websites.

   These robots have the potential to break
    copyright and breach privacy. i.e. robots could
    be unlawful. website owners have “a right not
    to be indexed”.
An Example To Illustrate – The
Robot Exclusion Standard.
   Copyright law could prevent any site being indexed.
    (direct regulation.)

   The Robot Exclusion Protocol (1994) was created to
    allow website owners to control robot access to the
    website (indirect regulation through Architecture).

   The HTML Tag <META NAME=”ROBOTS”
    CONTENT=”NOINDEX, NOFOLLOW”> prevents a
    website from being indexed and explored.
Conclusion & Question?

   The function of many Computer Security mechanisms
    is to control behavior by controlling an individual‟s
    permissions and access.
   As computer security professionals you will often have
    to make decision about what is and isn‟t appropriate in
    the security architecture. As your decisions will impact
    upon the rights and freedoms of individuals.
    Are you ready for this responsibility? How much
    guidance do you think the lawmakers should give?