Learning Center
Plans & pricing Sign in
Sign Out

An Endnote on Regulating Cyberspace Architecture vs Law


									   An Endnote on Regulating
Cyberspace: Architecture vs Law
               Graham Greenleaf.
               Presented by:
               Oliver Bannatyne,

               28th May 2002
The Context Of The Article.

   The author is a legal academic writing for
    lawyers, policymakers, and technologists.

   The article is a critique of Larry Lessig‟s
    techno-legal philosophy of “Code as Law”.

   “Code As Law” is a theory of Internet
    Governance that tries to answer the questions:
The Issues of Internet Governance

   1.) Why should Cyberspace be regulated?
   2.) By Whom should Cyberspace be
   3.) How should Cyberspace be regulated?

This presentation will mainly focus on the third
  issue, starting with a brief discussion of first
Why Regulate Cyberspace

  The why issue becomes:
   Is there a sufficient difference between
   cyberspace and “realspace” so that the former
   should be regulated differently to the latter.
If the answer is yes, should cyberspace be a
 A realm of freedom (lightly regulated), or
 A realm of surveillance (heavily regulated).
Why Regulate Cyberspace?
Realm Of Freedom                 Realm Of Surveillance
 Users are anonymous.           The net pervades
 Information should be           modern life.
  free.                          The privacy of users is
 The Net is decentralised,       being abused.
  and beyond control.
                                 The real/digital persona
 The Net is international.
                                  needs protection.
 Cyberspace is different
  to „realspace‟.                To ensure identity of
                                  users and data.
Code/Architecture As Law:
Regulating Through Architecture


               Market                          Norms

               Activity being regulated
               Indirection regulation by law
               Direct regulation
   Figure 1 - Regulation as a function of four types of
    constraints (Adapted from G Greenleaf, L Lessig[33])
The Four Constraints On Human

1.   Norms, Morality and Self Regulation.

2.   Markets.

3.   Code/Architecture.

4.   Law.
Law as a Direct And Indirect
Behavioural Constraint.

Means –
 Directly Regulating individual behavior
   through social compliance/punishment.
“Person X must not activity Y, failure to do activity
   Y causes punishment Z.”
2. Indirectly regulating norms, markets, and the
Non-legal Behavioral Constraints
Norms, Morality and Self Regulation.
Means - These regulate by the the fear of social
Activity - An Email containing racist/sexist jokes.
Regulator - Email Monitoring.

Greenleaf says: Markets are an ineffective regulator
  because embarassment lessened by geograhic
  distance and unlikelihood of getting caught.
Non-legal Behavioral Constraints
Means – Markets are a form of economic regulation.
Activity – choosing a product.
Regulator – “Network Effects” – A product (e.g. ICQ)
    becomes more valuable to consumers the more users
    it has using it.
Greenleaf says: Markets are another powerful regulator in
Code/Architecture As Law:
Regulating Through Architecture


            Market                          Norms

            Activity being regulated
            Indirection regulation by law
            Direct regulation
   Figure 2 - Regulation as a function of four types of
    constraints (Adapted from G Greenleaf, L Lessig)
Non-legal Behavioral Constraints

In realspace, Architecture is the physical
    constraints of nature, which are normally
    taken for granted since they are non-
    malleable as a constraint.
However, in cyberspace the architecture is
The Five Features of Architecture
1.   Architecture is More than Software -.
     It includes software, hardware, standards, & human
     biology (biometrics).

2.   Architecture has Immediacy as a Constraint -.
     Changes to the architecture can have direct
     immediate effect. (i.e. Changing an access control
     system block users access instantaneously.)

3.   Most Architecture has High Plasticity -.
     The architecture is easily altered.
The Five Features of Architecture

4.   The legitimacy of architecture depends on
     who controls it
     If architecture/code is law then have the code-writers
         become the new sovereign? (e.g. like a state, king,
         or ruler.)
     Are they are legitimate sovereign?
     In whose interests are they working?

5.   Default settings give regulation by default.
An Example To Illustrate – The
Robot Exclusion Standard.

   Internet search engines use robots
    (webcrawlers) to catalogue websites.

   These robots have the potential to break
    copyright and breach privacy. i.e. robots could
    be unlawful. website owners have “a right not
    to be indexed”.
An Example To Illustrate – The
Robot Exclusion Standard.
   Copyright law could prevent any site being indexed.
    (direct regulation.)

   The Robot Exclusion Protocol (1994) was created to
    allow website owners to control robot access to the
    website (indirect regulation through Architecture).

    website from being indexed and explored.
Conclusion & Question?

   The function of many Computer Security mechanisms
    is to control behavior by controlling an individual‟s
    permissions and access.
   As computer security professionals you will often have
    to make decision about what is and isn‟t appropriate in
    the security architecture. As your decisions will impact
    upon the rights and freedoms of individuals.
    Are you ready for this responsibility? How much
    guidance do you think the lawmakers should give?

To top