Open Code / Open Societies

Date: Wed, 12 May 1999 14:10:27 -0400
Subject: Open Code, Open Societies
Sender: andrew_russell@Harvard.Edu
From: andrew_russell@Harvard.Edu
To: lessig@law.harvard.edu,
    nesson@law.harvard.edu

Greetings -

Larry, I'm looking forward to your seminar today. I came to IT Policy with
a different perspective - I'm an historian and have strong spiritual (as
distinct from religious - see Ken Wilber) interests and beliefs. In fact
I'm leaving the Kennedy School in July to begin a History PhD at Boulder.
Most IT Policy folks seem to fall somewhere between technologists,
lawyers,
technical or public policy types, and capitalists. Very few seem to be
open
to more advanced thought that understands the Internet as another
development in human history (our friend JP Barlow fits here). There is
some philosophy being tossed around; but for the most part it is somewhat
shallow, and "Net-centric". By that I mean it's focus is 'how philosophy
can fit into the Net', rather than "how the net can fit into Philosophy".

When I bumped into Charlie here in the Kennedy School a few months ago,
and
he asked me if many people around here were talking about OSS or open
code,
I didn't have the foggiest idea what he was talking about -- rather, I
didn't understand its relevance to public policy. Larry, I've read a few
of
your papers, and noticed the priority the BCIS is putting on this issue.
Now things are making more sense.

The end of your CFP99 paper and the end of the Open Code and Open
Societies
paper (which might be the same papers, in essence) reminded me of a quote
from Emmanuel Levinas. I'm not sure if HLS is a big Levinas place or not
(difft universities seem to be hot and cold on him); but one of his
formulations is, to me, a close match for your conclusions. After making
this link, I realized the urgency and importance of your task.  This OSS
policy debate is a new forum for an age-old battle. I think it is the Big
Question of ethics.

Levinas, from _Ethics and Infinity_, p. 80:

"It is extremely important to know if society in the current sense of the
term is the result of a limitation of the principle that men are predators
of one another, or if to the contrary it results from the limitation of
the
principle that we are *for* one another. Does the social, with its
institutions, universal forms and laws, result from limiting the
consequences of the war between men, or from limiting the infinity which
opens in the ethical relationship of man to man?" [emphasis = italics in
original]

The question I see is, are we living in spite of one another, or for each
other?  I don't have the answer to that question in any abstract sense.
Nobody does.  But I can tell you this (and this may have occured to you
both years ago) - the direction of these policy debates will be able to
tell us a huge amount about ourselves, who we are, what we value, and how
we make our decisions.  Historians (like myself) will use this debate to
judge whether the development of the Internet reveals us to be predators
or
brothers.  I'm going to Boulder to get my qualifications to fight on the
side of the good guys.

Enjoy the sunshine,

Andy

The Limits in Open Code: Regulatory Standards and the Future of the Net

By Lawrence Lessig ^†
forthcoming,
Berkeley Journal of Law and Technology (1999)

This is an essay about standards in future of the Internet’s governance. I begin with a distinction between two types of standards, and then a reminder of a bit of history of the evolution of thought about regulation in cyberspace. I then draw upon this distinction and this history to suggest a question about the future of the net’s regulation. This question relates to the place of open source software in the future of the "application space" of the Internet. My argument is that open source software will make regulating cyberspace more difficult than it otherwise would be.

I. Standards

Distinguish between two sorts of standards: coordinating and regulating. A coordinating standard is a rule that facilitates an activity that otherwise would not exist. A regulating standard restricts behavior within that activity, according to a policy set by the regulators. A coordinating standard can be imposed from the top down, or emerge from the bottom; a regulating standard is ordinarily imposed only from the top down. Driving on the right side of the road is a coordinating standard. A speed limit is a regulating standard. Coordinating standards limit liberty (drive on the right) to make an activity possible (driving); regulating standards limit liberty within that activity (speeding) to advance a regulatory end (safety or fuel conservation). We understand why an individual would want to deviate from a regulating standard; it is (often) hard to make sense of a desire to deviate from a coordinating standard.

Standards on a computer network are similarly coordinating and regulating. TCP/IP is a coordinating standard—it is a convention that makes exchange of information over the Internet possible. Space allocation on a network server is a regulating standard—it limits the storage space assigned to a particular user to allow many users to use the same storage resource.

Most of the most important Internet standards to date have been coordinating standards—standards such as TCP/IP, or FTP, or HTML. The Internet community has demonstrated well its ability to develop and deploy coordinating standards; this is the genius in organizations such as the Internet Engineering Task Force. But in the future, most of the most significant debates about standards will be debates about regulating standards

Brilliant to this point. But why do you assert that in the future "most" of the "most significant" debates about standards will be regulatory. When we have seen such extraordinary benefit already from open coordinating standards, why would we not strive to continue our growth trajectory?

— about standards that allow the government to carry its policy choices into effect, whether or not those choices are the choices of bottom up organizations like the IETF.

The net’s success with standards in the future, then, depends upon the standards at stake. And its success with coordinating standards will not necessarily entail a similar success with regulatory standards.

Hence the need for lawyers who can explain how to get it done without resort to law, who understand that our future lies in the architecture of code, establishing new balance between open and closed.

II. Regulability

That’s the distinction; now the history. It’s important that we remark how the debate about the regulation of cyberspace has changed. Three years ago the world was techno-libertarian. Frustrated sorts from our bureaucratic age looked to cyberspace as a place where regulation would not work, and hence as a place where people would be free. "Free"had two senses for these sorts—first, life in cyberspace was free from any regulation, and second, life there was free from regulation by government. Life in cyberspace, libertarians promised, was unregulated and unregulable. Behavior there was beyond the government’s reach.

These were the ideas that defined first-generation thought about cyberspace and law. Law such as copyright was dead, lyricists such as John Perry Barlow sang. Law, lawyers such as Post and Johnson warned was fundamentally threatened. The Net would be a world where freedom reigned, and in some techno-Marxist way, governments would have no choice but to wither away.

These ideas did not go unchallenged. Rather, there were a few crazies around at the time who thought quite differently about regulation on the Net. I met two at a conference at Emory Law School three years ago, where they were busy challenging these then-commonplace ideas about the unregulated life of cyberspace.

One was then an assistant professor from Fordham, Joel Reidenberg. About the claim that life in cyberspace was free—unregulated by cyberspace—Reidenberg had a very different view. Life in cyberspace, Reidenberg argued, was regulated as any form of life was. This regulation, however, was built into the code. This form of regulation he called lex informatica, and this lex, he maintained, defines what behavior is possible in cyberspace and what values cyberspace will uphold. Whether these are values of anonymity or privacy or free speech or access, it is this law that makes those values possible.

But the lex informatica, he argued, was not a law that was fixed. The architectures of cyberspace could be changed. The values that cyberspace embraces could be different. There is no nature to the way that cyberspace is built—no nature, simply code. This code could be made to be very different from what it currently is. It could be made, that is, to embrace a very different set of values.

The other crazy was Pam Samuelson, then a professor at the University of Pittsburgh. Samuelson challenged the second idea—that cyberspace could not be regulated by government. For as Samuelson saw it, the law was already threatening an important regulation of life in cyberspace. Not directly, of course, but indirectly — through a series of changes threatened by the administration’s White Paper on Intellectual Property. These changes designed to increase the law’s protection for intellectual property, threatened to fundamentally queer the architectures of cyberspace. Laws would have their effect, if only indirectly, by inducing changes in the lex that Reidenberg spoke of.

Time works changes. The views of these two crazies have now become mainstream. Everyone now gets how the architecture of cyberspace is, in effect, a regulator. Everyone now understands that the freedom or control that one knows in cyberspace is now a function of its code. Cookies mean less privacy; choice about cookies means more privacy. A world without P3P is a world with less control over privacy; a world with P3P is a world with more control over privacy. A world with PICS is a world where speech is less free; a world without PICS is, well, let’s say, nice. The differences in these worlds are differences in the code of these worlds. Different code, different regulation, different worlds.

And so too do most now see how government might have a role in this regulation. Smart governments will regulate, not by directly regulating the behavior of people in cyberspace. Smart governments will regulate by regulating the code that regulates the behavior of people in cyberspace. Cyberspace’s code will become the target of regulation. The future will be littered with examples of government trying to intervene to assure that cyberspace is architected in a way to protect government’s interests. Whether those interests will be interests against copyright management circumvention or interests in favor of encryption control, the government will increasingly see that the most efficient target of regulation is not people but binary code. Enslave the code while telling the world that you are leaving the space free—this is the formula for taming the liberty that cyberspace now provides.

Two important conclusions follow from the arguments of these two "crazies." First, if code is a kind of law, then we should focus, as we do with real-space law, on the freedoms and the constraints built into this code, and on how these freedoms and constraints are changing.

Brilliant argument for open code. How can we focus on what we cannot see?