Theories of

cyberspace regulation

Internet Governance, Topic 3

Professor Graham Greenleaf
Cyberspace regulation?
 The problem: Cyberspace is a different
context from the physical world.
 We may need to rethink how regulation of
behaviour works.
 The questions:
 (i) What regulates? - What different forms of
regulation are there?
 (ii) Who regulates? - Who controls the forms
of regulation, and what is their legitimacy?
Theorists and theories
 ‘Digital libertarians’/ anarchists
 Theorists
 Barlow’s ‘Cyberspace Declaration of Independence’ (1996)
 Self-governance theorists (eg David Post)
 Theories criticising:
 Irrelevance of legal concepts based on matter
 Ineffectiveness and illegitimacy of territorially-based government in
 Scepticism about international agreements or institutions (even self-
governing ones)
 Theories favouring
 Effectiveness of self-governing cyberspace institutions
 Arguments for the most decentralised forms of regulation, and for ‘private
orderings’ based on contract

Other theorists
 Trotter Hardy - most decentralised level of
regulation is the ‘proper regime’ (1994)
 Joel Reidenberg - ‘Lex Informatica’
 The Internet (somehow) provides the
appropriate technical devices for regulation

Do theories describe or / and
Barlow Regulation will fail; Nations have no
Internet cannot be right to regulate
regulated ‘new realm of
Post Self-regulation can Self-regulation
work should be left to

Hardy Decentralised Decentralised is
regulation is the ‘proper regime’

Description and/or prescription

Reidenberg’s Technology Regulators should
lex informatica provides effective use infrastructure
tools for regulation to regulate

Lessig Cyberspace is Legitimacy of
regulated by all 4 those controlling
modes; code is code should be
increasingly questioned

‘Digital realists’
 Lawrence Lessig (best known), James Boyle
 Lessig's answers to what and who regulates:
 4 things regulate - Norms; Markets, Law and 'Code'
 Law also regulates the other 3 - indirect regulation
 Effectiveness is very different in cyberspace
 Main lesson: Consider all 4 and their interaction
 Criticisms:
 ‘code’ does not capture all of ‘architecture’
 misses other forms of regulation (informal sanctions;

Constraint 1 - Norms,
morality, conventions
 Real space norms cause disapproval and guilt
 Cyberspace has its own 'netiquette'
 Examples: using CAPITALS; attachments sent to lists
 Some Internet self-regulation creates norms
 Eg observance of Robot Exclusion Standard
 Observance is by voluntary conduct, not code
 Numerous other Internet governance conventions
 Effectiveness increased by surveillance
 The morality of the goldfish bowl
 ‘In cyberspace no one knows you’re a dog’ is false

Constraint 2 - Markets
 Market constrains work in cyberspace
 Unpopular 'code' can perish
 Selling region-blocked DVD players in HK?
 Surveillance damaged DoubleClick's share price
 Prices can affect norms
 Are CD / DVD prices considered fair?
 Is DVD region blocking fair?
 Theories of network economics are important

Constraint 3 - 'Code’
 In real space - Natural and built environment -
 Bank robberies - Laws and morality help; but walls,
locks, glass & guns are better
 Immigration - Distance and lack of borders
 Easy to ignore, often because unchangeable
 In cyberspace - ‘Code’ is the equivalent
 Can control access, and monitor it
 Determines what actions are possible and impossible
 ‘A set of constraints on how one can behave’ -Lessig
 The walls, bridges, locks and cameras of cyberspace

E2e: 'code' layer commons
 e2e ('end to end') network design
 Philosophy of the original Internet designers
 'Smart' features are at the margins
 Anyone can add a new application to the net
 Network controllers do not decide applications allowed
 Innovation irrespective of the wishes of network
 'Code' helps determine the level of innovation
 Absence of control by code here enables innovation

‘Code' or 'architecture'?
 'Code' is cute but confusing
 East coast code (Washington) vs West coast code
 The US Code vs hackers' code
 'Architecture' is more accurate
 Cyberspace is more than software
 Protocols (non-material artefacts)
 Hardware (material artefacts)
 Biology and geography (natural environment)
 'Code' is part of cyberspace architecture

More confusion:
Code and ‘code layer’
‘physical layer’ ‘Computers and wires that
link them’

‘code layer’ Includes Internet protocols
(or ‘logical layer’)

‘content layer’ Includes applications
(‘material served across the software (still called ‘code’,
network’) but not in the ‘code layer’)

From Lessig ‘The
Internet Under Siege’
Cyberspace architecture:
why it is different
 It is almost entirely artefact
 It has generally high plasticity
 Its easier to change cyberspace, even when built
 Exceptions: Internet protocols; open source code
 Greater immediacy of application
 It is often self-executing
 Its legitimacy is questionable
 We should ask the pedigree of any regulation
 What should private companies control?

4 Law - direct and indirect
 Law increasingly directly regulates cyberspace
behaviour - both national and international
 But it indirectly regulates the other 3 constraints
 Legal regulation of architecture is the key
 It is the most effective strategy for governments
 Anti-circumvention laws protect private control of
 It is also vital for limiting private power
 The digital libertarians were wrong
Effective regulation
 Finding the best mix of constraints
 How to prevent discrimination?
 Prohibition; education; building codes
 How to stop people smoking?
 Age limits; prohibited places; education; warnings;
 Q: Does Lessig’s model describe adequately
the range of constraints? ….

5th constraint?:
Informal sanctions

 Much regulation is by informal sanctions:
 Ability to exclude (taking your ball home)
 Ability to use physical force / intimidation
 Informal sanctions (IS) do not necessarily
require any of the other constraints:
 Much law aims at limiting IS
 IS may but need not support norms
 Q: In cyberspace, are informal sanctions largely
dependent on control of architecture?

6th constraint?: Surveillance
 A relationship of knowledge
 Knowledge by the watcher of those watched
 Foucault's 'discipline'; Bentham's Panopticon
 Facilitated by architecture, but not part of it
 Facilitates observance of norms and laws, but independent
 More important in cyberspace regulation
 The normal context of identification is removed
 Identification, not anonymity, is the default
 Q: In cyberspace, does surveillance depend on
control of architecture?

Law modifying surveillance
 Law acts indirectly to modify surveillance
 Data protection laws protect privacy
 Eg Personal Data (Privacy) Ordinance
 Laws mandate compliance
 eg smart ID card
 Laws prevent circumvention
 Eg illegal to modify smart card, or possess
 eg DRMS anti-circumvention …

Example: Copyright, DRMS
and anti-circumvention
 DRMS - The new paradigm for content
 Copyright law was the old paradigm
 Content owners want to control 3 parties
 Content consumers
 Consumer hardware manufacturers
 Content intermediaries
 (DRMS diagram modified from Bechtold)

(licensed) Digital
Publishers, retailers, content
DRMS intermediaries, owners
theatres, TV, etc

Pirate distributors


Technological measures

Technology protection legislation

Content protection legislation

Consumer Content
hardware consumers
manufacturers (purchasers)

Circumvention device mfgs; Illegal consumer copiers;
unlicensed hardware mfgs. borrowers, renters etc
Technological measures
 Distinguish content-protection
technologies and systems (aka DRMS)
 Technologies are broadly either for copy-
protection or access-prevention

Contract’s new role in IP
 ‘Click wrap’ contracts with consumers
 Contracts go beyond © law
 Can impose contracts on all consumers
 Recognised in ProCD v Zeidenberg (USA, 1996); no
equivalent HK development yet
 Distribution licences with intermediaries
 Stronger anti-circumvention and RMI
 DRMS licences with hardware makers
 Ensuring hardware enforces copy-protection

Technology protection legislation

 Hong Kong Copyright Ordinance
 Q: Does the Ordinance prohibit actions which
are not breaches of ©?
 s273 - Devices to circumvent copy-protection

 s274 - interference with rights management
information (RMI)

Residual role of © law
 Copyright legislation no longer the
principal protection of content ‘owners’
 Some content owners wish to eliminate
consumer rights in © laws
 Control over content outside © law is one
objective: eg works out of ©; database

DRMS, theory and innovation

 DRMS are one of the best examples of
the interaction between forms of Internet
 Lessig also attempts to demonstrate how
the Internet is losing its character as an
‘innovation commons’, partly through
changes to IP law and regulation

Importance of 'commons'
 Lessig's argument in ’The Future of Ideas'
 The Internet is an 'innovation commons’
 It is in danger of losing that character
 'Commons' - Resources from which no-one
may be excluded - the 'free'
 Commons are not necessarily 'tragic':
 Not if they are non-rivalrous (eg protocols)
 Not if you control over-consumption
 Both require sufficient incentives to create

Internet as an 'innovation
 Benefits of the Internet as a commons
 Benefits to freedom (first book)
 Benefits to innovation (second book)
 Must consider each Internet 'layer'
 Physical layer, 'code' layer (protocols and
applications) and content layer
 Each could be a commons or controlled
 Currently, each layer is partly controlled
 Changes imperil the mix providing innovation

Lessig's innovation recipe (1)

 1 'Physical' layer reforms
 Spectrum allocation for wireless Internet
 2 'Code' layer reforms
 Government encouragement of open code
• US government uses proprietary programs
• [The PRC government has done this already]
 Require 'code neutrality' by carriers, by
• (a) Banishment from providing Internet services; or
• (b) Requirement to provide open access; or
• (c) No TCP/IP without observing e2e

Lessig's innovation recipe (2)

 3a Content layer - Copyright law reforms
 Short renewable terms
• Eldred v Ashmore: stop the term being extended
• [Shorter or renewable terms would breach US treaty
 For software, 5 year term only, renewable once
 A defence for new technologies
• 'No breach if no harm to copyright owner'
 Compulsory licensing of music for file-sharing

Lessig's innovation recipe (3)

 3a Content layer - Copyright law reforms
 Tax benefits for putting works into the public
 A 'right to hack' DRMS to protect fair use ('Cohen
 Stop contract law undermining copyright law
 3b Content layer - Patent law reforms
 Moratorium on patents for software and business

 Works by Lawrence Lessig
• Lawrence Lessig 'The Law of the Horse: What Cyberlaw
Might Teach' (PDF only) (1999) 113 Harvard Law
Review 501 (drafts were available from 1997)
• Lawrence Lessig Code and Other Laws of Cyberspace
Basic Books 1999
• Lawrence Lessig 'Cyberspace's Architectural
Constitution' (June 2000, Text of lecture at www9,
• Lawrence Lessig The Future of Ideas: The Fate of the
Commons in a Connected World Random House, 2001
• See his home page for links to these and others

 Works by others
• James Boyle
'Surveillance, Sovereignty, and Hard-Wired Censors' (1997)
• Graham Greenleaf
'An Endnote on Regulating Cyberspace: Architecture vs
Law? (1998) University of New South Wales Law Journal
Volume 21, Number 2
• Stefan Bechtold
'From Copyright to Information Law - Implications of Digita
l Rights Management'
. Workshop on Security and Privacy in Digital Rights
Management 2001. 5. November 2001, Philadelphia, USA.
• See the Timetable for further reading