Stanford CIS

After the cyberlaw deluge, another deluge

By Larry Downes on

If I ever had any hope of “keeping  up” with developments in the regulation of information technology—or  even the nine specific areas I explored in The Laws of Disruption—that  hope was lost long ago.  The last few months I haven’t even been able  to keep up just sorting the piles of printouts of stories I’ve “clipped”  from just a few key sources, including The New York Times, The  Wall Street Journal, CNET News.com and The Washington  Post.

I’ve just gone through a big pile of clippings that cover  April-July.  A few highlights:  In May, YouTube surpassed 2 billion  daily hits.  Today, Facebook announced it has more than 500,000,000  members.   Researchers  last week demonstrated technology that draws device power from radio  waves.

If the size of my stacks are any indication of activity level, the  most contentious areas of legal debate are, not surprisingly, privacy  (Facebook, Google, Twitter et. al.), infrastructure (Net neutrality,  Title II and the wireless spectrum crisis), copyright (the secret ACTA  treaty, Limewire, Google v. Viacom), free speech (China, Facebook “hate  speech”), and cyberterrorism (Sen. Lieberman’s proposed legislation  expanding executive powers).

There was relatively little development in other key topics, notably  antitrust (Intel and the Federal Trade Commission appear close to  resolution of the pending investigation; Comcast/NBC merger plodding  along).  Cyberbullying, identity theft, spam, e-personation and other  Internet crimes have also gone eerily, or at least relatively, quiet.

Where are We?

There’s one thing that all of the high-volume topics have in  common—they are all moving increasingly toward a single topic, and that  is the appropriate balance between private and public control over the  Internet ecosystem.  When I first started researching cyberlaw in the  mid-1990’s, that was truly an academic question, one discussed by very  few academics.

But in the interim, TCP/IP, with no central authority or corporate  owner, has pursued a remarkable and relentless takeover of every other  networking standard.  The Internet’s packet-switched architecture has  grown from simple data file exchanges to email, the Web, voice, video,  social network and the increasingly hybrid forms of information  exchanges performed by consumers and businesses.

As its importance to both economic and personal growth has expanded,  anxiety over how and by whom that architecture is managed has  understandably developed in parallel.

(By the way, as Morgan Stanley analyst Mark Meeker pointed out this  spring, consumer computing has overtaken business computing as the  dominant use of information technology, with a trajectory certain to  open a wider gap in the future.)

The locus of the infrastructure battle today, of course, is in the  fundamental questions being asked about the very nature of digital  life.  Is the network a piece of private property operated subject to  the rules of the free market, the invisible hand, and a wondrous absence  of transaction costs?  Or is it a fundamental element of modern  citizenship, overseen by national governments following their most basic  principles of governance and control?

At one level, that fight is visible in the machinations between  governments (U.S. vs. E.U. vs. China, e.g.) over what rules apply to the  digital lives of their citizens.  Is the First Amendment, as John Perry  Barlow famously said, only a local ordinance in Cyberspace?  Do E.U.  privacy rules, being the most expansive, become the default for global  corporations?

At another level, the lines have been drawn even sharper between  public and private parties, and in side-battles within those camps.  Who  gets to set U.S. telecom policy—the FCC or Congress, federal or state  governments, public sector or private sector, access providers or  content providers?  What does it really mean to say the network should  be “nondiscriminatory,” or to treat all packets anonymously and equally,  following a “neutrality” principle?

As individuals, are we consumers or citizens, and in either case how  do we voice our view of how these problems should be resolved?  Through  our elected representatives?  Voting with our wallets?  Through the  media and consumer advocates?

Not to sound too dramatic, but there’s really no other way to see  these fights as anything less than a struggle for the soul of the  Internet.  As its importance has grown, so have the stakes—and the  immediacy—in establishing the first principles, the Constitution, and  the scriptures that will define its governance structure, even as it  continues its rapid evolution.

The Next Wave

Network architecture and regulation aside, the other big problems of  the day are not as different as they seem.  Privacy, cybersecurity and  copyright are all proxies in that larger struggle, and in some sense  they are all looking at the same problem through a slightly different  (but equally mis-focused) lens.  There’s a common thread and a common  problem:  each of them represents a fight over information usage,  access, storage, modification and removal.  And each of them is saddled  with terminology and a legal framework developed during the Industrial  Revolution.

As more activities of all possible varieties migrate online, for  example, very different problems of information economics have converged  under the unfortunate heading of “privacy,” a term loaded with 19th and 20th century baggage.

Security is just another view of the same problems.  And here too the  debates (or worse) are rendered unintelligible by the application of  frameworks developed for a physical world.  Cyberterror, digital  warfare, online Pearl Harbor, viruses, Trojan Horses, attacks—the  terminology of both sides assumes that information is a tangible asset,  to be secured, protected, attacked, destroyed by adverse and  identifiable combatants.

In some sense, those same problems are at the heart of struggles to  apply or not the architecture of copyright created during the 17th Century Enlightenment, when information of necessity had to take  physical form to be used widely.  Increasingly, governments and private  parties with vested interests are looking to the ISPs and content hosts  to act as the police force for so-called “intellectual property” such as  copyrights, patents, and trademarks.  (Perhaps because it’s  increasingly clear that national governments and their physical police  forces are ineffectual or worse.)

Again, the issues are of information usage, access, storage,  modification and removal, though the rhetoric adopts the unhelpful  language of pirates and property.

So, in some weird and at the same time obvious way, net  neutrality = privacy = security = copyright.  They’re all  different and equally unhelpful names for the same (growing) set of  governance issues.

At the heart of these problems—both of form and substance—is the  inescapable fact that information is profoundly different than  traditional property.  It is not like a bushel of corn or a barrel of  oil.  For one thing, it never has been tangible, though when it needed  to be copied into media to be distributed it was easy enough to conflate  the media for the message.

The information revolution’s revolutionary principle is that  information in digital form is at last what it was always meant to be—an  intangible good, which follows a very different (for starters, a  non-linear) life-cycle.  The ways in which it is created, distributed,  experienced, modified and valued don’t follow the same rules that apply  to tangible goods, try as we do to force-fit those rules.

Which is not to say there are no rules, or that there can be no  governance of information behavior.  And certainly not to say  information, because it is intangible, has no value.  Only that for the  most part, we have no real understanding of what its unique physics  are.  We barely have vocabulary to begin the analysis.

Now What?

Terminology aside, I predict with the confidence of Moore’s Law that  business and consumers alike will increasingly find themselves more  involved than anyone wants to be in the creation of a new body of law  better-suited to the realities of digital life.  That law may take the  traditional forms of statutes, regulations, and treaties, or follow even  older models of standards, creeds, ethics and morals.  Much of it will  continue to be engineered, coded directly into the architecture.

Private enterprises in particular can expect to be drawn deeper  (kicking and screaming perhaps) into fundamental questions of Internet  governance and information rights.

Infrastructure and application providers, as they take on more of the  duties historically thought to be the domain of sovereigns, are already  being pressured to maintain the environmental conditions for a healthy  Internet.  Increasingly, they will be called upon to define and enforce  principles of privacy and human rights, to secure the information  environment from threats both internal (crime) and external (war), and  to protect “property” rights in information on behalf of “owners.”

These problems will continue to be different and the same, and will  be joined by new problems as new frontiers of digital life are opened  and settled.  Ultimately, we'll grope our way toward the real question:   what is the true nature of information and how can we best harness its  power?

Cynically, it’s lifetime employment for lawyers.  Optimistically,  it’s a chance to be a virtual founding father.  Which way you look at it  will largely determine the quality of the work you do in the next  decade or so.