Download An Endnote on Regulating Cyberspace: Architecture vs Law

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Document related concepts
no text concepts found
Transcript
An Endnote on Regulating
Cyberspace: Architecture vs Law
Author:
Graham Greenleaf.
Presented by:
Oliver Bannatyne,
28th May 2002
The Context Of The Article.

The author is a legal academic writing for
lawyers, policymakers, and technologists.

The article is a critique of Larry Lessig’s
techno-legal philosophy of “Code as Law”.

“Code As Law” is a theory of Internet
Governance that tries to answer the questions:
The Issues of Internet Governance



1.) Why should Cyberspace be regulated?
2.) By Whom should Cyberspace be
regulated?
3.) How should Cyberspace be regulated?
This presentation will mainly focus on the third
issue, starting with a brief discussion of first
issue.
Why Regulate Cyberspace
The why issue becomes:
Is there a sufficient difference between
cyberspace and “realspace” so that the former
should be regulated differently to the latter.
If the answer is yes, should cyberspace be a
 A realm of freedom (lightly regulated), or
 A realm of surveillance (heavily regulated).

Why Regulate Cyberspace?
Realm Of Freedom
 Users are anonymous.
 Information should be
free.
 The Net is decentralised,
and beyond control.
 The Net is international.
 Cyberspace is different
to ‘realspace’.





Realm Of Surveillance
The net pervades
modern life.
The privacy of users is
being abused.
The real/digital persona
needs protection.
To ensure identity of
users and data.
Code/Architecture As Law:
Regulating Through Architecture
Law
Market
Norms
Code
Activity being regulated
Indirection regulation by law
Direct regulation

Figure 1 - Regulation as a function of four types of
constraints (Adapted from G Greenleaf, L Lessig[33])
The Four Constraints On Human
Activity
1.
Norms, Morality and Self Regulation.
2.
Markets.
3.
Code/Architecture.
4.
Law.
Law as a Direct And Indirect
Behavioural Constraint.
Law
Means –
 Directly Regulating individual behavior
through social compliance/punishment.
“Person X must not activity Y, failure to do activity
Y causes punishment Z.”
2. Indirectly regulating norms, markets, and the
code/architechture.
Non-legal Behavioral Constraints
cyberspace
Norms, Morality and Self Regulation.
Means - These regulate by the the fear of social
embarrassment.
Example
Activity - An Email containing racist/sexist jokes.
Regulator - Email Monitoring.
Greenleaf says: Markets are an ineffective regulator
because embarassment lessened by geograhic
distance and unlikelihood of getting caught.
Non-legal Behavioral Constraints
Cyberspace.
Markets
Means – Markets are a form of economic regulation.
Example
Activity – choosing a product.
Regulator – “Network Effects” – A product (e.g. ICQ)
becomes more valuable to consumers the more users
it has using it.
Greenleaf says: Markets are another powerful regulator in
cyberspace.
Code/Architecture As Law:
Regulating Through Architecture
Law
Market
Norms
Architecture
Activity being regulated
Indirection regulation by law
Direct regulation

Figure 2 - Regulation as a function of four types of
constraints (Adapted from G Greenleaf, L Lessig)
Non-legal Behavioral Constraints
Cyberspace.
Architecture
In realspace, Architecture is the physical
constraints of nature, which are normally
taken for granted since they are nonmalleable as a constraint.
However, in cyberspace the architecture is
different.
The Five Features of Architecture
1.
Architecture is More than Software -.
It includes software, hardware, standards, & human
biology (biometrics).
2.
Architecture has Immediacy as a Constraint -.
Changes to the architecture can have direct
immediate effect. (i.e. Changing an access control
system block users access instantaneously.)
3.
Most Architecture has High Plasticity -.
The architecture is easily altered.
The Five Features of Architecture
4.
The legitimacy of architecture depends on
who controls it
If architecture/code is law then have the code-writers
become the new sovereign? (e.g. like a state, king,
or ruler.)
Are they are legitimate sovereign?
In whose interests are they working?
5.
Default settings give regulation by default.
An Example To Illustrate – The
Robot Exclusion Standard.

Internet search engines use robots
(webcrawlers) to catalogue websites.

These robots have the potential to break
copyright and breach privacy. i.e. robots could
be unlawful. website owners have “a right not
to be indexed”.
An Example To Illustrate – The
Robot Exclusion Standard.

Copyright law could prevent any site being indexed.
(direct regulation.)

The Robot Exclusion Protocol (1994) was created to
allow website owners to control robot access to the
website (indirect regulation through Architecture).

The HTML Tag <META NAME=”ROBOTS”
CONTENT=”NOINDEX, NOFOLLOW”> prevents a
website from being indexed and explored.
Conclusion & Question?



The function of many Computer Security mechanisms
is to control behavior by controlling an individual’s
permissions and access.
As computer security professionals you will often have
to make decision about what is and isn’t appropriate in
the security architecture. As your decisions will impact
upon the rights and freedoms of individuals.
Are you ready for this responsibility? How much
guidance do you think the lawmakers should give?