In 1999 Professor Lawrence Lessig, then Berkman Professor for Entrepreneurial Legal Studies at Harvard Law School, later professor of law at Stanford Law School, opened his new book, Code and other laws of cyberspace, with a chapter entitled “Code is law.” This short but complex phrase has, since then, found itself at the heart of a thorough interdisciplinary debate on how new media technologies and, in particular, the Internet have altered the configuration of centers of regulatory power and the application of regulatory control mechanisms. “Code is law” is, as a result, one of the most deceptively complex and debated phrases in contemporary regulatory theory.
Lessig’s thesis is predicated upon his belief that “cyberspace presents something new for those who think about regulation and freedom” (Lessig 1999a, 6). This belief reflects views developed in the 1990s by a group of theorists classified as the cyberlibertarian school who viewed cyberspace as inherently unregulable because of the borderless nature of its environment (Johnson & Post 1996) and the lack of effective control mechanisms (Barlow 1996). Lessig’s Code is law thesis, although founded upon some of this school’s values, does not represent an addition to the cyberlibertarian literature. Instead, it forms part of the opposing cyberpaternalist school that grew in opposition to the cyberlibertarians (Goldsmith 1998; Reidenberg 1998; Benkler 2000). Drawing from these cyberpaternalist works, Lessig states that in cyberspace we are compelled “to look beyond the traditional lawyer’s scope – beyond laws, regulations and norms. It requires an account of a newly salient regulator: code” (Lessig 1999a, 6).
The “code” regulator referred to by Lessig reflects the regulatory contribution of the design element of cyberspace encoded in the systems software that both supports and controls the cyber-environment. Lessig believes that code in cyberspace represents control through architecture, one of four modalities of regulation that he identifies along with law, markets, and norms. Each modality is described in terms of constraints on action (Lessig 1999a, 235 – 239). Thus law, the traditional hierarchical modality, constrains through the threat of punishment; norms, or social controls, constrain through the application of societal sanctions such as criticism or ostracism; the market constrains through price and price-related signals; and architecture physically constrains (think of a locked door). The concept of architectural or design controls is not new. They are apparent in the works of Bentham (1995, 1st pub. 1787) and Foucault (1977) and are utilized today by the designers of theme parks and stadia to manage crowds (Shearing & Stenning 1984). The key contribution of Lessig’s work is to reassert the importance and value of architectural or design controls, in particular, with reference to cyberspace. Lessig’s application of these principles to the environment within cyberspace provides the foundation for a new and enhanced application of design controls: design in an environment that is completely plastic and that is under the management of a relatively few environmental designers.
Lessig believes design-based regulatory modalities, or, to use his term, architecture, are particularly effective in cyberspace because of the nature of the environment. As he notes: “we can build, or architect, or code cyberspace to protect values that we believe are fundamental, or we can build, or architect, or code cyberspace to allow those values to disappear” (Lessig 1999a, 6). This is an application of environmental plasticity (Murray 2006), that attribute of cyberspace encountered when one ventures into the higher network layers (Benkler 2000) beyond the physical infrastructure layer. In its higher layers, cyberspace is an entirely virtual environment. As a result, designers of the environment, or code-writers as Lessig calls them, have complete control over the environment, something not available to architects in the physical world because of the constraints of physical laws (Murray 2006, 42). This creates both a challenge and an opportunity for regulators. The opportunity is that, as environmental controls are self-executing (Murray & Scott 2002), the designer/implementer of an architectural or code-based regulatory system need not invest in costly ex-post monitoring or enforcement agencies: once implemented, environmental controls mechanically regulate all who come in contact with them. The challenge is that, for traditional regulatory theory, this represents a shift in regulatory power from hierarchical, usually state or statesanctioned regulators to private regulators such as the software companies and network providers. This shift is stylized by Lessig as a move from East Coast Code (the code of Washington, DC) to West Coast Code (the code of Silicon Valley and Redmond, VA.).
Thus far the story of the two codes may suggest that Lessig’s concern should be with the lack of democratic accountability of West Coast code-makers. However, his take on this is more subtle and much more complex. His concern is not about opposing camps and who wins the battle to design the environment of cyberspace. His concern is that East Coast code-makers are interfering in the business of West Coast code makers to the potential detriment of both Internet users and West Coast code. Lessig notes that “the power of East Coast Code over West Coast Code has increased” (Lessig 1999a, 53).
This increase is one of the results of the ever-growing commercialization of cyberspace and the increasing prominence of a select group of West Coast code-makers such as SAP, IBM, Oracle, and Microsoft. These large commercial organizations seek good relations with government, making it easier for East Coast code-makers to influence the design of their software products, even though in many cases these code-makers do not fully understand the product or how it regulates individuals. The result is, as predicted by Lessig, a migration of the regulatory center wherein East Coast code-makers increasingly will seek to develop controls in cyberspace, not though the application of laws, but through mandating changes in the environmental code of the place (cyberspace): code is thereby used as a substitute for law; or, to put it another way, with East Coast codemakers employing software code to bring about regulatory outcomes, “Code is Law.”
- Barlow, J. P. (1996). A declaration of the independence of cyberspace. Davos. At www.eff.org/~barlow/ Declaration-Final.html.
- Benkler, Y. (2000). From consumers to users: Shifting the deeper structures of regulation toward sustainable commons and user access. Federal Communications Law Journal, 52, 561–579.
- Bentham, J. (1995). Letters on panopticon or the inspection-house. In J. Bentham, The panopticon writings (ed. M. Bozovic). London: Verso. (Original work published 1787).
- Foucault, M. (1977). Discipline and punish: The birth of the prison (trans. A. Sheridan). Harmondsworth: Penguin.
- Goldsmith, J. (1998). Against cyberanarchy. Chicago Law Review, 65, 1199 –1250.
- Johnson, D., & Post, D. (1996). Law and borders: The rise of law in cyberspace. Stanford Law Review, 48, 1367–1402.
- Lessig, L. (1999a). Code and other laws of cyberspace. New York: Basic Books.
- Lessig, L. (1999b). The law of the horse: What cyberlaw might teach. Harvard Law Review, 113, 501–546.
- Murray, A. (2006). The regulation of cyberspace: Control in the online environment. Oxford: Routledge-Cavendish.
- Murray, A., & Scott, C. (2002). Controlling the new media: Hybrid responses to new forms of power. Modern Law Review, 65, 491–516.
- Post, D. (2000). What Larry doesn’t get: Code, law and liberty in cyberspace. Stanford Law Review, 52, 1439–1459.
- Reidenberg, J. (1998). Lex informatica: The formulation of information policy rules through technology. Texas Law Review, 76, 553 –584.
- Shearing, C., & Stenning P. (1984). From the panopticon to Disney World: The development of discipline. In A. Doob & E. Greenspan (eds.), Perspectives in criminal law. Aurora: Canada Law Book, pp. 335 – 349.