Now that the point about the so-called unregulable nature of cyberspace is dismissed, we should focus on the regulation itself. In that order, we have to identify the actors and the level and degree of control they can use.
In cyberspace, the term governance is used rather than the word control to include the wide range of issues raised by the need of regulation. The cyberspace governance involves many features such as the kind of control (e.g. centralized, decentralized, self-regulation), the actors involved (e.g. international organizations, national governments, corporate entities and civil society) and the dimensions (e.g. legal, economic, infrastructure, socio-cultural). The combination of these features constitutes a governance model. What is unique in cyberspace is that there is not solely one kind of governance, but many combinations working simultaneously with the possibility to be isolated from one another.
The first approach concerns the distinction between centralized and decentralized structures of governance. In a centralized structure, one unique major institution (public or private) makes the decision, with the aim of power and visibility. But a central instance can create a decentralized structure by a transfer of authority and responsibility in order to gain more efficiency and democracy in the decision making process. Since internet is a network of many networks around the world, sometimes autonomous, it should logically be governed in a decentralized way reflecting its structure. Also, the complexity of the cyberspace cannot be put under a single authority. On the other hand, centralized governance is more likely to succeed for developing countries with limited human and financial resources.
Another concept distinguishes between the “narrow” and the “broad approach”. The first one solely concerns the infrastructure of internet such as Internet Protocal (IP) adresses or Domain name system (DNS). The second one goes beyond that of the infrastructural issues and points out other legal, economic and socio-cultural issues. But these two approaches are not completely separated, since a technology is not neutral. The “DNS war” can illustrate that point. A DNS is a service that translates a computer's domain name (e.g. the web address www.leeds.ac.uk) into an IP address that is the identifier for a computer on a network. Because both domain name and IP address must be unique, there is a need of regulation to assign them. Therefore, the US National Science Foundation decided to call on the private sector in 1994 and subcontracted the management of the DNS to the company Network Solutions. Since this monopoly was both against the anti-trust legislation and the development of the technology market, the agreement was amended to allow other companies called “registrars” to enter the DNS business. But then the problem of a regulation at the end still remain, and the Internet Corporation for Assigned Names and Numbers (ICANN) was established by the US government in 1998 with the objectives of coordinating the allocation process and ensuring the stability of the system. What is also interesting is the principles of “private, bottom-up coordination”, “Multi-stakeholder model” and “consensus-driven” under which the ICANN operates. The first principle is made to ensure that the coordinating process is “flexible and able to move rapidly enough to meet the changing needs of the Internet” whereas the broad representation system of a board of directors and volunteer working groups includes many public and private interests.
Finally, another distinction is one between the “Old-Real” and the “New-Cyber” approach. The former, also called “new wine in old bottles” argues that internet is just another device no different than any of the previously existing ones (e.g. radio, telephone). This way, the existing laws concerning information and communication can be applied without a deep-reaching legislation reform. One the other hand, the “new-cyber” approach or “new wine in new bottles” argues that internet is a brand new device requiring a fundamentally different legislation. Strangely, the “new approach” is part of the past, at least in its form of “rough consensus and running code” which was the principle enhanced by the Internet Engineering Task Force (IETF) in the late 1980’s to make a decision resolving a particular problem on internet. The consensus operates differently than a democratic vote in a legislature since it requires a “dominant view” representing a “sense of agreement” rather than a volume (51% for a democratic vote). It was believed that because cyberspace is not the real world, it requires a new form of governance. But if we go back to the example of ICANN, we can see that even if this approach was predominant with the “consensus-driven” principle, it is no longer the case since the Amendment 5 of 2002 and the new Memorandum of Understanding of 2006 which both strengthened the role of governments by giving to the Department of Commerce an ultimate and unilateral oversight. One key here is that the view on internet governance changed after 9/11 : the priority of “cyberdemocracy” was replaced with the “cybersecurity”.
Even if the early days of internet were governed by the will of a new kind of governance independent of the sovereign states based on a misconception of the cyberspace, the approach is from now on centered on the collaboration of governments and market participants. Indeed, the reality of the emerging cybercriminality forced the governments and the market entities to build a real governance project of the cyberspace.
II. Governments and market have finally started to regulate the cyberspace by leading a war against cybercrime.
The rise of the Information society is “a revolutionary challenge to decision makers” according to the Bangemann Report. Indeed, the new capacities offered by the cyberspace gives on one side the benefits of a new digital revolution for the human rights and the economy, but on the other side it allows the emergence of a new kind of threat called cyber-crime. We will analyze these two facets through two examples : the protection of privacy with Facebook and the protection of copyright, and see how the code is regulating our behavior in both case.
Privacy is “the right to be left alone” said Judge Cooley. But as we enter a digital revolution, it seems nearly impossible to not use a device (e.g. smartphone, computer, cash dispenser) connected to the cyberspace. Furthermore, if one wants to use a service on internet, one has to accept the rules regulating it, no matter if the consent was made by accepting a charter for use or simply by entering a website.
In October 2012, the social network Facebook counted one billion monthly active users. Even if there could be not one unique profile to each person (contrary to the Facebook agreement), it became de facto a huge data storage about personal information which we deliver with our consent, aware or not. But since a user signed a Statement before registering on Facebook, he is supposed to know what he agrees with, even if he did not read it. Then, he gets the right to choose his own privacy settings (e.g. who can see what) and to allow the programs using into Facebook (e.g. agenda, birthday calendar, games) to collect some personal information. This is the “code” of Facebook : the more the user allows to share his personal data, the more he can enjoy his experience on a social network.
But he is not the only one who can decide how private his profile is. One of the controversies concerns the cooperation with the government’s search requests. In its privacy policy statement, Facebook informs that :
[it] may also share information when [it has] a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm (…). This may include sharing information with other companies, lawyers, courts or other government entities.
If there is a suspicion concerning a user activity, Facebook is likely going to cooperate without restricting the access to profiles, especially if they are publicly available, and even dealing with private content, there is no certain protection from federal law in United States, especially since the Congress failed to amend the Electronic Communications Privacy Act (ECPA) to ensure more protection in social networking, and since the Fourth Amendement has not been adapted to the “Facebook code”. Indeed, the Supreme Court does not recognize its protection if a third party is involved, for example if a “friend” has access to the personal content. Furthermore, the architecture of Facebook changed between 2007 and 2012 : it is no longer “an exclusive, private social network” : what one publishes on his wall is publicly visible. Also, nor can it be from legislation in the UK with the Data protection Act 1998 which protect personal data process only if the content is anonymous (which it is not on Facebook). Regardless, the protection is no longer relevant in the case detailed by Section 29 in Part IV of a crime and taxation.
In that case, the lack of a “new cyber-approach” allows government agencies to get into a private area containing personal data, and to regulate our behavior which are not protected by any law. This is made easier with an architecture facilitating identification and certifying facts about the users.
A copyright is a legal concept which gives to the creator the exclusive rights to use, modify or trade his original work for a limited period of time. The main issue here is the time : as long as there was a copyright legislation, authors have been arguing that it is too short. That is the reason why four times the US Congress has agreed with authors that the length of copyright was too short : from the 28 years legal period of the Copyright Clause of the United States Constitution , and after the reforms in 1831, 1909, 1976 to the lifetime of the authors plus seventy years in 1998.
The aim of the copyright law is to make a contract between authors and society which “promote the progress of science and useful arts”. But with the piracy on internet, the significance of this topic increased, as it becomes a world issue. Indeed, piracy was an argument in favor of a complete control of the creations, not only by their authors, but also by the companies owning the copyright after their death.
The “Stop Online Piracy Act” (SOPA) is emblematic of the war leading by the media industries with the help of the government against the piracy on cyberspace. It was introduced in 2011 to protect the intellectual-property market and enforce the legislation concerning the foreign-owned websites. It should have worked has a two-step process allowing the property-rights holders first to notify any website or partners which content could violate their rights (if they believe so), and then sue them if there is no suspension of the content . Also, the US Department of Justice could have requested a court holder in order to disable the linking to the website, or even required the block to the access by the DNS service providers. Two problems rose with this bill : its impact on the freedom of speech, and its criminalization of the peer-to-peer (P2P) technology.
Concerning the first controversy, SOPA would have literally created a “blacklist of forbidden information”. Indeed, if the reason for the US government to block a foreign website is the protection of copyright, there are no obstacles for other countries to make a same bill protecting the privacy or to fight against hate speech. And if the offender website turns out to be an online newspaper, then it would violate the fundamental human right of Freedom of Speech.
P2P technology enables a computer to become a server and so facilitates a shared access to data. The web platforms relating to P2P are used to search and to store the links that allows the content to be downloaded. But if only a small part of contents violates a copyright, then the entire website would be shut down. It is completely opposite to a flexible response which could save the technology itself and prosecute the offender content.
These controversies pushed the US government to postpone the committee in charge of the bill, arguing that even if the piracy problem requires a legislative response, it cannot be at any cost, especially if it “reduces freedom of expression […], or undermines the dynamic, innovative global Internet” .
In conclusion, as Lessig argued, cyberspace is not immune against any control. In fact, it is itself the product of the control of data through its code. The people behind this code tend to be our governments collaborating with the private sector to legislate on the behavior in cyberspace.
Is it positive or negative ? For Lessig, it is certainly detrimental as claimed :
But my fear is that we sustain the will — the will of free societies for the past two centuries, to architect constitutions to protect freedom, efficiencies notwithstanding.
In my opinion, I would rather agree with the statement that the technology is not neutral. We can choose what space it will be. But I also think people are by nature never satisfied : we want to be in touch easily with everybody, but we want privacy at the same time ; we want access to everything but we do not accept the cost of it. In microeconomic, a decision-rule for an individual is based on the opportunity cost : which are the benefits and which are the costs or sacrifice ? The fact is that we are likely to see the immediate benefits of entering cyberspace, but when it is time to proceed to checkout, it is often too late. This problem is then the lack of a cyber-citizenship-education.
Bibliography
Lawrence Lessig, Code version 2.0 (1st, Basic Books, 2006)
Martin C. Libicki, Conquest in Cyberspace : National Security and Information Warfare (Cambridge University Press 2007)
W. Benedek, V. Bauer and M. Kettemann, Internet Governance and the Information Society: Global Perspectives and European Dimensions (Eleven International Publishing 2008)
Martin Bangemann, Europe and the Global Information Society, Bangemann report recommendations to the European Council (Innovatia Documentation 1994)
Junichi P. Semitsu, From Facebook to Mug Shot : How the Dearth of Social Networking Privacy Rights Revolutionized Online Government Surveillance (Pace Law Review, Vol. 31, No. 1 2011)
E. Gelbstein and J. Kurbalija, Internet Governance : Issues, Actors and Divides (DiploFoundation, 2005)
Koffi Annan, 2004 Global Forum on Internet Governance, 24th March 1998, New York
David Clark, “Characterizing cyberspace : past, present and future” (2010). MIT-CSAIL. Accessed 24 November 2012
Lawrence Lessig, Code version 2.0 (1st, Basic Books, 2006) p.7
Lawrence Lessig op. cit, p.410
Martin C. Libicki, Conquest in Cyberspace : National Security and Information Warfare (Cambridge University Press 2007) p.62-63
Lawrence Lessig, 1998 The Law of Cyberspace. Taïwan Net ’98 conference, March 1998, Taipei
Ross Wm. Rader, “One History of DNS” (2001) Accessed 24 November 2012
ICANN, ‘Registrar Accreditation: History of the Shared Registry System’ (2012) Accessed 24 November 2012
ICANN, Bylaws for internet corporation for assigned names and number [2011] Art.1 (s1-2) Accessed 24 November 2012
ICANN, Memorandum of Understanding Between the U.S. Department of Commerce and the Internet Corporation for Assigned Names and Numbers [1999] Part. II. C. Accessed 24 November 2012
Paulina Borsook, “How Anarchy Works,” 1995 Wired . Accessed 24 November 2012
IETF Working Group Guidelines and Procedures [1998] Part. 3.3
Accessed 24 November 2012
ICANN, Amendment 5, Memorandum of Understanding Between the U.S. Department of Commerce and the Internet Corporation for Assigned Names and Numbers [2002]
Accessed 24 November 2012
Joint Projet Agreement Between the U.S. Department of Commerce and and the Internet Corporation for Assigned Names and Numbers [2006]
Accessed 24 November 2012
W Benedek, V Bauer and M Kettemann, Internet Governance and the Information Society: Global Perspectives and European Dimensions (Eleven International Publishing 2008) 16
Martin Bangemann, Europe and the Global Information Society, Bangemann report recommendations to the European Council (Innovatia Documentation 1994) 5
Geoffrey A. Fowler, ‘Facebook: One Billion and Counting’ (2012) The Wall Street Journal
Accessed 24 November 2012
Facebook Inc. Statement of Rights and Responsibilities [2012] Part. 4.2 Accessed 24 November 2012
Facebook Site Governance, ‘Facebook's Privacy Policy’ (29 October 2009) Accessed 24 November 2012
U.S. Department of Justice Criminal Division, 2010, Interim Response to Messrs J. Tucker and S. Witnov, 3 March.
Accessed 24 November 2012
Junichi P. Semitsu, From Facebook to Mug Shot : How the Dearth of Social Networking Privacy Rights Revolutionized Online Government Surveillance (Pace Law Review, Vol. 31, No. 1 2011) 3
Richard MacManus, ‘Sorry Facebook, This Was A Privacy Bungle! Here's What You Should've Done’ (2012) Readwrite social
Accessed 24 November 2012
Data Protection Act 1998 Part IV, Section 29
United States Constitution 1787 Article 1 Section 8
Stop Online Piracy Act, Bill Summary & Status 112th Congress 2011-2012, H.R.3261
Jerry Brito, ‘Congress’s Piracy Blacklist Plan : A Cure Worse than the Disease ?’ (2011) Time
Accessed 24 November 2012
David Carr, ‘The Danger of an Attack on Piracy Online’ (2012) The New York Times
Accessed 24 November 2012
V Espinel, A Chopra and Howard Schmidt, ‘Combating Online Piracy while Protecting an Open and Innovative Internet’ (2011) Official White House Response
Accessed 24 November 2012
Lawrence Lessig, 1998 The Law of Cyberspace. Taïwan Net ’98 conference, March 1998, Taipei
by
platov70 (student)
