When Code Is Law vs. When Code Isn't Law...
Over a decade ago, Lawrence Lessig wrote one of the most evocative books of our generation where he famously argued that, on the Internet, "code is law". A few years later, his colleague, Tim Wu, published a direct counterargument in the Virginia Law Review explaining "when code isn't law". Here's a summary breakdown of the dialogue.
The Internet is not, and has never been, an anarchist free-for-all. In this vein, Lessig argues that cyberspace is not immune from control or regulation. Cyberspace is made of of code, created by people. How people write that code - the type of architecture they set up to protect certain values - will determine if cyberspace will become "free" in the libertarian sense, or "regulable".
Code should be viewed as a potential threat to liberty, just as much as a potential democratizing force. Indeed, he claims, the invisible hand of cyberspace, guided by commerce, has already constructed an architecture based on control and highly efficient regulation.
The key to limiting or checking certain forms of governmental control are to maintain a "presence of a commons". Just as the Founders of the American Constitution believed "structure builds substance", if we guarantee the structural - a space in cyberspace for open code - much of the substance will take care of itself.
As to some examples of when code is law, Lessig cites 1) how in some places you must enter a password before you gain access, while in others you can gain access whether identified or not; 2) how in some places the transactions you engage in produce traces that link those transactions back to you, while in others this link is achieved only if you want it to be; or 3) how in some places you can encrypt your communications, while in others encryption is not an option.
Importantly, he explains how code is not the only factor that regulates, or constrains, people's behavior in cyberspace. He adds that the law, social norms, and the markets also regulate behavior.
This may seem like a prelude, then, to Wu's argument of when code isn't law. But rather than exploring in greater depth how the law, social norms, and the market all undermine the "code is law" thesis, Wu approaches the question from a different angle.
He asks, if the goal is to understand the net effect of code's regulatory forces, how can we not examine the reaction to those forces? In other words, code only has the effect of law if it is largely being complied with, and in cyberspace that's certainly not always the case.
Looking at the example of P2P file-sharing applications, he concludes that code is more a mechanism for avoidance of the law than it is for change, or even a form of law itself. As he states, "Nothing the code designer does rewrites laws. Instead, code design defines behavior to avoid legal sanctions".
The examples he cites to illustrate how code is actually used for avoidance of the law include 1) virtual child pornography, 2) overseas gambling, 3) junk email, and, again, 4) P2P filesharing.
Thus, code isn't law because, although it can influence the success or failure of a law's effects, it is more accurately viewed as a tool that interest groups use to avoid legal sanctions or use for legal advantage. The distinction that scholars ought to make is between code as law vs. code achieving regulatory effects.
After a decade, this debate still rages on within the ivory towers. In my own view, since both Lessig and Wu take legal approaches, and, as a consequence, much of the debate is framed in terms of either programmers or governments having ultimate power, there is a striking need for an injection of political science into the mix. Rather than an an all-or-nothing, code-vs-government lens, the debate would be enriched with the literature on governance and public-private regimes for rule-making.
Asking "to what extent code governs" rather than "to what extent code is law" might reveal significantly different results.