Regulating CodeGood Governance and Better Regulation inthe Information Age (MIT Press)Ian Brown (Oxford)Chris Marsden (Sussex)@IanBrownOII@ChrisTMarsden#RegulatingCode
John Perry BarlowA Declaration of theIndependence of Cyberspace(1996)response to CDA 1996(partly struck down in Reno v. ACLU 1997)‘Governments of the IndustrialWorld, you weary giants offlesh and steel, I come fromCyberspace, the new home ofthe Mind. On behalf of thefuture, I ask you of the past toleave us alone. You are notwelcome among us. You haveno sovereignty where wegather.’
Regulation and governance Internet use now ubiquitous◦ but governments, legislators and regulatoryagencies falling further behind rapidlychanging Internet technologies and uses Critical analysis of regulatory shaping of―code‖ or technological environment◦ ‗Code is law‘ and coders operate withinnormative framework◦ More economically efficient and socially justregulation◦ Critical socio-technical and socio-legalapproach
Test the existing ‗received truths‘1. Self-regulation and minimal state involvementis most efficient in dynamic innovativeindustries;◦ technology is never neutral in societal impact◦ network and scale effects drive massiveconcentration2. Self-regulation critically lacks constitutionalchecks and balances for the private citizen,including appeal3. Multi-stakeholder co-regulation chance toreconcile the market failures and constitutionallegitimacy failures in self-regulation◦ voters will not allow governments to ignore theInternet.
Empirical investigation Five case studies and one ‗prior art‘(encryption, anonymity, security)◦ Multi-year empirical investigation◦ Builds on various EC/other studies including ‗Self-regulation.info‘ (2001-4), ‗Co-regulation‘ (2006-8),‗Towards a Future Internet‘ (2008-10), ‗Privacy ValueNetworks‘ (2008-11), ‗Network neutrality‘ (2007-10)‗Internet science‘ (2012-15) Reassesses prior art in view of ‗hard cases‘◦ Topics with no organised regulation/self-regulation◦ Due to lack of consensus over solutions◦ Clash between market outcomes and humanrights
Five case study chapters1. Data protection◦ Enforcement failures, Privacy by Design2. Copyright◦ Capture of law by lobbyists, code solutionsoutflank3. Filtering◦ Growth of censorship, surprising degree offreedom – disappearing?4. Social Networks◦ Dominance, network effects, corporate socialirresponsibility5. Smart Pipes◦ Net neutrality argument, DPI deployment
Prosumers not super-users Web 2.0 and related tools make foractive users, not passive consumers US administrative & academicarguments◦ self-regulation may work for geeks,◦ but what about the other 99%? European regulatory space◦ more fertile ground to explore prosumerism◦ as both a market-based and◦ citizen-oriented regulatory tool
Commissioner Kroes to enactEU net neutrality law 4 June‘13 ―The fact is, the online data explosionmeans networks are getting congested. ―ISPs need to invest in network capacity tomeet rising demand. ―But, at peak times, traffic management willcontinue to play a role:◦ it can be for legitimate and objective reasons; like separating time-critical traffic from theless urgent.
Kroes: ―different users havedifferent network needs‖ ―Some people want a straightforward mobilepackage to check the odd email or website. ―Others want to constantly watch videos on theirtablet, consuming high bandwidth. ―I want to put those consumer needs right at thecentre of our thinking. ―Operators need to respect different needs, ―and to do that they must also be allowed toinnovate to meet those needs.‖ By ‗innovate‘, she means charge for limited accessto a walled garden or a low data cap
European Parliament netneutrality law workshop 4/6/13 ―[Marsden] suggested a fatal flaw in ISParguments to bypass net neutrality they say they need to place limitations onconnectivity in order to deal with the ―data explosion‖, but there is in reality no such thing. ―Marsden noted that figures from Cisco itself◦ remember, a company trying to sell carriers kit tocope with this supposed explosion – indicated a manageable increase in theamount of data people are using
Fact Check: Cisco VNI 2013 Western European data growth 2012-17 Fixed 17% CAGR◦ Down from historic growth of 30-40%◦ Not exactly Bernie‘s 100% every 100 days, is it? Mobile 50% CAGR◦ Mobile 0.15% of all Internet traffic 2012 (885PB)◦ Latter figure much reduced from earlier estimates◦ Due to WiFi hand-off◦ BBC has shown that over 90% of smartphone/tabletvideo streams are Wifi◦ Mobiles not overloaded http://chrismarsden.blogspot.com/2013/05/wireless-handoff-thats-why-mobile-data.html?spref=tw
Marsden conclusion ―There is no data explosion on the Europeaninternet, so we shouldn‘t be trying to makepolicy based on a fallacious assumption,‖ hesaid. ―If we keep talking about data explosions,the thing that‘s going to explode is the headsof the technical people who know there is nodata explosion.‖ Correct? Evidence base incomplete http://fastnetnews.com/a-wireless-cloud/61-w/4892-cisco-mobile-growth-going-down-down-down
US Evidence-Based Policy? ―America‘s broadband systems havedoubled in speed, while Europe‘s haveremained stagnant.‖ Which Europe is this? European 300% speed growth 2008-13 In a long economic depression
NY Times: 16 June 2013!―No country for slow broadband‖http://www.nytimes.com/2013/06/16/opinion/sunday/no-country-for-slow-broadband.html?_r=1&
Sam Knows? Consumer speed tests UK – Ofcom since 2009 US – FCC since April 2010 Europe – EC since Feb 2011◦ But no test results from latter – yet! Other tests are corporate: Cisco, Akamai, NetFlix, BBC (internalby SamKnows April 2009)
EU Mobile data costs: oligopoly800% more than new entrantsSource: http://rewheel.fi/insights_15.php
Meyer [Gigaom] concludes ―Whether or not you agree withMarsden‘s interpretation of Cisco‘s figures, his point highlights an inherent logicalcontradiction in the carriers‘ stance: ―if the ―data explosion‖ is so severe as to necessitatethe creation of fast lanes with guaranteed QoS, ―doesn‘t that mean the ―best efforts‖ slow lanes willnecessarily be slower than the equal-access lane wehave today? ―And if that‘s not the case, then why create dividedclasses of internet access? They can‘t have it both ways.‖ Really?
Unbearable Lightness of Being Right?◦ Listening to the truly shocking Luigi Gambardella at the EuropeanParliament on Tuesday, and◦ the Commissioners evidence-avoiding claims of Big Data Explosions Reminded me of Krugmans literary-inspired cri-de-ceour: NYTimes.com: "it‘s hard to think of any previous episode in in the history ofeconomic thought in which we had as thorough a showdown between opposing views, and as thorough a collapse, practical and intellectual, of one side ofthe argument. And yet nothing changes. Not only don‘t the policies change; by andlarge even the people don‘t change... the lack of accountability, for ideas and people, is truly remarkable ina time of massive policy failure.― Internet policy is made by the deeply cynical, if not deeply corrupt Truly the revenge of the BellHeads!
Developing 2013 case studies1. Data protection in Social Networks◦ Enforcement failures, Privacy by Design◦ Dominance, network effects, corporatesocial irresponsibility2. Search Neutrality◦ Net neutrality argument◦ Code-based solution to competitionproblem◦ Prosumer focus cf. Microsoft
Legal Literature Previous legal focus on elephant‘s trunk?◦ Zittrain, Van Schewick◦ General US scepticism of govt action◦ Belief in ability of crowd-sourced heterachical regulation◦ Ohm‘s Myth of the Super-User Information commonism: Lessig (1998), Benkler(1998) Information communism – Moglen (2003) ‗Separations principle‘ – Wu◦ Based on reading of history of common carriage Empirical social scientific views:◦ Mueller (2010), De Nardis (2009)◦ Institutional economics and political science◦ Power structures explicitly modelled (legal literature iscritical, assumes capture but not radical alternatives)
Approach embraces complexity No easy examples that demonstrate truth of◦ technical, political, legal or economic solutions◦ based on self-, co- or state regulatory approaches.◦ Cf. Mansell (2012) Imagining the Internet Examine the deficiencies and benefits◦ Match market and social developments◦ With human rights concerns◦ E.g. In fields of privacy and freedom of expression Note: analysis based on Art.19 UDHR not 1st Amendment Most of world uses variants of Article 19
Government and market failure Industry capture of regulators & legislators Incumbents introduce new barriers to entry Continued exclusion of wider civil society◦ tenuous chain of accountability of participants◦ to voters, shareholders and NGO stakeholders.◦ effectiveness, accountability and legitimacy ofthese groups in representing the public interest?
Towards interoperability asprosumer law Solution for prosumers & competition◦ enhance competitive production of public goods◦ innovation, public safety, and fundamental rights Key aspects:◦ Communications not competition policy◦ Ex ante not ex post intervention◦ interoperability (incl. FRAND)◦ Fair and reasonable defined by govt procurement Not detailed rate of return regulation Note that IT software leaders make supra-normal returns◦ detailed software interoperability, not the general description offered by Gasser/Palfrey 2012 Specifics in Gasser (2007)
What regulation teaches aboutcode Ex ante + ex post intervention Interoperability◦ Procurement policy + regulation/competition A biased policy towards open code –◦ Data open to mash-ups (government)◦ Systems interoperable (procurement)◦ Use of alternatives to market leader (e.g.Linux) Via competition remedies and sponsorship
Information regulation precedent Must-carry/must-offer obligations,◦ imposed on many market actors,◦ including obliged to offer FRAND terms (common carriers, broadband access providers, cablebroadcasters, electronic program guides); Interconnection requirements on telcos,◦ especially those with dominance—◦ And AOL/Time Warner merger requirement forinstant messaging interoperability Application programming interfaces (API)disclosure requirements,◦ placed on Microsoft by EC upheld by ECJ
EC Mandated Browser Choice 2011: MSFT refused to allow browserchoice by default in Windows 7◦ fined €561m March 2013,◦ previously fined €497m 2007 €860m 2012. Browser ―error‖ expensive line of code
TV Public Broadcaster Example Sky EPG carries terrestrial public servicechannels on 101-105◦ ―must carry‖ and ―due prominence‖◦ Sky One is Channel 106◦ HD public service channels Channels 141, 142, 178, 230! Communications Act 2003, s.310◦ Ofcom Code on EPGs
Kroes‘ promise post-Microsoft Will ―seriously exploreall options to ensurethat significant marketplayers cannot justchoose to denyinteroperability. ―The Commissionshould not need torun an epic antitrustcase every timesoftware lacksinteroperability.‖
Competition investigationboth sides of Atlantic since2010:◦ Settled with US authorities 3Jan 2013◦ Settlement proposal to EC 1Feb 2013 Experts have severelycriticized timing andcontent of FTC settlement Grimmelman argued: ―If thefinal FTC statement hadbeen any more favourableto Google, I‘d be checkingthe file metadata to seewhether Google wrote it.‖Google FTC and EC casesSource: Google proposal leaked to SearchEngineLand, 25/4/13
Grimmelman argued:―If the final FTC statement had beenany more favourable to Google,I‘d be checking the file metadata to seewhether Google wrote it.‖
4 lines of complaintSearch bias: Google favours own products over competitors in resultsVertical Search Opt-Out –◦ Google don‘t let websites opt out of particular uses of pages it indexes.◦ complete opt-out giving up all Google traffic, a significant driver of traffic –◦ especially Europe: Google has 90% search market in UK, Nl, France, GermanyRestricted 3rd party use of AdWords:◦ ―API Client may not [function] copies data between Google and 3rd Party.‖◦ Companies can advertise on Google and Bing,◦ but cannot use a program to copy Google AdWords campaigns over to Bing.◦ dropped by Google as token interoperability sop to FTC‘s investigation;Injunctions against standards-essential patents,◦ including those by Google-acquired Motorola Mobility see Posner‘s now–famous judgment in June 2012◦ FTC concluded (4-1) unfair competition, Google agreed not to engage in it◦ fires a shot not just at Google, but also at rivals –clever concession by Google!
Google and competitors routinelyprivately regulate other‘s code points 3 and 4, Google claimed the right to regulateothers‘ use of code, to use the AdWords API or to use Motorola Mobility‘s patents..
―Prosumer law‖ approach interoperability and content neutrality1. Google to reinforce search neutrality1. NOT bias results with search algorithms2. relatively trivial (by Googlestandards) amendment to its code1. allow websites more flexibility in listing,2. rather than complete opt-out via theexisting robots.txt convention.
We do not make strongnormative claim that Googleshould adopt neutral perspective◦ (nor do we adopt approach to net neutrality), We advocate truth-in-advertising Any search engine (or ISP using search)◦ claiming verifiably neutral results◦ produce the same
Or prominently advertise its product as1. commercially driven,2. affiliate-biased3. selective search engine.
Requirement does not imposesignificant regulatory burden reinforces the brands of search providersof integrity. would not apply to selective searchproviders if labelled such ‗a search engine which selectivelyprovides you with search resultsaccording in part to its commercialaffiliations‘◦ (or equivalent wording) prominently displayed above searchresults in that case.
Code-based solutions lighter than€1b fines or structural separation In book, we suggest similar approach◦ to network neutrality violators could not advertise their services asallowing end-users‘ choice◦ in accessing the ‗Internet‘ when in fact it is a commercial Intranet◦ to which full access is provided.
Social networks: US solutionsinstead of EU non-enforcement Facebook‘s 400m European users 27 national regulators of personal data. Facebook chose regulator relocated in 2006◦ from Dublin to Portarlington, Co. Laois, Ireland,◦ Google is also regulated from Portarlington. While German state and federal regulatorsand others may rattle sabres at Facebook, Irish regulator audited Facebook spring 2012 insisting on remedial action on nine counts
Prosumer law: direct intervention Abusive dominant social networking sites prevent Facebook, Google+ any other◦ from erecting a fence around its piece of theinformation commons:◦ ensure interoperability with open standards Which lowers entry barriers (in theory!) Enforcement of privacy law even in Portarlington
50 ways to leave Facebook Not sufficient to permit data deletion◦ as that only covers the user‘s tracks. Interconnection and interoperability,◦ more than transparency and◦ theoretical possibility to switch. Ability for prosumers to interoperate topermit exit◦ Lower entry barriers tend to lead to increasedconsumer welfare
US FTC constant audit Class actions: 2011 $8.5m Google Buzz. Jan 2013, Facebook $20m Nov 2012, FTC Google settled for $22.5m◦ tracking cookies for Safari browser users 2012, both agreed to settle privacy complaints◦ FTC privacy audit of products for a 20-year period.◦ That‘s until 2032! Sector-specific regulation of social networkingalready exists de facto in the United States, Europeans wring their hands on the sidelines.◦ proposed new European Regulation◦ unlikely to be implemented before 2016.
Euro-Interoperability Framework Response to multi-€bn competitioncases:◦ Microsoft saga (to 2009), Intel (2009), Apple(2010), Rambus (2009)◦ Google (2013?) perhaps Facebook....◦ Coates (2011: Chapters 5-6) Announced by DG Comp (CONNECT)Commissioner Kroes 2009-2010 Bias in favour of interoperability in policy Concerns are broader than competition◦ Include privacy, IPR, security, fundamentalrights
Economics and Human Rights Open data, open code, and human rights Blizzard of Internet governance principles 2011◦ Law/economics, or human rights, do not translate◦ OECD/EC vs. UNHCR/OSCE/Council of Europe This apparent dialogue of the deaf◦ competition policy & corporate governance problem Urgent task: dialogue between discrete expert fields◦ ICT growth driver and transformative technology◦ transformative role in communication and dialogue ‗arms trade‘ in censorship technology; Twitter ‗revolution‘(sic)
Developing study of coderegulation Similarities and cross-over with◦ complexity science◦ network science◦ web science/graph theory Match Internet regulation to complexity theory Longstaff (2003), Cherry (2008), Schneider/Bauer (2007) Network science fusion of scientific/fundamentalelements from various components Internet Science? EC Network of Excellence
Questions? Book published 22March 2013 ‗Prosumer law‘ article(early version now onSSRN) Comments welcome