The pitch to governments footing the bill emphasizes alignment with existing schoolhouse curricula and practices. A laptop can be a cost-effective way to distribute textbooks, because it can contain so much data in a small space and can be updated after it has been distributed. Says Negroponte: “The hundred-dollar laptop is an education project. It’s not a laptop project.”³

Yet OLPC is about revolution rather than evolution, and it embodies both the promise and challenge of generativity. The project’s intellectual pedigree and structure reveal an enterprise of breathtaking theoretical and logistical ambition. The education Negroponte refers to is not the rote learning represented by the typical textbook and the three R’s that form the basis of most developing and developed country curricula. Rather, the XO is shaped to reflect the theories of fellow Media Lab visionary Seymour Papert. Alternately known as constructionism or constructivism, Papert’s vision of education downplays drills in hard facts and abstract skills in favor of a model that teaches students how to learn by asking them to undertake projects that they find relevant to their everyday lives.⁴

A modest incarnation of the OLPC project would distribute PCs as electronic workbooks. The PCs would run the consumer operating systems and applications prevailing in the industrialized world—the better to groom students for work in call centers and other outsourced IT-based industries. Microsoft, under competition from free operating systems, has shown a willingness to greatly reduce the prices for its products in areas where wallets are smaller, so such a strategy is not necessarily out of reach, and in any case the XO machine could run one of the more consumer-friendly versions of free Linux without much modification.⁵

But the XO completely redesigns today’s user interfaces from the ground up. Current PC users who encounter an XO have a lot to unlearn. For example, the arrow pointer serves a different purpose: moving the XO’s arrow toward the center of the screen indicates options that apply only to that computer; moving the pointer toward any edge indicates interaction with nearby computers or the community at large.

The XO envisions students who are able to hack their own machines: to reprogram them even as they are learning to read and write—and to do so largely on their own initiative. The XO dissemination plan is remarkably light on both student and teacher training. There are a handful of trainers to cover the thousands of schools that will serve as distribution points, and the training function is more to ensure installation and functioning of the servers rather than true mastery of the machines. Students are expected to rely on each other and on trial-and-error to acquire most of the skills needed to use and reprogram the machines.

Content also seems a calculated afterthought. The XO project wiki—haphazardly organized, as wikis tend to be—featured a “call for content” in late 2006, mere months before millions of machines were to be placed in children’s hands, for “content creators, collectors, and archivists, to suggest educational content for inclusion with the laptops, to be made available to millions of children in the developing the world, most of whom do not have access to learning materials.”⁶ Determining exactly what would be bundled on the machines, what would repose on servers at schools, and what would be available on the XO Web site for remote access was very much a work in progress even as deployment dates neared.

In other words, XO has embraced the procrastination principle that is woven through generative technologies. To the chagrin and discomfort of most educational academics following the project, there is little focus on specific educational outcomes or metrics.⁷ There are no firm plans to measure usage of the laptops, or to correlate changes in test scores with their deployment and use. Instead, the idea is to create an infrastructure that is both simple and generative, stand back, and see what happens, fixing most major substantive problems only as they arise, rather than anticipating them from the start.

Thus as much as Negroponte insists that the project is not a technology play, the lion’s share of the effort has gone into just that, and is calculated to promote a very special agenda of experimentation. Central to the XO’s philosophy is that each machine should belong to a single child, rather than being found in a typical computer lab or children’s cyber café. That partially explains the XO’s radical design, both in physical form and in software. It features especially small keys so that adults cannot easily use it if they should steal it from a child, and it has no moving parts within. There is no hard drive to suffer from a fall; the screen is designed to be viewable in direct sunlight; and it consumes little enough power that it can be recharged with a crank or other physical motion in the absence of a source of electricity. The machines automatically form mesh networks with one another so that children can share programs and data with each other or connect to a school’s data repository in the absence of any ISPs. It is a rediscovery of the principles behind FIDOnet, the ad hoc network of bulletin boards programmed on PCs that called each other using modems before PC users could connect to the Internet.

One bundled application, TamTam, lets a child use the machine to generate music and drumbeats, and nearby machines can be coordinated through their mesh networks so that each one represents a different instrument in a symphony the group can compose and play. Just as some students might develop and express talents at the technical layer, reprogramming the machines, others might be inspired to develop musical talents through the rough tools of Tam- Tam at the content layer.

Constructionism counts on curiosity and intellectual passion of self- or informally taught individuals as its primary engine, exactly the wellspring tapped by generative systems. From XO’s founders we see an attempt to reprise the spirit that illuminated the original personal computer, Internet, and Web. They believe that it is less important to provide content than to provide a means of making it and passing it along, just as an Internet without any plan for content ended up offering far more than the proprietary walled gardens that had so carefully sponsored and groomed their offerings. There is a leap of faith that a machine given entirely to a child’s custody, twenty-four hours a day, will not promptly be lost, stolen, or broken. Instead, children are predicted to treat these boxes as dear possessions, and some among them will learn to program, designing and then sharing new applications that in turn support new kinds of content and interaction that may not have been invented in the developed world.

Yet the makers of the XO are aware that it is not the dawn of the networked era. We have experienced market boom and wildly successful applications, but also bust, viruses, and spam. The sheer scale and public profile of the XO project make it difficult fully to embrace an experimentalist spirit, whether at the technical, content, or social layers. The sui generis modified Linux-based operating systems within the XO machines give them an initial immunity to the worms and viruses that plague the machines of the developed world, so that should they choose to surf the world’s Web they will not be immediately overcome by the malware that otherwise requires constantly updated firewalls. They can breathe the digital air directly, without the need for the expensive antivirus “clean suits” that other PCs must have. XO’s director of security has further implemented a security architecture for the machines that keeps programs from being able to communicate with each other, in order to preemptively quarantine any attack in one part of the machine.⁸ This means that a word processor cannot talk directly to a music program, and an Internet program cannot talk to a drawing program. This protects the machine from hypothetical viruses, but it also adds a layer of inflexibility and complexity to an operating system that children are supposed to be able to understand and modify.

The XO thus combines its generative foundation with elements of a tethered appliance. XO staff have vowed never to accede to requests for content filtering⁹— yet they have built a kill switch into the machines so that stolen models can be selectively disabled,¹⁰ and such a switch opens the door to later remote control. Thus, XOs are both independent as they can form mesh networks, and tethered as they can be updated, monitored, and turned off from afar, so long as they are connected to the Internet. They are generative in spirit and architecture, and they are also appliances, painstakingly designed to be reliable to and usable by someone who cannot read or write. They combine the hope of the early Internet era with the hard lessons of its second phase. They represent the confusion of the interregnum between the unbridled explosion of cheap and flexible processors, networks, and sensors, and the tightening up that comes as their true power is appreciated—and abused.

Perhaps the audience of schoolchildren in developing countries is remote and uninteresting enough to those who want to control or compromise today’s information technology that it will be helpfully overlooked during the critical time period in which backwater status helps to foster generative development. Just as domain names were originally first-come, first-served, and no major companies reserved their own names or foresaw a trademark problem, poor schoolchildren may not be deemed enough of an economic market to be worth vying for—either in attracting their eyeballs to show them advertising, or in preventing them from exchanging bits that could be copyrighted. There are no preexisting CD sales among them to dent.

XO is but the most prominent and well-funded of a series of enterprises to attempt to bridge the digital divide. Other efforts, such as the Volkscomputer in Brazil, the VillagePDA, and the Ink have fared poorly, stuck at some phase of development or production.¹¹ Negroponte’s impatience with tentative initial steps, and with the kind of planning and study that firm-based ventures usually require, has worried many in the international development community. They fear that a prominent failure of the project could unduly tarnish other attempts to deploy technology in the developing world. The Indian government announced in 2006 that it would not sign up to buy any XO machines, in part due to difficulties encountered with the Simputer, a for-profit project begun in 1998 to deliver handheld technology to India’s rural population, which is made up mostly of farmers and laborers—many of whom are illiterate and speak regional dialects. In 2001, Bruce Sterling lionized the Simputer as “computing as it would have looked if Gandhi had invented it, then used Steve Jobs for his ad campaign.”¹² It never took off. Instead India appears to be placing its bets on the Novantium Nova or a similar device, non-generative machines fully tethered to a subscription server for both software and content.¹³

Will XO fail like the others? Development experts view it as skeptically as education experts do, seeing XO as yet another risky heaving of hardware at problems that are actually political, social, and economic in nature. Debates on the XO wiki wonder whether teching-up an entire generation of millions of children will be good or bad for those already online. Some worry that the already- formidable sources of Nigerian “419” spam soliciting business deals will grow and diversify. There is even musing that guerrilla fighters could use the laptops’ mesh networking capabilities to communicate secretly on the battlefield.¹⁴ (Depending on which side one supports in that battle, that could be good, although it is a far cry from the notion of laptops as educational gateways for children.)

As computer scientist Gene Spafford wrote:

We can’t defend against the threats we are facing now. If these mass computer giveaways succeed, shortly we will have another billion users online who are being raised in environments of poverty, with little or no education about proper IT use, and often in countries where there is little history of tolerance (and considerable history of religious, ethnic and tribal strife). Access to eBay and YouTube isn’t going to give them clean water and freedom from disease. But it may help breed resentment and discontent where it hasn’t been before.

Gee, I can barely wait. The metaphor that comes to mind is that if we were in the ramp-up to the Black Plague in the middle ages, these groups would be trying to find ways to subsidize the purchase of pet rats.¹⁵

Spafford appears to recognize the delicate condition of today’s Net, and he believes that a pause in expansion is needed—a bit of time to digest the problems that beset it. The easier and more risk-averse path is to distribute mobile phones and other basic Net appliances to the developing world just as those devices are becoming more central in the developed one, bridging the digital divide in one sense—providing useful technology—while leaving out the generative elements most important to the digital space’s success: the integration of people as participants in it rather than only consumers of it.

But a project like OLPC offers an opportunity to demonstrate fixes to the Net’s problems among audiences that have yet to encounter it. Its XO represents a new path of continued if cautious generativity as the developed world’s technology is beginning to ossify under the weight of its own success. It represents a faith not only that students can learn to reprogram their computers, but that what they direct them to do will be, on balance, good if disruptive.

The story of the XO is the story of the generative pattern. The pattern begins with the ambitious planting of a flag for a new enterprise in an overlooked backwater. The procrastination principle gives license for the idea’s technical and social blueprints to be incomplete. Contribution is welcome from outsiders, and if the project takes off, the results may prove completely unexpected.

The XO’s skeptics have much in common with generativity’s skeptics. They can convincingly put forward the very real risks attendant to a project only partially planned, without extensive layers of measurement, control, and accountability. These risks are most obviously grouped under the rubric of security, but the label is far too narrow either to capture the problem or to point us to the most promising solutions—just as the story of badware on PCs is not simply a story about security worries on the Internet, narrowly defined.

Rather, the limits of an open PC and Net, and the fears for the XO, are much more general case studies of what happens within systems that are built with a peculiar and extraordinary openness to contribution and innovation and that succeed because of it. They challenge us to understand and meet the problems arising from success in a way that does not neuter what made the original success possible.

The puzzle of PC security is fundamentally the same as the puzzle of keeping Wikipedia honest and true—and perhaps giving birth to its version 2.0 successor— now that Wikipedia has entered the prime-time glare, attracting participants who are ignorant or scornful of its ideals. It is the puzzle of empowering people to share and trade stories, photos, and recommendations without losing their identities as they become not only the creators of distributed scrutiny and judgment, but also their subjects.

It is the puzzle of Herdict, the application designed to run on netizens’ PCs to generate and share a collective map of vital signs, that can produce distributed judgments about good code and bad. One of the first questions asked about Herdict is whether makers of badware will simply hijack lots of PCs and compel them to report to Herdict that they are happy, when in fact they are not. One answer acknowledges the problem and then seeks, from day one, to forestall it while it is still on the drawing board, with attendant complication, investment, and elaboration. An alternative answer says: The point at which Herdict is worth the effort of bad people to game it is a milestone of success. It is a token of movement from the primordial soup that begins the generative pattern to the mainstream impact that attracts the next round of problems.

Imagine planning but not yet executing Wikipedia: “Won’t people come along and vandalize it?” One response to that question, and to the others like it that arise for an idea as crazy as Wikipedia, would be to abandon the idea—to transform it so much in anticipation of the problems that it is unrecognizable from its original generative blueprint. The response instead was to deem the question reasonable but premature. The generativity that makes it vulnerable also facilitates the tools and relationships through which people can meet the problems when first-round success causes them to materialize.

The animating spirit: “Ready, fire, aim.” This ethos is a major ingredient of Google’s secret sauce as a company, a willingness to deploy big ideas that remain labeled “beta” for months even as they become wildly popular, as Google News was. It lies behind the scanning of all the world’s books, despite the logistical burdens and legal uncertainties. To the amazement of those of us who work for universities and could not possibly persuade our general counsels to risk their clients’ endowments on such a venture, Google simply started doing it. The litigation continues as this book goes to press, and so does the scanning of the books and the indexing of their contents, available to hundreds of millions of people who would otherwise never know of them, at books.google.com.

How we choose to approach generative puzzles animates the struggle between the models of the Net and of television, of the insurgent and the incumbent. Traditional cyberlaw frameworks tend to see the Net as an intriguing force for chaos that might as well have popped out of nowhere. It is too easy to then shift attention to the “issues raised” by the Net, usually by those threatened by it—whether incumbent technical-layer competitors like traditional telephony providers, or content-layer firms like record companies whose business models (and, to be sure, legally protected interests) are disrupted by it. Then the name of the game is seen to be coming up with the right law or policy by a government actor to address the issues. Such approaches can lead to useful, hard-nosed insights and suggestions, but they are structured to overlook the fact that the Net is quite literally what we make it.

The traditional approaches lead us in the direction of intergovernmental organizations and diplomatically styled talk-shop initiatives like the World Summit on the Information Society and its successor, the Internet Governance Forum, where “stakeholders” gather to express their views about Internet governance, which is now more fashionably known as “the creation of multi-stakeholder regimes.” Such efforts import from professional diplomacy the notion of process and unanimity above all. Their solution for the difficulties of individual state enforcement on the Net is a kind of negotiated intellectual harmony among participants at a self-conscious summit—complex regimes to be mapped out in a dialogue taking place at an endlessly long table, with a role for all to play. Such dialogues end either in bland consensus pronouncements or in final documents that are agreed upon only because the range of participants has been narrowed.

It is no surprise that this approach rarely gets to the nuts and bolts of designing new tools or grassroots initiatives to take on the problems it identifies. The Net and its issues sail blithely on regardless of the carefully worded communiqués that emerge from a parade of meetings and consultations. Stylized gatherings of concerned stakeholders are not inherently bad—much can come of dialogue among parties whose interests interconnect. Indeed, earlier in this book I called for a latter-day Manhattan Project to take on the most pressing problems facing the generative Internet. But the types of people that such a project requires are missing from the current round of “stakeholder governance” structures. Missing are the computer scientists and geeks who would rather be coding than attending receptions in Geneva and Tunis. Without them we too easily neglect the prospect that we could code new tools and protocols to facilitate social solutions—the way that the robots.txt of Chapter Nine has so far headed off what otherwise would have been yet another cyberlaw issue.

To be sure, from the earliest days of the Internet the people who designed its protocols acceded to some formality and diplomacy. Recall that they published “RFCs,” requests for comments designed to write up their ideas, creating institutional structure and memory as the project became bigger than just a few researchers in a room. The author of the first one—RFC 1—recalls: “We parceled out the work and wrote the initial batch of memos. In addition to participating in the technical design, I took on the administrative function of setting up a simple scheme for numbering and distributing the notes. Mindful that our group was informal, junior and unchartered, I wanted to emphasize these notes were the beginning of a dialog and not an assertion of control.”¹⁶

Informal, junior, and unchartered, yet collaborative and at least partially structured: this includes people who are eager to take on a parcel of work and build. It represents the ingredients found in the generative soil of Wikipedia, Pledgebank, Meetup, CouchSurfing.com, and other countless innovations that abound on the Net, themselves made possible because the Net’s soil is made of the same stuff. The way to secure it and the innovations built upon it is to empower rank-and-file users to contribute, rather than to impose security models that count on a handful of trusted people for control. We need tools that cure the autistic nature of today’s Net experience: PC users unaware of their digital environments and therefore unable to act on social cues, whether of danger or of encouragement.

If history is a guide, these tools can just as likely come from one or two researchers as from hackers, and the properly executed Manhattan Project to bolster the Net for another round of success will not be marked by centralization so much as by focus: the application of money and encouragement to those who step forward to help fix the most important and endemic problems that can no longer tolerate any procrastination.

Just as the XO’s technology platform seeks to cultivate such contributions as routine rather than as obscure or special, by placing generative technologies into as many children’s hands as possible, the educational systems in the developed world could be geared to encourage and reward such behavior, whether at the technical, content, or social layers.

Unfortunately, the initial reaction by many educators to digital participatory enterprises—ones that indeed may be subverted by their users—is fear. Many teachers are decrying the ways in which the Net has made it easy to plagiarize outright or to draw from dubious sources.¹⁷ Some schools and universities have banned the citation of Wikipedia in student papers,¹⁸ while signing up for plagiarism detection services like TurnitIn.com and automatic essay-grading tools like SAGrader.com, which “uses computational intelligence strategies to grade students [sic] essays in seconds and respond with detailed, topic-specific feedback.”¹⁹

Instead of being subject to technology that automates and reinforces the worst aspects of contemporary education—emphasizing regurgitation and summarization of content from an oracular source, followed by impersonal grading within a conceptual echo chamber—our children ought to be encouraged to accept the participatory invitation of the Net and that which has recursively emerged at its upper layers from its open technologies below. Wikipedia’s conceded weakness as a source is an invitation to improve it, and the act of improving it can be as meaningful to the contributor as to those who come after. Our students can be given assignments that matter—reading with a critical eye the sources that the rest of the online world consults, and improving them as best they know how, using tools of research and argument and intellectual honesty that our schools can teach. Instead of turning in a report for a single teacher to read, they can put their skills into work that everyone can read. The millions of students doing make-work around the world can come to learn instead that what they do can have consequences—and that if they do not contribute, it is not necessarily true that others will. In other words, we can use our generative technologies to teach our children to take responsibility for the way the world works rather than to be merely borne along by its currents. This will work best if our teachers are on board. Without people to whom others can apprentice, to learn technical skills and social practice, generative technologies can flounder. This is the XO’s vulnerability, too—if it fails, it may in large part be because the technology was too difficult to master and share, and its possibilities not hinted at enough to entice learners to persist in their attention to it.

Like the XO, generativity itself is, at its core, not a technology project. It is an education project, an exercise in intellect and community, the founding concepts of the university. Our universities are in a position to take a leadership role in the Net’s future. They were the Net’s original cradle, along with the self-taught hobbyists who advanced the PC from its earliest days. Business and commerce followed in their wake, refining and expanding the opportunities developed through largely nonmarket process and ethos. The Internet and attached generative platforms are invitations to code and to build. Universities— and not just their computer science departments—should see those invitations as central to their missions of teaching their students and bringing knowledge to the world.

As countries and groups in the developing world incline to brand new generative technologies, those in the developed world must fight to retain theirs. There is not a simple pendulum swinging from generative to non-generative and back again; we cannot count on the fact that screws tightened too far can become stripped. Any comprehensive redesign of the Internet at this late stage would draw the attention of regulators and other parties who will push for ways to prevent abuse before it can even happen. Instead, we must piecemeal refine and temper the PC and the Net so that they can continue to serve as engines of innovation and contribution while mitigating the most pressing concerns of those harmed by them. We must appreciate the connection between generative technology and generative content.

Today’s consumer information technology is careening at breakneck pace, and most see no need to begin steering it. Our technologists are complacent because the ongoing success of the generative Net has taken place without central tending—the payoffs of the procrastination principle. Rank-and-file Internet users enjoy its benefits while seeing its operation as a mystery, something they could not possibly hope to affect. They boot their PCs each day and expect them more or less to work, and they access Wikipedia and expect it more or less to be accurate.

But our Net technologies are experiencing the first true shock waves from their generative successes. The state of the hacking arts is advancing. Web sites can be compromised in an instant, and many visitors will then come away with an infected PC simply for having surfed there. Without a new cadre of good hackers unafraid to take ownership of the challenges posed by their malicious siblings and create the tools needed to help nonhackers keep the Net on a constructive trajectory, the most direct solutions will be lockdown that cuts short the Net experiment, deprives us of its fruits, and facilitates a form of governmental control that upends a balance between citizen and sovereign. These ripples can be followed recursively up the Net’s layers. Our generative technologies need technically skilled people of goodwill to keep them going, and the fledgling generative activities above—blogging, wikis, social networks—need artistically and intellectually skilled people of goodwill to serve as true alternatives to a centralized, industrialized information economy that asks us to identify only as consumers of meaning rather than as makers of it. Peer production alone does not guarantee collaborative meaning making. Services like Inno- Centive place five-figure bounties on difficult but modular scientific problems, and ask the public at large to offer solutions.²⁰ But the solutions tendered then become the full property of the institutional bounty hunter.²¹ Amazon’s Mechanical Turk has created a marketplace for the solving of so-called human intelligence tasks on the other side of the scale: trivial, repetitive tasks like tracing lines around the faces in photographs for a firm that has some reason to need them traced.²² If five years from now children with XOs were using them for hours each day primarily to trace lines at half a penny per trace, it could be a useful economic engine to some and a sweatshop to others—but either way it would not be an activity that is generative at the content layer.

The deciding factor in whether our current infrastructure can endure will be the sum of the perceptions and actions of its users. There are roles for traditional state sovereigns, pan-state organizations, and formal multistakeholder regimes to play. They can help reinforce the conditions necessary for generative blossoming, and they can also step in—with all the confusion and difficulty that notoriously attends regulation of a generative space—when mere generosity of spirit among people of goodwill cannot resolve conflict. But such generosity of spirit is a society’s powerful first line of moderation.

Our fortuitous starting point is a generative device in tens of millions of hands on a neutral Net. To maintain it, the users of those devices must experience the Net as something with which they identify and belong. We must use the generativity of the Net to engage a constituency that will protect and nurture it. That constituency may be drawn from the ranks of a new generation able to see that technology is not simply a video game designed by someone else, and that content is not simply what is provided through a TiVo or iPhone.

The heart of the next-generation privacy problem arises from the similar but uncoordinated actions of individuals that can be combined in new ways thanks to the generative Net. Indeed, the Net enables individuals in many cases to compromise privacy more thoroughly than the government and commercial institutions traditionally targeted for scrutiny and regulation. The standard approaches that have been developed to analyze and limit institutional actors do not work well for this new breed of problem, which goes far beyond the compromise of sensitive information.

PRIVACY 1.0

In 1973, a blue-ribbon panel reported to the U.S. Secretary of Health, Education, and Welfare (HEW) on computers and privacy. The report could have been written today:

It is no wonder that people have come to distrust computer-based record-keeping operations. Even in non-governmental settings, an individual’s control over the personal information that he gives to an organization, or that an organization obtains about him, is lessening as the relationship between the giver and receiver of personal data grows more attenuated, impersonal, and diffused. There was a time when information about an individual tended to be elicited in face-to-face contacts involving personal trust and a certain symmetry, or balance, between giver and receiver. Nowadays an individual must increasingly give information about himself to large and relatively faceless institutions, for handling and use by strangers—unknown, unseen and, all too frequently, unresponsive. Sometimes the individual does not even know that an organization maintains a record about him. Often he may not see it, much less contest its accuracy, control its dissemination, or challenge its use by others.¹

The report pinpointed troubles arising not simply from powerful computing technology that could be used both for good and ill, but also from its impersonal quality: the sterile computer processed one’s warm, three-dimensional life into data handled and maintained by faraway faceless institutions, viewed at will by strangers. The worries of that era are not obsolete. We are still concerned about databases with too much information that are too readily accessed; databases with inaccurate information; and having the data from databases built for reasonable purposes diverted to less noble if not outright immoral uses.²

Government databases remain of particular concern, because of the unique strength and power of the state to amass information and use it for life-altering purposes. The day-to-day workings of the government rely on numerous databases, including those used for the calculation and provision of government benefits, decisions about law enforcement, and inclusion in various licensing regimes.³ Private institutional databases also continue to raise privacy issues, particularly in the realms of consumer credit reporting, health records, and financial data.

Due to political momentum generated by the HEW report and the growing controversy over President Richard Nixon’s use of government power to investigate political enemies, the U.S. Congress enacted comprehensive privacy legislation shortly after the report’s release. The Privacy Act of 1974 mandated a set of fair information practices, including disclosure of private information only with an individual’s consent (with exceptions for law enforcement, archiving, and routine uses), and established the right of the subject to know what was recorded about her and to offer corrections. While it was originally intended to apply to a broad range of public and private databases to parallel the HEW report, the Act was amended before passage to apply only to government agencies’ records.⁴ Congress never enacted a comparable comprehensive regulatory scheme for private databases. Instead, private databases are regulated only in narrow areas of sensitivity such as credit reports (addressed by a complex scheme passed in 1970 affecting the handful of credit reporting agencies)⁵ and video rental data,⁶ which has been protected since Supreme Court nominee Robert Bork’s video rental history was leaked to a newspaper during his confirmation process in 1987.⁷

The HEW report expresses a basic template for dealing with the informational privacy problem: first, a sensitivity is identified at some stage of the information production process—the gathering, storage, or dissemination of one’s private information—and then a legal regime is proposed to restrict these activities to legitimate ends. This template has informed analysis for the past thirty years, guiding battles over privacy both between individuals and government and between individuals and “large and faceless” corporations. Of course, a functional theory does not necessarily translate into successful practice. Pressures to gather and use personal data in commerce and law enforcement have increased, and technological tools to facilitate such data processing have matured without correspondingly aggressive privacy protections.⁸ (Consider Chapter Five’s description of the novel uses of tethered appliances to conduct surveillance.) In 1999, Scott McNealey, CEO of Sun Microsystems, was asked whether a new Sun technology to link consumer devices had any built-in privacy protection. “You have zero privacy anyway,” he replied. “Get over it.”⁹

McNealey’s words raised some ire at the time; one privacy advocate called them “a declaration of war.”¹⁰ McNealey has since indicated that he believes his answer was misunderstood.¹¹ But the plain meaning of “getting over it” seems to have been heeded: while poll after poll indicates that the public is concerned about privacy,¹² the public’s actions frequently belie these claims. Apart from momentary spikes in privacy concerns that typically arise in the wake of highprofile scandals—such as Watergate or the disclosure of Judge Bork’s video rentals—we routinely part with personal information and at least passively consent to its use, whether by surfing the Internet, entering sweepstakes, or using a supermarket discount card.

Current scholarly work on privacy tries to reconcile people’s nonchalant behavior with their seemingly heartfelt concerns about privacy. It sometimes calls for industry self-regulation rather than direct governmental regulation as a way to vindicate privacy interests, perhaps because such regulation is seen as more efficient or just, or because direct governmental intervention is understood to be politically difficult to achieve. Privacy scholarship also looks to the latest advances in specific technologies that could further weaken day-to-day informational privacy.¹³ One example is the increasing use of radio frequency identifiers (RFIDs) in consumer items, allowing goods to be scanned and tracked at a short distance. One promise of RFID is that a shopper could wheel her shopping cart under an arch at a grocery store and obtain an immediate tally of the price of its contents; one peril is that a stranger could drive by a house with an RFID scanner and instantly inventory its contents, from diapers to bacon to flat-screen TVs, immediately discerning the sort of people who live within.

This work on privacy generally hews to the original analytic template of 1973: both the analysis and suggested solutions talk in terms of institutions gathering data, and of developing ways to pressure institutions to better respect their customers’ and clients’ privacy. This approach is evident in discussions about electronic commerce on the Internet. Privacy advocates and scholars have sought ways to ensure that Web sites disclose to people what they are learning about consumers as they browse and buy. The notion of “privacy policies” has arisen from this debate. Through a combination of regulatory suasion and industry best practices, such policies are now found on many Web sites, comprising little-read boilerplate answering questions about what information a Web site gathers about a user and what it does with the information. Frequently the answers are, respectively, “as much as it can” and “whatever it wants”—but, to some, this is progress. It allows scholars and companies alike to say that the user has been put on notice of privacy practices.

Personal information security is another area of inquiry, and there have been some valuable policy innovations in this sphere. For example, a 2003 California law requires firms that unintentionally expose their customers’ private data to others to alert the customers to the security breach.¹⁴ This has led to a rash of well-known banks sending bashful letters to millions of their customers, gently telling them that, say, a package containing tapes with their credit card and social security numbers has been lost en route from one processing center to another.¹⁵ Bank of America lost such a backup tape with 1.2 million cus- tomer records in ^2005.16 That same year, a MasterCard International security breach exposed information of more than 40 million credit card holders.¹⁷ Boston College lost 120,000 alumni records to hackers as a result of a breach.¹⁸ The number of incidents shows little sign of decreasing,¹⁹ despite the incentives provided by the embarrassment of disclosure and the existence of obvious ways to improve security practices. For minimal cost, firms could minimize some types of privacy risks to consumers—for example, by encrypting their backup tapes before shipping them anywhere, making them worthless to anyone without a closely held digital key.

Addressing Web site privacy and security has led to elaborations on the traditional informational privacy framework. Some particularly fascinating issues in this framework are still unfolding: is it fair, for example, for an online retailer like Amazon to record the average number of nanoseconds each user spends contemplating an item before clicking to buy it? Such data could be used by Amazon to charge impulse buyers more, capitalizing on the likelihood that this group of consumers does not pause long enough to absorb the listed price of the item they just bought. A brief experiment by Amazon in differential pricing resulted in bad publicity and a hasty retreat as some buyers noticed that they could save as much as $10 on a DVD by deleting browser cookies that indicated to Amazon that they had visited the site before.²⁰ As this example suggests, forthrightly charging one price to one person and another price to someone else can generate resistance. Offering individualized discounts, however, can amount to the same thing for the vendor while appearing much more palatable to the buyer. Who would complain about receiving a coupon for $10 off the listed price of an item, even if the coupon were not transferable to any other Amazon user? (The answer may be “someone who did not get the coupon,” but to most people the second scenario is less troubling than the one in which different prices were charged from the start.)²¹

If data mining could facilitate price discrimination for Amazon or other online retailers, it could operate in the tangible world as well. As a shopper uses a loyal-customer card, certain discounts are offered at the register personalized to that customer. Soon, the price of a loaf of bread at the store becomes indeterminate: there is a sticker price, but when the shopper takes the bread up front, the store can announce a special individualized discount based on her relationship with the store. The sticker price then becomes only that, providing little indication of the price that shoppers are actually paying. Merchants can also vary service. Customer cards augmented with RFID tags can serve to identify those undesirable customers who visit a home improvement store, monopolize the attention of the attendants, and exit without having bought so much as a single nail. With these kinds of cards, the store would be able to discern the “good” (profitable) customers from the “bad” (not profitable) ones and appropriately alert the staff to flee from bad customers and approach good ones.

PRIVACY 2.0

While privacy issues associated with government and corporate databases remain important, they are increasingly dwarfed by threats to privacy that do not fit the standard analytical template for addressing privacy threats. These new threats fit the generative pattern also found in the technical layers for Internet and PC security, and in the content layer for ventures such as Wikipedia. The emerging threats to privacy serve as an example of generativity’s downsides on the social layer, where contributions from remote amateurs can enable vulnerability and abuse that calls for intervention. Ideally such intervention would not unduly dampen the underlying generativity. Effective solutions for the problems of Privacy 2.0 may have more in common with solutions to other generative problems than with the remedies associated with the decades-old analytic template for Privacy 1.0.

The Era of Cheap Sensors

We can identify three successive shifts in technology from the early 1970s: cheap processors, cheap networks, and cheap sensors.²² The third shift has, with the help of the first two, opened the doors to new and formidable privacy invasions.

The first shift was cheap processors. Moore’s Law tells us that processing power doubles every eighteen months or so.²³ A corollary is that existing processing power gets cheaper. The cheap processors available since the 1970s have allowed Bill Gates’s vision of a “computer on every desk” to move forward. Cheap processors also underlie information appliances: thanks to Moore’s Law, there is now sophisticated microprocessor circuitry in cars, coffeemakers, and singing greeting cards.

Cheap networks soon followed. The pay-per-minute proprietary dial-up networks gave way to an Internet of increasing bandwidth and dropping price. The all-you-can-eat models of measurement meant that, once established, idle network connections were no cheaper than well-used ones, and a Web page in New York cost no more to access from London than one in Paris. Lacking gatekeepers, these inexpensive processors and networks have been fertile soil for whimsical invention to take place and become mainstream. This generativity has occurred in part because the ancillary costs to experiment—both for software authors and software users—have been so low.

The most recent technological shift has been the availability of cheap sensors. Sensors that are small, accurate, and inexpensive are now found in cameras, microphones, scanners, and global positioning systems. These characteristics have made sensors much easier to deploy—and then network—in places where previously it would have been impractical to have them.

The proliferation of cheap surveillance cameras has empowered the central authorities found within the traditional privacy equation. A 2002 working paper estimated that the British government had spent several hundred million dollars on closed-circuit television systems, with many networked to central law enforcement stations for monitoring.²⁴ Such advances, and the analysis that follows them, fit the template of Privacy 1.0: governments have access to more information thanks to more widely deployed monitoring technologies, and rules and practices are suggested to prevent whatever our notions might be of abuse.²⁵ To see how cheap processors, networks, and sensors create an entirely new form of the problem, we must look to the excitement surrounding the participatory technologies suggested by one meaning of “Web 2.0.” In academic circles, this meaning of Web 2.0 has become known as “peer production.”

The Dynamics of Peer Production

The aggregation of small contributions of individual work can make oncedifficult tasks seem easy. For example, Yochai Benkler has approvingly described the National Aeronautics and Space Administration’s (NASA’s) use of public volunteers, or “clickworkers.”²⁶ NASA had a tedious job involving pictures of craters from the moon and Mars. These were standard bitmap images, and they wanted the craters to be vectorized: in other words, they wanted people to draw circles around the circles they saw in the photos. Writing some custom software and deploying it online, NASA asked Internet users at large to undertake the task. Much to NASA’s pleasant surprise, the clickworkers accomplished in a week what a single graduate student would have needed a year to complete.²⁷ Cheap networks and PCs, coupled with the generative ability to costlessly offer new code for others to run, meant that those who wanted to pitch in to help NASA could do so.

The near-costless aggregation of far-flung work can be applied in contexts other than the drawing of circles around craters—or the production of a free encyclopedia like Wikipedia. Computer scientist Luis von Ahn, after noting that over nine billion person-hours were spent playing Windows Solitaire in a single year, devised the online “ESP” game, in which two remote players are randomly paired and shown an image. They are asked to guess the word that best describes the image, and when they each guess the same word they win points.²⁸ Their actions also provide input to a database that reliably labels images for use in graphical search engines—improving the ability of image search engines to identify images. In real time, then, people are building and participating in a collective, organic, worldwide computer to perform tasks that real computers cannot easily do themselves.²⁹

These kinds of grid applications produce (or at least encourage) certain kinds of public activity by combining small, individual private actions. Benkler calls this phenomenon “coordinate coexistence producing information.”³⁰ Benkler points out that the same idea helps us find what we are looking for on the Internet, even if we do not go out of our way to play the ESP game; search engines commonly aggregate the artifacts of individual Internet activity, such as webmasters’ choices about where to link, to produce relevant search results. Search engines also track which links are most often clicked on in ordered search results in order, and then more prominently feature those links in future searches.³¹ The value of this human-derived wisdom has been noted by spammers, who create “link farms” of fake Web sites containing fragments of text drawn at random from elsewhere on the Web (“word salad”) that link back to the spammers’ sites in an attempt to boost their search engine rankings. The most useful links are ones placed on genuinely popular Web sites, though, and the piles of word salad do not qualify.

As a result, spammers have turned to leaving comments on popular blogs that ignore the original entry to which they are attached and instead simply provide links back to their own Web sites. In response, the authors of blogging software have incorporated so-called captcha boxes that must be navigated before anyone can leave a comment on a blog. Captchas—now used on many mainstream Web sites including Ticketmaster.com—ask users to prove that they are human by typing in, say, a distorted nonsense word displayed in a small graphic.³² Computers can start with a word and make a distorted image in a heartbeat, but they cannot easily reverse engineer the distorted image back to the word. This need for human intervention was intended to force spammers to abandon automated robots to place their blog comment spam. For a while they did, reportedly setting up captcha sweatshops that paid people to solve captchas from blog comment prompts all day long.³³ (In 2003, the going rate was $2.50/hour for such work.)³⁴ But spammers have continued to explore more efficient solutions. A spammer can write a program to fill in all the information but the captcha, and when it gets to the captcha it places it in front of a real person trying to get to a piece of information—say on a page a user might get after clicking a link that says, “You’ve just won $1000! Click here!”³⁵—or perhaps a pornographic photo.³⁶ The captcha had been copied that instant from a blog where a spammer’s robot was waiting to leave a comment, and then pasted into the prompt for the human wanting to see the next page. The human’s answer to the captcha was then instantly ported back over to the blog site in order to solve the captcha and leave the spammed comment.³⁷ Predictably, companies have also sprung up to meet this demand, providing custom software to thwart captchas on a contract basis of $100 to $5,000 per project.³⁸ Generative indeed: the ability to remix different pieces of the Web, and to deploy new code without gatekeepers, is crucial to the spammers’ work. Other uses of captchas are more benign but equally subtle: a project called reCAPTCHA provides an open API to substitute for regular captchas where a Web site might want to test to see if it is a human visiting.³⁹ reCAPTCHA creates an image that pairs a standard, automatically generated test word image with an image of a word from an old book that a computer has been unable to properly scan and translate. When the user solves the captcha by entering both words, the first word is used to validate that the user is indeed human, and the second is used to put the human’s computing power to work to identify one more word of one more book that otherwise would be unscannable.

What do captchas have to do with privacy? New generative uses of the Internet have made the solutions proposed for Privacy 1.0 largely inapplicable. Fears about “mass dataveillance”⁴⁰ are not misplaced, but they recognize only part of the problem, and one that represents an increasingly smaller slice of the pie. Solutions such as disclosure⁴¹ or encryption⁴² still work for Privacy 1.0, but new approaches are needed to meet the challenge of Privacy 2.0, in which sensitive data is collected and exchanged peer-to-peer in configurations as unusual as that of the spammers’ system for bypassing captchas.

The power of centralized databases feared in 1973 is now being replicated and amplified through generative uses of individual data and activity. For example, cheap sensors have allowed various gunshot-detecting technologies to operate through microphones in public spaces.⁴³ If a shot is fired, sensors associated with the microphones triangulate the shot’s location and summon the police. To avoid false alarms, the system can be augmented with help from the public at large, minimizing the need for understaffed police to make the initial assessment about what is going on when a suspicious sound is heard. Interested citizens can review camera feeds near a reported shot and press a button if they see something strange happening on their computer monitors. Should a citizen do so, other citizens can be asked for verification. If the answer is yes, the police can be sent.

In November of 2006, the state of Texas spent $210,000 to set up eight webcams along the Mexico border as part of a pilot program to solicit the public’s help in reducing illegal immigration.⁴⁴ Webcam feeds were sent to a public Web site, and people were invited to alert the police if they thought they saw suspicious activity. During the month-long trial the Web site took in just under twenty-eight million hits. No doubt many were from the curious rather than the helpful, but those wanting to volunteer came forward, too. The site registered over 220,000 users, and those users sent 13,000 e-mails to report suspicious activity. At three o’clock in the morning one woman at her PC saw someone signal a pickup truck on the webcam. She alerted police, who seized over four hundred pounds of marijuana from the truck’s occupants after a highspeed chase. In separate incidents, a stolen car was recovered, and twelve undocumented immigrants were stopped. To some—especially state officials— this was a success beyond any expectation;⁴⁵ to others it was a paltry result for so much investment.⁴⁶

Beyond any first-order success of stopping crime, some observers welcome involvement by members of the public as a check on law enforcement surveillance.⁴⁷ Science fiction author David Brin foresaw increased use of cameras and other sensors by the government and adopted an if-you-can’t-beat-themjoin- them approach to dealing with the privacy threat. He suggested allowing ubiquitous surveillance so long as the watchers themselves were watched: live cameras could be installed in police cars, station houses, and jails. According to Brin, everyone watching everywhere would lessen the likelihood of unobserved government abuse. What the Rodney King video did for a single incident⁴⁸— one that surely would have passed without major public notice but for the amateur video capturing what looked like excessive force by arresting officers— Brin’s proposal could do for nearly all state activities. Of course, Brin’s calculus does not adequately account for the invasions of privacy that would take place whenever random members of the public could watch—and perhaps record— every interaction between citizens and authorities, especially since many of those interactions take place at sensitive moments for the citizens. And ubiquitous surveillance can lead to other problems. The Sheriff’s Office of Anderson County, Tennessee, introduced one of the first live “jailcams” in the country, covering a little area in the jail where jailors sit and keep an eye on everything— the center of the panopticon.⁴⁹ The Anderson County webcam was very Web 2.0: the Web site included a chat room where visitors could meet other viewers, there was a guestbook to sign, and a link to syndicated advertising to help fund the webcam. However, some began using the webcam to make crank calls to jailors at key moments and even, it is claimed, to coordinate the delivery of contraband.⁵⁰ The webcam was shut down.

This example suggests a critical difference between Privacy 1.0 and 2.0. If the government is controlling the observation, then the government can pull the plug on such webcams if it thinks they are not helpful, balancing whatever policy factors it chooses.⁵¹ Many scholars have considered the privacy problems posed by cheap sensors and networks, but they focus on the situations where the sensors serve only government or corporate masters. Daniel Solove, for instance, has written extensively on emergent privacy concerns, but he has focused on the danger of “digital dossiers” created by businesses and governments.⁵² Likewise, Jerry Kang and Dana Cuff have written about how small sensors will lead to “pervasive computing,” but they worry that the technology will be abused by coordinated entities like shopping malls, and their prescriptions thus follow the pattern established by Privacy 1.0.⁵³ Their concerns are not misplaced, but they represent an increasingly smaller part of the total picture. The essence of Privacy 2.0 is that government or corporations, or other intermediaries, need not be the source of the surveillance. Peer-to-peer technologies can eliminate points of control and gatekeeping from the transfer of personal data and information just as they can for movies and music. The intellectual property conflicts raised by the generative Internet, where people can still copy large amounts of copyrighted music without fear of repercussion, are rehearsals for the problems of Privacy 2.0.⁵⁴

The Rodney King beating was filmed not by a public camera, but by a private one, and its novel use in 1991 is now commonplace. Many private cameras, including camera-equipped mobile phones, fit the generative mold as devices purchased for one purpose but frequently used for another. The Rodney King video, however, required news network attention to gain salience. Videos depicting similar events today gain attention without the prior approval of an intermediary.⁵⁵ With cheap sensors, processors, and networks, citizens can quickly distribute to anywhere in the world what they capture in their backyard. Therefore, any activity is subject to recording and broadcast. Perform a search on a video aggregation site like YouTube for “angry teacher” or “road rage” and hundreds of videos turn up. The presence of documentary evidence not only makes such incidents reviewable by the public at large, but for, say, angry teachers it also creates the possibility of getting fired or disciplined where there had not been one before. Perhaps this is good: teachers are on notice that they must account for their behavior the way that police officers must take responsibility for their own actions.

If so, it is not just officers and teachers: we are all on notice. The famed “Bus Uncle” of Hong Kong upbraided a fellow bus passenger who politely asked him to speak more quietly on his mobile phone.⁵⁶ The mobile phone user learned an important lesson in etiquette when a third person captured the argument and then uploaded it to the Internet, where 1.3 million people have viewed one version of the exchange.⁵⁷ (Others have since created derivative versions of the exchange, including karaoke and a ringtone.) Weeks after the video was posted, the Bus Uncle was beaten up in a targeted attack at the restaurant where he worked.⁵⁸ In a similar incident, a woman’s dog defecated on the floor of a South Korean subway. She refused to clean it up, even when offered a tissue—though she cleaned the dog—and left the subway car at the next stop. The incident was captured on a mobile phone camera and posted to the Internet, where the poster issued an all points bulletin seeking information about the dog owner and her relatives, and about where she worked. She was identified by others who had previously seen her and the dog, and the resulting firestorm of criticism apparently caused her to quit her job.⁵⁹

The summed outrage of many unrelated people viewing a disembodied video may be disproportionate to whatever social norm or law is violated within that video. Lives can be ruined after momentary wrongs, even if merely misdemeanors. Recall verkeersbordvrij theory from Chapter Six: it suggests that too many road signs and driving rules change people into automatons, causing them to trade in common sense and judgment for mere hewing to exactly what the rules provide, no more and no less. In the same way, too much scrutiny can also turn us into automatons. Teacher behavior in a classroom, for example, is largely a matter of standards and norms rather than rules and laws, but the presence of scrutiny, should anything unusual happen, can halt desirable pedagogical risks if there is a chance those risks could be taken out of context, misconstrued, or become the subject of pillory by those with perfect hindsight.

These phenomena affect students as well as teachers, regular citizens rather than just those in authority. And ridicule or mere celebrity can be as chilling as outright disapprobation. In November 2002 a Canadian teenager used his high school’s video camera to record himself swinging a golf ball retriever as though it were a light saber from Star Wars.⁶⁰ By all accounts he was doing it for his own amusement. The tape was not erased, and it was found the following spring by someone else who shared it, first with friends and then with the Internet at large. Although individuals want privacy for themselves, they will line up to see the follies of others, and by 2006 the “Star Wars Kid” was estimated to be the most popular word-of-mouth video on the Internet, with over nine hundred million cumulative views.⁶¹ It has spawned several parodies, including ones shown on prime time television. This is a consummately generative event: a repurposing of something made for completely different reasons, taking off beyond any expectation, and triggering further works, elaborations, and commentaries— both by other amateurs and by Hollywood.⁶² It is also clearly a privacy story. The student who made the video has been reported to have been traumatized by its circulation, and in no way did he seek to capitalize on his celebrity.

In this hyperscrutinized reality, people may moderate themselves instead of expressing their true opinions. To be sure, people have always balanced between public and private expression. As Mark Twain observed: “We are discreet sheep; we wait to see how the drove is going, and then go with the drove. We have two opinions: one private, which we are afraid to express; and another one—the one we use—which we force ourselves to wear to please Mrs. Grundy, until habit makes us comfortable in it, and the custom of defending it presently makes us love it, adore it, and forget how pitifully we came by it. Look at it in politics.”⁶³

Today we are all becoming politicians. People in power, whether at parliamentary debates or press conferences, have learned to stick to carefully planned talking points, accepting the drawbacks of appearing stilted and saying little of substance in exchange for the benefits of predictability and stability.⁶⁴ Ubiquitous sensors threaten to push everyone toward treating each public encounter as if it were a press conference, creating fewer spaces in which citizens can express their private selves.

Even the use of “public” and “private” to describe our selves and spaces is not subtle enough to express the kind of privacy we might want. By one definition they mean who manages the space: a federal post office is public; a home is private. A typical restaurant or inn is thus also private, yet it is also a place where the public gathers and mingles: someone there is “in public.” But while activities in private establishments open to the public are technically in the public eye,⁶⁵ what transpires there is usually limited to a handful of eyewitnesses— likely strangers—and the activity is ephemeral. No more, thanks to cheap sensors and cheap networks to disseminate what they glean. As our previously private public spaces, like classrooms and restaurants, turn into public public spaces, the pressure will rise for us to be on press conference behavior.

There are both significant costs and benefits inherent in expanding the use of our public selves into more facets of daily life. Our public face may be kinder, and the expansion may cause us to rethink our private prejudices and excesses as we publicly profess more mainstream standards and, as Twain says, “habit makes us comfortable in it.” On the other hand, as law professors Eric Posner and Cass Sunstein point out, strong normative pressure can prevent outlying behavior of any kind, and group baselines can themselves be prejudiced. Outlying behavior is the generative spark found at the social layer, the cultural innovation out of left field that can later become mainstream. Just as our information technology environment has benefited immeasurably from experimentation by a variety of people with different aims, motives, and skills, so too is our cultural environment bettered when commonly held—and therefore sometimes rarely revisited—views can be challenged.⁶⁶

The framers of the U.S. Constitution embraced anonymous speech in the political sphere as a way of being able to express unpopular opinions without having to experience personal disapprobation.⁶⁷ No defense of a similar principle was needed for keeping private conversations in public spaces from becoming public broadcasts—disapprobation that begins with small “test” groups but somehow becomes society-wide—since there were no means by which to perform that transformation. Now that the means are there, a defense is called for lest we run the risk of letting our social system become metaphorically more appliancized: open to change only by those few radicals so disconnected from existing norms as to not fear their imposition at all.

Privacy 2.0 is about more than those who are famous or those who become involuntary “welebrities.” For those who happen to be captured doing particularly fascinating or embarrassing things, like Star Wars Kid or an angry teacher, a utilitarian might say that nine hundred million views is first-order evidence of a public benefit far exceeding the cost to the student who made the video. It might even be pointed out that the Star Wars Kid failed to erase the tape, so he can be said to bear some responsibility for its circulation. But the next-generation privacy problem cannot be written off as affecting only a few unlucky victims. Neither can it be said to affect only genuine celebrities who must now face constant exposure not only to a handful of professional paparazzi but also to hordes of sensor-equipped amateurs. (Celebrities must now contend with the consequences of cell phone videos of their slightest aberrations—such as one in which a mildly testy exchange with a valet parker is quickly circulated and exaggerated online⁶⁸—or more comprehensive peer-produced sites like Gawker Stalker,⁶⁹ where people send in local sightings of celebrities as they happen. Gawker strives to relay the sightings within fifteen minutes and place them on a Google map, so that if Jack Nicholson is at Starbucks, one can arrive in time to stand awkwardly near him before he finishes his latte.)

Cybervisionary David Weinberger’s twist on Andy Warhol’s famous quotation is the central issue for the rest of us: “On the Web, everyone will be famous to fifteen people.”⁷⁰ Although Weinberger made his observation in the context of online expression, explaining that microaudiences are worthy audiences, it has further application. Just as cheap networks made it possible for businesses to satisfy the “long tail,” serving the needs of obscure interests every bit as much as popular ones⁷¹ (Amazon is able to stock a selection of books virtually far beyond the best sellers found in a physical bookstore), peer-produced databases can be configured to track the people who are of interest only to a few others.

How will the next-generation privacy problem affect average citizens? Early photo aggregation sites like Flickr were premised on a seemingly dubious assumption that turned out to be true: not only would people want an online repository for their photos, but they would often be pleased to share them with the public at large. Such sites now boast hundreds of millions of photos,⁷² many of which are also sorted and categorized thanks to the same distributed energy that got Mars’s craters promptly mapped. Proponents of Web 2.0 sing the praises of “folksonomies” rather than taxonomies—bottom-up tagging done by strangers rather than expert-designed and -applied canonical classifications like the Dewey Decimal System or the Library of Congress schemes for sorting books.⁷³ Metadata describing the contents of pictures makes images far more useful and searchable. Combining user-generated tags with automatically generated data makes pictures even more accessible. Camera makers now routinely build cameras that use global positioning systems to mark exactly where on the planet each picture it snaps was taken and, of course, to time- and datestamp them. Web sites like Riya, Polar Rose, and MyHeritage are perfecting facial recognition technologies so that once photos of a particular person are tagged a few times with his or her name, their computers can then automatically label all future photos that include the person—even if their image appears in the background. In August 2006 Google announced the acquisition of Neven Vision, a company working on photo recognition, and in May 2007 Google added a feature to its image search so that only images of people could be returned (to be sure, still short of identifying which image is which).⁷⁴ Massachusetts officials have used such technology to compare mug shots in “Wanted” posters to driver’s license photos, leading to arrests.⁷⁵ Mash together these technologies and functionalities through the kind of generative mixing allowed by their open APIs and it becomes trivial to receive answers to questions like: Where was Jonathan Zittrain last year on the fourteenth of February?, or, Who could be found near the entrance to the local Planned Parenthood clinic in the past six months? The answers need not come from government or corporate cameras, which are at least partially secured against abuse through well-considered privacy policies from Privacy 1.0. Instead, the answers come from a more powerful, generative source: an army of the world’s photographers, including tourists sharing their photos online without firm (or legitimate) expectations of how they might next be used and reused.

As generativity would predict, those uses may be surprising or even offensive to those who create the new tools or provide the underlying data. The Christian Gallery News Service was started by antiabortion activist Neal Horsley in the mid 1990s. Part of its activities included the Nuremberg Files Web site, where the public was solicited for as much information as possible about the identities, lives, and families of physicians who performed abortions, as well as about clinic owners and workers.⁷⁶ When a provider was killed, a line would be drawn through his or her name. (The site was rarely updated with new information, and it became entangled in a larger lawsuit lodged under the U.S. Freedom of Access to Clinic Entrances Act.⁷⁷ The site remains accessible.) An associated venture solicits the public to take pictures of women arriving at clinics, including the cars in which they arrive (and corresponding license plates), and posts the pictures in order to deter people from nearing clinics.⁷⁸

With image recognition technology mash-ups, photos taken as people enter clinics or participate in protests can be instantly cross-referenced with their names. One can easily pair this type of data with Google Maps to provide finegrained satellite imagery of the homes and neighborhoods of these individuals, similar to the “subversive books” maps created by computer consultant and tinkerer Tom Owad, tracking wish lists on Amazon.⁷⁹

This intrusion can reach places that the governments of liberal democracies refuse to go. In early 2007, a federal court overseeing the settlement of a class action lawsuit over New York City police surveillance of public activities held that routine police videotaping of public events was in violation of the settlement: “The authority . . . conferred upon the NYPD ‘to visit any place and attend any event that is open to the public, on the same terms and conditions of the public generally,’ cannot be stretched to authorize police officers to videotape everyone at a public gathering just because a visiting little old lady from Dubuque . . . could do so. There is a quantum difference between a police officer and the little old lady (or other tourist or private citizen) videotaping or photographing a public event.”⁸⁰

The court expressed concern about a chilling of speech and political activities if authorities were videotaping public events. But police surveillance becomes moot when an army of little old ladies from Dubuque is naturally videotaping and sharing nearly everything—protests, scenes inside a mall (such that amateur video exists of a random shootout in a Salt Lake City, Utah, mall),⁸¹ or picnics in the park. Peer-leveraging technologies are overstepping the boundaries that laws and norms have defined as public and private, even as they are also facilitating beneficial innovation. Cheap processors, networks, and sensors enable a new form of beneficial information flow as citizen reporters can provide footage and frontline analysis of newsworthy events as they happen.⁸² For example, OhmyNews is a wildly popular online newspaper in South Korea with citizen-written articles and reports. (Such writers provide editors with their names and national identity numbers so articles are not anonymous.) Similarly, those who might commit atrocities within war zones can now be surveilled and recorded by civilians so that their actions may be watched and ultimately punished, a potential sea change for the protection of human rights.⁸³

For privacy, peer-leveraging technologies might make for a much more constrained world rather than the more chaotic one that they have wrought for intellectual property. More precisely, a world where bits can be recorded, manipulated, and transmitted without limitation means, in copyright, a free-for-all for the public and constraint upon firms (and perhaps upstream artists) with content to protect. For privacy, the public is variously creator, beneficiary, and victim of the free-for-all. The constraints—in the form of privacy invasion that Jeffrey Rosen crystallizes as an “unwanted gaze”—now come not only from the well-organized governments or firms of Privacy 1.0, but from a few people generatively drawing upon the labors of many to greatly impact rights otherwise guaranteed by a legal system.

Privacy and Reputation

At each layer where a generative pattern can be discerned, this book has asked whether there is a way to sift out what we might judge to be bad generative results from the good ones without unduly damaging the system’s overall generativity. This is the question raised at the technical layer for network security, at the content layer for falsehoods in Wikipedia and failures of intellectual property protection, and now at the social layer for privacy. Can we preserve generative innovations without giving up our core privacy values? Before turning to answers, it is helpful to explore a final piece of the Privacy 2.0 mosaic: the impact of emerging reputation systems. This is both because such systems can greatly impact our privacy and because this book has suggested reputational tools as a way to solve the generative sifting problem at other layers.

Search is central to a functioning Web,⁸⁴ and reputation has become central to search. If people already know exactly what they are looking for, a network needs only a way of registering and indexing specific sites. Thus, IP addresses are attached to computers, and domain names to IP addresses, so that we can ask for www.drudgereport.com and go straight to Matt Drudge’s site. But much of the time we want help in finding something without knowing the exact online destination. Search engines help us navigate the petabytes of publicly posted information online, and for them to work well they must do more than simply identify all pages containing the search terms that we specify. They must rank them in relevance. There are many ways to identify what sites are most relevant. A handful of search engines auction off the top-ranked slots in search results on given terms and determine relevance on the basis of how much the site operators would pay to put their sites in front of searchers.⁸⁵ These search engines are not widely used. Most have instead turned to some proxy for reputation. As mentioned earlier, a site popular with others—with lots of inbound links—is considered worthier of a high rank than an unpopular one, and thus search engines can draw upon the behavior of millions of other Web sites as they sort their search results.⁸⁶ Sites like Amazon deploy a different form of ranking, using the “mouse droppings” of customer purchasing and browsing behavior to make recommendations—so they can tell customers that “people who like the Beatles also like the Rolling Stones.” Search engines can also more explicitly invite the public to express its views on the items it ranks, so that users can decide what to view or buy on the basis of others’ opinions. Amazon users can rate and review the items for sale, and subsequent users then rate the first users’ reviews. Sites like Digg and Reddit invite users to vote for stories and articles they like, and tech news site Slashdot employs a rating system so complex that it attracts much academic attention.⁸⁷

eBay uses reputation to help shoppers find trustworthy sellers. eBay users rate each others’ transactions, and this trail of ratings then informs future buyers how much to trust repeat sellers. These rating systems are crude but powerful. Malicious sellers can abandon poorly rated eBay accounts and sign up for new ones, but fresh accounts with little track record are often viewed skeptically by buyers, especially for proposed transactions involving expensive items. One study confirmed that established identities fare better than new ones, with buyers willing to pay, on average, over 8 percent more for items sold by highly regarded, established sellers.⁸⁸ Reputation systems have many pitfalls and can be gamed, but the scholarship seems to indicate that they work reasonably well.⁸⁹ There are many ways reputation systems might be improved, but at their core they rely on the number of people rating each other in good faith well exceeding the number of people seeking to game the system—and a way to exclude robots working for the latter. For example, eBay’s rating system has been threatened by the rise of “1-cent eBooks” with no shipping charges; sellers can create alter egos to bid on these nonitems and then have the phantom users highly rate the transaction.⁹⁰ One such “feedback farm” earned a seller a thousand positive reviews over four days. eBay intervenes to some extent to eliminate such gaming, just as Google reserves the right to exact the “Google death penalty” by de-listing any Web site that it believes is unduly gaming its chances of a high search engine rating.⁹¹

These reputation systems now stand to expand beyond evaluating people’s behavior in discrete transactions or making recommendations on products or content, into rating people more generally. This could happen as an extension of current services—as one’s eBay rating is used to determine trustworthiness on, say, another peer-to-peer service. Or, it could come directly from social networking: Cyworld is a social networking site that has twenty million subscribers; it is one of the most popular Internet services in the world, largely thanks to interest in South Korea.⁹² The site has its own economy, with $100 million worth of “acorns,” the world’s currency, sold in 2006.⁹³

Not only does Cyworld have a financial market, but it also has a market for reputation. Cyworld includes behavior monitoring and rating systems that make it so that users can see a constantly updated score for “sexiness,” “fame,” “friendliness,” “karma,” and “kindness.” As people interact with each other, they try to maximize the kinds of behaviors that augment their ratings in the same way that many Web sites try to figure out how best to optimize their presentation for a high Google ranking.⁹⁴ People’s worth is defined and measured precisely, if not accurately, by the reactions of others. That trend is increasing as social networking takes off, partly due to the extension of online social networks beyond the people users already know personally as they “befriend” their friends’ friends’ friends.

The whole-person ratings of social networks like Cyworld will eventually be available in the real world. Similar real-world reputation systems already exist in embryonic form. Law professor Lior Strahilevitz has written a fascinating monograph on the effectiveness of “How’s My Driving” programs, where commercial vehicles are emblazoned with bumper stickers encouraging other drivers to report poor driving.⁹⁵ He notes that such programs have resulted in significant accident reductions, and analyzes what might happen if the program were extended to all drivers. A technologically sophisticated version of the scheme dispenses with the need to note a phone number and file a report; one could instead install transponders in every vehicle and distribute TiVo-like remote controls to drivers, cyclists, and pedestrians. If someone acts politely, say by allowing you to switch lanes, you can acknowledge it with a digital thumbsup that is recorded on that driver’s record. Cutting someone off in traffic earns a thumbs-down from the victim and other witnesses. Strahilevitz is supportive of such a scheme, and he surmises it could be even more effective than eBay’s ratings for online transactions since vehicles are registered by the government, making it far more difficult escape poor ratings tied to one’s vehicle. He acknowledges some worries: people could give thumbs-down to each other for reasons unrelated to their driving—racism, for example. Perhaps a bumper sticker expressing support for Republicans would earn a thumbs-down in a blue state. Strahilevitz counters that the reputation system could be made to eliminate “outliers”—so presumably only well-ensconced racism across many drivers would end up affecting one’s ratings. According to Strahilevitz, this system of peer judgment would pass constitutional muster if challenged, even if the program is run by the state, because driving does not implicate one’s core rights. “How’s My Driving?” systems are too minor to warrant extensive judicial review. But driving is only the tip of the iceberg.

Imagine entering a café in Paris with one’s personal digital assistant or mobile phone, and being able to query: “Is there anyone on my buddy list within 100 yards? Are any of the ten closest friends of my ten closest friends within 100 yards?” Although this may sound fanciful, it could quickly become mainstream. With reputation systems already advising us on what to buy, why not have them also help us make the first cut on whom to meet, to date, to befriend? These are not difficult services to offer, and there are precursors today.⁹⁶ These systems can indicate who has not offered evidence that he or she is safe to meet—as is currently solicited by some online dating sites—or it may use Amazon-style matching to tell us which of the strangers who have just entered the café is a good match for people who have the kinds of friends we do. People can rate their interactions with each other (and change their votes later, so they can show their companion a thumbs-up at the time of the meeting and tell the truth later on), and those ratings will inform future suggested acquaintances. With enough people adopting the system, the act of entering a café can be different from one person to the next: for some, the patrons may shrink away, burying their heads deeper in their books and newspapers. For others, the entire café may perk up upon entrance, not knowing who it is but having a lead that this is someone worth knowing. Those who do not participate in the scheme at all will be as suspect as brand new buyers or sellers on eBay.

Increasingly, difficult-to-shed indicators of our identity will be recorded and captured as we go about our daily lives and enter into routine transactions— our fingerprints may be used to log in to our computers or verify our bank accounts, our photo may be snapped and tagged many times a day, or our license plate may be tracked as people judge our driving habits. The more our identity is associated with our daily actions, the greater opportunities others will have to offer judgments about those actions. A government-run system like the one Strahilevitz recommends for assessing driving is the easy case. If the state is the record keeper, it is possible to structure the system so that citizens can know the basis of their ratings—where (if not by whom) various thumbs-down clicks came from—and the state can give a chance for drivers to offer an explanation or excuse, or to follow up. The state’s formula for meting out fines or other penalties to poor drivers would be known (“three strikes and you’re out,” for whatever other problems it has, is an eminently transparent scheme), and it could be adjusted through accountable processes, just as legislatures already determine what constitutes an illegal act, and what range of punishment it should earn.

Generatively grown but comprehensively popular unregulated systems are a much trickier case. The more that we rely upon the judgments offered by these private systems, the more harmful that mistakes can be.⁹⁷ Correcting or identifying mistakes can be difficult if the systems are operated entirely by private parties and their ratings formulas are closely held trade secrets. Search engines are notoriously resistant to discussing how their rankings work, in part to avoid gaming—a form of security through obscurity.⁹⁸ The most popular engines reserve the right to intervene in their automatic rankings processes—to administer the Google death penalty, for example—but otherwise suggest that they do not centrally adjust results. Hence a search in Google for “Jew” returns an anti- Semitic Web site as one of its top hits,⁹⁹ as well as a separate sponsored advertisement from Google itself explaining that its rankings are automatic.¹⁰⁰ But while the observance of such policies could limit worries of bias to search algorithm design rather than to the case-by-case prejudices of search engine operators, it does not address user-specific bias that may emerge from personalized judgments.

Amazon’s automatic recommendations also make mistakes; for a period of time the Official Lego Creator Activity Book was paired with a “perfect partner” suggestion: American Jihad: The Terrorists Living Among Us Today. If such mismatched pairings happen when discussing people rather than products, rare mismatches could have worse effects while being less noticeable since they are not universal. The kinds of search systems that say which people are worth getting to know and which should be avoided, tailored to the users querying the system, present a set of due process problems far more complicated than a stateoperated system or, for that matter, any system operated by a single party. The generative capacity to share data and to create mash-ups means that ratings and rankings can be far more emergent—and far more inscrutable.

SOLVING THE PROBLEMS OF PRIVACY 2.0

Cheap sensors generatively wired to cheap networks with cheap processors are transforming the nature of privacy. How can we respond to the notion that nearly anything we do outside our homes can be monitored and shared? How do we deal with systems that offer judgments about what to read or buy, and whom to meet, when they are not channeled through a public authority or through something as suable, and therefore as accountable, as Google?

The central problem is that the organizations creating, maintaining, using, and disseminating records of identifiable personal data are no longer just “organizations”— they are people who take pictures and stream them online, who blog about their reactions to a lecture or a class or a meal, and who share on social sites rich descriptions of their friends and interactions. These databases are becoming as powerful as the ones large institutions populate and centrally define. Yet the sorts of administrative burdens we can reasonably place on established firms exceed those we can place on individuals—at some point, the burden of compliance becomes so great that the administrative burdens are tantamount to an outright ban. That is one reason why so few radio stations are operated by individuals: it need not be capital intensive to set up a radio broadcasting tower—a low-power neighborhood system could easily fit in someone’s attic—but the administrative burdens of complying with telecommunications law are well beyond the abilities of a regular citizen. Similarly, we could create a privacy regime so complicated as to frustrate generative developments by individual users.

The 1973 U.S. government report on privacy crystallized the template for Privacy 1.0, suggesting five elements of a code of fair information practice:

• There must be no personal data record-keeping systems whose very existence is secret.
• There must be a way for an individual to find out what information about him is in a record and how it is used.
• There must be a way for an individual to prevent information about him that was obtained for one purpose from being used or made available for other purposes without his consent.
• There must be a way for an individual to correct or amend a record of identifiable information about him.
• Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data.¹⁰¹

These recommendations present a tall order for distributed, generative systems. It may seem clear that the existence of personal data record-keeping systems ought not to be kept secret, but this issue was easier to address in 1973, when such systems were typically large consumer credit databases or government dossiers about citizens, which could more readily be disclosed and advertised by the relevant parties. It is harder to apply the antisecrecy maxim to distributed personal information databases. When many of us maintain records or record fragments on one another, and through peer-produced social networking services like Facebook or MySpace share these records with thousands of others, or allow them to be indexed to create powerful mosaics of personal data, then exactly what the database is changes from one moment to the next—not simply in terms of its contents, but its very structure and scope. Such databases may be generally unknown while not truly “secret.”¹⁰²

Further, these databases are ours. It is one thing to ask a corporation to disclose the personal data and records it maintains; it is far more intrusive to demand such a thing of private citizens. Such disclosure may itself constitute an intrusive search upon the citizen maintaining the records. Similarly, the idea of mandating that an individual be able to find out what an information gatherer knows—much less to correct or amend the information—is categorically more difficult to implement when what is known is distributed across millions of people’s technological outposts. To be sure, we can Google ourselves, but this does not capture those databases open only to “friends of friends”—a category that may not include us but may include thousands of others. At the same time, we may have minimal recourse when the information we thought we were circulating within social networking sites merely for fun and, say, only among fellow college students, ends up leaking to the world at large.¹⁰³

What to do? There is a combination of steps drawn from the solutions sketched in the previous two chapters that might ameliorate the worst of Privacy 2.0’s problems, and even provide a framework in which to implement some of the Privacy 1.0 solutions without rejecting the generative framework that gives rise to Privacy 2.0 in the first place.

The Power of Code-Backed Norms

The Web is disaggregated. Its pieces are bound together into a single virtual database by private search engines like Google. Google and other search engines assign digital robots to crawl the Web as if they were peripatetic Web surfers, clicking on one link after another, recording the results, and placing them into a concordance that can then be used for search.¹⁰⁴

Early on, some wanted to be able to publish material to the Web without it appearing in search engines. In the way a conversation at a pub is a private matter unfolding in a public (but not publicly owned) space, these people wanted their sites to be private but not secret. The law offers one approach to vindicate this desire for privacy but not secrecy. It could establish a framework delineating the scope and nature of a right in one’s Web site being indexed, and providing for penalties for those who infringe that right. An approach of this sort has well-known pitfalls. For example, it would be difficult to harmonize such doctrine across various jurisdictions around the world,¹⁰⁵ and there would be technical questions as to how a Web site owner could signal his or her choice to would-be robot indexers visiting the site.

The Internet community, however, fixed most of the problem before it could become intractable or even noticeable to mainstream audiences. A software engineer named Martijn Koster was among those discussing the issue of robot signaling on a public mailing list in 1993 and 1994. Participants, including “a majority of robot authors and other people with an interest in robots,” converged on a standard for “robots.txt,” a file that Web site authors could create that would be inconspicuous to Web surfers but in plain sight to indexing robots.¹⁰⁶ Through robots.txt, site owners can indicate preferences about what parts of the site ought to be crawled and by whom. Consensus among some influential Web programmers on a mailing list was the only blessing this standard received: “It is not an official standard backed by a standards body, or owned by any commercial organisation. It is not enforced by anybody, and there [sic] no guarantee that all current and future robots will use it. Consider it a common facility the majority of robot authors offer the WWW community to protect WWW server [sic] against unwanted accesses by their robots.”¹⁰⁷

Today, nearly all Web programmers know robots.txt is the way in which sites can signal their intentions to robots, and these intentions are respected by every major search engine across differing cultures and legal jurisdictions.¹⁰⁸ On this potentially contentious topic—search engines might well be more valuable if they indexed everything, especially content marked as something to avoid— harmony was reached without any application of law. The robots.txt standard did not address the legalities of search engines and robots; it merely provided a way to defuse many conflicts before they could even begin. The apparent legal vulnerabilities of robots.txt—its lack of ownership or backing of a large private standards setting organization, and the absence of private enforcement devices— may in fact be essential to its success.¹⁰⁹ Law professor Jody Freeman and others have written about the increasingly important role played by private organizations in the formation of standards across a wide range of disciplines and the ways in which some organizations incorporate governmental notions of due process in their activities.¹¹⁰ Many Internet standards have been forged much less legalistically but still cooperatively.¹¹¹

The questions not preempted or settled by such cooperation tend to be clashes between firms with some income stream in dispute—and where the law has then partially weighed in. For example, eBay sued data aggregator Bidder’s Edge for using robots to scrape its site even after eBay clearly objected both in person and through robots.txt. eBay won in a case that has made it singularly into most cyberlaw casebooks and even into a few general property casebooks— a testament to how rarely such disputes enter the legal system.¹¹²

Similarly, the safe harbors of the U.S. Digital Millennium Copyright Act of 1998 give some protection to search engines that point customers to material that infringes copyright,¹¹³ but they do not shield the actions required to create the search database in the first place. The act of creating a search engine, like the act of surfing itself, is something so commonplace that it would be difficult to imagine deeming it illegal—but this is not to say that search engines rest on any stronger of a legal basis than the practice of using robots.txt to determine when it is and is not appropriate to copy and archive a Web site.¹¹⁴ Only recently, with Google’s book scanning project, have copyright holders really begun to test this kind of question.¹¹⁵ That challenge has arisen over the scanning of paper books, not Web sites, as Google prepares to make them searchable in the same way Google has indexed the Web.¹¹⁶ The long-standing practice of Web site copying, guided by robots.txt, made that kind of indexing uncontroversial even as it is, in theory, legally cloudy.

The lasting lesson from robots.txt is that a simple, basic standard created by people of good faith can go a long way toward resolving or forestalling a problem containing strong ethical or legal dimensions. The founders of Creative Commons created an analogous set of standards to allow content creators to indicate how they would like their works to be used or reused. Creative Commons licenses purport to have the force of law behind them—one ignores them at the peril of infringing copyright—but the main force of Creative Commons as a movement has not been in the courts, but in cultural mindshare: alerting authors to basic but heretofore hidden options they have for allowing use of the photos, songs, books, or blog entries they create, and alerting those who make use of the materials to the general orientation of the author.

Creative Commons is robots.txt generalized. Again, the legal underpinnings of this standard are not particularly strong. For example, one Creative Commons option is “noncommercial,” which allows authors to indicate that their material can be reused without risk of infringement so long as the use is noncommercial. But the definition of noncommercial is a model of vagueness, the sort of definition that could easily launch a case like eBay v. Bidder’s Edge.¹¹⁷ If one aggregates others’ blogs on a page that has banner ads, is that a commercial use? There have been only a handful of cases over Creative Commons licenses, and none testing the meaning of noncommercial.¹¹⁸ Rather, people seem to know a commercial (or derivative) use when they see it: the real power of the license may have less to do with a threat of legal enforcement and more to do with the way it signals one’s intentions and asks that they be respected. Reliable empirical data is absent, but the sense among many of those using Creative Commons licenses is that their wishes have been respected.¹¹⁹

Applying Code-Backed Norms to Privacy: Data Genealogy

As people put data on the Internet for others to use or reuse—data that might be about other people as well as themselves—there are no tools to allow those who provide the data to express their preferences about how the data ought to be indexed or used. There is no Privacy Commons license to request basic limits on how one’s photographs ought to be reproduced from a social networking site. There ought to be. Intellectual property law professor Pamela Samuelson has proposed that in response to the technical simplicity of collecting substantial amounts of personal information in cyberspace, a person should have a protectable right to control this personal data. She notes that a property-based legal framework is more difficult to impose when one takes into account the multiple interests a person might have in her personal data, and suggests a move to a contractual approach to protecting information privacy based in part on enforcement of Web site privacy policies.¹²⁰ Before turning to law directly, we can develop tools to register and convey authors’ privacy-related preferences unobtrusively.

On today’s Internet, the copying and pasting of information takes place with no sense of metadata.¹²¹ It is difficult enough to make sure that a Creative Commons license follows the photograph, sound, or text to which it is related as those items circulate on the Web. But there is no standard at all to pass along for a given work and who recorded it, with what devices,¹²² and most important, what the subject is comfortable having others do with it. If there were, links could become two-way. Those who place information on the Web could more readily canvas the public uses to which that information had been put and by whom. In turn, those who wish to reuse information would have a way of getting in touch with its original source to request permission. Some Web 2.0 outposts have generated promising rudimentary methods for this. Facebook, for example, offers tools to label the photographs one submits and to indicate what groups of people can and cannot see them. Once a photo is copied beyond the Facebook environment, however, these attributes are lost.¹²³

The Web is a complex social phenomenon with information contributed not only by institutional sources like Britannica, CNN, and others that place large amounts of structured information on it, but also by amateurs like Wikipedians, Flickr contributors, and bloggers. Yet a Google search intentionally smoothes over this complexity; each linked search result is placed into a standard format to give the act of searching structure and order. Search engines and other aggregators can and should do more to enrich users’ understanding of where the information they see is coming from. This approach would shadow the way that Theodor Nelson, coiner of the word “hypertext,” envisioned “transclusion”—a means not to simply copy text, but also to reference it to its original source.¹²⁴ Nelson’s vision was drastic in its simplicity: information would repose primarily at its source, and any quotes to it would simply frame that source. If it were deleted from the original source, it would disappear from its subsequent uses. If it were changed at the source, downstream uses would change with it. This is a strong version of the genealogy idea, since the metadata about an item’s origin would actually be the item itself. It is data as service, and insofar as it leaves too much control with the data’s originator, it suffers from many of the drawbacks of software as service described in Chapter Five. For the purposes of privacy, we do not need such a radical reworking of the copy-and-paste culture of the Web. Rather, we need ways for people to signal whether they would like to remain associated with the data they place on the Web, and to be consulted about unusual uses.

This weaker signaling-based version of Nelson’s vision does not answer the legal question of what would happen if the originator of the data could not come to an agreement with someone who wanted to use it. But as with robots .txt and Creative Commons licenses, it could forestall many of the conflicts that will arise in the absence of any standard at all.¹²⁵ Most importantly, it would help signal authorial intention not only to end users but also to the intermediaries whose indices provide the engines for invasions of privacy in the first place. One could indicate that photos were okay to index by tag but not by facial recognition, for example. If search engines of today are any indication, such restrictions could be respected even without a definitive answer as to the extent of their legal enforceability. Indeed, by attaching online identity—if not physical identity—to the various bits of data that are constantly mashed up as people copy and paste what they like around the Web, it becomes possible for people to get in touch with one another more readily to express thanks, suggest collaboration, or otherwise interact as people in communities do. Similarly, projects like reCAPTCHA could seek to alert people to the extra good their solving of captchas is doing—and even let them opt out of solving the second word in the image, the one that is not testing whether they are human but instead is being used to perform work for someone else. Just as Moore v. Regents of the University of California struggled with the issue of whether a patient whose tumor was removed should be consulted before the tumor is used for medical research,¹²⁶ we will face the question of when people ought to be informed when their online behaviors are used for ulterior purposes—including beneficial ones.

Respect for robots.txt, Creative Commons licenses, and privacy “tags,” and an opportunity to alert people and allow them to opt in to helpful ventures with their routine online behavior like captcha-solving, both requires and promotes a sense of community. Harnessing some version of Nelson’s vision is a self-reinforcing community-building exercise—bringing people closer together while engendering further respect for people’s privacy choices. It should be no surprise that people tend to act less charitably in today’s online environment than they would act in the physical world.¹²⁷ Recall the discussion of verkeersbordvrij in Chapter Six, where the elimination of most traffic signs can counterintuitively reduce accidents. Today’s online environment is only half of the verkeersbordvrij system: there are few perceived rules, but there are also few ways to receive, and therefore respect, cues from those whose content or data someone might be using.¹²⁸ Verkeersbordvrij depends not simply on eliminating most legal rules and enforcement, but also, in the view of its proponents, crucially on motorists’ ability to roll down their windows and make eye contact with other motorists and pedestrians, to signal each other, and to pull themselves away from the many distractions like mobile phones and snacking that turn driving into a mechanical operation rather than a social act. By devising tools and practices to connect distant individuals already building upon one another’s data, we can promote the feedback loops found within functioning communities and build a framework to allow the nicely part of Benkler’s “sharing nicely” to blossom.¹²⁹

Enabling Reputation Bankruptcy

As biometric readers become more commonplace in our endpoint machines, it will be possible for online destinations routinely to demand unsheddable identity tokens rather than disposable pseudonyms from Internet users. Many sites could benefit from asking people to participate with real identities known at least to the site, if not to the public at large. eBay, for one, would certainly profit by making it harder for people to shift among various ghost accounts. One could even imagine Wikipedia establishing a “fast track” for contributions if they were done with biometric assurance, just as South Korean citizen journalist newspaper OhmyNews keeps citizen identity numbers on file for the articles it publishes.¹³⁰ These architectures protect one’s identity from the world at large while still making it much more difficult to produce multiple false “sock puppet” identities. When we participate in other walks of life—school, work, PTA meetings, and so on—we do so as ourselves, not wearing Groucho mustaches, and even if people do not know exactly who we are, they can recognize us from one meeting to the next. The same should be possible for our online selves.

As real identity grows in importance on the Net, the intermediaries demanding it ought to consider making available a form of reputation bankruptcy. Like personal financial bankruptcy, or the way in which a state often seals a juvenile criminal record and gives a child a “fresh start” as an adult, we ought to consider how to implement the idea of a second or third chance into our digital spaces. People ought to be able to express a choice to deemphasize if not entirely delete older information that has been generated about them by and through various systems: political preferences, activities, youthful likes and dislikes. If every action ends up on one’s “permanent record,” the press conference effect can set in. Reputation bankruptcy has the potential to facilitate desirably experimental social behavior and break up the monotony of static communities online and offline.¹³¹ As a safety valve against excess experimentation, perhaps the information in one’s record could not be deleted selectively; if someone wants to declare reputation bankruptcy, we might want it to mean throwing out the good along with the bad. The blank spot in one’s history indicates a bankruptcy has been declared—this would be the price one pays for eliminating unwanted details.

The key is to realize that we can make design choices now that work to capture the nuances of human relations far better than our current systems, and that online intermediaries might well embrace such new designs even in the absence of a legal mandate to do so.

More, Not Less, Information

Reputation bankruptcy provides for the possibility of a clean slate. It works best within informationally hermetic systems that generate their own data through the activities of their participants, such as a social networking site that records who is friends with whom, or one that accumulates the various thumbs-up and thumbs-down array that could be part of a “How’s My Driving”–style judgment.

But the use of the Internet more generally to spread real-world information about people is not amenable to reputation bankruptcy. Once injected into the Net, an irresistible video of an angry teacher, or a drunk and/or racist celebrity, cannot be easily stamped out without the kinds of network or endpoint control that are both difficult to implement and, if implemented, unacceptably corrosive to the generative Internet. What happens if we accept this as fact, and also assume that legal proscriptions against disseminating sensitive but popular data will be highly ineffective?¹³² We might turn to contextualization: the idea, akin to the tort of false light, that harm comes from information plucked out of the rich thread of a person’s existence and expression.¹³³ We see this in political controversies—even the slightest misphrasing of something can be extracted and blown out of proportion. It is the reason that official press conferences are not the same as bland conversation; they are even blander.

Contextualization suggests that the aim of an informational system should be to allow those who are characterized within it to augment the picture provided by a single snippet with whatever information, explanation, or denial that they think helps frame what is portrayed. Civil libertarians have long suggested that the solution to bad speech is more speech while realizing the difficulties of linking the second round of speech to the first without infringing the rights of the first speaker.¹³⁴ Criticisms of the “more speech” approach have included the observation that a retraction or amendment of a salacious newspaper story usually appears much less prominently than the original. This is particularly true for newspapers, where those seeing one piece of information may not ever see the follow-up. There is also the worry that the fog of information generated by a free-for-all is no way to have people discern facts from lies. Generative networks invite us to find ways to reconcile these views. We can design protocols to privilege those who are featured or described online so that they can provide their own framing linked to their depictions. This may not accord with our pre-Web expectations: it may be useful for a private newspaper to provide a right of reply to its subjects, but such an entity would quickly invoke a First Amendment–style complaint of compelled speech if the law were to provide for routine rights of reply in any but the narrowest of circumstances.¹³⁵ And many of us might wish to discuss Holocaust deniers or racists without giving them a platform to even link to a reply. The path forward is likely not a formal legal right but a structure to allow those disseminating information to build connections to the subjects of their discussions. In many cases those of us disseminating may not object—and a properly designed system might turn what would have otherwise been one-sided exchanges into genuine dialogues.

We already see some movement in this direction. The Harvard Kennedy School’s Joseph Nye has suggested that a site like urban legend debunker snopes.com be instituted for reputation, a place that people would know to check to get the full story when they see something scandalous but decontextualized online.¹³⁶ The subjects of the scandalous data would similarly know to place their answers there—perhaps somewhat mitigating the need to formally link it to each instance of the original data. Google invites people quoted or discussed within news stories to offer addenda and clarification directly to Google, which posts these responses prominently near its link to the story when it is a search result within Google News.¹³⁷ Services like reputationdefender.com will, for a fee, take on the task of trying to remove or, failing that, contextualize sensitive information about people online.¹³⁸ ReputationDefender uses a broad toolkit of tactics to try to clear up perceived invasions of privacy—mostly moral suasion rather than legal threat.

To be sure, contextualization addresses just one slice of the privacy problem, since it only adds information to a sensitive depiction. If the depiction is embarrassing or humiliating, the opportunity to express that one is indeed embarrassed or humiliated does not much help. It may be that values of privacy are implacably in tension with some of the fruits of generativity. Just as the digital copyright problem could be solved if publishers could find a way to profit from abundance rather than scarcity, the privacy problem could be solved if we could take Sun Microsystems CEO McNealey’s advice and simply get over it. This is not a satisfying rejoinder to someone whose privacy has been invaded, but, amazingly, this may be precisely what is happening: people are getting over it.

THE GENERATIONAL DIVIDE: BEYOND INFORMATIONAL PRIVACY

The values animating our concern for privacy are themselves in transition. Many have noted an age-driven gap in attitudes about privacy perhaps rivaled only by the 1960s generation gap on rock and roll.¹³⁹ Surveys bear out some of this perception.¹⁴⁰ Fifty-five percent of online teens have created profiles on sites like MySpace, though 66 percent of those use tools that the sites offer to limit access in some way.¹⁴¹ Twice as many teens as adults have a blog.¹⁴² Interestingly, while young people appear eager to share information online, they are more worried than older people about government surveillance.¹⁴³ Some also see that their identities may be discovered online, even with privacy controls.¹⁴⁴

A large part of the personal information available on the Web about those born after 1985 comes from the subjects themselves. People routinely set up pages on social networking sites—in the United States, more than 85 percent of university students are said to have an entry on Facebook—and they impart reams of photographs, views, and status reports about their lives, updated to the minute. Friends who tag other friends in photographs cause those photos to be automatically associated with everyone mentioned—a major step toward the world in which simply showing up to an event is enough to make one’s photo and name permanently searchable online in connection with the event.

Worries about such a willingness to place personal information online can be split into two categories. The first is explicitly paternalistic: children may lack the judgment to know when they should and should not share their personal information. As with other decisions that could bear significantly on their lives—signing contracts, drinking, or seeing movies with violent or sexual content—perhaps younger people should be protected from rash decisions that facilitate infringements of their privacy. The second relies more on the generative mosaic concern expressed earlier: people might make rational decisions about sharing their personal information in the short term, but underestimate what might happen to that information as it is indexed, reused, and repurposed by strangers. Both worries have merit, and to the extent that they do we could deploy the tools of intermediary gatekeeping to try to protect people below a certain age until they wise up. This is just the approach of the U.S. Children’s Online Privacy Protection Act of 1998 (COPPA).¹⁴⁵ COPPA fits comfortably but ineffectually within a Privacy 1.0 framework, as it places restrictions on operators of Web sites and services that knowingly gather identifiable information from children under the age of thirteen: they cannot do so without parental consent. The result is discernable in most mainstream Web sites that collect data; each now presents a checkbox for the user to affirm that he or she is over thirteen, or asks outright for a birthday or age. The result has been predictable; kids quickly learn simply to enter an age greater than thirteen in order to get to the services they want.¹⁴⁶ To achieve limits on the flow of information about kids requires levels of intervention that so far exceed the willingness of any jurisdiction.¹⁴⁷ The most common scheme to separate kids from adults online is to identify individual network endpoints as used primarily or frequently by kids and then limit what those endpoints can do: PCs in libraries and public schools are often locked down with filtering software, sometimes due to muchlitigated legal requirements.¹⁴⁸

A shift to tethered appliances could greatly lower the costs of discerning age online. Many appliances could be initialized at the time of acquisition with the birthdays of their users, or sold assuming use by children until unlocked by the vendor after receiving proof of age. This is exactly how many tethered mobile phones with Internet access are sold,¹⁴⁹ and because they do not allow thirdparty code they can be much more securely configured to only access certain approved Web sites. With the right standards in place, PCs could broadcast to every Web site visited that they have not been unlocked for adult browsing, and such Web sites could then be regulated through a template like COPPA to restrict the transmission of certain information that could harm the young users. This is a variant of Lessig’s idea for a “kid enabled browser,” made much more robust because a tethered appliance is difficult to hack.¹⁵⁰

These paternalistic interventions assume that people will be more careful about what they put online once they grow up. And even those who are not more careful and regret it have exercised their autonomy in ways that ought to be respected. But the generational divide on privacy appears to be more than the higher carelessness or risk tolerance of kids. Many of those growing up with the Internet appear not only reconciled to a public dimension to their lives— famous for at least fifteen people—but eager to launch it. Their notions of privacy transcend the Privacy 1.0 plea to keep certain secrets or private facts under control. Instead, by digitally furnishing and nesting within publicly accessible online environments, they seek to make such environments their own. MySpace—currently the third most popular Web site in the United States and sixth most popular in the world¹⁵¹—is evocatively named: it implicitly promises its users that they can decorate and arrange their personal pages to be expressive of themselves. Nearly every feature of a MySpace home page can be reworked by its occupant, and that is exactly what occupants do, drawing on tools provided by MySpace and outside developers.¹⁵² This is generativity at work: MySpace programmers creating platforms that can in turn be directed and reshaped by users with less technical talent but more individualized creative energy. The most salient feature of privacy for MySpace users is not secrecy so much as autonomy: a sense of control over their home bases, even if what they post can later escape their confines. Privacy is about establishing a locus which we can call our own without undue intervention or interruption—a place where we can vest our identities. That can happen most directly in a particular location—“your home is your castle”—and, as law professor Margaret Radin explains, it can also happen with objects.¹⁵³ She had in mind a ring or other heirloom, but an iPod containing one’s carefully selected music and video can fit the bill as well. Losing such a thing hurts more than the mere pecuniary value of obtaining a fresh one. MySpace pages, blogs, and similar online outposts can be repositories for our identities for which personal control, not secrecy, is the touchstone.

The 1973 U.S. government privacy report observed:

An agrarian, frontier society undoubtedly permitted much less personal privacy than a modern urban society, and a small rural town today still permits less than a big city. The poet, the novelist, and the social scientist tell us, each in his own way, that the life of a small-town man, woman, or family is an open book compared to the more anonymous existence of urban dwellers. Yet the individual in a small town can retain his confidence because he can be more sure of retaining control. He lives in a face-toface world, in a social system where irresponsible behavior can be identified and called to account. By contrast, the impersonal data system, and faceless users of the information it contains, tend to be accountable only in the formal sense of the word.

In practice they are for the most part immune to whatever sanctions the individual can invoke.¹⁵⁴

Enduring solutions to the new generation of privacy problems brought about by the generative Internet will have as their touchstone tools of connection and accountability among the people who produce, transform, and consume personal information and expression: tools to bring about social systems to match the power of the technical one. Today’s Internet is an uncomfortable blend of the personal and the impersonal. It can be used to build and refine communities and to gather people around common ideas and projects.¹⁵⁵ In contrast, it can also be seen as an impersonal library of enormous scale: faceless users perform searches and then click and consume what they see. Many among the new generation of people growing up with the Internet are enthusiastic about its social possibilities. They are willing to put more of themselves into the network and are more willing to meet and converse with those they have never met in person. They may not experience the same divide that Twain observed between our public and private selves. Photos of their drunken exploits on Facebook might indeed hurt their job prospects¹⁵⁶—but soon those making hiring decisions will themselves have had Facebook pages. The differential between our public and private selves might be largely resolved as we develop digital environments in which views can be expressed and then later revised. Our missteps and mistakes will not be cause to stop the digital presses; instead, the good along with the bad will form part of a dialogue with both the attributes of a small town and a “world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.”¹⁵⁷ Such an environment will not be perfect: there will be Star Wars Kids who wish to retract their private embarrassing moments and who cannot. But it will be better than one without powerful generative instrumentalities, one where the tools of monitoring are held and monopolized by the faceless institutions anticipated and feared in 1973.

The ideas here fall into several broad categories. First, we ought to take steps to make the tethered appliances and software-as-service described in Chapter Five more palatable, since they are here to stay, even if the PC and Internet are saved. Second, we can help ensure a balance between generative and non-generative segments of the IT ecosystem. Third, we can make generative systems less threatening to legally protected interests.

PROTECTIONS FOR A WORLD OF TETHERED APPLIANCES AND WEB 2.0

Maintaining Data Portability

A move to tethered appliances and Web services means that more and more of our experiences in the information space will be contingent. A service or product we use at one moment could act completely differently the next, since it can be so quickly reprogrammed without our assent. Each time we power up a mobile phone, video game console, or BlackBerry, it might have gained some features and lost others. Each time we visit a Web site offering an ongoing service like e-mail access or photo storage, the same is true. People are notoriously poor at planning ahead, and their decisions about whether to start hosting all the family’s photos on one site or another may not take into account the prospect that the function and format of the site can change at any time.

Older models of software production are less problematic. Because traditional software has clearly demarcated updates, users can stick with an older version if they do not like the tradeoffs of a newer one. These applications usually feature file formats that are readable by other applications, so that data from one program can be used in another: WordPerfect users, for example, can switch to Microsoft Word and back again. The pull of interoperability compelled most software developers to allow data to be exportable in common formats, and if one particular piece of software were to reach market dominance— and thereby no longer need to be as interoperable—existing versions of that software would not retroactively lose that capability.

If the security issues on generative platforms are mitigated, it is likely that technology vendors can find value with both generative and non-generative business models. For example, it may be beneficial for a technology maker to sell below-cost hardware and to make up much of the loss by collecting licensing fees from any third-party contributions that build on that hardware. This is the business model for many video game console makers.¹ This business model offers cheap hardware to consumers while creating less generative systems. So long as generative consoles can compete with non-generative ones, it would seem that the market can sort out this tradeoff—at least if people can easily switch from one platform to another. Maintaining the prospect that users can switch ensures that changes to wildly popular platforms and services are made according to the interests of their users. There has been ongoing debate about just how much of a problem lock-in can be with a technology.² The tradeoff of, say, a long-term mobile phone contract in exchange for a heavy discount on a new handset is one that the consumer at least knows up front. Much less understood are the limits on extracting the information consumers deposit into a non-generative platform. Competition can be stymied when people find themselves compelled to retain one platform only because their data is trapped there.

As various services and applications become more self-contained within particular devices, there is a minor intervention the law could make to avoid undue lock-in. Online consumer protection law has included attention to privacy policies. A Web site without a privacy policy, or one that does not live up to whatever policy it posts, is open to charges of unfair or deceptive trade practices.³ Makers of tethered appliances and Web sites keeping customer data similarly ought to be asked to offer portability policies. These policies would declare whether they will allow users to extract their own data should they wish to move their activities from one appliance or Web site to another.

In some cases, the law could create a right of data portability, in addition to merely insisting on a clear statement of a site’s policies. Traditional software as product nearly always keeps its data files stored on the user’s PC in formats that third parties can access.⁴ Software as product therefore allows for the routine portability of data, including data that could be precious: one’s trove of e-mail, or the only copy of family photos from a cherished vacation. Imagine cameras that effectively made those photos property of Kodak, usable only in certain ways that the company dictated from one moment to the next. These cameras likely would not sell so long as there were free alternatives and people knew the limitations up front. Yet as with those hypothetical cameras, when one uses tethered appliances the limitations are neither advertised nor known, and they may not at first even be on the minds of the service providers themselves. They are latent in the design of the service, able to be activated at any moment according to the shifting winds of a dot-com’s business model and strategy. The law should provide some generous but firm borders.⁵ The binding promise that Wikipedia’s content can be copied, modified, and put up elsewhere by anyone else at any time—expressly permitted by Wikipedia’s content license⁶—is a backstop against any abuse that might arise from Wikipedia’s operators, mitigating the dangers that Wikipedia is a service rather than a product and that the plug at wikipedia.org can be pulled or the editors shut out at any time.

As we enter an era in which a photograph moves ephemerally from a camera’s shutter click straight to the photographer’s account at a proprietary storage Web site with no stop in between, it will be helpful to ensure that the photos taken can be returned fully to the custody of the photographer. Portability of data is a generative insurance policy to apply to individual data wherever it might be stored. A requirement to ensure portability need not be onerous. It could apply only to uniquely provided personal data such as photos and documents, and mandate only that such data ought to readily be extractable by the user in some standardized form. Maintaining data portability will help people pass back and forth between the generative and the non-generative, and, by permitting third-party backup, it will also help prevent a situation in which a non-generative service suddenly goes offline, with no recourse for those who have used the service to store their data.⁷

Network Neutrality and Generativity

Those who provide content and services over the Internet have generally lined up in favor of “network neutrality,” by which faraway ISPs would not be permitted to come between external content or service providers and their customers. The debate is nuanced and far ranging.⁸ Proponents of various forms of network neutrality invoke the Internet’s tradition of openness as prescriptive: they point out that ISPs usually route packets without regard for what they contain or where they are from, and they say that this should continue in order to allow maximum access by outsiders to an ISP’s customers and vice versa. Reliable data is surprisingly sparse, but advocates make a good case that the level of competition for broadband provision is low: there are few alternatives for high-speed broadband at many locations at the moment, and they often entail long-term consumer contracts. Such conditions make it difficult for market competition to prevent undesirable behavior such as ISPs’ favoring access to their own content or services, and even some measure of competition in the broadband market does not remove a provider’s incentives to discriminate.⁹ For example, an ISP might block Skype in order to compel the ISP’s users to subscribe to its own Internet telephony offering.¹⁰ Likewise, some argue that independent application and content providers might innovate less out of fear of discriminatory behavior. While proponents of net neutrality are primarily concerned about restrictions on application and content, their arguments also suggest that general restrictions on technical ways of using the network should be disfavored.

Skeptics maintain that competition has taken root for broadband, and they claim that any form of regulatory constraint on ISPs—including enforcing some concept of neutrality—risks limiting the ways in which the Internet can continue to evolve.¹¹ For example, market conditions might bring about a situation in which an ISP could charge Google for access to that ISP’s customers: without payment from Google, those customers would not be allowed to get to Google. If Google elected to pay—a big “if,” of course—then some of Google’s profits would go to subsidizing Internet access. Indeed, one could imagine ISPs then offering free Internet access to their customers, with that access paid for by content providers like Google that want to reach those customers. Of course, there is no guarantee that extra profits from such an arrangement would be passed along to the subscribers, but, in the standard model of competition, that is exactly what would happen: surplus goes to the consumer. Even if this regime hampered some innovation by increasing costs for application providers, this effect might—and this is speculative—be outweighed by increased innovation resulting from increased broadband penetration.

Similarly, a situation whereby consumers share their Internet connections with their neighbors may be salutary for digital access goals. When wireless access points first came to market, which allowed people to share a single physical Internet point throughout their houses the way that cordless telephones could be added to their telephone jacks, most ISPs’ contracts forbade them.¹² Some vendors marketed products for ISPs to ferret out such access points when they were in use.¹³ However, the ISPs ended up taking a wait-and-see approach at variance with the unambiguous limits of their contracts, and wi-fi access points became tolerated uses of the sort described in Chapter Five. Eventually the flagstones were laid for paths where people were walking rather than the other way around, and nearly every ISP now permits sharing within a household.

However, most access points are also automatically built to share the Internet connection with anyone in range,¹⁴ friend or stranger, primarily to reduce the complexity of installation and corresponding calls to the access point makers’ customer service and return lines. This laziness by access point makers has made it a commonplace for users to be able to find “free” wi-fi to glom onto in densely populated areas, often without the knowledge of the subscribers who installed the wireless access points. Again ISPs have dithered about how to respond. Services like FON now provide a simple box that people can hook up to their broadband Internet connection, allowing other FON users to share the connection for free when within range, and nonmembers to pay for access to the FON network.¹⁵ Those acquiring FON boxes can in turn use others’ FON connections when they are on the road. Alternatively, FON users can elect to have their FON box request a small payment from strangers who want to share the connection, and the payment is split between FON and the box owner.

Most ISPs have not decided whether such uses are a threat and therefore have not taken action against them, even as the ISPs still have contractual terms that forbid such unauthorized use,¹⁶ and some have lobbied for theft-of-service laws that would appear to criminalize both sharing Internet connections and accepting invitations to share.¹⁷ For ISPs, customers’ ability to share their service could increase the demand for it since customers could themselves profit from use by strangers. But this would also increase the amount of bandwidth used on the ill-measured “all you can eat” access plans that currently depend on far less than constant usage to break even.¹⁸ Some advocates have tried to steer a middle course by advocating a “truth in advertising” approach to network neutrality: broadband providers can shape their services however they want, so long as they do not call it “Internet” if it does not meet some definition of neutrality.¹⁹ This seems a toothless remedy if one believes there is a problem, for network providers inclined to shape their services could simply call it “broadband” instead.

The procrastination principle has left these issues open, and so far generativity is alive and well at the network level. So what can generativity contribute to this debate? One lesson is that the endpoints matter at least as much as the network. If network providers try to be more constraining about what traffic they allow on their networks, software can and will be written to evade such restrictions— so long as generative PCs remain common on which to install that software. We see exactly this trend in network environments whose users are not the network’s paying customers. When employers, libraries, or schools provide network access and attempt to limit its uses, clever PC software can generally get around the limitations so long as general Web surfing is permitted, using exactly the tools available to someone in China or Saudi Arabia who wants to circumvent national filtering.²⁰ Even in some of the worst cases of network traffic shaping by ISPs, the generative PC provides a workaround. Just as Skype is designed to get around the unintended blockages put in place by some home network routers,²¹ it would not be a far leap for Linksys or FON to produce home boxes designed expressly to get around unwanted violations of network neutrality. (Of course, such workarounds would be less effective if the network provider merely slowed down all traffic that was not expressly favored or authorized.) The harshest response by ISPs to this—to ban such boxes and then to try to find and punish those disobeying the ban—represents expensive and therefore undesirable territory for them. One answer, then, to the question of network neutrality is that wide-open competition is good and can help address the primary worries of network neutrality proponents. In the absence of broad competition some intervention could be helpful, but in a world of open PCs some users can more or less help themselves, routing around some blockages that seek to prevent them from doing what they want to do online.

From Network Neutrality to API Neutrality

The debate on network neutrality, when viewed through a generative overlay, suggests a parallel debate that is not taking place at all. That debate centers on the lack of pretense of neutrality to begin with for tethered appliances and the services offered through them. Reasonable people disagree on the value of defining and mandating network neutrality. If there is a present worldwide threat to neutrality in the movement of bits, it comes not from restrictions on traditional Internet access that can be evaded using generative PCs, but from enhancements to traditional and emerging appliancized services that are not open to third-party tinkering. For example, those with cable or satellite television have their TV experiences mediated through a set-top box provided or specified by the cable or satellite company. The box referees what standard and premium channels have been paid for, what pay-per-view content should be shown, and what other features are offered through the service.

The cable television experience is a walled garden. Should a cable or satellite company choose to offer a new feature in the lineup called the “Internet channel,” it could decide which Web sites to allow and which to prohibit. It could offer a channel that remains permanently tuned to one Web site, or a channel that could be steered among a preselected set of sites, or a channel that can be tuned to any Internet destination the subscriber enters so long as it is not on a blacklist maintained by the cable or satellite provider. Indeed, some video game consoles are configured for broader Internet access in this manner.²² Puzzlingly, parties to the network neutrality debate have yet to weigh in on this phenomenon.

The closest we have seen to mandated network neutrality in the appliancized space is in pre-Internet cable television and post-Internet mobile telephony. Long before the mainstreaming of the Internet, the Cable Television Consumer Protection and Competition Act of 1992 allowed local broadcast television stations to demand that cable TV companies carry their signal, and established a limited regime of open-access cable channels.²³ This was understandably far from a free-for-all of actual “signal neutrality” because the number of channels a cable service could transmit was understood to be limited.²⁴ The must-carry policies—born out of political pressure by broadcasters and justified as a way of eliminating some bottleneck control by cable operators—have had little discernable effect on the future of cable television, except perhaps to a handful of home shopping and religious broadcasting stations that possess broadcast licenses but are of little interest to large television viewerships.²⁵ Because cable systems of 1992 had comparatively little bandwidth, and because the systems were designed almost solely to transmit television and nothing else, the Act had little impact on the parched generative landscape for cable.

Mobile telephony, often featuring a tight relationship between service providers and endpoint devices used by their subscribers, has also drawn calls for mandated neutrality. Recall the Carterfone case from Chapter Two, which compelled AT&T to open the endpoints of its monopoly telephone network—that is, mobile phones—to third-party hardware providers.²⁶ Tim Wu has called for a Carterfone rule for mobile phone service providers, allowing consumers to select whatever handset they want to work on the network, and Skype has petitioned the FCC for such a rule—at just the time that, like the old AT&T, Steve Jobs insists that the iPhone must be tethered to Apple and forced to use AT&T as its network provider “to protect carrier networks and to make sure the phone was not damaged.”²⁷ The analogy between AT&T and telephones on the one hand and mobile phone providers and handsets on the other is strong, and it works because there is already an understood divide between network and device in both cases. But because a cable or satellite TV company’s regular service is intertwined with a content offering—the channels—and a specialized appliance to recognize proprietary transmission encryption schemes—the set-top box—it has been significantly harder to implement the spirit of Carterfone for cable television.²⁸ A model that begins as sterile is much harder to open meaningfully to third-party contribution than one that is generative from the start.

We see a parallel discrepancy of attitudes between PCs and their counterpart information appliances. Microsoft was found to possess a monopoly in the market for PC operating systems.²⁹ Indeed, it was found to be abusing that monopoly to favor its own applications—such as its Internet Explorer browser—over third-party software, against the wishes of PC makers who wanted to sell their hardware with Windows preinstalled but adjusted to suit the makers’ tastes.³⁰ By allowing third-party contribution from the start—an ability to run outside software—after achieving market dominance, Microsoft was forced to meet ongoing requirements to maintain a level playing field for third-party software and its own.³¹

Yet we have not seen the same requirements arising for appliances that do not allow, or that strictly control, the ability of third parties to contribute from the start. So long as the market favorite video game console maker never opens the door to generative third-party code, it is hard to see how the firm could be found to be violating the law. A manufacturer is entitled to make an appliance, and to try to bolt down its inner workings so that they cannot be modified by others.³²

So when should we consider network neutrality-style mandates for appliancized systems? The answer lies in that subset of appliancized systems that seeks to gain the benefits of third-party contribution while reserving the right to exclude it later. Those in favor of network neutrality suggest, often implicitly, how foundational the Internet is for the services offered over it.³³ If downstream services cannot rely on the networks they use to provide roughly equal treatment of their bits, the playing field for Internet activities can shift drastically. If the AT&T telephone network had been permitted to treat data calls differently from voice calls—and to change originally generous policies in a heartbeat—the foundation to link consumer telecommunications with the existing Internet might have collapsed, or at least have been greatly constrained only to business models provable from the start and thus ripe for partnerships with AT&T. Network neutrality advocates might explain their lack of concern for nonneutral treatment of bits over cable television by pointing out that cable television never purported to offer a platform for downstream third-party development— and indeed has never served that purpose. It is bait and switch that ought to be regulated.

The common law recognizes vested expectations in other areas. For example, the law of adverse possession dictates that people who openly occupy another’s private property without the owner’s explicit objection (or, for that matter, permission) can, after a lengthy period of time, come to legitimately acquire it.³⁴ More commonly, property law can find prescriptive easements—rights-of-way across territory that develop by force of habit—if the owner of the territory fails to object in a timely fashion as people go back and forth across it.³⁵ The law of promissory estoppel identifies times when one person’s behavior can give rise to an obligation to another without a contract or other agreement between them; acting in a way that might cause someone else to reasonably rely on those actions can create a “quasi-contract.”³⁶ These doctrines point to a deeply held norm that certain consistent behaviors can give rise to obligations, sometimes despite fine print that tries to prevent those obligations from coming about.³⁷ Recall Bill Gates’s insistence that the Xbox video game console is not just for games: “It is a general purpose computer. . . . [W]e wouldn’t have done it if it was just a gaming device. We wouldn’t have gotten into the category at all. It was about strategically being in the living room.”³⁸ Network neutrality’s spirit applied to the box would say: if Microsoft wants to make the Xbox a generalpurpose device but still not open to third-party improvement, no regulation should prevent it. But if Microsoft does so by welcoming third-party contribution, it should not later be able to impose barriers to outside software continuing to work. Such behavior is a bait and switch that is not easy for the market to anticipate and that stands to allow a platform maker to harness generativity to reach a certain plateau, dominate the market, and then make the result proprietary—exactly what the Microsoft antitrust case rightly was brought to prevent.

The principles and factual assumptions that animate network neutrality— that the network has been operated in a particular socially beneficial way and that, especially in the absence of effective competition, it should stay that way—can also apply to Internet services that solicit mash-ups from third-party programmers described in Chapter Five, like Google Maps or Facebook, while makers of pure tethered appliances such as TiVo may do as they please. Those who offer open APIs on the Net in an attempt to harness the generative cycle ought to remain application-neutral after their efforts have succeeded, so all those who have built on top of their interfaces can continue to do so on equal terms. If Microsoft retroactively changed Windows to prevent WordPerfect or Firefox from running, it would answer under the antitrust laws and perhaps also in tort for intentional interference with the relationship between the independent software makers and their consumers.³⁹ Similarly, providers of open APIs to their services can be required to commit to neutral offerings of them, at least when they have reached a position of market dominance for that particular service. Skeptics may object that these relations can be governed by market forces, and if an open API is advertised as contingent, then those who build on it are on notice and can choose to ignore the invitation if they do not like the prospect that it can be withdrawn at any moment. The claim and counterclaim follow the essential pattern of the network neutrality debate. Just as our notions of network security ought to include the endpoints as well as the middle of the network—with a generative principle to determine whether and when it makes sense to violate the end-to-end principle—our far-ranging debates on network neutrality ought to be applied to the new platforms of Web services that in turn depend on Internet connectivity to function. At least Internet connectivity is roughly commoditized; one can move from one provider to another so long as there is sufficient competition, or—in an extreme case—one can even move to a new physical location to have better options for Internet access. With open APIs for Web services there is much less portability; services built for one input stream—such as for Google Maps—cannot easily be repurposed to another, and it may ultimately make sense to have only a handful of frequently updated mapping data providers for the world, at least as much as it can make sense only to invest in a handful of expensive physical network conduits to a particular geographic location.

Maintaining Privacy as Software Becomes Service

As Chapter Five explained, the use of our PCs is shrinking to that of mere workstations, with private data stored remotely in the hands of third parties. This section elaborates on that idea, showing that there is little reason to think that people have—or ought to have—any less of a reasonable expectation of privacy for e-mail stored on their behalf by Google and Microsoft than they would have if it were stored locally in PCs after being downloaded and deleted from their e-mail service providers.

The latest version of Google Desktop is a PC application that offers a “search across computers” feature. It is advertised as allowing users with multiple computers to use one computer to find documents that are stored on another.⁴⁰ The application accomplishes this by sending an index of the contents of users’ documents to Google itself.⁴¹ While networking one’s own private computers would not appear to functionally change expectations of privacy in their contents, the placement or storage of the data in others’ hands does not hew well to the doctrinal boundaries of privacy protection by the U.S. Constitution. These boundaries treat the things one has held onto more gingerly than things entrusted to others. For example, in SEC v. Jerry T. O’Brien, Inc.,⁴² the Supreme Court explained: “It is established that, when a person communicates information to a third party even on the understanding that the communication is confidential, he cannot object if the third party conveys that information or records thereof to law enforcement authorities. . . . These rulings disable respondents from arguing that notice of subpoenas issued to third parties is necessary to allow a target to prevent an unconstitutional search or seizure of his papers.”⁴³

The movement of data from the PC means that warrants served upon personal computers and their hard drives will yield less and less information as the data migrates onto the Web, driving law enforcement to the networked third parties now hosting that information. When our diaries, e-mail, and documents are no longer stored at home but instead are business records held by a dot-com, nearly all formerly transient communication ends up permanently and accessibly stored in the hands of third parties, and subject to comparatively weak statutory and constitutional protections against surveillance.⁴⁴ A warrant is generally required for the government to access data on one’s own PC, and warrants require law enforcement to show probable cause that evidence of a crime will be yielded by the search.⁴⁵ In other words, the government must surmount a higher hurdle to search one’s PC than to eavesdrop on one’s data communications, and it has the fewest barriers when obtaining data stored elsewhere.⁴⁶ Entrusting information to third parties changes the ease of surveillance because those third parties are often willing to give it up, and typically the first party is not even aware the transfer has occurred. Online data repositories of all stripes typically state in their terms of use that they may disclose any information upon the request of the government—at least after receiving assurances by the requesting party that the information is sought to enhance the public safety.⁴⁷ In the United States, should a custodian deny a mere request for cooperation, the records might further be sought under the Stored Communications Act, which does not erect substantial barriers to government access.⁴⁸

The holders of private records also may be compelled to release them through any of a series of expanded information-gathering tools enacted by Congress in the wake of September 11. For example, a third party that stores networked, sensitive personal data could be sent a secretly obtained PATRIOT Act section 215 order, directing the production of “any tangible things (including books, records, papers, documents, and other items) for an investigation . . . to protect against international terrorism or clandestine intelligence activities.”⁴⁹ The party upon whom a section 215 order is served can neither disclose nor appeal the order.⁵⁰ Moreover, since the party searched—whether a library, accountant, or ISP—is not itself the target of interest, the targeted individual will not readily know that the search is occurring. Probable cause is not required for the search to be ordered, and indeed the target of interest may be presumed innocent but still monitored so long as the target is still generating records of interest to the government in an international terrorism or counter- intelligence investigation. Roughly 1,700 applications to the secret Foreign Intelligence Surveillance Act (FISA) court were lodged in each of 2003 and 2004 seeking records of some kind. Only four were rejected each year. In 2005, 2,074 applications were made, with 2 rejections, and in 2006, 2,181 were made, with 5 rejections.⁵¹

Any custodians might also be served a national security letter concerning the production of so-called envelope information. These letters are written and executed without judicial oversight, and those who receive such letters can be prohibited by law from telling anyone that they received them.⁵² National security letters may be used to solicit information held by particular kinds of private parties, including the records of telephone companies, financial institutions (now including such entities as pawnshops and travel agencies), as well as ISPs.⁵³ For ISPs, the sorts of information that can be sought this way are “subscriber information and toll billing records information, or electronic communication transactional records.”⁵⁴ This envelope information is not thought to extend to the contents of e-mail but includes such things as the “to” and “from” fields of e-mail—or perhaps even the search engine queries made by a subscriber, since such queries are usually embedded in the URLs visited by that subscriber.

If the government has questions about the identity of a user of a particular Internet Protocol address, a national security letter could be used to match that address to a subscriber name. Under section 505 of the PATRIOT Act, national security letters do not need to meet the probable cause standard associated with a traditional warrant: the FBI merely needs to assert to the private recipients of such letters that the records are sought in connection with an investigation into international terrorism.⁵⁵ Government officials have indicated that more than thirty thousand national security letters are issued per year.⁵⁶ A recent internal FBI audit of 10 percent of the national security letters obtained since 2002 discovered more than a thousand potential violations of surveillance laws and agency rules.⁵⁷

Recipients of FISA orders or national security letters may press challenges to be permitted to disclose to the public that they have received such mandates— just as an anonymous car manufacturer sued to prevent its onboard navigation system from being used to eavesdrop on the car’s occupants⁵⁸—but there is no assurance that they will do so. Indeed, many may choose to remain silent about cooperating with the government under these circumstances, thereby keeping each of these searches secret from the target.

As we move our most comprehensive and intimate details online—yet intend them to be there only for our own use—it is important to export the values of privacy against government intrusion along with them. For remotely stored data, this suggests limiting the holdings like that of SEC v. Jerry T. O’Brien, Inc. to financial records held by brokers similar to the ones in that case, rather than extending the relaxation of Fourth Amendment protections to all cases of third-party custody of personal information. The balance of accessibility for financial transactions need not be the same as that for our most personal communications and data. This is a reasonable limit to draw when the physical borders of one’s home no longer correlate well with the digital borders of one’s private life. Indeed, it is simply extending the protections we already enjoy to fit a new technological configuration. That is the spirit of Chapman v. United States,⁵⁹ in which a police search of a rented house for a whiskey still was found to be a violation of the Fourth Amendment rights of the tenant, despite the fact that the landlord had consented to the search.⁶⁰ The Court properly refused to find that the right against intrusion was held only by the absentee owner of the place intruded—rather, it was held by the person who actually lived and kept his effects there. Similarly, the data we store for ourselves in servers that others own ought to be thought of as our own papers and effects in which we have a right to be secure.

There is some suggestion that the courts may be starting to move in this direction. In the 2007 case Warshak v. United States, the U.S. Court of Appeals for the Sixth Circuit held that the government’s warrantless attempt to seize e-mail records through an ISP without notice to the account holder violated Fourth Amendment privacy rights.⁶¹ At the time of writing, the ruling stands, though it faces further review.⁶²

The ability to store nearly all one’s data remotely is an important and helpful technological advance, all the more so because it can still be made to appear to the user as if the data were sitting on his or her own personal computer. But this suggests that the happenstance of where data are actually stored should not alone control the constitutional assessment of which standard the government must meet.

BALANCING GENERATIVE AND NON-GENERATIVE SYSTEMS

Code thickets

A number of scholars have written about the drawbacks to proprietary rights thickets: overlapping claims to intellectual property can make it difficult for those creating new but not completely original creative works to avoid infringing others’ rights. This is a particular problem for code developed with the tools of group generativity. For the past twenty years, the modern landscape of information technology has accommodated competing spheres of software production. These spheres can be grouped roughly around two poles warring for dominance in the field. On one side is proprietary software, which typically provides cash-and-carry functionality for the user. Its source code “recipe” is nearly always hidden from view as a technical matter, and as a legal matter it cannot be used by independent programmers to develop new software without the rarely given permission of its unitary rights holder. On the other side is free software, referring not to the price paid for a copy, but to the fact that the source code of the software is open to public view and modification.

It is not easy for the law to maintain neutrality in the conflict between the two spheres, evenhandedly encouraging development in both models. For example, the free software movement has produced some great works, but under prevailing copyright law even a slight bit of poison, in the form of code from a proprietary source, could amount to legal liability for anyone who copies or potentially even uses the software. (Running software entails making at least a temporary copy of it.)

The collaborative nature of free software development makes it harder to determine where various contributions are coming from and whether contributions belong to those who purport to donate them. Indeed, in the case of an employee of a software company charitably moonlighting for a free software project, the employee’s work may not even be the employee’s to give. A barely remembered but still enforceable employment agreement may commit all software written by the employee to the employer’s possession, which would set the stage for an infringement claim against those within the free software project for making use of the employee’s contributions.

Major free software projects try to avoid these problems by soliciting declarations from participants that they are only contributing code that they wrote or to which they have free license. The Free Software Foundation even suggests that employees obtain a disclaimer from their employers of all interest in employee contributions.⁶³ But the danger of poisoned code remains, just as it is possible for someone to contribute copyrighted material to Wikipedia or a Geocities home page at any moment. The kind of law that shields Wikipedia and Geocities from liability for material contributed by outsiders, as long as the organization acts expeditiously to remove infringing material once it is notified, ought to be extended to the production of code itself.⁶⁴ Code that incorporates infringing material is not given a free pass, but those who have promulgated it without knowledge of the infringement would have a chance to repair the code or cease copying it before becoming liable.

The patent thicket is also worrisome. There is a large and growing literature devoted to figuring out whether and under what circumstances software patents contribute to innovation, since they can promise returns to those who innovate. Scholars James Bessen and Robert Hunt have observed that the number of software patents has grown substantially since the early 1980s, from one thousand per year to over twenty thousand per year.⁶⁵ These patents are obtained, on average, by larger firms than those acquiring patents in other fields, and non-software firms acquire over 90 percent of software patents.⁶⁶ Bessen and Hunt suggest that these patterns are consistent with a patent thicket— large firms obtaining patents to extract royalties from rivals and to defend themselves from their rivals’ patents.⁶⁷

While large firms can reach patent détente with each other through cross-licensing,⁶⁸ smaller firms and individuals may be left out. There are thousands of software patents, and patent infringement, unlike copyright, does not require a copying of the original material: so long as someone else already came up with the idea, the new work is infringing. With copyright, if someone miraculously managed independently to come up with the tune to a Beatles song, that tune would not be infringing the Beatles’ copyright, since it did not copy the song—it was independently invented. It is this virtue of copyright law that allowed Richard Stallman to begin the free software movement’s effort to reproduce Unix’s functionality without infringing its copyright by simply creating new code from scratch that acts the same way that Unix’s code does.

Not only does patent not have such a limitation, but it also applies to the abstract concepts expressed in code, rather than to a specific set of code.⁶⁹ Thus, someone can sit down to write some software in an empty room and, by that act, infringe multiple patents. Patent infringement can be asserted without having to claim appropriation of any code. For example, Microsoft has said that it believes that pieces of GNU/Linux infringe its patents, though it has not sued anyone over it.⁷⁰ Microsoft may well be right, given the number and breadth of patents it possesses. So far the best protection against copyright or patent infringement for a contributor to a free software project is that he or she is not worth suing; litigation can be expensive for the plaintiff, and any victory hollow if the defendant cannot pay. The principle of tolerated uses comes back into play, not necessarily because patent holders are uncertain whether others’ uses are good or bad for them, but because the others are simply not worth suing. Certainly many amateur programmers seem undeterred by the prospect of patent infringement, and there is evidence that young commercial software firms plunge blithely ahead with innovations without being concerned about the risks of patent infringement.⁷¹

This is not an ideal state of affairs for anyone. If those who see value in software patents are correct, infringement is rampant. And to those who think patents are chilling innovation, the present regime needs reform. To be sure, amateurs who do not have houses to lose to litigation can still contribute to free software projects. Others can contribute anonymously, evading any claims of patent infringement since they simply cannot be found. But this turns coding into a gray market activity, eliminating what otherwise could be a thriving middle class of contributing firms should patent warfare ratchet into high gear. There may only be a working class of individual coders not worth suing and an upper class of IBMs—companies powerful enough to fight patent infringement cases without blinking.

The law can help level the playing field without major changes to the scopes of copyright or patent. Statutes of limitations define how quickly someone must come forward to claim that the law has been broken. For patent infringement in the United States, the limit is six years; for civil copyright infringement it is three.⁷² Unfortunately, this limit has little meaning for computer code because the statute of limitations starts from the time of the last infringement. Every time someone copies (or perhaps even runs) the code, the clock starts ticking again on a claim of infringement. This should be changed. The statute of limitations could be clarified for software, requiring that anyone who suspects or should suspect his or her work is being infringed sue within, for instance, one year of becoming aware of the suspect code. For example, the acts of those who contribute to free software projects—namely, releasing their code into a publicly accessible database like SourceForge—could be found to be enough to start the clock ticking on that statute of limitations.⁷³ The somewhat obscure common-law defense of laches is available when plaintiffs sleep on their rights—sandbagging in order to let damages rack up—and it also might be adapted to this purpose.⁷⁴

In the absence of such a rule, companies who think their proprietary interests have been compromised can wait to sue until a given piece of code has become wildly popular—essentially sandbagging the process. This proposed modification to the statute of limitations will still allow the vindication of proprietary rights, but users and developers of a particular version of code will know that lawsuits will be precluded after a specific interval of time. A system that requires those holding proprietary interests to advance them promptly will remove a significant source of instability and uncertainty from the freewheeling development processes that have given us—truly given, because no remuneration has been sought—everything from GNU/Linux to the Apache Web server to wikis. This approach would also create extra incentives for those holding proprietary code to release the source code so that the clock could start counting down on any infringement claims against it.⁷⁵

The legal uncertainties in the process of writing and distributing new code currently express themselves most in the seams stitching together the worlds of amateur and commercial software production and use. With no change to copyright or patent, the amateur production of free software will likely continue; it is the adoption and refinement of the fruits of that production by commercial firms that is most vulnerable to claims of proprietary infringement. The uptake of generative outputs by commercial firms has been an important part of the generative cycle from backwater to mainstream. Interventions in the legal regimes to facilitate it—while offering redress for those whose proprietary rights have been infringed, so long as claims are made promptly—would help negotiate a better interface between generative and non-generative.

Content Thickets

Thickets similar to those found at the code layer also exist at the content layer. While patent does not significantly affect content, legal scholars Lawrence Lessig and Yochai Benkler, as well as others, have underscored that even the most rudimentary mixing of cultural icons and elements, including snippets of songs and video, can potentially result in thousands of dollars in legal liability for copyright infringement without causing any harm to the market for the original proprietary goods.⁷⁶ Benkler believes that the explosion of amateur creativity online has occurred despite the legal system, not thanks to it.⁷⁷ The high costs of copyright enforcement and the widespread availability of tools to produce and disseminate what he calls “creative cultural bricolage”⁷⁸—something far more subtle and transformative than merely ripping a CD and sending its contents to a friend—currently allow for a variety of voices to be heard even when what they are saying is theoretically sanctionable by fines between $750 and $30,000 per copy made, $150,000 if the infringement contained within their expression is done “willfully.”⁷⁹ As with code, this situation shoehorns otherwise laudable activity into a sub-rosa gray zone. The frequent unlawfulness of amateur creativity may be appealing to those who see it as a countercultural movement, like that of graffiti—part of the point of doing it is that it is edgy or illegal. It may even make the products of amateur cultural innovation less co-optable by the mainstream industrial information economy, since it is hard to clear rights for an anonymous film packing in images and sounds from hundreds of different sources, some proprietary.

But if prevention of commercial exploitation is the goal of some authors, it is best to let them simply structure their licenses to preclude it. Authors can opt to share their work under Creative Commons licenses that restrict commercial reuse of the work, while permitting limitless noncommercial use and modification by others.⁸⁰

Finding ways through content thickets as Benkler and his cohort suggest is especially important if tethered appliances begin to take up more of the information space, making information that much more regulable. In a more regulable space the gap between prohibited uses and tolerated uses shrinks, creating the prospect that content produced by citizens who cannot easily clear permissions for all its ingredients will be squeezed out.

MAINTAINING REGULATORS’ TOLERANCE OF GENERATIVE SYSTEMS

Individual Liability Instead of Technology Mandates

As the capacity to inflict damage on “real world” interests increases with the Internet’s reach and with the number of valuable activities reliant upon it, the imperatives to take action will also increase. As both generative and non-generative devices maintain constant contact with various vendors and software providers, regulators may seek to require those manufacturers to shape the services they offer more precisely, causing a now-familiar wound to generativity.

One way to reduce pressure on institutional and technological gatekeepers is to ensure that individual wrongdoers can be held directly responsible. Some piecemeal solutions to problems such as spam take this approach. ISPs are working with makers of major PC e-mail applications to provide for forms of sender authentication.⁸¹ A given domain can, using public key encryption tools, authenticate that it is indeed the source of e-mail it sends. With Sender ID, e-mail purporting—but not proved—to be from a user at yahoo.com can be so trivially filtered as spam that it will no longer be worthwhile to send. This regime will hold ISPs more accountable for the e-mail that originates on their networks because they will find themselves shunned by other ISPs if they permit excessive anonymous spam—a system similar to the MAPS and Google/ StopBadware regimes discussed in the previous chapter. This opportunity for greater direct liability reduces the pressure on those processing incoming e-mail—both the designated recipients and their ISPs—to resort to spam filtration heuristics that may unintentionally block legitimate e-mail.⁸²

The same principle can apply to individuals’ uses of the Internet that are said to harm legally protected interests. Music industry lawsuits against individual file sharers may be bad policy if the underlying substantive law demarcating the protected interest is itself ill-advised—and there are many reasons to think that it is—but from the point of view of generativity, such lawsuits inflict little damage on the network and PCs themselves. The Internet’s future may be brighter if technology permits easier identification of Internet users combined with legal processes, and perhaps technical limitations, to ensure that such identification occurs only when good cause exists. The mechanisms to make it less than impossible to find copyright infringers and defamers ought not to make it trivial for authoritarian states to single out subversives.

As the discussion of FON explained, a growing number of Internet users are acquiring wireless routers that default to sharing their connection with anyone nearby who has a PC configured with a wireless antenna. Consumers may not intend to open their networks, but doing so creates generative benefits for those nearby without their own Internet access.⁸³ Usage by others does not typically impede the original consumer’s enjoyment of broadband, but should outsiders use that connection, say, to send viruses or to pirate copyrighted files, the original consumer could be blamed when the Internet connection is traced.⁸⁴ Current legal doctrine typically precludes such blame—nearly all secondary liability schemes require some form of knowledge or benefit before imposing responsibilities⁸⁵—but a sea change in the ability of lawbreakers to act untraceably by using others’ wi-fi could plausibly result in an adjustment to doctrine.

As such examples arise and become well known, consumers will seek to cut off others’ access to their surplus network resources, and the manufacturers of wireless routers might change the default to closed. If, however, genuine individual identity can be affirmed in appropriate circumstances, wi-fi sharing need not be impeded: each user will be held responsible for his or her own actions and no more. Indeed, the FON system of sharing wireless access among members of the “FON club” maintains users’ accounts for the purpose of identity tracing in limited circumstances—and to prevent additional pressure on regulators to ban FON itself. Such identification schemes need not be instant or perfect. Today’s status quo requires a series of subpoenas to online service providers and ISPs to discern the identity of a wrongdoer. This provides balance between cat and mouse, a space for tolerated uses described in Chapter Five, that precludes both easy government abuse of personal privacy and outright anarchy.

Beyond the Law

Regimes of legal liability can be helpful when there is a problem and no one has taken ownership of it. When a manufacturing plant pollutes a stream, it ought to pay—to internalize the negative externality it is inflicting on others by polluting. No one fully owns today’s problems of copyright infringement and defamation online, just as no one fully owns security problems on the Net. But the solution is not to conscript intermediaries to become the Net police. Under prevailing law Wikipedia could get away with much less stringent monitoring of its articles for plagiarized work, and it could leave plainly defamatory material in an article but be shielded in the United States by the Communications Decency Act provision exempting those hosting material from responsibility for what others have provided.⁸⁶

Yet Wikipedia polices itself according to an ethical code—a set of community standards that encourages contributors to do the right thing rather than the required thing or the profitable thing. To harness Wikipedia’s ethical instinct across the layers of the generative Internet, we must figure out how to inspire people to act humanely in digital environments that today do not facilitate the appreciative smiles and “thank yous” present in the physical world. This can be accomplished with tools—such those discussed in the previous chapter and those yet to be invented—to foster digital environments that inspire people to act humanely. For the generative Internet fully to come into its own, it must allow us to harness the connections we have with each other, to coordinate when we have the time, talent, and energy, and to benefit from others’ coordination when we do not. Such tools allow us to express and live our civic instincts online, trusting that the expression of our collective character will be one at least as good as that imposed by outside sovereigns—sovereigns who, after all, are only people themselves.

To be sure, this expression of collective character will not always be just, even if participants seek to act in good faith. Some users have begun to deploy tools like Blossom, whereby individual PC users can agree to let their Internet connections be used so that others can see the Internet from their point of view.⁸⁷ As states increasingly lean on their domestic ISPs and overseas online service providers to filter particular content, a tool like Blossom can allow someone in China to see the Internet as if he or she were a New Yorker, and vice versa. But such a tool undermines individual state sovereignty worldwide, just as a tool to facilitate filtering can be deployed to encroach on fundamental freedoms when ported to regimes that do not observe the rule of law. A tool like Blossom not only makes it hard for China to filter politically sensitive content, but it prevents Germany and France from filtering images of Nazi swastikas, and it gets in the way of attempts by copyright holders to carve the world into geographic zones as they seek to release online content in one place but not another: the New York Times could not as easily provide an article with an update about a British criminal investigation everywhere but within Britain, as it recently did to respect what it took to be the law of the United Kingdom on pretrial publicity.⁸⁸

Tools like Blossom, which succeed only as much as netizens are impelled to want to adopt them, ask the distributed users of the Internet to decide, one by one, how much they are willing to create a network to subvert the enforcement of central authorities around the world.⁸⁹ Each person can frame a view balancing the risks of misuse of a network against the risks of abuse of a sovereign’s power to patrol it, and devote his or her processor cycles and network bandwidth accordingly. Lessig is chary of such power, thinking of these tools as “technological tricks” that short-circuit the process of making the case in the political arena for the substantive values they enable.⁹⁰ But this disregards a kind of acoustic separation found in a society that is not a police state, by which most laws, especially those pertaining to personal behavior, must not only be entered on to the books, but also reinforced by all sorts of people, public and private, in order to have effect.⁹¹ Perhaps it is best to say that neither the governor nor the governed should be able to monopolize technological tricks. We are better off without flat-out trumps that make the world the way either regulator or target wants it to be without the need for the expenditure of some effort and cooperation from others to make it so. The danger of a trump is greater for a sterile system, where a user must accept the system as it is if he or she is to use it at all, than for the tools developed for a generative one, where there is a constant— perhaps healthy—back-and-forth between tools to circumvent regulation and tools to effect the regulation anyway.⁹² The generative Internet upholds a precious if hidden dynamic where a regulator must be in a relationship with both those regulated and those who are needed to make the regulation effective. This dynamic is not found solely within the political maneuvers that transpire in a liberal democracy to put a law in place at the outset.

Today our conception of the Internet is still largely as a tool whose regulability is a function of its initial design, modified by the sum of vectors to rework it for control: as Lessig has put it, code is law, and commerce and government can work together to change the code. There is a hierarchy of dogs, cats, and mice: Governments might ask ISPs to retain more data or less about their users; individual users might go to greater or lesser lengths to cloak their online activities from observation by their ISPs.⁹³ Tethered appliances change the equation’s results by making life far easier for the dogs and cats. Tools for group generativity can change the equation itself, but in unpredictable directions. They allow the level of regulability to be affected by conscious decisions by the mice about the kind of online world they want, not only for themselves but for others. If there is apathy about being able to experience the Internet as others do elsewhere, tools like Blossom will not be able to sustain much traffic, and the current level of regulability of the Internet will remain unchanged. If there is a wellspring of interest on this front, it can become easy to evade geographic restrictions.

One objection to the unfettered development of generative tools that can defy centralized authority in proportion to the number and passion of those willing to use them is that there are large groups of people who would be empowered to do ill with them. Criminal law typically penalizes conspiracy as a separate crime because it recognizes that the whole can be bigger than the sum of the parts—people working in concert can create more trouble than when they each act alone. Continued pressure on public file-sharing networks has led to fully realized “darknets,” semi-private systems whose sole purpose is to enable the convenient sharing of music and other content irrespective of copyright.⁹⁴ For example, a network called Oink incorporates many of the community features of Wikipedia without being open to the public.⁹⁵ People may join only on invitation from an existing member. Oink imposes strict rules on the sharing of files to ensure maximum availability: users must maintain a certain ratio of uploaded-to-downloaded material. Those who fall short risk being cut off from the service—and the penalty may also be applied to the members who sponsored them. The Oink service has none of the difficulties of the public networks, where files are nominated for takedown as they are discovered by publishers’ automated tools, and where publishers have inserted decoy files that do not contain what they promise.⁹⁶ Oink is easier and faster to use than the iTunes store. And, of course, it is cheaper because it is free. If there are enough people to see to the creation and maintenance of such a community—still one primarily of strangers—is it a testament to the dangers of group generativity or to the fact that the current application of copyright law finds very little legitimacy?

One’s answer may differ to the extent that similar communities exist for people to share stolen credit card numbers or images of child abuse. If such communities do not exist it suggests that a change to copyright’s policy and business model could eliminate the most substantial disjunct between laws common to free societies and the online behavior of their citizens.⁹⁷ Here there is no good empirical data to guide us. But the fact remains that so long as these communities are as semi-open as they must be in order to achieve a threatening scale— ready to accept new members who are not personally known to existing ones— they are in a position to be infiltrated by law enforcement. Private Yahoo! groups whose members trade in images of child abuse—a far less sophisticated counterpart to Oink’s community of copyright infringers—are readily monitored.⁹⁸ This monitoring could take place by Yahoo! itself, or in a decentralized model, by even one or two members who have second thoughts—practically anyone is in a position to compromise the network. As theories multiply about the use of the Internet as a terrorist recruiting tool,⁹⁹ we can see the downside to criminals as well: open networks cannot keep secrets very well. (The use of the Internet for more specialized conspiracies that do not depend on semi-public participation for their success is likely here to stay; sophisticated criminals can see to it that they retain generative devices even if the mainstream public abandons them.)

Wikipedia, as a tool of group generativity, reflects the character of thousands of people. Benkler compares Wikipedia’s entry on Barbie dolls to that of other encyclopedias developed in more traditional ways, and finds that most of the others fail to make mention of any of the controversies surrounding Barbie as a cultural icon.¹⁰⁰ Wikipedia has extensive discussion on the topic, and Britannica has a share, too. Benkler freely concedes that a tool of group generativity like Wikipedia is not the only way to include important points of view that might not accord with the more monolithic views of what he calls the “industrial information economy.” More traditional institutions, such as universities, have established a measure of independence, too. And he also acknowledges that tools of group generativity can be abused by a group; there can be powerful norms that a majority enforces upon a minority to squelch some views. But he rightly suggests that the world is improved by a variety of models of production of culture, models that draw on different incentives, with different biases, allowing people to be exposed to a multiplicity of viewpoints, precluding a monopoly on truth. The same can be true of our technology, here the technology that undergirds our access to those viewpoints, and our ability to offer our own.

Can groups be trusted to behave well in the absence of formal government to rein in their excesses?¹⁰¹ The story of the American Revolution is sometimes romantically told as one in which small communities of virtue united against a common foe, and then lost their way after the revolution succeeded. Virtue gave way to narrow self-interest and corruption. The mechanisms of due process and separation of powers adapted by Madison to help substitute the rule of law for plain virtue will have to be translated into those online communities empowered with generative tools to govern themselves and to affect the larger offline world. Using the case of privacy, the next chapter seeks to sketch out some of the puzzles raised by the use of the powerful tools that this book has advocated to bring the generative Net fully into its own. Privacy problems that have been stable for the past thirty-five years are being revolutionized by the generative Internet, and how they are handled will tell us much about the future of the Net and our freedoms within and from it.

Shows on channels other than those part of networks with big audiences, or at times of the day when most people were not watching TV, had less investment and lower production values. Their actors or presenters were not A-list. Flaws in the shows would prove them not ready for prime time—now a metaphor to mean anything that has not been buffed and polished to a fine, predictable shine. “Not ready” has the virtue of suggesting that someday a B-list program could be ready, vaulting from the backwaters to the center stage. And prime time concedes that there are other times beside it: there are backwaters that are accessible to masses of people so long as they are willing to surf to an unfamiliar channel or stay up a little later than usual.

To be sure, while the barriers to getting a show on an obscure network were less than those to landing a show on a major one, they were still high. And with only a handful of networks that people watched in prime time, the definitions of what was worthy of prime time ended up a devastatingly rough aggregation of preferences. There was not much room for programs finely honed to niche markets. TV’s metaphor is powerful in the Internet space. As we have seen, the generative Internet allows experimentation from all corners, and it used to be all backwater and no prime time.

Now that the generative PC is so ubiquitous and its functions so central to both leisure and commerce, much of what it offers happens in prime time: a set of core applications and services that people are anxious to maintain. Links between backwater and prime time are legion; today’s obscure but useful backwater application can find itself wildly popular and relied upon overnight. No intervention is needed from network executives running some prime time portion of the Internet, and realizing that there is something good going on among the farm teams that deserves promotion to the major league. The Net was built without programming executives, and its users have wide latitude to decide for themselves where they would like to go that day.

The first major challenge in preserving the generative Net, then, is to reconcile its role as a boisterous laboratory with its role as a purveyor of prime time, ensuring that inventions can continue to move easily from one to the other. Today our prime time applications and data share space with new, probationary ones, and they do not always sit well together. There are some technical inspirations we can take from successes like Wikipedia that, with enough alert users, can help.

THE RED AND THE GREEN

Wikis are designed so that anyone can edit them. This entails a risk that people will make bad edits, through either incompetence or malice. The damage that can be done, however, is minimized by the wiki technology, because it allows bad changes to be quickly reverted. All previous versions of a page are kept, and a few clicks by another user can restore a page to the way it was before later changes were made. Our PCs can be similarly equipped. For years Windows XP (and now Vista) has had a system restore feature, where snapshots are taken of the machine at a moment in time, allowing later bad changes to be rolled back. The process of restoring is tedious, restoration choices can be frustratingly all-or-nothing, and the system restore files themselves can become corrupted, but it represents progress. Even better would be the introduction of features that are commonplace on wikis: a quick chart of the history of each document, with an ability to see date-stamped sets of changes going back to its creation. Because our standard PC applications assume a safer environment than really exists, these features have never been demanded or implemented. Because wikis are deployed in environments prone to vandalism, their contents are designed to be easily recovered after a problem.

The next stage of this technology lies in new virtual machines, which would obviate the need for cyber cafés and corporate IT departments to lock down their PCs. Without virtual machine technology, many corporate IT departments relegate most employees to the status of guests on their own PCs, unable to install any new software, lest it turn out to be bad. Such lockdown reduces the number of calls to the helpdesk, as well as the risk that a user might corrupt or compromise a firm’s data. (Perhaps more precisely, calls for help become calls for permission.) Similarly, cyber cafés and libraries want to prevent one user’s ill-advised actions from cascading to future users. But lockdown eliminates the good aspects of the generative environment.

In an effort to satisfy the desire for safety without full lockdown, PCs could be designed to pretend to be more than one machine, capable of cycling from one split personality to the next. In its simplest implementation, we could divide a PC into two virtual machines: “Red” and “Green.”¹ The Green PC would house reliable software and important data—a stable, mature OS platform and tax returns, term papers, and business documents. The Red PC would have everything else. In this setup, nothing that happens on one PC could easily affect the other, and the Red PC could have a simple reset button that sends it back to a predetermined safe state. Someone could confidently store important data on the Green PC and still use the Red PC for experimentation. Knowing which virtual PC to use would be akin to knowing when a sport utility vehicle should be placed into four-wheel drive mode instead of two-wheel drive, a decision that mainstream users could learn to make responsibly and knowledgeably.

A technology that splits the difference between lockdown and openness means that intermediaries could afford to give their end users more flexibility—which is to say, more opportunity to run others’ code. Indeed, the miniaturization of storage means that users could bring their own system on a keychain (or download it from a remote site) to plug into a library or café’s pro- cessing unit, screen, and network connection—a rediscovery of the hobbyist PC and its own modularization that made it better and cheaper than its appliancized counterparts.

There could be a spectrum of virtual PCs on one unit, one for each member of the family. Already, most consumer operating systems enable separate login names with customized desktop wallpaper and e-mail accounts for each user.² If the divide were developed further, a parent could confidently give her twelve-year-old access to the machine under her own account and know that nothing that the child could do—short of hurling the machine out the window— would hurt the data found within the other virtual PCs.³ (To be sure, this does not solve problems at the social layer—of what activities children may undertake to their detriment once online.)

Easy reversion, coupled with virtual PCs, seeks to balance the experimentalist spirit of the early Internet with the fact that there are now important uses for those PCs that we do not want to disrupt. Still, this is not a complete solution. The Red PC, despite its experimental purpose, might end up accumulating data that the user wants to keep, occasioning the need for what Internet architect David Clark calls a “checkpoint Charlie” to move sensitive data from Red to Green without also carrying a virus or anything else undesirable that could hurt the Green PC.⁴ There is also the question of what software can be deemed safe for Green—which is just another version of the question of what software to run on today’s single-identity PCs. If users could competently decide what should go on Red and what on Green, then they could competently decide what to run on today’s simpler machines, partially obviating the need for the virtual PC solution in the first place.

Worse, an infected Red PC still might be capable of hurting other PCs across the network, by sending spam or viruses, or by becoming a zombie PC controlled from afar for any number of other bad purposes. Virtualization technology eases some of the sting to users of an experimental platform whose experiments sometimes go awry, but it does not do much to reduce the burdens—negative externalities—that such failures can place on everyone else.

Most fundamentally, many of the benefits of generativity come precisely thanks to an absence of walls. We want our e-mail programs to have access to any document on our hard drive, so that we can attach it to an e-mail and send it to a friend. We want to edit music downloaded from a Web site with an audio mixing program and then incorporate it into a presentation. We want to export data from one desktop calendar application to a new one that we might like better. The list goes on, and each of these operations requires the ability to cross the boundaries from one application to another, or one virtual PC to another. For similar reasons, we may be hesitant to adopt complex access control and privilege lists to designate what software can and cannot do.⁵

It is not easy to anticipate what combinations of applications and data we will want in one place, and the benefits of using virtual machines will not always outweigh the confusion and limitations of having them. It is worth trying them out to buy us some more time—but they will not be panaceas. A guiding principle emerges from the Net’s history at the technical layer and Wikipedia’s history at the content layer: an experimentalist spirit is best maintained when failures can be contained as learning experiences rather than catastrophes.

BETTER INFORMED EXPERIMENTS

The Internet’s original design relied on few mechanisms of central control. This lack of control has the added generative benefit of allowing new services to be introduced, and new destinations to come online, without any up-front vetting or blocking, by either private incumbents or public authorities.

With this absence of central control comes an absence of measurement. CompuServe or Prodigy could have reported exactly how many members they had at any moment, because they were centralized. Wikipedia can report the number of registered editors it has, because it is a centralized service run at wikipedia.org. But the Internet itself cannot say how many users it has, because it does not maintain user information. There is no “it” to query. Counting the number of IP addresses delegated is of little help, because many addresses are allocated but not used, while other addresses are shared. For example, QTel is the only ISP in Qatar, and it routes all users’ traffic through a handful of IP addresses. Not only does this make it difficult to know the number of users hailing from Qatar, but it also means that when a site like Wikipedia has banned access from the IP address of a single misbehaving user from Qatar, it inadvertently has banned nearly every other Internet user in Qatar.⁶

Such absence of measurement extends to a lack of awareness at the network level of how much bandwidth is being used by whom. This has been beneficial for the adoption of new material on the Web by keeping the Internet in an “all you can eat” mode of data transmission, which happens when large ISPs peering with one another decide to simply swap data rather than trying to figure out how to charge one another per unit of information exchanged. This absence of measurement is good from a generative point of view because it allows initially whimsical but data-intensive uses of the network to thrive—and perhaps to turn out to be vital. For example, the first online webcams were set up within office cubicles and were about as interesting as watching paint dry. But people could tinker with them because they (and their employers, who might be paying for the network connection) did not have to be mindful of their data consumption. From an economic point of view this might appear wasteful, since non-value-producing but high-bandwidth activities—goldfish bowl cams—will not be constrained. But the economic point of view is at its strongest when there is scarcity, and from nearly the beginning of the Internet’s history there has been an abundance of bandwidth on the network backbones. It is the final link to a particular PC or cluster of PCs—still usually a jury-rigged link on twisted copper wires or coaxial cable originally intended for other purposes like telephone and cable television—that can become congested. And in places where ISPs enjoy little competition, they can further choose to segment their services with monthly caps—a particular price plan might allow only two gigabytes of data transfer per month, with users then compelled to carefully monitor their Internet usage, avoiding the fanciful surfing that could later prove central. In either case, the owner of the PC can choose what to do with that last slice of bandwidth, realizing that watching full screen video might, say, slow down a file transfer in the background. (To be sure, on many broadband networks this final link is shared among several unrelated subscribers, causing miniature tragedies of the commons as a file-sharing neighbor slows down the Internet performance for someone nearby trying to watch on-demand video.)

The ability to tinker and experiment without watching a meter provides an important impetus to innovate; yesterday’s playful webcams on aquariums and cubicles have given rise to Internet-facilitated warehouse monitoring, citizen-journalist reporting from remote locations, and, as explained later in this book, even controversial experiments in a distributed neighborhood watch system where anyone can watch video streamed from a national border and report people who look like they are trying to cross it illegally.⁷

However, an absence of measurement is starting to have generative drawbacks. Because we cannot easily measure the network and the character of the activity on it, we are left incapable of easily assessing and dealing with threats from bad code without laborious and imperfect cooperation among a limited group of security software vendors. It is like a community in which only highly specialized private mercenaries can identify crimes in progress and the people who commit them, with the nearby public at large ignorant of the transgressions until they themselves are targeted.

Creating a system where the public can help requires work from technologists who have more than a set of paying customers in mind. It is a call to the academic environment that gave birth to the Net, and to the public authorities who funded it as an investment first in knowledge and later in general infrastructure. Experiments need measurement, and the future of the generative Net depends on a wider circle of users able to grasp the basics of what is going on within their machines and between their machines and the network.

What might this system look like? Roughly, it would take the form of toolkits to overcome the digital solipsism that each of our PCs experiences when it attaches to the Internet at large, unaware of the size and dimension of the network to which it connects. These toolkits would have the same building blocks as spyware, but with the opposite ethos: they would run unobtrusively on the PCs of participating users, reporting back—to a central source, or perhaps only to each other—information about the vital signs and running code of that PC that could help other PCs figure out the level of risk posed by new code. Unlike spyware, the code’s purpose would be to use other PCs’ anonymized experiences to empower the PC’s user. At the moment someone is deciding whether to run some new software, the toolkit’s connections to other machines could say how many other machines on the Internet were running the code, what proportion of machines of self-described experts were running it, whether those experts had vouched for it, and how long the code had been in the wild. It could also signal the amount of unattended network traffic, pop-up ads, or crashes the code appeared to generate. This sort of data could become part of a simple dashboard that lets the users of PCs make quick judgments about the nature and quality of the code they are about to run in light of their own risk preferences, just as motor vehicle drivers use their dashboards to view displays of their vehicle’s speed and health and to tune their radios to get traffic updates.

Harvard University’s Berkman Center and the Oxford Internet Institute—multidisciplinary academic enterprises dedicated to charting the future of the Net and improving it—have begun a project called StopBadware, designed to assist rank-and-file Internet users in identifying and avoiding bad code.⁸ The idea is not to replicate the work of security vendors like Symantec and McAfee, which seek to bail new viruses out of our PCs faster than they pour in. Rather, it is to provide a common technical and institutional framework for users to devote some bandwidth and processing power for better measurement: to let us know what new code is having what effect amid the many machines taking it up. Not every PC owner is an expert, but each PC is a precious guinea pig—one that currently is experimented upon with no record of what works and what does not, or with the records hoarded by a single vendor. The first step in the toolkit is now available freely for download: “Herdict.” Herdict is a small piece of software that assembles the vital signs described above, and places them in a dashboard usable by mainstream PC owners. These efforts will test the hypothesis that solutions to generative problems at the social layer might be applicable to the technical layer—where help is desperately needed. Herdict is an experiment to test the durability of experiments.⁹ And it is not alone. For example, Internet researchers Jean Camp and Allan Friedman have developed the “good neighbors” system to allow people to volunteer their PCs to detect and patch vulnerabilities among their designated friends’ PCs.¹⁰

The value of aggregating data from individual sources is well known. Yochai Benkler approvingly cites Google Pagerank algorithms over search engines whose results are auctioned, because Google draws on the individual linking decisions of millions of Web sites to calculate how to rank its search results.¹¹ If more people are linking to a Web site criticizing Barbie dolls than to one selling them, the critical site will, all else equal, appear higher in the rankings when a user searches for “Barbie.” This concept is in its infancy at the application layer on the PC. When software crashes on many PC platforms, a box appears asking the user whether to send an error report to the operating system maker. If the user assents, and enough other users reported a similar problem, sometimes a solution to the problem is reported back from the vendor. But these implementations are only halfway there from a generative standpoint. The big institutions doing the gathering—Google because it has the machines to scrape the entire Web; Microsoft and Apple because they can embed error reporting in their OSes—make use of the data (if not the wisdom) of the crowds, but the data is not further shared, and others are therefore unable to make their own interpretations of it or build their own tools with it. It is analogous to Encarta partially adopting the spirit of Wikipedia, soliciting suggestions from readers for changes to its articles, but not giving any sense of where those suggestions go, how they are used, or how many other suggestions have been received, what they say, or why they say it.

A full adoption of the lessons of Wikipedia would be to give PC users the opportunity to have some ownership, some shared stake, in the process of evaluating code, especially because they have a stake in getting it right for their own machines. Sharing useful data from their PCs is one step, but this may work best when the data is going to an entity committed to the public interest of solving PC security problems, and willing to share that data with others who want to take a stab at solving them. The notion of a civic institution here does not necessarily mean cumbersome governance structures and formal lines of authority so much as it means a sense of shared responsibility and participation.¹² It is the opposite of the client service model in which one calls a helpline and for a fee expects to be helped—and those who do not pay receive no help. Instead, it is the volunteer fire department or neighborhood watch where, while not everyone is able to fight fires or is interested in watching, a critical mass of people are prepared to contribute, and such contributions are known to the community more broadly.¹³ A necessary if not sufficient condition to fighting the propagation of bad code as a social problem is to allow people to enter into a social configuration in order to attack it.

These sorts of solutions are not as easily tried for tethered appliances, where people make a decision only about whether to acquire them, and the devices are otherwise controlled from afar. Of course, they may not be as necessary, since the appliances are not, by definition, as vulnerable to exploits performed by unapproved code. But tethered appliances raise the concern of perfect enforcement described earlier in this book: they can too readily, almost casually, be used to monitor and control the behavior of their users. When tools drawing on group generativity are deployed, the opposite is true. Their success is dependent on participation, and this helps establish the legitimacy of the project both to those participating and those not. It also means that the generative uses to which the tools are put may affect the number of people willing to assist. If it turned out that the data generated and shared from a PC vital signs tool went to help design viruses, word of this could induce people to abandon their commitment to help. Powerful norms that focus collaborators toward rather than against a commitment to the community are necessary. This is an emerging form of netizenship, where tools that embed particular norms grow more powerful with the public’s belief in the norms’ legitimacy.

It is easy for Internet users to see themselves only as consumers whose participation is limited to purchasing decisions that together add up to a market force pushing one way or another. But with the right tools, users can also see themselves as participants in the shaping of generative space—as netizens. This is a crucial reconception of what it means to go online. The currency of cyberspace is, after all, ideas, and we shortchange ourselves if we think of ideas to be, in the words of Electronic Frontier Foundation co-founder John Perry Barlow, merely “another industrial product, no more noble than pig iron,”¹⁴ broadcast to us for our consumption but not capable of also being shaped by us. If we insist on treating the Net as an invisible conduit, capable of greater or lesser bandwidth but otherwise meant to be invisible, we naturally turn to service providers with demands to keep it working, even when the problems arising are social in nature.

RECRUITING HELP AT THE BARRICADES: THE GENERATIVITY PRINCIPLE AND THE LIMITS OF END-TO-END NEUTRALITY

Some commentators believe that software authors and operating system makers have it easy.¹⁵ They produce buggy code open to viruses and malware, but they are not held accountable the way that a carmaker would be for a car whose wheels fell off, or a toaster maker would be if its toasters set bread on fire.¹⁶ Why should there be a difference? The security threats described in this book might be thought so pervasive and harmful that even if they do not physically hurt anyone, software makers ought to pay for the harm their bugs cause.

This is already somewhat true of information appliances. If a TiVo unit did not operate as promised—suppose it simply crashed and failed to record any television programs—the law of warranty would quickly come into play. If the TiVo unit were new enough, the company would make good on a repair or replacement.¹⁷ Yet this simple exchange rarely takes place after the purchase of a standard generative PC. Suppose a new PC stops functioning: after a week of using it to surf the Internet and send e-mail, the consumer turns it on and sees only a blue error screen.¹⁸ Unless smoke pours out of the PC to indicate a genuine hardware problem, the hardware manufacturer is likely to diagnose the problem as software-related. The operating system maker is not likely to be helpful. Because the user no doubt installed software after purchasing the machine, pinpointing the problem is not easy. In particularly difficult cases, the OS maker will simply suggest a laborious and complete reinstallation of the OS, wiping clean all the changes that the consumer has made. Finally, appealing to individual software makers results in the same problem: a software maker will blame the OS maker or a producer of other software found on the machine.

So why not place legal blame on each product maker and let them sort it out? If the consumer is not skilled enough to solve PC security problems or wealthy enough to pay for someone else to figure it out, a shifting of legal responsibility to others could cause them to create and maintain more secure software and hardware. Unfortunately, such liability would serve only to propel PC lockdown, reducing generativity. The more complex that software is, the more difficult it is to secure it, and allowing third parties to build upon it increases the complexity of the overall system even if the foundation is a simple one. If operating system makers were liable for downstream accidents, they would start screening who can run what on their platforms, resulting in exactly the non-generative state of affairs we want to avoid. Maintainers of technology platforms like traditional OS makers and Web services providers should be encouraged to keep their platforms open and generative, rather than closed to eliminate outside sources of malware or to facilitate regulatory control, just as platforms for content built on open technologies are wisely not asked to take responsibility for everything that third parties might put there.¹⁹

Hardware and OS makers are right that the mishmash of software found on even a two-week-old Internet-exposed PC precludes easily identifying the source of many problems. However, the less generative the platform already is, the less there is to lose by imposing legal responsibility on the technology provider to guarantee a functioning system. To the extent that PC OSes do control what programs can run on them, the law should hold OS developers responsible for problems that arise, just as TiVo and mobile phone manufacturers take responsibility for issues that arise with their controlled technologies.

If the OS remains open to new applications created by third parties, the maker’s responsibility should be duly lessened. It might be limited to providing basic tools of transparency that empower users to understand exactly what their machines are doing. These need not be as sophisticated as Herdict aims to be. Rather, they could be such basic instrumentation as what sort of data is going in and out of the box and to whom. A machine turned into a zombie will be communicating with unexpected sources that a free machine will not, and insisting on better information to users could be as important as providing a speedometer on an automobile—even if users do not think they need one.

Such a regime permits technology vendors to produce closed platforms but encourages them to produce generative platforms by scaling liabilities accordingly. Generative platform makers would then be asked only to take certain basic steps to make their products less autistic: more aware of their digital surroundings and able to report what they see to their users. This tracks the intuition behind secondary theories of liability: technology makers may shape their technologies largely as they please, but the configurations they choose then inform their duties and liabilities.²⁰

Apart from hardware and software makers, there is another set of technology providers that reasonably could be asked or required to help: Internet Service Providers. So far, like PC, OS, and software makers, ISPs have been on the sidelines regarding network security. The justification for this—apart from the mere explanation that ISPs are predictably and rationally lazy—is that the Internet was rightly designed to be a dumb network, with most of its features and complications pushed to the endpoints. The Internet’s engineers embraced the simplicity of the end-to-end principle (and its companion, the procrastination principle) for good reasons. It makes the network more flexible, and it puts designers in a mindset of making the system work rather than anticipating every possible thing that could go wrong and trying to design around or for those things from the outset.²¹ Since this early architectural decision, “keep the Internet free” advocates have advanced the notion of end-to-end neutrality as an ethical ideal, one that leaves the Internet without filtering by any of its intermediaries. This use of end-to-end says that packets should be routed between the sender and the recipient without anyone stopping them on the way to ask what they contain.²² Cyberlaw scholars have taken up end-to-end as a battle cry for Internet freedom,²³ invoking it to buttress arguments about the ideological impropriety of filtering Internet traffic or favoring some types or sources of traffic over others.

These arguments are powerful, and end-to-end neutrality in both its technical and political incarnations has been a crucial touchstone for Internet development. But it has its limits. End-to-end does not fully capture the overall project of maintaining openness to contribution from unexpected and unaccredited sources. Generativity more fundamentally expresses the values that attracted cyberlaw scholars to end-to-end in the first place.

According to end-to-end theory, placing control and intelligence at the edges of a network maximizes not just network flexibility, but also user choice.²⁴ The political implication of this view—that end-to-end design preserves users’ freedom, because the users can configure their own machines however they like—depends on an increasingly unreliable assumption: whoever runs a machine at a given network endpoint can readily choose how the machine will work. To see this presumption in action, consider that in response to a network teeming with viruses and spam, network engineers recommend more bandwidth (so the transmission of “deadweights” like viruses and spam does not slow down the much smaller proportion of legitimate mail being carried by the network) and better protection at user endpoints, rather than interventions by ISPs closer to the middle of the network.²⁵ But users are not well positioned to painstakingly maintain their machines against attack, leading them to prefer locked-down PCs, which carry far worse, if different, problems. Those who favor end-to-end principles because an open network enables generativity should realize that intentional inaction at the network level may be self-defeating, because consumers may demand locked-down endpoint environments that promise security and stability with minimum user upkeep. This is a problem for the power user and consumer alike.

The answer of end-to-end theory to threats to our endpoints is to have them be more discerning, transforming them into digital gated communities that must frisk traffic arriving from the outside. The frisking is accomplished either by letting next to nothing through—as is the case with highly controlled information appliances—or by having third-party antivirus firms perform monitoring, as is done with increasingly locked-down PCs. Gated communities offer a modicum of safety and stability to residents as well as a manager to complain to when something goes wrong. But from a generative standpoint, these moated paradises can become prisons. Their confinement is less than obvious, because what they block is not escape but generative possibility: the ability of outsiders to offer code and services to users, and the corresponding opportunity of users and producers to influence the future without a regulator’s permission. When endpoints are locked down, and producers are unable to deliver innovative products directly to users, openness in the middle of the network becomes meaningless. Open highways do not mean freedom when they are so dangerous that one never ventures from the house.

Some may cling to a categorical end-to-end approach; doubtlessly, even in a world of locked-down PCs there will remain old-fashioned generative PCs for professional technical audiences to use. But this view is too narrow. We ought to see the possibilities and benefits of PC generativity made available to everyone, including the millions of people who give no thought to future uses when they obtain PCs, and end up delighted at the new uses to which they can put their machines. And without this ready market, those professional developers would have far more obstacles to reaching critical mass with their creations.

Strict loyalty to end-to-end neutrality should give way to a new generativity principle, a rule that asks that any modifications to the Internet’s design or to the behavior of ISPs be made where they will do the least harm to generative possibilities. Under such a principle, for example, it may be preferable in the medium term to screen out viruses through ISP-operated network gateways rather than through constantly updated PCs.²⁶ Although such network screening theoretically opens the door to additional filtering that may be undesirable, this speculative risk should be balanced against the very real threats to generativity inherent in PCs operated as services rather than products. Moreover, if the endpoints remain free as the network becomes slightly more ordered, they remain as safety valves should network filtering begin to block more than bad code.

In the meantime, ISPs are in a good position to help in a way that falls short of undesirable perfect enforcement, and that provides a stopgap while we develop the kinds of community-based tools that can facilitate salutary endpoint screening. There are said to be tens of thousands of PCs converted to zombies daily,²⁷ and an ISP can sometimes readily detect the digital behavior of a zombie when it starts sending thousands of spam messages or rapidly probes a sequence of Internet addresses looking for yet more vulnerable PCs. Yet ISPs currently have little incentive to deal with this problem. To do so creates a two-stage customer service nightmare. If the ISP quarantines an infected machine until it has been recovered from zombie-hood—cutting it off from the network in the process—the user might claim that she is not getting the network access she paid for. And quarantined users will have to be instructed how to clean their machines, which is a complicated business.²⁸ This explains why ISPs generally do not care to act when they learn that they host badware-infected Web sites or consumer PCs that are part of a botnet.²⁹

Whether through new industry best practices or through a rearrangement of liability motivating ISPs to take action in particularly flagrant and egregious zombie situations, we can buy another measure of time in the continuing security game of cat and mouse. Security in a generative system is something never fully put to rest—it is not as if the “right” design will forestall security problems forevermore. The only way for such a design to be foolproof is for it to be nongenerative, locking down a computer the same way that a bank would fully secure a vault by neither letting any customers in nor letting any money out. Security of a generative system requires the continuing ingenuity of a few experts who want it to work well, and the broader participation of others with the goodwill to outweigh the actions of a minority determined to abuse it.

A generativity principle suggests additional ways in which we might redraw the map of cyberspace. First, we must bridge the divide between those concerned with network connectivity and protocols and those concerned with PC design—a divide that end-to-end neutrality unfortunately encourages. Such modularity in stakeholder competence and purview was originally a useful and natural extension of the Internet’s architecture. It meant that network experts did not have to be PC experts, and vice versa. But this division of responsibilities, which works so well for technical design, is crippling our ability to think through the trajectory of applied information technology. Now that the PC and the Internet are so inextricably intertwined, it is not enough for network engineers to worry only about network openness and assume that the endpoints can take care of themselves. It is abundantly clear that many endpoints cannot. The procrastination principle has its limits: once a problem has materialized, the question is how best to deal with it, with options ranging from further procrastination to effecting changes in the way the network or the endpoints behave. Changes to the network should not be categorically off the table.

Second, we need to rethink our vision of the network itself. “Middle” and “endpoint” are no longer subtle enough to capture the important emerging features of the Internet/PC landscape. It remains correct that, from a network standpoint, protocol designs and the ISPs that implement them are the “middle” of the network, as distinct from PCs that are “endpoints.” But the true import of this vernacular of “middle” and “endpoint” for policy purposes has lost its usefulness in a climate in which computing environments are becoming services, either because individuals no longer have the power to exercise meaningful control over their PC endpoints, or because their computing activities are hosted elsewhere on the network, thanks to “Web services.” By ceding decision-making control to government, to a Web 2.0 service, to a corporate authority such as an OS maker, or to a handful of security vendors, individuals permit their PCs to be driven by an entity in the middle of the network, causing their identities as endpoints to diminish. The resulting picture is one in which there is no longer such a clean separation between “middle” and “endpoint.” In some places, the labels have begun to reverse.

Abandoning the end-to-end debate’s divide between “middle” and “endpoint” will enable us to better identify and respond to threats to the Internet’s generativity. In the first instance, this might mean asking that ISPs play a real role in halting the spread of viruses and the remote use of hijacked machines.

This reformulation of our vision of the network can help with other problems as well. For instance, even today consumers might not want or have the ability to fine-tune their PCs. We might say that such fine-tuning is not possible because PCs, though leveraged and adaptable, are not easy for a mass audience to master. Taking the generativity-informed view of what constitutes a network, though, we can conceptualize a variety of methods by which PCs might compensate for this difficulty of mastery, only some of which require centralized control and education. For example, users might be able to choose from an array of proxies—not just Microsoft, but also Ralph Nader, or a public interest organization, or a group of computer scientists, or StopBadware— for guidance on how best to configure their PCs. For the Herdict program described earlier, the ambition is for third parties to contribute their own dashboard gauges—allowing users of Herdict to draw from a market of advisers, each of whom can draw from some combination of the herd’s data and their own expertise to give users advice. The idea is that by reformulating our vision of the network to extend beyond mere “endpoints” and “middles,” we can keep our eyes on the real value at stake: individual freedom to experiment with new code and anything made possible by it, the touchstone of a generative system.

EXTRA-LEGAL INCENTIVES TO SOLVE THE GENERATIVE PROBLEM: FROM WIKIPEDIA TO MAPS AND STOPBADWARE

Some of the suggested solutions here include legal intervention, such as liability for technology producers in certain circumstances. Legal interventions face certain hurdles in the Internet space. One sovereign cannot reach every potentially responsible entity on a global network, and while commercial forces can respond well to legal incentives,³⁰ the amateur technology producers that are so important to a generative system are less likely to shape their behavior to conform to subtle legal standards.

The ongoing success of enterprises like Wikipedia suggests that social problems can be met first with social solutions—aided by powerful technical tools—rather than by resorting to law. As we have seen, vandalism, copyright infringement, and lies on Wikipedia are typically solved not by declaring that vandals are breaking laws against “exceeding authorized access” to Wikipedia or by suits for infringement or defamation, but rather through a community process that, astoundingly, has impact.

In the absence of consistent interventions by law, we also have seen some peer-produced-and-implemented responses to perceived security problems at the Internet’s technical layer, and they demonstrate both the value and drawbacks of a grassroots system designed to facilitate choice by endpoints about with whom to communicate or what software to run.

One example is the early implementation of the Mail Abuse Prevention System (MAPS) as a way of dealing with spam. In the summer of 1997, Internet pioneer Paul Vixie decided he had had enough of spam. He started keeping a list of those IP addresses that he believed were involved in originating spam, discovered through either his own sleuthing or that of others whom he trusted. The first thing he did with the list was make sure the entities on it could not send him e-mail. Next he made his list instantly available over the network so anyone could free-ride off of his effort to distinguish between spammers and nonspammers. In 1999, leading Web-based e-mail provider Hotmail decided to do just that on behalf of its customers.³¹ Thus if Paul Vixie believed a particular mail server to be accommodating a spammer, no one using that server could send e-mail to anyone with an account at hotmail.com. MAPS was also known as the “Realtime Blackhole List,” referring to the black hole that one’s e-mail would enter if one’s outgoing e-mail provider were listed. The service was viewed as a deterrent as much as an incapacitation: it was designed to get people who e-mail (or who run e-mail servers) to behave in a certain way.³²

Vixie was not the only social entrepreneur in this space. Others also offered tools for deciding what was spam and who was sending it, with varying tolerance for appeals from those incorrectly flagged. The Open Relay Behavior-modification System (ORBS) sent automated test e-mails through others’ e-mail servers to figure out who maintained so-called open relays. If ORBS was able to send itself e-mail through another’s server successfully, it concluded that the server could be used to send spam and would add it to its own blacklist. Vixie concluded that the operator of ORBS was therefore also a spammer—for sending the test e-mails. He blackholed them on MAPS, and they blackholed him on ORBS, spurring a brief digital war between these private security forces.³³

Vixie’s efforts were undertaken with what appear to be the best of intentions, and a sense of humility. Vixie expressed reservations about his system even as he continued to develop it. He worried about the heavy responsibilities attendant on private parties who amass the power to affect others’ lives to exercise the power fairly.³⁴ The judgments of one private party about another—perhaps in turn informed by other private parties—can become as life-affecting as the judgments of public authorities, yet without the elements of due process that cabin the actions of public authorities in societies that recognize the rule of law. At the time, being listed on MAPS or other powerful real time blackhole lists could be tantamount to having one’s Internet connection turned off.³⁵

MAPS was made possible by the generative creation and spread of tools that would help interested network administrators combat spam without reliance on legal intervention against spammers. It was a predictable response by a system of users in which strong norms against spamming had lost effectiveness as the Internet became more impersonal and the profits to be gleaned from sending spam increased.³⁶ In the absence of legal solutions or changes at the center of the network, barriers like MAPS could be put in place closer to the end-points, as end-to-end theory would counsel. But MAPS as a generative solution has drawbacks. The first is that people sending e-mail through blackholed servers could not easily figure out why their messages were not being received, and there were no easy avenues for appeal if a perceived spammer wanted to explain or reform. Further, the use of MAPS and other lists was most straightforward when the IP addresses sending spam were either those of avowed spammers or those of network operators with willful ignorance of the spammers’ activities, in a position to stop them if only the operators would act. When spammers adjusted tactics in this game of cat and mouse and moved their spamming servers to fresh IP addresses, the old IP addresses would be reassigned to new, innocent parties—but they would remain blackholed without easy appeal. Some IP addresses could thus become sullied, with people signing on to the Internet having no knowledge that the theoretically interchangeable IP address that they were given had been deemed unwelcome by a range of loosely coordinated entities across the Net.³⁷ Finally, as spammers worked with virus makers to involuntarily and stealthily transform regular Internet users’ machines into ad hoc mail servers spewing spam, users could find themselves blocked without realizing what was going on.

MAPS is just one example of individual decisions being aggregated, or single decisions sent back out to individuals or their proxies for implementation. In 2006, in cooperation with the Harvard and Oxford StopBadware initiative, Google began automatically identifying Web sites that had malicious code hidden in them, ready to infect users’ browsers as soon as they visited the site.³⁸ Some of these sites were set up expressly for the purpose of spreading viruses, but many more were otherwise-legitimate Web sites that had been hacked. For example, the puzzlingly named chuckroast.com sells fleece jackets and other clothing just as thousands of other e-commerce sites do. Visitors can browse chuckroast’s offerings and place and pay for orders. However, hackers had subtly changed the code in the chuckroast site, either by guessing the site owner’s password or by exploiting an unpatched vulnerability in the site’s Web server. The hackers left the site’s basic functionalities untouched while injecting the smallest amount of code on the home page to spread an infection to visitors.

Thanks to the generative design of Web protocols, allowing a Web page to direct users’ browsers seamlessly to pull together data and software from any number of Internet sites to compose a single Web page, the infecting code needed to be only one line long, directing a browser to visit the hacker’s site quietly and deposit and run a virus on the user’s machine.³⁹ Once Google found the waiting exploit on chuckroast’s site, it tagged it every time it came up as a Google search result: “Warning: This site may harm your computer.”⁴⁰ Those who clicked on the link anyway would, instead of being taken to chuckroast.com, get an additional page from Google with a much larger warning and a suggestion to visit StopBadware or pick another page instead of chuckroast’s.

Chuckroast’s visits plummeted after the warning was given, and the site owner was understandably anxious to figure out what was wrong and how to get rid of the warning. But cleaning the site requires leaving the realm of the amateur Web designer and entering the zone of the specialist who knows how to diagnose and clean a virus. Requests for review—which included pleas for help in understanding the problem to begin with—inundated StopBadware researchers, who found themselves overwhelmed in a matter of days by appeals from thousands of Web sites listed.⁴¹ Until StopBadware could check each site and verify it had been cleaned of bad code, the warning page stayed up. Difficult questions were pressed by site owners and users: does Google owe notice to webmasters before—or even after—it lists their sites as being infected and warns Google users away from them? Such notice is not easy to effect, because there is no centralized index of Web site owners, nor a standardized way to reach them. (Sometimes domain name records have a space for such data,⁴² but the information domain name owners place there is often false to throw off spammers, and when true it often reaches the ISP hosting the Web site rather than the Web site owner. When the ISP is alerted, it either ignores the request or immediately pulls the plug on the site—a remedy more drastic than simply warning Google users away from it.) Ideally, such notice would be given after a potentially labor-intensive search for the Web owner, and the site owner would be helped in figuring out how to find and remove the offending code—and secure the site against future hacking. (Chuckroast eliminated the malicious code, and, not long afterward, Google removed the warning about the site.)

Prior to the Google/StopBadware project, no one took responsibility for this kind of security. Ad hoc alerts to webmasters—those running the hacked sites—and their ISPs garnered little reaction. The sites were working fine for their intended purposes even as they were spreading viruses, and site customers would likely not be able to trace infections back to (and thereby blame) the merchant. As one Web site owner said after conceding that his site was unintentionally distributing malware, “Someone had hacked us and then installed something that ran an ‘Active X’ something or rather [sic]. It would be caught with any standard security software like McAfee.”⁴³ In other words, the site owner figured that security against malware was the primary responsibility of his visitors—if they were better defended, they would not have to worry about the exploit that was on his site. (He also said that the exploit was located in a little-used area of his site, and noted that he had not been given notice before a Google warning was placed on links to his page.) With the Google/StopBadware project in full swing, Web site owners have experienced a major shift in incentives, such that the exploit is their problem if they want Google traffic back. That is perhaps more powerful than a law directly regulating them could manage—and it could in turn generate a market for firms that help validate, clean, and secure Web sites.

Still, the justice of Google/StopBadware and similar efforts remains rough, and market forces alone might not make for a desirable level of attention to be given to those wrongly labeled as people or Web sites to be avoided, or properly labeled but unsure where to turn for help to clean themselves up. Google/StopBadware and MAPS are not the only mainstream examples of this kind of effort. Windows Vista’s anti-spyware program displays a welcome screen during installation inviting you to “meet your computer’s new bodyguards.”⁴⁴ These bodyguards advise you what you can and cannot run on your PC if you want to be safe, as far as Microsoft is concerned.

These private programs are serving important functions that might otherwise be undertaken by public authorities—and their very efficiency is what might make them less than fair. Microsoft’s bodyguard metaphor is apt, and most of us rely on the police rather than mercenaries for analogous protection.⁴⁵ The responsibilities when the private becomes the public were addressed in the United States in the 1940s, when the town of Chickasaw, Alabama, was owned lock, stock, and barrel by the Gulf Shipbuilding Corporation. A Jehovah’s Witness was prosecuted for trespass for distributing literature on the town’s streets because they were private property. In a regular town, the First Amendment would have protected those activities. The Supreme Court of the United States took up the situation in Marsh v. Alabama, and held that the private property was to be treated as public property, and the conviction was reversed.⁴⁶ Others have speculated that Marsh offers some wisdom for cyberspace, where certain chokepoints can arise from private parties.⁴⁷ Marsh advises that sometimes the government can defend the individual against a disproportionately powerful private party. This view can put public governments in a position of encouraging and defending the free flow of bits and bytes, rather than seeking to constrain them for particular regulatory purposes. It would be a complex theoretical leap to apply the Marsh substitution of public for private for Paul Vixie’s anti-spam service or Microsoft’s bodyguards—asking each to give certain minimum due process to those they deem bad or malicious, and to be transparent about the judgments they make. It is even harder to apply to a collective power from something like Herdict, where there is not a Paul Vixie or Microsoft channeling it but, rather, a collective peer-to-peer consciousness generating judgments and the data on which they are based. How does one tell a decentralized network that it needs to be mindful of due process?

The first answer ought to be: through suasion. Particularly in efforts like the partnership between Google and StopBadware, public interest entities are involved with a mandate to try to do the right thing. They may not have enough money or people to handle what due process might be thought to require, and they might come to decisions about fairness where people disagree, but the first way to make peace in cyberspace is through genuine discussion and shaping of practices that can then catch on and end up generally regarded as fair. Failing that, law might intrude to regulate not the wrongdoers but those private parties who have stepped up first to help stop the wrongdoers. This is because accumulation of power in third parties to stop the problems arising from the generative pattern may be seen as both necessary and worrisome—it takes a network endpoint famously configurable by its owner and transforms it into a network middle point subject to only nominal control by its owner. The touchstone for judging such efforts should be according to the generative principle: do the solutions encourage a system of experimentation? Are the users of the system able, so far as they are interested, to find out how the resources they control—such as a PC—are participating in the environment? Done well, these interventions can lower the ease of mastery of the technology, encouraging even casual users to have some part in directing it, while reducing the accessibility of those users’ machines to outsiders who have not been given explicit and informed permission by the users to make use of them. It is automatic accessibility by outsiders—whether by vendors, malware authors, or governments—that can end up depriving a system of its generative character as its own users are proportionately limited in their own control.

We need a latter-day Manhattan project, not to build a bomb but to design the tools and conventions by which to continually defuse one. We need a series of conversations, arguments, and experiments whose participants span the spectrum between network engineers and PC software designers, between expert users with time to spend tinkering and those who simply want the system to work—but who appreciate the dangers of lockdown. And we need constitutionalists: lawyers who can help translate the principles of fairness and due process that have been the subject of analysis for liberal democracies into a new space where private parties and groups come together with varying degrees of hierarchy to try to solve the problems they find in the digital space. Projects like the National Science Foundation’s FIND initiative have tried to take on some of this work, fostering an interdisciplinary group of researchers to envision the future shape of the Internet.⁴⁸

CompuServe and AOL, along with the IBM System 360 and the Friden Flexowriter, showed us the kind of technological ecosystem the market alone was ready to yield. It was one in which substantial investment and partnership with gatekeepers would be needed to expose large numbers of people to new code—and ultimately to new content. The generative Internet was crucially funded and cultivated by people and institutions acting outside traditional markets, and then carried to ubiquity by commercial forces. Its success requires an ongoing blend of expertise and contribution from multiple models and motivations—and ultimately, perhaps, a move by the law to allocate responsibility to commercial technology players in a position to help but without economic incentive to do so, and to those among us, commercial or not, who step forward to solve the pressing problems that elude simpler solutions.

The pattern begins with a technology groomed in a backwater, as much for fun as for profit. The technology is incomplete even as it is shared. It is designed to welcome contribution and improvement from many corners. New adopters refine it as it spreads, and it spreads more as it improves, a virtuous circle that vaults the technology into the mainstream, where commercial firms help to package and refine it for even more people. This is the story of the PC against information appliances, and it is the story of the Internet against the proprietary networks.

Developments then take a turn for the worse: mainstream success brings in people with no particular talent or tolerance for the nuts and bolts of the technology, and no connection with the open ethos that facilitates the sharing of improvements. It also attracts those who gain by abusing or subverting the technology and the people who use it. Users find themselves confused and hurt by the abuse, and they look for alternatives.

The most obvious solution to abuse of an open system is to tighten or altogether close it. A bank robbery calls for more guards; a plane hijacking suggests narrowing the list of those permitted to fly and what they are permitted to take with them. For the Internet and PC, it seems natural that a system beset by viruses ought not to propagate and run new code so easily. The same goes for that which is built on top of the Internet: when Wikipedia is plagued by vandals the obvious response is to disallow editing by anonymous users. Such solutions carry their own steep price within information technology: a reduction in the generativity of the system, clamping its innovative capacity while enhancing the prospects of control by the parties left in charge, such as in the likely shift by users away from generative PCs toward tethered appliances and Web services. What works in the short or medium term for banks and airlines has crucial drawbacks for consumer information technology, even as consumers themselves might bring such solutions about precisely where regulators would have had difficulty intervening, consigning generative technologies to the backwaters from which they came.

So what to do to stop this future? We need a strategy that blunts the worst aspects of today’s popular generative Internet and PC without killing these platforms’ openness to innovation. Give users a reason to stick with the technology and the applications that have worked so surprisingly well—or at least reduce the pressures to abandon it—and we may halt the movement toward a nongenerative digital world. This is easier said than done, because our familiar toolkits for handling problems are not particularly attuned to maintaining generativity. Solely regulatory interventions—such as banning the creation or distribution of deceptive or harmful code—are both under- and overinclusive. They are underinclusive for the usual reasons that regulation is difficult on today’s Net, and that it is hard to track the identities of sophisticated wrongdoers. Even if found, many wrongdoers may not be in cooperative jurisdictions. They are overinclusive because so much of the good code we have seen has come from unaccredited people sharing what they have made for fun, collaborating in ways that would make businesslike regulation of their activities burdensome for them—quite possibly convincing them not to share to begin with. If we make it more difficult for new software to spread, good software from obscure sources can be fenced out along with the bad.

The key to threading the needle between needed change and undue closure can be forged from understanding the portability of both problems and solutions among the Internet’s layers. We have seen that generativity from one layer can recur to the next. The open architecture of the Internet and Web allowed Ward Cunningham to invent the wiki, generic software that offers a way of editing or organizing information within an article, and spreading this information to other articles. Wikis were then used by unrelated nontechies to form a Web site at the content layer like Wikipedia. Wikipedia is in turn generative because people are free to take all of its contents and experiment with different ways of presenting or changing the material, perhaps by placing the information on otherwise unrelated Web sites in different formats.¹

If generativity and its problems flow from one layer to another, so too can its solutions. There are useful guidelines to be drawn from the success stories of generative models at each layer, transcending the layer where they originate, revealing solutions for other layers. For example, when the Morris worm abused the openness of the 1987 Internet, the first line of defense was the community of computer scientists who populated the Internet at that time: they cooperated on diagnosing the problem and finding a solution. Recall that the Internet Engineering Task Force’s (IETF’s) report acknowledged the incident’s seriousness and sought to forestall future viruses not through better engineering but by recommending better community ethics and policing.² This is exactly Wikipedia’s trump card. When abuses of openness beset Wikipedia, it turned to its community—aided by some important technical tools—as the primary line of defense. Most recently, this effort has been aided by the introduction of Virgil Griffith’s Wikiscanner, a simple tool that uses Wikipedia’s page histories to expose past instances of article whitewashing by organizations.³ So what distinguishes the IETF recommendation, which seems like a naïve way to approach Internet and PC-based problems, from the Wikipedian response, which so far appears to have held many of Wikipedia’s problems at bay?

The answer lies in two crucial differences between generative solutions at the content layer and those at the technical layer. The first is that much content-layer participation—editing Wikipedia, blogging, or even engaging in transactions on eBay and Amazon that ask for reviews and ratings to establish reputations—is understood to be an innately social activity.⁴ These services solicit and depend upon participation from the public at large, and their participation mechanisms are easy for the public to master. But when the same generative opportunity exists at the technical layer, mainstream users balk—they are eager to have someone else solve the underlying problem, which they perceive as technical rather than social.

The second difference is that many content-layer enterprises have developed technical tools to support collective participation, augmenting an individualistic ethos with community mechanisms.⁵ In the Internet and PC security space, on the other hand, there have been few tools available to tap the power of groups to, say, distinguish good code from bad. Instead, dealing with bad code has been left either to individual users who are ill-positioned to, say, decipher whether a Web site’s digital certificate is properly signed and validated, or to Internet security firms that try to sort out good code from bad according to a one-size-fits-all standard. Such a defense still cannot easily sift bad gray-zone software that is not a virus but still causes user regret—spyware, for instance—from unusual but beneficial code. As with the most direct forms of regulation, this solution is both under- and overinclusive.

These two differences point to two approaches that might save the generative spirit of the Net, or at least keep it alive for another interval. The first is to reconfigure and strengthen the Net’s experimentalist architecture to make it fit better with its now-mainstream home. The second is to create and demonstrate the tools and practices by which relevant people and institutions can help secure the Net themselves instead of waiting for someone else to do it.

Befitting the conception of generative systems as works in progress that muddle through on the procrastination principle, the concrete ideas spawned by these solutions are a bit of a grab bag. They are evocative suggestions that show the kinds of processes that can work rather than a simple, elegant patch. Silver bullets belong to the realm of the appliance. Yet as with many of the Internet’s advances, some of these hodge-podge solutions can be developed and deployed to make a difference without major investment—and with luck, they will be. The most significant barriers to adoption are, first, a wide failure to realize the extent of the problem and the costs of inaction; second, a collective action problem, exacerbated by the Internet’s modular design, thanks to which no single existing group of actors who appreciates the problem sees it as its own responsibility; and third, a too-easily cultivated sense among Internet users that the system is supposed to work like any other consumer device.

The result so far is counterintuitive: a dramatic improvement in vehicular safety. Without signs to obey mechanically (or, as studies have shown, disobey seventy percent of the time²), people are forced to drive more mindfully—operating their cars with more care and attention to the surrounding circumstances. They communicate more with pedestrians, bicyclists, and other drivers using hand signals and eye contact. They see other drivers rather than other cars. In an article describing the expansion of the experiment to a number of other European cities, including London’s Kensington neighborhood, traffic expert Hans Monderman told Germany’s Der Spiegel, “The many rules strip us of the most important thing: the ability to be considerate. We’re losing our capacity for socially responsible behavior. The greater the number of prescriptions, the more people’s sense of personal responsibility dwindles.”³

Law has long recognized the difference between rules and standards—between very precise boundaries like a speed limit and the much vaguer admonishment characteristic of negligence law that warns individuals simply to “act reasonably.” There are well-known tradeoffs between these approaches.⁴ Rules are less subject to ambiguity and, if crafted well, inform people exactly what they can do, even if individual situations may render the rule impractical or, worse, dangerous. Standards allow people to tailor their actions to a particular situation. Yet they also rely on the good judgment of often self-interested actors—or on little-constrained second-guessing of a jury or judge that later decrees whether someone’s actions were unreasonable.

A small lesson of the verkeersbordvrij experiment is that standards can work better than rules in unexpected contexts. A larger lesson has to do with the traffic expert’s claim about law and human behavior: the more we are regulated, the more we may choose to hew only and exactly to the regulation or, more precisely, to what we can get away with when the regulation is not perfectly enforced. When we face heavy regulation, we see and shape our behavior more in relation to reward and punishment by an arbitrary external authority, than because of a commitment to the kind of world our actions can help bring about.⁵ This observation is less about the difference between rules and standards than it is about the source of mandates: some may come from a process that a person views as alien, while others arise from a process in which the person takes an active part.

When the certainty of authority-sourced reward and punishment is lessened, we might predict two opposing results. The first is chaos: remove security guards and stores will be looted. The second is basic order maintained, as people choose to respect particular limits in the absence of enforcement. Such acting to reinforce a social fabric may still be due to a form of self-interest—game and norm theorists offer reasons why people help one another in terms that draw on longer-term mutual self-interest⁶—but it may also be because people have genuinely decided to treat others’ interests as their own.⁷ This might be because people feel a part of the process that brought about a shared mandate— even if compliance is not rigorously monitored. Honor codes, or students’ pledges not to engage in academically dishonest behavior, can apparently result in lower rates of self-reported cheating.⁸ Thus, without the traffic sign equivalent of pages of rules and regulations, students who apprentice to generalized codes of honor may be prone to higher levels of honesty in academic work—and benefit from a greater sense of camaraderie grounded in shared values.

More generally, order may remain when people see themselves as a part of a social system, a group of people—more than utter strangers but less than friends—with some overlap in outlook and goals. Whatever counts as a satisfying explanation, we see that sometimes the absence of law has not resulted in the absence of order.⁹ Under the right circumstances, people will behave charitably toward one another in the comparative absence or enforcement of rules that would otherwise compel that charity.

In modern cyberspace, an absence of rules (or at least enforcement) has led both to a generative blossoming and to a new round of challenges at multiple layers. If the Internet and its users experience a crisis of abuse—behaviors that artfully exploit the twin premises of trust and procrastination—it will be tempting to approach such challenges as ones of law and jurisdiction. This rule-and-sanction approach frames the project of cyberlaw by asking how public authorities can find and restrain those it deems to be bad actors online. Answers then look to entry points within networks and endpoints that can facilitate control. As the previous chapter explained, those points will be tethered appliances and software-as-service—functional, fashionable, but non-generative or only contingently generative.¹⁰

The “unsafe is safe” experiment highlights a different approach, one potentially as powerful as traditional rule and sanction, without the sacrifice of generativity entailed by the usual means of regulation effected through points of control, such as the appliancization described earlier in this book. When people can come to take the welfare of one another seriously and possess the tools to readily assist and limit each other, even the most precise and well-enforced rule from a traditional public source may be less effective than that uncompelled goodwill. Such an approach reframes the project of cyberlaw to ask: What are the technical tools and social structures that inspire people to act humanely online? How might they be available to help restrain the damage that malevolent outliers can wreak? How can we arrive at credible judgments about what counts as humane and what counts as malevolent? These questions may be particularly helpful to answer while cyberspace is still in its social infancy, its tools for group cohesion immature, and the attitudes of many of its users still in an early phase which treats Internet usage as either a tool to augment existing relationships or as a gateway to an undifferentiated library of information from indifferent sources. Such an atomistic conception of cyberspace naturally produces an environment without the social signaling, cues, and relationships that tend toward moderation in the absence of law.¹¹ This is an outcome at odds with the original architecture of the Internet described in this book, an architecture built on neighborliness and cooperation among strangers occupying disparate network nodes.

The problem raised in the first part of this book underscores this dissonance between origins and current reality at the technical layer: PCs running wild, infected by and contributing to spyware, spam, and viruses because their users either do not know or do not care what they should be installing on their computers. The ubiquity of the PC among mainstream Internet users, and its flexibility that allows it to be reprogrammed at any instant, are both signal benefits and major flaws, just as the genius of the Web—allowing the on-the-fly composition of coherent pages of information from a staggering variety of unvetted sources—is also proving a serious vulnerability. In looking for ways to mitigate these flaws while preserving the benefits of such an open system, we can look to the other layers of the generative Internet which have been plagued with comparable problems, and the progress of their solutions. Some of these resemble verkeersbordvrij: curious experiments with unexpected success that suggest a set of solutions well suited to generative environments, so long as the people otherwise subject to more centralized regulation are willing to help contribute to order without it.

Recall that the Internet exists in layers—physical, protocol, application, content, social. Thanks to the modularity of the Internet’s design, network and software developers can become experts in one layer without having to know much about the others. Some legal academics have even proposed that regulation might be most efficiently tailored to respect the borders of these layers.¹²

For our purposes, we can examine the layers and analyze the solutions from one layer to provide insight into the problems of another. The pattern of generative success and vulnerability present in the PC and Internet at the technical layer is also visible in one of the more recent and high profile content-layer endeavors on the Internet: Wikipedia, the free online encyclopedia that anyone can edit. It is currently among the top ten most popular Web sites in the world,¹³ and the story of Wikipedia’s success and subsequent problems—and evolving answers to them—provide clues to solutions for other layers. We need some new approaches. Without them, we face a Hobson’s choice between fear and lockdown.

THE RISE OF WIKIPEDIA

Evangelists of proprietary networks and the Internet alike have touted access to knowledge and ideas. People have anticipated digital “libraries of Alexandria,” providing the world’s information within a few clicks.¹⁴ Because the Internet began with no particular content, this was at first an empty promise. Most knowledge was understood to reside in forms that were packaged and distributed piece by piece, profitable because of a scarcity made possible by physical limitations and the restrictions of copyright. Producers of educational materials, including dictionaries and encyclopedias, were slow to put their wares into digital form. They worried about cannibalizing their existing paper sales—for Encyclopaedia Britannica, $650 million in 1990.¹⁵ There was no good way of charging for the small transactions that a lookup of a single word or encyclopedia entry would require, and there were few ways to avoid users’ copying, pasting, and sharing what they found. Eventually Microsoft released the Encarta encyclopedia on CD-ROM in 1993 for just under $1,000, pressuring Britannica to experiment both with a CD-ROM and a subscription-only Web site in 1994.¹⁶

As the Internet exploded, the slow-to-change walled garden content of formal encyclopedias was bypassed by a generative proliferation of topical Web pages, and search engines that could pinpoint them. There was no gestalt, though: the top ten results for “Hitler” on Google could include a biography written by amateur historian Philip Gavin as part of his History Place Web site,¹⁷ a variety of texts from Holocaust remembrance organizations, and a site about “kitlers,” cats bearing uncanny resemblances to the tyrant.¹⁸ This scenario exhibits generativity along the classic Libertarian model: allow individuals the freedom to express themselves and they will as they choose. We are then free to read the results. The spirit of blogging also falls within this model. If any of the posted material is objectionable or inaccurate, people can either ignore it, request for it to be taken down, or find a theory on which to sue over it, perhaps imploring gatekeepers like site hosting companies to remove material that individual authors refuse to revise.

More self-consciously encyclopedic models emerged nearly simultaneously from two rather different sources—one the founder of the dot-org Free Software Foundation, and the other an entrepreneur who had achieved dot-com success in part from the operation of a search engine focused on salacious images.¹⁹

Richard Stallman is the first. He believes in a world where software is shared, with its benefits freely available to all, where those who understand the code can modify and adapt it to new purposes, and then share it further. This was the natural environment for Stallman in the 1980s as he worked among graduate students at the Massachusetts Institute of Technology, and it parallels the environment in which the Internet and Web were invented. Stallman holds the same views on sharing other forms of intellectual expression, applying his philosophy across all of the Internet’s layers, and in 1999 he floated the idea of a free encyclopedia drawing from anyone who wanted to submit content, one article at a time. By 2001, some people were ready to give it a shot. Just as Stallman had sought to replace the proprietary Unix operating system with a similarly functioning but free alternative called GNU (“GNU’s Not Unix”), the project was first named “GNUpedia,” then GNE (“GNE’s Not an Encyclopedia”). There would be few restrictions on what those submissions would look like, lest bias be introduced:

Articles are submitted on the following provisions:

• The article contains no previously copyrighted material (and if an article is consequently found to have offending material, it will then be removed).
• The article contains no code that will damage the GNE systems or the systems from which users view GNE.
• The article is not an advert, and has some informative content (persoengl [sic] information pages are not informative!).
• The article is comprehensible (can be read and understood).²⁰

These provisions made GNE little more than a collective blog sans comments: people would submit articles, and that would be that. Any attempt to enforce quality standards—beyond a skim to see if the article was “informative”— was eschewed. The GNE FAQ explained:

Why don’t you have editors?

There should be no level of “acceptable thought”. This means you have to tolerate being confronted by ideas and opinions different to your own, and for this we offer no apologies. GNE is a resource for spe [sic] speech, and we will strive to keep it that way. Unless some insane country with crazy libel laws tries to stop something, we will always try and fight for your spe [sic] speech, even if we perhaps don’t agree with your article. As such we will not allow any individuals to “edit” articles, thus opening GNE to the possibility of bias.²¹

As one might predict from its philosophy, at best GNE would be an accumulation of views rather than an encyclopedia—perhaps accounting for the “not” part of “GNE’s Not an Encyclopedia.” Today the GNE Web site is a digital ghost town. GNE was a generative experiment that failed, a place free of all digital traffic signs that never attracted any cars. It was eclipsed by another project that unequivocally aimed to be an encyclopedia, emanating from an unusual source.

Jimbo Wales founded the Bomis search engine and Web site at the onset of the dot-com boom in 1996.²² Bomis helped people find “erotic photography,”²³ and earned money through advertising as well as subscription fees for premium content. In 2000, Wales took some of the money from Bomis to support a new idea: a quality encyclopedia free for everyone to access, copy, and alter for other purposes. He called it Nupedia, and it was to be built like other encyclopedias: through the commissioning of articles by experts. Wales hired philosopher Larry Sanger as editor in chief, and about twenty-five articles were completed over the course of three years.²⁴

As the dot-com bubble burst and Bomis’s revenues dropped, Wales sought a way to produce the encyclopedia that involved neither paying people nor enduring a lengthy review process before articles were released to the public. He and his team had been intrigued at the prospect of involving the public at large, at first to draft some articles which could then be subject to Nupedia’s formal editing process, and then to offer “open review” comments to parallel a more elite peer review.²⁵ Recollections are conflicted, but at some point software consultant Ward Cunningham’s wiki software was introduced to create a simple platform for contributing and making edits to others’ contributions. In January 2001, Wikipedia was announced to run alongside Nupedia and perhaps feed articles into it after review. Yet Nupedia was quickly eclipsed by its easily modifiable counterpart. Fragments of Nupedia exist online as of this writing, a fascinating time capsule.²⁶ Wikipedia became an entity unto itself.²⁷

Wikipedia began with three key attributes. The first was verkeersbordvrij. Not only were there few rules at first—the earliest ones merely emphasized the idea of maintaining a “neutral point of view” in Wikipedia’s contents, along with a commitment to eliminate materials that infringe copyright and an injunction to ignore any rules if they got in the way of building a great encyclopedia—but there were also no gatekeepers. The way the wiki software worked, anyone, registered or unregistered, could author or edit a page at any time, and those edits appeared instantaneously. This of course means that disaster could strike at any moment—someone could mistakenly or maliciously edit a page to say something wrong, offensive, or nonsensical. However, the wiki software made the price of a mistake low, because it automatically kept track of every single edit made to a page in sequence, and one could look back at the page in time-lapse to see how it appeared before each successive edit. If someone should take a carefully crafted article about Hitler and replace it with “Kilroy was here,” anyone else could come along later and revert the page with a few clicks to the way it was before the vandalism, reinstating the previous version. This is a far cry from the elements of perfect enforcement: there are few lines between enforcers and citizens; reaction to abuse is not instantaneous; and missteps generally remain recorded in a page history for later visitors to see if they are curious.

The second distinguishing attribute of Wikipedia was the provision of a discussion page alongside every main page. This allowed people to explain and justify their changes, and anyone disagreeing and changing something back could explain as well. Controversial changes made without any corresponding explanation on the discussion page could be reverted by others without having to rely on a judgment on the merits—instead, the absence of explanation for something non-self-explanatory could be reason enough to be skeptical of it. Debate was sure to arise on a system that accumulated everyone’s ideas on a subject in one article (rather than, say, having multiple articles written on the same subject, each from a different point of view, as GNE would have done). The discussion page provided a channel for such debate and helped new users of Wikipedia make a transition from simply reading its entries to making changes and to understanding that there was a group of people interested in the page on which changes were made and whom could be engaged in conversation before, during, and after editing the page.

The third crucial attribute of Wikipedia was a core of initial editors, many drawn from Nupedia, who shared a common ethos and some substantive expertise. In these early days, Wikipedia was a backwater; few knew of it, and rarely would a Wikipedia entry be among the top hits of a Google search.

Like the development of the Internet’s architecture, then, Wikipedia’s original design was simultaneously ambitious in scope but modest in execution, devoted to making something work without worrying about every problem that could come up if its extraordinary flexibility were abused. It embodied principles of trust-your-neighbor and procrastination, as well as “Postel’s Law,” a rule of thumb written by one of the Internet’s founders to describe a philosophy of Internet protocol development: “[B]e conservative in what you do; be liberal in what you accept from others.”²⁸

Wikipedia’s initial developers shared the same goals and attitudes about the project, and they focused on getting articles written and developed instead of deciding who was or was not qualified or authorized to build on the wiki. These norms of behavior were learned by new users from the old ones through informal apprenticeships as they edited articles together.

The absence of rules was not nonnegotiable; this was not GNE. The procrastination principle suggests waiting for problems to arise before solving them. It does not eschew solutions entirely. There would be maximum openness until there was a problem, and then the problem would be tackled. Wikipedia’s rules would be developed on the wiki like a student-written and student-edited honor code. They were made publicly accessible and editable, in a separate area from that of the substantive encyclopedia.²⁹ Try suddenly to edit an existing rule or add a new one and it will be reverted to its original state unless enough people are convinced that a change is called for. Most of the rules are substance-independent: they can be appealed to and argued about wholly apart from whatever argument might be going on about, say, how to characterize Hitler’s childhood in his biographical article.

From these beginnings there have been some tweaks to the wiki software behind Wikipedia, and a number of new rules as the enterprise has expanded and problems have arisen in part because of Wikipedia’s notoriety. For example, as Wikipedia grew it began to attract editors who had never crossed paths before, and who disagreed on the articles that they were simultaneously editing. One person would say that Scientology was a “cult,” the other would change that to “religion,” and the first would revert it back again. Should such an “edit war” be settled by whoever has the stamina to make the last edit? Wikipedia’s culture says no, and its users have developed the “three-revert rule.”³⁰ An editor should not undo someone else’s edits to an article more than three times in one day. Disagreements can then be put to informal or formal mediation, where another Wikipedian, or other editors working on that particular article, can offer their views as to which version is more accurate—or whether the article, in the interest of maintaining a neutral point of view, should acknowledge that there is controversy about the issue.

For articles prone to vandalism—the entry for President George W. Bush, for example, or the front page of Wikipedia—administrators can create locks to ensure that unregistered or recently registered users may not make changes. Such locks are seen as necessary and temporary evils, and any administrator can choose to lift a lock at his or her discretion.³¹

How does an editor become an administrator with such powers? By making lots of edits and then applying for an administratorship. Wikipedians called “bureaucrats” have authority to promote editors to administrator status—or demote them. And to whom do the bureaucrats answer? Ultimately, to an elected arbitration committee, the board of Wikipedia’s parent Wikimedia Foundation, or to Jimbo Wales himself. (There are currently only a handful of bureaucrats, and they are appointed by other bureaucrats.)

Administrators can also prevent particular users from editing Wikipedia. Such blocks are rare and usually temporary. Persistent vandals usually get four warnings before any action is taken. The warnings are couched in a way that presumes—often against the weight of the evidence—that the vandals are acting in good faith, experimenting with editing capabilities on live pages when they should be practicing on test articles created for that purpose. Other transgressions include deleting others’ comments on the discussion page—since the discussion page is a wiki page, it can be edited in free form, making it possible to eliminate rather than answer someone else’s argument. Threatening legal action against a fellow Wikipedian is also grounds for a block.³²

Blocks can be placed against individual user accounts, if people have registered, or against a particular IP address, for those who have not registered. IP addresses associated with anonymizing networks such as Tor are not allowed to edit Wikipedia at all.³³

Along with sticks there are carrots, offered bottom-up rather than top-down. Each registered Wikipedia user is automatically granted a space for an individual user page, and a corresponding page for discussion with other Wikipedians, a free form drop box for comments or questions. If a user is deemed helpful, a practice has evolved of awarding “barnstars”—literally an image of a star. To award a barnstar, named after the metal stars used to decorate German barns,³⁴ is simply to edit that user’s page to include a picture of the star and a note of thanks.³⁵ Could a user simply award herself a pile of barnstars the way a megalomaniacal dictator can adorn himself with military ribbons? Yes, but that would defeat the point—and would require a bit of prohibited “sock puppetry,” as the user would need to create alter identities so the page’s edit history would show that the stars came from someone appearing to be other than the user herself.

Wikipedia has charted a path from crazy idea to stunning worldwide success. There are versions of Wikipedia in every major language—including one in simplified English for those who do not speak English fluently—and Wikipedia articles are now often among the top search engine hits for the topics they cover. The English language version surpassed one million articles in March of 2006, and it reached the 2 million mark the following September.³⁶

Quality varies greatly. Articles on familiar topics can be highly informative, while more obscure ones are often uneven. Controversial topics like abortion and the Arab-Israeli conflict often boast thorough and highly developed articles. Perhaps this reflects Eric Raymond’s observation about the collaborative development of free software: “[g]iven enough eyeballs, all bugs are shallow.”³⁷ To be sure, Raymond himself does not claim that the maxim he coined works beyond software, where code either objectively runs or it doesn’t. He has said that he thinks Wikipedia is “infested with moonbats”: “The more you look at what some of the Wikipedia contributors have done, the better Britannica looks.”³⁸ Still, a controversial study by Nature in 2005 systematically compared a set of scientific entries from Wikipedia and Britannica (including some from the Britannica Web edition), and found a similar rate of error between them.³⁹ For timeliness, Wikipedia wins hands-down: articles near-instantly appear about breaking events of note. For any given error that is pointed out, it can be corrected on Wikipedia in a heartbeat. Indeed, Wikipedia’s toughest critics can become Wikipedians simply by correcting errors as they find them, at least if they maintain the belief, not yet proven unreasonable, that successive changes to an article tend to improve it, so fixing an error will not be futile as others edit it later.

THE PRICE OF SUCCESS

As we have seen, when the Internet and PC moved from backwater to mainstream, their success set the stage for a new round of problems. E-mail is no longer a curiosity but a necessity for most,⁴⁰ and the prospect of cheaply reaching so many recipients has led to the scourge of spam, now said to account for over 90 percent of all e-mail.⁴¹ The value of the idle processing power of millions of Internet-connected PCs makes it worthwhile to hijack them, providing a new, powerful rationale for the creation of viruses and worms.⁴²

Wikipedia’s generativity at the content level—soliciting uncoordinated contribution from tens of thousands of people—provides the basis for similar vulnerabilities now that it is so successful. It has weathered the most obvious perils well. Vandals might be annoying, but they are kept in check with a critical mass of Wikipedians who keep an eye on articles and quickly revert those that are mangled. Some Wikipedians even appear to enjoy this duty, declaring membership in the informal Counter-Vandalism Unit and, if dealing with vandalism tied to fraud, perhaps earning the Defender of the Wiki Barnstar.⁴³ Still others have written scripts that detect the most obvious cases of vandalism and automatically fix them.⁴⁴ And there remains the option of locking those pages that consistently attract trouble from edits by new or anonymous users.

But just as there is a clearer means of dealing with the threat of outright malicious viruses to PCs than there is to more gray-zone “badware,” vandals are the easy case for Wikipedia. The well-known controversy surrounding John Seigenthaler, Sr., a retired newspaper publisher and aide to Robert F. Kennedy, scratches the surface of the problem. There, a prankster had made an edit to the Wikipedia article about Seigenthaler suggesting that it had once been thought that he had been involved in the assassinations of John F. Kennedy and RFK.⁴⁵ The statement was false but not manifestly obvious vandalism. The article sat unchanged for four months until a friend alerted Seigenthaler to it, replacing the entry with his official biography, which was then replaced with a short paraphrase as part of a policy to avoid copyright infringement claims.⁴⁶ When Seigenthaler contacted Jimbo Wales about the issue, Wales ordered an administrator to delete Wikipedia’s record of the original edit.⁴⁷ Seigenthaler then wrote an op-ed in USA Today decrying the libelous nature of the previous version of his Wikipedia article and the idea that the law would not require Wikipedia to take responsibility for what an anonymous editor wrote.⁴⁸

Wikipedians have since agreed that biographies of living persons are especially sensitive, and they are encouraged to highlight unsourced or potentially libelous statements for quick review by other Wikipedians. Jimbo and a handful of other Wikipedia officials reserve the right not only to have an article edited—something anyone can do—but to change its edit history so the fact that it ever said a particular thing about someone will no longer be known to the general public, as was done with the libelous portion of the Seigenthaler article. Such practice is carried out not under legal requirements—in the United States, federal law protects information aggregators from liability for defamatory statements made by independent information providers from which they draw⁴⁹—but as an ethical commitment.

Still, the reason that Seigenthaler’s entry went uncorrected for so long is likely that few people took notice of it. Until his op-ed appeared, he was not a national public figure, and Jimbo himself attributed the oversight to an increasing pace of article creation and edits—overwhelming the Wikipedians who have made a habit of keeping an eye on changes to articles. In response to the Seigenthaler incident, Wikipedia has altered its wiki software so that unregistered users cannot create new articles, but can only edit existing ones.⁵⁰ (Of course, anyone can still register.)

This change takes care of casual or heat-of-the-moment vandalism, but it does little to address a new category of Wikipedian somewhere between committed community member and momentarily vandalizing teenager, one that creates tougher problems. This Wikipedian is someone who cares little about the social act of working with others to create an encyclopedia, but instead cares about the content of a particular Wikipedia entry. Now that a significant number of people consult Wikipedia as a resource, many of whom come to the site from search engine queries, Wikipedia’s contents have effects far beyond the site’s own community of user-editors.

One of Wikipedia’s community-developed standards is that individuals should not create or edit articles about themselves, nor prompt friends to do so. Instead they are to lobby on the article’s discussion page for other editors to make corrections or amplifications. (Jimbo himself has expressed regret for editing his own entry in Wikipedia in violation of this policy.)⁵¹ What about companies, or political aides? When a number of edits were made to politicians’ Wikipedia entries by Internet Protocol addresses traceable to Capitol Hill, Wikipedians publicized the incidents and tried to shame the politicians in question into denouncing the grooming of their entries.⁵² In some cases it has worked. After Congressman Marty Meehan’s chief of staff edited his entry to omit mention of a broken campaign promise to serve a limited number of terms, and subsequently replaced the text of the entire article with his official biography, Meehan repudiated the changes. He published a statement saying that it was a waste of time and energy for his staff to have made the edits (“[t]hough the actual time spent on this issue amounted to 11 minutes”) because “part of being an elected official is to be regularly commented on, praised, and criticized on the Web.”⁵³ Meehan’s response sidestepped the issue of whether and how politicians ought to respond to material about them that they believe to be false or misleading. Surely, if the New York Times published a story that he thought was damaging, he would want to write a letter to the editor to set the record straight.

If the Wikipedia entry on Wal-Mart is one of the first hits in a search for the store, it will be important to Wal-Mart to make sure the entry is fair—or even more than fair, omitting true and relevant facts that nonetheless reflect poorly on the company. What can a group of volunteers do if a company or politician is implacably committed to editing an entry? The answer so far has been to muddle along, assuming the best intentions of all editors and hoping that there is epistemic strength in numbers.⁵⁴ If disinterested but competent editors outnumber shills, the shills will find their edits reverted or honed, and if the shills persist, they can be halted by the three-revert rule.

In August 2006, a company called MyWikiBiz was launched to help people and companies promote themselves and shape their reputations on Wikipedia. “If your company or organization already has a well-designed, accurately-written article on Wikipedia, then congratulations—our services are not for you. However, if your business is lacking a well-written article on Wikipedia, read on—we’re here to help you!”⁵⁵ MyWikiBiz offers to create a basic Wikipedia stub of three to five sentences about a company, with some links, for $49. A “standard article” fetches $79, with a premium service ($99) that includes checking the client’s Wikipedia article after a year to see “if further changes are needed.”⁵⁶

Wikipedia’s reaction to MyWikiBiz was swift. Jimbo himself blocked the firm’s Wikipedia account on the basis of “paid editing on behalf of customers.”⁵⁷ The indefinite block was one of only a handful recorded by Jimbo in Wikipedia’s history. Wales talked to the firm on the phone the same day and reported that they had come to an accommodation. Identifying the problem as a conflict of interest and appearance of impropriety arising from editors being paid to write by the subjects of the articles, Wales said that MyWikiBiz had agreed to post well-sourced “neutral point of view” articles about its clients on its own Web site, which regular Wikipedians could then choose to incorporate or not as they pleased into Wikipedia.⁵⁸ Other Wikipedians disagreed with such a conservative outcome, believing that good content was good content, regardless of source, and that it should be judged on its merits, without a per se rule prohibiting direct entry by a for-profit firm like MyWikiBiz.

The accommodation was short-lived. Articles submitted or sourced by MyWikiBiz were nominated for deletion—itself a process that entails a discussion among any interested Wikipedians and then a judgment by any administrator about whether that discussion reached consensus on a deletion. MyWikiBiz participated wholeheartedly in those discussions and appealed to the earlier “Jimbo Concordat,” persuading some Wikipedians to remove their per se objections to an article because of its source. Wales himself participated in one of the discussions, saying that his prior agreement had been misrepresented and, after telling MyWikiBiz that it was on thin ice, once again banned it for what he viewed as spamming Wikipedia with corporate advertisements rather than “neutral point of view” articles.

As a result, MyWikiBiz has gone into “hibernation,” according to its founder, who maintains that all sources, even commercial ones, should be able to play a role in contributing to Wikipedia, especially since the sources for most articles and edits are not personally identifiable, even if they are submitted under the persistent pseudonyms that are Wikipedia user identities. Rules have evolved concerning those identities, too. In 2007, Wikipedia user Essjay, the administrator who cleaned Seigenthaler’s defamatory edit logs, was found to have misrepresented his credentials. Essjay had claimed to hold various graduate degrees along with a professorship in theology, and had contributed to many Wikipedia articles on the subject. When Jimbo Wales contacted him to discuss a job opportunity at Wales’s for-profit company Wikia, Essjay’s real identity was revealed. In fact, he was a twenty-four-year-old editor with no graduate degrees. His previous edits—and corresponding discussions in which he invoked his credentials—were called into question. In response to the controversy, and after a request for comments from the Wikipedia community,⁵⁹ Jimbo proposed a rule whereby the credentials of those Wikipedia administrators who chose to assert them would be verified.⁶⁰ Essjay retired from Wikipedia.⁶¹

A constitutional lawyer might review these tales of Wikipedia and see a mess of process that leads to a mess of substance: anonymous and ever-shifting users; a God-king who may or may not be able to act unilaterally;⁶² a set of rules now large enough to be confusing and ambiguous but small enough to fail to reach most challenges. And Wikipedia is decidedly not a democracy: consensus is favored over voting and its head counts. Much the same could be said about the development process for the Internet’s fundamental technical protocols, which is equally porous.⁶³ The Internet Engineering Task Force (IETF) has no “members”; anyone can participate. But it also has had a proliferation of standards and norms designed to channel arguments to productive resolution, along with venerated people in unelected positions of respect and authority who could, within broad boundaries, affect the path of Internet standards.⁶⁴ As the Internet succeeded, the IETF’s standards and norms were tested by outsiders who did not share them. Corporate interests became keenly interested in protocol development, and they generally respond to their own particular pecuniary incentives rather than to arguments based on engineering efficiency. The IETF avoided the brunt of these problems because its standards are not self-enforcing; firms that build network hardware, or for-profit Internet Service Providers, ultimately decide how to make their routers behave. IETF endorsement of one standard or another, while helpful, is no longer crucial. With Wikipedia, decisions made by editors and administrators can affect real-world reputations since the articles are live and highly visible via search engines; firms do not individually choose to “adopt” Wikipedia the way they adopt Internet standards.

Yet Wikipedia’s awkward and clumsy growth in articles, and the rules governing their creation and editing, is so far a success story. It is in its essence a work in progress, one whose success is defined by the survival—even growth—of a core of editors who subscribe to and enforce its ethos, amid an influx of users who know nothing of that ethos. Wikipedia’s success, such as it is, is attributable to a messy combination of constantly updated technical tools and social conventions that elicit and reflect personal commitments from a critical mass of editors to engage in argument and debate about topics they care about. Together these tools and conventions facilitate a notion of “netizenship”: belonging to an Internet project that includes other people, rather than relating to the Internet as a deterministic information location and transmission tool or as a cash-and-carry service offered by a separate vendor responsible for its content.

THE VALUE OF NETIZENSHIP

We live under the rule of law when people are treated equally, without regard to their power or station; when the rules that apply to them arise legitimately from the consent of the governed; when those rules are clearly stated; and when there is a source of dispassionate, independent application of those rules.⁶⁵

Despite the apparent mess of process and users, by these standards Wikipedia has charted a remarkable course. Although different users have different levels of capabilities, anyone can register, and anyone, if dedicated enough, can rise to the status of administrator. And while Jimbo Wales may have extraordinary influence, his power on Wikipedia depends in large measure on the consent of the governed—on the individual decisions of hundreds of administrators, any of whom can gainsay each other or him, but who tend to work together because of a shared vision for Wikipedia. The effective implementation of policy in turn rests on the thousands of active editors who may exert power in the shape of the tens of thousands of decisions they make as Wikipedia’s articles are edited and reedited. Behaviors that rise to the level of consistent practice are ultimately described and codified as potential policies, and some are then affirmed as operative ones, in a process that is itself constantly subject to revision.

In one extraordinary chat room conversation of Wikipedians recorded online, Wales himself laments that Larry Sanger is billed in several Wikipedia articles about Wikipedia as a “co-founder” of the encyclopedia. But apart from a few instances that he has since publicly regretted, Wales has not edited the articles himself, nor does he directly instruct others to change them with specific text, since that would violate the rule against editing articles about oneself. Instead, he makes a case that an unremarked use of the co-founder label is inaccurate, and implores people to consider how to improve it.⁶⁶ At times—they are constantly in flux—Wikipedia’s articles about Wikipedia note that there is controversy over the “co-founder” label for Sanger. In another example of the limits of direct power, then-Wikimedia Foundation board member Angela Beesley fought to have the Wikipedia entry about her deleted. She was rebuffed, with administrators concluding that she was newsworthy enough to warrant one.⁶⁷ (She tried again after resigning from the Foundation board, to no avail.)⁶⁸

Wikipedia—with the cooperation of many Wikipedians—has developed a system of self-governance that has many indicia of the rule of law without heavy reliance on outside authority or boundary. To be sure, while outside regulation is not courted, Wikipedia’s policy on copyright infringement exhibits a desire to integrate with the law rather than reject it. Indeed, its copyright policy is much stricter than the laws of major jurisdictions require. In the United States, Wikipedia could wait for formal notifications of specific infringement before taking action to remove copyrighted material.⁶⁹ And despite the fact that Wales himself is a fan of Ayn Rand⁷⁰—whose philosophy of “objectivism” closely aligns with libertarian ideals, a triumph of the individual over the group—Wikipedia is a consummately communitarian enterprise.⁷¹ The activity of building and editing the encyclopedia is done in groups, though the structure of the wiki allows for large groups to naturally break up into manageable units most of the time: a nano-community coalesces around each article, often from five to twenty people at a time, augmented by non-subject-specific roving editors who enjoy generic tasks like line editing or categorizing articles. (Sometimes articles on roughly the same subject can develop independently, at which point there is a negotiation between the two sets of editors on whether and how to merge them.)

This structure is a natural form of what constitutionalists would call subsidiarity: centralized, “higher” forms of dispute resolution are reserved for special cases, while day-to-day work and decisions are undertaken in small, “local” groups.⁷² Decisions are made by those closest to the issues, preventing the lengthy, top-down processes of hierarchical systems. This subsidiarity is also expressed through the major groupings drawn according to language. Each different language version of Wikipedia forms its own policies, enforcement schemes, and norms. Sometimes these can track national or cultural standards—as a matter of course people from Poland primarily edit the Polish version of Wikipedia—but at other times they cross such boundaries. The Chinese language Wikipedia serves mainland China (when it is not being blocked by the government, which it frequently is),⁷³ Hong Kong, Taiwan, and the many Chinese speakers scattered around the world.⁷⁴

When disputes come up, consensus is sought before formality, and the lines between subject and regulator are thin. While not everyone has the powers of an administrator, the use of those special powers is reserved for persistent abuse rather than daily enforcement. It is the editors—that is, those who choose to participate—whose decisions and work collectively add up to an encyclopedia—or not. And most—at least prior to an invasion of political aides, PR firms, and other true cultural foreigners—subscribe to the notion that there is a divide between substance and process, and that there can be an appeal to content-independent rules on which meta-agreement can be reached, even as editors continue to dispute a fact or portrayal in a given article.

This is the essence of law: something larger than an arbitrary exercise of force, and something with meaning apart from a pretext for that force, one couched in neutral terms only for the purpose of social acceptability. It has been rediscovered among people who often profess little respect for their own sovereigns’ “real” law, following it not out of civic agreement or pride but because of a cynical balance of the penalties for being caught against the benefits of breaking it. Indeed, the idea that a “neutral point of view” even exists, and that it can be determined among people who disagree, is an amazingly quaint, perhaps even naïve, notion. Yet it is invoked earnestly and often productively on Wikipedia. Recall the traffic engineer’s observation about road signs and human behavior: “The greater the number of prescriptions, the more people’s sense of personal responsibility dwindles.”⁷⁵ Wikipedia shows, if perhaps only for a fleeting moment under particularly fortuitous circumstances, that the inverse is also true: the fewer the number of prescriptions, the more people’s sense of personal responsibility escalates.

Wikipedia shows us that the naïveté of the Internet’s engineers in building generative network technology can be justified not just at the technical layer of the Internet, but at the content layer as well. The idiosyncratic system that has produced running code among talented (and some not-so-talented) engineers has been replicated among writers and artists.

There is a final safety valve to Wikipedia that encourages good-faith contribution and serves as a check on abuses of power that accretes among administrators and bureaucrats there: Wikipedia’s content is licensed so that anyone may copy and edit it, so long as attribution of its source is given and it is further shared under the same terms.⁷⁶ This permits Wikipedia’s content to be sold or used in a commercial manner, so long as it is not proprietized—those who make use of Wikipedia’s content cannot claim copyright over works that follow from it. Thus dot-com Web sites like Answers.com mirror all of Wikipedia’s content and also display banner ads to make money, something Jimbo Wales has vowed never to do with Wikipedia.⁷⁷ (A list maintained on Wikipedia shows dozens of such mirrors.)⁷⁸ Mirrors can lead to problems for people like John Seigenthaler, who not only have to strive to correct misrepresentations in the original article on Wikipedia, but in any mirrors as well. But Wikipedia’s free content license has the benefit of allowing members of the Wikipedia community an option to exit—and to take a copy of the encyclopedia with them. It also allows for generative experimentation and growth. For example, third parties can come up with ways of identifying accurate articles on Wikipedia and then compile them as a more authoritative or vetted subset of the constant work-in-progress that the site represents.

Larry Sanger, the original editor of Nupedia and organizer (and, according to some, co-founder) of Wikipedia, has done just that. He has started “Citizendium,” an attempt to combine some of Nupedia’s original use of experts with Wikipedia’s appeal to the public at large. Citizendium seeks to fork Wikipedia, and solicit volunteers who agree not to be anonymous, so that their edits may be credited more readily, and their behavior made more accountable. If Citizendium draws enough people and content, links to it from other Web sites will follow, and, given enough links, its entries could appear as highly ranked search results. Wikipedia’s dominance has a certain measure of inertia to it, but the generative possibilities of its content, guaranteed by its choice of a permissive license, allow a further check on its prominence.

Wikipedia shows us a model for interpersonal interaction that goes beyond the scripts of customer and business. The discussions that take place adjunct to editing can be brusque, but the behavior that earns the most barnstars is directness, intelligence, and good faith. An owner of a company can be completely bemused that, in order to correct (and have stay corrected) what he sees as inaccuracies in an article about his firm, he will have to discuss the issues with random members of the public. Steve Scherf, co-founder of dot-com Gracenote, ended up engaged in an earnest, lengthy exchange with someone known as “Fatandhappy” about the way his company’s history was portrayed.⁷⁹ The exchange was heated and clearly frustrating for Scherf, but after another Wikipedian intervened to make edits, Scherf pronounced himself happy if not thrilled with the revised text. These conversations are possible, and they are still the norm at Wikipedia.

The elements of Wikipedia that have led to its success can help us come to solutions for problems besetting generative successes at other layers of the Internet. They are verkeersbordvrij, a light regulatory touch coupled with an openness to flexible public involvement, including a way for members of the public to make changes, good or bad, with immediate effect; a focus on earnest discussion, including reference to neutral dispute resolution policies, as a means of being strengthened rather than driven by disagreements; and a core of people prepared to model an ethos that others can follow. With any of these pieces missing Wikipedia would likely not have worked. Dot-coms that have rushed in to adopt wikis as the latest cool technology have found mixed results. Microsoft’s Encarta Web site, in a naked concession to the popularity of Wikipedia, now has an empty box at the bottom of each article where users are asked to enter comments or corrections, which will be forwarded to the Encarta staff for review. Users receive no further feedback.

Makers of cars and soap have run contests⁸⁰ for the public to make advertisements based on stock footage found in their respective commercials, complete with online editing tools so that amateurs can easily put their commercials together. Dove ran the winner of its contest during the Super Bowl.⁸¹ Many commercial Web sites like Amazon solicit customer reviews of products as a way to earn credibility with other customers—and some, like epinions.com, have business models premised entirely on the reviews themselves. Yelp.com asks for such ratings while also organizing its users into geographically based groups and giving them the basic tools of social networking: an ability to praise each other for good reviews, to name fellow reviewers as friends, and to discuss and comment on each others’ views. As one Yelp participant put it in reviewing the very Yelp “elite status” that she had just earned for contributing so many well-regarded reviews, “[It m]akes you feel special for about two weeks. Then you either realize you’re working for someone else without getting paid, you totally lose interest, or you get really into it.”⁸²

Such “user-generated content,” whether cultivated through fully grassroots-motivated dot-org enterprises or well-constructed dot-com ones, forms part of a new hybrid economy now studied by Lessig, Benkler, von Hippel, and others. These public solicitations to manipulate corporate and cultural symbols, pitched at varying levels of expertise, may prove to be further building blocks of “semiotic democracy,” where we can participate in the making and remaking of cultural meanings instead of having them foisted upon us.⁸³

But Wikipedia stands for more than the ability of people to craft their own knowledge and culture. It stands for the idea that people of diverse backgrounds can work together on a common project with, whatever its other weaknesses, a noble aim—bringing such knowledge to the world. Jimbo Wales has said that the open development model of Wikipedia is only a means to that end—recall that he started with the far more restrictive Nupedia development model. And we see that Wikipedia rejects straightforward democracy, favoring discussion and consensus over outright voting, thereby sidestepping the kinds of ballot-stuffing that can take place in a digital environment, whether because one person adopts multiple identities or because a person can simply ask friends to stack a sparsely attended vote.

Instead, Wikipedia has since come to stand for the idea that involvement of people in the information they read—whether to fix a typographical error or to join a debate over its veracity or completeness—is an important end itself, one made possible by the recursive generativity of a network that welcomes new outposts without gatekeepers; of software that can be created and deployed at those outposts; and of an ethos that welcomes new ideas without gatekeepers, one that asks the people bearing those ideas to argue for and substantiate them to those who question.

There are plenty of online services whose choices can affect our lives. For example, Google’s choices about how to rank and calculate its search results can determine which ideas have prominence and which do not. That is one reason why Google’s agreement to censor its own search results for the Chinese version of Google has attracted so much disapprobation.⁸⁴ But even those who are most critical of Google’s actions appear to wish to pressure the company through standard channels: moral suasion, shareholder resolutions, government regulation compelling noncensorship, or a boycott to inflict financial pressure. Unlike Wikipedia, no one thinks that Google ought to be “governed” by its users in some democratic or communitarian way, even as it draws upon the wisdom of the crowds in deciding upon its rankings,⁸⁵ basing them in part on the ways in which millions of individual Web sites have decided about to whom to link. Amazon and Yelp welcome user reviews (and reviews of those reviews), but the public at large does not “govern” these institutions.

People instinctively expect more of Wikipedia. They see it as a shared resource and a public one, even though it is not an arm of any territorial sovereign. The same could be said of the Internet Engineering Task Force and the Internet itself, but Wikipedia appears to have further found a way to involve nontechnical people in its governance. Every time someone reads a Wikipedia article and knowingly chooses not to vandalize it, he or she has an opportunity to identify with and reinforce its ethos. Wales is setting his sights next on a search engine built and governed on this model, “free and transparent” about its rankings, with a “huge degree of human community oversight.”⁸⁶ The next chapters explore how that ethos may be replicable: vertically to solve generative problems found at other layers of the Internet, and horizontally to other applications within the content and social layers.

If Wikipedia did not exist there would still be reason to cheer the generative possibilities of the Internet, its capacity to bring people together in meaningful conversations, commerce, or action. There are leading examples of each—the community of commentary and critique that has evolved around blogging, the user-driven reputation system within eBay, the “civil society” type of gatherings fostered by Meetup, or the social pressure–induced promises via Pledgebank, each drawing on the power of individuals contributing to community-driven goals. But Wikipedia is the canonical bee that flies despite scientists’ skepticism that the aerodynamics add up.⁸⁷ These examples will grow, transform, or fade over time, and their futures may depend not just on the public’s appetites and attention, but on the technical substrate that holds them all: the powerful but delicate generative Internet and PC, themselves vaulted unexpectedly into the mainstream because of amateur contribution and cooperation. We now explore how the lessons of Wikipedia, both its successes and shortcomings, shed light on how to maintain our technologies’ generativity in the face of the problems arising from their widespread adoption.

The most likely reactions to PC and Internet failures brought on by the proliferation of bad code, if they are not forestalled, will be at least as unfortunate as the problems themselves. People now have the opportunity to respond to these problems by moving away from the PC and toward more centrally controlled—“tethered”—information appliances like mobile phones, video game consoles, TiVos, iPods, iPhones, and BlackBerries. The ongoing communication between this new generation of devices and their vendors assures users that functionality and security improvements can be made as new problems are found. To further facilitate glitch-free operation, devices are built to allow no one but the vendor to change them. Users are also now able to ask for the appliancization of their own PCs, in the process forfeiting the ability to easily install new code themselves. In a development reminiscent of the old days of AOL and CompuServe, it is increasingly possible to use a PC as a mere dumb terminal to access Web sites with interactivity but with little room for tinkering. (“Web 2.0” is a new buzzword that celebrates this migration of applications traditionally found on the PC onto the Internet. Confusingly, the term also refers to the separate phenomenon of increased user-generated content and indices on the Web—such as relying on user-provided tags to label photographs.) New information appliances that are tethered to their makers, including PCs and Web sites refashioned in this mold, are tempting solutions for frustrated consumers and businesses.

None of these solutions, standing alone, is bad, but the aggregate loss will be enormous if their emergence represents a wholesale shift of our information ecosystem away from generativity. Some are skeptical that a shift so large can take place.¹ But confidence in the generative Internet’s inertia is misplaced. It discounts the power of fear should the existing system falter under the force of particularly well-written malware. People might argue about the merits of one platform compared to another (“Linux never needs to be rebooted”),² but the fact is that no operating system is perfect, and, more importantly, any PC open to running third-party code at the user’s behest can fail when poor code is adopted. The fundamental problem arises from too much functionality in the hands of users who may not exercise it wisely: even the safest Volvo can be driven into a wall.

People are frustrated by PC kinks and the erratic behavior they produce. Such unexpected variations in performance have long been smoothed out in refrigerators, televisions, mobile phones, and automobiles. As for PCs, telling users that their own surfing or program installation choices are to blame understandably makes them no less frustrated, even if they realize that a more reliable system would inevitably be less functional—a trade-off seemingly not required by refrigerator improvements. Worse, the increasing reliance on the PC and Internet that suggests momentum in their use means that more is at risk when something goes wrong. Skype users who have abandoned their old-fashioned telephone lines may regret their decision if an emergency arises and they need to dial an emergency number like 911, only to find that they cannot get through, let alone be located automatically.³ When one’s finances, contacts, and appointments are managed using a PC, it is no longer merely frustrating if the computer comes down with a virus. It is enough to search for alternative architectures.

A shift to tethered appliances and locked-down PCs will have a ripple effect on long-standing cyberlaw problems, many of which are tugs-of-war between individuals with a real or perceived injury from online activity and those who wish to operate as freely as possible in cyberspace. The capacity for the types of disruptive innovation discussed in the previous chapter will not be the only casualty. A shift to tethered appliances also entails a sea change in the regulability of the Internet. With tethered appliances, the dangers of excess come not from rogue third-party code, but from the much more predictable interventions by regulators into the devices themselves, and in turn into the ways that people can use the appliances.

The most obvious evolution of the computer and network—toward tethered appliancization—is on balance a bad one. It invites regulatory intervention that disrupts a wise equilibrium that depends upon regulators acting with a light touch, as they traditionally have done within liberal societies.

THE LONG ARM OF MARSHALL, TEXAS

TiVo introduced the first digital video recorder (DVR) in 1998.⁴ It allowed consumers to record and time-shift TV shows. After withstanding several claims that the TiVo DVR infringed other companies’ patents because it offered its users on-screen programming guides,⁵ the hunted became the hunter. In 2004, TiVo sued satellite TV distributor EchoStar for infringing TiVo’s own patents⁶ by building DVR functionality into some of EchoStar’s dish systems.⁷

A Texas jury found for TiVo. TiVo was awarded $90 million in damages and interest. In briefs filed under seal, TiVo apparently asked for more. In August 2006, the court issued the following ruling:

Defendants are hereby . . . ordered to, within thirty (30) days of the issuance of this order, disable the DVR functionality (i.e., disable all storage to and playback from a hard disk drive of television data) in all but 192,708 units of the Infringing Products that have been placed with an end user or subscriber.⁸

That is, the court ordered EchoStar to kill the DVR functionality in products already owned by “end users”: millions of boxes which were already sitting in living rooms around the world⁹ with owners who might be using them at that very instant.¹⁰ Imagine sitting down to watch television on an EchoStar box, and instead finding that all your recorded shows had been zapped, along with the DVR functionality itself—killed by remote signal traceable to the stroke of a judge’s quill in Marshall, Texas.

The judicial logic for such an order is drawn from fundamental contraband rules: under certain circumstances, if an article infringes on intellectual property rights, it can be impounded and destroyed.¹¹ Impoundment remedies are usually encountered only in the form of Prohibition-era-style raids on warehouses and distribution centers, which seize large amounts of contraband before it is sold to consumers.¹² There are no house-to-house raids to, say, seize bootleg concert recordings or reclaim knockoff Rolexes and Louis Vuitton handbags from the people who purchased the goods.

TiVo saw a new opportunity in its patent case, recognizing that EchoStar’s dish system is one of an increasing number of modern tethered appliances. The system periodically phones home to EchoStar, asking for updated programming for its internal software.¹³ This tethered functionality also means EchoStar can remotely destroy the units. To do so requires EchoStar only to load its central server with an update that kills EchoStar DVRs when they check in for new features.

As of this writing, TiVo v. EchoStar is pending appeal on other grounds.¹⁴ The order has been stayed, and no DVRs have yet been remotely destroyed.¹⁵ But such remote remedies are not wholly unprecedented. In 2001, a U.S. federal court heard a claim from a company called PlayMedia that AOL had included PlayMedia’s AMP MP3 playback software in version 6.0 of AOL’s software in violation of a settlement agreement between PlayMedia and a company that AOL had acquired. The court agreed with PlayMedia and ordered AOL to prevent “any user of the AOL service from completing an online ‘session’ . . . without AMP being removed from the user’s copy of AOL 6.0 by means of an AOL online ‘live update.’”¹⁶

TiVo v. EchoStar and PlayMedia v. AOL broach the strange and troubling issues that arise from the curious technological hybrids that increasingly populate the digital world. These hybrids mate the simplicity and reliability of television-like appliances with the privileged power of the vendor to reprogram those appliances over a network.

REGULABILITY AND THE TETHERED APPLIANCE

As legal systems experienced the first wave of suits arising from use of the Internet, scholars such as Lawrence Lessig and Joel Reidenberg emphasized that code could be law.¹⁷ In this view, the software we use shapes and channels our online behavior as surely as—or even more surely and subtly than—law itself. Restrictions can be enforced by the way a piece of software operates. Our ways of thinking about such “west coast code”¹⁸ are still maturing, and our instincts for when we object to such code are not well formed. Just as technology’s functionality defines the universe in which people can operate, it also defines the range of regulatory options reasonably available to a sovereign. A change in technology can change the power dynamic between those who promulgate the law and those who are subject to it.¹⁹

If regulators can induce certain alterations in the nature of Internet technologies that others could not undo or widely circumvent, then many of the regulatory limitations occasioned by the Internet would evaporate. Lessig and others have worried greatly about such potential changes, fearing that blunderbuss technology regulation by overeager regulators will intrude on the creative freedom of technology makers and the civic freedoms of those who use the technology.²⁰

So far Lessig’s worries have not come to pass. A system’s level of generativity can change the direction of the power flow between sovereign and subject in favor of the subject, and generative Internet technology has not been easy to alter. There have been private attempts to use code to build so-called trusted systems, software that outsiders can trust to limit users’ behavior—for example, by allowing a song to be played only three times before it “expires,” or by preventing an e-book from being printed.²¹ (Code-based enforcement mechanisms are also variously called digital rights management systems or technological protection measures.)²² Most trusted systems have failed, often because either savvy users have cracked them early on or the market has simply rejected them. The few that have achieved some measure of adoption—like Apple iTunes’s FairPlay, which allows purchased songs to exist on only five registered devices at once²³—are either readily circumvented, or tailored so they do not prevent most users’ desired behavior.

Even the governments most determined to regulate certain flows of information— such as China—have found it difficult to suppress the flow of data on the Internet.²⁴ To be sure, with enough effort, censorship can have some effect, especially because most citizens prefer to slow down for speed bumps rather than invent ways around them.²⁵ When a Web site fails to load, for example, users generally visit a substitute site rather than wait. Taking advantage of this reality, Chinese regulators have used their extensive control over ISPs’ routing of data packets to steer users away from undesirable Web sites by simply causing the Web pages to fail to load in the course of normal surfing.

But so long as the endpoints remain generative and any sort of basic Internet access remains available, subversively minded techies can make applications Perfect Enforcement that offer a way around network blocks.²⁶ Such applications can be distributed through the network, and unsavvy users can then partake simply by doubleclicking on an icon. Comprehensive regulatory crackdowns require a non-generative endpoint or influence over the individual using it to ensure that the endpoint is not repurposed.

For example, non-generative endpoints like radios and telephones can be constrained by filtering the networks they use. Even if someone is unafraid to turn a radio tuning knob or dial a telephone number to the outside world, radio broadcasts can be jammed, and phone connections can be disabled or monitored. Because radios and telephones are not generative, such jamming cannot be circumvented. North Korea has gone even further with endpoint lockdown. There, by law, the radios themselves are built so that they cannot be tuned to frequencies other than those with official broadcasts.²⁷

With generative devices like PCs, the regulator must settle for either much leakier enforcement or much more resource-intensive measures that target the individual—such as compelling citizens to perform their Internet surfing in cyber cafés or public libraries, where they might limit their activities for fear that others are watching.

The shift toward non-generative endpoint technology driven by consumer security worries of the sort described in this book changes the equation.²⁸ The traditional appliance, or nearly any object, for that matter, once placed with an individual, belongs to that person. Tethered appliances belong to a new class of technology. They are appliances in that they are easy to use, while not easy to tinker with. They are tethered because it is easy for their vendors to change them from afar, long after the devices have left warehouses and showrooms. Consider how useful it was in 2003 that Apple could introduce the iTunes Store directly into iTunes software found on PCs running Mac OS.²⁹ Similarly, consumers can turn on a TiVo—or EchoStar—box to find that, thanks to a remote update, it can do new things, such as share programs with other televisions in the house.³⁰

These tethered appliances receive remote updates from the manufacturer, but they generally are not configured to allow anyone else to tinker with them—to invent new features and distribute them to other owners who would not know how to program the boxes themselves. Updates come from only one source, with a model of product development limited to non-user innovation. Indeed, recall that some recent devices, like the iPhone, are updated in ways that actively seek out and erase any user modifications. These boxes thus resemble the early proprietary information services like CompuServe and AOL, for which only the service providers could add new features. Any user inventiveness was cabined by delays in chartering and understanding consumer focus groups, the hassles of forging deals with partners to invent and implement suggested features, and the burdens of performing technical R&D.

Yet tethered appliances are much more powerful than traditional appliances. Under the old regime, a toaster, once purchased, remains a toaster. An upgraded model might offer a third slot, but no manufacturer’s representative visits consumers and retrofits old toasters. Buy a record and it can be played as many times as the owner wants. If the original musician wishes to rerecord a certain track, she will have to feature it in a successive release—the older work has been released to the four winds and cannot be recalled.³¹ A shift to smarter appliances, ones that can be updated by—and only by—their makers, is fundamentally changing the way in which we experience our technologies. Appliances become contingent: rented instead of owned, even if one pays up front for them, since they are subject to instantaneous revision.

A continuing connection to a producer paves the way for easier postacquisition improvements: the modern equivalent of third slots for old toasters. That sounds good: more features, instantly distributed. So what is the drawback? Those who believe that markets reflect demand will rightly ask why a producer would make post hoc changes to technology that customers may not want.

One answer is that they may be compelled to do so. Consider EchoStar’s losing verdict in Marshall, Texas. If producers can alter their products long after the products have been bought and installed in homes and offices, it occasions a sea change in the regulability of those products and their users. With products tethered to the network, regulators—perhaps on their own initiative to advance broadly defined public policy, or perhaps acting on behalf of parties like TiVo claiming private harms—finally have a toolkit for exercising meaningful control over the famously anarchic Internet.

TYPES OF PERFECT ENFORCEMENT

The law as we have known it has had flexible borders. This flexibility derives from prosecutorial and police discretion and from the artifice of the outlaw. When code is law, however, execution is exquisite, and law can be self-enforcing. The flexibility recedes. Those who control the tethered appliance can control the behavior undertaken with the device in a number of ways: preemption, specific injunction, and surveillance.

Preemption

Preemption entails anticipating and designing against undesirable conduct before it happens. Many of the examples of code as law (or, more generally, architecture as law) fit into this category. Lessig points out that speeding can be regulated quite effectively through the previously mentioned use of speed bumps.³² Put a speed bump in the road and people slow down rather than risk damaging their cars. Likewise, most DVD players have Macrovision copy protection that causes a signal to be embedded in the playback of DVDs, stymieing most attempts to record DVDs onto a VCR.³³ Owners of Microsoft’s Zune music player can beam music to other Zune owners, but music so transferred can be played only three times or within three days of the transfer.³⁴ This kind of limitation arguably preempts much of the damage that might otherwise be thought to arise if music subject to copyright could be shared freely. With TiVo, a broadcaster can flag a program as “premium” and assign it an expiration date.³⁵ A little red flag then appears next to it in the viewer’s list of recorded programs, and the TiVo will refuse to play the program after its expiration date. The box’s makers (or regulators of the makers) could further decide to automatically reprogram the TiVo to limit its fast-forwarding functionality or to restrict its hours of operability. (In China, makers of multiplayer games have been compelled to limit the number of hours a day that subscribers can play in an effort to curb gaming addiction.)³⁶ Preemption does not require constant updates so long as the device cannot easily be modified once it is in the user’s possession; the idea is to design the product with broadly defined limits that do not require further intervention to serve the regulator’s or designer’s purposes.

Specific Injunction

Specific injunction takes advantage of the communication that routinely occurs between a particular tethered appliance and its manufacturer, after it is in consumer hands, to reflect changed circumstances. The TiVo v. EchoStar remedy belongs in this category, as it mandates modification of the EchoStar units after they have already been designed and distributed. This remote remedy was practicable because the tethering allowed the devices to be completely reprogrammed, even though the initial design of the EchoStar device had not anticipated a patent infringement judgment.

Specific injunction also allows for much more tailored remedies, like the PlayMedia-specific court order discussed earlier. Such tailoring can be content-specific, user-specific, or even time-specific. These remedies can apply to some units and not others, allowing regulators to winnow out bad uses from good ones on the basis of individual adjudication, rather than rely on the generalities of ex ante legislative-style drafting. For example, suppose a particular television broadcast were found to infringe a copyright or to damage someone’s reputation. In a world of old-fashioned televisions and VCRs, or PCs and peer-to-peer networks, the broadcaster or creator could be sued, but anyone who recorded the broadcast could, as a practical matter, retain a copy. Today, it is possible to require DVR makers to delete the offending broadcast from any DVRs that have recorded it or, perhaps acting with more precision, to retroactively edit out the slice of defamatory content from the recorded program. This control extends beyond any particular content medium: as e-book devices become popular, the same excisions could be performed for print materials. Tailoring also could be user-specific, requiring, say, the prevention or elimination of prurient material from the devices of registered sex offenders but not from others’ devices.

Surveillance

Tethered appliances have the capacity to relay information about their uses back to the manufacturer. We have become accustomed to the idea that Web sites track our behavior when we access them—an online bookseller, for example, knows what books we have browsed and bought at its site. Tethered appliances take this knowledge a step further, recording what we do with the appliances even in transactions that have nothing to do with the vendor. A TiVo knows whether its owner watches FOX News or PBS. It knows when someone replays some scenes and skips others. This information is routinely sent to the TiVo mothership;³⁷ for example, in the case of Janet Jackson’s “wardrobe malfunction” during the 2004 Super Bowl halftime show, TiVo was able to calculate that this moment was replayed three times more frequently than any other during the broadcast.³⁸

TiVo promises not to release such surveillance information in personally identifiable form, but the company tempers the promise with an industry-standard exception for regulators who request it through legal process.³⁹ Automakers General Motors and BMW offer similar privacy policies for the computer systems, such as OnStar, built into their automobiles. OnStar’s uses range from providing turn-by-turn driving directions with the aid of Global Positioning System (GPS) satellites, to monitoring tire pressure, providing emergency assistance, and facilitating hands-free calling with embedded microphones and speakers. The FBI realized that it could eavesdrop on conversations occurring inside an OnStar-equipped vehicle by remotely reprogramming the system to activate its microphones for use as a “roving bug,” and it has secretly ordered an anonymous carmaker to do just that on at least one occasion.⁴⁰

A similar dynamic is possible with nearly all mobile phones. Mobile phones can be reprogrammed at a distance, allowing their microphones to be secretly turned on even when the phone is powered down. All ambient noise and conversation can then be continuously picked up and relayed back to law enforcement authorities, regardless of whether the phone is being used for a call.⁴¹ On modern PCs equipped with an automatic update feature, there is no technical barrier that prevents the implementation of any similar form of surveillance on the machine, whether it involves turning on the PC’s microphone and video camera, or searching and sharing any documents stored on the machine. Such surveillance could be introduced through a targeted update from the OS maker or from any other provider of software running on the machine.

Surveillance need not be limited to targeted eavesdropping that is part of a criminal or civil investigation. It can also be effected more generally. In 1996, law student Michael Adler offered the hypothetical of an Internet-wide search for contraband.⁴² He pointed out that some digital items might be illegal to possess or be indicative of other illegal activity—for example, child pornography, leaked classified documents, or stores of material copied without permission of the copyright holder. A Net-wide search could be instigated that would inventory connected machines and report back when smoking guns were found.

Tethering makes these approaches practicable and inexpensive for regulators. A government need only regulate certain critical private intermediaries— those who control the tethered appliances—to change the way individuals experience the world. When a doctrine’s scope has been limited by prudential enforcement costs, its reach can be increased as the costs diminish.

EVALUATING PERFECT ENFORCEMENT

The prospect of more thorough or “perfect” law enforcement may seem appealing. If one could wave a wand and make it impossible for people to kill each other, there might seem little reason to hesitate. Although the common law has only rarely sought to outright prohibit the continued distribution of defamatory materials by booksellers and newsstands, much less continued possession by purchasers, ease of enforcement through tethered appliances could make it so that all such material—wherever it might be found—could vanish into the memory hole. Even when it comes to waving the regulator’s wand for the purpose of eradicating online evils like harassment, invasion of privacy, and copyright infringement, there are important reasons to hesitate.⁴³

Objections to the Underlying Substantive Law

Some people are consistently diffident about the presence of law in the online space. Those with undiluted libertarian values might oppose easier enforcement of laws as a general matter, because they believe that self-defense is the best solution to harm by others, especially within a medium that carries bits, not bullets.⁴⁴ By these lights, the most common online harms simply are not as harmful as those in the physical world, and therefore they call for lesser intrusions. For example, defamatory speech might be met not by a lawsuit for money damages or an injunction requiring deletion of the lies, but rather by more speech that corrects the record. A well-configured e-mail client can adequately block spam, making it unnecessary to resort to intervention by a public authority. Material harmful to minors can be defanged by using parental filters, or by providing better education to children about what to expect when they go online and how to deal with images of violence and hate.

Such “just deal with it” arguments are deployed less often against the online circulation of images of child abuse. The creation and distribution of child pornography is nearly universally understood as a significant harm. In this context, those arguing in favor of an anarchic environment shift to claims that the activity is not very common or that existing tools and remedies are sufficiently effective—or they rely on some of the other objections described below.

One can also argue against stronger enforcement regimes by objecting to the laws that will be enforced. For example, many of those who argue against increased copyright enforcement—undertaken through laws that broaden infringement penalties⁴⁵ or through trusted systems that preempt infringement⁴⁶— argue that copyright law itself is too expansive.⁴⁷ For those who believe that intellectual property rights have gone too far, it is natural to argue against regimes that make such rights easier to enforce, independent of seeking to reform the copyright law itself. Similarly, those who believe in lower taxes might object to a plan that makes it easier for intermediaries to collect and remit use and sales taxes for online transactions.⁴⁸ Likewise, the large contingent of people who routinely engage in illegal online file sharing may naturally disfavor anything that interferes with these activities.⁴⁹ To be sure, some of those people may download even though they believe it to be wrong—in which case they might welcome a system that better prevents them from yielding to temptation.

Law professor William Stuntz notes the use of legal procedure—evolving doctrines of Fourth and Fifth Amendment protection—as a way of limiting the substantive application of unpopular laws in eighteenth- and nineteenth-century America such as those involving first heresy and sedition, and later railroad and antitrust regulation.⁵⁰ In that context, he argues, judges interpreted the Fourth and Fifth Amendments in ways designed to increase the costs to law enforcement of collecting evidence from private parties. When the judiciary began defining and enforcing a right to privacy that limited the sorts of searches police could undertake, it became more difficult to successfully prosecute objectionable crimes like heresy, sedition, or trade offenses: “It is as if privacy protection were a proxy for something else, a tool with which courts or juries could limit the government’s substantive power.”⁵¹ Challenging the rise of tethered appliances helps maintain certain costs on the exercise of government power—costs that reduce the enforcement of objectionable laws.

The drawback to arguing generally against perfect enforcement because one objects to the laws likely to be enforced is that it preaches to the choir. Certainly, those who oppose copyright laws will also oppose changes to code that facilitate the law’s online enforcement. To persuade those who are more favorably disposed to enforcement of substantive laws using tethered appliances, we must look to other objections.

Portability and Enforceability Without the Rule of Law

While it might be understandable that those opposed to a substantive law would also favor continued barriers to its enforcement, others might say that the price of living under the rule of law is that law ought to be respected, even if one disagrees with it. In this view, the way to protest an undesirable law is to pursue its modification or repeal, rather than to celebrate the difficulty of its enforcement.⁵² The rise of procedural privacy limits described by Stuntz was itself an artifact of the law—the decisions of judges with license to interpret the Constitution. This legally sanctioned mandate is distinct from one allowing individuals to flout the law when they feel like it, simply because they cannot be easily prevented from engaging in the illicit act or caught.

But not every society operates according to a framework of laws that are democratically promulgated and then enforced by an independent judiciary. Governments like those of China or Saudi Arabia might particularly benefit from technological configurations that allow for inexpensive surveillance or the removal of material authored by political dissidents. In a world where tethered appliances dominate, the cat-and-mouse game tilts toward the cat. Recall that the FBI can secretly eavesdrop on any automobile with an OnStar navigation system by obtaining a judge’s order and ensuring that the surveillance does not otherwise disrupt the system’s functioning. In a place without the rule of law, the prospect of cars rolling off the assembly line surveillance-ready is particularly unsettling. China’s government has already begun experimenting with these sorts of approaches. For example, the PC telephone program Skype is not amenable to third-party changes and is tethered to Skype for its updates. Skype’s distribution partner in China has agreed to censor words like “Falun Gong” and “Dalai Lama” in its text messaging for the Chinese version of the program.⁵³ Other services that are not generative at the technical layer have been similarly modified: Google.cn is censored by Google at the behest of the Chinese government, and Microsoft’s MSN Spaces Chinese blog service automatically filters out sensitive words from blog titles.⁵⁴

There is an ongoing debate about the degree to which firms chartered in freer societies should assist in censorship or surveillance taking place in less free societies.⁵⁵ The argument considered here is one layer deeper than that debate: if the information ecosystem at the cutting edge evolves into one that is not generative at its core, then authoritarian governments will naturally inherit an ability to enforce their wills more easily, without needing to change technologies and services or to curtail the breadth of their influence. Because it is often less obvious to users and the wider world, the ability to enforce quietly using qualities of the technology itself is worrisome. Technologies that lend themselves to an easy and tightly coupled expression of governmental power simply will be portable from one society to the next. It will make irrelevant the question about how firms like Google and Skype should operate outside their home countries.

This conclusion suggests that although some social gain may result from better enforcement of existing laws in free societies, the gain might be more than offset by better enforcement in societies that are less free—under repressive governments today, or anywhere in the future. If the gains and losses remain coupled, it might make sense to favor retention of generative technologies to put what law professor James Boyle has called the “Libertarian gotcha” to authoritarian regimes: if one wants technological progress and the associated economic benefits, one must be prepared to accept some measure of social liberalization made possible with that technology.⁵⁶ Like many regimes that want to harness the benefits of the market while forgoing political liberalization, China is wrestling with this tension today.⁵⁷ In an attempt to save money and establish independence from an overseas software vendor like Microsoft, China has encouraged the adoption of GNU/Linux,⁵⁸ an operating system least amenable in its current form to appliancization because anyone can modify it and install it on a non-locked-down endpoint PC. China’s attempt, therefore, represents either a misunderstanding of the key role that endpoints can play in regulation or a calculated judgment that the benefits of international technological independence outweigh the costs of less regulability.

If one objects to censorship in societies that have not developed the rule of law, one can support the maintenance of a generative core in information technology, minimizing the opportunities for some societies that wish to exploit the information revolution to discover new tools for control.

Amplification and the Lock-in of Mistakes

When a regulator makes mistakes in the way it construes or applies a law, a stronger ability to compel compliance implies a stronger ability to compel compliance with all mandates, even those that are the results of mistaken interpretations. Gaps in translation may also arise between a legal mandate and its technological manifestation. This is especially true when technological design is used as a preemptive measure. Under U.S. First Amendment doctrine, prior restraints on speech—preventing speech from occurring in the first place, rather than punishing it after the fact if indeed it is unlawful—are greatly disfavored.⁵⁹ Design features mandated to prevent speech-related behaviors, on the premise that such behaviors might turn out to be unlawful, could be thought to belong in just that category.⁶⁰ Consider the Australian Web hosting company that automatically deletes all of its clients’ multimedia files every night unless it receives specific assurances up front that the files in a given directory are placed with the permission of the copyright owner or are uncopyrighted.⁶¹

Preemptive design may have a hard time tailoring the technical algorithms to the legal rules. Even with some ongoing human oversight, the blacklists of objectionable Web sites maintained by commercial filtering programs are consistently overbroad, erroneously placing Web sites into categories to which they do not belong.⁶² For example, when the U.S. government sponsored a service to assist Iranians in overcoming Internet filtering imposed by the Iranian government, the U.S.-sponsored service in turn sought to filter out pornographic sites so that Iranians would not use the circumvention service to obtain pornography. The service filtered any site with “ass” in its domain name—including usembassy.state.gov, the U.S. Department of State’s online portal for its own overseas missions.⁶³

In the realm of copyright, whether a particular kind of copying qualifies for a fair use defense is in many instances notoriously difficult to determine ahead of time.⁶⁴ Some argue that broad attempts to embed copyright protections in technology fall short because the technology cannot easily take into account possible fair use defenses.⁶⁵ The law prohibiting the circumvention of trusted systems disregards possibilities for fair use—which might make sense, since such an exception could swallow the rule.⁶⁶ Such judgments appear to rely on the fact that the materials within a trusted system can still be found and copied in non-trusted analog formats, thus digital prohibitions are never complete.⁶⁷ The worry that a particular speech-related activity will be precluded by design is blunted when the technology merely makes the activity less convenient rather than preventing it altogether. However, if we migrate to an information ecosystem in which tethered appliances predominate, that analog safety valve will wane.

For specific injunctions, the worries about mistakes may appear weaker. A specific injunction to halt an activity or destroy its fruits issues only after an adjudication. If we move to a regime in which individuals, and not just distributors, are susceptible to impoundment remedies for digital contraband, these remedies might be applied only after the status of the contraband has been officially determined.⁶⁸ Indeed, one might think that an ability to easily recall infringing materials after the fact might make it possible to be more generous about allowing distribution in the first place—cases could proceed to final judgments rather than being functionally decided in earlier stages on the claim that continued distribution of the objectionable material would cause irreparable harm. If cats can easily be put back into bags, there can be less worry about letting them out to begin with.

However, the ability to perfectly (in the sense of thoroughly) scrub everyone’s digital repositories of unlawful content may compromise the values that belie fear of prior restraints, even though the scrub would not be “prior” in fact. Preventing the copying of a work of copyrighted music stops a behavior without removing the work from the public sphere, since presumably the work is still available through authorized channels. It is a different matter to eliminate entirely a piece of digital contraband. Such elimination can make it difficult to understand, reevaluate, or even discuss what happened and why. In ruling against a gag order at a trial, the U.S. Supreme Court worried that the order was an “immediate and irreversible sanction.”⁶⁹ “If it can be said that a threat of criminal or civil sanctions after publication ‘chills’ speech, prior restraint ‘freezes’ it at least for the time.”⁷⁰ Post hoc scrubs are not immediate, but they have the prospect of being permanent and irreversible—a freezing of speech that takes place after it has been uttered, and no longer just “for the time.” That the speech had an initial opportunity to be broadcast may make a scrub less worrisome than if it were blocked from the start, but removing this information from the public discourse means that those who come after us will have to rely on secondary sources to make sense of its removal.

To be sure, we can think of cases where complete elimination would be ideal. These are cases in which the public interest is not implicated, and for which continued harm is thought to accrue so long as the material circulates: leaked medical records, child abuse images, and nuclear weapon designs.⁷¹ But the number of instances in which legal judgments effecting censorship are overturned or revised—years later—counsels that an ability to thoroughly enforce bans on content makes the law too powerful and its judgments too permanent, since the material covered by the judgment would be permanently blocked from the public view. Imagine a world in which all copies of once-censored books like Candide, The Call of the Wild, and Ulysses had been permanently destroyed at the time of the censoring and could not be studied or enjoyed after subsequent decision-makers lifted the ban.⁷² In a world of tethered appliances, the primary backstop against perfectly enforced mistakes would have to come from the fact that there would be different views about what to ban found among multiple sovereigns—so a particular piece of samizdat might live on in one jurisdiction even as it was made difficult to find in another.

The use of tethered appliances for surveillance may be least susceptible to an objection of mistake, since surveillance can be used to start a case rather than close it. For example, the use of cameras at traffic lights has met with some objection because of the level of thoroughness they provide—a sense of snooping simply not possible with police alone doing the watching.⁷³ And there are instances where the cameras report false positives.⁷⁴ However, those accused can have their day in court to explain or deny the charges inspired by the cameras’ initial reviews. Moreover, since running a red light might cause an accident and result in physical harm, the cameras seem well-tailored to dealing with a true hazard, and thus less objectionable. And the mechanization of identifying violators might even make the system more fair, because the occupant of the vehicle cannot earn special treatment based on individual characteristics like race, wealth, or gender. The prospects for abuse are greater when the cameras in mobile phones or the microphones of OnStar can be serendipitously repurposed for surveillance. These sensors are much more invasive and general purpose.

Bulwarks Against Government

There has been a simmering debate about the meaning of the Second Amendment to the U.S. Constitution, which concerns “the right of the people to keep and bear Arms.”⁷⁵ It is not clear whether the constitutional language refers to a collective right that has to do with militias, or an individual one that could more readily be interpreted to preclude gun control legislation. At present, most reported decisions and scholarly authority favor the former interpretation, but the momentum may be shifting.⁷⁶ For our purposes, we can extract one strand from this debate without having to join it: one reason to prohibit the government’s dispossession of individual firearms is to maintain the prospect that individuals could revolt against a tyrannical regime, or provide a disincentive to a regime considering going down such a path.⁷⁷ These check-on-government notions are echoed by some members of technical communities, such as those who place more faith in their own encryption to prevent secrets from being compromised than in any government guarantees of self-restraint. Such a description may unnecessarily demean the techies’ worries as a form of paranoia. Translated into a more formal and precise claim, one might worry that the boundless but unnoticeable searches permitted by digital advances can be as disruptive to the equilibrium between citizen and law enforcement as any enforcement-thwarting tools such as encryption.

The equilibrium between citizens and law enforcement has crucially relied on some measure of citizen cooperation. Abuse of surveillance has traditionally been limited not simply by the conscience of those searching or by procedural rules prohibiting the introduction of illegally obtained evidence, but also by the public’s own objections. If occasioned through tethered appliances, such surveillance can be undertaken almost entirely in secret, both as a general matter and for any specific search. Stuntz has explained the value of a renewed focus on physical “data mining” via group sweeps—for example, the searching of all cars near the site of a terrorist threat—and pointed out that such searches are naturally (and healthily) limited because large swaths of the public are noticeably burdened by them.⁷⁸ The public, in turn, can effectively check such government action by objecting through judicial or political processes, should the sweeps become too onerous. No such check is present in the controlled digital environment; extensive searching can be done with no noticeable burden—indeed, without notice of any kind—on the parties searched. For example, the previously mentioned FBI use of an OnStar-like system to listen in on the occupants of a car is public knowledge only because the manufacturer chose to formally object.⁷⁹

The rise of tethered appliances significantly reduces the number and variety of people and institutions required to apply the state’s power on a mass scale. It removes a practical check on the use of that power. It diminishes a rule’s ability to attain legitimacy as people choose to participate in its enforcement, or at least not stand in its way.

A government able to pressure the provider of BlackBerries could insist on surveillance of e-mails sent to and from each device.⁸⁰ And such surveillance would require few people doing the enforcement work. Traditionally, ongoing mass surveillance or control would require a large investment of resources and, in particular, people. Eavesdropping has required police willing to plant and monitor bugs; seizure of contraband has required agents willing to perform raids. Further, a great deal of routine law enforcement activity has required the cooperation of private parties, such as landlords, banks, and employers. The potential for abuse of governmental power is limited not only by whatever procedural protections are afforded in a jurisdiction that recognizes the rule of law, but also more implicitly by the decisions made by parties asked to assist. Sometimes the police refuse to fire on a crowd even if a dictator orders it, and, less dramatically, whistleblowers among a group of participating enforcers can slow down, disrupt, leak, or report on anything they perceive as abusive in a law enforcement action.⁸¹

Compare a citywide smoking ban that enters into effect as each proprietor acts to enforce it—under penalty for failing to do so, to be sure—with an alternative ordinance implemented by installing highly sensitive smoke detectors in every public place, wired directly to a central enforcement office. Some in favor of the ordinance may still wish to see it implemented by people rather than mechanical fiat. The latter encourages the proliferation of simple punishment-avoiding behavior that is anathema to open, participatory societies. As law professor Lior Strahilevitz points out, most laws are not self-enforcing, and a measure of the law’s value and importance may be found in just how much those affected by it (including as victims) urge law enforcement to take a stand, or invoke what private rights of action they may have.⁸² Strahilevitz points to laws against vice and gambling, but the idea can apply to the problems arising from technology as well. Law ought to be understood not simply by its meaning as a text, but by the ways in which it is or is not internalized by the people it affects—whether as targets of the law, victims to be helped by it, or those charged with enforcing it.⁸³

The Benefits of Tolerated Uses

A particular activity might be illegal, but in some cases those with standing to complain about it sometimes hold back on trying to stop it while they determine whether they really object. If they decide they do object, they can sue. Tim Wu calls this phenomenon “tolerated uses,”⁸⁴ and copyright infringement shows how it can work.

When Congress passed the Digital Millennium Copyright Act of 1998 (DMCA),⁸⁵ it sought to enlist certain online service providers to help stop the unauthorized spread of copyrighted material. ISPs that just routed packets for others were declared not responsible for copyright infringement taking place over their communication channels.⁸⁶ Intermediaries that hosted content—such as the CompuServe and Prodigy forums, or Internet hosting sites such as Geocities.com—had more responsibility. They would be unambiguously clear of liability for copyright infringement only if they acted expeditiously to take down infringing material once they were specifically notified of that infringement.⁸⁷

Although many scholars have pointed out deficiencies and opportunities for abuse in this notice-and-takedown regime,⁸⁸ the scheme reflects a balance. Under the DMCA safe harbors, intermediaries have been able to provide flexible platforms that allow for a broad variety of amateur expression. For example, Geocities and others have been able to host personal home pages, precursors to the blogs of today, without fear of copyright liability should any of the home page owners post infringing material—at least so long as they act after specific notification of an infringement. Had these intermediaries stopped offering these services for fear of crushing liability under a different legal configuration, people would have had far fewer options to broadcast online: they could have either hosted content through their own personal PCs, with several incumbent shortcomings,⁸⁹ or forgone broadcasting altogether. Thanks to the incentives of notice-and-takedown, copyright holders gained a ready means of redress for the most egregious instances of copyright infringement, without chilling individual expression across the board in the process.

The DMCA legal regime supports the procrastination principle, allowing for experimentation of all sorts and later reining in excesses and abuses as they happen, rather than preventing them from the outset. Compelling copyright holders to specifically demand takedown may seem like an unnecessary burden, but it may be helpful to them because it allows them to tolerate some facially infringing uses without forcing copyright holders to make a blanket choice between enforcement and no enforcement. Several media companies and publishers simply have not figured out whether YouTube’s and others’ excerpts of their material are friend or foe. Companies are not monolithic, and there can be dissenting views within a company on the matter. A company with such diverse internal voices cannot come right out and give an even temporary blessing to apparent copyright infringement. Such a blessing would cure the material in question of its unlawful character, because the infringement would then be authorized. Yet at the same time, a copyright holder may be loath to issue DMCA notices to try to get material removed each time it appears, because clips can serve a valuable promotional function.

The DMCA regime maintains a loose coupling between the law’s violation and its remedy, asking publishers to step forward and affirmatively declare that they want specific material wiped out as it arises and giving publishers the luxury to accede to some uses without forcing intermediaries to assume that the copyright holder would have wanted the material to be taken down. People might make videos that include copyrighted background music or television show clips and upload them to centralized video sharing services like YouTube. But YouTube does not have to seek these clips out and take them down unless it receives a specific complaint from the copyright holder.

While requiring unprompted attempts at copyright enforcement by a firm like YouTube may not end up being unduly burdensome to the intermediary—it all depends on how its business model and technology are structured—requiring unprompted enforcement may end up precluding uses of copyrighted material to which the author or publisher actually does not object, or on which it has not yet come to a final view.⁹⁰

Thus there may be some cases when preemptive regimes can be undesirable to the entities they are designed to help. A preemptive intervention to preclude some particular behavior actually disempowers the people who might complain about it to decide that they are willing, after all, to tolerate it. Few would choose to tolerate a murder, making it a good candidate for preemption through design, were that possible,⁹¹ but the intricacies of the markets and business models involved in the distribution of intellectual works means that reasonable copyright holders could disagree on whether it would be a good thing to prevent certain unauthorized distributions of their works.

The generative history of the Internet shows that allowing openness to third-party innovation from multiple corners and through multiple business models (or no business model at all) ends up producing widely adopted, socially useful applications not readily anticipated or initiated through the standard corporate production cycle.⁹² For example, in retrospect, permitting the manufacture of VCRs was a great boon to the publishers who were initially opposed to it. The entire video rental industry was not anticipated by publishers, yet it became a substantial source of revenue for them.⁹³ Had the Hush-A-Phones, Carterfones, and modems of Chapter Two required preapproval, or been erasable at the touch of a button the way that an EchoStar DVR of today can be killed, the decisions to permit them might have gone the other way, and AT&T would not have benefited as people found new and varied uses for their phone lines.

Some in the music, television, and movie industries are embracing cheap networks and the free flow of bits, experimenting with advertising models similar to those pioneered for free television, in which the more people who watch, the more money the publishers can make. For instance, the BBC has made a deal with the technology firm Azureus, makers of a peer-to-peer BitTorrent client that has been viewed as contraband on many university campuses and corporate networks.⁹⁴ Users of Azureus’s software will now be able to download BBC television programs for free, and with authorization, reflecting both a shift in business model for the BBC and a conversion of Azureus from devil’s tool to helpful distribution vehicle. BitTorrent software ensures that people upload to others as they download, which means that the BBC will be able to release its programs online without incurring the costs of a big bandwidth bill because many viewers will be downloading from fellow viewers rather than from the BBC. EMI is releasing music on iTunes without digital rights management— initially charging more for such unfettered versions.⁹⁵

The tools that we now take as so central to the modern Internet, including the Web browser, also began and often remain on uncertain legal ground. As one surfs the Internet, it is easy to peek behind the curtain of most Web sites by asking the browser to “view source,” thereby uncovering the code that generates the viewed pages. Users can click on nearly any text or graphic they see and promptly copy it to their own Web sites or save it permanently on their own PCs. The legal theories that make these activities possible are tenuous. Is it an implied license from the Web site owner? Perhaps, but what if the Web site owner has introductory text that demands that no copies like that be made?⁹⁶ Is it fair use? Perhaps. In the United States, fair use is determined by a fuzzy four-factor test that in practice rests in part on habit and custom, on people’s expectations.⁹⁷ When a technology is deployed early, those expectations are unsettled, or perhaps settled in the wrong direction, especially among judges who might be called upon to apply the law without themselves having fully experienced the technologies in question. A gap between deployment and regulatory reaction gives the economic and legal systems time to adapt, helping to ensure that doctrines like fair use are applied appropriately.

The Undesirable Collapse of Conduct and Decision Rules

Law professor Meir Dan-Cohen describes law as separately telling people how to behave and telling judges what penalties to impose should people break the law. In more general terms, he has observed that law comprises both conduct rules and decision rules.⁹⁸ There is some disconnect between the two: people may know what the law requires without fully understanding the ramifications for breaking it.⁹⁹ This division—what he calls an “acoustic separation”—can be helpful: a law can threaten a tough penalty in order to ensure that people obey it, but then later show unadvertised mercy to those who break it.¹⁰⁰ If the mercy is not telegraphed ahead of time, people will be more likely to follow the law, while still benefiting from a lesser penalty if they break it and have an excuse to offer, such as duress.

Perfect enforcement collapses the public understanding of the law with its application, eliminating a useful interface between the law’s terms and its application. Part of what makes us human are the choices that we make every day about what counts as right and wrong, and whether to give in to temptations that we believe to be wrong. In a completely monitored and controlled environment, those choices vanish. One cannot tell whether one’s behavior is an expression of character or is merely compelled by immediate circumstance.

Of course, it may be difficult to embrace one’s right to flout the law if the flouting entails a gross violation of the rights of another. Few would uphold the freedom of someone to murder as “part of what makes us human.” So we might try to categorize the most common lawbreaking behaviors online and see how often they relate to “merely” speech-related wrongs rather than worse transgressions. This is just the sort of calculus by which prior restraints are disfavored especially when they attach to speech, rather than when they are used to prevent lawbreaking behaviors such as those that lead to physical harm. If most of the abuses sought to be prevented are well addressed through post hoc remedies, and if they might be adequately discovered through existing law enforcement mechanisms, one should disfavor perfect enforcement to preempt them. At the very least, the prospect of abuse of powerful, asymmetric law enforcement tools reminds us that there is a balance to be struck rather than an unmitigated good in perfect enforcement.

WEB 2.0 AND THE END OF GENERATIVITY

The situation for online copyright illustrates that for perfect enforcement to work, generative alternatives must not be widely available.¹⁰¹ In 2007, the movie industry and technology makers unveiled a copy protection scheme for new high-definition DVDs to correct the flaws in the technical protection measures applied to regular DVDs over a decade earlier. The new system was compromised just as quickly; instructions quickly circulated describing how PC users could disable the copy protection on HD-DVDs.¹⁰² So long as the generative PC remains at the center of the modern information ecosystem, the ability to deploy trusted systems with restrictions that interfere with user expectations is severely limited: tighten a screw too much, and it will become stripped.

So could the generative PC ever really disappear? As David Post wrote in response to a law review article that was a precursor to this book, “a grid of 400 million open PCs is not less generative than a grid of 400 million open PCs and 500 million locked-down TiVos.”¹⁰³ Users might shift some of their activities to tethered appliances in response to the security threats described in Chapter Three, and they might even find themselves using locked-down PCs at work or in libraries and Internet cafés. But why would they abandon the generative PC at home? The prospect may be found in “Web 2.0.” As mentioned earlier, in part this label refers to generativity at the content layer, on sites like Wikipedia and Flickr, where content is driven by users.¹⁰⁴ But it also refers to something far more technical—a way of building Web sites so that users feel less like they are looking at Web pages and more like they are using applications on their very own PCs.¹⁰⁵ New online map services let users click to grasp a map section and move it around; new Internet mail services let users treat their online e-mail repositories as if they were located on their PCs. Many of these technologies might be thought of as technologically generative because they provide hooks for developers from one Web site to draw upon the content and functionality of another—at least if the one lending the material consents.¹⁰⁶

Yet the features that make tethered appliances worrisome—that they are less generative and that they can be so quickly and effectively regulated—apply with equal force to the software that migrates to become a service offered over the Internet. Consider Google’s popular map service. It is not only highly useful to end users; it also has an open API (application programming interface) to its map data,¹⁰⁷ which means that a third-party Web site creator can start with a mere list of street addresses and immediately produce on her site a Google Map with a digital push-pin at each address.¹⁰⁸ This allows any number of “mash-ups” to be made, combining Google Maps with third-party geographic datasets. Internet developers are using the Google Maps API to create Web sites that find and map the nearest Starbucks, create and measure running routes, pinpoint the locations of traffic light cameras, and collate candidates on dating sites to produce instant displays of where one’s best matches can be found.¹⁰⁹

Because it allows coders access to its map data and functionality, Google’s mapping service is generative. But it is also contingent: Google assigns each Web developer a key and reserves the right to revoke that key at any time, for any reason—or to terminate the whole Google Maps service.¹¹⁰ It is certainly understandable that Google, in choosing to make a generative service out of something in which it has invested heavily, would want to control it. But this puts within the control of Google, and anyone who can regulate Google, all downstream uses of Google Maps—and maps in general, to the extent that Google Maps’ popularity means other mapping services will fail or never be built.

Software built on open APIs that can be withdrawn is much more precarious than software built under the old PC model, where users with Windows could be expected to have Windows for months or years at a time, whether or not Microsoft wanted them to keep it. To the extent that we find ourselves primarily using a particular online service, whether to store our documents, photos, or buddy lists, we may find switching to a new service more difficult, as the data is no longer on our PCs in a format that other software can read. This disconnect can make it more difficult for third parties to write software that interacts with other software, such as desktop search engines that can currently paw through everything on a PC in order to give us a unified search across a hard drive. Sites may also limit functionality that the user expects or assumes will be available. In 2007, for example, MySpace asked one of its most popular users to remove from her page a piece of music promotion software that was developed by an outside company. She was using it instead of MySpace’s own code.¹¹¹ Google unexpectedly closed its unsuccessful Google Video purchasing service and remotely disabled users’ access to content they had purchased; after an outcry, Google offered limited refunds instead of restoring access to the videos.¹¹²

Continuous Internet access thus is not only facilitating the rise of appliances and PCs that can phone home and be reconfigured by their vendors at any moment. It is also allowing a wholesale shift in code and activities from endpoint PCs to the Web. There are many functional advantages to this, at least so long as one’s Internet connection does not fail. When users can read and compose e-mail online, their inboxes and outboxes await no matter whose machines they borrow—or what operating system the machines have—so long as they have a standard browser. It is just a matter of getting to the right Web site and logging in. We are beginning to be able to use the Web to do word processing, spreadsheet analyses, indeed, nearly anything we might want to do.

Once the endpoint is consigned to hosting only a browser, with new features limited to those added on the other end of the browser’s window, consumer demand for generative PCs can yield to demand for boxes that look like PCs but instead offer only that browser. Then, as with tethered appliances, when Web 2.0 services change their offerings, the user may have no ability to keep using an older version, as one might do with software that stops being actively made available.

This is an unfortunate transformation. It is a mistake to think of the Web browser as the apex of the PC’s evolution, especially as new peer-to-peer applications show that PCs can be used to ease network traffic congestion and to allow people directly to interact in new ways.¹¹³ Just as those applications are beginning to show promise—whether as ad hoc networks that PCs can create among each other in the absence of connectivity to an ISP, or as distributed processing and storage devices that could apply wasted computing cycles to faraway computational problems¹¹⁴—there is less reason for those shopping for a PC to factor generative capacity into a short-term purchasing decision. As a 2007 Wall Street Journal headline put it: “‘Dumb terminals can be a smart move’: Computing devices lack extras but offer security, cost savings.”¹¹⁵

Generative networks like the Internet can be partially controlled, and there is important work to be done to enumerate the ways in which governments try to censor the Net.¹¹⁶ But the key move to watch is a sea change in control over the endpoint: lock down the device, and network censorship and control can be extraordinarily reinforced. The prospect of tethered appliances and software as service permits major regulatory intrusions to be implemented as minor technical adjustments to code or requests to service providers. Generative technologies ought to be given wide latitude to find a variety of uses—including ones that encroach upon other interests. These encroachments may be undesirable, but they may also create opportunities to reconceptualize the rights underlying the threatened traditional markets and business models. An information technology environment capable of recursive innovation¹¹⁷ in the realms of business, art, and culture will best thrive with continued regulatory forbearance, recognizing that the disruption occasioned by generative information technology often amounts to a long-term gain even as it causes a short-term threat to some powerful and legitimate interests.

The generative spirit allows for all sorts of software to be built, and all sorts of content to be exchanged, without anticipating what markets want—or what level of harm can arise. The development of much software today, and thus of the generative services facilitated at the content layer of the Internet, is undertaken by disparate groups, often not acting in concert, whose work can become greater than the sum of its parts because it is not funneled through a single vendor’s development cycle.¹¹⁸

The keys to maintaining a generative system are to ensure its internal security without resorting to lockdown, and to find ways to enable enough enforcement against its undesirable uses without requiring a system of perfect enforcement. The next chapters explore how some enterprises that are generative at the content level have managed to remain productive without requiring extensive lockdown or external regulation, and apply those lessons to the future of the Internet.

The hourglass portrays two important design insights. First is the notion that the network can be carved into conceptual layers. The exact number of layers varies depending on who is drawing the hourglass and why,¹ and even by chapter of this book.² On one basic view the network can be understood as having three layers. At the bottom is the “physical layer,” the actual wires or airwaves over which data will flow. At the top is the “application layer,” representing the tasks people might want to perform on the network. (Sometimes, above that, we might think of the “content layer,” containing actual information exchanged among the network’s users, and above that the “social layer,” where new behaviors and interactions among people are enabled by the technologies underneath.) In the middle is the “protocol layer,” which establishes consistent ways for data to flow so that the sender, the receiver, and anyone necessary in the middle can know the basics of who the data is from and where the data is going.

By dividing the network into layers and envisioning some boundaries among them, the path is clear to a division of labor among people working to improve the overall network. Tinkerers can work on one layer without having to understand much about the others, and there need not be any coordination or relationship between those working at one layer and those at another. For example, someone can write a new application like an instant messenger without having to know anything about whether its users will be connected to the network by modem or broadband. And an ISP can upgrade the speed of its Internet service without having to expect the authors of instant messenger programs to rewrite them to account for the new speed: the adjustment happens naturally. On the proprietary networks of the 1980s, in contrast, such divisions among layers were not as important because the networks sought to offer a one-stop solution to their customers, at the cost of having to design everything themselves. Layers facilitate polyarchies, and the proprietary networks were hierarchies.³

The second design insight of the hourglass is represented by its shape. The framers of Internet Protocol did not undertake to predict what would fill the upper or lower layers of the hourglass. As a technical matter, anyone could become part of the network by bringing a data-carrying wire or radio wave to the party. One needed only to find someone already on the network willing to share access, and to obtain a unique IP address, an artifact not intended to be hoarded. Thus, wireless Internet access points could be developed by outsiders without any changes required to Internet Protocol: the Protocol embodied so few assumptions about the nature of the medium used that going wireless did not violate any of them. The large variety of ways of physically connecting is represented by the broad base to the hourglass. Similarly, the framers of Internet Protocol made few assumptions about the ultimate uses of the network. They merely provided a scheme for packaging and moving data, whatever its purpose. This scheme allowed a proliferation of applications from any interested and talented source—from the Web to e-mail to instant messenger to file transfer to video streaming. Thus, the top of the hourglass is also broad. It is only the middle that is narrow, containing Internet Protocol, because it is meant to be as feature-free as possible. It simply describes how to move data, and its basic parameters have evolved slowly over the years. Innovation and problem-solving are pushed up or down, and to others: Chapter Two’s procrastination principle at work.

This same quality is found within traditional PC architecture. It greatly facilitates the way that the overall network operates, although those joining the debate on Internet openness have largely ignored this quality. Operating system designers like Microsoft and Apple have embraced the procrastination principle of their counterparts in Internet network design. Their operating systems, as well as Unix and its variants, are intentionally incomplete; they were built to allow users to install new code written by third parties. Such code could entirely revise the way a computer operates, which gives individuals other than the original designers the capacity to solve new problems and redirect the purposes of PCs.⁴ We could even sketch a parallel hourglass of PC architecture (Figure 4.2).

The PC can run code from a broad number of sources, and it can be physically placed into any number and style of physical chassis from many sources, at least as a technical matter. (Sometimes the operating system maker may object as a strategic and legal matter: Apple, for example, has with few exceptions notoriously insisted on bundling its operating system with Apple hardware, perhaps a factor in its mere 5 percent market share for PCs.⁵)

I have termed this quality of the Internet and of traditional PC architecture “generativity.” Generativity is a system’s capacity to produce unanticipated change through unfiltered contributions from broad and varied audiences. Terms like “openness” and “free” and “commons” evoke elements of it, but they do not fully capture its meaning, and they sometimes obscure it.

Generativity pairs an input consisting of unfiltered contributions from diverse people and groups, who may or may not be working in concert, with the output of unanticipated change. For the inputs, how much the system facilitates audience contribution is a function of both technological design and social behavior. A system’s generativity describes not only its objective characteristics, but also the ways the system relates to its users and the ways users relate to one another. In turn, these relationships reflect how much the users identify as contributors or participants, rather than as mere consumers.

FEATURES OF A GENERATIVE SYSTEM

What makes something generative? There are five principal factors at work: (1) how extensively a system or technology leverages a set of possible tasks; (2) how well it can be adapted to a range of tasks; (3) how easily new contributors can master it; (4) how accessible it is to those ready and able to build on it; and (5) how transferable any changes are to others—including (and perhaps especially) nonexperts.

Leverage: Leverage makes a difficult job easier. Leverage is not exclusively a feature of generative systems; non-generative, specialized technologies can provide leverage for their designated tasks.⁶ But as a baseline, the more a system can do, the more capable it is of producing change. Examples of leverage abound: consider a lever itself (with respect to lifting physical objects), a band saw (cutting them), an airplane (transporting them from one place to another), a piece of paper (hosting written language, wrapping fish), or an alphabet (constructing words). Our world teems with useful objects and processes, both natural and artificial, tangible and intangible. Both PCs and network technologies have proven very leveraging. A typical PC operating system handles many of the chores that the author of an application would otherwise have to worry about, and properly implemented Internet Protocol sees to it that bits of data move from one place to another without application authors having to worry on either end. A little effort can thus produce a very powerful computer program, whether a file-sharing program or a virus comprising just a few lines of code.

Adaptability: Adaptability refers to how easily the system can be built on or modified to broaden its range of uses. A given instrumentality may be highly leveraging yet suited only to a limited range of applications. For example, TiVo is greatly leveraging—television viewers describe its impact on their lives as revolutionary—but it is not very adaptable. A plowshare enables one to plant a variety of seeds; however, its comparative leverage quickly vanishes when devoted to other tasks such as holding doors open. The same goes for swords (they really make poor plowshares), guns, chairs, band saws, and even airplanes. Adaptability is clearly a spectrum. Airplanes can transport people and things, or they can be configured to dust or bomb what lies below. But one can still probably count the kinds of uses for an airplane on two hands. A technology that affords hundreds of different, additional kinds of uses beyond its essential application is more adaptable and, all else being equal, more generative than a technology that offers fewer kinds of uses. The emphasis here is on uses not anticipated at the time the technology was developed. A thick Swiss Army knife may have plenty of built-in tools compared with a simple pocket knife, but many of those are highly specialized.⁷

By this reckoning, electricity is an amazingly adaptable technology, as is plastic (hence the historical use of “plastic” to refer to notions of sculptability).⁸ And so are the PC and the Internet: they can be endlessly diverted to new tasks not counted on by their original makers.

Ease of mastery: A technology’s ease of mastery reflects how easy it is for broad audiences to understand how to adopt and adapt it. The airplane is not readily mastered, being neither easy to fly nor easy to learn how to modify for new purposes. The risk of physical injury if the modifications are poorly designed or executed is a further barrier to such tinkering. Paper, on the other hand, is readily mastered: we teach our children how to use it, draw on it, and even fold it into paper airplanes (which are much easier to fly and modify than real ones), often before they enter preschool. The skills required to understand many otherwise generative technologies are often not very readily absorbed. Many technologies require apprenticeships, formal training, or many hours of practice if one is to become conversant in them. The small electronic components used to build radios and doorbells fall into this category—one must learn both how each piece functions and how to solder—as do antique car engines that the enthusiast wants to customize. Of course, the skills necessary to operate certain technologies, rather than modify them, are often more quickly acquired. For example, many quickly understand how to drive a car, an understanding probably assisted by user-friendly inventions such as the automatic transmission.

Ease of mastery also refers to the ease with which various types of people might deploy and adapt a given technology, even if their skills fall short of full mastery. A pencil is easily mastered: it takes a moment to understand and put to many uses, even though it might require a lifetime of practice and innate artistic talent to achieve Da Vincian levels of leverage from it. The more useful a technology is both to the neophyte and to the expert, the more generative it is. PCs and network technologies are not easy for everyone to master, yet many people are able to learn how to code, often (or especially) without formal training.

Accessibility: The easier it is to obtain access to a technology, along with the tools and information necessary to achieve mastery of it, the more generative it is. Barriers to accessibility can include the sheer expense of producing (and therefore consuming) the technology, taxes, regulations associated with its adoption or use, and the secrecy its producers adopt to maintain scarcity or control.

Measured by accessibility, paper, plowshares, and guns are highly accessible, planes hardly at all, and cars somewhere in between. It might be easy to learn how to drive a car, but cars are expensive, and the government can always revoke a user’s driving privileges, even after the privileges have been earned through a demonstration of driving skill. Moreover, revocation is not an abstract threat because effective enforcement is not prohibitively expensive. Measured by the same factors, scooters and bicycles are more accessible, while snowplows are less so. Standard PCs are very accessible; they come in a wide range of prices, and in a few keystrokes or mouse-clicks one can be ready to write new code for them. On the other hand, specialized PC modes—like those found in “kiosk mode” at a store cycling through slides—cannot have their given task interrupted or changed, and they are not accessible.

Transferability: Transferability indicates how easily changes in the technology can be conveyed to others. With fully transferable technology, the fruits of skilled users’ adaptations can be easily conveyed to less-skilled others. The PC and the Internet together possess very strong transferability: a program written in one place can be shared with, and replicated by, tens of millions of other machines in a matter of moments. By contrast, a new appliance made out of a 75-in-1 Electronic Project Kit is not easily transferable because the modifier’s changes cannot be easily conveyed to another kit. Achieving the same result requires manually wiring a new kit to look like the old one, which makes the project kit less generative.

GENERATIVE AND NON-GENERATIVE SYSTEMS COMPARED

Generative tools are not inherently better than their non-generative (“sterile”) counterparts. Appliances are often easier to master for particular uses, and because their design often anticipates uses and abuses, they can be safer and more effective. For example, on camping trips, Swiss Army knives are ideal. Luggage space is often at a premium, and such a tool will be useful in a range of expected and even unexpected situations. In situations when versatility and space constraints are less important, however, a Swiss Army knife is comparatively a fairly poor knife—and an equally awkward magnifying glass, saw, and scissors.

As the examples and terms suggest, the five qualities of leverage, adaptability, ease of mastery, accessibility, and transferability often reinforce one another. And the absence of one of these factors may prevent a technology from being generative. A system that is accessible but difficult to master may still be generative if a small but varied group of skilled users make their work available to less-sophisticated users. Usually, however, a major deficiency in any one factor greatly reduces overall generativity. This is the case with many tools that are leveraging and adaptable but difficult to master. For example, while some enjoy tinkering in home workshops, making small birdhouses using wood and a saw, most cannot build their own boats or decks, much less pass those creations on to others. Similarly, there are plenty of examples of technology that is easy to master and is quite adaptable, but lacks leverage. Lego building blocks are easy to master and can produce a great range of shapes, but regardless of the skill behind their arrangement they remain small piles of plastic, which largely confines their uses to that of toys.

The more that the five qualities are maximized, the easier it is for a system or platform to welcome contributions from outsiders as well as insiders. Maximizing these qualities facilitates the technology’s deployment in unanticipated ways. Table 4.1 lists examples of generative tools. For comparison, the table also includes some of these tools’ less generative counterparts. Views on these categories or particular examples will undoubtedly vary, but some themes emerge. In general, generative tools are more basic and less specialized for accomplishing a particular purpose; these qualities make such tools more usable for many tasks. Generative technologies may require the user to possess some skill in order for the tool to be even minimally useful—compare a piano with a music box—but once the user has acquired some skill, the tools support a wider range of applications.

Generative tools are individually useful. Generative systems are sets of tools and practices that develop among large groups of people. These systems provide an environment for new and best—or at least most popular—practices to spread and diversify further within them. Generative systems can be built on non-generative platforms—no technical reason prevented CompuServe from developing wiki-like features and inviting its subscribers to contribute to something resembling Wikipedia—but frequently generativity at one layer is the best recipe for generativity at the layer above.

GENERATIVITY AND ITS COUSINS

The notion of generativity is itself an adaptation. It is related to other conceptions of information technology and, to some degree, draws upon their meanings.

The Free Software Philosophy

The normative ideals of the free software movement and the descriptive attributes of generativity have much in common. According to this philosophy, any software functionality enjoyed by one person should be understandable and modifiable by everyone. The free software philosophy emphasizes the value of sharing not only a tool’s functionality, but also knowledge about how the tool works so as to help others become builders themselves. Put into our terms, accessibility is a core value. When the free software approach works, it helps to expand the audiences capable of building software, and it increases the range of outputs the system generates.

While generativity has some things in common with the free software approach, it is not the same. Free software satisfies Richard Stallman’s benchmark “four freedoms”: freedom to run the program, freedom to study how it works, freedom to change it, and freedom to share the results with the public at large.⁹ These freedoms overlap with generativity’s four factors, but they depart in several important respects. First, some highly generative platforms may not meet all of free software’s four freedoms. While proprietary operating systems like Windows may not be directly changeable—the Windows source code is not regularly available to outside programmers—the flexibility that software authors have to build on top of the Windows OS allows a programmer to revise nearly any behavior of a Windows PC to suit specific tastes. Indeed, one could implement GNU/Linux on top of Windows, or Windows on top of GNU/Linux.¹⁰ So, even though Windows is proprietary and does not meet the definition of free software, it is generative.

Free software can also lack the accessibility associated with generativity. Consider “trapped” PCs like the one inside the TiVo. TiVo is built on Linux, which is licensed as free software, but, while the code is publicly published, it is nearly impossible for the Linux PC inside a TiVo to run anything but the code that TiVo designates for it. The method of deploying a generative technology can have a non-generative result: the free software satisfies the leveraging quality of generativity, but it lacks accessibility.¹¹

Affordance Theory

Fields such as psychology, industrial design, and human-computer interaction use the concept of “affordances.”¹² Originally the term was used to refer to the possible actions that existed in a given environment. If an action were objectively possible, the environment was said to “afford” that action. The concept has since been adapted to focus on “perceived affordances,” the actions or uses that an individual is subjectively likely to make, rather than on actions or uses that are objectively possible. As a design tool, affordances can help the creator of an environment ensure that the available options are as obvious and inviting as possible to the intended users.

A theory of affordances can also be used to predict what various people might do when presented with an object by asking what that object invites users to do. A ball might be thrown; a chair might be sat on. A hyperlink that is not underlined may be “poorly afforded” because it may impede users from realizing that they can click on it, suggesting that a better design would visually demarcate the link.

Generativity shares some of this outlook. If poorly afforded, some forms of technical user empowerment, such as the ability to run software written by others, can harm users who mistakenly run code that hurts their machines. This leads to the unfortunate result that the unqualified freedom to run any code can result in restrictions on what code is or can be run: adverse experiences cause less-skilled users to become distrustful of all new code, and they ask for environments that limit the damage that they can inadvertently do.

Yet unlike generativity, affordance theory does not focus much on systemic output. Instead, it takes one object at a time and delineates its possible or likely uses. More recent incarnations of the theory suggest that the object’s designer ought to anticipate its uses and tailor the object’s appearance and functionality accordingly. Such tailoring is more consistent with the development of appliancized systems than with generative ones. Generativity considers how a system might grow or change over time as the uses of a technology by one group are shared with other individuals, thereby extending the generative platform.

Theories of the Commons

Generativity also draws from recent scholarship about the commons. Some commentators, observing the decentralized and largely unregulated infrastructure of the Internet, have noted how these qualities have enabled the development of an innovation commons where creativity can flourish.¹³ Projects like Creative Commons have designed intellectual property licenses so that authors can clearly declare the conditions under which they will permit their technical or expressive work to be copied and repurposed. Such licensing occurs against the backdrop of copyright law, which generally protects all original work upon fixation, even work for which the author has been silent as to how it may be used. By providing a vehicle for understanding that authors are willing to share their work, Creative Commons licenses are a boon for content-level generativity because the licenses allow users to build on their colleagues’ work.

Other scholars have undertaken an economic analysis of the commons. They claim that the Internet’s economic value as a commons is often significantly underestimated, and that there are strong economic arguments for managing and sustaining an infrastructure without gatekeepers.¹⁴ In particular, they argue that nonmonopolized Internet access is necessary to ensure meritocratic competition among content providers.¹⁵

These arguments about infrastructure tend to end where the network cable does. A network on which anyone can set up a node and exchange bits with anyone else on the network is necessary but not sufficient to establish competition, to produce innovative new services, to promote the free flow of information to societies in which the local media is censored, or to make the most efficient use of network resources. As the next chapter explains, the endpoints have at least as much of a role to play. Focusing on the generativity of a system without confining that system to a particular technical locus can help us evaluate what values the system embodies—and what it truly affords.

Values, of course, vary from one person and stakeholder to the next. Generative systems can encourage creativity and spur innovation, and they can also make it comparatively more difficult for institutions and regulators to assert control over the systems’ uses. If we are to draw conclusions about whether a field balanced between generative and non-generative systems ought to be preserved, we need to know the benefits and drawbacks of each in greater detail.

THE STRENGTHS OF GENERATIVE SYSTEMS

Generative systems facilitate change. The first part of this book introduced positive and negative faces of generativity: it told an optimistic tale of Internet development, followed by pessimistic predictions of trouble due to deep-rooted vulnerabilities in that network.

A generative system can be judged from both within the system and outside of it. A set of PCs being destroyed by a virus from afar is a change brought about by a generative system that is internally bad because it harms the system’s generativity. The development and distribution of a generic installer program for a PC, which makes it easy for other software authors to bundle their work so that users can easily install and use it, is an example of a generative system producing an internally good change, because it makes the system more generative.

Generative outputs can also be judged as good or bad by reference to external values. If people use a generative system to produce software that allows its users to copy music and video without the publishers’ permissions, those supportive of publishers will rationally see generativity’s disruptive potential as bad. When a generative system produces the means to circumvent Internet filtering in authoritarian states, people in favor of citizen empowerment will approve.

Generativity’s benefits can be grouped more formally as at least two distinct goods, one deriving from unanticipated change, and the other from inclusion of large and varied audiences. The first good is its innovative output: new things that improve people’s lives. The second good is its participatory input, based on a belief that a life well lived is one in which there is opportunity to connect to other people, to work with them, and to express one’s own individuality through creative endeavors.

GENERATIVITY’S OUTPUT: INNOVATION

To those for whom innovation is important, generative systems can provide for a kind of organic innovation that might not take place without them.

The Limits of Non-generative Innovation

Non-generative systems can grow and evolve, but their growth is channeled through their makers: a new toaster is released by Amana and reflects anticipated customer demand or preferences, or an old proprietary network like CompuServe adds a new form of instant messaging by programming it itself. When users pay for products or services in one way or another, those who control the products or services amid competition are responsive to their desires through market pressure. This is an indirect means of innovation, and there is a growing set of literature about its limitation: a persistent bottleneck that prevents certain new uses from being developed and cultivated by large incumbent firms, despite the benefits they could enjoy with a breakthrough.¹⁶

We have already seen this phenomenon by anecdote in the first part of this book. Recall the monopoly telephone system in the United States, where AT&T attempted to extend its control through the network and into the endpoint devices hooked up to the network, at first barring the Hush-A-Phone and the Carterfone. The telephone system was stable and predictable; its uses evolved slowly if at all from its inception in the late nineteenth century. It was designed to facilitate conversations between two people at a distance, and with some important exceptions, that is all it has done. The change it has wrought for society is, of course, enormous, but the contours of that change were known and set once there was a critical mass of telephones distributed among the general public. Indeed, given how revolutionary a telephone system is to a society without one, it is striking that the underlying technology and its uses have seen only a handful of variations since its introduction. This phenomenon is an artifact of the system’s rejection of outside contributions. In the United States, after the law compelled AT&T to permit third-party hardware to connect, we saw a number of new endpoint devices: new telephone units in various shapes, colors, and sizes; answering machines; and, most important, the telephone modem, which allows the non-generative network itself to be repurposed for widespread data communication.

We saw a similar pattern as the Internet overtook proprietary networks that did not even realize it was a competitor. The generative Internet is a basic, flexible network, which began with no innate content. The content was to appear as people and institutions were moved to offer it. By contrast, the proprietary networks of CompuServe, AOL, Prodigy, and Minitel were out beating the bushes for content, arranging to provide it through the straightforward economic model of being paid by people who would spend connect time browsing it. If anything, we would expect the proprietary networks to offer more, and for a while they did. But they also had a natural desire to act as gatekeepers—to validate anything appearing on their network, to cut individual deals for revenue sharing with their content providers, and to keep their customers from affecting the network’s technology. These tendencies meant that their rates of growth and differentiation were slow. A few areas that these networks consigned to individual contribution experienced strong activity and subscriber loyalty, such as their topical bulletin boards run by hired systems operators (called “sysops”) and boasting content provided by subscribers in public conversations with each other. These forums were generative at the content layer because people could post comments to each other without prescreening and could choose to take up whatever topics they chose, irrespective of the designated labels for the forums themselves (“Pets” vs. “Showbiz”).¹⁷ But they were not generative at the technical layer. The software driving these communities was stagnant: subscribers who were both interested in the communities’ content and technically minded had few outlets through which to contribute technical improvements to the way the communities were built. Instead, any improvements were orchestrated centrally. As the initial offerings of the proprietary networks plateaued, the Internet saw developments in technology that in turn led to developments in content and ultimately in social and economic interaction: the Web and Web sites, online shopping, peer-to-peer networking, wikis, and blogs.

The hostility of AT&T toward companies like Hush-A-Phone and of the proprietary networks to the innovations of enterprising subscribers is not unusual, and it is not driven solely by their status as monopolists. Just as behavioral economics shows how individuals can consistently behave irrationally under particular circumstances,¹⁸ and how decision-making within groups can fall prey to error and bias,¹⁹ so too can the incumbent firms in a given market fail to seize opportunities that they rationally ought to exploit. Much of the academic work in this area draws from further case studies and interviews with decision-makers at significant firms. It describes circumstances that echo the reluctance of CompuServe, AOL, and other proprietary online services to allow third-party innovation—or to innovate much themselves.

For example, Tim Wu has shown that when wireless telephone carriers exercise control over the endpoint mobile phones that their subscribers may use, those phones will have undesirable features—and they are not easy for third parties to improve.²⁰ In design terms, there is no hourglass. Carriers have forced telephone providers to limit the mobile phones’ Web browsers to certain carrier-approved sites. They have eliminated call timers on the phones, even though they would be trivial to implement—and are in much demand by users, who would like to monitor whether their use of a phone has gone beyond allotted minutes for a monthly plan.²¹ Phones’ ability to transfer photos and recorded sounds is often limited to using the carriers’ preferred channels and fees. For those who wish to code new applications to run on the increasingly powerful computers embedded within the phones, the barriers to contribution are high. The phones’ application programming interfaces are poorly disclosed, or are at best selectively disclosed, making the programming platform difficult to master. Often, the coding must be written for a “virtual machine” that bars access to many of the phone’s features, reducing accessibility. And the virtual machines run slowly, eliminating leverage. These factors persist despite competition among several carriers.

Oxford’s Andrew Currah has noted a similar reluctance to extend business models beyond the tried-and-true in a completely different setting. He has studied innovation within the publishing industries, and has found cultural barriers to it across studios and record companies. As one studio president summarized:

The fiscal expectations are enormous. We have to act in a rational and cautious fashion, no matter how much potential new markets like the Internet have. Our core mission is to protect the library of films, and earn as much as possible from that library over time. . . . So that means focusing our efforts on what’s proven—i.e. the DVD—and only dipping our toes into new consumer technologies. We simply aren’t programmed to move quickly.²²

And the studio’s vice-chairman said:

You have to understand [studio] strategy in relation to the lifestyle here. . . . Once you reach the top of the hierarchy, you acquire status and benefits that can soon be lost—the nice cars, the home in Brentwood, the private schools. . . . It doesn’t make sense to jeopardize any of that by adopting a reckless attitude towards new technologies, new markets. Moving slow, and making clear, safe progress is the mantra.²³

The puzzle of why big firms exhibit such innovative inertia was placed into a theoretical framework by Clayton Christensen in his pioneering book The Innovator’s Dilemma.²⁴ Christensen found the hard disk drive industry representative. In it, market leaders tended to be very good at quickly and successfully adopting some technological advancements, yet were entirely left behind by upstarts. To explain the discrepancy, he created a taxonomy of “sustaining” and “disruptive” innovations. When technological innovations are consistent with the performance trajectory of established market leaders—that is, when they are a more efficient way of doing what they already do—alert leaders will be quick to develop and utilize such “sustaining” innovations.

It is with disruptive innovations that the market leaders will lag behind. These innovations are not in the path of what the company is already doing well. Indeed, Christensen found that the innovations which market leaders were the worst at exploiting were “technologically straightforward, consisting of off-the-shelf components put together in a product architecture that was often simpler than prior approaches. They offered less of what customers in established markets wanted and so could rarely be initially employed there. They offered a different package of attributes valued only in emerging markets remote from, and unimportant to, the mainstream.”²⁵

It is not the case, Christensen argues, that these large companies lack the technological competence to deploy a new technology, but rather that their managements choose to focus on their largest and most profitable customers, resulting in an unwillingness to show “downward vision and mobility.”²⁶

Subsequent authors have built on this theory, arguing that a failure to innovate disruptively is not simply an issue of management, but the organizational inability of large firms to respond to changes in consumer preferences caused by such disruptive innovations. Established firms are structurally reluctant to investigate whether an innovative product would be marketable to a sector outside what they perceive to be their traditional market.²⁷ They want to ride a wave, and they fail to establish alternatives or plumb new markets even as competitors begin to do so.

This observation has led others to conclude that in order for large organizations to become more innovative, they must adopt a more “ambidextrous organizational form” to provide a buffer between exploitation and exploration.²⁸ This advice might be reflected in choices made by companies like Google, whose engineers are encouraged to spend one day a week on a project of their own choosing—with Google able to exploit whatever they come up with.²⁹

But large firms struggling to learn lessons from academics about becoming more creative need not be the only sources of innovation. In fact, the competitive market that appears to be the way to spur innovation—a market in which barriers to entry are low enough for smaller firms to innovate disruptively where larger firms are reluctant to tread—can be made much more competitive, since generative systems reduce barriers to entry and allow contributions from those who do not even intend to compete.

THE GENERATIVE DIFFERENCE

Generative systems allow users at large to try their hands at implementing and distributing new uses, and to fill a crucial gap that is created when innovation is undertaken only in a profit-making model, much less one in which large firms dominate. Generatively-enabled activity by amateurs can lead to results that would not have been produced in a firm-mediated market model.

The brief history of the Internet and PC illustrates how often the large and even small firm market model of innovation missed the boat on a swath of significant advances in information technology while non-market-motivated and amateur actors led the charge. Recall that Tasmanian amateur coder Peter Tattam saw the value of integrating Internet support into Windows before Microsoft did, and that the low cost of replicating his work meant that millions of users could adopt it even if they did not know how to program computers themselves.³⁰ Hundreds of millions of dollars were invested in proprietary information services that failed, while Internet domain names representing firms’ identities were not even reserved by those firms.³¹ (McDonald’s might be forgiven for allowing someone else to register mcdonalds.com before it occurred to the company to do so; even telecommunications giant MCI failed to notice the burgeoning consumer Internet before Sprint, which was the first to register mci.com—at a time when such registrations were given away first-come, first-served, to anyone who filled out the electronic paperwork.)³²

The communally minded ethos of the Internet was an umbrella for more activity, creativity, and economic value than the capitalistic ethos of the proprietary networks, and the openness of the consumer PC to outside code resulted in a vibrant, expanding set of tools that ensured the end of the information appliances and proprietary services of the 1980s.

Consider new forms of commercial and social interaction made possible by new software that in turn could easily run on PCs or be offered over the Internet. Online auctions might have been ripe for the plucking by Christie’s or Sotheby’s, but upstart eBay got there first and stayed. Craigslist, initiated as a “.org” by a single person, dominates the market for classified advertising online.³³ Ideas like free Web-based e-mail, hosting services for personal Web pages, instant messenger software, social networking sites, and well-designed search engines emerged more from individuals or small groups of people wanting to solve their own problems or try something neat than from firms realizing there were profits to be gleaned. This is a sampling of major Internet applications founded and groomed by outsiders; start sliding down what Wired editor Chris Anderson calls the Long Tail—niche applications for obscure interests—and we see a dominance of user-written software.³⁴ Venture capital money and the other artifacts of the firm-based industrial information economy can kick in after an idea has been proven, and user innovation plays a crucial role as an initial spark.

GENERATIVITY AND A BLENDING OF MODELS FOR INNOVATION

Eric von Hippel has written extensively about how rarely firms welcome improvements to their products by outsiders, including their customers, even when they could stand to benefit from them.³⁵ His work tries to persuade otherwise rational firms that the users of their products often can and do create new adaptations and uses for them—and that these users are commonly delighted to see their improvements shared. Echoing Christensen and others, he points out that firms too often think that their own internal marketing and R&D departments know best, and that users cannot easily improve on what they manufacture.

Von Hippel then goes further, offering a model that integrates user innovation with manufacturer innovation (Figure 4.3).

Von Hippel’s analysis says that users can play a critical role in adapting technologies to entirely new purposes—a source of disruptive innovation. They come up with ideas before there is widespread demand, and they vindicate their ideas sufficiently to get others interested. When interest gets big enough, companies can then step in to smooth out the rough edges and fully commercialize the innovation.

Von Hippel has compiled an extensive catalog of user innovation. He points to examples like farmers who roped a bicycle-like contraption to some PVC pipes to create a portable center-pivot irrigation system, which, now perfected by professional manufacturers, is a leading way to water crops.³⁶ Or a paramedic who placed IV bags filled with water into his knapsack and ran the outlet tubes from behind so he could drink from them while bicycling, akin to the way some fans at football games drink beer out of baseball caps that have cup holders that hang on either side of the head. The IV bag system has since been adopted by large manufacturers and is now produced for hikers and soldiers.³⁷ Von Hippel’s studies show that 20 percent of mountain bikers modify their bikes in some way, and an equal number of surgeons tinker with their surgical implements. Lego introduced a set of programmable blocks for kids—traditional Lego toys with little engines inside—and the toys became a runaway hit with adults, who accounted for 70 percent of the market. The adults quickly hacked the Lego engines and made them better. Silicon Valley firms then banned Legos as a drain on employee productivity. Lego was stumped for over a year about how to react—this market was not part of the original business plan—before concluding that it was good.

The building blocks for most of von Hippel’s examples are not even particularly generative ones. They represent tinkering done by that one person in a hundred or a thousand who is so immersed in an activity or pursuit that improving it would make a big difference—a person who is prepared to experiment with a level of persistence that calls to mind the Roadrunner’s nemesis, Wile E. Coyote. Generative systems and technologies are more inviting to disruptive innovation thanks to their leverage, adaptability, ease of mastery, and accessibility, and they make it easier for their fruits to spread.

Most firms cannot sift through the thousands of helpful and not-so-helpful suggestions sent in by their customers, and they might not even dare look at them institutionally, lest a sender claim later on that his or her idea was stolen. Offers of partnership or affiliation from small businesses may not fare much better, just as deals between proprietary networks and individual technology and content providers numbered only in the tens rather than in the thousands. Yet when people and institutions other than the incumbents have an opportunity to create and distribute new uses as is possible in a generative system, the results can outclass what is produced through traditional channels.

If one values innovation, it might be useful to try to figure out how much disruptive innovation remains in a particular field or technology. For mature technologies, perhaps generativity is not as important: the remaining leaps, such as that which allows transistors to be placed closer and closer together on a chip over time without fundamentally changing the things the chip can do, will come from exploitative innovation or will necessitate well-funded research through institutional channels.

For the Internet, then, some might think that outside innovation is a transitory phenomenon, one that was at its apogee when the field of opportunity was new and still unnoticed by more traditional firms, and when hardware programming capacity was small, as in the early days of the PC.³⁸ If so, the recent melding of the PC and the Internet has largely reset the innovative clock. Many of the online tools that have taken off in recent years, such as wikis and blogs, are quite rudimentary both in their features and in the sophistication of their underlying code. The power of wikis and blogs comes from the fact that nothing quite like them existed before, and that they are so readily adopted by Internet users intrigued by their use. The genius behind such innovations is truly inspiration rather than perspiration, a bit of tinkering with a crazy idea rather than a carefully planned and executed invention responding to clear market demand.

Due to the limitations of the unconnected PC, one could credibly claim that its uses were more or less known by 1990: word processing, spreadsheets, databases, games. The rest was merely refinement. The reinvigorated PC/Internet grid makes such applications seem like a small corner of the landscape, even as those applications remain important to the people who continue to use them.

We have thus settled into a landscape in which both amateurs and professionals as well as small- and large-scale ventures contribute to major innovations. Much like the way that millions of dollars can go into production and marketing for a new musical recording³⁹ while a gifted unknown musician hums an original tune in the shower that proves the basis for a hit album, the Internet and PC today run a fascinating juxtaposition of sweepingly ambitious software designed and built like a modern aircraft carrier by a large contractor, alongside “killer applets” that can fit on a single floppy diskette.⁴⁰ OS/2, an operating system created as a joint venture between IBM and Microsoft,⁴¹ absorbed billions of dollars of research and development investment before its plug was pulled,⁴² while Mosaic, the first graphical PC Internet browser, was written by a pair of students in three months.⁴³

A look at sites that aggregate various software projects and their executable results reveals thousands of projects under way.⁴⁴ Such projects might be tempting to write off as the indulgences of hobbyists, if not for the roll call of pivotal software that has emerged from such environments:⁴⁵ software to enable encryption of data, both stored on a hard drive and transmitted across a network,⁴⁶ peer-to-peer file-sharing software,⁴⁷ e-mail clients,⁴⁸ Web browsers,⁴⁹ and sound and image editors.⁵⁰ Indeed, it is difficult to find software not initiated by amateurs, even as later versions are produced through more formal corporate means to be more robust, to include consumer help files and otherwise attempt to improve upon others’ versions or provide additional services for which users are willing to pay a premium.⁵¹ Many companies are now releasing their software under a free or open source license to enable users to tinker with the code, identify bugs, and develop improvements.⁵²

It may well be that, in the absence of broad-based technological accessibility, there would eventually have been the level of invention currently witnessed in the PC and on the Internet. Maybe AT&T would have invented the answering machine on its own, and maybe AOL or CompuServe would have agreed to hyperlink to one another’s walled gardens. But the hints we have suggest otherwise: less-generative counterparts to the PC and the Internet—such as standalone word processors and proprietary information services—had far fewer technological offerings, and they stagnated and then failed as generative counterparts emerged. Those proprietary information services that remain, such as Lexis/Nexis and Westlaw, sustain themselves because they are the only way to access useful proprietary content, such as archived news and some scholarly journal articles.⁵³

Of course, there need not be a zero-sum game in models of software creation, and generative growth can blend well with traditional market models. Consumers can become enraptured by an expensive, sophisticated shooting game designed by a large firm in one moment and by a simple animation featuring a dancing hamster in the next.⁵⁴ Big firms can produce software when market structure and demand call for such enterprise; smaller firms can fill niches; and amateurs, working alone and in groups, can design both inspirational “applets” and more labor-intensive software that increase the volume and diversity of the technological ecosystem.⁵⁵ Once an eccentric and unlikely invention from outsiders has gained notoriety, traditional means of raising and spending capital to improve a technology can shore it up and ensure its exposure to as wide an audience as possible. An information technology ecosystem comprising only the products of the free software movement would be much less usable by the public at large than one in which big firms help sand off rough edges.⁵⁶ GNU/Linux has become user-friendly thanks to firms that package and sell copies, even if they cannot claim proprietary ownership in the software itself, and tedious tasks that improve ease of mastery for the uninitiated might best be done through corporate models: creating smooth installation engines, extensive help guides, and other handholding for what otherwise might be an off-putting technical piece of PC software or Web service.⁵⁷

As the Internet and the PC merge into a grid, people can increasingly lend or barter computing cycles or bandwidth for causes they care about by simply installing a small piece of software.⁵⁸ This could be something like SETI@home, through which astronomers can distribute voluminous data from radio telescopes to individual PCs,⁵⁹ which then look for patterns that might indicate the presence of intelligent life, or it could be a simple sharing of bandwidth through mechanisms such as amateur-coded (and conceived, and designed) BitTorrent,⁶⁰ by which large files are shared among individuals as they download them, making it possible for users to achieve very rapid downloads by accumulating bits of files from multiple sources, all while serving as