112 Yale L.J. 2261 (2003)
The first generation of cyberlaw was about what regulates cyberspace. Led by Larry Lessig's path-breaking scholarship isolating architecture as a constraint on behavior online, a wide body of work has flourished. In a recent article, I took those insights and reverse-engineered them to show how attention to architecture in realspace (such as our city streets, parks, houses, and other buildings) constrains crime. It is time to begin a new generation of work, one that applies the lessons of realspace study back to the cybernetic realm. The question will not be what regulates cyberspace, but how to do so given the panoply of architectural, legal, economic, and social constraints.
This Essay details how theories of realspace architecture inform the regulation of one aspect of cyberspace, computer crime. Computer crime causes enormous damage to the United States economy, with even a single virus causing damage in the billions of dollars and with a recent survey finding that ninety percent of corporations detected computer security breaches. Yet despite apparent metaphorical synergy, architects in realspace generally have not talked to those in cyberspace, and vice versa. There is little analysis of digital architecture and its relationship to crime, and the realspace architectural literature on crime prevention is often far too "soft" to garner significant readership among computer engineers. However, the architectural methods used to solve crime problems offline can serve as a template to solve them online. This will become increasingly obvious as the divide between realspace and cyberspace erodes. With wireless networking, omnipresent cameras, and ubiquitous access to data, these two realms are heading toward merger. Architectural concepts offer a vantage point from which to view this coming collision.
This brief Essay sketches out design solutions to the problem of security in cyberspace. It begins by introducing four principles of realspace crime prevention through architecture. Offline, design can (1) create opportunities for natural surveillance, meaning visibility and susceptibility to monitoring by residents, neighbors, and bystanders; (2) instill a sense of territoriality so that residents develop proprietary attitudes and outsiders feel deterred from entering private space; (3) build communities; and (4) protect targets of crime.
After introducing these concepts, the Essay discusses analogues to each principle in cyberspace. Naturally, the online and offline realms are not symmetric, but the animating rationales for the four principles can be translated to cyberspace. Some of the outlined modifications to digital architecture are major and will invariably provoke technical and legal concerns; others are more minor and can be implemented quickly to control computer crime. For example, we will see how natural surveillance principles suggest new virtues of open source platforms, such as Linux, and how territoriality outlines a strong case for moving away from digital anonymity toward pseudonymity. The goal of building communities will similarly expose some new advantages for the original, and now eroding, end-to-end architecture of the Internet--a design choice that eschewed barriers between computers and rejected preferences for certain types of content. Principles of community and target protection will illuminate why installing firewalls (which are simply pieces of hardware and software that prevent specified communications ) at end points will provide strong protection, why some computer programs subtly cue criminal acts, and why the government should keep some computer crimes secret.
Throughout this Essay, each Section will employ the realspace architect's understanding of context to explain why many meta-claims in contemporary cyberlaw are too grand. These claims are proliferating and track the same binary formula: "open sources are more/less secure," "digital anonymity should be encouraged/prohibited," "end-to-end networks are more/less efficient," "peer-to-peer technologies are a threat/blessing," etc. Systematic predictions are possible about the benefits of open sources, end-to-end (e2e) networks, and the like, but caution is warranted before applying these predictions across the board. Such caution is a staple of crime prevention in realspace, as the four design principles are often in tension with each other. As this Essay progresses, these tensions will become evident in the cyberspace context as well.
In total, these architectural lessons will help us chart an alternative course to the federal government's tepid approach to computer crime. In February of this year, after a year and a half of promising a revolutionary approach, the White House released its National Strategy To Secure Cyberspace. Unfortunately, the Strategy consists of little beyond an unbridled faith in "the market itself" to prevent cybercrime. By leaving the bulk of crime prevention to market forces, the government will encourage private barricades to develop--the equivalent of digital gated communities--with terrible consequences for the Net in general and interconnectivity in particular. Just as safety on the street depends in part on public police and public architecture, so, too, in cyberspace.
|
