Lessig's Modalities of Regulation: Law, Architecture, Norms and the Market

Video Overviews by Nic SuzorCode is Law and Different Types of Regulation

As law students, we are familiar with thinking of regulation primarily as law. The law generally threatens those who misbehave, or fail to abide by legal rules, with punishment. As Grimmelmann explains, the law 'encourages individuals to choose the “right” course of action by associating sufficient sanctions with the “wrong” one to make it comparatively unattractive“.1) We have different bodies of law, causes of action and remedies for resolving disputes between “right” and “wrong” courses of action. The law, however, is not the only form of regulation in everyday life. In his famous book, Code, and Other Laws of Cyberspace, Lawrence Lessig explains that there are four key "modalities of regulation" that attempt to limit or restrain people's behaviour. These modalities are (1) law, (2) architecture, (3) norms and (4) the market.

It is useful here to explain Lessig's conception of the other modalities of regulation. First, architecture refers to physical reality, or “the human built environment”.2) Speed humps are an everyday example of regulation as physical architecture. Speed humps have speed control elements that, in conjunction with drivers taking note of warning signs, attempt to reduce the speed of a vehicle in line with target speed limits. Architects and town planners, among others, regularly design and deploy a wide variety of physical restraints, like speed humps, in line with regulatory agendas. Second, even in the absence of black letter law, social norms constrain some forms of behaviour. Take, for instance, norms of everyday conduct that many of us are socially conditioned to adhere to: 'Don't talk to strangers', 'follow instructions given by authority figures', 'respect your elders' and so forth. Norms are informal yet pervasive codes of conduct. Finally, the marketplace can regulate behaviour by putting a price tag on certain behaviours. Examples of market-based regulation include raising the price to petrol to combat speeding, pollution permits for certain industries, and accreditation, licensing and membership certifications. The market can efficiently regulate some scare resources and, like architecture and norms, improve regulation carried out my laws.

Shortly after early cyber-libertarians like Barlow declared the internet to be free from regulation, Lawrence Lessig's famous phrase “code is law” fundamentally changed debates about internet governance and regulation.3) Lessig argues that code is a form of physical architecture that can control online communication, or behaviours, just as effectively as the legal rules of nation states. The hidden ways in which code regulates online behaviours often goes unnoticed, but in every piece of software, in every algorithm, there are hidden assumptions about how the world works or should work. Sometimes this is accidental - for example, many websites are inaccessible to people with print disabilities because they are not designed with this user group in mind. It takes a lot of vigilance to ensure that technologies are developed in a way that does not unintentionally exclude or limit the access of certain groups of people. Other times, though, code acts in a much more sinister way. We have no real understanding of the algorithms that Facebook or Google use to determine which content is visible to us. The news items that popup in our feeds, or the results of our searches, are all determined according to a set of algorithms that are ultimately designed to further the interests of private corporations. These are powerful algorithms – powerful mechanisms of regulation that we really do not understand, and certainly do not know whether or how we should regulate their design or use.

Lessig outlines how code, the physical architecture of the internet, as well as the other modalities of regulation work together in the online environment. For example:

  • Law: Laws such as copyright, defamation and obscenity threaten ex-post sanction for violation of legal rights;
  • Architecture: Software and hardware that make cyberspace what it is constrain how you can behave online, by requiring passwords, producing traces that link transactions to you, encryption and code;
  • Norms: What users can say on particular websites is influenced by the nature of that site; and
  • Markets: Price structures or busy signals constrain access, areas of the web charge for access, advertisers reward popular sites, online services drop low-population forums.

We can apply these four modalities to different regulatory issues about internet content. Imagine, for instance, that we are concerned about the amount of offensive content on the web. We could create a law against offensive material, but it would be really hard to enforce. In fact, we already have several such laws, including common law obscenity offences as well as a content classification scheme that allows people to make complaints about content online. These laws, however, are all practically useless where content is hosted in foreign jurisdictions. Lessig's other modalities of regulation offer other potential solutions:

  • A code-based approach to regulating offensive content might be to introduce mandatory filtering at the ISP level;
  • A market-based approach might include subsidising voluntary filters that parents can install on their home internet connections; or
  • We might investigate how to develop social norms around acceptable behaviour. This might be a bit harder to articulate, but we see this happening a lot in our society. Imagine the moral outrage, in all of the papers, including outraged quotes from the Prime Minister's office when someone defaces a memorial page on Facebook. This is the work that creates a shared social norm about what content or behaviour is permissible and what is not.

Importantly, Lessig's modalities are never really independent, as they all interact in interested ways. In the context of offensive online content, social media platforms like Facebook, YouTube, and Twitter are modifying their code to allow people to report or flag offensive content, and the market is starting to respond to concerns about offensive content. This market-based initiative, noting that platforms, like Facebook, are private corporations, leverages code and social norms to regulate the massive amounts of material that are posted to these networks every day.

Overview by Alex McKay

Copyright infringement is another example of the interplay between the different modalities of regulation. In the late 1990s, the copyright industries' answer to the problem P2P file sharing network Napster posed was to turn to the courts. The courts eventually held that Napster was liable for copyright infringement, and the service was shut down. When that did not stop filesharing, the industries turned to marketing to try to create strong social norms against copying – you wouldn't steal a car, right? Over the last decade, working with YouTube and others, rightsholders have been able to develop new technologies to detect potential copyright infringement and deal with it automatically. YouTube's ContentID, for example, automatically detects when a person uses copyright music in their video, and copyright owners are presented with an easy choice to block access to the video, remove the soundtrack, leave it alone, or run ads alongside it. This has been a massively important tool for rightsholders. Finally, there have been some market innovations over the last few decades as well. Eventually, iTunes emerged to satisfy some of the demand music fans had to be able to get access to digital downloads in a cheap and easy way. Spotify and now Apple Music have gone further - providing fans with all-you-can-eat subscription so that they can enjoy the abundance that Napster brought, legally.

If you define 'regulation' as a concerted effort to influence or control the way another person behaves, there are many different ways of achieving that goal. Lessig's point is not that governments and state-based law do not matter in the internet age, rather that law is only one of the ways to regulate. This means that when we are thinking about internet regulation, we need to be aware of the ways in which behaviour can be altered, and the limits of any given modality.

Enforcing Law Online

Overview Videos by Will McLay on Online Anonymity and Rica Ehlers on 4chan

There are a number of challenges to enforcing law on the internet. The first is the decentralised nature of the internet, in stark contrast to the traditional, centralised conception of government, enables users to communicate across jurisdictional boundaries.4) It is possible for users to redirect their online activities through any number of jurisdictions that might be remote, require inter-governmental cooperation, or lengthily and/or costly legal proceedings. The ability of users to communicate largely anonymously via the internet is another challenge for law enforcement. Anonymity makes it difficult for law enforcement agencies to do a number of things, including obtain personal information and identify a person's physical location, especially when a user might be using a VPN or other de-identifying software. The sheer quantity of content that users transmit over the web also creates practical challenges. It is immensely difficult for law enforcement agencies, and other societal actors like online platforms that are increasingly undertaking policy work at the behest of regulators,5) to effectively review and make determinations about every piece of content. These factors, among others, can raise complex legal questions about choice of law/applicable law, choice of forum, and the recognition of foreign judgments, which we will consider in my more detail in the following Chapter. Lessig's modalities of regulation provide a useful framework for us to attempt to identify and evaluate different solutions to regulatory problems, like law enforcement, in the digital age.

Example: Cloudflare's decision to drop hosting for the Daily Stormer neo-Nazi site

Overview video by Hazza: The Downfall of the Daily Stormer

The neo-Nazi website, Daily Stormer, is a good example of how online content can be regulated by Internet intermediaries. Cloudflare, a content delivery network, provides many advantages to websites on their servers. One of Cloudflare's main selling points is its security capabilities against online attacks, especially against a Distributed Denial of Service attack. It is for this very reason that so many websites seek protection from the company, including the Daily Stormer, one of the largest neo-Nazi websites. After the administrators of the Daily Stormer made hateful comments regarding a woman's murder in the Charlottesville rally in 2017, Cloudflare terminated protection of the website after significant criticism from the public. It was a decision that Matthew Prince, Cloudflare’s CEO, struggled to make, being a firm believer in freedom of speech on the Internet. The tipping point for the decision was the team behind the website claiming that Cloudflare were secretly supporters of the site's hateful ideology, which was something the company could not stand for. The Daily Stormer has suffered dramatic losses in traffic and membership, and shows how Internet intermediaries can regulate online content, even if that regulation is only imperfect.

1) , 2)
James Grimmelmann, 'Regulation by Software' (2005) 1725 https://www.yalelawjournal.org/pdf/209_jbwrex6h.pdf
Lawrence Lessig, Code 2.0 (2006), pp 121–26 http://codev2.cc/download+remix/Lessig-Codev2.pdf
Note that this does not necessarily mean that the internet is borderless: See Orin S. Kerr 'Enforcing Law Online, Reviewed Work(s): Who Controls the Internet?: Illusions of a Borderless World by Jack Goldsmith and Tim Wu (2007) https://www.jstor.org/stable/pdf/4495619.pdf
Electronic Frontier Foundation, 'Who Has Your Back? Censorship Edition 2018 https://www.eff.org/who-has-your-back-2018
  • cyberlaw/code.txt
  • Last modified: 10 months ago
  • by nic