“Be wary of SaaS and Internet-connected appliances, and it’s a good thing if the legal innovation never catches up with technological innovation.” That would serve as a rough summary of the thesis Jonathan Zittrain, cyberlaw Professor at Oxford, seeks to defend. In The Future of the Internet–And How to Stop It he develops an elaborate and densely-argued socio-legal doctrine designed to do one thing: protect the generativity of the Internet without letting it becoming prey to its own power or the anxieties of regulators. This is no quick and dirty treatment of GPL vs. Proprietary. It isn’t your grandmother’s elementary lecture on free as in speech vs. free as in beer. This is a demanding book written by a lawyer, unapologetically full of long, complex sentences that throws the full complexity of cyberlaw problems at you. I was drinking a pretty stiff vodka as I was going through the toughest part, Part III. That is not a good idea, since you need to be pretty alert when reading this part. Still, I think I was sober enough to make this a roughly accurate review/summary.
Generativity vs. Appliances and SaaS
Much of the book’s argument rests on the notion of generativity, which Zittrain defines as:
“…a system’s capacity to produce unancitipated change through unfiltered contributions from broad and varied audiences.” (Page 70)
The Internet, PC and Facebook are generative, by Zittrain’s model. The iPhone, TiVo and SaaS-based Web 2.0 sites are not.
Generativity, he further elaborates, comprises four key features: leverage (he means roughly the extent to which a technology modularizes and makes available routine tasks), adaptability (what we engineers usually call expressivity or size of design space), learnability, and accessibility.
So far, this seems like a simplified version of the sorts of conceptual framework used in systems engineering to drive discussions of modularity and openness in architecture. The next major idea though, will leave technologists worrying about the soundness of what’s to come. As a practically axiomatic element of his argument, he characterizes Internet-enabled closed (to varying degrees) “appliances,” such as the iPhone and XBox, and the Web 2.0 architectural model of SaaS, as fundamentally non-generative and dangerous, representing trends that can ultimately kill Internet innovation in the process of attempting to secure it. He arrives at this assessment via some shaky analogies to the impact of older technologies (mainly the AT&T era phone system and the brief period of dominance of proprietary networks like Compuserve), and some misunderstanding of the nature of appliances and SaaS. I’ll elaborate on these points later, but fortunately for him, the remainder of his argument is not impacted by the weakness of his mental model of technology. It does, however, lead him to what I think is a mis-prioritization of the key issues at stake.
That said, the book is otherwise absolutely solid, with conclusions that you can trust, even if the underlying understanding of technology is suspect (or at least, incomplete).
The book has three parts. The first part is a historically-motivated discussion of generativity as an empirical phenomenon. The second part drills down, analytically, into the notion of generativity, and develops the model of technology to be used as the basis for argumentation. The last part is Zittrain’s home turf — an elaborate analysis of, and normative opinions on, the legal issues of cyberlaw, informed by his understanding of generativity.
In Part I, we get a review of two battles. The first is the battle between specialized appliance devices (like the Wang-style word processors) and software-hardware bundled computers (like IBM mainframes) on the one hand, and the open-architecture PC on the other (by which Zittrain means both the IBM PC and the Apple) on the other. He makes the fairly standard argument that the openness of the PC to third-party applications and the horizontal separation of hardware, operating system and application layers is what fueled its victory.
The second battle is the one between proprietary networks like Compuserve and the open Internet. Here, Zittrain attributes the victory of the Internet’s open model to an almost accidental/serendipitous side-effect of the pragmatic motivations of the academic inventors of the Internet. Starting with a prelude to the main story, which covers how AT&T was forced to open up its network to 3rd party uses (through legal events such as the Hush-a-phone and Carterphone cases), Zittrain presents three design principles drawn from the ideas of influential founding figures of the Internet, which serve as anchors for the rest of the book:
- Rough Consensus: this principle is stated via reference to the famous David D. Clark quote: we reject: Kings, presidents and voting; we believe in: rough consensus and running code (an idea that agile programming priests seem to have rediscovered).
- Procrastination Principle: “Most problems confronting a network can be solved later by others… don’t do anything that can be done later by users.” (an idea from a 1984 paper by Clark, David Reed and Jerry Saltzer).
- Trust-your-neighbor approach: People using the network and configuring its endpoints [are] to be trusted to be more or less competent and pure enough at heart that they would not intentionally or negligently disrupt the network.
These principles are eloquently illustrated in RFC 1135, a document which did a post-mortem on the response to the Morris Worm, the first worm on the Internet. The quote Zittrain picks out goes, “If security considerations had not been so widely ignored in the Internet, this memo would not have been possible.”
That sets the tone of the book: as a defense of a ready-fire-aim culture that trades-off generativity and innovation against premature concerns that only become issues if a technology actually succeeds in the first place. With this doctrine in place, Part I concludes with a gloomy examination of the state of cybersecurity and the myriad problems spawned by the success of the Internet, ranging from viruses to zombie botnets used by spammers. That sets the stage for Part II.
In Part II, we get the core model of generativity and the critique of SaaS and appliances I mentioned at the beginning. The critique itself is surprisingly simple (almost simple-minded). SaaS is critiqued by analogy to the proprietary networks like Compuserve, while appliances are painted as updated versions of the specialized hardware that the PC killed — sterile and safe, but ultimately innovation-killing.
The argument that SaaS and appliances are “non-generative” is flawed, but also unnecessary for the main legal-innovation arguments of the book (I’ll get to that in the summary of Part III). Here’s why.
For appliances, you could argue (and I would) that the “appliance” trend of today is vastly different from the age of stand-alone specialist hardware of the eighties. In particular, today’s trend of Internet-enabled appliances can be viewed as a breathtakingly generative technology wave in its own right — one analogous to speciation events in biology. The most characteristic feature of appliances is not their relatively locked-down state with respect to PCs. It is their optimization, at the level of hardware — sensors, actuators and UIs — for particular tasks for which PCs wouldn’t work. The biological world contains vastly more specialized species (ranging from ants to koalas), adapted to specialized lifestyles, than it does general-capabilities species (humans, hyenas and cats come to mind).
So why does Zittrain not see this? Possibly because he focuses on the evolutionary-dead-end examples of the technology, like the earlier locked-down iPhone. Viewing ‘appliancization’ of computing as the precursor to a potential ‘intelligent hardware’ revolution helps correct this perspective. Ironically, in this case, Microsoft has been the visionary company, with its investment in the concurrency and coordination runtime, designed to lower the threshold for significant robotics innovation.
Also, possibly, he has a blind spot with respect to the “open PC” which he deifies. Yes, the PC has led to a proliferation of software innovations. At the expense of hardware standardization. The biggest hardware innovation in the PC since it was invented was probably when Steve Jobs decided to add colors besides beige (okay, I am kidding here).
The argument against SaaS is that it permits a single locus of (usually third-party and commercial) control for critical activities on the Internet, allowing regulators (good and bad) the prospect of “perfect enforcement.” A particularly scary example is the ability of regulators — and Batman — to turn SaaS-connected appliances, like cellphones and OnStar, into surveillance devices.
Again though, the validity of the book’s argument does not depend on (and therefore does not need) the demonization of SaaS. What Zittrain misses is that technologists turned to SaaS in Web 2.0 for very different reasons than business people turned to proprietary networks in the 90s. SaaS is largely motivated by the enormous complexity and cost of producing the sort of shrink-wrapped software that fueled the 80s and 90s, and distributing and maintaining in backward-compatible ways, .
Viewed that way, SaaS too is a massively generative force, not the sterile force Zittrain imagines it to be. SaaS has lowered barriers to entry into software innovation by driving distribution and field maintenance costs to near zero, enabling an entire generation of new startups. Interestingly enough, later in the book, Zittrain does acknowledge the feature of SaaS that mitigates its potential dangers and differentiates it from Compuserve-like technologies — the fact that the SaaS server-side software itself can be replicated and secured from monopolistic forces. If you are afraid of cops getting access to your activities on Digg, you can set up your own Pligg. If you don’t like Wikipedia, you can take both the MediaWiki software and its content and do your own thing with it. And the good folks over at GPL aren’t asleep — they’ve been busy trying to plug the SaaS loophole in GPL models.
What’s more, SaaS systems can themselves be interlinked (much like the DNS server system) in a server-side P2P architecture if necessary, getting rid of most of Zittrain’s concerns (and he does love P2P).
Even the pairing Zittrain fears the most — SaaS combined with hardware appliances that accept software delivered remotely, as opposed to Web-only 2.0 applications — has largely been a generative force. Zittrain misses it because it is happening outside the realm of software, in hardware, and because it is early days yet. Consider for instance, the possibilities of the fabber. You could soon have desktop 3d printers that can print out functioning electromechanical devices, complete with batteries (I was fortunate enough to work for a couple of years in the same department as Hod Lipson’s research group, that is at the forefront of this coming revolution). Some companies, like Bug Labs, are already close. Connect some viral hardware to the Internet and the possibilities are limitless.
This is the heart of the book, and reading it, I understood what people mean by the phrase, “fine legal brain.” This is a kind of thinking that amazes me, since I would be pretty terrible at it. Lawyers seem skilled at a very different kind of counterfactual thinking than engineers and businesspeople. Their what-ifs don’t relate to exciting design possibilities or market uncertainties. They relate to conceptual possibilities that illuminate tricky legal questions. All sorts of clever examples and hypotheticals are deployed to make very subtle points.
You’ll encounter, among other things, the hypothetical scenario of James Joyce Ulysees, at the time of its ban, upon original publication, being deleted entirely from the public space through a TiVo-like SaaS+appliance distribution infrastructure (TiVo competitors were in fact ordered to do things like this by the courts). Another involves the what-if of restaurant smoking bans being imposed via surveillance of advanced smoke detectors, instead of through compliance requirements on restaurant owners.
These particular thought experiments relate to what Zittrain calls the danger of perfect enforcement. The possibility of a law being comprehensively enforced at the flick of a switch. After painting scary scenarios involving regulators demanding access from ISPs and appliance-SaaS companies, he elevates the argument to a new level (for me at least):
“The drawback of arguing generally against perfect enforcement because one objects to the laws likely to be enforced is that it preaches to the choir.”
He then proceeds to argue against perfect enforcement in a way that works no matter what your political ideology is. It is effectively this: laws are incomplete social constructs that only work because in general it takes time for enforcement to diffuse through society, allowing time for due process, appeals, and so forth. Allowing any law the power of instant enforcement is dangerous because no law is ever perfect enough at birth to deserve it. This is in fact the procrastination principle applied to the law. Enforcement via beta testing, so to speak.
An entire panoply of tricky and philosophically interesting issues is dissected at this level of sophistication. The list includes copyright, privacy laws, policing of ISPs, challenges to the network-neutrality principles, spam, viruses and crowd-surveillance.
The broad philosophical principle that emerges from this analysis is a very surprising one. Zittrain suggests that we not attempt to grow legal systems that keep pace with technology in complexity, but instead rely on communitarian models of norm-based and standards-based governance. He suggests that most problems cannot be solved by legal means without squashing generativity; that only community-based folk-law is agile enough to keep pace with generative technologies.
This isn’t some weak hippie hand-waving though. The case is comprehensively, pragmatically and subtly argued. I certainly bought it.
Overall, this is a very important book, especially for technologists. All too often, we retreat to complaining that the law isn’t keeping up. The law may not be keeping up, but thoughtful lawyers certainly are, and in many cases they are ahead of us. And they are choosing to leave the law itself behind for some very good reasons.