The Future of the Internet according to Jonathan Zittrain

“Be wary of SaaS and Internet-connected appliances, and it’s a good thing if the legal innovation never catches up with technological innovation.” That would serve as a rough summary of the thesis Jonathan Zittrain, cyberlaw Professor at Oxford, seeks to defend. In The Future of the Internet–And How to Stop It he develops an elaborate and densely-argued socio-legal doctrine designed to do one thing: protect the generativity of the Internet without letting it becoming prey to its own power or the anxieties of regulators. This is no quick and dirty treatment of GPL vs. Proprietary. It isn’t your grandmother’s elementary lecture on free as in speech vs. free as in beer. This is a demanding book written by a lawyer, unapologetically full of long, complex sentences that throws the full complexity of cyberlaw problems at you. I was drinking a pretty stiff vodka as I was going through the toughest part, Part III. That is not a good idea, since you need to be pretty alert when reading this part. Still, I think I was sober enough to make this a roughly accurate review/summary.

Generativity vs. Appliances and SaaS

Much of the book’s argument rests on the notion of generativity, which Zittrain defines as:

…a system’s capacity to produce unancitipated change through unfiltered contributions from broad and varied audiences.” (Page 70)

The Internet, PC and Facebook are generative, by Zittrain’s model. The iPhone, TiVo and SaaS-based Web 2.0 sites are not.

Generativity, he further elaborates, comprises four key features: leverage (he means roughly the extent to which a technology modularizes and makes available routine tasks), adaptability (what we engineers usually call expressivity or size of design space), learnability, and accessibility.

So far, this seems like a simplified version of the sorts of conceptual framework used in systems engineering to drive discussions of modularity and openness in architecture. The next major idea though, will leave technologists worrying about the soundness of what’s to come. As a practically axiomatic element of his argument, he characterizes Internet-enabled closed (to varying degrees) “appliances,” such as the iPhone and XBox, and the Web 2.0 architectural model of SaaS, as fundamentally non-generative and dangerous, representing trends that can ultimately kill Internet innovation in the process of attempting to secure it. He arrives at this assessment via some shaky analogies to the impact of older technologies (mainly the AT&T era phone system and the brief period of dominance of proprietary networks like Compuserve), and some misunderstanding of the nature of appliances and SaaS. I’ll elaborate on these points later, but fortunately for him, the remainder of his argument is not impacted by the weakness of his mental model of technology. It does, however, lead him to what I think is a mis-prioritization of the key issues at stake.

That said, the book is otherwise absolutely solid, with conclusions that you can trust, even if the underlying understanding of technology is suspect (or at least, incomplete).

The Summary

The book has three parts. The first part is a historically-motivated discussion of generativity as an empirical phenomenon. The second part drills down, analytically, into the notion of generativity, and develops the model of technology to be used as the basis for argumentation. The last part is Zittrain’s home turf — an elaborate analysis of, and normative opinions on, the legal issues of cyberlaw, informed by his understanding of generativity.

Part I

In Part I, we get a review of two battles. The first is the battle between specialized appliance devices (like the Wang-style word processors) and software-hardware bundled computers (like IBM mainframes) on the one hand, and the open-architecture PC on the other (by which Zittrain means both the IBM PC and the Apple) on the other. He makes the fairly standard argument that the openness of the PC to third-party applications and the horizontal separation of hardware, operating system and application layers is what fueled its victory.

The second battle is the one between proprietary networks like Compuserve and the open Internet. Here, Zittrain attributes the victory of the Internet’s open model to an almost accidental/serendipitous side-effect of the pragmatic motivations of the academic inventors of the Internet. Starting with a prelude to the main story, which covers how AT&T was forced to open up its network to 3rd party uses (through legal events such as the Hush-a-phone and Carterphone cases), Zittrain presents three design principles drawn from the ideas of influential founding figures of the Internet, which serve as anchors for the rest of the book:

  • Rough Consensus: this principle is stated via reference to the famous David D. Clark quote: we reject: Kings, presidents and voting; we believe in: rough consensus and running code (an idea that agile programming priests seem to have rediscovered).
  • Procrastination Principle: “Most problems confronting a network can be solved later by others… don’t do anything that can be done later by users.” (an idea from a 1984 paper by Clark, David Reed and Jerry Saltzer).
  • Trust-your-neighbor approach: People using the network and configuring its endpoints [are] to be trusted to be more or less competent and pure enough at heart that they would not intentionally or negligently disrupt the network.

These principles are eloquently illustrated in RFC 1135, a document which did a post-mortem on the response to the Morris Worm, the first worm on the Internet. The quote Zittrain picks out goes, “If security considerations had not been so widely ignored in the Internet, this memo would not have been possible.”

That sets the tone of the book: as a defense of a ready-fire-aim culture that trades-off generativity and innovation against premature concerns that only become issues if a technology actually succeeds in the first place. With this doctrine in place, Part I concludes with a gloomy examination of the state of cybersecurity and the myriad problems spawned by the success of the Internet, ranging from viruses to zombie botnets used by spammers. That sets the stage for Part II.

Part II

In Part II, we get the core model of generativity and the critique of SaaS and appliances I mentioned at the beginning. The critique itself is surprisingly simple (almost simple-minded). SaaS is critiqued by analogy to the proprietary networks like Compuserve, while appliances are painted as updated versions of the specialized hardware that the PC killed — sterile and safe, but ultimately innovation-killing.

The argument that SaaS and appliances are “non-generative” is flawed, but also unnecessary for the main legal-innovation arguments of the book (I’ll get to that in the summary of Part III). Here’s why.

For appliances, you could argue (and I would) that the “appliance” trend of today is vastly different from the age of stand-alone specialist hardware of the eighties. In particular, today’s trend of Internet-enabled appliances can be viewed as a breathtakingly generative technology wave in its own right — one analogous to speciation events in biology. The most characteristic feature of appliances is not their relatively locked-down state with respect to PCs. It is their optimization, at the level of hardware — sensors, actuators and UIs — for particular tasks for which PCs wouldn’t work. The biological world contains vastly more specialized species (ranging from ants to koalas), adapted to specialized lifestyles, than it does general-capabilities species (humans, hyenas and cats come to mind).

So why does Zittrain not see this? Possibly because he focuses on the evolutionary-dead-end examples of the technology, like the earlier locked-down iPhone. Viewing ‘appliancization’ of computing as the precursor to a potential ‘intelligent hardware’ revolution helps correct this perspective. Ironically, in this case, Microsoft has been the visionary company, with its investment in the concurrency and coordination runtime, designed to lower the threshold for significant robotics innovation.

Also, possibly, he has a blind spot with respect to the “open PC” which he deifies. Yes, the PC has led to a proliferation of software innovations. At the expense of hardware standardization. The biggest hardware innovation in the PC since it was invented was probably when Steve Jobs decided to add colors besides beige (okay, I am kidding here).

The argument against SaaS is that it permits a single locus of (usually third-party and commercial) control for critical activities on the Internet, allowing regulators (good and bad) the prospect of “perfect enforcement.” A particularly scary example is the ability of regulators — and Batman — to turn SaaS-connected appliances, like cellphones and OnStar, into surveillance devices.

Again though, the validity of the book’s argument does not depend on (and therefore does not need) the demonization of SaaS. What Zittrain misses is that technologists turned to SaaS in Web 2.0 for very different reasons than business people turned to proprietary networks in the 90s. SaaS is largely motivated by the enormous complexity and cost of producing the sort of shrink-wrapped software that fueled the 80s and 90s, and distributing and maintaining in backward-compatible ways, .

Viewed that way, SaaS too is a massively generative force, not the sterile force Zittrain imagines it to be. SaaS has lowered barriers to entry into software innovation by driving distribution and field maintenance costs to near zero, enabling an entire generation of new startups. Interestingly enough, later in the book, Zittrain does acknowledge the feature of SaaS that mitigates its potential dangers and differentiates it from Compuserve-like technologies — the fact that the SaaS server-side software itself can be replicated and secured from monopolistic forces. If you are afraid of cops getting access to your activities on Digg, you can set up your own Pligg. If you don’t like Wikipedia, you can take both the MediaWiki software and its content and do your own thing with it. And the good folks over at GPL aren’t asleep — they’ve been busy trying to plug the SaaS loophole in GPL models.

What’s more, SaaS systems can themselves be interlinked (much like the DNS server system) in a server-side P2P architecture if necessary, getting rid of most of Zittrain’s concerns (and he does love P2P).

Even the pairing Zittrain fears the most — SaaS combined with hardware appliances that accept software delivered remotely, as opposed to Web-only 2.0 applications — has largely been a generative force. Zittrain misses it because it is happening outside the realm of software, in hardware, and because it is early days yet. Consider for instance, the possibilities of the fabber. You could soon have desktop 3d printers that can print out functioning electromechanical devices, complete with batteries (I was fortunate enough to work for a couple of years in the same department as Hod Lipson’s research group, that is at the forefront of this coming revolution). Some companies, like Bug Labs, are already close. Connect some viral hardware to the Internet and the possibilities are limitless.

Part III

This is the heart of the book, and reading it, I understood what people mean by the phrase, “fine legal brain.” This is a kind of thinking that amazes me, since I would be pretty terrible at it. Lawyers seem skilled at a very different kind of counterfactual thinking than engineers and businesspeople. Their what-ifs don’t relate to exciting design possibilities or market uncertainties. They relate to conceptual possibilities that illuminate tricky legal questions. All sorts of clever examples and hypotheticals are deployed to make very subtle points.

You’ll encounter, among other things, the hypothetical scenario of James Joyce Ulysees, at the time of its ban, upon original publication, being deleted entirely from the public space through a TiVo-like SaaS+appliance distribution infrastructure (TiVo competitors were in fact ordered to do things like this by the courts). Another involves the what-if of restaurant smoking bans being imposed via surveillance of advanced smoke detectors, instead of through compliance requirements on restaurant owners.

These particular thought experiments relate to what Zittrain calls the danger of perfect enforcement. The possibility of a law being comprehensively enforced at the flick of a switch. After painting scary scenarios involving regulators demanding access from ISPs and appliance-SaaS companies, he elevates the argument to a new level (for me at least):

“The drawback of arguing generally against perfect enforcement because one objects to the laws likely to be enforced is that it preaches to the choir.”

He then proceeds to argue against perfect enforcement in a way that works no matter what your political ideology is. It is effectively this: laws are incomplete social constructs that only work because in general it takes time for enforcement to diffuse through society, allowing time for due process, appeals, and so forth. Allowing any law the power of instant enforcement is dangerous because no law is ever perfect enough at birth to deserve it. This is in fact the procrastination principle applied to the law. Enforcement via beta testing, so to speak.

An entire panoply of tricky and philosophically interesting issues is dissected at this level of sophistication. The list includes copyright, privacy laws, policing of ISPs, challenges to the network-neutrality principles, spam, viruses and crowd-surveillance.

The broad philosophical principle that emerges from this analysis is a very surprising one. Zittrain suggests that we not attempt to grow legal systems that keep pace with technology in complexity, but instead rely on communitarian models of norm-based and standards-based governance. He suggests that most problems cannot be solved by legal means without squashing generativity; that only community-based folk-law is agile enough to keep pace with generative technologies.

This isn’t some weak hippie hand-waving though. The case is comprehensively, pragmatically and subtly argued. I certainly bought it.

The Verdict

Overall, this is a very important book, especially for technologists. All too often, we retreat to complaining that the law isn’t keeping up. The law may not be keeping up, but thoughtful lawyers certainly are, and in many cases they are ahead of us. And they are choosing to leave the law itself behind for some very good reasons.

Get Ribbonfarm in your inbox

Get new post updates by email

New post updates are sent out once a week

About Venkatesh Rao

Venkat is the founder and editor-in-chief of ribbonfarm. Follow him on Twitter


  1. Video of Zittrain’s NYC book launch in April

  2. Maybe I’m only seeing it at a superficial level, but the thesis that “perfect enforcement is bad” strikes me as just another aspect of the general principle that societies which aspire to scale and stability – and “freedom” – must have several safety valves for dissatisfied citizens to vent, without exploding.

    I like to think of cash and cash equivalents – anonymous negotiable instruments which transfer a clean title to the recipient – as performing a similar function, by allowing the existence of a mechanism to quietly protest “unfair” taxes or other state-imposed economic burdens. This is something which the rather naive chaps at Arthakranti don’t seem to get.

    The intersection of the global Internet, the multinational corporation and the nation state seem to me a fertile and worthy prospecting ground for the futurist with a fine legal mind. Indeed, it may even provide some of the antidotes to Zittrain’s fears. As long as we have a world with competing nations with contrasting legal systems, competing companies, yet needing the existence of one Internet to bind them all, we should be OK.

    Witness the death-and-rebirth of The Pirate Bay. Their legal page makes for very entertaining reading. Most of their correspondence is from big American companies giving the Swedes DMCA takedown notices, to which they respond with gleeful taunts and insults.

    The litmus test of the Internet is this (and it really works for everybody): imagine the people whom you hate or dislike the most – can they access the internet and spread their vile and poisonous lies? Can you see it? Can you do likewise? Can they see it? As long as the answers are yes, we’re good.

  3. LOL@arthakranti. I enjoy a good economics joke, thanks :). I always wonder about people who try incredibly silly attacks on incredibly difficult problems. Sometimes I wonder whether they might achieve Forrest Gump sorts of success. Sometimes difficult problems have simple solutions, but most often, difficult problems need complex solutions.

    I do think copyright and patent law at least are outdated, but something creative needs to fill the gap to create an incentive structure for, well, creative people to create. I wouldn’t look for innovation from legal scholars though. The great lawgivers of history have typically been politicians, not lawyers.

  4. A few reflections on this review

    1) In appliances, what is happening right now is intensely generative. The iPhone is not the right case example (it is actually highly closed, though it relies on the same ecosystem as a vast array of other “unifunction” appliances). Much better examples are the Flip (pocket-size $150ish HD camcorder), the Peek ($20/mo subscription, $60 up front, eMail ONLY client, with bberry like interface, sold at TGT, and connected via wholesale backbone wireless leased from Sprint) or the Kindle (which is also a piece of custom hardware made with commodity components, and piggybacked on a wholesale wireless network, whose lifetime costs are bundled into the hardware and subsidised by the book sales). The vast overcapacity of ODM capability in China (much of which is actually a network of smaller suppliers) allows for so much diversity. Most of the diversity rides on “customizable” ASICs and the ARM core and you can expect to see even more customizable semico work as more and more “hardware configuration” moves into embedded software, to leverage the Indian engineer labor arbitrage opportunity (as Intel is doing with its smaller embedded processor development, seeding an ecosystem of ASIC designers who will become “semico-focused” software entrepreneurs when they leave Intel, helping customize ASIC code for startups in the US eyeing new appliance opportunities based on these cores). The last piece fuelling it (at least in the US) is wireless carrier capacity, the ones that have stepped forward into 3G are hungry to find ways to fill up their pipes (and apparently iPhone already drives 60+% of data usage on ATT wireless per Mary Meeker). So you have various unifunction devices (appliances) that are cheaply manufactured, by very small companies that own IP/design, and outsource everything else to focus on marketing. The appliance revolution is thus fuelled by standarddized “horizontal” component layers, and not comparable to Bloomberg’s proprietary terminals, or the early computers that had “closed’ stacks.

    2) SaaS in that sense also has the “horizontal layer separation” that fuelled the PC revolution (and is affecting appliance proliferation as above). If you look closer at SaaS, you find that there are infrastructure-as-a-service vendors (e.g., Amzn), platform-as-a-service vendors (e.g.’s “force”) and true “packaged SaaS” players. As long as there is ample access to low cost pay-as-you-go access to “components” of SaaS, there will be a continuing explosion of entrepreneurs engaged in creating yet-another-webservice. That is plenty generative. However, these entrepreneurs are likely to move away over time from “aggressively capital wasteful” models like “freemium”, because the costs of search will fall further (with networking, and serendipitous service discovery), allowing them to move (on average) to more “fee/event-based’ monetization, and get ever smaller startups to be more profitable. That is the dream of the long-tail in SaaS.

    3) I really found this “enforcement via beta testing” analogy very eye opening. I sometimes go to a movie archival facility in SF, called Oddball Cinema, to watch “curated screenings” of old film on a narrow topic (e.g., a Friday evening 3 hour curation of shorts from the 60’s on the dangers of drug use, or a Saturday evening 2 hour compilation of VW ads over the ages). Oddball Cinema buys a lot of old film from various parts of the world, and stores them in a large warehouse. When producers (like those of the movie on Harvey Milk) want some footage, they come to Oddball, search for that footage, have it digitized and restored, and pay Oddball for access to the clip. However, in many such cases, the IP actually still rests with the studio, or (as in the case of advertisements) some corporation, and the user has to separately get covered on these rights to reuse a clip. Most intellectual property is licensed in such a way as to keep the costs of enforcement very low, and just warn the user to behave, with enforcement kicking in only AFTER some user decides to violate the policy and abuses the IP for commercial gain. Essentially, law is relying on the markets to “price” the costs of delivering justice. If I notice a patent of mine being infringed, the propensity of the IP owner to make the effort (and bear the costs) of suing the infringer, is proportional to the “lawsuit-worthy value” of the infringer, and the “practicality of recovering lost revenues” from the current state of provable abuse. If the abuse is small, or the infringer poor (or remote), then a cease-desist notice is probably all that is “affordable” and sufficient. In general, Law is in a state of beta because abuses are also “generative”, and it takes time for the “governance” to catch up, and money as well. Perhaps America’s highly litigous society is the first one in the world where rights infringements can be challenged “with leverage”, by borrowing against the future “potential value” of success in the lawsuit (since there are many hungry lawyers waiting to take those chances and take on such cases). An vast supply of lawyers, and a huge database of precedent on every possible infringement (that may be applied against “generative” creative abuse) may well be America’s secret sauce in rendering legal recourse “accessible” to most, hence giving its laws more claws :)

    Nice post, I really enjoyed it, and learned a bit.

  5. Interesting points. I think I mostly understood your #1 (you are emphasizing the “push” of industry capacity and intentions, while I think I only focused on the natural evolutionary direction of the technology towards differentiation and variety).

    Point #2 seems rather tricky. I’ll need to think about it.

    Point #3… enforcement through beta. Yes, I found that idea in the book possibly the most valuable one. I liked your thought about “Essentially, law is relying on the markets to “price” the costs of delivering justice.” …it seems like a legal/economic version of the procrastination principle too.


  6. I reread this today and realised, you have colored our interpretation of “appliance” – absent our having read the underlying book.

    is he talking about appliances like the Flip, Peek, BodyBugg, etc.?

    Or is he talking about the “closed” X86 boxes (e.g. Barracuda Filtering, Google Appliance Search, Crossbeam UTM etc.) – these are “closed” systems that are intended to simplify sales and installation. They possibly enhance “systemwide generativity” by allowing more and more elements to enter the enterprise stack without having to fight through qualification, testing, and other hassles.