The Changing Meaning of ‘Unauthorized Access’
10 Jun 09
Cohen, Julie E. “The Changing Meaning of ‘Unauthorized Access’.” Distinguished Lecture in Law, Technology and the Arts. Case Western Reserve University, School of Law, Cleveland Ohio. 23 February 2009. Accessed 9 June 2009. <http://uc.princeton.edu/main/index.php/component/content/article/28-all-videos/4554-the-changing-meaning-of-unauthorized-access>
Legal system provides poor tools for resolving disputes over technical mediation of access to information: e.g. DMCA limits on tinkering with music/video formats and players; iPhone tinkering that can result in bricking. Unsatisfactory to give Apple final decision on whether tinkering activities are lawful. Categories are unsuited to technological convergence: iPhone is media player, software, and consumer equipment. Underlying conceptual frameworks do not address consumer’s freedom to tinker with an owned device
e-voting software is proprietary and copyright claims have been used to keep potential problems with e-voting secret. Government profiling: what algorithms get a name on the no-fly list? Where does the data come from?
Search engines and social networking: ability to identify users from search histories, Facebook problems involving new, mandatory features that consumers don’t want. Privacy issue with gmail using contents of email to generate ads–what then happens with the data? Algorithms and data use become trade secrets.
Legal tools don’t address the issues of accessibility to information and more importantly to the technical rules that govern and shape the networked environment. The legal framework operates to obscure technical rules.
Lessig, Code and Other Laws of Cyberspace (1999): Code is law. Intended metaphorically. Some take this literally, but of course states have no role. Others resist this idea, code is regulated by the market, therefore not law but “market ordering”. However, tools used to evaluate market ordering don’t square well with code, which can be developed to constrain market choice. Network emerges at conversion of public and private interest.
Others argue code is a form of regulation unique in human history: uniquely plastic ex ante and uniquely inflexible ex post, therefore new ideological problems. Based in a thoroughly discredited theory of technological determinism that fails to take into account aspects of social interaction and the evolution of code.
Too easy to understand law, code, market, as distinct Newtonian vectors, overlooking synergies among them and the fact they are strategies deployed by actors to serve self-interested goals.
Consider the larger context in which coded structures emerge. Legal frameworks to regulate access to systems are extended to impact ToS agreements and set parameters for marketplace behaviours. “Technical systems intended to police copyrights. . . represent one prong of a more diversified portfolio of strategies for controlling the shape of the digital media environment” (approx 20 min). Privacy, security, and technical systems for profiling increasingly linked to strategies for monitoring personal mobility and communications traffic. New systems of social ordering emerge where industry and government interests overlap.
How does code regulate? New structures establish prohibitions, but also new political economies around authorization of access to spaces, websites, information, resources, databases, transactional privileges. Governance of access to systems initially conceived of as protecting self-contained systems from malicious attack, not regulating market behaviours. If desire to use copyright to control access to digital files is legitimate, where digital files are widely distributed, controls must be as well, as must processes of authorization. “The figure of the hacker now coexists uneasily with the idea that the real locus of our distrust is the ordinary user” (24.30ish). Finally, privacy/security controls are inverted: authentication controls are all around us, and we become outsiders who need to identify ourselves to have access.
Freedom of speech/information is a central organizing philosophy in our culture, but much of the political economy of the networked information society is organized around secrets. Authorization and authentication become objects of desire, commodities, inducing us to reveal more and more of our personal data. Our trust in the market has allowed what are fundamentally governance decisions to be regulated by technical standards often developed in secrecy.
Everyday experience of the network: most users are not coders, bloggers, contributors to Wikipedia, etc. nor are they security experts or hackers. People generally interact with the network for mundane purposes, finding directions, ordering stuff, communication; to a lesser extent community building. When everyday user innovation comes into conflict with authorization regime, that’s at odds with how innovation historically occurs. More importantly, authorization regime seeks to instill a culture of permission-seeking in a predictable network environment in which independence of mind and action ceases to be valued. May also remake conditions of subjectivity and social identity.
Law and policy making must address these things comprehensively. Law should mitigate rather than reinforce structural problems arising from political economies of authorization. Best done through legislation, rather than waiting for courts to figure it out based on existing, inadequate frameworks. Regulations mandating greater transparency around closed systems, codes, data retention policies would help. However, transparency is retrospective, policy makers should recognize that users have interests to assert. May want to consider imposing obligations within standards processes.
Posted by pzed on June 10, 2009 at 11.41am
