Spheres of Contextual Integrity

Upon finishing Helen Nissenbaum's book, Privacy in Context,  I was compelled to dwell on a disturbing nuance to her argument; that her concept of contextual integrity in privacy online could be warped by various actors, providing heterogeneous spheres of contextual integrity, which might impinge on others from a perceived legitimate perspective.

Nissenbaum pushes our conceptualization of privacy beyond mere binary definitions; her view is that privacy online relates to ones ability to appropriate the flow of his/her information online, while her definition leaves room for sharing bits of your life online as that is merely an extension of a 'real world' relationship with friends and the like. Contextual integrity is framework and benchmark for privacy, one that considers several factors; the moral and political factors of sharing information that might threaten autonomy or freedom of the source, the system or practices that impinge on 'real world' values and norms, what is the prevailing context of the information flow, what are the transmission principles and who are the actors involved.

Her definitions, arguments for, and supporting evidence for these two concepts is quite sound, and is thoroughly examined in her other papers, A Contextual Approach to Privacy and Privacy and Contextual Integrity: Framework and Applications. However, when we incorporate her view on norms into the mix, we arrive at a worrying conclusion. Nissenbaum adopts the prescriptive interpretation of norms, which is essentially an objective stance on what people ought to do. I draw much contention to this as I believe that each individual contains a myriad of opinions, producing populations with massive variance in world views. Even with some of the worlds most durable democracies subscribing to this interpretation of norms, the subjective streak in humanity is ever still articulated in perpetuity. 

 If we understand that there might be several actors, each imbued with a separate objective viewpoint, thus entrenched with the concept of prescriptive norms, we might find that spheres of contextual integrity emerge at various levels, rather than with the uniformity Nissenbaum hopes to see.

On a prima facie basis, there might be three major spheres; government agents and institutions, corporate and commercial interests, societal and individual actors. Each group will perhaps internalize this notion of contextual integrity in privacy online, yet will enunciate their understanding in wildly different ways. 

Consider the USA based National Security Agency and their Prism program. Within their informational norms, transmission principals, and indeed their modus operandi, the widespread surveillance of citizens and foreign aliens is accepted and encouraged. Their sphere of contextual integrity gives them the self-professed legitimacy to do so. Being a government actor, and thus on the side of the legal system, they cannot be challenged by other spheres, without some cost in legal fees, time, and effort. 

Consider Apple Inc and their integrated finger print scanners in their mobile devices. Their sphere of contextual integrity allows them to capture the bio-metric data of their customers and then store that data on the device's processor. As a commercial interest, the primary motivation is profits and the question of whether or not the privacy of the end user is compromised or not does not appear to be the main consideration. Another example is ChoicePoint, a USA based company which was fined $15 million due to the non-consensual transfer of customer data to identity thieves. ChoicePoint is an information company aimed at providing marketers with valuable consumer data. However, prior to their legal slap they were happily operating within a sphere of contextual integrity that allowed for the conversion of private data into profits. 

Consider the individual, perhaps even yourself, who has been the victim of the HeartBleed bug. Our sphere of contextual integrity calls for notice and consent and an appropriation of our information flow, yet our sphere was penetrated by a malignant flaw in the technical code of the Internet. Our sphere of contextual integrity is not motivated by control of the masses (as is the case of the government), or the pursuit of profits (as in the case of commercial interests), but is propelled by a longing to own ourselves, and maintain autonomy and the right to be hidden. 

The brief examples sketched up should illustrate that there are several ways in which contextual integrity can manifest, which can either be divergent or convergent with other spheres.

While I appreciate Nissenbaums arguments and the color of her writing, I am upset by the notion that prescriptive norms might produce such disparity between various spheres of contextual integrity, ultimately producing winners and losers on the web. 

Privacy Online

Privacy has become a dirty word; it stands for a paradox, a poor joke, and an aspect of life that has undergone a significant paradigm shift since the impingement of the Internet on our lives.
 The paradox here is that we seem to volunteer up our personal data quite freely, imprinting our tiny slice of cyberspace with our thoughts, feelings, likes and dislikes, yet we maintain a proclivity towards conjuring up grand sentiments of anger and fear when our perceived rights to privacy online are violated.
 The poor joke is that we are constrained by the irrelevance of choice; the compounding losses associated with opting out of social media, media sharing platforms, and whatever other online niches we might be intrigued by.
 The significant shift alludes to the way in which the handling of our personal data has undergone a transformation from when we used to selectively divulge personal information at the behest of government agencies, or private corporations, to be stored in a physical medium, to the way in which we can now transform those bland forms and contracts into pieces of digital information, to be stored, copied, downloaded, uploaded, manipulated, and transferred, in an instant.

Privacy is messy, complex, and fluid; we can examine the individual's right to seclusion, or the right to decide when, how, and to whom, your personal information is communicated, or we could consider the legalistic slant, of defining privacy as a right with the individual at the crux of the data, enabled with the choice to volunteer access and control to others. Ought we to consider privacy as a moral obligation, or as a societal norm? Should we apply existing laws to protect privacy online or should we simply leave it in the hands of the end-user?
Regardless of which approach we choose to begin the process of conceptualizing privacy, we can agree on a few basic values of privacy.

I would argue that privacy is a 'democratic' good, similar to the way in which the ancient Romans held wine to be a 'democratic' good; that is to say that every individual, regardless of socio-economic status, origin and environment, ought to enjoy the same benefits and pitfalls of the good. Just as a lowly born pleb might find himself inebriated after his third amphora of wine, the noble patrician would too feel the pangs of a hangover post alcoholic revelry. All users online ought to be afforded the same level of privacy online; that is to say that they ought to be able to decide when to volunteer up personal information, be safe in the knowledge that that information will not be sold or revealed to unseen forces, be afforded security via the ability to change and update that information, and not have an altered Internet browsing experience because of that information's presence on the server.

I would also argue that privacy is linked to autonomy, so that each individual user should be able to upload personal information, choose a pool of people to share that information with, and then restrict all undesirable forces from viewing and colonizing that information. If we allowed others to manipulate the information we've volunteered, we lose our ability to operate as self-interested autonomous actors, thus stripping away what decades of development in liberal-democratic nations have hoped to achieve in terms of liberty and freedom of thought, speech and expression.

Privacy online ought to be viewed as an intimate relationship between the user and the user's chosen set of entities to view that information. Just as we are constrained from installing wiretaps on our neighbors phone lines, we must see the same type of decency afforded to individuals online; to exploit loopholes on social media sites, or be the victim of an uninformed sale of personal information to ad agencies, it would be beneficial to instead allow only the user him/herself to decide on when to press ahead with sharing information with the world at large.

Inherent Tensions on the Internet

When Mr. Bungle first initiated his despicable sexual violation of female avatars on LambdaMoo, little did he know that he would be the catalyst to discourse regarding the boundary between cyber life and real life; at the outset of his cyber rape was the creation of the @boot function (to kick lowlifes off of the server) and a voting system, centered around the implementation of what users specifically wanted to see on LambdaMoo.

The LambdaMoo cyber rape, the first 'rape' in cyber space, has become a hallmark of Internet and new media studies, as it was something wildly offensive and never-before-seen on the world wide web. A decade or so later, and cyber rape and cyber-bullying are now mainstream issues to be dealt with by students of Internet governance; with one of the most recent and tragic events being the suicide of Amanda Todd, compelled by relentless cyber-bullying.

What compels a human being to act in such an anti-social manner? The fault lies with both the tool and the user; the Internet affords us the ability to act as anonymous actors, and the latent, or repressed, fantasies of mankind are allowed space to breathe, develop, and experiment. Academic Martha C Nussbaum states that "the internet is a self-enclosed, self-nourishing world that is remarkably resistant to the reality outside." However, there is a spill-over effect; when media posted online has a real-world consequence (as seen in the suicide of Amanda Todd).

Levmore argues that the Internet is a far less regulated place than any other institution, and that whilst we can physically remove denigrating media in the real world, such items can be hosted online indefinitely. Levmore also argues for the reformation of section 230 of the United States Code, where such reformation would allow content hosts to take down any material deemed inappropriate. However, this then is in tension with the free speech argument of the Internet, that the Internet has been, and should always be, a forum for unfettered expression.

This leads us to the inherent tension on the Internet; the struggle between what it represents and what it allows. If we are to use the Internet as a forum for free speech, ought not all speech be permitted? Who is to judge what is permissible or not, and by what stick would they measure suitability? Who has jurisdiction to prosecute offenders and ought we to create more fora of non-anonymous communication?

The spillover effect of media posted online ( this can be real life details such as home addresses, phone numbers, education details) must not be left out of consideration when lawmakers get around to amending legislature, but the degree to which the offender is penalized might stir up a storm of debate on the very nature and purpose of the internet (as seen when the DMCA is debated).

Heartbleed

For 2 years Heartbleed, aka CVE-2014-0160, has been affecting the way websites protect information, allowing access to secret, or proprietary data (such as login and credit card information, as well as metadata). When news of its existence hit the mainstream consciousness, a mad scramble toward understanding and subverting the bug was underway, with mass media coverage, online bug-check tools, and an attempt to patch up the exploit.

But what is Heartbleed and what does it attack? How does a coding error allow access to personal information and even enable to NSA to do their work with even more devious ease?

It is important to understand that Heartbleed is not a malicious line of code, floating around the Internet; it is an exploit made possible by coding errors in the OpenSSL design. OpenSSL is a protocol that allows for the basic cryptographic functions of the transport layer security (TLS) protocol. Basically, it allows the transport layer of the Internet, the code that allows us to connect to websites, servers, each other over VOIP applications, chat to one another, even write and post blogs, to function.
Coders are currently working to produce version 1.02 of the OpenSSL protocol that cleans up the issue, but as of now, the bug allows for hackers to send a 'heartbeat', a small packet of data, that prompts the recipient computer to respond with a line of data. This line of data could be any type of personal information, and thus the Heartbleed bug became a silent backdoor exploit for nefarious hackers and surveillance agencies.

While most users will be unable to do anything about the bug, the only afforded safeguard is to change all passwords and check back with your most frequented websites for news of a fix. The real uphill battle is for website owners, who must now wait on a fix in the OpenSSL protocol.

Free Wifi: A New-Age Human Right?

Introduction
In a post-modern, hyper-connected and increasingly globalized world, will access to the Internet become a human right? That is to say, will the governments of the world recognize the provision of Internet access to be on par with, for instance, access to education, clean water, electricity, healthcare, housing, food, and shelter? Perhaps the notion of "free wifi for all" has all the trappings of a Utopian work of fiction, but the consideration of this question might prove to be an interesting thought experiment. We shall briefly explore the concept of free Internet access for all in this blog post.

Niue
Located north-east of New Zealand, is the tiny island nation of Niue. Populated by only 1300 people and known for its unique indigenous red banana crop, its government passed legislation in 2003 that provided free Internet services to all citizens. It refers to itself as the first "Wifi nation", where citizens need not sign up with a service provider, all they need to do is logon to the islands wifi network. This allows citizens to be perpetually connected, even when on the seas!

However, this rather rosy picture is somewhat marred, as further research shows that the maintenance cost of keeping the system running is shouldered by the citizens themselves (either in their tax stipulations or by personally paying for upkeep). It is interesting to note that the island nation is currently embroiled in a dispute over the .nu domain, claiming that it belongs to them and not the corporation that has appropriate it.

iTaiwan
Taiwan has done a better job than Niue has, and being richer and more technologically savvy doesn't hurt! The iTaiwan system allows citizens and tourists the ability to surf the net for free, from a variety of wifi hotspots located around the city. To get on the network, users must register using their local cellular phone number, login details are texted to the user, and then access is granted. Launched in 2011, the service offers a 1MB connection  to all users, sans a pricetag!

The Outernet
The Outernet is an ambitious startup aiming to use small short wave satellites, known as 'cubesats', to beam the Internet to people around the world, for free. The system would bypass the censorship imposed by state governments, and provide unfettered access to the Internet without discrimination. If anything, this is the most utopia-worthy startup I've ever heard off, and a quick google search reveals that this system might come into use by mid-2015. Government reaction to this uncensorable internet though, might be decidedly anti-Outernet, however this remains to be seen.

Internet Rights
The UN Universal Declaration of Human Rights is a resolution of 30 operative clauses that seek to define the inalienable and inviolable rights afforded to all humans sans discrimination and disparity. Even though nations have refused to ratify this resolution, such as Saudi Arabia (citing reasons of inconsistency with Sharia law), the declaration has gone on to become one of the most memorable and instantly recognizable successes of the UN. What would happen if, for instance, Taiwan sought to amend to document with operative clause #31, making the right of unfettered access to the Internet a basic human right?

When considering this notion, we must weigh the cost incurred by each government in the provision of sufficient physical and digital infrastructure, against the benefit of access granted to each citizen. Debate would be polarized in several dimensions; the question of local or UN jurisdiction in enforcing access to all, the question of UN or regional privacy and decency laws, the issue of incompatibility with regional customary or religious law, and also a somewhat distracting philosophical debate on the nature of access to information as an inviolable and inalienable right.

If, by some miraculous sense of foresight, the UN were to incorporate this as a human right, what would our world look like? Would we see a global shift toward political and societal liberalization, the adoption of western norms in conservative societies perhaps? Or will the digital divide be only more pronounced, as millions of new users are unable to assimilate the technology with haste?
As I mention in the introduction, this is a valuable thought experiment for any student of Internet Governance, yet may be beyond the scope of the discipline alone in answering.  

Privacy Laws on the Internet: Differences Across the Pond

Intro
When it comes to regulating the Internet, it stands to reason that the maxim, "one size does not fit all", ought to apply; the existence of conflict, socio-economic resistance to adoption, and disparity in Internet usage should convey the need for various Internet laws, enforced in distinct and separate jurisdictions. Up to now, working models of Internet governance have embraced the existence of these separate and independent legal systems working simultaneously, yet these systems have remained unchanged since the NSA-spying revelations of 2013.
The fallout of the NSA revelations was clear on the European side, with the German chancellor calling for stricter EU online privacy laws and the EU parliament passing resolutions calling for inquiries into the extent of US digital spying. However, the US response to these near-damning revelations was tepid at best, with the efforts of Congress culminating in a series of purely symbolic and superficial hearings, where NSA officials glossed over certain salient details of the NSA programs, even hinting at the possibility of spying on members of Congress.
Clearly, there is great disparity in terms of how the US and EU prioritize privacy online, and whilst no government will ever be anti-surveillance, the degree to which the public is protected from surveillance is disparate between the two entities.

Disparate Laws
The major difference between EU and US privacy policy revolves around the drafting and implementation of a cohesive and wide-scoped privacy policy.

The EU has two such privacy policies in place, the first is the EU Data Protection Directive (DPD), which defines the guidelines to be followed in the event of digital surveillance being necessary (a great article details the specifications of this policy out), and the second is the E-Privacy Directive (EPD), which compels private companies to seek consent in the use of cookies, customer information, and internet usuage monitoring. The DPD establishes principals and procedures to be followed by the surveillance team when honing in on a subject. It provides a sense of security to the user, as he/she must be informed of the surveillance, and must be assured of some compelling reason as to justify to initiation of the surveillance. The EPD establishes and clarifies the type of information to be surveilled, how the surveillance is carried out, and what happens to the data post-surveillance. Together, these laws place the safety and security of the personal data of the end user against the covert abuse of surveillance technology by government authorities and private corporate interests. Given that the EU is currently working on refining these laws, by imposing fines and fees on errant governmental and corporate institutions, we can only expect more stringent safeguards and constraints on those who survey.

The US does have privacy laws, but they approach the topic from the top down; that is to say that they draft the laws from the perspective of institutions, not end users. As a result, the privacy laws at a Federal level are constrained to only specific sectors of the political community, and at the State level, there is a variance of law from state-to-state. The Fair and Accurate Credit Transfer Act, for example, deals with the protection of citizens from identity theft, either online or in real life. However, this law does not explicitly address online identity theft, and instead delegates the responsibility of dealing with any, and all, identity theft to newly created regulatory and banking institutions. The Digital Millenium Copyright Act, is another example of how a Federal law approaches the protection of online rights from a top-down perspective, in this case looking out for the rights of corporate interests over those of the end user.

Conclusion
Given the Europe's historial experience with facist and totalitarian states, it is clear that the championing of privacy laws and civil liberty as an ethos, have proven well in the EU legal tradition; it is easier to provide addenda and amendments to already wide-reaching privacy laws to empower the end user instead of the service provider and government agency. This attitude is lacking in US socio-legal culture, vying instead for the protection and safeguarding of interests from a top-down perspective.

Democratic Decentralization and the Internet

Participatory democracy embodies the notion that an individual can go beyond the purely symbolic act of voting to have a degree of autonomy in decision-making and the ability colonize, and put to use, government resources. We might liken this concept to the ways in which online communities self regulate; the acts of governing their cyberspace are conceived and implemented by users, either high-level senior members or administrators. The instruments of governance are held by the people, a rather vox populi imbued paradigm.

In political science, we learn that one of the enabling conditions, or pre-requisites, of participatory democracy is the process of democratic decentralization; an increase in the scope and depth of subordinate group participation in authoritative resource allocation (to paraphrase Patrick Heller in his 2001 paper, Moving the State: The Politics of Democratic Decentralization in Kerala, South Africa, and Porto Alegre) What this implies is that the state does not recess, but delegates a wider sphere of powers to the lowest echelons of the political community, imbuing them with the resources required to improve their lives. The state retains oversight and an advisory role, acting as enablers of the entire process, rather than active participants in the entire scheme. We see this sort of governance in the Panchayati Raj Institutions of India, which essentially creates venues of village governance with state resources at the disposal of the villagers, and the Orçamento Participativo (Participatory Budgeting Forum) of Porto Alegre.

What would our understanding of democratic decentralization mean when we consider Internet governance? How might these two fields intersect? Whilst I briefly examine these questions, it might be better left to a PHD candidate to thoroughly examine this topic (hopefully I might be able to assume such a role in the coming years!) and it does go well beyond the scope of this blog post to both clarify and list out all the assumptions, critiques, and evidence of success here. I will instead, attempt to provide a vision of what the Internet might look like if democratically decentralized.

With the recent US Federal Court decision to strike down some of the FCC's open Internet rules, we see that Internet service providers, such as Verizon, are now able to capitalize on user trends and open up new revenue streams on the Internet by bundling up access to certain sites in a cable-tv-esque system. This signals a recession of the state, but not in a way that is consistent with the ideals of democratic decentralization. To be consistent, the US Federal Court would have to place the interests of end-users above those of commercial private interests; ISPs included. The role of the ISP would be clarified as one which provides a service as a public good, instead of a luxury good., where it is alright to reap a profit off the provision of services, but the generation of profits is not placed as the first goal of the organization. The idea of net neutrality would place end-users above private commercial interests and enable equal access to all netizens.

Participatory democracy institutions that operate under a democratically decentralized state apparatus form a part of an empowered population, able to voice societal demands for development, and most importantly, able to receive the improvements they decide are most important. If this was the case, the US Congress would pay keen attention to the general consensus regarding the preservation of Network Neutrality, and we would not have seen a Federal Court of Appeal strike down the previous FCC rules. Ideas of what the Internet should look like, or how it should operate, ought to be decided upon by those who hold the end-user interest at heart, rather than the commercialization of the Internet. 

 If democratically decentralized, states would no longer be able to impose censorship over content and expression on the internet, making it a truly "free" space. However, the state would still be able to engage in surveillance and the prosecution of criminals (pirates, pedophiles and the like), as they will assume the role of an enabler of a safe and clean public space. This dispels the naysayers notion of democratic decentralization leading to a truly anarchic and "moral-free" operationalization of the Internet. Just as the way in which the Indian government provides oversight over its PRI, the various governments of the world would actively engage in policing the code of the Internet for worms, trojans, and other maligned pieces of software that regularly wreak havoc on the end-user. Pause for a moment and envision a world in which the NSA, instead of spying on hundreds of thousands of people, put its computing power to cleaning up the Internet; we would possibly be able to operate on quite a different, and definitely safer, Internet wavelength. 

To conclude, the notion of democratic decentralization on the Internet seems almost utopian at this point; the current trajectory of government involvement on the Internet is tending towards the glorification of private commercial interests at the expense of the interests of the end-user. What might be a premature concept right now, I'm sure that as I progress in my independent study, I will be able to conceive of ways in which we might promote this idea of a nexus between political science and Internet governance, in a way that might produce incentives to states in placing more importance on netizens rather than ISPs.

Shaping Internet Governance: Tensions Between "Real" and "Cyber" Laws.

Introduction

Our current idea of Internet Governance has been shaped over some 40 years by a variety of public and private stakeholders, who have been involved in the creation of the network we call the Internet, the development of high-tech hardware and software, and the maintenance of the entire system. From the creation of the Defense Advanced Research Project Agency Network (DARPA Net) in the 1970s, to the Internet as we know it today in the Web 2.0 era, the Internet has been developed and managed sans central government and "grand" design; whilst DARPA Net was financed by the US government, its potential was realized by a variety of private individuals who were imbued with the understanding of coding, thus enabling them to create new content, protocols, and the features that we use today.


 The World Summit on the Information Society defined Internet Governance as "...the development and application by governments, the private sector, and civil society, in their respective roles, of share principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the internet." (here is the link to the document, the quote is on page 5) Whilst this definition provides us with a basic framework to understand the involvement of multiple actors, it does not communicate the decidedly anti-sovereign nature of the Internet; the Internet is unlike traditional models of governing structures, it is without a hierarchy, initially places all users on an equal footing (differentiated only by an individuals technical ability), has no physical boundary, and is almost perpetual due to its distributed nature (access to particular data could be blocked, but there will always exist another "pipeline" by which users could access that data)

I posit that Internet Governance is a perspective-dependent idea. From the point of view of the traditional, physical, government, the Internet is an entity to be regulated in the light of public safety, national security, and the promotion of those matters which are considered beneficial to society and the suppression of those activities considered expedient to society. From the point of view of civil society organizations and possibly most private interests, the Internet is a public space, imbuing the individual with significant cyber-power, enabling a positive development in matters of socio-economic interest and of political importance in terms of the articulation of dissent or dissatisfaction. However, my definitions here might be easily challenges; I could be accused of leaving out many considerations myself, which only proves that the concept is indeed perspective-dependent. Note that I have not explicitly incorporated those rights assumed by hackers and hacktivists;  It is not that I view them as illegitimate actors (whereas, in the eyes of traditional government, they are indeed illegitimate wielders of cyber-power), but I consider them to be private interests, as they are naught but individuals who know more than the average user, and can manipulate the fabric of the internet to suit their preferences.

Given the perspective-dependent nature of the Internet, it is of vital importance that we clarify the methods by which we approach regulation, governing and the enforcement of laws. It is in this particular area that we find tensions arising between what Jovan Kurbalija calls the "old-real" and the "new-cyber"; the potentially troubling interaction between our traditional legal tools (used to regulate and constrain a society in the real world) and the issues arising from jurisdiction and the enforcement of these rules online, where this new invisible entity might possibly demand new forms of law, "cyber-law".
In this post I will describe some of these challenges, specifically discussing the issues of jurisdiction, enforcement, and we shall investigate the potential harmonious interaction between the two in producing a hybrid-law, where traditional legal practices could be translated into cyber law.

The "Old-Real" Paradigm

From the purview of the United States,  the sole legislative power is reserved by Congress and the sole judicial power and final law of the land is reserved by the Federal Supreme Court. The Senate and House of Representatives may draft bills for the President to sign into law (unless of course, the President exercises his veto power, in which case the Congress may bypass this with special consideration) and the Supreme Court applies to laws. Even though the US government financed the creation of the DARPA Net, it was slow to realize to potential of the Internet as a public space and thus did not pass any significant legislature regulating the Internet in that primordial era, however it has come to draft bills that seem to offend the sensibilities of netizens everywhere, displaying a significant detachment of Congress from the perception of the Internet as a public space, and public good. Instead, Congress chose to perceive the Internet as a decentralized system in need of a hierarchical power structure, with the Congress assuming the sole legislative duty, Congress also chose to ignore the importance of private interests in shaping and developing the Internet. The Protect IP Act (PIPA) and Stop Online Piracy Act (SOPA) aimed to construe the Internet as merely another area under the jurisdiction of the Congress, viewing all users as potential threats to the economic and societal safety of lesser enabled users. Both Acts placed the interests of corporate entities above those public interests, and needless to say, saw the contention of many private groups online.

The backlash of these two acts, and subsequent tabling of the Acts, displays the disconnect between old-real legislative apparatus and the reality of the Internet, as a widely decentralized, non-hierarchical, almost pseudo-anarchic, public space. The reason for this is the application of traditional legal tools and traditional conceptualization of public spaces, to the regulation of online activities. The old-real paradigm is thus, the treatment of the Internet as merely another form of telecommunications technology, and the consequent application of existing laws or the drafting of laws using existing laws as its basis, for the regulation, that is, the control, monitoring, maintenance, and enforcement of real world norms and standards, to the Internet.

This old-real approach has several flaws inherently accrued by dint of perceiving the internet as "just another" technology. Provided below are a list of just a few of the issues that crop up when considering the adoption of this approach to the governance of the Internet.

• It disregards the notion of anonymity online (which might provide safe-habor to those who seek to engage in identity tourism, criminal activities, acts of dissent, and other online activities that might require a person to hide their true real-world identity)
• It disregards the notion of the Internet as a public space (which can act as a forum for a wide range of activities, including those acts which might be detrimental to government yet conducive and compatible with the freedom of speech and expression).
• It erroneously assumes that all online actors are willing to submit to the will of a central legislative body, even if some actors may not be citizens of the country in which online legislature originates. 
• It erroneously assumes that the legislators of one country might be able to extend their jurisdiction onto the Internet (which, even though has specific country domain names, isn't wholly conceived of being centralized around one particular nation-state.)
• It imposes the idea that online acts can be punishable in the real world (whilst this might have a prima facie right, when we consider the activities of pedophiles online who break local laws when engaging in deviant behavior online, it brings up the issue of jurisdiction again, where breaking the law of nation X, yet being present in nation Y, begs the question of who gets to police the boundary between local and international law.)
• It imposes local social norms and standards on a system which has its own unique norms and standards (the Internet produces its own lingo, code of conduct, and standards through user-based consensus, and each online micro-community is governed by its own bylaws, unanswerable to the real laws of its local state)

From all of these issues, the most important might very well be the issue of jurisdiction. This deals with, which court ought to have the right to enforce laws, which legislation ought to have the right to draft laws regulating behavior, who has to right to judge those deemed in violation of these laws, how are these laws enforced from the country of origin and the online community. Whilst we can assume a harmonization of national and online law, from the SOPA and PIPA example we can see that this assumption may often go awry rather than as planned. When seeking to place the interests of government and corporations above those of the end-user (those who make up the bulk of Internet traffic), the end-users, and some content providers, would rebel and rise up against what is perceived as an attack against free speech, free expression, and the general decentralized and non-hierarchical structure-less entity we call the Internet. 

However, the old-real paradigm does produce beneficial and excellent modes of seeking recompense online. In its role as a model for arbitration between domain name disputes, the Universal Domain Name Dispute Resolution Policy (UDRP), which was developed by the World Intellectual Property Organization (WIPO), has provided a refreshing take on the application of an old-real tool to the Internet. It is able to arbitrate domain name disputes sans a court, a judge and a jury, opting instead to use the basic tenants of contract law to provide plaintiffs and defendants with substantive rules of online behavior. 

Other applications of the old-real paradigm extend to the realm of copyright and intellectual property right laws where, again thanks to the US Congress, the Digital Millennium Copyright Act has placed content author rights above those of content hosts and distributors. Whilst it is beyond the scope of this blog post to go into the complex dimensions of online copyright and intellectual property rights, it is important to note that our current Internet paradigm sees the percolation of this old-real law in many forms. 

The "New-Cyber" Paradigm

There is a paradoxical quality to discourse regarding the new-cyber paradigm. Whilst we shy away from the idea of incorporating 'old' modes of articulating regulation, the process by which cyber modes of regulation are pronounced are conceived of by using methods from traditional governance. Wikipedia is a curated platform that relies on the constant input and refinement of content by a group of moderators, thus the best content on Wikipedia is that content which is most refined and agreed upon by consensus of the moderators. This is not a unique form of governance, in fact arguments could be made that equate this type of consensus-based curation to the way in which the Constitution of the United States was drafted! Of course, we will have to throw in the notions of ratification and the issue of requirements of only 9 of 13 states for ratification, but these are distracting debates; the fact of the matter remains that the new-cyber paradigm is influenced heavily by those age old ideas of mob-rule, true democracy of ruling from the bottom, which is in fact participatory democracy, and of pseudo-anarchy where no one person aggrandizes him/herself at the expense of others. 

This being said, it might be hard to find a way in which cyber-law can be distinct and wholly separate from traditional, old-real law then. For all cyber-laws must be grounded in that same legal language (perhaps less technical in terminology) yet still as specific and enforceable as real laws are. This too conjures up the issue of jurisdiction, which is, if a self-governing group imposes its own laws, and if it is the group that polices itself, who will defend, prosecute and pass sentence? Where will these laws be implemented? In which jurisdiction were the rules drafted in the first place? 

Cyber-law may then be the most complex legal challenge of contemporary society; the reconciliation of all the issues that apply to an application of the old-real approach will apply to the implementation and conceptualization of these new-cyber legal instruments. What might cyber-law look like and who will it affect? What scope and limitations might it impose on itself and to what degree will it be enforceable? Throughout my independent study, I hope to address these questions, and will post my findings throughout the span on 10 weeks.

So what then, is the benefit of utilizing a new-cyber approach, given that it might be constrained by what limits the old-real approach? The new-cyber approach is all about perception, understanding, and feedback. This approach will take into account the multi-stakeholder interests, given particular credence to those private interests that have played a role in shaping what we see and call the Internet, also given importance to the interests of end-users who make up the bulk of Internet traffic. Understanding refers to the way in which it provides legislators with a window into the cultural norms and standards of particular online communities. Feedback refers to the feedback-loop, that mechanism which incorporates and champions the notion of bottom-up participation in the drafting of laws that would regulate the Internet; legislative powers thus delegated to those affected by legislature. This is what gives the new-cyber paradigm a distinct advantage over the old-real paradigm; it seeks to go along the grain of the Internet, rather than go against it. It incorporates the thoughts, feelings and desires of the netizen community, rather than legislate "from the outside", it is a wholly participative idea that incorporates the various interests, be them private, corporate, governmental, without particular aggrandizement on the part of any of those three sectors. It is thus, equality for all online actors, sans preference to the voice of one actor in particular.

The new-cyber approach also allows for a greater understanding of how topics, usually conceptualized using the old-real approach, actually work online. The notions of privacy online, piracy, and criminal acts online must be studied with closer care paid to the specific, and unique, modes of articulation that have been afforded to online actors via the Internet. The act of pirating a dvd in the real world is merely copying the data, burning the data onto another dvd, and selling it, whereas piracy of this data online stops at the ripping of data. This might be an obvious inference, but one wonders on whether or not those legislators on the Hill really understand these differences. Privacy online seems to be a fluid issue, with the rise of the NSA's Prism program, privacy in all matters wired and wireless seem to be up to the algorithms and desk-jockeys in some underground facility in Maryland. I call it fluid because, the commonly held notion of privacy online might be grossly different to the reality of the situation, whereas those who believe they aren't in the eyes of their government, might in fact be under the watchful eye of big brother. To combat this, tools such as the TOR browser and new protocols, what TOR uses, vidalia routing, have emerged. This has shades of the age old tale of the hydra; cut off one head and several sprout in its place. If the old-real paradigm constrains online activity, someone somewhere will figure a way around the constraint, much to the chagrin of the authorities, and to the resounding applause of netizens everywhere.

The new-cyber approach may hold the value of network neutrality closer to heart than the old-real approach might, as the old-real paradigm is more in tune with real-world economic concerns. Those supporters of net neutrality might not see the possibility for increased profitability if a second internet "pipeline" is created, whereas those internet service providers are only too keen to implement this "cable-tv esque" system. However, it represents yet another mismatch between the old-real and new-cyber approaches; the new-cyber approach is decidedly against the over-commercialization of the internet due to very valid reasons stemming from the freedom of speech, equal access, and freedom of association and expression. The economic argument against net neutrality is hailed as a wholly evil and typically American-capitalist expression of greed, rather than a way to provide end-users with a "better" internet. 

 Separate But Equal

We can see that there is a great deal of contention between the two approaches, and that the divide between the old-real and new-cyber approaches are pronounced by various subtle considerations that must be made when reconciling both approaches. The open ended question then is, can there be a realm of agreement, a common ground? And sadly, the answer is as open ended, as it only remains to be seen if the powers that be, both legitimate and informal, can interact in a harmonious way that promotes good behavior and norms on the Internet. For now it seems as if both approaches are kept separate from each other, yet equal in weight and scope; we cannot escape the legitimacy of the old-real paradigm and we cannot discount the ability and vocal nature of all proponents of the new-cyber approach.

It is somewhat comforting to note that the netizens, academics, and proponents of free speech everywhere have their eye on this unfolding topic, and like myself, are quite keen to see the reconciliation of the old-real and new-cyber paradigms.