The Harvard Law Review just published Jonathan Zittrain’s “The Generative Internet,” 119 Harv. L. Rev. 1974 (2006). Given the standing of Zittrain (or, as everyone at the Berkman Center calls him, “JZ”) in the internet law community and the scope of his article, it immediately becomes a must-read.
There is much more to say about this piece than can fit into one blog post, but I will briefly summarize his two key points and then offer two responses of my own.
The article’s two core points:
1. The most important value of the internet is its “generativity.” The article defines this concept at some length, but it boils down more or less to a dynamic combination of utility, adaptability, ease of mastery, and accessibility. The fact that anyone can develop code to perform unanticipated functions and distribute it to the rest of the world with ease is the essence of generativity.
2. Regulators and consumers, responding to worms and similar security threats, are likely to insist on a more locked-down internet that will lose much of its generativity. Given the open texture of the internet, at some point there will be a disastrous worm or similar attack that causes serious damage. At different parts of the article JZ seems to express different levels of certainty about this prediction, but at several points he calls such a shift “inevitable.”
Obviously, these two points combine to yield a prescriptive conclusion. In order to avoid a coming lockdown that will cripple generativity, we should embrace smaller changes now that enhance security with less damage to generativity. Among the possible alternatives entertained briefly at the end of the article:
- a “dual machine” solution where PC owners could switch between a “safe” mode and a highly generative mode, like SUV drivers shifting to all-wheel drive for off-roading;
- easier authenticated identification of internet users;
- various models of rating and labeling code as malware (not unlike Berkman’s Stop Badware project);
- greater virus screening by ISPs and other instrumentalities in the middle of the network rather than at the ends.
Now, two responses from me.
1. Is generativity really the prime value? JZ is definitely asking the right question, building on Lawrence Lessig’s work: what is the fundamental underlying value to be protected in the design of the internet? He notes, I think rightly, that some common answers to this question, like “end-to-end architecture,” are still just particular design structures, and no more than proxies for the underlying value they are meant to advance. That is, end-to-end is a means not an end. (I might add that network neutrality is a similar proxy for underlying values.) But does JZ have the right answer as well as the right question? Perhaps, but I am not fully persuaded, and this article does not consider alternatives. Here’s one possible alternative: maybe the most important value of the internet is the widespread ability to engage in one-to-many communication. To complicate it further, maybe the prime value is the capacity to do so anonymously. It is easy to imagine design choices that would promote generativity at the expense of these communicative virtues, and vice versa.
2. Is the coming lockdown really, as the article says several times, “inevitable?” There is an inherent tension in JZ’s argument. The generativity thesis hinges on the notion that technology is very unpredictable. That is precisely why preserving generativity has value — it allows development to move off in unexpected directions. How, then, can we be so sure that the march to lockdown will progress as JZ anticipates? There are two empirical predictions here: that one or more extremely destructive worms will sweep through the internet, and that this will trigger a legal and market over-reaction. Maybe, maybe not. Slowly but surely, today’s generative internet is already developing the sorts of protection mechanisms that he advocates. These might reduce security risks to an acceptable level. And even if a disaster strikes nonetheless, the public response may be less extreme than JZ fears. I agree that we should take internet security more seriously — a pretty uncontroversial statement. To the extent that this article prescribes something more dramatic, rather than an incremental response (and it’s not clear in the end that it does), it may itself be an over-reaction.