Law and Information

With usual delay I just read Paul Caron’s nice essay The Long Tail of Legal Scholarship that was recently posted on SSRN. Caron contrasts the findings of Tom Smith’s ongoing research project on citations of scholarly works in law review articles with his own analysis of SSRN downloads.

Smith’s citation analysis characterizes legal scholarship, in contrast to what long tail theory would suggest, as a hit-driven market (the top 0.5% of articles get 18% of all citations, the top 17% get 79% of all citations, and 40% of articles get never cited at all.)

Caron, in contrast, argues that the picture changes if one looks at consumption rather than the end use of legal scholarship. Using download counts from SSRN as an alternative measure, Caron demonstrates that the tail is getting much longer and is consistent with the long tail thesis: “… 97% of authors have had at least one download in the past year and 100% have had at least one download at some time.”

See also this post and chart.

The Rueschlikon Conference on Information Policy, chaired by Professor Viktor Mayer-Schoenberger, just released its latest conference report on Innovative Entrepreneurship and Public Policy. The report, authored by Kenneth Cukier, includes recommendations for what public policy can do to encourage innovation and entrepreneurship. The executive summary suggests five recommendations.

• Entrepreneur: The Individual – Innovation starts with a “random walk” in “design space,” where ideas can be incubated and challenged. Investing in education is crucial, as is softening the consequences of failure.

• Social Networks: The Group – The relationships among people, firms and nations help determine the degree of diversity they are exposed to, which influences inventiveness. Supporting the interactions across groups is essential.

• Organizing R&D: Universities and Firms – A networked-model based on connections, collaboration, flat hierarchies, modularity and constant “re-writing” is required. This enables groups to respond successfully to discontinuities.

• Creating Clusters: Geographic Areas – Places where finance, technical talent, legal, accounting and marketing support intermingle aids the innovation process. Yet it should ideally be technology-neutral, and not reliant on one technical domain.

• Public Policy: The Role of Government (Municipal, Regional, National) – Reengineering society for a networked economy requires resources, patience and ceding control International cooperation with new stakeholders is imperative.

The full report with the title Hero with a Thousand Faces is available online.

This morning, I had the pleasure and honour to speak - “as the European voice” - at the FTC hearing on “Protecting Consumers in the Next Tech-ade” (check out the official weblog for more information and summaries of the discussion.) I was asked to report about the legal and regulatory discussions on DRM in Europe and to focus on DRM interoperability in particular. The latter question is also part of an ongoing research collaboration between the Berkman Center at Harvard Law School and our St. Gallen Research Center for Information Law. The research project is aimed at exploring the interaction between interoperability and e-innovation, an important aspect that was only briefly mentioned at today’s hearing.
Here is the longer and slightly modified (links added) written version of my statement. For a more detailed discussion, check out the excellent paper “DRM Interoperability and Intellectual Property Policy in Europe” by Mikko Valimaki and Ville Oksanen.

Over the past few years, much of the legal/regulatory debate in Europe about DRM has focused on the legal protection of technological protection measures and its ramifications for the digital ecosystem, because EU member states have faced the challenge to transpose the rather vague EU Copyright Directive into their national laws and comply with the relevant anti-circumvention provisions of the WIPO Internet Treaties.

Introducing and harmonizing anti-circumvention laws across Europe has been a long and an enormously controversial process. As far as DRM is concerned, three topics in particular have caused heated controversies:

• DRM and its legal protection vis-à-vis traditional limitations on copyright such as the “right” (or privilege) to make copies for private purpose;
• DRM and “fair compensation”;
• DRM and interoperability.

Given our panel’s topic, please let me address the interoperability issue in some greater detail - a topic that has gained much attention in the context of iTunes’ penetration of the European market, esp. in France.

At the European level, though, no coherent DRM interoperability framework exists, although DRM interoperability has been identified as an emerging issue by the European Commission, which has established - among other things - a multi-stakeholder High Level Group on DRM that has also addressed DRM interoperability issues.

The lack of specific and EU-wide DRM interoperability provisions leaves us with three areas of law that address this issue more generally, both at the EU level as well as the level of EU member states. The areas are: copyright law, competition law, and consumer protection law.

Copyright Law

The EU Copyright Directive, mandating the legal protection of DRM systems, does not set forth rules on DRM interoperability. Recital 54 only mentions that DRM interoperability is something member states should encourage, but does not provide further guidance and seems to trust in the market forces. However, one might argue that the anti-circumvention framework itself allows the design of interoperable systems - e.g. a music player able to play songs encoded in different DRM standards - by outlawing only trafficking in such circumvention devices that are (inter alia) primarily designed and marketed for circumvention of effective TPM. Along these lines, at least one Italian Court has ruled - in one of the Bolzano rulings - that the use of modified chips aimed at restoring the full functionality of a Sony PlayStation (incl. its ability to read all discs from all markets despite region coding) is not illegal under the EUCD’s anti-circumvention provisions.

At the EU member state level, France has taken a much more proactive approach to DRM interoperability. A draft of the revised copyright law (implementing the EUCD) introduced an obligation of DRM providers to disclose interoperability information upon requests without being compensated. This “lex iTunes” has triggered strong reactions by the entertainment industry, and the final version of the law softened up the original proposal. Current French law states that a regulatory authority mediates interoperability requests on a case-by-case basis. Under this regime, too, DRM providers can be forced (under certain conditions) to disclose interoperability information on non-discriminatory terms, but they now have the right to reasonable compensation in return.

Competition Law

The baseline is: Competition law in Europe may become relevant in cases where a company with a dominant market position refuses to license its DRM standard to its competitors. However, to date, there exists no case law at the EU level where competition law has been applied to the DRM interoperability problem. But there are important cases (IMS Health and Magill, but also the anti-trust actions against Microsoft) illustrating how competition law — at least in exceptional circumstances — can give the need for interoperability more weight than the IP claims by dominant players. In France, Virgin Media tried to use competition law as an instrument to enforce access to iTunes FairPlay system. The French competition authority, however, has ruled in favour of iTunes, partly because it considered the market for probable music players to be sufficiently competitive (click here for more details).

Consumer Protection

From a consumer protection law perspective, three issues seem particularly noteworthy. First, the Norwegian Consumer Ombudsman has been very critical about Apple’s iTMS interoperability policy in response to a complaint by the consumer council. The Ombudsman argues that iTMS is using DRM and corresponding terms of services to lock its consumers into Apple’s proprietary systems.

Second, a French court fined EMI Music France for selling CDs with DRM protection schemes that would not play on car radios and computers (check here and here). EMI violated consumer protection law because it did not appropriately inform consumers about these restrictions. The court obliged EMI to label its CDs with the text: “Attention - cannot be listened on all players or car radios”.

Third, a recent proposal by the European Consumers’ Organisation proposes to include DRM in the unfair contract directive. The idea behind it is that consumer protection authorities should also be able to intervene against unfair consumer contract terms if the terms are “code-” rather than “law-based”.

Earlier today, I attended a conference organized by Oliver Arter and Florian S. Joerg on Internet and e-Commerce Law in Zurich. I was invited to speak about e-Compliance in general and the implications of e-Business on compliance and corporate organization in particular. E-Compliance can be understood as a set of institutional arrangements and processes aimed at managing the legal and regulatory risks resulting from the transition from an offline/analog to an online/digital corporate information environment. My colleague Daniel Haeusermann and I have come up with the following theses – intended as discussion points and “food for thought.”

The main thesis is that e-Compliance, in important regards, is qualitatively distinct from traditional compliance. We argue that four trends support this key thesis.

Law and digital technology are closely intertwined. The compliance-relevant interactions are hereby bi-directional. Digital technology leads to legal problems that have not emerged in the paper world. Consider, for example, the use of email in a corporation as a partial replacement of oral communications and the set of legal problems associated with email usage and storage (ranging from data privacy/monitoring issues to e-Discovery exposure.) However, digital technology can also help to ensure a company’s compliance with the law. Software that can be used to enforce a “litigation hold” might be a good example in this context. At the organizational level, the suggested interplay between law and technology calls for a close collaboration between lawyers and IT-staff.

E-Compliance is risk management in a quicksilver environment and under conditions of legal uncertainty. The speed of ICT innovation has put the legal system under enormous pressure. The legal system’s answer, essentially, is either the application of existing rules (“old law”) to the new phenomena, or legal innovation (e.g. by formulating new rules or introducing new doctrines.) Typically, both processes create uncertainty, because the legal system is forced to synchronize its relatively slow adaptation processes with the speed of technological change. A nice illustration of the increased pace of change in law that creates uncertainty are legal regimes that govern online intermediaries such as access providers, search engines, and hosting providers. Up to the year 2000 legislators around the world have enacted laws (such as the CDA or the E-Commerce Directive) to limit the liability of online intermediaries, or to “immunize” them entirely. Only few years later we now face a global trend towards stronger regulation of online intermediaries, including a reconsideration of the respective liability regimes. From an organizational perspective, this increased speed of change requires that companies in the IT-business (this includes, e.g., banks) establish “early warning systems” – for example in collaboration with academic partners – aimed at tracking trends and developments at the intersection of law, ICT, and markets.

Digitization in tandem with the emergence of electronic communication networks has internationalized (old and new) legal problems in an unprecedented way. The first driver of internationalization of e-Compliance is straightforward: it’s the global medium “Internet” itself. The second source is related to the first one, but less obvious: In our view, the digitally networked environment creates a notion of proximity that leads to an increased relevance of foreign national law for corporations being incorporated and/or operating in another jurisdiction. Good examples are cross-border e-Discoveries, where U.S. plaintiffs seek to use American procedure and evidence laws to access information stored in different jurisdictions, e.g. in Europe, usually without following the procedures set forth in respective international treaties such as the Hague Convention on Evidence. It follows from this trend that it is a necessity for successful e-Compliance to apply a global perspective. In the case of multinational enterprises this requires, for instance, that the legal and compliance departments of the entities located in different countries collaborate closely on e-Compliance issues.

The rapid evolution of digital technologies on the one hand and the increased legal uncertainty with regard to the interpretation of old and new laws on the other hand further increase the relevance of industry self-regulation, for instance in form of codes of conducts or best practice models. Again, the regulation of online intermediaries is illustrative for this trend. In Germany, for example, content regulation of online intermediaries such as search engines is largely based upon a self-regulatory approach. In the light of this development, sustainable e-Compliance increasingly includes involvement in standard-setting bodies and industry best practice-groups – both as an expression of “good corporate citizenship” and based on the acknowledgment that “soft law”, in turn, can improve a company’s e-Compliance with the increasingly complex network of legal, quasi-legal, pre-legal and ethical obligations.

I just finished reading Heuristics and the Law (2006) edited by Gerd Gigerenzer and Christoph Engel. It’s an interesting collection of essays by legal scholars, psychologists, and economists, exploring the conceptual and practical power of the heuristics approach in law. Given my own research interest, I was particularly intrigued by Chris Guthrie’s contribution with the title “Law, Information, and Choice: Capitalizing on Heuristic Habits of Thought.”

In the article, Chris starts with the observation that American law has a long-standing tradition to foster individual autonomy and choice by mandating the disclosure of information. Disclosure rules can be found in many areas of law, ranging from corporate law or product liability to gaming laws, etc. The underlying rational choice approach, according to Guthrie’s analysis, assumes that individuals will use all available information to “identify and evaluate all available options, assess and weight all of the salient attributes of each option, and then select the option they evaluate most favorably.” (id., p. 427). Guthrie contrasts these assumptions with (empirical) insights from heuristic-based approaches (“fast and frugal heuristics program” and “heuristics-and-biases program”), which suggest that individuals often make sound decisions by using limited information, and concludes that lawmakers should heed the lessons of these theories in order to foster autonomy and choice. More specifically, the author argues that lawmakers should not aim for full disclosure of information as rational choice theory would recommend, but should require limited disclosure by identifying the specific pieces of information to be disclosed, requiring the information to be presented in a manner designed to attract user’s attention and inform understanding, and by imposing limitations on the amount of disclosed information.

Clearly, Chris Guthrie’s empirical arguments support some of the observations I have made – inspired by my Doktorvater Prof. Dr. Jean Nicolas Druey - in the context of my information quality research on the one hand and earlier discussions of the information overload problem on the other hand. However, I’m not sure whether I agree with all of Guthrie’s conclusions, particularly once we move from an analog/offline to a digitally networked environment. The author himself acknowledges in the final paragraph – but leaves unanswered - the problem that information phenomena are highly context-specific and that information processing has an inherent subjective component to it. These characteristics have been identified as among the key challenges faced by the legal system aimed at regulating information (i.e. what we call information law on this side of the Atlantic), which by it’s own nature seeks to make general and abstract statements (“norms”) about informational phenomena. Against this backdrop, it is questionable as to what extent the “content-presentation-amount” program suggested by Guthrie might balance this fundamental tension between the characteristics of informational phenomena and information law.

Besides context-dependency and individuality of information processes, I’m for yet two other reasons not convinced that the author’s basic observation - according to which individuals make decisions based on limited information (although full information, in theory, would be available) - justifies the normative conclusion that lawmakers should limit the amount of information to be disclosed when drafting laws.

• First, there are people who follow - at least in certain situations and sometimes because it’s required by professional ethics or even by duty of care standards - the “text-book”-style decision-making procedure as envisioned by the rational choice theory. These individuals, I would argue, might be worse off under a regime that is based on the approach that “less information is more information”. In short, I would argue that less information is not always more information.

• Second, the aggregation of large amounts of information becomes much more efficient and effective once we operate in a digitally networked environment. Indeed, some of the “mathematical” work that is involved in preparing decisions under the rational choice theory is increasingly done by services – ranging from peer-based recommendation systems (“wisdom of the crowds”) to more hierarchical expert systems - that are in the business of collecting and comparing information for their users. Here, I would argue that the quality of the information based on which decisions can be made is likely do decrease if lawmakers impose qualitative and quantitative limits on the disclosure of information by the respective senders.

In any event, Chris Guthrie’s arguments deserve close attention and further consideration, although one might disagree with some of the conclusions.