Law and Information

My colleague and collaborator Daniel Markus Haeusermann has sketched the contours of what he calls a “tentative taxonomy of legal scholarship and virtual worlds” over at his Information Law Possum blog. He differentiates among four basic categories that might be subject of inquiry: Offline law as applied to legal issues of MMORPGs of our world; our law as applied to things that happen within virtual worlds; the law of virtual worlds; and the relation between the law of virtual worlds and our law. Read on here.

I should also mention that Daniel recently published a terrific law review article in the Aktuelle Juristische Praxis on the possibilities and limitations of a legal approach to the protection of emotions related to faith – using the example of legal disputes associated with the controversial Mohammed-cartoons. I hope Daniel will soon provide an English summary of the article (which can be understood as a contribution to law & emotion scholarship) on his weblog.  Update: The English summary is now available (thanks, Daniel.)

I’m currently in wonderful San Francisco, attending the Berkman Center’s Mobile Identity workshop – a so-called “unconference” — led by my colleagues Doc Searls, Mary Rundle, and John Clippinger. We’ve had very interesting discussions so far, covering various topics ranging from Vendor Relationship Management to mobile identity in developing countries.

In the context of digital identity in general and user-centric identity management systems in particular, I’m especially interested the question as to what extent the issues related to mobile ID are distinct from the issues we’ve been exploring in the browser-based and traditionally wired desktop-environment. Here’s my initial take on it:

Although mobile identity can be best understood as part of the generic concept of digital identity and despite the fact that identity as such has some degrees of mobility by definition, I would argue that mobile (digital) identity has certain characteristics that might (or should) have an impact on the ways we frame and address the identity challenges in this increasingly important part of the digitally networked environment. I would argue that the characteristics, by and large, may be mapped onto four layers.

• Hardware layer: First and most obviously, mobile devices are characterized by the fact that we carry them with us – from location to location. This physical dimension of mobility has a series of implications regarding identity management, especially at the logical and content layer (see below), but also with regard to vulnerabilities such as theft and loss. In addition, the devices themselves have distinct characteristics – ranging from relatively small screens, small keyboards to limited computing power, but also SIM cards, among other things — that might shape the design of the identity management solution.
• Logical layer: One of the consequences of location-to-location mobility and multi-mode devices is that identity issues have to be managed in a heterogeneous wireless infrastructure environment, which includes multiple providers of different-generation cellular networks, public and private WiFi, Bluetooth, etc., that are using different technologies and standards, and are operating under different incentive structures. This links back to our last week’s discussion about ICT interoperability.
• Content layer: The characteristics of mobile devices have ramifications at the content layer. Users of mobile devices are limited in what they can do with these devices. Arguably, mobile device users tend to carry out rather specific information requests, transactions, tasks, or the like – as opposed to open, vague and time-consuming “browsing” activities. This demand has been met on the supply-side with application and service providers offering location-based and context-specific content to mobile phone users. This development, in turn, has increased the exchange of location data and contextual information among user/mobile device and application/service providers. Obviously, the increased relevance of such data adds another dimension to the digital ID and privacy discussion.
• Behavioral layer: The previous remarks also make clear that different dimensions of mobility and the characteristics of mobile devices lead to different uses of mobile devices when compared to desktop-like devices. The type and amount of personal information, for example, that is disclosed in a mobile setting is likely to be distinct from other online settings. Furthermore, portable devices get more often lost (or stolen) than non-portable devices. These “behavioral” characteristics might vary among cultural contexts - a fact that might add to the complexity of mobile identity management (Colin Maclay, for instance, pointed out that sharing cell phones is a common practice in low income countries.)

Today, I got the sense that the technologists in the room have a better understanding of how to deal with the characteristics of mobile devices when it comes to digital identity management. At least it appears that technologists have identified both the opportunities and challenges associated with these features. I’m not sure, however, whether we lawyers and policy people in the room have fully understood the implications of the above-mentioned characteristics, among others, with regard to identity management and privacy issues. It only seems plain that many of the questions we’ve been discussing in the digital ID context get even more complicated when we move towards ubiquitous computing. (One final note in this context: I’m not sure whether we focused too much on mobile phones at this workshop – ID-relevant components of the mobile space such as RFID tags, for instance, have remained largely unaddressed - at least in the sessions I attended.)

We have teamed up with the Berkman Center on an ambitious transatlantic research project on ICT interoperability and e-innovation. Today, we have been hosting a first meeting to discuss some of our research hypotheses and initial findings. Professor John Palfrey describes the challenge as follows:

This workshop is one in a series of such small-group conversations intended both to foster discussion and to inform our own work in this area of interoperability and its relationship to innovation in the field that we study. This is among the hardest, most complex topics that I’ve ever taken up in a serious way.

As with many of the other interesting topics in our field, interop makes clear the difficulty of truly understanding what is going on without having 1) skill in a variety of disciplines, or, absent a super-person who has all these skills in one mind, an interdisciplinary group of people who can bring these skills to bear together; 2) knowledge of multiple factual settings; and 3) perspectives from different places and cultures. While we’ve committed to a transatlantic dialogue on this topic, we realize that even in so doing we are still ignoring the vast majority of the world, where people no doubt also have something to say about interop. This need for breadth and depth is at once fascinating and painful.

As expected, the diverse group of 20 experts had significant disagreement on many of the key issues, especially with regard to the role that governments may play in the ICT interoperability ecosystem, which was characterized earlier today by Dr. Mira Burri Nenova, nccr trade regulation, as a complex adaptive system. In the wrap-up session, I was testing – switching from a substantive to a procedural approach – the following tentative framework (to be refined in the weeks to come) that might be helpful to policy-makers dealing with ICT interoperability issues:

1. In what area and context do we want to achieve interoperability? At what level and to what degree? To what purpose (policy goals such as innovation) and at what costs?
2. What is the appropriate approach (e.g. IP licensing, technical collaboration, standards) to achieve the desired level of interoperability in the identified context? Is ex ante or ex post regulation necessary, or do we leave it to the market forces?
3. If we decide to pursue a market-driven approach to achieve it, are there any specific areas of concerns and problems, respectively, that we - from a public policy perspective – still might want to address (e.g. disclosure rules aimed at ensuring transparency)?
4. If we decide to pursue a market-based approach to interoperability, is there a proactive role for governments to support private sector attempts aimed at achieving interoperability (e.g. promotion of development of industry standards)?
5. If we decide to intervene (either by constraining, leveling, or enabling legislation and/or regulation), what should be the guiding principles (e.g. technological neutrality; minimum regulatory burden; etc.)?

As always, comments are welcome. Last, but not least, thanks to Richard Staeuber and Daniel Haeusermann for their excellent preparation of this workshop.

The EU commission recently released an impressive 280+ pp. study on the economic impact of open source software on innovation and the competitiveness of the ICT sector in the EU. The report analyzes, among other things, FLOSS’ market share, and its direct and indirect economic impacts on innovation and growth. It also discusses trends and scenarios and formulates policy recommendations. Some of the findings that I find particularly interesting:

• Almost two-thirds of FLOSS is written by individuals, while firms contribute about 15% and other institutions 20%. The existing base of FLOSS software represents about 131.000 real person-years of effort.
• Europe is the leading region as far as the number of globally collaborating FLOSS developers and global project leaders are concerned. Weighted by average income, India is the leading provider of FLOSS developers, followed by China.
• The existing base of quality FLOSS applications would cost firms almost 12 billion Euros to reproduce internally. The code base has been doubling every 12-24 month. FLOSS potentially saves the industry over 36% in software R&D investment.
• FLOSS is an important growth factor for the European economy. It encourages the creation of SMEs and jobs and is unlikely to cannibalize proprietary software jobs. The FLOSS-related share of the economic could reach 4% of the European GDP by 2010.
• Europe’s strength regarding FLOSS are its strong community of active developers, small firms, and secondary software industry. In contrast, a generally low level of ICT investment and a relatively low rate of FLOSS adaptation by large industry (if compared to U.S.) are among its weaknesses.

As to policy recommendations, the report suggests a focus on the correction of existing policies and practices that currently favor proprietary software. Among the recommendations: support FLOSS in pre-competitive research and standardization; encourage partnerships among large firms, SMEs and FLOSS communities; provide equitable tax treatment for FLOSS creators.