Joel Reidenberg, professor at Fordham University School of Law, talks with GrepLaw about how "hack tools" (such as packet interceptors, viral e-mails, filters, and DoS attacks) give democratic states the ability to enforce their freely chosen public policies within their territories. Mr. Reidenberg challenges the conventional wisdom that said either the person or the person’s assets needed to be within the state’s physical territory to enforce the state’s law.

Mr. Reidenberg's SSRN paper, States and Internet Enforcement, is currently available in PDF.

I have written about three types of online instruments that governments might use to enforce state decisions: electronic borders, electronic blockades and electronic sanctions. These can be constructed using tools such as packet interception, viral email, filters and denial of service attacks. While these tools are usually associated with hackers or wrongdoers, states have legitimate reasons to use the same techniques in order to enforce court decisions and laws adopted through the democratic process.

Your claim seems to dovetail quite nicely with Larry Lessig’s mantra that “code is law” and Shanthi Kalathil and Taylor Boas’ challenge to “the Internet is a virus of freedom” myth. Have any of them commented on your work?

Larry has really built on my work. In articles in the Stanford Law Review and the Berkeley Technology Law Journal among other places, Larry Lessig credits my earlier work on “lex informatica” – a far more technocratic term-- as one of the key sources for his writing on “code.” In fact, I first began writing about the regulatory power of technologies in a 1993 article on data privacy Rules of the Road on Global Electronic Highways: Merging the Trade and Technical Paradigms for the Harvard Journal on Law & Technology. Then, in 1996, I gave a paper Governing Networks and Rule-Making in Cyberspace on a panel with Larry where I began to develop the term “Lex informatica” to describe the regulatory implications of architecture. By 1998, I wrote a major piece on Lex Informatica: The Formulation of Information Policy Rules through Technology in the Texas Law Review that more extensively spelled out the use of technology as a parallel form of regulation. Larry’s excellent book the following year reached a much wider audience.

What prompted your interest in this area?

A college mentor at Dartmouth who worked at the vanguard of social science computing sparked my interest in technology. For my undergraduate thesis in 1982, I had to learn some computer skills and the mechanics of TCP/IP and gateway access points to transfer research data from a foreign computer to the Dartmouth Time Sharing System. Two years later, when I was in law school, I had a fascinating summer job with the general counsel of Citibank’s Information Services Division that joined my background in social science computing with law. From then on, I was hooked.

What has changed the “conventional wisdom” that states have no way to enforce their laws online?

The technology itself. Just as Internet technologies pose challenges to states’ enforcement powers, the same technologies provide new tools for states to enforce their laws. The conventional wisdom was that a state needed either the person or the person’s assets within the state’s physical territory to enforce the state’s law. Technology makes that conventional wisdom obsolete. States can use technology to enforce their laws and judgments directly online. Hacking tools, spam and other online instruments have police-like powers that states can harness.

Your SSRN paper, States and Internet Enforcement, is currently available for download. Are you planning on writing a book?

Yes, the paper is actually part of my larger book project “Information Wars in a Networked Society” that takes an iconoclastic view of highly publicized Internet regulatory controversies. I am exploring the struggle over network rule-making between technical elites and democratic governance.

What do you think of the recent claims by Symbiot?

I am a little skeptical about Symbiot’s claims because the press release is so vague on the type of response that its software proposes. However, the claim does illustrate that companies are trying to develop more robust Internet enforcement tools.

Which Internet instruments do you feel have the most potential for misuse by government and/or big businesses?

The use by government of any of the instruments without proper due process protections would be very troubling. Those that cause damage to innocent third parties such as DOS attacks have the most harmful risks. With respect to business, computer crimes statutes already constrain the use of Internet self-help measures.

To your knowledge, does the US have any clear cut “rules of engagement” for this type of regulation?

While there are rumors of policies for information warfare, I focus on the enforcement of laws and judgments. There are clearly no ‘rules of engagement’ spelled out in US law at this time. We have not yet contemplated court orders for online enforcement.

Many of us shudder at the ways other governments use technology to enforce their policies. But how might other countries view our cyber policies?

Other countries object to a US-centric view of the Internet and view our cyber policies in much the same way we see those abroad with which the US disagrees. For example, the Yahoo case in France shows how other democracies do not agree with the US policies on hate speech.

In fact, you took an interesting stance on the “Ordinance en reféré” the Tribunal de Grande Instance de Paris issued against Yahoo!. In your SSRN paper, Yahoo and Democracy on the Internet, you argued:

“The ruling is an important decision that will promote the respect of democratic values on the Internet and the respect of democratic values in the development of Internet technologies…the Yahoo! decision represents an affirmation of non-US democratic values and comes at a critical developmental juncture for the Internet.”

Might this suggest that libertarian-oriented techies need to grow up and respect varying public values across borders?

What advice would you have to GrepLaw readers who object to some of these tools that governments use? Particularly to the way some US-based companies knowingly aid certain regimes?

Become engaged in the political debate, join political lobby groups, lobby legislative leaders, and write op-ed pieces to publicize the issues.

I noticed from your e-mail signature that you’re a visiting professor at l’Universite de Paris-Sorbonne and l’Institut d'etudes politiques de Paris. You also recently gave a seminar at the Oxford Internet Institute (OII). Tell us about your experiences there.

As part of my academic sabbatical this year, I had the opportunity to teach a graduate course on Internet regulation jointly at the two schools. The students were a wonderful mix of advanced law students and graduate political science students. My class was their first exposure to Internet law and policy and they were quite engaged. Indeed, the experience was very nostalgic for me since I have a graduate degree in international economic law and a Ph.D in law from the Sorbonne.

Has there been a significant difference between the US and non-US reactions to your work?

Non-US audiences are more receptive to a positive role for government than US audiences and are more willing to accept state regulation than US audiences. This means that non-US audiences tend to be more receptive to the use of technologies for public policy purposes than US audiences.

You seem to be a techie at heart. What operating system do you use? Wintel, Linux, Mac, or….?

I’ll let you guess.

Well, your e-mail header reveals that you too have been assimilated into the Borg. Thank you for talking to GrepLaw. Please keep us updated on your work and research.