Software Is Eating the Law

Why sandboxes are not enough. A response to Jessica Rosenworcel.

By Marvin Ammori Adam B. Kern

Tagged technologyThe Internet

In her recent essay in these pages [“Sandbox Thinking,” Issue #34], Jessica Rosenworcel makes a valid point: Innovators need “sandboxes” free from outdated legal constraints, and regulators should use these sandboxes to test out regulatory hypotheses, to learn quickly from real-world experiments, and to iterate quickly and cheaply following startup methodologies. Like a startup, the government has a goal of learning. Rather than learning slowly—for example, by deciding how to allocate billions of dollars worth of wireless spectrum through notice-and-comment rulemaking, economic studies, congressional oversight, and countless lobbying one-pagers—the government could learn more quickly by doing—in this case, by opening a few spectrum bands to private-sector experimentation.

Rosenworcel, who is currently a commissioner at the Federal Communications Commission (FCC), speaks from experience. In her work on high-speed Internet access and spectrum licensing, she has already earned a reputation as one of the most brilliant young regulators since the New Deal. Her article lives up to the reputation, and other regulators should take note and implement sandbox thinking where it makes sense.

There are, of course, some limitations she does not spell out. For example, regulators can’t test theories that succeed only at great scale. Many sandboxes would not offer the private sector the economies of scale or sufficiently large addressable market needed to incentivize investment. Smartphone manufacturers may not build chips for small experimental bands, although they might do so for larger, more stable allocations of the same bands. Therefore, a sandbox experiment might suggest no demand, even though the private sector would rush into the market if the stakes were high enough.

But there is a bigger problem that goes somewhat beyond Rosenworcel’s proposal. The problem is that she and others advocate for incremental change when today’s technological and business advances may require more foundational rethinking across a range of industries. As the Internet permits entrepreneurs to transform more traditional industries—from health care to education to urban transportation—legal theorists must come to grips with the reality that some of our legal and regulatory structures rest on shaky, outdated foundations. They rely on industrial-age assumptions of mass production and distribution by few, of mass consumption by many, and of vast information asymmetries between producers and consumers that only government regulation can solve. Today, technology eliminates many of the traditional bases for government oversight.

In industry after industry, the Internet is challenging fundamental assumptions within the law. So fundamental changes to the law—not mere sandboxes—are worth discussing.

Cyberspace and the Real World, Cyberlaw and Law

To understand how the Internet is changing law across multiple domains, we should begin by remembering Internet law’s humble beginnings.

In the 1990s, people talked about “cyberspace” and “cyberlaw.” Cyberspace was a place—one separate from reality. We traveled there, without our real-world names, using a hard line from an immovable computer screen in our living rooms. Cyberlaw consisted of the first laws affected by this new space—perhaps none more than copyright law. Up to that point, copyright law assumed that there were a few large distributors and a consuming (not copying or creating) public. The most interesting aspect of copyright law, according to students at the time, was whether a person could photocopy parts of a library book. Average teenagers shared mix tapes with friends. But nobody was prosecuted for it. “Pirates” were obviously shady folks in trench coats who sold large numbers of knock-off VHS cassettes on the street. It was a sleepy backwater of law.

But that was before the Internet became a part of our lives. With the Internet’s arrival, suddenly everyone had the power to make perfect copies of songs, to distribute them widely, and to become creators of derivative works and remixes. Teenagers became pirates, subject to thousands of dollars in fines for sharing a few songs. In fact, early on, even Google appeared to be illegal. Google had to make a copy of the entire Internet to provide fast search results. Some copyright holders argued that thumbnail photos in its “image” search were unlawful copies. Sites that displayed news articles to critique political biases were subject to copyright suits. It was a brave new world: No longer divided into mass producers and passive consumers, anyone could be a “desktop publisher” and a creator. So the existing assumptions in copyright law resulted in a legal structure that potentially criminalized average people’s everyday activities and valuable technologies like search engines. To this day, we are still working out copyright’s contours in a digital age.

But cyberspace went away. The Internet became just background technology in our life, connecting us not only to media but also to one another, with real names. And the Internet began affecting not just copyright industries, like news and music, but every industry.

As famed investor Marc Andreessen often says, “Software is eating the world.” The Internet and digital technologies have begun transforming industries such as hotels (Airbnb), taxis (Uber), education (Coursera, General Assembly), medical devices (mobile health apps), payments and currencies (bitcoin), and manufacturing (3-D printing). In all of these fields, there were a few giants, generally licensed or heavily regulated by the government, providing services for the mass public. Today, in all these fields, individuals or small entities can offer these services.

And, like Google before it, each of these services has been borderline illegal.

Airbnb’s hosts offer more rooms every night than the largest hotel chains—but it is often illegal under city or state law to offer temporary stays, particularly when the host is not in the apartment. In October, the New York state attorney general issued a report claiming that 72 percent of the rentals in New York City were illegal.

In San Francisco, Uber’s drivers serve a ridership many times the size of the local taxi market. Uber enables anyone to provide urban transportation, even though many of those drivers do not have local taxi licenses. Uber has been deemed illegal in multiple major cities around the world.

Coursera provides free online education, offering courses by top universities to anyone with an Internet connection. Yet the state of Minnesota at one point attempted to ban it for failing to comply with a law requiring state permission for offering educational services. Another education startup, General Assembly, provides job placement and practical education on computer programming and graphic design. It has trained 12,000 people through 12 campuses. Many General Assembly teachers are not full-time teachers, but are instead local experts. After years in operation, the company and others like it have been targeted by several states, including California, which now claim they fall under traditional licensing requirements and regulations. At the same time these companies face legal hurdles, tuition hikes at accredited institutions are prompting student protests in California, and many millennials now debate whether a college education is worth the time and expense.

There are other examples beyond the laws of hotels, taxis, and schools.

  • Health law. The Federal Drug Administration (FDA) regulates medical devices—typically, traditional devices such as hip replacements and stents manufactured by large companies that could afford the FDA’s approval and clearance processes. Recently, it has struggled to come up with an appropriate strategy to regulate health information from smartphone apps and software, which the agency considers to be medical devices—and it even shut down 23andMe’s diagnostic service pending FDA review. While 23andMe previously tested for more than 200 genetic markers, it had to stop reporting health results. This June, the company submitted its first application to the FDA for one genetic marker in one gene for Bloom syndrome. Months later, the company still awaits the FDA’s decision and faces the uncertainty that the agency will require this level of intense scrutiny for each of the other markers before it can resume offering its full product. In the meantime, 23andMe has begun offering its testing services in Canada.
  • Monetary law. In the twentieth century, only nation-states could issue currency. The decentralized digital currency bitcoin is borderline illegal in some countries, including Iceland, Bolivia, and perhaps China, while other governments like the federal government and New York state have struggled with how to regulate and tax the currency, including how to license bitcoin money transmitters like Coinbase and Circle.
  • Manufacturing. There was a time when you needed a printing press to be a publisher and a factory to build products. Now we have “desktop manufacturing” that changes how people prototype and create products. This leads to new issues, including whom to sue when a user prints a design of a patented object. In addition to physical products, some of our most valuable products are software, which can be created through “open source,” and peer production among millions of volunteers, requiring innovations in contract law and actors specifically disclaiming intellectual property rights to incentivize more production.
  • Aviation. Until recently, the average American could not buy a flying robot off the shelf, so the law has not conceived of people flying personal drones. Enthusiasts can fly them no higher than 400 feet without interfering with national airspace during the day, and for only noncommercial reasons unless they receive a pilot license.
  • Finance. Thanks to Kickstarter, startups and small businesses can raise money from a wide range of average Americans, now effectively pre-selling products rather than raising equity. The recent JOBS Act, enacted in 2012 but not yet fully in effect, will permit targeted equity sales without complying with the 1933 Securities Act, a law written in a different era.
  • Spectrum policy. For decades, the FCC licensed particular users to broadcast. But new technologies have enabled smarter devices, allowing unlicensed, dynamic uses of the spectrum. Some argue that much of the spectrum is poorly allocated to antiquated uses—such as broadcast television in an area when most rely not on over-the-air signals but cable and satellite—and that far more spectrum should be allocated to unlicensed uses.

In each of these industries, the Internet permits users to connect with one another, to provide targeted information to each other, and to perform accreditation through ratings and reviews. Across the economy, we are undergoing an industrial devolution, where technology is permitting decentralized production and coordination. The trend will only continue. Information technology is getting more ubiquitous, higher bandwidth, and less expensive, providing average Americans and businesses with powerful tools to connect every person (and thing) in every industry in new and unexpected ways.

Post-Cyber Cyberlaw

Just as cyberspace merged with the real world, cyberlaw now covers areas of real law. Today, lawyers working in technology companies have to understand legal areas outside of traditional technology policy: laws covering taxis, money transmission, education, and health care.

Many of these laws are outdated. They assume a society of industrial giants and mass consumers. Digital clearinghouses offer a fundamentally different model. This part of the economy has changed—not merely at the edges, but at its core. We need to rethink the code from the ground up, not merely create a sandbox. A few basic principles can help guide our foundational thinking.

First, laws designed to protect consumers should not apply when consumers can protect themselves. Many regulations are designed to protect consumers. Hotels are required to have fire sprinklers and emergency exits. In New York, taxi drivers must pass a written exam, testing their knowledge of taxi regulations and of the city’s geography.

It’s easy to see why these rules were once a good idea, and might still be a good idea. When you rent a hotel room or hire a cab, you make yourself vulnerable. Your life is in someone else’s hands. But it’s hard to tell for yourself whether the hotel owner, or the cab driver, is worthy of your trust. When you step into a taxi, you have no information about how good your driver is or how safe he will be. If you booked a hotel (before sites like TripAdvisor sprung up), you had limited information about how good or safe the hotel would be. At best, you could rely upon word of mouth, the reputations of brands, and the advice of a guidebook. Given these constraints, it was reasonable to pass laws to protect consumers.

But digital clearinghouses empower consumers to protect themselves in different ways. Any Uber driver and Airbnb host comes pre-vetted by many other users. A prospective user has a wealth of information available, not only general judgments about the quality of the seller, but data about particular things that the user might care about. An Uber user can punish drivers in ratings or feedback to Uber if the driver is unsafe. An Airbnb user can likewise determine whether his rental is probably safe, and he can decide for himself whether fire sprinklers or emergency exits are truly important to him.

In short, a whole class of laws likely should not be applied to digital clearinghouses. But other laws have a big role to play in keeping the sharing economy efficient and fair. We can’t close down Washington just yet.

Second, we need laws that are the precondition of having a thriving, competitive market. Some of these laws are so important and uncontroversial that we take them for granted: prohibitions on theft and fraud. Internet-based firms need these laws as much as their traditional competition. Take eBay. It’s easy to forget that eBay once was a shocking idea: Who in their right mind would buy anything from a stranger online? To build trust, eBay developed a close relationship with law enforcement and relied on legal and extralegal tools. Today, despite the information available to Airbnb, Uber, and Coinbase users, there will be a few tragedies among millions of rides and stays and purchases. Background laws regarding theft and assault still apply. Other laws are more controversial, but no less important. Strong net-neutrality rules, for example, ensure that the next Uber, the next Airbnb, the next eBay gets off the ground.

Third, we need laws that ensure that digital clearinghouses operate fairly. For example, digital clearinghouses can create negative externalities. This is a particular concern about Airbnb. The New York Attorney General’s report, which claimed that 72 percent of Airbnb rentals are illegal, asked, “Is the influx of out-of-town visitors upsetting the quiet of longstanding residential neighborhoods?” This is an important concern, and it’s fully addressed only through laws.

But the case of Airbnb also teaches a lesson about how to regulate digital clearinghouses fairly. We shouldn’t throw the baby out with the bathwater. Some people are considering making all home rentals illegal. But this reaction is too extreme. After all, it’s okay for homeowners to have out-of-town visitors sometimes—no one thinks that it should be illegal for Grandma to come over for Thanksgiving. More moderate solutions are win-wins: They prevent negative externalities and permit home rentals at the same time. Noise ordinances prohibit homeowners and their guests from being too rowdy. Meanwhile, neighborhoods and apartment buildings that take a special interest in having a stable, cohesive community can limit the number of days per year during which residents can rent out to guests.

Another, trickier issue is the degree of liability that digital clearinghouses should assume for the actions of their associates. Many digital clearinghouses explicitly disclaim liability for the actions of their sellers. They insist that they are merely middlemen, connecting two independent people with each other. In the copyright world, we have specific immunities to encourage platforms for sharing. Sometimes Uber—or 3-D printing clearinghouses or Airbnb or Kickstarter—act as though they’re disinterested third parties merely connecting willing riders with drivers, or travelers with homeowners. But users see them as providers of services—or at least as providing some partial endorsement of sellers. The question of liability will take some sorting out. Our point is that the question doesn’t go away simply because digital clearinghouses are digital, but also that a concept of liability that dates to an earlier era cannot be mechanically applied here.

Meanwhile, regulations of holdovers from the twentieth-century industrial economy will need to remain in place. Some of these regulations might be relaxed as large firms become more like digital clearinghouses. Extensively reviewed hotels, for example, might not need to be subject to quite as extensive regulations for quality. We need to be on the lookout, constantly, for regulations that have outlived their purpose. We can see many of them just by looking, and they are not just a sandbox but the entire playground.

Read more about technologyThe Internet

Marvin Ammori is an Affiliate Scholar at Stanford Law School's Center for Internet & Society and a lawyer who advises leading technology companies.

Adam B. Kern is a von Clemm Fellow at the University of Oxford.

Click to

View Comments

blog comments powered by Disqus