© 1999 Lawrence Lessig.

Jack N. and Lillian R. Berkman Professor for Entrepreneurial Legal Studies, Harvard Law School. This essay is drawn from a lecture. Thanks to Susan Freiwald and Joel Reidenberg for pointing out the implications of this argument for regulation internationally. Thanks to Karen King for her research support.

1. See generally Charles L. Hendrick, Introduction to the Internet Protocols (July 3, 1987) <http://www.shiva.com/prod/techinfo/ip-intro.html> (giving history as well as explanation of TCP/IP).

2. The IETF is the single most important Internet standards body, though it functions in a very different manner from ordinary standards bodies. Membership of the IETF is open, and standards get adopted only if implemented. See Internet Engineering Task Force, Overview of the IETF, (visited Apr. 1, 1999) <http://www.ietf.org/overview.html>. See also Scott Bradner, The Internet Engineering Task Force, in OPEN SOURCES: VOICES FROM THE OPEN SOURCE REVOLUTION 47 (Chris DiBona et al. eds., 1999).

3. See, e.g., John Perry Barlow, Keynote Address, Symposium on "Fundamental Rights on the Information Superhighway" at the New York University School of Law, 1994 ANN. SURV. AM. L. 355 (1994); John Perry Barlow, The Economy of Ideas, WIRED, Mar. 1994, at 84.

4. See, e.g., David R. Johnson & David Post, Law and Borders-The Rise of Law in Cyberspace, 48 STAN. L. REV. 1367, 1375 (1996).

5. By "code" I mean generally the software and hardware that constitutes cyberspace as it is. That code might be divided between the basic net protocols of TCP/IP, and the applications that run on those protocols. As I explain more below, it is the application space that is the most important target of regulation.

6. See Joel R. Reidenberg, Governing Networks and Rule-Making in Cyberspace, 45 EMORY L.J. 911, 929 (1996). See also Joel R. Reidenberg, Lex Informatica: The Formulation of Information Policy Rules Through Technology, 76 TEX. L. REV. 553 (1998) [hereinafter Reidenberg, Lex Informatica].

7. See Reidenberg, Lex Informatica, supra note , at 568-73.

8. See id. at 579-81.

9. See, e.g., Pamela Samuelson, Intellectual Property Issues Raised by the National Information Infrastructure, 454 PLI/PAT 43 (1996).

10. Information Infrastructure Task Force, Working Group on Intellectual Property Rights, Intellectual Property and the National Information Infrastructure: The Report of the Working Group on Intellectual Property Rights (Sept. 1995) <http://www.uspto.gov/web/offices/com/doc/ipnii/>.

11. Cookies allow web sites to track users over multiple visits. See generally David Whalen, The Unofficial Cookie FAQ, Version 2.51 (visited Apr. 1, 1999) <http://www.cookiecentral.com/faq/index.shtml>.

12. "The Platform for Privacy Preferences Project (P3P) enables Web sites to express their privacy practices and enables users to exercise preferences over those practices." World Wide Web Consortium, Platform for Privacy Preferences (P3P) Syntax Specification (working draft) (July 2, 1998) <http://www.w3.org/TR/WD-P3P10-syntax-19980702>.

13. The Platform for Internet Content Selection (PICS) is a protocol for facilitating the rating and filtering of content on the Internet. See World Wide Web Consortium, Platform for Internet Content Selection (PICS) (last modified Jan. 3, 1998) <http://www.w3.org/pics>.

14. See Lawrence Lessig, Tyranny in the Infrastructure, WIRED, Jul. 1997, at 96.

15. For a great example of regulation of the code, see the Oxley-Manton Amendment to the Security and Freedom Through Encryption (SAFE) Act, H.R. 695, 105th Cong. (1997), which would have regulated the type of permissible encryption to be just that which provided the required governmental access.

16. See Digital Millennium Copyright Act of 1998, Pub. L. No. 105-304, 1201, 112 Stat. 2860, 2863-2872 (codified at 17 U.S.C. 1201) (1998). For a critique of this anti-circumvention provision, see Pamela Samuelson, Intellectual Property and the Digital Economy: Why the Anti-Circumvention Regulations Need to be Revised, 14 BERKELEY TECH. L. J. 519 (1999).

17. See supra note .

18. See, e.g., WILLIAM J. CLINTON AND ALBERT GORE, JR., A FRAMEWORK FOR GLOBAL ELECTRONIC COMMERCE (1997), available at <http://www.iitf.nist.gov/eleccomm/ecomm.htm>.

19. My favorite example is Rust v. Sullivan, 500 U.S. 173 (1991), in which the Supreme Court upheld an indirect means of discouraging abortion, something the government cannot do directly. See Lawrence Lessig, The New Chicago School, 27 J. LEGAL STUD. 661, 670, 690-91 (1998).

20. I define this more infra in the text accompanying note .

21. Compilers can read it as well, but compilers simply turn this code from source code into object code.

22. See, e.g., Free Software Foundation, GNU General Public License Version 2 (June 1991) <http://www.gnu.ai.mit.edu/copyleft/gpl.html>; Ira V. Heffan, Note, Copyleft: Licensing Collaborative Works in the Digital Age, 49 STAN. L. REV. 1487, 1508 (1997). ("The GNU GPL gives users permission to copy, modify, and distribute GNU software conditioned on the user's agreement to license all derivative versions under the same terms. Further, users must agree (1) not to establish proprietary rights in the software; (2) to provide the source code to anyone to whom they give the object code; (3) to include in the software notice of the applicability of the GNU GPL; and (4) to accept the software without warranties of any kind.") (footnotes omitted).

23. The idea is stolen (but can an idea be stolen?) from Austin Bunn, Under the Hood, FEED (visited Apr. 1, 1999) <http://www.feedmag.com/oss/ossintro.html>.

24. Though many licenses expressly forbid reverse engineering. See, e.g., Mark A. Lemley & David McGowan, Legal Implications of Network Economic Effects, 86 CALIF. L. REV. 479, 528 (1998) ("Microsoft has argued that each of the 100 million-plus copies of object code it sells are limited distributions of trade secret information subject to a 'shrinkwrap license' agreement that prevents reverse engineering, and therefore that no one can obtain a copy of Microsoft's operating systems without 'agreeing' not to reverse engineer it."). I am with those who believe that copyright's rules about reverse engineering should be read to trump the contract promise to the contrary. See, e.g., Mark A. Lemley, Beyond Preemption: The Law and Policy of Intellectual Property Licensing, 87 CALIF. L. REV. 111 (1999); Mark A. Lemley, The Economics of Improvement in Intellectual Property Law, 75 TEX. L. REV. 989 (1997).

25. Technically, this is misleading. Programmers of closed code do publish application program interfaces (APIs) that enable others to "plug in" to a closed application. In principle, if these were fully transparent, closed code would be closer to open code. The significant difference is that closed code APIs still cannot be modified.

26. See The Mozilla Organization, Our Mission (visited Apr. 1, 1999) <http://www.mozilla.org/mission.html> (announcing that Netscape Communicator and its source code would be available free of charge, and describing mozilla.org's role as a "clearing-house for the newly-available Netscape source ... to collect changes, help authors synchronize their work, and periodically make new source releases which incorporate the best work of the net as a whole").

27. SSL, the Secure Sockets Layer, is a security protocol developed by Netscape which "provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection." Netscape Communications Corp., Secure Sockets Layer (visited Apr. 7, 1999) <http://home.netscape.com/security/techbriefs/ssl.html>.

28. Technically, there are two reasons why there is little that Netscape can do here. One is that SSL is an open standard, which Netscape doesn't control. But the second is the reason I am focusing on here: Even if it could control it, its "control" depends upon whether the code is open or closed.

29. This design is more efficient, for building complexity into the protocols would not necessarily lead to simple ends. See, e.g., Jerome H. Saltzer et al., End-to-End Arguments in System Design, in INTEGRATED BROADBAND NETWORKS 30 (Amit Bhargava ed., 1991).

30. See Lawrence Lessig, What Things Regulate Speech: CDA 2.0 vs. Filtering, 38 JURIMETRICS J. 629 (1998).

31. Digital certificates "allow verification of the claim that a specific [encryption] key does in fact belong to a specific individual. Certificates help prevent someone from ... impersonat[ing] someone else." RSA Laboratories, FAQ 4.0-Frequently Asked Questions About Today's Cryptography (visited Apr. 7, 1999) <http://www.rsa.com/rsalabs/faq/html/4-1-3-10.html>.

32. For a description of Linux, see Linux Online, What is Linux (last modified Mar. 16, 1999) <http://www.linux.org/info/index.html>.

33. See Brian Behlendorf, Open Source as a Business Strategy, in OPEN SOURCES: VOICES FROM THE OPEN SOURCE REVOLUTION 149 (Chris DiBona et al. eds., 1999).

34. This, I take it, is the strong and true point that Free Software Foundation founder Richard Stallman makes. See Richard Stallman, Why Software Should Be Free (Apr. 24, 1992) <http://www.fsf.org/philosophy/shouldbefree.html> (arguing that software ownership is harmful because fewer people use the program, none of the users can adapt or fix the program, and other developers cannot learn from the program, or base new work on it). See generally Free Software Foundation, Philosophy of the GNU Project (last modified Mar. 27, 1999) <http://www.fsf.org/philosophy/philosophy.html>.

35. See Morrison v. Olson, 487 U.S. 654, 710 (1988) (Scalia, J., dissenting) ("While the separation of powers may prevent us from righting every wrong, it does so in order to ensure that we do not lose liberty.").