Where to begin with architecturegreenspun.com : LUSENET : 6805-team-6 : One Thread
I started thinking about the legal and code architecture that we want to create. I have categorized them as follows. We have high-level goals for the Internet and access in general; if we agree on low-level goals such as the ones below, they will be much simpler to create an implementation for. Please let me know what you think. I did, also, use the
Thoughts on Architectures for Access
An architecture (in code and legislation) should have the following general effects:
(0) For each container:
- To define which containers are and are not protected under the law or code (i.e. encrypted email is protected and unencrypted emails are not). This should not be done on a technology-based foundation, but in a more general sense (example notwithstanding).
- To assign Unix-style file permissions to each container, esp. those which we have decided need protection.
(1) To make it easy and undeniable for a user to find out whether he or she has particular access permissions to a particular container.
(2) If he has a particular access permission,
- To allow him easily to perform those actions which he is permitted to perform.
(3) If he does not have a particular access permission,
- To inform him, obviously and undeniably, that he is lacking those required permissions. This is repeated because it is so important.
- To prevent him from side-stepping the required access permissions.
- To punish him if he manages to side-step those required permissions.
Clearly these restrictions don't really address the issues of the freedoms of the Internet. I am hoping that by providing access restrictions to protect site owners that it will convince them to publish more, since they know they are safe in doing so.
-- Anonymous, November 21, 1998
Here is what I have brainstormed concerning legal architectures. Consider this a starting point only; we can hash it out or reject it completely later today.
I. Goal: Everyone Should Know What the Rule Is
A. Promote self-education by making the legal rule like the speed limit rule: You are responsible for knowing the law, and ignorance is no defense.
B. Require space owners to engage in some form of tagging to signal to others whether a piece of property is private or not.
II. Goal: Private Space Is Allowed and Possibly Encouraged
A. What is the default rule?
1. Kristina's summary of Calabresi article:
According to Calabrsi and Melamud, property rules work well UNLESS (1) the cost of establishing the value of the entitlement through negotiation is very high; (2) there is no adequate means of valuation for the entitlement; [1 and 2 represent high transaction costs] (3) when a result which combines economic efficiency and distributive goals is preferred and property rules would not achieve this result. Liability rules are applied when there are high transaction costs and it is not clear who can most cheaply avoid or reduce the costs of an activity which 'is counter to' the entitlement (e.g. a polluting factory and the entitlement to clean water). Liability rules give a collective view (objective) of the value of an entitlement in order to facilitate beneficial transfers. Liability rules eliminate free-loader and holdout problems in transactions. Subjective valuations are not addressed in liability rules. Inalienability rules are applied when a transaction creates costs to third parties (externalities) and these external costs are difficult to measure and to monetize. Inalienability also applies (1) when it is not clear how a cost-benefit analysis of transactions to transfer the entitlement would turn out (i.e. what are the costs and benefits to society?); (2) to facilitate self-paternalism (i.e. to achieve long-term v. short-term goals, citizens vote to forbid certain transactions) or true paternalism (i.e. the state is the best judge of what's best for the individual); and (3) to support certain distributive goals (i.e. since whether an entitlement can be sold or not affects who is richer or poorer; if you have an entitlement that you can't sell, you are poorer than you would be if you could sell the same entitlement).
2. My thoughts on this: Some competing demands in our topic area include the entitlement to privacy in one's own domain (computer, email account, etc,) versus (a) the entitlement to move freely and effectively through cyberspace, (b) the entitlement to effective law enforcement; (c) the entitlement to have some public spaces in cyberspace; and (d) the entitlement to access cyberspace at all.
(a) Entitlement to move freely and effectively through cyberspace -- Assuming that technology will enable other users to determine and avoid private spaces in cyberspace, it would be cheaper for other users to have to avoid these spaces than for the individual user to fend off every attempted access. Thus, a property rule should apply here.
(b) Entitlement to effective law enforcement -- Because getting necessary information and access for bona fide law enforcement purposes is a beneficial transfer that we would like to take place, we want to eliminate the holdout problem and ignore subjective evaluations. Thus a liability rule should apply here.
(c) Entitlement to have some public spaces in cyberspace -- It is not clear who can most cheaply avoid the costs of having privacy on the internet, which is counter to the entitlement of having some public spaces. For example, is it less costly to force the user to open his space up to the public, or is it less costly to force everyone else to look elsewhere? This suggests a liability rule.
(d) Entitlement to access cyberspace -- Some people are not going to be able to afford internet access if isp's are held stricly liable for the actions of their users. This is going to cause isp's to charge high account fees. A property rule would permit broader distribution of the entitlement to access cyberspace; isp's and users could agree to transact privacy -- the isp will provide it to the user, who will pay for it, or, perhaps, the isp's will pay the user (in the form of a smaller account fee) for the user to give it up.
In summary, this points to a mix of property and liability rules.
II. Goal: Privacy Includes the Right to Self-Determination
A. How much can the default rules be changed by contract? (Continuation of property/liability analysis above) -- All of the "property rule" entitlements should be alterable by contract. The entitlement to effective law enforcement and the entitlement to have some public spaces should not be alterable by contract.
III. Goal: There Should Be Some Publicly-Accessible Space
A. Government could operate a "tax" to fund and provide public spaces (e.g. force owners to make some part of their space public) and then provide it themselves, or subsidize others.
B. Certain exceptions could be made to the above rules, e.g. certain owners could be prohibited from keeping their spaces private.
-- Anonymous, November 22, 1998
Hi again, guys!
Enjoy your team meeting today. Here are some more specific thoughts on architectures (for code).
Basically, from my original post, I see the problem as three-fold:
(1) Making it easy and undeniable for someone to find out what their permissions with respect to a particular container are (as well as for container "owners" to set permissions to their containers),
(2) Allowing users to see/use only what they are supposed to see/use,
(3) Making it impossible to side-step our code architecture (both in law -punishment- and in code).
First, there is a one-page summary of P3P, which I imagine we're going to end up using in our solution.
We can imagine a system where any web browser (or telnet program or other network application) uses a P3P negotiation with each container to see whether the user is allowed to view/modify the contents of that container. Negotiation is less useful here than in the privacy scenario because the file permissions are pre-set.
P3P is a good name and framework (as opposed to having to modify the name or purpose for our uses) because in a sense it protects privacy -- the privacy of the container owner!
The problem here is that (at present) P3P is not implemented and certainly not hackproof. We'll have to worry about this because all possible hackproofing adds latency to the system (i.e. encryption).
Finally, we'll have to deal with undeniability of the transaction. We don't want JoeBob to say that he hacked into a system because the container said it was okay. This needs to stand up in court.
Anyway, these are my thoughts for now. If you need to assign sections before I get back, here is my preference (1 high, 5 low): (1) code architecture section (2) metaphor section (3) evaluation section (4) future projections (5) introduction. I didn't include 6 because that's the legal section I have no business writing. :) Later guys!
-- Anonymous, November 22, 1998