Distribution as a Design Principle for Peer-To-Peer Law
* Working Paper: Peer-To-Peer Law: Distribution as a Design Principle for Law. . Mélanie Dulong de Rosnay. [email protected] Working Paper Series No. 31
"Instead of applying law to peer-to-peer in order to control networks, I propose to apply peer-to-peer to the law to transform it. The western liberal conception of law is based on the legal category of the individual. This legal theoretical conception does not adequately take into account the concept of communities of peers, defined as non-stabilised, evolving, or non formalized groups sharing a common interest or an ad hoc production purpose, from local communities (e.g. those using a commons-based governed fishery) to online communities (e.g. the users of a platform) which do not have a legal statute as an individually identifiable entity.
Legal thinking can be influenced by architecture design principles based on decentralisation. Peer-to-peer architectures, for example distributed storage and wireless mesh network, disrupt the application of positive law and question central legal notions of liability, control, ownership and responsibility. I call for a transformation of legal thinking and logic and a theoretical break from envisioning the individual person as unique point of reference of the regulatory system composed by positive law and policies targeting individuals. Network theorists have already been conceptualising the agency of collectives, and commoners have been developing legal hacks to organise collective property. Beyond an individualised law trying to control distributed Information and Communication Technologies, peer-to-peer ways to think and design the law require to design collective rights and legal persons. Challenging liberal legalism design grounded in individualism requires to integrate peer-to-peer as a design principle for the law, towards the recognition of collectives as subjects of rights and duties, and the distribution of the law itself."
FOR A TRANSFORMATION OF LEGAL THINKING
Mélanie Dulong de Rosnay:
"Lobbying to prohibit peer-to-peer file sharing or peer-to-peer based technologies of anonymity, storage, browsing or access follows a traditional model of legal regulation, which aims to control technology and safeguard the supremacy of legal rules which were developed before the emergence of the new technical environment. However, this position, instead of transposing legal values and general principles to the digital age, leads to constraining it beyond the initial regulatory objective of preventing infringement, by controlling also legitimate activities which were previously unregulated. Legal doctrine showed the extension of the scope of copyright and the chilling effect on users’ rights and socio-cultural practices of creation. The law has not been updated yet to scale to the technology. There has not been any change of legal paradigm to integrate transformations caused by digital technologies and especially peer production with unidentifiable networks of peers instead of legally identifiable persons. Law can also interact with technology in a different way by trying to integrate some of its features in order to maybe regulate it better.
One way to think about the relationship between law and peer-to-peer technology is to wonder if the law needs to be expanded to face a new regulatory challenge. People choose to use and to contribute to services based on distributed architectures for many reasons including to preserve their privacy and escape censorship, but also legal control. The uniqueness of the distributed environment may fade away if the legislator catches up and blocks the ports needed to deploy peer-to-peer architectures. The same attack of 'law of the horse' (Easterbrook, 1996 and the answer by Lessig, 2001) which has been made to cyberlaw could be made to a law of distributed architecture, questioning its singularity and its raison d'être. Or, if distributed architectures are unique, we are facing the emergence of new legal categories which will produce new norms. But beyond the fact that these technologies may be used for both legitimate and illegal purposes and that the fragmentation of the services makes it difficult to assign liability, it should be noted that these peer-to-peer services are also part of the social movement of the commons. They foreground peer-production as an alternative to the market-based centralised services exercising control over their users and their data. Even if technical efforts required to set them up as opposed to the ease of installation of their commercial counterpart may prevent their take-off, they participate in emancipation and autonomy through technology, and constitute a valid alternative to the commodification of free labour and the lack of security and privacy of the commercial services.
From a legal perspective, the main difference I want to observe between commercial and peer-to-peer services is that the former services rely on a contractual relation between two individual entities (the corporation and the user), allowing the allocation of responsibility in case of infringement, while the latter services are not provided by an individual person. They are offered by a mesh of nodes which ensure collectively that the service is possible, each ensuring a fragment of it, which is difficult or impossible to monitor technically and control legally. Distributed architectures are fragmenting data and actions, thus exploding the localised rights model where each object or right can be assigned to one actor. The problem comes from the fact that peer-to-peer architectures aggregate and distribute technically insignificant fragments, while the law allocates rights to individual persons in a bijective relation.
Individual legal entities are the basis of legal reasoning and the subjects of rights. Western legal systems tend to mainly recognise the rights of individuals, to protect private property rights, commercial interests in individuals and personal freedoms. Law assigns rights to individuals (which can be states, corporations or non-profit) benefitting from autonomy and agency. While law is arranging responsibilities, rights, duties, obligations and conditions between moral or physical persons in localised determined jurisdictions, distributed architectures operate with fragmented data and share the process between actors which are neither localised nor stabilised, as they are not necessarily the same peers present all along a given process of data communication.
I claim therefore that the distribution of the actors and the actions requires the rethinking of legal categories, since the notions of author of an action, action and content or object are not tangible units any longer, but aggregated, open-ended and evolving fragments. Legal reasoning will question whether distributed services are really of a different nature; whether localisation really matters; whether the association of encryption and fragmentation ensures anonymity or untraceability; how to distinguish the request of an action from the implementation or performance of the action? Regarding the last question, my understanding is that fragmentation of actions between an unfixed network of peers at least blurs responsibilities and at most makes them irrelevant.
Which method of research of the responsible person can be applied if there is no identifiable owner or service provider? Joint liability of all identifiable nodes for the other members of the group who would have performed an offence has not been applied, but the absence of case law does not mean this could not happen. It might be the case that if no entity is found liable, any identifiable entity related to the case would be sentenced. The reconfiguration through cooperation of the notion of individuals forming a collective triggers a deconstruction of legal categories in several domains: copyright, liability, cybercriminality, processing of personal data, but also data security. In case of service failures and data loss, it is not certain that a warranties disclaimer would be valid when faced with consumer protection legislation. No contractual relationship can be deduced: since users are unknown and unstable, the performance of the service depends on who is connected at what time, but none of the nodes are individually essential. In the absence of a contract and of user identification, it is difficult to assign responsibility in the traditional way. A complex network of users and contractual relationships could be inferred from who is online when, but if peers do not know what package is circulating, and if the package may take a different road when they are not online, all peers could just be irresponsible nodes among others, unaware of the content of the traffic they are collectively facilitating, but neither individually allowing or blocking. The presence or the absence of one peer in the network is irrelevant to the performance of the service, diminishing claims for collective responsibility."