It must be nearly ten years since I first read Larry Lessig’s Code and Other Laws of Cyberspace. When I read it, I remember being very taken with one of his early stories, that of Martha and Dank. Here’s an excerpted version:
It was a very ordinary dispute, this argument between Martha Jones and her neighbours. […..]. The argument was about borders — about where her land stopped. […..]. Martha grew flowers. Not just any flowers, but flowers with an odd sort of power. They were beautiful flowers, and their scent entranced. But, however beautiful, these flowers were also poisonous. […..]. The start of the argument was predictable enough. Martha’s neighbour, Dank, had a dog. Dank’s dog died. The dog died because it had eaten a petal from one of Martha’s flowers. […..]. “There is no reason to grow deadly flowers,” Dank yelled across the fence. “There’s no reason to get so upset about a few dead dogs,” Martha replied. “A dog can always be replaced. And anyway, why have a dog that suffers when dying? Get yourself a pain-free-death dog, and my petals will cause no harm.”
If you haven’t done so already, you should read the whole book. There’s an updated version available.
I read the original book during the heady days of 1999, and the lessons have stayed with me. Too theoretical for you? Take a look at this story from a few days ago: Woman in jail over virtual murder.
Let’s take a look at what actually happened. The woman was playing Maplestory, a massively multiplayer online role-playing game or MMORPG. As was the case with Dank in Lessig’s story, something happened to her in cyberspace. Her Maplestory virtual “husband” divorced her. And, just like Lessig prophesied with Dank, she was angry.
“I was suddenly divorced, without a word of warning. That made me so angry,” she was quoted by the official as telling investigators.
So what did she do? She took her revenge. She somehow got the log-in details of the man playing her virtual ex-husband, logged in as him, went into Maplestory and killed off her ex-husband character.
Yes, she took her revenge. In cyberspace. Revenge for an event that took place in cyberspace in the first place.
But. And here’s where it gets interesting, pretty much like Lessig wrote. The critical trigger event, the “divorce”, took place in Maplestory. The response, the “revenge”, took place in Maplestory. But the consequences of that revenge are taking place not in cyberspace, but in good ol’ bricks-and-mortar land.
The woman, a piano teacher, is now in a real jail. Bricks and mortar, with a bunch of metal bars thrown in for free. In jail. Today.
What’s this got to do with cloud computing? Maybe nothing. But here’s the way I look at it:
Until recently, we’ve thought we’ve been able to keep the real and virtual worlds distinct and separate. But we were wrong. They’ve already merged, the deed is done. We live in a hybrid world. The Maplestory incident is not unique. Leaving aside the world of MMORPG, there’s been similar convergence in the social networking worlds. At the extreme, we’ve even had a number of cases where people have killed their partners after learning something about them via social networking site. Examples are here and, more recently, here. Here the trigger events were in cyberspace, but the tragedies took place in real life. Real tragedies affecting real flesh-and-blood families, let us not forget that.
The merged world is here. Today. A merger of the “atoms” world and the “bits” world. But in this merged world, the laws that we have still pertain to atoms alone rather than to bits. Physical location is a key factor in determining jurisdiction and in referring to or selecting relevant legislation.
Today’s Economist has a 14-page special report on “Corporate IT”, which brings some of this up, particularly in the contexts of confidentiality, privacy, obscenity, hate crimes and libel. Data centres are located somewhere. Physically located somewhere. Cloud services, on the other hand, while fuelled by data centres, come by definition from ‘the cloud”. Anywhere. Everywhere.
We have a hybrid world, but without the right hybrid laws. To make matters worse, I think there’s a bigger problem looming. For decades the software industry has been privileged to be protected on one key issue: consequential loss. That might have been fine when software was software and services were services.
But not now. Not now, when software is delivered as a service. Not now when customers buy the service rather than the software. Think about it this way. Let’s say you run a shop, you rent premises and infrastructural services from a “landlord” within a shopping mall. And let’s say you were denied access to your shop for a while, or at the very least denied some basic services you were contracted to receive, like power for example. You’d have a pretty good claim on the landlord or the mall operator for putative losses sustained as a result of their non-delivery.
We have a fascinating time ahead of us.
Software being delivered as a service, in an environment where virtual and physical worlds are colliding and converging, all against a backdrop of cloud services. Three significant dimensions of change, to be managed by laws that aren’t really fit for purpose for any one of the changes; all happening at a time when things are, shall we say, “delicate”, in the world of commerce. At least that’s the way it seems to me; I would love to be corrected.
We have a fascinating time ahead of us.
@ JP:
Thought-provoking.
I would however submit that the problem of regulations lacking ‘fitness for purpose’ is a problem not just for cloud computing/ software-as-service, but for all technological developments. Regulation just cannot keep up with the pace of innovation and adoption of innovation.
May be it is that the process of making regulations needs a reconsideration? What do you think the options could be?
n.b. I work on strategic issues relating to both ICT and life sciences; regulation is a crucial component of all the work I do for investors.
One thing to say : clicks-AND-bricks!
Nice article, and I agree with the premise. The danger with all of the hype around cloud-as-a-service is that it becomes seen as an alternative, rather than an adjunct, to RL business activity. The sum is greater than the parts for sure.
nteresting…but this Jap lady got arrested not for the supposedly criminal behaviour in cyberspace but for hacking into an account that was not hers.So am not quite sure about the convergence of the two or three words…to me its very clear – whatever are your actions in the real world are governed by real world laws- be it how you access, how you behave [ie you could be sued for libel for writing something inflammatory on the internet], what you post etc. …
I tend to agree with Shefaly’s point about regs. and their fitness for purpose, in general across all technological advancements. Let me give you another example- being in financial services we are very conscious of external communication and suitable disclaimers. Now comms have extended beyond the old fax and email….we use Chat rooms provided by external vendors like Reuters or Bloomberg- We use net conferencing facilities etc – theoretically each of these can disseminate the same type of info like an email- how do we have regs that either protect the institution AND how can the regs be user-friendly such that business does’nt come to a grinding halt and neither do we have to have an army of humans to monitor compliance of regs.
It would be interesting to think of the consequences, had there been a trial in Maplestory itself.
If she was convicted of hacking, and that’s what she’s in jail for, does this preclude a trial that should be held in this particular virtual world?
I’ll leave that to the sophists among you….
I’m sure there have already been trials in virtual worlds. Not long before we see stranger things, like money laundering via Linden dollars, the passing of “secrets” in Second Life, stuff like that. Not because it’s any easier, but because the law may not prevent it.
Virtual worlds are not distinct and separate from real physical worlds, though many people would prefer to think that way. The two worlds are one compound world with actors who exist in both, and move from one to the other.
We have a lot to learn about the hybrid world. I’ve been tracking it for some time now, and it’s a rich place for learning.
I think the two worlds were connected all the time – there has been no merger, only a late realisation of the connection. I cannot agree with you more on the need for hybrid laws.
Your report says she “somehow” obtained access to the man’s account, while most other sources I’ve read state that the man willingly gave her his account login information during happier times.
To me, the moral of the story is this: If you have ever given out your MMO login credentials to anyone and you do something that is likely to make them angry, change your password!
Or better yet, never give out your login credentials in the first place.
Hi JP,
With respect, I think you understate the crisis we face.
The “Tax Research UK” blog recently posted that “About 3% of the cash in the UK economy is actually issued by the Bank of England. The rest is electronic money.”
http://www.taxresearch.org.uk/Blog/2008/10/20/network-banking-a-radical-solution-for-the-uks-banking-crisis/
Billions, if not trillions of electronic “currency” flow around the globe every week.
Financial institutions today are really “data (money) refineries”, processing and optimising these flows. But unlike the refineries of the Oil & Gas world they are not subject to the same level of heavy regulation when it comes to how the assets are put together, which means it is only a matter of time before there is a major disaster involving a bank.
Despite performing highly dangerous operations 24/7, Oil & Gas
refineries rarely suffer catastrophic accidents. This is because they are legally required to accurately document and understand how the assets of the business interact to enable the flow of product through the assets of the plant.
There is no such requirement in the financial world, or indeed in most sectors of the economy, despite our routine reliance on IT and flows of data between business assets to perform business tasks (“business assets” includes people).
As complexity has built up over time, with systems and technology being piled on top of other systems and technology, the need to understand vulnerabilities is becoming ever more acute. A failure may not cause a physical explosion but it could certainly cause an economic one.
During the past couple of decades there have been many mergers in the global banking industry. There is at least one major European bank that, after many years, still has not been able to successfully consolidate the systems from the original separate businesses.
This past week we have seen Alan Greenspan testifying before the U.S Congress about where the financial industry went wrong (basically, people didn’t understand risk, or if they did they kept quiet). I hope IT doesn’t don’t get to the stage where similar hearings are being held and IT leaders are ‘in the dock’.
The disaster is coming, let’s hope the world economy is in much better shape before it hits.