Digital Architecture as Crime Control
Katyal, Neal Kumar, The Yale Law Journal
The first generation of cyberlaw was about what regulates cyberspace, Led by Larry Lessig's path-breaking scholarship isolating architecture as a constraint on behavior online, (1) a wide body of work has flourished. In a recent article, I took those insights and reverse-engineered them to show how attention to architecture in realspace (such as our city streets, parks, houses, and other buildings) constrains crime. (2) It is time to begin a new generation of work, one that applies the lessons of realspace study back to the cybernetic realm. The question will not be what regulates cyberspace, but how to do so given the panoply of architectural, legal, economic, and social constraints.
This Essay details how theories of realspace architecture inform the regulation of one aspect of cyberspace, computer crime. Computer crime causes enormous damage to the United States economy, with even a single virus causing damage in the billions of dollars and with a recent survey finding that ninety percent of corporations detected computer security breaches. (3) Yet despite apparent metaphorical synergy, architects in realspace generally have not talked to those in cyberspace, and vice versa. There is little analysis of digital architecture and its relationship to crime, and the realspace architectural literature on crime prevention is often far too "soft" to garner significant readership among computer engineers. However, the architectural methods used to solve crime problems offline can serve as a template to solve them online. This will become increasingly obvious as the divide between realspace and cyberspace erodes. With wireless networking, omnipresent cameras, and ubiquitous access to data, these two realms are heading toward merger. Architectural concepts offer a vantage point from which to view this coming collision.
This brief Essay sketches out design solutions to the problem of security in cyberspace. It begins by introducing four principles of realspace crime prevention through architecture. Offline, design can (1) create opportunities for natural surveillance, meaning visibility and susceptibility to monitoring by residents, neighbors, and bystanders; (2) instill a sense of territoriality so that residents develop proprietary attitudes and outsiders feel deterred from entering private space; (3) build communities; and (4) protect targets of crime. (4)
After introducing these concepts, the Essay discusses analogues to each principle in cyberspace. Naturally, the online and offline realms are not symmetric, but the animating rationales for the four principles can be translated to cyberspace. Some of the outlined modifications to digital architecture are major and will invariably provoke technical and legal concerns; others are more minor and can be implemented quickly to control computer crime. For example, we will see how natural surveillance principles suggest new virtues of open source platforms, such as Linux, and how territoriality outlines a strong case for moving away from digital anonymity toward pseudonymity. The goal of building communities will similarly expose some new advantages for the original, and now eroding, end-to-end architecture of the Internet--a design choice that eschewed barriers between computers and rejected preferences for certain types of content. Principles of community and target protection will illuminate why installing firewalls (which are simply pieces of hardware and software that prevent specified communications (5)) at end points will provide strong protection, why some computer programs subtly cue criminal acts, and why the government should keep some computer crimes secret.
Throughout this Essay, each Section will employ the realspace architect's understanding of context to explain why many meta-claims in contemporary cyberlaw are too grand. These claims are proliferating and track the same binary formula: "open sources are more/less secure," "digital anonymity should be encouraged/prohibited," "end-to-end networks are more/less efficient," "peer-to-peer technologies are a threat/blessing," etc. …