KERRY ABRAMS: It's
wonderful to see
so many students, and faculty,
and staff, and members
of our community here today
for our annual Lange Lecture.
The Lang lecture was established
to honor Professor David
Lang, who retired from
Duke Law School in 2015
as the Melvin G. Shimm
Emeritus Professor of law
after 44 years on our faculty.
A beloved teacher
and renowned scholar,
Professor Lange specializes
in intellectual property,
copyright trademarks,
unfair competition,
and entertainment law.
He's particularly well-known
for his transformative work
on the public domain and is
also the co-author of a casebook
on intellectual property that
is now in its fifth edition
as well as a book entitled
No Law: Intellectual Property
in the Image of an Absolute
First Amendment, which he wrote
with his fellow Duke Law
professor, Jeff Powell, who's
here today.
Prior to Professor
Lange's retirement,
this endowed lecture was known
as the Kip and Meredith Frey
lecture.
In recognition of his
career and contributions,
the Freys renamed it in
Professor Lange's honor
following his retirement.
Professor Lange is here
today, so please join me
in recognizing him and
his many accomplishments.
[APPLAUSE]
It is now my great
honor and pleasure
to recognize this year's
Lange Lecturer, Mark Lemley.
Professor Lemley is the
William H. Neukom Professor
of Law at Stanford Law
School and the director
of the Stanford Program in
Law, Science, and Technology.
At Stanford, he teaches
intellectual property,
patent law, trademark
law, remedies, antitrust,
the law of robotics and
AI, and video game law.
Professor Lemley is
unusual, in that he
is both a world-renowned
legal scholar and a leading
intellectual property lawyer.
We could be here
all day if I listed
all of his
accomplishments, so let
me give you a few highlights.
As a scholar, professor Lemley
is the author of eight books
and I think 175 articles.
It changes by day, so it's
hard to get a current number.
His work has been
cited over 270 times
by courts, including 15 times
by the United States Supreme
Court, which makes him
one of the five most cited
legal scholars of all
time in any field,
not just in
intellectual property.
As a lawyer, Professor
Lemley has argued
27 federal appellate cases--
which, indeed, is
another number which
may have changed
since I last checked--
countless federal
district and state cases,
and has participated
either as counsel or amici
in more than three dozen
Supreme Court cases.
He is also the founder of Lex
Machina, a startup company that
was acquired by Lexis in 2015
that provides data analytics--
litigation data and analytics.
When Professor Lemley and
I spoke about his visit
to duke to deliver
this lecture, he
warned me that the project
he'd like to share with us
is broader than simply
intellectual property law.
Instead, his topic is the
Balkanization of the internet.
I hope you'll agree
with me that we
are lucky to hear one of
the world's leading scholars
of intellectual property and
technology law share with us
his current thinking on a
topic that is critically
important to our time.
Please join me in welcoming
Professor Mark Lemley.
[APPLAUSE]
Thank you, Dean Abrams,
and thanks everybody
for being here.
John Perry Barlow, who was
honored with a symposium
here at Duke just last year,
famously wrote, in 1996,
what he called the Cyberspace
Declaration of Independence.
Governments of the
industrial world,
he wrote, you weary
giants of flesh and steel,
I come from cyberspace,
the new home of the mind.
On behalf of the future,
I ask you, of the past,
to leave us alone.
You are not welcome among us.
You have no sovereignty
where we gather.
John Gilmore, another famous
internet pioneer, in 1993,
coined the famous aphorism,
the net interprets censorship
as damage and routes around it.
Now, that was a long time ago.
It was so long
ago, in fact-- you
can tell it was a long time
ago because we haven't settled
on what we were actually going
to call the internet, right?
Maybe it was cyberspace,
maybe it was the net.
Infobahn was floating
around there at the time.
And these sentiments,
I think, sound somewhat
quaint by modern standards.
But it's worth
remembering or learning
that the internet of that day
was the underground pirate
alternative to where everybody
thought that information
technology was going.
The corporate and government
big boys had a plan.
We're going to build broadband
wires for an information
superhighway.
And the information
superhighway was
going to deliver
prepackaged content to you
in a one-way pipe with 500
channels of television.
And that was going to be our
technology connection, right?
Because the idea that
we might actually
want to share information
ourselves rather than merely
passively consume
it hadn't made it
into the consciousness of
the people who were around
building the technology.
The internet, by contrast--
what sort of supplanted
the information superhighway--
started as a niche
government-academic
project to allow academics
and military folks
to communicate together.
Indeed, it wasn't until 1986
that commercial entities were
even allowed on, and
then only if they
had some connection to DARPA
and the research agencies.
It wasn't until 1992
that they actually
had unrestricted access.
What became the private internet
started as a series of walled
gardens, a bunch of people who
wanted to get together in small
communities like the Whole Earth
'Lectronic Link-- the WELL--
or AOL, Prodigy, and CompuServe.
And what the internet did was
something quite remarkable.
It allowed people to connect
outside those walled gardens.
It allowed you to
interact with someone
who wasn't part of a
pre-existing community, who
wasn't geographically
near you, who wasn't
in the same community
of scholarship
and the same community
of thought with you.
And that connection turned
out to be extraordinarily
and unexpectedly valuable.
My thesis today is that the
internet is being Balkanized,
that we are returning
to walled gardens,
that those walled
gardens are both
a function of private companies,
but increasingly, they
are being created by
drawing national boundaries
around the internet.
I think this phenomenon
is already far along,
and there are powerful
forces behind it.
I also think that the
Balkanization of the internet
is a bad thing and that we
should stop it if we can.
Now, I'm going to
pause here and note
that there should be a
fairly heavy presumption
against my argument because
I am not the first person
to say that the internet is in
trouble and is going to die.
And this is not
even the first time
I've said the internet is in
trouble and is going to die.
The internet has shown
surprising resilience,
and so we shouldn't just
assume it's going to go away.
Nonetheless, I hope
to convince you,
in the next 30 or 40
minutes, that there
is a real problem
here and that we
should be concerned about it.
And one way to think
about that problem
is to take John Gilmore's
aphorism and reverse it.
John Gilmore says, in 1993,
the net interprets censorship
as damage and routes around it.
We have this
distributed network that
can avoid government
centralized control.
Today, I think it's fairer to
say that censorship interprets
the internet as damage
and routes around it,
that the government has,
in fact, figured out ways
to avoid or control
efforts of the internet
to get around its censorship.
So let me start by
trying to persuade you
that we are dividing the
internet as we speak.
Now, how can I say that we're
Balkanizing by the internet?
If you look around,
by all accounts
it's the giants of
technology who increasingly
run everything, right?
Google, and Facebook, and Apple
are everywhere in our world.
That sure seems like
centralization, not
decentralization.
Well, the first thing
to note is that that's
true for most of you because
you're in the United States.
If you look outside
the United States,
though, things look
very different.
So we worry in the United
States about decades-dominant
platforms, and I'm going to talk
about those platforms in a bit.
But those platforms
aren't actually
dominant in most of the world.
If you go to China, you will
not find Google and Facebook
at all, and you will not find
Apple as a dominant player.
The companies that dominate
the Chinese internet ecosystem
are WeChat, and
Baidu, and Tencent.
If you go to Russia, you'll
find Yandex, and not Google,
as the dominant company.
And I think, increasingly,
this is going to turn out
to be true in Europe.
Europe is a bit
of a special case,
and we'll talk more about it.
But Europe is targeting and
restricting US companies
on the internet for both policy
and mercantilist regions.
And I think that
they will end up
driving either separate European
internet companies and internet
technologies or perhaps
co-opting US companies
in ways that still end up
dividing the US experience
from the European experience.
And then if you look at the
rest of the world, what you see
is actually an ongoing
nation-by-nation competition
for who gets the internet.
And that competition is not
one that the US is necessarily
going to win, right?
To date, countries
like Brazil and India
have been primarily adopting
US technology companies
and US technology
platforms, though there's
reason to think that's
about to change.
But if you look at Vietnam, and
Thailand, Indonesia, Malaysia,
those are companies that are
buying into the Chinese model.
And the companies
that end up kind
of running the internet
in those countries
will increasingly be the Baidus
and WeChats of the world,
not the Googles and
Facebooks of the world.
That's also true, I think,
in many countries in Africa
and even Latin
America, where China
is building the
physical infrastructure,
and it's increasingly
easy for them
to also build the software and
technological infrastructure.
So whether or not we
have a dominant player,
many countries have
dominant private players
in the internet, but they're
not the same private player.
And it's not just competition
for what company runs
large aspects of your life.
It's instead, I
think, reflective
of competition about
regulatory models
that are going to determine
whether the internet as we
know it will continue to
exist in any given country.
So in the United States, we
largely listened to Barlow,
at least in the
1990s and at least
where the sacred cow of
intellectual property
wasn't at issue, right?
We let the technology companies
get largely free reign.
They end up
controlling your data,
and that's a potential
problem for many people.
But by and large,
people have been
free to post what
they want, and they've
been free to sort of share it
on whatever platform they want.
I think there's reason
to think that's going
to change in the current
political climate.
The US internet is
under a lot of pressure
from a variety of sources.
But if it does
change, it's as likely
to be in the direction of less
private filtering of content,
more first amendment protection
for hate speech as the reverse.
So the freedom, with its
good and bad aspects,
of the US internet, I think, is
and will remain the US model.
IP is a big exception.
US copyright industries would
like to shut down as much
of the internet as possible.
I think they've given up trying
to shut it down altogether,
but they would like to lock it
down to the extent possible.
One way they accomplish that
is through geo-blocking.
And increasingly, they
are being accommodated
by US tech companies
who are coming
to deals with the
copyright companies
to engage in various
kinds of filter.
In Europe, by contrast,
the content industries
and the government get
more and more effective
control over the internet than
they do in the United States.
IP is once again
a big driver here.
The copyright industries
in Europe are quite strong,
and the political leverage
that US tech companies have--
at least, until recently, had--
in the United States is
not present in Europe.
There is also, I think, a
kind of nationalistic bias
or Europe-centric bias
against US tech companies.
And there's much greater
concern with privacy in Europe
than there has been historically
in the United States.
And all of that has meant
that the EU is increasingly
seeking and increasingly
getting control over what
goes out on the internet.
They use that control primarily
for commercial or mercantilist
ends.
We want our newspapers
to be paid more.
We want control
over copyright law.
Sometimes they use it for
privacy for both good and bad
purposes, right?
I want companies not to
collect information about me,
but I also want to be able to
hide bad public facts about me
so that people can't
find out bad things
that I've done in the past.
Europe's also more likely
than the United States
to control various
kinds of hate speech,
whether it's kind
of Nazi memorabilia
or other information
that they find offensive.
But by and large, Europe
doesn't look radically different
than the United States.
In China and Russia, by
contrast, the internet
is effectively controlled by
the political arm of the state,
and that state is both
surveilling and locking down
speech they don't like.
You can't talk about democracy,
or Falun Gong, or Tiananmen
Square, or more recently,
Hong Kong elections on WeChat
or you'll just get
shut down, right?
That works because China has
built a set of censorship
systems that work with the
Chinese apps and software
that almost everyone
uses in those countries.
India is an interesting
example, I think, of a country
that has traditionally had
a relatively open internet,
but which seems to be moving
very heavily in the direction
of locking it down.
They shut down the
internet altogether
in Kashmir for several months
as part of a political attack
and crackdown on the
Muslim population there.
And that model, I think,
is increasingly likely
to be used in India.
It's also increasingly
likely to be
used by authoritarian
regimes around the world
or authoritarian wannabes.
These countries learned
from Arab Spring,
the power of technology
and potentially
fomenting a revolution.
And if you're an
authoritarian government,
you don't want a revolution.
So we need to be
able to control--
to lock down-- the
means of communication.
And we've learned from various
other examples-- from China,
from Russia, from India--
that we can shut down either
individual companies--
blocking Facebook until
they take down posts
we don't like, for
instance blocking Google
until they do various
things, or even
blocking the internet
altogether to prevent dissidents
from organizing.
And Iran, Turkey,
Malaysia, Brazil,
and various other Arab
countries have all
done this in one
form or another.
And Brazil, interestingly,
has announced its intention
to create a national, walled-off
internet on the China model,
almost explicitly doing
this sort of thing
that I'm talking about here.
Now, it's not just local
regulations' differences
in kind of
governmental approaches
that are leading to
different software
in different countries.
Rather, I think
it's increasingly
hard for foreign internet
programs or applications
to penetrate local markets
as a structural matter.
Russia, for instance,
has blocked LinkedIn,
is requiring local
Russian apps to be
loaded on all smartphones,
and is, indeed,
writing its own
Wikipedia, right?
It doesn't like the fact
that, hey, just anybody
could come and give
information to the world.
We want our citizens to see our
government-vetted and approved
information.
China, I think, hasn't
written its own Wikipedia,
but it has effectively achieved
much the same result by banning
Facebook and Google-- unless
they complied with local
censorship, laws which kept
those then out of the country--
and encouraging the
development of alternatives
like Baidu and Tencent, which
are, because they are local,
because they are Chinese,
ultimately beholden
to the Chinese government.
It's not just China
and Russia though.
How many people here
have used the TikTok app?
That's fewer than I
would have thought.
People younger than you
are using the TikTok app.
[LAUGHTER]
But you may not be
using it for long,
because the US is on
an active campaign
to shut down TikTok
because TikTok is owned
by a Chinese parent company.
And if it's owned by a
Chinese parent company,
the US government fears they
must secretly be spying on us.
Now, I don't know
whether they are, in,
fact secretly spying on us.
I'm not sure that
if you actually
saw everything
Americans were doing
on TikTok that you would gain
much of great social value.
But the worry, I think--
the point, I think, is
that this is not merely a,
hey, authoritarian
governments are using
this to lock down the internet.
The US is responding in a
number of cases by saying,
we don't want foreign
apps on our soil,
making it harder
for them to act.
Europe, as I mentioned, is in
an interesting middle position
because it doesn't have its own
software companies for the most
part, in part because of
its less permissive attitude
towards the early days of
the internet and development.
Most of the technology
companies that developed
developed in the United States.
But it's the largest
market in the world.
And as the US increasingly
abandons any pretense
of global leadership,
it increasingly
controls the way US
companies work either
by setting a standard
that others follow--
passing something like
the GDPR on privacy,
which then gets copied in
California in their Privacy
Act--
by insisting on imposing
its rules worldwide--
our GDPR rules apply not
to European citizens,
not to transactions in Europe,
but to any company that
does any business with
folks in Europe, which
is almost any company--
or by prompting
Balkanization more
explicitly within a company,
by driving location or blocking
and saying we don't care what
your US consumers experience.
Here is what everyone
in Europe has to see.
[? Anu ?] Bradford has
gone so far as to say,
the EU rules the
world at this point,
not because it is
the most powerful,
although it does currently
have the largest economy--
it was about to get
smaller with Brexit--
but because it has
the regulatory will
to use that economic
power to try
to tell other people what they
have to do, at least in Europe.
And that increasingly, , then
gets adopted by companies
as a practical matter as
what they do in the rest
of the world.
So not only, I think, do
people go to different software
and go to different experiences
in different countries,
the same software is
customized for location.
And what that means
increasingly is that the promise
of the internet-- we get
to communicate with people,
we get to share information
and experiences with people all
around the world--
is being cut short.
The news you see, the facts
you see, even the maps
you see change depending
on where you are,
whether because
they're being produced
by different companies,
whether because they're
required by different
countries to do it,
or whether by the
same global company
giving different information
to different people
because the
governments demand it.
But it's not just software.
Increasingly, hardware is,
itself, being nationalized.
Now, some of this
is market division.
The iPhone is the dominant
device in the United States
and in most of the rich
commonwealth countries.
US, UK, Canada, Australia,
New Zealand, and Japan, iPhone
is the dominant iPhone.
Those are the only countries
in which the iPhone
is the dominant phone.
In the rest of the world,
some phone from the Android
ecosystem is the dominant
phone, and iPhone shares
are actually quite small.
Indeed, it has less than
1/3 of the overall market.
So that could be
consumer choice, right?
IPhones cost more than
a lot of Android phones,
so maybe they're more likely to
be purchased in rich countries.
But that's not all of it.
With the exception of
Norway, nowhere in Europe
is the iPhone dominant.
But it's going to become
an increasingly significant
problem.
The US is currently
in the process
of banning Chinese
phones from the market.
Huawei and ZTE phones
are viewed as a security
risk, much like TikTok, right?
We want to try to keep them out
of the US market altogether.
We are pushing Europe--
so far, unsuccessfully--
to do the same, to say don't
buy any Chinese phones.
The US has even objected to
the presence of Huawei router
equipment on private
land sufficiently
near a US military base in
a foreign country, right?
So we not only don't want
Huawei phones or technology
in the United States or
on US military bases,
we don't want them within
a certain geographic range
around a US military base.
As part of this policy, the
US is affirmatively engaged
in a kind of mercantilist
battle to try
to promote Qualcomm
and Qualcomm's
chips over alternatives.
The US government filed a brief
challenging the Federal Trade
Commission-- a different branch
of the US government-- saying,
we have to let Qualcomm hold
on to a monopoly on chips,
even though they're
violating the antitrust laws,
because to do otherwise would
violate national security.
If we let anybody buy
Qualcomm had build the chips,
who knows what's going
to be in those chips?
They could have spyware,
they could have bad stuff.
They won't be US companies.
US refused to allow Broadcom to
buy Qualcomm because Broadcom's
CEO is based in Singapore.
And the US said, well, wait
a minute, right now, we'd
have ultimate control
over the chip company
because they're based
in the United States.
If they're based
in Singapore, who
knows what could happen, right?
The Singaporean government
could impose restrictions
or requirements on what
this chip company does
or, conversely, the US
would be less able to impose
those requirements.
So this isn't something
that's going to go unanswered.
If you say to China, sorry,
none of your companies
can participate in building
phones for the next generation,
if you say to Singapore,
sorry, none of your companies
can participate in building
chips to go in those phones,
we'll see similar responses.
China is building a 5G
network, and it's not just
building it in China through
the Belt and Road Initiative.
It's building it in Africa,
and Latin America, and Asia
as well.
And that 5G network may well
reflect incompatible standards
with the US 5G
network because we
are going to build different
hardware systems that
don't talk to each other.
This is something we used to
have in the early days of cell
phones--
GSM versus CDMA technologies.
It's something we used to have
in the early days of software.
You couldn't actually
read files from an Apple
if you were on a Windows
computer and vice versa.
But it's something
we've gotten away from,
and I think to
everyone's benefit.
It looks like we're
moving back there.
Now, some of this is justified
by worries about foreign
spying, but I think it's at
least as much justified--
both in the US and in China--
by a desire for domestic spying.
So it's worth remembering
that the US has
a pretty comprehensive
surveillance
infrastructure in place.
Anybody remember Ed Snowden?
The world has kind of--
[INAUDIBLE] sufficient
shocks in the world
that we kind of
forgot about that one.
But it is the case that we
have built and are trying
to maintain quite a significant
electronic surveillance
mechanism.
The FBI has, on several
occasions-- including,
most recently, this month--
tried to prevent private
companies within the United
States from engaging in
effective encryption.
They've tried to block
Facebook from doing
end-to-end encryption
on WhatsApp.
They have tried to
force Apple to put
a backdoor into their
phone so that when
something bad happens,
the FBI has the ability
to unlock that phone.
That's a battle that has been
going on for a long time.
The few people in
the room as old as me
might remember the
Clipper chip of 1995,
which was the last time
the US government said,
we need to build a
backdoor in the internet
so that the FBI can see and
read everything you're doing.
It was unsuccessful, at least
as a hardware technology--
though it might have
worked at the NSA.
So I think at most
what we could say
is the historically pervasive
US communication software
surveillance is used in
the service of a less
repressive agenda here
than it is elsewhere.
I hope that will remain true,
but I'm not sure that it will.
And at a minimum, even if you
still trust your government
to always do the right thing,
the rest of the world doesn't.
And that means that if we're
going to insist on US ships
with US surveillance
built in and China
is going to insist
on Chinese ships
with Chinese
surveillance built in,
companies and countries
are not automatically
going to choose the US as
the lesser of two evils.
The software differences
I think are bad enough.
But once internet hardware
is country-specific,
this becomes harder
and harder to undo.
And devices are built
by national network.
Chinese phones work with
Chinese software apps in China,
US phones work with us
software apps in the US.
It's easier.
It's more logical to optimize
the software for that hardware
to run incompatible software
because it works well
with all the other
folks I'm communicating
with most of the time
who were in my country.
So we're not just
experiencing different things
on the same network.
Increasingly, our
devices may not
be capable of inter-operating
or even seeing the same things.
And even the backbone of
the internet itself is not
immune from nationalization.
So the internet has always
been international and global.
In part, though, that's just
kind of a weird accident.
The US was the de facto
custodian of the internet
because the companies that
administered the backbone
happened to be located
here, because it was first
built here.
And we have traditionally
been the laissez-faire country
when it comes to the internet,
but that effective freedom is
changing.
There are increasing moves by
companies and internet service
providers to filter malicious
sites at the DNS level
so that they are never
accessible at all, even
on your server system.
Not that you just don't
see them on your device,
your corporate server
never sees them.
We pretend that that site on the
internet simply doesn't exist.
If you try to send
a message to it,
you will not get a response.
And of course, "malicious sites"
depends on your perspective.
It could be and often is
cybersecurity hacking,
phishing scams, and the like.
But it could also be
porn, or democracy
in Hong Kong that's viewed
as a malicious site,
depending on who is deciding
which parts of the internet
you get to see.
Other ISPs insert
their own advertising
for non-existent pages.
So if I tried to search for a
page and it doesn't show up,
the ISP sort of pretends
there's a page there,
and it gives it advertising.
And of course, hackers try to
attack the internet routing
system altogether, substituting
a malicious page for the one
the system expects to find.
In any event, the DNS system is
not officially a US phenomenon.
And even unofficially, its
de facto control by the US
is shrinking.
We passed control
from the US government
to a private, non-profit
organization called
ICANN a couple of decades ago.
ICANN is a sort of dubious
custodian of the Domain Name
System.
Their current project
is to sell .org,
the non-profit top level domain,
for $1 billion to for-profit
companies who will presumably
then not do anything
profit-making with it,
but it seems unlikely.
But even if you thought ICANN
was fine and ICANN is based
in the United States, so is
nominally subject to US law,
many countries are pushing to
take control of the backbone
away from the US altogether,
putting it in the hands
of the United Nations through
the ITU or, practically,
more likely giving each country
control of its own top level
domain so that UK governments
would actually have control
over the parts of the DNS server
that point to .uk and the like.
And if you do that, that
makes political shutdowns
or diversions a lot easier.
And indeed, various countries--
including, unfortunately,
the United States--
have made efforts to
interfere with the DNS routing
for political purposes.
Internet shutdowns
in Iran and Turkey
were done by basically
rerouting or turning off access
to the outside world.
In the United States,
nearly a decade ago,
we proposed legislation
called SOPA and PIPA that
would have enforced US
copyright law by literally
making the sites that infringe
invisible to the world.
The DNS servers simply
would not return a result,
and any internet
service provider
would be forced to pretend to
you that those things didn't
exist--
not tell you they're infringing,
not take down the sites,
but pretend that they
did not exist at all.
SOPA and PIPA died because
an unprecedented number
of internet users
rose up against it
en masse to protect
the internet.
But I'm not sure
that people have
the same love for the internet
in 2020 that they did in 2011.
And it's worth remembering
that even the very backbone
of the internet-- this DNS
routing system-- is fragile.
And the DNS system
that makes it work
is literally
controlled by 14 people
who hold seven sets of keys.
And they have to agree on, yes,
this is a canonical router.
They're sort of the
early blockchain.
I guess id the way to
think about it, right?
If we all agree this must
be the canonical router,
if you can change that--
if those computers
change their DNS entry
or even if they start to
disagree-- we no longer
see the same things
on the internet.
Not that they're blocked, right?
It's someone with
control over a DNS server
can literally create their
own version of the internet
that everyone who relies
on that server will assume
is the canonical one.
So I think we're
losing the internet.
We're replacing it with the
splinternet, a Balkanized
set of computer protocols
that increasingly differs
by company and by country.
That's not a good thing.
Now, you might not like some
aspects of the internet.
Some aspects the internet
are pretty horrible,
and different countries may
want different things from it.
They may want to regulate
it in different ways,
they may want it to
do different things.
But it's improved the
world in all kinds of ways.
Some of those are economic.
Estimates that worldwide
data flow over the internet
is now 10% of global GDP.
10% of all the
money in the world
is basically attributable
to internet traffic.
Some of them are
lifestyle, right?
Our phone improves our lives
in ways we don't think about
because we're not lost
in a foreign country
or we don't speak the language.
We have a map that will
get us where we want to go.
We're not stuck on the highway
with a flat tire and no way
to communicate to
anyone about that fact.
We're not sitting
in a restaurant
waiting for a
friend who canceled
or debating some arcane
fact with our friends
without a device in our
pocket capable of accessing
all of the world's information.
Those are-- and for
most of my lifetime,
you did not take those
things for granted, right?
These are things
that became available
because we have access
to this intersecting
universe of information.
And most of those benefits
involve connection
and the ability for
systems to work together
across multiple countries,
across multiple languages.
And that's why the internet,
and not prodigy or CompuServe,
is the thing we use today.
Balkanization means
it's harder for people
to share experiences
across countries.
Paul Ohm and Jack Goldsmith have
said, you know what, that's OK,
because we want different
countries to have
different rules.
And they should be able
to regulate the internet,
just as they should
be able to regulate
any other part of their world.
But I think we lose something
real when we do that.
It takes away the ability to see
what the rest of the world has,
how the rest of the world
thinks, and that's a loss.
I think it's a loss
for us, but it's
a real loss for people
in repressive regimes
who can look to
the outside world
for hope, for inspiration
to demand change,
for the means of
facilitating that change.
If we take that
away, we take away
freedom for a substantial
number of people.
It also means it's easier
for repressive governments
to shut down outside access
altogether-- as Iran has,
as India has in
Kashmir, to prevent
a rise or a reprise of Arab
Spring, as Turkey has done.
And even if they don't shut
down the internet altogether,
those countries get much
more significant control
over the companies
who are providing
the information to you because
those companies are local.
Google can tell China to
pound sand, and it did.
Medium can tell
Malaysia to pound sand,
and it did when they were
told to censor content
that they didn't like.
Baidu can't do the same with
China because Baidu is China.
Furthermore, nationalized
surveillance-enabled systems
aren't just enabling
government repression,
they're also a cyber
security nightmare, right?
Collect all of
the sensitive data
about what people are
saying, what they're doing,
what their accounts look
like in a government system,
and that government system
will be hacked, right?
I guarantee it.
The more valuable the
data they collect,
the bigger the targets they are.
And we've built not just our
political and our social polity
and conversation
into the internet,
we've built many of our
most important systems
around the internet
backbone, right?
Your banks, your
power companies,
various things that we depend
on for the infrastructure
of modern civilization are
built into a network which
we are increasingly making a
national, hackable, surveilled
system.
And the idea that governments--
foreign governments
or US government-- will
have more control over them
is troubling.
The worst thing
to me, I think, is
that I think the
way we're losing
the internet parallels
the way we're
losing the project of
globalization, which,
for me, is something valuable.
We're replacing it with a
particularly authoritarian form
of tribalism In countries
around the world, in the US,
in the UK, in China, Russia,
India, Brazil, Turkey, Hungary,
the Philippines.
Name country after country,
where the future seems
to be not reaching
out and interacting
with the world around
you, but autarkies, kind
of boundary creation around your
race, around your nationality,
and so forth.
So one of the places
you might want
to turn to try to do
something about this, which
is sort of international
law and international norms,
it's not obvious how
effective that's going to be.
So that brings me
to the last part
of the speech, the part of
the speech where I tell you
how to solve the problem.
Unfortunately, I don't
have great ideas,
I've got to tell you.
I have a few tentative
thoughts which I will give you,
but I do not have a solution for
what I see as a major problem.
Nonetheless, here
are four suggestions.
First, promote technologies
that are resilient to government
censorship.
End-to-end encryption
of phones and messaging
is a good start, right?
We ought to be building it
into all of our systems,
and we ought to be using systems
only if they are, in fact,
encrypted.
Blockchain-based
technologies can
allow persistent pseudonymity
so that you can actually
interact with a person, know
that you are interacting
with them without having
to kind of identify them
and know who they are.
VPNs-- Virtual
Private Networks--
can allow tunneling
through national firewalls
to give you access to other
people's internet experiences.
I think we need to fight
backdoors wherever we can,
not just when
China imposes them,
but when the US tries to impose
them on Apple phones as well.
So right now, many of these
technologies are fringe, right?
If you use blockchain,
there's probably something
wrong with you, right?
Maybe you're a drug
dealer or you're
engaged in sort of high level
copyright piracy or something.
We often associate these fringe
technologies with criminals.
But that was once true of
standard SSL encryption.
And the US tried to
block standard encryption
from internet
chips back in 1995.
Now it's standard, right?
Now you wouldn't want to
go give your credit card
number to somebody, much
less a bank with them,
if they didn't actually
have a secure transaction
with a standard encryption.
That was once considered a dead
dangerous fringe technology
that was going to allow
criminals to get away
with all sorts of stuff.
Widespread adoption of these
technologies of connection,
I think, makes
Balkanization harder.
And at a minimum, we shouldn't
be making them illegal,
either directly or through
regulation via indirect devices
like copyright
anti-circumvention--
like saying that, hey, you're
facilitating a bad act by being
anonymous, by being encrypted,
and so we need to stop you.
Second, I think we ought
to resist, as individuals,
hyper-personalization.
We ought to resist device
and software specialization
by private companies, just as
we had a resistant by countries.
Google, Tencent,
Apple, and others
want to keep you in
their ecosystem, right?
They want to send
you from their search
engine to their pet systems
because the longer they
can keep you in the ecosystem,
the more information they
can learn about you,
the more opportunities
they have to sell you things.
Venture outside.
Don't use software
only from your country.
Don't use software all
from the same company.
That's already, I
think, a push away
from the walled gardens
at the private level.
Third, at a legal level, I think
we ought to promote open APIs--
Applications Program
Interfaces-- both as a business
and a legal matter.
Companies want to create
those walled gardens.
They want to regulate who can
see in over the wall, who can
get access to that information.
The law has not
traditionally let them,
but a number of legal tools,
including the Computer Fraud
and Abuse Act and copyright
law, have been used increasingly
to try to prevent
interoperability--
to prevent me from making a
software program that actually
allows Facebook users to share
their data across Facebook
and other platforms, right?
And that might allow the
building of an alternative
to Facebook.
Now, there are
arguably good reasons
why you want to prevent some
of the sharing, sometimes
justified on privacy grounds.
Although, I have to
say that the idea
that Facebook is
out there protecting
your privacy by
preventing you from using
a cross-platform app-- which
was the argument they made
successfully in Power
Integrations versus Facebook--
is a bit far-fetched to me.
But lack of open interfaces
means concentration
of private economic power.
It means we all end
up in the same system.
And that, in turn, means
a central choke point
governments can target.
And that leads me
to the final point,
which is we ought to be looking
for mechanisms to promote
vibrant competition
in internet platforms.
We have stifled the sort of
Schumpeterian competition
that has driven
the tech industry
for the last several
years, in which kind of one
company comes up out of
nowhere and displaces
the dominant market company.
That hasn't happened
for a long time, right?
If you look at the
dominant companies--
Google, Facebook,
Apple, Netflix--
they're old, right?
None of them are less
than 15 years old.
Most of them are more
than 20 years old.
That's a long time in the
tech industry to be dominant.
I have a whole separate paper
on why that might be the case,
a paper called Exit
Strategy, which
talks about how we've built
the tech industry-funding
mechanisms in such a way that
encourage people not to build
their company into the new
Google-killer, but to sell out
and to sell out to the
incumbents-- to Google itself.
But for whatever mechanism,
I think we need competition
in platforms, right?
Because if you lose choice,
it becomes much easier
to think of your internet
provider as your regulator.
It becomes much easier for
governments to regulate.
So I think we need more
robust antitrust law.
We also need to rethink the way
we fund startups and rethink
the way we sort of
drive technology--
not to consolidate, not to
sell out to the big company,
but to drive the company that
will replace that big company.
So I think these are good ideas.
I also don't think
any of them are
going to get us Barlow's free
and independent internet.
It probably never existed.
But the internet took off in
the 1990s as an alternative
to the official government,
corporate information
superhighway--
the idea of 500 channels
of TV is a push medium.
W got the 500 channels,
but we got a lot more.
I think we should fight
hard not to give it
up for an information
superhighway,
particularly one
that's controlled
by our national governments.
Thank you.
[APPLAUSE]
Questions?
AUDIENCE: This is regarding
blockchain, and specifically
Ethereum.
So one of the theories is that
you can have smart contracts.
So people like
[INAUDIBLE],, there's
about 10 companies [INAUDIBLE]
for electronic health records
and genomes [INAUDIBLE].
And this will deal with
a lot of the problems--
the cyber, the
income inequality,
and the piracy, but
not job displacement.
So if you have smart contracts
and micro-payments [INAUDIBLE]
the more I learn about
Ethereum and blockchain,
the more confused I get.
MARK LEMLEY: [LAUGHS]
AUDIENCE: Jamie
Dimon, [INAUDIBLE]
now he has [INAUDIBLE] $5
million department dedicated
just to that.
MARK LEMLEY: So you're not alone
in being more confused the more
you learn about blockchain.
And I confess that my
knowledge of blockchain
is an amateur's
knowledge of blockchain.
So it seems to me there are
kind of a couple of pieces
to it, right?
One which captured everybody's
attention is the money bit--
bitcoin and all of the
other money pieces.
But that was always the
tail wagging the dog, right?
So blockchain, as
I understand it,
the concept is we can have a
secure ledger that tells us
whether or not you are, in
fact, the owner of this property
or whether or not this is
actually an accurate form
of your medical records
without having a single,
canonical source-- which is
one of the things I say we
don't want--
if we create a network and a
set of incentives for people
to basically approve or agree
on any changes to that ledger.
But they've got to have
an incentive to do that.
And so we created this
concept bitcoin basically
to give people an incentive
to spend their time and money
verifying their ledger.
And then the coins kind of took
off and became their own market
in ways that might or
might not be sort of
helpful to the overall project.
My sense is that there
are transactions for which
a blockchain makes sense.
And there are transactions for
which a blockchain does not
make sense.
It is computationally expensive,
it's energy-expensive,
and it's time-consuming
to identify and verify
any change in a
ledger transaction.
So I don't think you want
it for stock exchanges,
for instance--
for anything where
there's a high
velocity of information
moving back and forth.
But it might be
useful for things
that we don't want to change
at all, like our DNA sequence,
or things we want to change
only vary infrequently,
like the title deed
house or our car.
And so, there, you might
have the ability to say,
here's a way to kind of
actually verify and guarantee
information.
And one of the
benefits of that way
is that it does not
have to be in the hands
of a central register, which
is either a government entity
or is subject to seizure or
control by a government entity.
And it might be private.
It might be something
that I can sort of put
in a circumstance-- put in a
blockchain in a way that allows
me to guarantee that no one
has played with my DNA sequence
information, that it's
still accurate and intact,
but without sharing to
anyone whose DNA sequence
information it is.
So I think there are
problems it solves.
I agree with you that it
doesn't solve every problem.
And I worry a little
bit, honestly,
about the energy costs, right?
The way the way we
paid for it turns out
to be really clever, but also
maybe not cheap as we scale up
blockchain to lots and
lots of different things.
[AUDIO OUT]
AUDIENCE: --tunnel through
some of these systems
[? with ?] one
possible solution.
And I'm wondering
if the current kind
of default of the
Onion Router network,
and Tor, and all that--
is that threatened by
these hardware changes,
or how do you think that
might need to change to become
this sort of backup internet?
MARK LEMLEY: Yeah.
Yeah, it's a good question.
I don't know enough about
the technology of what
the next generation--
what a Chinese or even
the US 5G internet looks
like-- to know kind of how
much of a threat there is.
But I think there is
a risk there, right?
I think the countries
that would like
to have a national internet
would like to then shut down
at least sufficiently large
or sufficiently prominent
ways around that firewall.
And so they'd like
to shut down Tor.
So I don't know whether or
not there's a feasible way
to build a restriction into
Tor into the next generation
of the Chinese
architecture, for instance,
but I'm sure they're
going to try.
Now, the good news
about encryption,
historically, is that it's been
asymmetrically hard, right?
It's easier to make
your encryption
better than it is to tackle
your encryption on the backend.
Ask me in 10 years whether
we have quantum computing
and whether that changes, right?
But so far, at least,
that's held up pretty well
for 25 years.
So that's a somewhat
encouraging sign
that you might need
better and better VPNs,
but that, so far, they've been
able to outrun the alternative.
Jamie, were you on this?
AUDIENCE: [INAUDIBLE]
Solutions I
was thinking about the
paradox or difficulty
that Google faced in persuading
people to adopt an operating
system for non-Apple phones.
And one of the brilliant
things they do is to say,
we're going to make
this open-source.
So we are blinding
ourselves that you
won't be able to use it,
and change it, and do
what you want with it.
It's a pre-commitment mechanism.
We can't suddenly
say, once you've
built your phones around
our system, oh, by the way,
we've changed your
mind and [INAUDIBLE]..
Either [INAUDIBLE]
equivalent things--
equivalent product
features, almost--
that the United States
or Western countries,
or liberal democracies could
build to an open set networks
standards such that they
would [INAUDIBLE] attractive
because everyone's going to need
some set of standards, right?
But as I was listening
to your talk,
all of the things that
you think are features--
end-to-end encryptions,
difficulty of control,
et cetera--
would seem like bugs to
many [? countries. ?]
If you flipped it
around and said,
and to what extent could
[INAUDIBLE] features
[INAUDIBLE]?
MARK LEMLEY: Mhm.
Yeah, and, actually, open-source
is, to me, a great example,
right?
Because that actually
is an attractive feature
for a lot of countries, in
part for financial reasons
and in part for
historical reasons, right?
So a lot of countries
will look at this
and say, well, this is a
way out of kind of dominance
by the US software paradigm.
It's cheaper for our government
to get open-source software
than to go buy it.
people can sort of
work on it here.
I think open-source is
complicated in various ways,
right?
So it might depend a little
bit on what open-source license
you use.
One risk is the forking risk.
And the governments might
well, say, yes, we're
going to adopt this lovely,
open-source platform,
and then we're going
to sort of fork it
in a way that gives us
surveillance control.
Now, the fact that
they are at least
legally obligated to
release that code out
to the rest of the world helps
because it might make it easier
to get around.
It might be easier
to know what it is.
So I think open-source
is actually--
I'm going to take that as
a kind of useful suggestion
on the list.
There are other things
that are at least signals.
So one of my favorite examples
is the warrant canary.
So in the FISA Act,
the US government
gets to come and ask
for national security
wiretaps and surveillance.
And you are not allowed to tell
anyone that the government has
asked you, even after the fact.
So somebody came
up with the idea
of a warrant canary, in
which every month they
say, hey, guess what,
this month we were not
asked by the government to give
over your private information.
And then if they're asked, well,
they just don't say anything.
Draw your own conclusions.
So there may be
there may be things
like that that sort of like
build in-- that you could build
into technology that at
least sort of signals
or identifies the
existence of surveillance,
identifies that data
is being altered,
that it's being snooped, right?
That doesn't make
the problem go away,
but maybe highlighting
the problem helps.
I'm somewhat less confident
of that after Snowden
than I was before because I
actually thought that that
would change more than it did.
But is at least better
than not knowing
that you're being surveilled.
AUDIENCE: [INAUDIBLE].
You identify the problem,
at least as I understand it,
as a problem of representation,
state government, democracy,
even, autocracy.
But the solutions are mainly
focused on tech, right?
So the way you identified
the problem is essentially
that state government
has overcome technology.
And the promise of
technology being
able to get around government
really has not worked.
But then the solutions
are all about tech
and not about government, and
democracy, and representation,
right?
So there seems, to me, to be
sort of like a mismatch there,
or at least, I
perceive it to be.
So I wonder [INAUDIBLE] that.
MARK LEMLEY: Yup.
Yeah, I think-- so I would love
to see political solutions.
What troubles me is that the
political solutions are going
to be effective precisely
in the countries
that need them the least--
that a country that actually
wants to sort of control
its population, censor
its population is
one for whom we're not going
to be able to get a law
passed that sort of
restricts that ability.
And so I kind of mentioned
a little bit the idea
of kind of international
law and international norms.
And I don't mean to
dismiss that entirely.
I do think there has
been, historically,
some signaling value, if
nothing else, in saying,
hey, what you're doing
here is a violation
of a well-established
international norm.
I just worry that,
in the modern world,
we're not going to see
those international norms
and that if we see them,
maybe they're not actually
the norms that we want--
that if you actually got all the
countries to sit down and vote
one-by-one in the
General Assembly,
we might actually vote for
a kind of restricted, locked
down, national internet,
whether or not the people
in those countries
would benefit from it
because the governments
would benefit.
So that's not to say that
we shouldn't have them,
we shouldn't try
for them, but I'm
nervous about how
effective they will be.
And so one of the reasons
I aim for tech solutions
is because I'm
interested in trying
to see whether there is a way
to build an internet that,
in John Gilmore's words, treats
censorship as damage and routes
around it effectively in a
way that we did 30 years ago.
[AUDIO OUT]
AUDIENCE: --last
remarks called to mind
this development in Europe.
At the time of the
[INAUDIBLE] copyright
treaty, the big
governments [? getting ?]
all geared up to police the
internet and [INAUDIBLE]..
And that was voted down, and
we got the notice to take down
[INAUDIBLE] that has
worked incredibly well.
And now, as you
know, the Europeans
have decided to change that,
and we now have the filtering.
And your talk, that
filtering requires
a potentially [INAUDIBLE]
[? significant ?]
characterization that I
hadn't fully realized.
So I think this is something
we really need to think about.
MARK LEMLEY: I
think that's right.
I think it's bad
on its own terms.
I think the European copyright
directive from last year
is a really bad idea, as
a matter of copyright law.
But I also think once you
establish the principle
that every internet company
must read through everything
you do and filter for a
really complex set of tasks
to make sure that there's
not bad stuff out there,
it's pretty easy to add to the
list of the bad stuff, right?
Sure, we should add--
clearly, we should add
child pornography, right?
Everybody agrees that's bad.
We ought to add terrorists
and terrorist-sympathizing
messages.
That's all bad stuff.
And then everybody's going to
have their own list of what's
bad, right?
And you, tech
companies, will all
have built the
technology for control
because you had
to do it in order
to survive copyright
law in Europe if you
wanted to sell your cellular
technologies in Europe.
Yeah?
AUDIENCE: [INAUDIBLE] question.
Do you think--
I forgot who it was that said.
I think maybe John
Perry Barlow [INAUDIBLE]
information [? and ?]
wants freedom for all.
Would you say that
information is freer now
than it was when he
spoke and freer then
than it had been before?
MARK LEMLEY: So that's
an interesting question.
I think the answer is,
yes, that it is freer.
Yeah.
AUDIENCE: [? What that, ?]
then, makes me think about
[? in turn-- ?] and again, I
really want to come back to you
with this one--
is, why?
And I have my own
thought about why.
But if that's so, what
makes you think so?
MARK LEMLEY: Yeah, so I
think it's a hard question.
So [INAUDIBLE] there is,
right in the open-source line,
free as in free speech versus
free as in [? free-beer, ?]
right?
And maybe it's freer
in both senses, that
is, it might actually be less
expensive in many respects
to have access to information
than it used to be.
But I think it also might
be that sort of there
is more communication of
information from more sources.
I worry that we're reversing
that trend right now,
which is one of the
things that concerns me.
But I think the internet has
been a dramatic expansion.
And to me, the
reason is precisely
because it wasn't the
information superhighway,
because it was not, here
are the canonical providers
of information, and they will
give you the information,
and you will
passively consume it.
It was because the providers
of information are all of us,
right?
It's everybody who
posts on YouTube,
it's everybody who
posts on a blog, right?
We made all of us creators.
That's got some
bad sides, right?
There's a lot of
misinformation out there.
There's a lot of sort of
political polarization
that arguably can be traced to
letting a bunch of people talk
who were otherwise
keeping quiet.
But I think it does give us
more access to information,
and it gives us the
tools to learn more
and to try to figure out
more easily what's right
and what's not, whether
we use those tools is
a different question.
[AUDIO OUT]
AUDIENCE: --just offer one
more thought, or maybe two
depending on how
much time we have.
Here's the next thing
that occurs to me.
It seems to me that
what you've done today--
and I think it's been
a magnificent lecture--
is lay out the ways in which
the idea of a free internet has
been subjected to a kind of--
in some ways, predictable,
but nevertheless--
an intriguing set
of resistances.
Not just one
resistance, but actually
a number of them because
they're not all the same.
The character of the
resistance doesn't even
spring quite from the same
impulse, it seems to me.
Does that sound right to you?
MARK LEMLEY: I agree with that.
AUDIENCE: Now.
What strikes me is that,
meanwhile, the resistance
is failing.
And if we look at the
resistance and we ask ourselves,
how baleful are the prospects
posed by that resistance,
the answer may very well
be, not as much as one
might imagine if you
concentrate primarily
on the resistance rather
than the ineffectiveness
of the resistance-- which
seems, to me, to be substantial.
MARK LEMLEY: So I
hear you, right?
And so start with
the original premise,
which is that we are better
off than we were 30 years ago
before the internet, right?
So we've moved in
the right direction.
To me, the question
is, does that
mean we will continue to
move in the right direction?
And I am worried
that we are not.
I am worried that we are at an
inflection point in which we
are increasingly going to be
trying to lock down information
because a bunch of
different entities
have interests that end up
coalescing in locking down
that information.
I would be delighted
to be wrong.
AUDIENCE: [INAUDIBLE]
MARK LEMLEY: Please.
AUDIENCE: [INAUDIBLE].
Years ago, Henry [? Mayne, ?]
who was then a professor
at Harvard, studied the rich
system of the Middle Ages.
And what he said that has stuck
with me ever since I first
read it is that when you
look at the rich system,
it is clear that the
substance of the law
was [? secreted ?]
[INAUDIBLE] of the rich.
The rich have disappeared,
but the growing evolution
of the law has expanded,
and expanded, and expanded.
It seems to me that,
probably, John Perry Barlow
was not quite right when he said
information wants to be free.
And what I suspect [INAUDIBLE]
have been more accurate to say
is that opinion
wants to be free.
But I think that the freedom
of opinion, opinion freedom--
and that's not necessarily
a comfortable thing--
may actually be freer and may
be very difficult to resist
effectively.
Even though, from
time-to-time-- and now is one--
we may have good reason
to share your pessimism
about the direction
in which we are going.
The rich system has disappeared.
I think that procedure
probably is always subject
to [? over-mastering ?]
by the substance.
And there it seems to
me is the relationship
between the internet
and the things
that we might hoped
before an internet offset
in a particular by
something that--
I really will stop--
by texting.
I am fascinated
by texting, which
you glanced on, but really
haven't discussed directly.
Texting strikes me as
having the effect of really
quite dramatically changing
the way we actually
think about each other and
the way in which [INAUDIBLE]..
I'm done.
MARK LEMLEY: OK.
Lots there, and
then I will be done.
So the short version
is I hope you're right,
but I fear that you're wrong.
I think procedure matters more.
It's not the substance
doesn't matter,
that it can't take
over procedure.
But I think a lot
of the reason we
have the kinds of conversations
and dialogues we have today
is because we built a
procedural mechanism that
made that feasible.
And if we hadn't built that
procedural mechanism-- you're
right, texting changes the
way we think, but so does
the idea that I can
upload anything I want,
that I can sort of put up a
video and say, oh, well, here's
an idea that I
hadn't seen before,
here's my own thoughts
about the world.
And people can watch it or not.
That is a [INAUDIBLE] talked
about technologies of freedom,
right?
That is potentially a
technology of freedom.
But I think it doesn't have
to be a technology of freedom,
right?
Because the information flow
can go in multiple directions,
you need a government
sufficiently willing to crack
down on you for what you say.
But there are those
governments out there,
and there may be
more of them than you
think because "crack
down" might not just
mean put a million Uighurs
in a concentration camp
and re-educate them
until they believe China.
But it might mean,
well, you know
what, people who think
what you think actually
are more likely to
default on their loans,
they're more likely
to misuse guns.
And so maybe various
other aspects of your life
should be affected
by these things
that we have learned about you.
So I don't think there is--
I don't think we can sort of
get out from under the idea
that the government will have
access to this information
and bad governments will
make use of this information.
But I think we can build
the procedure-- build
the technology-- in a
way that makes it harder
for them to do so, while
still getting the benefits
that we got from allowing
many-to-many communication.
And with that, I will stop.
Thank you.
[APPLAUSE]
