“Code is law” is one of those annoying phrases which is repeated a lot by folks in cryptoland who (a) don’t actually know where it comes from or (b) read the phrase literally. The phrase originates in Larry Lessig’s 2000 article of the same name and his book Code and other Laws of Cyberspace. In that essay, Lessig wrote:
Ours is the age of cyberspace. It, too, has a regulator. This regulator, too, threatens liberty. But so obsessed are we with the idea that liberty means “freedom from government” that we don’t even see the regulation in this new space. We therefore don’t see the threat to liberty that this regulation presents.
This regulator is code–the software and hardware that make cyberspace as it is. This code, or architecture, sets the terms on which life in cyberspace is experienced. It determines how easy it is to protect privacy, or how easy it is to censor speech. It determines whether access to information is general or whether information is zoned. It affects who sees what, or what is monitored. In a host of ways that one cannot begin to see unless one begins to understand the nature of this code, the code of cyberspace regulates.
Lessig did not, by this, mean blockchain code. Bitcoin would not happen for another nine years and although essays such as Nick Szabo’s Formalizing and Securing Relationships on Public Networks pre-dated Lessig, Szaboan smart contracts would be obscure curiosities for nearly two decades after first being proposed.
What is law?
The answer to this depends on who you ask. I am a strictly amateur jurisprudence scholar as I have to earn my bread by drafting technology contracts, but I have read a thing or two and accordingly have some basic thoughts on this subject which might be of interest at a dinner party if not an academic journal.
Two of the better modern theorists on the subject are H.L.A. Hart and Hans Kelsen, neither of whose works are widely taught in American law schools. Others, like Dworkin, have theories based in the legitimate use of force; given that the DeFi thesis is all about putting in place mathematical obstacles to force ($5 wrench attack excepted), those arguments are going to be less relevant when applied to the crypto ecosystem than meatspace, mainly because the amount of force required to stop crypto is, at this point, greater than any one state can presently marshal.
Hart’s theory was that there was a hypothetical rule, which he referred to as a “rule of recognition,” against which all other rules may be judged as being of binding legal authority or not. It might better be termed “you know sovereignty when you see it;” ask any practicing lawyer whether an order or edict is of a binding and legal character and they will be able to answer in the affirmative or the negative. Ask them why the rule is binding and what it has in common with all other rules can be somewhat more complicated, particularly in a multiple-sovereignty federal system. In the U.S. system we might say “actions which are unconstitutional are not legal; actions which are constitutional,” by which we mean anything which is carried out lawfully by any government entity under the Constitution, “are legal.”
But who, or what, made the Constitution legal? Hans Kelsen argued that it was something called the grundnorm, or basic norm, which is valid “because it is presupposed to be valid; and it is presupposed to be valid because without this presupposition no human act could be interpreted as a legal, especially as a norm-creating, act.” In essence, the grundnorm serves as a rational definition for what previous centuries may have referred to the “Mandate of Heaven” or “Divine Right of Kings;” it is the ultimate ought.
But these theories, as all theories in social science which can be comprehended by that which is observed, are necessarily and permanently incomplete. Recognizing this, a lesser-known scholar in London, Dr. Werner Menski of the School of Oriental and African Studies, argues that both norms and rules are insufficient; by reference to legal systems of Asia and Africa which incorporate a range of quasi-legal or (what we in the West would recognize as) nonlegal rules in customary law traditions without formal courts or in some cases, even the monopoly on the use of force, he argues that humans nonetheless continue to order their affairs in a fashion which serves the function of what we would call a legal system.
Menski’s argument is that “law” is in fact a hybrid construction made up of a variety of identifiable non-legal sources, and that the interaction of those sources taken in aggregate results in something that has an emergent property we refer to as a legal system. In his view of the world, abstract “rules of recognition,” principles on the application of force, or amorphous and unknowable “basic norms” are fictions that obscure reality: which is that a legal system is the sum of the institutional, and normative/moral baggage that the system, the past, and every individual brings to society with them.
…and code is not that
The most annoying thing about Lessig’s thesis and the subsequent parroting of it by everyone else on the Internet is that, despite being a comparative amateur in jurisprudence, I deal with web applications on the daily and it’s abundantly clear to me that the code that runs the Internet is not legal in nature. It is capricious and arbitrary and serves the interest of site admins and no others. In that capacity, it also lives in and is subordinate to the legal system, especially in cases where the legal system can get ahold of the person running that code (and it very nearly always can, no matter how big the target might be).
What Lessig referred to as “law” was in fact the non-appealable realm of discretion that hosts of internet applications (and, at that time, particularly, web applications) exercised over their servers, something that internet applications do in accordance with law rather than as lawmaker. This fact has been borne out again and again in the intervening decades since he coined the phrase, all the more so as the governments of the world begin to exercise increasing legal control over the Internet space. This is true not only for places like Europe where European social media laws, in particular the German NetzDG and the EU-wide Digital Services Act and GDPR, intervene heavily in the type of content platforms may host and the obligations they assume for hosting it (showing that Lessig was, in the final analysis, hopelessly naive – the evidence shows that governments are, in fact, the biggest threat to liberty on the Internet, and that the U.S. Constitution its greatest guarantor), but also in the United States, where the Constitution and Section 230 – legal arrangements, to be sure – delineate clear private property and free speech interests over code (see: Bernstein v. United States), servers and their operation. Keep an eye on NetChoice v. Paxton for the next big chapter of this story in the U.S.
The impact that the exercise of private discretion on private servers can have on the Internet as a whole can be compared to legal systems like the First Amendment – and indeed that’s one of the issues in Netchoice. Does this render such internet systems and their moderation policies “law,” though?
Not really, at least in any sense that a working lawyer would recognize. Let us use an example of my front yard instead of a server. Let us suppose it is a beautiful and breezy Connecticut summer day and I am out in my yard grilling steak, photosynthesizing, and avoiding seed oils with my fellow crypto people. Out of nowhere, a trespasser – let’s say it’s Richard Heart, for sake of argument and to add color to the example – decides to enter my yard and join the party, where he is unwelcome.
At that point, in the state of Connecticut I have a number of options. After notifying him that he needed to leave I could attempt to use reasonable force, but not more than that, to eject the trespasser. I could call the police. If he asserted a claim to my lawn I would be able to refute that claim, and procure his ejection, by reference to land records held at the town hall.
Suppose I decide to call the police, who charge him with third degree criminal trespass and remove him from my property, and obtain a bail order of protection barring him from being on my property or within 100 feet of me for the duration of the proceedings (a not atypical consequence). It could certainly be said that my actions were legal. But actions taken in accordance with the law, or informed by the law, does not make those actions, or those courses of action, also law. The law in question is C.G.S. 53a-109.
Let us now run a second hypothetical, where I am running servers – marmot-talk.net, the discussion forum for marmots in crypto – and Richard Heart swans into my servers looking to promote his cryptocurrency Hex. Here, I can be a little more aggressive than the trespassing example; the First Amendment treats my server not like my front yard, but like a printing press. Not only can I do anything up to and including a permanent banhammer from the server, but on account of federal law I have broad civil immunity for doing so. Here, the law in question is the First Amendment and 47 USC § 230(c)(2); but just as ejecting Heart from my lawn was legal, but not law, so too is the ejection of Heart from my servers.
In the traditional, Web2 context, code is not law. Code is a rulebook, to be sure, one which can be tuned to any use-case and agenda. But that does not make it law, any more than hosting a cookout makes me a lawgiver.
Updating Menski’s Triangle for the new example of DeFi (and AI?)
Before going any further we need to define DeFi. Assume arguendo the following definition: “DeFi is an ecosystem of applications and users designed to mediate transactions and communications, where the applications run on blockchain networks which are resilient to destruction and largely immune to judicial control otherwise than by obtaining control over users and their private keys.”
Let us update Menski’s Triangle as follows, either as “Menski’s Digital Triangle” or though I am loath to describe it with my own name, as I have not seen this put down anywhere else, “Byrne’s Square.”
Both diagrams really say the same thing.
I do not think it would be appropriate to speak of smart contract as constituting a law unto itself. We know that legal systems require something approximating sovereignty or a rule of recognition, as Hart required; they usually require some general normative presupposition of legitimacy at the base of the system, as Kelsen supposed; and they require, more often than not, a monopoly on the use of force, as Dworkin suggested. Equally though it strikes me that all three approaches, and particularly Dworkin’s, seem rather out of date in an era of autonomous agents and ineradicable, self-executing digital contracts on unkillable state machines with money.
Menski’s model seems the appropriate one to apply here, as it is open-ended and can account for new systems like smart contracts – and artificial intelligence, as long as we’re on the subject of evolving topics in Internet law – in its conception of a legal system. The pluralist model is accretive; when a new piece is dumped into its stew it does not throw away prior assumptions and, in platonic fashion, assume that we simply were talking about the wrong abstract essence and that through discovery and long-winded academic publication we will find a new one.
Legal pluralism is a practical discipline, one which invites us to run a diff between the past and the present, assumes that the new inputs – the “bits” – will have a relationship to everything else in the system, and tells us that by analyzing the real-world consequences of the introduction of these inputs will we arrive at an understanding of what the legal system we live in actually is: what legal rules are binding in courts, what “legal” rules are actually norms, and what “legal” rules are nothing of the sort.
In the legal pluralist’s conception of the world, when code is everywhere, the law of code is everywhere, too. But that does not make “code” and “the law” the same thing. The immutable character of the code is a consideration that creates the fact pattern, will help to determine the outcome of the proceeding, and may even influence the content of new rules created from law-givers.
Code is not the law itself, but its source, or at least one of them.
Even now we are seeing the frank, unilateral nature of DeFi contracts result in different jurisdictions reaching radically different conclusions about how human conduct should be regulated in relation to these immutable beasties. What in the United States is a felony is, apparently, excusable white-hattery in France. The fact that two advanced, typical western legal systems can reach such radically different conclusions tells me that DeFi, and “bits” more generally, are, now and forevermore, legally relevant facts of life.
DeFi code will therefore be a source of law and will likely be so for the rest of the natural life of anyone reading this blog post. Speaking as one who has been in crypto for over ten years, it is absolutely marvelous to see the legal system starting to evolve to accommodate our version of reality rather than the other way around.