Code is law. First postulated by Lawrence Lessig over a decade ago, this equation still proves quite accurate in the online environment. Put briefly, it refers to the inherently regulating features of code (architecture, programming language, etc.). Users (of code) are guided and directed through code. The big difference with the law as a regulating entity is that code is – a priori – not as easily circumvented as the law. When a person does not agree with a certain law, or wants to take the risk of being punished for it, he/she can make a choice whether or not to respect the law. Code, on the other hand, cannot simply be ignored. You can only act within the pre-determined limitations of the relevant code. Additionally, code is not as transparent as the law. Whereas the rationale behind a law, its effects and the rule itself are usually easy to discover, this is often not the case with regard to code. The reasons behind a certain design or the impact it has on our behavior are virtually always unknown to end-users. Even benign decisions can have big – and not necessarily intended – impact. More transparency, therefore, is of utmost importance in order to strengthen insights in how and why code can determine people’s behaviour.
Perhaps even more important, is an analysis of how code can be used in order to have a positive impact on users’ rights. Particularly with regard to privacy, default-settings play an incredibly important role. Offering users more control and choice options is not sufficient in and on itself. Several studies (see, for example, the great work by A. Acquisti) have clearly demonstrated the importance of default settings vis-a-vis the actual protection of privacy. In the following months, I will be investigating the legal implications of such default settings in the context of social networks (as part of the Spion Project).