Digital architecture as crime control. .

• Author: Katyal, Neal Kumar

The first generation of cyberlaw was about what regulates cyberspace, Led by Larry Lessig's path-breaking scholarship isolating architecture as a constraint on behavior online, (1) a wide body of work has flourished. In a recent article, I took those insights and reverse-engineered them to show how attention to architecture in realspace (such as our city streets, parks, houses, and other buildings) constrains crime. (2) It is time to begin a new generation of work, one that applies the lessons of realspace study back to the cybernetic realm. The question will not be what regulates cyberspace, but how to do so given the panoply of architectural, legal, economic, and social constraints.

This Essay details how theories of realspace architecture inform the regulation of one aspect of cyberspace, computer crime. Computer crime causes enormous damage to the United States economy, with even a single virus causing damage in the billions of dollars and with a recent survey finding that ninety percent of corporations detected computer security breaches. (3) Yet despite apparent metaphorical synergy, architects in realspace generally have not talked to those in cyberspace, and vice versa. There is little analysis of digital architecture and its relationship to crime, and the realspace architectural literature on crime prevention is often far too "soft" to garner significant readership among computer engineers. However, the architectural methods used to solve crime problems offline can serve as a template to solve them online. This will become increasingly obvious as the divide between realspace and cyberspace erodes. With wireless networking, omnipresent cameras, and ubiquitous access to data, these two realms are heading toward merger. Architectural concepts offer a vantage point from which to view this coming collision.

This brief Essay sketches out design solutions to the problem of security in cyberspace. It begins by introducing four principles of realspace crime prevention through architecture. Offline, design can (1) create opportunities for natural surveillance, meaning visibility and susceptibility to monitoring by residents, neighbors, and bystanders; (2) instill a sense of territoriality so that residents develop proprietary attitudes and outsiders feel deterred from entering private space; (3) build communities; and (4) protect targets of crime. (4)

After introducing these concepts, the Essay discusses analogues to each principle in cyberspace. Naturally, the online and offline realms are not symmetric, but the animating rationales for the four principles can be translated to cyberspace. Some of the outlined modifications to digital architecture are major and will invariably provoke technical and legal concerns; others are more minor and can be implemented quickly to control computer crime. For example, we will see how natural surveillance principles suggest new virtues of open source platforms, such as Linux, and how territoriality outlines a strong case for moving away from digital anonymity toward pseudonymity. The goal of building communities will similarly expose some new advantages for the original, and now eroding, end-to-end architecture of the Internet--a design choice that eschewed barriers between computers and rejected preferences for certain types of content. Principles of community and target protection will illuminate why installing firewalls (which are simply pieces of hardware and software that prevent specified communications (5)) at end points will provide strong protection, why some computer programs subtly cue criminal acts, and why the government should keep some computer crimes secret.

Throughout this Essay, each Section will employ the realspace architect's understanding of context to explain why many meta-claims in contemporary cyberlaw are too grand. These claims are proliferating and track the same binary formula: "open sources are more/less secure," "digital anonymity should be encouraged/prohibited," "end-to-end networks are more/less efficient," "peer-to-peer technologies are a threat/blessing," etc. (6) Systematic predictions are possible about the benefits of open sources, end-to-end (e2e) networks, and the like, but caution is warranted before applying these predictions across the board. Such caution is a staple of crime prevention in realspace, as the four design principles are often in tension with each other. As this Essay progresses, these tensions will become evident in the cyberspace context as well.

In total, these architectural lessons will help us chart an alternative course to the federal government's tepid approach to computer crime. In February of this year, after a year and a half of promising a revolutionary approach, the White House released its National Strategy To Secure Cyberspace. (7) Unfortunately, the Strategy consists of little beyond an unbridled faith in "the market itself" to prevent cybercrime. (8) By leaving the bulk of crime prevention to market forces, the government will encourage private barricades to develop--the equivalent of digital gated communities--with terrible consequences for the Net in general and interconnectivity in particular. Just as safety on the street depends in part on public police and public architecture, so, too, in cyberspace.

1. DIGITAL DESIGN PRINCIPLES TO PREVENT CRIME

   Today, the damage caused by computer crime runs in the billions of dollars each year, making it one of the most economically damaging forms of crime in human history. (9) Yet the extent of cybercrime today is still constrained by the costs of computers, bandwidth, and attaining computing skill, all of which are likely to diminish over time. As a result of these and other factors, we will soon face the possibility that the Net will become as unsafe as the downtown city street. The city-street analogy is worth thinking about, for some downtown streets effectively control crime. In any number of cities today, people simply avoid the streets at night altogether, making it difficult for them to be attacked. In others, lights or barricades make it more difficult to perpetrate crime. And in still others, police patrols provide a backdrop of safety that scares criminals away and encourages residents to come out of doors. What do these methods of control suggest about cyberspace?

   This Part applies four principles of design and crime prevention to explain how changes to digital code can have a dramatic effect on crime rates. In order to ease consideration of these changes, I will be speaking generically about "crime," rather than singling out its particular variants, such as viruses, worms, denial of service attacks, unauthorized access, unauthorized use, and identity theft. (10) This simplification at times will obscure specific architectural solutions, yet the Essay's design is meant to underscore how, in both realspace and cyberspace, architectural changes have the potential to minimize a large number of crimes at once.

   1. Natural Surveillance

      Natural surveillance refers to the use of architecture to create spaces that are easily viewed by residents, neighbors, and bystanders. The most sophisticated proponent of this approach was Jane Jacobs, who reasoned that "eyes on the street" would control crime. (11) Using Greenwich Village as a model, Jacobs argued that if people could be brought out onto city streets and if the design of city blocks facilitated visibility, the crime rate would drop. Jacobs did not disaggregate types of crime; rather, she felt that much of it could be prevented best by ordinary people, not professional police officers and security guards. (12) Yet a natural, and sometimes self-defeating, impulse is to close space off to prevent crime, rather than to open it up. The gated community is one such modern manifestation. (13)

      In cyberspace, however, crime prevention is predominantly a less visible, professional enterprise. Much software today is "closed source," meaning that the programs' underlying computer code is hidden from its users. Just as closure in realspace can increase crime rates, so, too, in cyberspace. Because the underlying code is examined only by professionals (and often only by the firm developing the software), the number of people who can discover its vulnerabilities and repair them is far lower.

      Closed source programs, while an understandable reaction to the fear of crime, are often counterproductive. Computer platforms such as Linux (an open source alternative to Microsoft's Windows operating system) will have major security advantages because they can harness the power of natural surveillance in ways that closed platforms, such as Windows, cannot. Because more people can see the code, the likelihood that security vulnerabilities will be quickly discovered and patched rises. (14) President Clinton's Technical Advisory Committee, for example, recognized that "access by developers to source code allows for a thorough examination that decreases the potential for embedded trap doors and/or Trojan horses." (15) Closure of code, like gated communities in realspace, may create a false sense of security. (16) And programmers who work together within a firm may develop groupthink and miss vulnerabilities while having an incentive to hide their mistakes from the outside world if they think they won't get caught. (17) Open source software, by expanding the pool of people who view the code, can harness the benefits of a diverse, far-flung group of minds and eyes to improve security.

      In two senses, natural surveillance operates differently online than it does offline. First, natural surveillance primarily works offline when the public watches potential offenders and disrupts specific criminal activity. Online, however, it works when professionals and program users eye the code. Their gaze is not directed to any particular offender; rather, it is directed at the architecture itself. This shift in gaze reveals an important...