[mindslight]

Actually, the situation is complete opposite. Code is formal, deterministically executable rules. That's a boon for the rule of law, as the vast majority of "crimes" can be prevented a priori, rather than chased down post facto.

Even C++ is miles ahead of the "legalese" that forms traditional laws. Being executable by the common person, it avoids one glaring violation of equal protection that modern legalese limps along in spite of - legalese is only interpretable by specialized lawyers, who still generally default to "ambiguous no".

The real problem driving this article is the legacy ambient authorities wanting to expand their role, insisting that the informal intentions behind the design of (and decision to run) the code should carry more weight than the code itself! One of the implications of the End to End principle is that messages on the network carry no "universal" denotational meaning, but are purely what the endpoints make of them. Ambient authority has little place in a connected post-jurisdictional world, and so we must resist its attempts to further invade where it is simply inappropriate.

[vkou]

> The real problem driving this article is the legacy ambient authorities wanting to expand their role, insisting that the informal intentions behind the design of (and decision to run) the code should carry more weight than the code itself!

Just because I accidentally left my door unlocked today doesn't mean that entering my house, and taking all my stuff isn't burglary. You don't have to be a telepath to know that is wrong.

Under the 'code is law' doctrine, just because you could do something, you can do something. This is incompatible with anything resembling civilized society.

Society only functions because we respect the informal intentions of other people.

[mindslight]

> Society only functions because we respect the informal intentions of other people.

I agree wholeheartedly, in the local scale person-to-person sense.

But your argument is knocking down a straw man, by coming at it from the other direction. I'm not advocating for being an asshole via finding loopholes, but against the ridiculousness of creating a second set of half-formal rules to repair deficiencies in the fully formal ones.

> Under the 'code is law' doctrine, just because you could do something, you can do something. This is incompatible with anything resembling civilized society.

Yet this is exactly how the legal system does work. If an action is "wrong" but not illegal you can't actually be sanctioned for it. See: pretty much any large company in the news over some kind of outrage that will ultimately go unpunished.

[vkou]

> If an action is "wrong" but not illegal you can't actually be sanctioned for it. See: pretty much any large company in the news over some kind of outrage that will ultimately go unpunished.

Law is subject to human interpretation, evaluation of intent, and error correction. Every case has a number of unknowns that judges and juries are supposed to clarify. This is a feature, not a bug.

Code does not. The source for any non-trivial program encodes an uncountable number of unknowns that frequently lead us to absurd conclusions, with no ability to sanity check or correct them.

[mindslight]

This flexibility is a feature for human-scale situations (eg it's really nice to distinguish between involuntary manslaughter and premeditated murder), but it doesn't scale - either to larger organizations, or across different cultures.

[IntronExon]

Law is interpreted by the courts, which creates jurisprudence. The letter of the law is subject to the interpretation of the courts to a very great extent.

Edit: I misread the comment I responded to, and as the poster rightly pointed out, my comment is just stating the obvious. Sorry about that.

[mindslight]

How is that aspect not already incorporated in what I've said?

[IntronExon]

You’re absolutely right, I misread your comment.

[hinkley]

    just because you could do something, you can do something. 

There is no more perfect state of Anarchy in the world than code.

What we are missing is good forensics. A number of people in this thread have hinted at this.

[gowld]

https://meltdownattack.com/ spectactulary refutes this thesis.

Also: https://en.wikipedia.org/wiki/Zero-day_(computing)

[tessierashpool]

This remark is barely even related to my argument, so I don't get why you made it a reply. I'm just going to rephrase the argument you ignored. If you address it, at all, I'll try to return the favor and address the points you raised too.

To secure a computer system, you have to find and patch all of its vulnerabilities, as well as distribute your patch to every node in the network. It's like what Maggie Thatcher said about terrorism. If the defender messes up even one time, the attacker wins. So the amount of effort that the attacker needs is much, much smaller than what the defender needs.

Compare that to a European country without America's easy access to guns. Crime is always cheaper than law enforcement, but in a country without ubiquitous guns, crime is somewhat cheaper than law enforcement. Online, crime is massively cheaper than law enforcement. That means that crime has a systemic advantage.

Who even hires for cybersecurity, in government? Who has the resources for it? Do local police departments compete with startups for top tech talent? Of course not.

Say you're a small town in Pennsylvania. A woman who lives in your town is being harassed by a loosely affiliated global network of anonymous misogynistic trolls. Is your police department qualified to protect her? This is a major flaw in the police department's ability to fulfill its responsibilities towards its citizenry and taxpayers, and we haven't even added black hat hackers to the equation yet.

In a hacking situation, the defender needs to coordinate an entire network, to make sure everybody's using the latest patches, while the attacker can operate solo, which eliminates organizational overhead. Yet attackers can and do share information about attack vectors. The decentralization that network technology makes possible is very favorable for attackers. Meanwhile, most of our infrastructure runs on languages that are extremely difficult to secure, even without questions of coordination.

This is a fundamental threat to the rule of law. Some of these problems can be addressed by modifying which agencies are responsible for which types of problems. But the economic aspects are fundamental. Crime is cheaper than enforcement and security by orders of magnitude. Few people are qualified to secure these systems, and many of them can make more money by penetrating them. For every brilliant hacker who moves to the US and starts another Google, there are a hundred who are stuck in Estonia, where their best bet is stealing credit card numbers or breaking into Bitcoin exchanges. The profit potential there is literally in the billions; even Silicon Valley has a hard time competing with that.

These incentives are inherently dangerous, and that is unlikely to change.

[mindslight]

My comment is directly related to the foundation of your argument - it's patently absurd to refer to a medium that is built entirely out of formal rules as being lawless.

The short of it is that if you take "the rule of law" to mean the ability for puppetmasters to make top-down dictats like "can't talk about Barbara Streisand", then sure, any distributed activity undermines that. Your comment is steeped in the idea of there being a singular godlike perspective, and implies having a single world jurisdiction. Aside from the impracticality, this would be a truly sorry day for humanity.