Sign In

Communications of the ACM

Law and technology

Toward a Closer Integration of Law and Computer Science

View as: Print Mobile App ACM Digital Library Full Text (PDF) In the Digital Edition Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Toward a Closer Integration of Law and Computer Science, illustration

The rate of technological change during the past few decades has been breathtaking. End users have adopted the Internet, smartphones, and tablets faster than any other consumer electronics product in history. The rapid diffusion of these technologies has transformed the way people work, shop, learn, play, and communicate.

Major technological changes inevitably have an impact on law. Just as the printing press revolutionized copyright and the telephone prompted new approaches to the Fourth Amendment, the digitization of all forms of content and the emergence of the Internet Protocol as the dominant platform for communication have led courts and legislatures to reexamine a wide range of legal issues.

During the Internet's early days, Silicon Valley spent little time worrying about whether the government would impose significant regulatory constraints. Initial disputes raised variations on familiar themes, such as whether the government can suppress online pornography, when an email message can constitute acceptance of a contract, and whether a company can be sued in a state simply because some of its residents purchased products from the company's website. More recent legal issues have increasingly arisen in increasingly complex technological contexts. Consider the following examples:

DNS and SOPA/PIPA. In late 2011 and early 2012, the U.S. Congress debated two legislative proposals known as the Stop Online Piracy Act (SOPA) and the Protect Intellectual Property Act (PIPA). Both bills would have required Internet service providers (ISPs) to use the Domain Name System (DNS) to block access to websites hosting content known to violate the copyright laws. At the House Judiciary Committee hearing on November 16, 2011, witness after witness repeatedly admitted they did not understand DNS well enough to discuss how the proposed legislation would interact with key technologies such as DNS Security Extensions (DNSSEC), the well-established suite of protocols designed to help preserve the integrity of DNS by requiring that all answers to DNS requests be cryptographically signed.

Congestion management and network neutrality. Throughout the ongoing debates over network neutrality, both proponents and opponents agreed that any regulations should not prevent ISPs from taking reasonable steps to manage network congestion. Unfortunately, many of the people participating in the debate do not have a clear understanding of the way congestion is managed on the Internet. As a result, they fail to appreciate how the acknowledgment-based approach that has served as the foundation of congestion management since the late 1980s does not apply to increasing number of applications, such as VoIP and video, that rely primarily on the transport protocols known as the User Datagram Protocol (UDP), which does not use acknowledgments. The unfamiliarity with how congestion management works also obscures the fact that the central inference that Jacobson's algorithm (which presumes that a missing acknowledgment is a sign of congestion) is less appropriate for wireless networks. Such problems were relatively unimportant when communications consisted of email and Web browsing, which rely on the acknowledgment-based Transmission Control Protocol (TCP), and when most communications occurred over wireline technologies. In the modern era, however, video content and wireless transmission have become mission critical. Although solutions exist, such as the Datagram Congestion Control Protocol (DCCP) and hybrid Automatic Repeat reQuest (hybrid ARQ), these solutions require some important deviations from the existing architecture.

Location information. Many mobile devices (including all wireless devices connected to the public-switched telephone network) necessarily reveal information about end users' locations. At the same time, a growing number of applications are taking advantage of the geolocation Application Programming Interface (API) included in the latest version of HyperText Markup Language (HTML5), which discloses the end user's location. Location information can compromise an end user's security, as demonstrated by the advent of and other similar websites. In addition, some courts have held that the government can seize information made publicly available in this manner without obtaining a search warrant.

NSA's Project Bullrun. Edward Snowden claims that in addition to Project Prism, the U.S. National Security Agency (NSA) has been pursuing another program known as Project Bullrun designed to give it access to encrypted traffic. Reportedly, the NSA is inducing technology companies to insert vulnerabilities into commercial encryption systems, such as HyperText Transfer Protocol Secure (HTTPS), Secure Socket Layers (SSLs), and Virtual Private Networks (VPNs). Although Prism has gained far more notoriety, Snowden claims that Bullrun has been operating longer and has received significantly more funding. The integrity of encryption affects the scope of both federal privacy statutes and the Fourth Amendment, which turns largely on individuals' reasonable expectations of privacy.

The law has long struggled to keep pace with changes in technology. For example, more than 50 years passed after the invention of photography before the U.S. Supreme Court addressed whether photographs possessed sufficient originality to be copyrightable.1 It took approximately the same amount of time for the Supreme Court to resolve the First Amendment status of cable television.7 Some issues have never been fully resolved. Even though photocopying was successfully commercialized in the late 1940s, the Supreme Court still has yet to address how copyright applies to the technolgy, having deadlocked four-to-four in 1975 after one Justice recused himself.9 The accelerating pace of technological change has made the complications associated with this lag all the more acute.

Just as technology has affected law, law has also affected technology. Legal restrictions have shaped and limited the ways innovations and business models can develop. The growing importance of legal considerations is perhaps best illustrated by the fact that increasing numbers of technology companies are establishing offices in Washington, D.C., to represent their interests before regulatory agencies and Congress. Prominent examples of how law affects technology and innovation include:

Data privacy. In contrast to the U.S. approach to privacy, which relies primarily on notice and consent, the European approach has been to place direct restrictions on the retention and uses of data. The hallmark of the European privacy regime has been to mandate that data can only be collected for limited purposes and for limited times. These restrictions place strict limits on the types of business models that companies with significant amounts of data can pursue and the types of innovative products that can emerge. In addition, many countries now require that their citizens' data remain within the country, which forecloses a wide range of cloud computing solutions. Companies seeking to deploy new business models need to understand the precise boundaries of these restrictions.

Online video distribution. Copyright law has had a direct and dramatic effect on online video distribution. The Supreme Court's landmark 1984 Sony case established that end users could use videocassette recorders to make temporary copies of video content for later viewing.8 Courts are beginning to consider whether copyright law is violated when the temporary copy is made by network providers instead of end users. This has a direct impact on technologies such as the Cablevision network digital video recorder,2 Dish Network's Hopper, and new technologies for transmitting over-the-air broadcast television signals over the Internet, such as Aereo and Aereokiller.4,10

Patent policy. On June 4, 2013, a series of executive orders issued by President Obama threw a spotlight on the effect that patent policy can have on innovation. One area of controversy involves so-called non-performing entities (NPEs) that simply license and enforce patents without commercializing them directly. Another topic of ongoing debate concerns the mandate imposed by many standard-setting organizations (SSOs) that any patents included in a standard be licensed at fair, reasonable, and non-discriminatory (FRAND) rates. The SSOs, however, have provided precious little guidance as to the proper implementation of FRAND, and it was not until April 2013 that a federal court offered a comprehensive analysis of what FRAND means.5 Other controversies surround the use of injunctions issued by courts and exclusion orders issued by the International Trade Commission.

Spectrum policy. The late Ronald Coase's 1959 article on the Federal Communications Commission represents a landmark in spectrum policy.3 In essence, Coase recommended (1)using markets to allocate spectrum rights and (2) allowing individual rightsholders to redeploy spectrum to its highest and best use. While the first part of Coase's recommendations has become the prevailing orthodoxy, the second part of his recommendation remains unfulfilled. The vast majority of the spectrum remains encumbered by use restrictions that limit the technologies that can be deployed in any particular band. At the same time, an active debate exists over whether the federal government should set aside more spectrum available for unlicensed uses.

The next logical step would be to embed the interaction between law and policy deeper into the fabric of both fields.

The result is that law and engineering can no longer remain compartmentalized into separate spheres. A world in which innovation affects law and law in turn recursively affects innovation creates a need for decision makers and professionals who have a firm grounding in both spheres. The need for greater expertise does not arise only when dealing with the government: innovators and individuals also need to understand the interaction between law and technology when organizing their private affairs.

The problem is the connections between the two fields remain nascent and underdeveloped, often restricted to a few observations about policy implications offered in the introduction and conclusion of technical articles. Some organizations have begun to bridge the gap. For example, ACM's U.S. Public Policy Council (USACM) plays a critical role in providing government policymakers with information about issues relating to technology policy, although it remains predominantly an organization of engineers. In addition, the Electronic Frontier Foundation (EFF) brings together lawyers, policy analysts, and technologists to influence the law through litigation and white papers. EFF focuses exclusively on advocacy, and its engagement with technological considerations remains the exception and not the rule. The myriad academic centers that have sprung up to study law and technology focus primarily on law and have generated only weak ties to engineering schools.

The next logical step would be to embed the interaction between law and policy deeper into the fabric of both fields. For example, we could change the way we educate both engineers and lawyers. Rather than focusing primarily on one field and treating the other peripherally, programs could give students advanced training in both fields and could be designed in a way that requires students to grapple with both disciplines simultaneously. Indeed, noted Judge Richard Posner's most recent book calls for precisely this type of reform, pointing to the new program at the University of Pennsylvania as a pioneer in integrating technology into legal education.6 Moreover, innovative interdisciplinary research needs conferences, journals, and other similar institutions to provide an intellectual home for the burgeoning field. Ultimately, faculty would emerge with advanced training in both disciplines, a vision that to date remains more dream than reality.

If successful, this movement will create a new generation of scholars and scholarship that will integrate the insights of both law and engineering in a pathbreaking and dynamic way. Such an approach is essential if our society is to continue to enjoy the benefits of economic and technological progress.

Back to Top


1. Burrow-Giles Lithographic Co. v. Sarony, 111 U.S. 53 (1884).

2. Cartoon Network LP v. CSC Holdings, Inc., 536 F.3d 131 (2d Cir. 2008).

3. Coase, R.H. The Federal Communications Commission. Journal of Law and Economics 2 (1959), 140.

4. Fox Broadcasting Co. v. Dish Network L.L.C., 723 F.3d 1067 (9th Cir. 2013).

5. Microsoft Corp. v. Motorola, Inc., No. C10-1823JLR, 2013 WL 2111217 (W.D. Wash. Apr. 25, 2013).

6. Posner, J. Reflections on Judging. Harvard University Press, 2013, 347348

7. Sony Corp. of Am. v. Universal City Studios, Inc., 464 U.S. 417 (1984).

8. United States v. Playboy Entertainment Group, Inc., 529 U.S. 803 (2000).

9. Williams & Wilkins Co. v. United States, 420 U.S. 376 (1975).

10. WNET, Thirteen v. Aereo, Inc., 722 F.3d 500 (2d Cir. 2013) (Chin, J., dissenting from denial of rehearing en banc).

Back to Top


Christopher S. Yoo ( is the John H. Chestnut Professor of Law, Communication, and Computer & Information Science and the founding director of the Center for Technology, Innovation and Competition at the University of Pennsylvania.

Copyright held by Author/Owner(s).

The Digital Library is published by the Association for Computing Machinery. Copyright © 2014 ACM, Inc.


CACM Administrator

The following letter was published in the Letters to the Editor in the April 2014 CACM (
--CACM Administrator

In his Viewpoint "Toward a Closer Integration of Law and Computer Science" (Jan. 2014), Christopher S. Yoo raised an important point about how the law and technological change interact but emphasized only one dimension of what could be called the "social embedding" of technology. Legal concerns are an important aspect of software design, especially if the software stores and processes sensitive personal data about users. However, in order to increase the acceptability and acceptance of a software product, more aspects must be considered during development. Some (such as data privacy and usability) are well represented in most projects. Others (such as users trust in technology, incentives to participate in collective activities, inclusion of users with disabilities, and ethical and sociological challenges) have only begun to attract attention due to recent technological advancements (such as context-aware services, self-adaptive systems, and autonomously acting agents). The crucial point for software developers is these aspects of social embedding could lead to conflicting software design requirements, so should be addressed together in a systematic and integrated development process. Because society demands it, truly multidisciplinary design thinking will become increasingly important in the future.

Kurt Geihs
Kassel, Germany

Displaying 1 comment