“A world where ‘the market’ operates freely and the ‘evil’ of government is vanquished would represent, for them, a world of absolute freedom.” — Lawrence Lessig, Code: Version 2.0
Recently, I had the opportunity to watch a preview of James Craig’s upcoming documentary “Code is Law.” This film, set to debut on Oct. 21 on Apple TV+, Amazon Prime Video, and YouTube Movies, narrates two interconnected tales of crypto hacks: the individuals involved and the ideology of the hackers.
While its stance is explicit, the inquiry merits deeper exploration. If code isn’t law, should it be?
Following the 2014 Mt. Gox hack, the first attack discussed in “Code is Law,” the DAO hack is likely the most renowned in the history of crypto. The DAO represented the pioneering decentralized autonomous organization, making its name synonymous with this concept. In 2016, when Ethereum was still in its infancy, it stood out as one of the initial decentralized applications to gain traction.
The narrative unfolds from founder Griff Green’s viewpoint as the nascent concept of decentralized governance emerges, amassing $160 million, only to succumb to a catastrophic hack.
The film employs a humanized perspective to frame a debate prevalent at that time. When an assailant extracts funds from a smart contract, exploiting the contract’s internal logic to obtain tokens contrary to the creator’s intent, is that fundamentally wrong? Should the violator face condemnation, legally or otherwise, or is this merely a fair game?
This cycle repeats in the early 2020s, focusing on a lesser-known heist of Indexed Finance. Allegedly executed by an attacker known as Umbril Upsilon and Zeta Zeros, this individual would eventually be identified as the teenager Andean Medjedovic.
Related: Who is Andean Medjedovic, the alleged $48M KyberSwap hacker?
The film presents Medjedovic as an embodiment of the belief that code is law. His perspective, depicted as immature, is anarchic and harsh: “If I could take it, I had the right to.”
In the documentary, this argument is based solely on moral intuition, lacking a principled foundation and defended merely by tautology. Advocates of this notion fail to make a normative case for why code should serve as law, indicating a need for an instrumental basis that goes beyond mere moralism.
A century ends and code is law
The phrase “code is law” is primarily associated with academic Lawrence Lessig. The opening chapter of his 1999 book “Code: And Other Laws of Cyberspace” is titled “Code is Law” and draws a parallel between the power vacuums emerging in Eastern Europe at that time (someone should investigate that) and the internet.
People have historically sought frontiers for freedom. This desire arises because societies fundamentally represent structures orchestrating violence to contain individual desires for the benefit of those in power. Generally, this arrangement possesses some pro-social attributes: Law enforcement plays a privileged role as monopolists of violence, allowing us to purchase deodorant at Walgreens without summoning an attendant. However, this does not alter the underlying nature of the phenomenon.
At the frontier, where such structures remain undeveloped, powerful individuals can exploit their strength to control others. That is freedom for those seeking it or for those with unconventional beliefs wishing to act outside societal norms.
This highlights the moral root of freedom. Freedom isn’t an absolute quality that one gains in isolation; it is the absence of negative constraints. Removing any type of restraint equates to an increase in freedom. Thus, for misfits and sociopaths, a total lack of governmental control—like that which prevailed in cyberspace in 1999 or decentralized finance in 2016—might be ideal.
Those advocating for a code-is-law philosophy believe that a freedom from restrictions will benefit them precisely because it is asymmetrical. They disproportionately desire to engage in behaviors that society disapproves of, so a weakened social conscience yields greater advantages for them.
Yet, Lessig’s point was fundamentally different:
“We can build, or architect, or code cyberspace to safeguard values we deem fundamental. Or we can construct it in a manner that allows those values to dissipate. There is no middle path. No decision exists without some form of construction. Code is never found; it is always created, and always by us.”
In this framework, code isn’t merely a removal of negative restraints; rather, it represents yet another manifestation of regulation, broadly defined. A different type of restraint that raises the same questions as any other form of regulation.
The issue
However, two primary challenges hinder code from functioning as effective law, even in its most lenient interpretation as envisioned by Lessig.
The first challenge, as Craig’s film emphasizes, is the significant difficulty in creating code robust enough to influence human behavior across the myriad of scenarios it will likely encounter. This challenge stems from a mismatch between the rigid logical structure of code and the dynamic nature of human actions.
If a developer deploys an immutable contract, the moment a vulnerability is discovered, without a legal framework to support participants, the entire system risks becoming obsolete. Expecting developers to produce flawless code is unrealistic. Implementing adaptive rules that can be administered by humans (i.e., laws) is far more feasible and effective than anticipating every potential risk scenario.
This flexible authority often conflicts with libertarian views because discretion represents power. Legal systems create arbiters who inherently possess the authority to impose or alleviate costs on others.
If you’ve experienced being stopped by an unprofessional officer, you fully understand how this can lead to complications, yet currently, no rigid system is as effective as a fluid one. Someday, perhaps AI technologies like large language models will be capable of executing equally effective discretion, but for now, advocating for code as law falls short.
The second issue with the code-is-law concept is even more damaging. While the regulatory model previously discussed has portrayed a reactive system emerging to fulfill authority’s role, some political scientists—realists—view this relationship differently.
Authority is often seen as the product of varying capacities for violence among individuals and groups. This violence gradient culminates in coercion, wherein those wielding violence dictate rules to their subjects. Code, while establishing internal rules within its own structure, fails to hold a monopoly on violence in the greater context.
Whether one acknowledges it or not, software is developed by creators and utilized by communities for specific ends. When hackers, motivated by opposing objectives, exploit the software to extract resources from those communities, some victims will seek governmental assistance. Occasionally, governments respond by deploying law enforcement to restrain and imprison the hackers.
Even if we prefer to overlook it in discussions, this final aspect—the element of violence—forms the fundamental basis of all regulation. As long as governments maintain armed forces, and developers and hackers do not, those espousing the idea that code is law will struggle to enforce their beliefs upon the wider society.
For now, that might be a positive development.
Magazine: Back to Ethereum: How Synthetix, Ronin, and Celo found clarity
