Framing Assumptions and Cyberspace Regulation: A Critical Reflection on Differences among Countries

Document Type: Commentary


Graduate School of Management and Economics, Sharif University of Technology, Tehran, Iran


Thispaper attempts to connect two rather different fields of study by applying concepts from regulating technological risks to the field of cyberspace regulation. The concept of framing assumption is used in order to show the cyberspace regulation differences in  countries particularly between the U.S. and the Euopean system. It shows how the U.S. and Europe have adopted different assumptions regarding the policy problem, the system within which the problem arises and the policy solutions. While the problem for the U.S. regulatory system is technological advancement, the European countries perceived the problem as mitigating hazards. The system for the U.S. is conceived as the competition among profit-seeking companies,whereasEuropean countries are suspicious about those profit-seeking activities. Finally, the solution is lower government intervention for the former, and the latter found the direct involvement of the government as the main solution. An important implication is that there is no unified form of regulation and countries like Iran need to consider their local factors in order to establish their own regulatory systems.



The rapid development of the world after the industrial revolution in 1770 has been analysed by several scholars during the past 250 years. A well-known picture of this history has divided it into 5 technological revolutions (Freeman & Perez, 1988; Freeman & Louca, 2001) or somehow three industrial revolutions that is now breeding thefourthone, which is called industry 4 (Kagermann et al., 2013).

The mechanization of textile machinery followed by advances in steam engine led to the development of railway industry has been counted as two successive technological revolutions (Perez, 2010) that are also integrated as the first industrial revolution (von Tunzelmann, 1978). Electrical motors and internal combustion engines; then, changed the world from the mid-18th century to the late 19th century as the third and the fourth technological revolutions (Perez, 2010), or the second industrial revolution. Finally, the ICT internet and other communication practices, initiatedby the development of microprocessors, paved the way for the fifth technological or the third industrial revolution (Perez, 2010).

There is no doubt that the impacts of technological changes in the society are unexpected and somehow far beyond the control of any agents, let alone the government (Jasanoff, 2005). Although it was initially developed as part of networking projects in the military services of the USA by ARPA organization (Lloyd, 2000); the internet is now transformed as an indispensable part of human life. This raises serious concerns over the regulation of cyberspace and different approacheshave been developed for this purpose (Trotter Hardy, 1994; Barlow, 1996; Johnson & Post, 1996; Boyle, 1997; Lessig, 1999; 2000).

Jurisdictions have also adopted different approaches for regulating the cyberspace. A clear distinction appears between the U.S. with a liberal regime of regulation and Europe, which concerns more about the content and application of the cyberspace (Ameli, 2018). Some countries like Cuba and Russia havetried to pose serious restrictions over the internet while some East Asian countries preferred to follow the suggestions of international organizations (Ameli, 2018).

More recently, new technologies such as nano-, bio-, and cognitive technologies have emerged that in turn increased the human power to change the world according to its interests and somehow desires (Maynard & Mehrtens, 1993). Their combination with information technologies is called converging technologies that could enhance human authority over nature (Roco & Bainbridge, 1998). With huge impacts of those technologies on human life, some scholars developed the concept of the risk society (Beck,1992), pointing to the fact that our everyday lives in one or some ways deal with how to confront those risks (Jasanoff, 1986).

This paper tries to shed some light on approachesof cyberspace regulation from the works pertaining to the regulation of other new technologies discussed above. Therefore, the views towards cyberspace regulation will be elaborated briefly first. Then, the approaches towards regulating other technologies will be presented. Finally, the lessons and implications will be discussed.

Cyberspace regulation approaches

Perspectives about cyberspace regulation are inherently concerned about the differences between the actual and the digital world by asking “what” questions about the regulation. The former concerns different forms of regulation while the latter concentrates on the legitimacy of the controller.

Libertarians emphasize independence (Barlow, 1996), or self-governance features of cyberspace (Johnson & Post, 1996). Those views normally criticize the concepts of the actual or authentic world, the jurisdictional views of regulation, and effectiveness of international institutions or agreements. Instead, they suggest the most self-governing and decentralized forms of regulationbased on just regulating on Domain names (Trotter Hardy, 1994). It is not surprising to see that those views are normally hosted in the context of the U.S. as a country traditionally embraces the liberal views towards technological advancements (Jasanoff, 2005).

On the other hand, there are scholars with more realistic views, including Lawrence Lessig and James Boyle. Lessig’s arguments are best known as hisanswer to the question of what regulates points to four interrelated and possible constraints in the cyberspace (1999; 2000):

-          Law: directly regulate the cyberspace and indirectly affects the three following regulators.

-          Markets: constrain works by price mechanisms that in turn may affect the norms.

-          Norms: normally the result of self-regulation activities within the World Wide Web.

-          Code: similar to the “built environment” in physical space (e.g. locks, doors, guns, etc.), codes can control access and monitor the behaviours through identifying what actions are possible and what are impossible.

Figure 1. Lessig’s four constrain over cyberspace


Finally, the regulation of the cyberspace needs to find the best combination of those constraints in order to achieve the desired results.

The trend of legislation of the cyberspace also shows a shift from liberal approaches to recognizing more legitimacy of the local governments to regulate the cyberspace. It means the convergence does not exist anymore (such as contentions over regulations in NETmundial Initiative in 2014) as each country seeks jurisdictional power in order to set its owns rules and restrictions over the cyberspace. However, the proper roles of nation-states are remained unsolved (Marchanet & Robertson, 2015).

Regulating technological risks

A primary challenge for both the public and the policymakers in the current era is finding credible ways of dealing with technological risks because of the advent of unprecedented powers of new technologies (Jasanoff, 1986). On this basis, several theoretical and empirical studies have been undertaken since the last three decades. Löfstedt and Frewer (1998: x) in their edition that collected some eminent studies about risk noted, “It is a research area that has grown very rapidly over the last seven years … since then, three new major risk journals … have been launched, and various organizations … have been established.”

As a result of this new attention, the concept of risk has also shifted from a quantitative and reducible thing into a more broadly subjective element that instead of ‘estimation’ and ‘analysis’, recalls more ‘communication’ and ‘management’ (Stirling, 1998). The underlying knowledge of regulating risk in the former notion is expert knowledge, able to estimate the likelihood of the well-known outcomes (van Zwanenberg & Millstone, 2005); while the latter needs other types of knowledge for decision making (Millstone, 2009). Weinberg (1972: 211) in a critical paper introduced the concept of trans-science, indicating the “questions of the fact and can be stated in the language of science, they are unanswerable by science; they transcend science.”

The incertitude matrix developed by Stirling (1998) demonstrated different conditions. The top-left hand side is called risk as to the classical situation in which the formal, mathematical and instrumental views are the basis for decision-making. Uncertainty, left bottom, refers to the situation in which there is no basis for probability analysis, while the set of outcomes are identified. Moving to the right hand, ambiguity points to the circumstances in which there is no agreement around the possible outcomes, as a matter of subjective disagreements. Finally, ignorance is a situation in which we do not know what we do not know (Stirling, 2003).


Table 1.  Dimensions of incertitude



Knowledge about outcomes



Outcomes are well-defined

Outcomes purely defined

Knowledge about  possibilities

Firm basis for possibilities



No basis for possibilities



From Stirling (2003)

Wynne (1992) pointed to a crucial, but often overlooked, aspect of his analysis of the Windscale inquiry (i.e. Wynne, 1983) that official experts framed the issue upon some prior socio-institutional assumptions. Thereafter, subsequent studies of regulating risk paid attention to the idea of framing assumptions that frame the views of the experts, protagonists or policy makers that might operate at different levels. For instance, Jasanoff (1990) highlighted three cultures of regulation as the social framing of regulation that makes a distinction between regulatory regimes of the USA, the UK, and Germany and then provided more evidence for this view in her later book (Jasanoff, 2005).

The concept of framing is developed into public policy analysis in the early 1990s. Frames, as the underlying structure of belief, largely define the interests of the protagonists and determine their policy positions and even their understandings of the policy problem (Schon & Rein, 1994). Thus, having two different sets of frames could lead to two different understandings of the policy problem, policy situation renders that problem and even policy solutions (Souzanchi Kashani & Millstone 2013; 2016).

Sociologists like Jasanoff (2005) argued that the national cultures are pivotal in shaping the framings of each country by coining the concept of civic epistemology referring to the institutional practices by which members of a society test and deploy knowledge as a basis for their collective choices (decisions).

Applying risk concepts to cyberspace regulation

The analyses of the differences between jurisdictions in regulating technological risks have been conducted using the above frameworks. From the risk perspective, as Stirling matrix shows, the U.S. normally tends to framenew emerging technologies such as biotechnologyin the “Risk” cell presuming that not only the outcomes are well known, but also the likelihoods could be measured using several scientific tools. On the other hand, Europe framed the situation as ignorance, presuming that not only the possibilities are not well known, but also there is no basis for measuring their likelihoods. The regulation paradigm of Europe is called the precautionary approach stressing the prior risk assessments before any product release to the market (Levidow et al., 2005).

This is because they have framed the policy problem, the situation and the solutions differently (Souzanchi Kashani, 2011). In the U.S., the real problem is framed as technological advancement rather than technological risks, which is the primary concernof Europe (Souzanchi Kashani, 2008).

This approach to technological risk is now being applied to the context of cyberspace (Siboni & Sivan-Sevilla, 2017). They point that “while the United States believes that business interests will lead companies to defend themselves, the European Union takes a more interventionist approach in which state institution makes sure to defend the various sectors for the good of the citizens” (Siboni & Sivan-Sevilla, 2017: 90). As a result, the U.S. delegates the responsibility of risk prevention to the private sectors while Europe applies both prevention and mitigation of risks based on its direct interventions. Finally, Israel is deemed to show a mixed model between the two extremes, using no regulation for the civic sector but applying statism approach for the private companies.


Regulating new technologies have been the subject of several studies in the past 4 decades. However, some areas like biotechnology havebenefited more from academic works concentrating on technological risks, while others such as nanotechnology or cyberspace have not been analysed much from this point of view. In this paper, we applied the concepts of technological risk in the context of cyberspace in order to understand the differences between the U.S. and Europe. One recent study has also applied asimilar approach, although in a less analytical format (i.e. Siboni & Sivan-Sevilla, 2017).

What this paper could add to their picture is to portray the differences between the two continents considering the framework perspective. Our framework suggests that the differences between those jurisdictions stem from two rather different views towards the policy problem, the policy system, and the solutions. The following table tries to capture the distinctions (Table 2).

Table 2. Differences among framing assumptions of the U.S. and Europe




The policy problem

Technological advancement

Mitigating technological hazards


Cyberspace is similar to other technologies (such as automobile)

Cyberspace is different from ordinary technologies

The system

A competitive market mechanism constituted from profit-seeking companies aimed to promote technologies

A competitive market mechanism within which, profit-seeking activities may harm the civil society


Business agents are trustable and consider their social responsibilities

Business agents are not trustable as they may generate hazards

The policy solutions

Government with the lowest intervention in risk management

State should directly involve in risk assessment and management


The impact of hazardsare not irreversible, therefore, could be managed via price mechanisms

The impacts of risks are so serious that the main obligation of the government has to mitigate the risks


IfIran wants to accept a uniform regulatory regime regarding the cyberspace, itneeds to start firstly from its assumption in the three categories mentioned above. First of all, assumptions about the policy problem. It is essential to know why the country needs a cyberspace regulation and what problemit targets to solve. Secondly, it is extremely important to have a clear understanding ofthe system within which such problem arises. Otherwise, different factors would be presented, as the things need to be regulated. Finally, the assumptions about the solutions should be clarified in order to shape a homogeneous environment for regulation.

Declaration of Conflicting Interests:

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Ameli, S.R. & Shahghasemi, E. (2018). Americans’ cross-cultural schemata of Iranians: an online survey. Cross Cultural & Strategic Management, 25(1): 119-133. doi:10.1108/ccsm-10-2016-0176.

Barlow, J.P. (1996). A declaration of the independence of cyberspace.

Beck, U. (1992). Risk society: Towards a new modernity. London, SAGE Publications.

Boyle, J. (1997). Foucalt in cyberspace: ‘Surveillance, sovereignty, and hard-wired censors.

Freeman, C. & Louca, F. (2001). As time goes by. New York, Oxford University Press.

Freeman, C. & Perez, C. (1988). Structural crises of adjustment, business cycles and investment behaviour, in G.Dosi et al. eds. Technical Change and Economic Theory, London: Francis Pinter, pp. 38-66.

Jasanoff, S. (2005). Design on nature: Scinence and democracy in Europe and the United States. Princeton and Oxford, Princeton University Press.

Jasanoff, S. (1990). The fifth branch: Science advisors as policymakers. Cambridge, MA: Harvard University Press.

Jasanoff, S. (1986). Risk management and political culture. New York, NY: Russel Sage Fundation.

Johnson, D.R. & Post, D.G. (1996). Law and borders--the rise of law in cyberspace. Stanford Law Review: 1367.

Kagermann, H., Wahlster W. & Helbig, J. (Eds.) (2013). Recommendations for implementing the strategic initiative Industrie 4.0. Final report of the Industrie 4.0 Working Group.

Lessig, L. (2000). Cyberspace's Architectural Constitution (June). Text of lecture at www9, Amsterdam.

Lessig, L. (1999). Code and other laws of cyberspace. Basic Books.

Levidow, L., Carr, S. & Wield, D. (2005). European Union regulation of agri-biotechnology: precautionary links between science, expertise and policy. Science and Public Policy. 32(4): 261-276.

Lloyd, I.J (2000).Information technology law. Butterworths, London.

Löfstedt, R. & Frewer, L. (1998). Risk and modern society. London: Earthscan Publications.

Marchanet, J. & Robertson, B. (2015). Chaos & control: The competing tensions of internet governance in Iran.

Maynard, H.B. & Mehrtens, S. (1993). The fourth wave. BerrettKoehler Publishers.

Millstone, E. (2009). Science, risk and governance: radical rhetorics and the realities of reform in food safety governance. Research Policy, 38(4): 624-636.

Perez, C. (2010). Technological revolutions and techno-economic paradigms. Cambridge Journal of Economics, 34: 185-202.

Roco, M.C. & Bainbridge, W.S. (2013). The new world of discovery, invention, and innovation: convergence of knowledge, technology, and society. Journal of Nanoparticle Research, 15(9). doi:10.1007/s11051-013-1946-1.

Schon, D.A. & Rein, M. (1994). Frame reflection: Towards the resolution of intractable policy controversies. New York, Basic Books.

Siboni, G. & Sivan-Sevilla, I. (2017). Israeli cyberspace regulation: A conceptual framework, cyber. Intelligence, and Security, 1(1).

Souzanchi Kashani, E. & Millstone, E. (2016). Regulating biotechnology in Iran: The role of experts in shaping a remarkable policy process and outcome. New Genetics and Society, 35(1).

Souzanchi Kashani, E. & Millstone, E. (2013). Contested framings and policy controversies: Analysing the case of Iran’s biosafety policy making. Science and Public Policy, 40(5): 616-627.

Souzanchi Kashani, E. (2011). Contested framings and policy evolution: evolution of the GM biosafety policy-making process in Iran, 2006-2009. Doctoral dissertation, University of Sussex, Sussex, England. Retrieved from

Souzanchi Kashani, E. (2008). Policy gap: Regulation versus promotion of technology. In the 6th Globelics Conference, Mexico.

Stirling, A. (2003). Risk, uncertainty and precaution: Some instrumental implications from the social sciences. In F. Berkhout, M. Leach & I. Scoones. Negotiating Change: New Perspectives From The Social Sciences. Cheltenham, Edward Elgar.

Stirling, A. (1998). Risk At The Turning Point. Risk Research, 1(2): 97-109.

Trotter Hardy, T. (1994). The proper legal regime for cyberspace. University of Pittsburg Law Review, 55: 993.

van Zwanenberg, P. & Millstone, E. (2005). BSE: risk, science and governance. New York, NY: Oxford University Press.

von Tunzelmann, G.N. (1978). Steam power and British industrialization to 1860. Oxford University Press, Oxford.

Weinberg, A.M. (1972). Science and Trans-Science. Science, 177(4045): 211. doi:10.1126/science.177.4045.211.

Wilks, S.,&Wright, M. (Eds.) (1987). Comparative government-industry relations: Western Europe, the United States, and Japan. Oxford: Clarendon.

Wynne, B. (1992). Risk and social learning: Reification to engagement. In S. Krimsky and D. Golding (Eds). Social Theories of Risk, New York, Praeger: 275-297.

Wynne, B. (1983). Public perception of risk- interpreting the objective versus perceived risk dichotomy. Paper presented in International Conference on the Urban Transportation of Irradiated Nuclear Fuel, London.