InfoTech & Public Policy

The debate over network neutrality is a fairly straightforward conflict between the owners of the broadband pipe, who (having built it) claim a property right to administer it as they see fit to maximize their profits and recoup their investments; and the content providers and consumers at the ends of the pipe, who view the equal treatment of data passing through as fundamental to the product that they have bought and invested in.  Frankly, the more established legal tenet is that of property.  I think the basic idea that ISPs should be allowed to provide tiered service to web sites, if it does not cause harm, is correct.  It’s up to content providers or consumer groups to come up with good and legally meaningful reasons why they shouldn’t.  In the most egregious cases, as Avi mentioned, the question of network neutrality is primarily and necessarily one of competition.  As I understand it, the nature of network infrastructure discourages redundancy, especially toward the last mile, creating a sort of natural monopoly for the ones who construct it.  Such anticompetitive actions as dropping packets or charging premiums for the network’s use by competitors in related media, like Vonage, might already be restricted by law.  However, it’s the “less egregious and less clear-cut cases” that will determine the future of the Internet.  These are also the cases that draw the line between those who support network neutrality as a matter of principle or out of fear of the negative effects of privileging some kinds of traffic over others.

The tiered service that the telecom companies wish to provide is nothing new or revolutionary.  In most service-type industries, you get a level of service commensurate with what you paid; those who pay more simply get more.  It’s difficult to see how it would be wrong for a content provider to purchase better quality of service from an ISP, or wrong for an ISP to offer such a service to content providers.  Some complain that the carriers would be trying to “double-dip” by charging customers for access and content providers for fast delivery, but I can’t quite see how this presents a problem, either.  Just as the costs of cell phone service are split between parties, access to the Internet and provision of content could easily be considered different segments of the service, which could meaningfully be charged separately.  If you, as a consumer, don’t like the service you’re being offered, perhaps because it’s privileging some kinds of data over others, you should be able to find another provider that doesn’t.  If you can’t, it’s a failure of the market to produce competition, with no particular bearing on the question of network neutrality.  For these reasons, that the telecommunications carriers ought to have considerable freedom in developing their pricing models seems an easy argument to make.

In order to have a meaningful discussion of network neutrality, it’s important to get a handle on exactly what the Internet would look like in its absence.  I’m not certain we know.  Avi comments, “Big web sites that could afford to pay for preferred service are often simply stepping-stones to smaller sites where the real richness of the web lies,” implying that no ISP that could survive on privileged traffic alone.  However, I’m fairly certain that a large proportion of Internet users have reason to visit only a handful of highly commercialized sites – web-based e-mail, search engines, news sites, and online shopping, for instance.  If the rest of the web vanished, they wouldn’t notice.  Portals do a fairly good job of being comprehensive, for the average user, anyway.  Even when new concepts in Internet use are launched – like photo sharing or social bookmarking – they tend to be incorporated into larger commercial ‘portals’ very quickly.  For instance, Yahoo has acquired both Flickr and Del.icio.us in the past year, presumably to incorporate gradually with its own array of services.

Therefore, while large content providers are generally in favor of network neutrality, in the event that it collapsed they would be in a very good position to partner with different ISPs to provide portal services.  In fact, network neutrality aside, many already have.  BellSouth, powered by Google, for instance.  (Ironically, this trend might actually make for a more user-friendly web, as those with less computer literacy would theoretically never have to leave their own ISP’s portal.)  In such a world, the only hope for a Web 2.0 start-up company will be purchase by a much larger company; meanwhile, the resource strain will be higher and more web software will be produced under contract rather than experimentally.  Instead of starting Flickr, for instance, founder Stewart Butterfield might have instead had to pitch the idea to a portal company.  Sites that are necessarily non-profit might find it difficult to continue; while they certainly contribute to the value of the Internet now, portals wouldn’t be likely to step out of their way to carry most of them.  Open source software development would be hampered.  Content providers would likely be faced with a choice between serving the many in a mediocre way and serving the few well.  Despite their value to the web as we know it, consumer demand for small sites is probably not sufficient to ensure their continued existence on a non-neutral network.  What’s left would be a nasty case of vendor lock-in, as consumers tried to decide which ISP and associated portal offered them the most.

Without network neutrality, our conception of the Internet would have to change fundamentally, and not generally for the better.  Presumably, ISPs would begin by prioritizing traffic in a subtle way, so that reaching slow sites constituted an annoyance to consumers rather than a deal-breaker.  This could result in situations we don’t know whether or not network neutrality is being upheld because the ISPs aren’t transparent.  Would the average surfer care?  I’m not sure.  Even if they were upset by it, most surfers would think to blame the content provider for the slow site, rather than their own ISP, because it’s been true in the past.  If carriers began to privilege traffic without a public announcement, which they theoretically could in the absence of a ban, consumers might feel the effects without the benefit of a free decision to switch ISPs.  If nothing else, enforcing transparency about each carrier’s position on network neutrality would help and could be justified on truth-in-advertising grounds.  Discussing this with my roommate this morning, I proposed that a clever way to legislate around the whole problem might be to incorporate network neutrality into the legal definition of the Internet, so that ISPs couldn’t advertise Internet access unless they were providing it neutrally.  This idea lasted about thirty seconds before she pointed out that carriers would instead advertise access to the Net instead, insisting it was merely short for network, with no neutrality guarantees.

Is the government in any position to help?  I honestly don’t know.  I believe that a network neutrality mandate would have to come from legislation rather than existing law.  I’m also curious how this situation compares with other already-regulated networks, such as public utilities or railways.  While neutrality is certainly essential to the research-and-hobbyist Internet of old where interests were more aligned, but it is fundamentally incompatible with a commercial Internet where carriers are quite naturally trying to get the most out of their business.  Preserving the openness of the first is a worthy goal, but the way is far from clear.

I am a member of the group exploring notification schemes, described in 21-23 of the NPRM. This post is an attempt to summarize our collective conclusions from Tuesday’s class, with a few additional caveats of my own. (I’ll try to keep straight which ones are which.) In our discussion, we determined that we were actually interested in three or four very different situations that might require consumer notification, each with its own special considerations.

The first, consumer notification of large-scale security breaches that expose personal information, is already under independent consideration in many states. Such mass breaches are most likely to occur due to cracking attacks or physical theft. In addition to fulfilling the public’s right to know about such incidents, such notification would encourage companies to institute better security measures, enable consumers to take protective measures after breaches. We would like to express support for such legislative efforts, but believe that additional FCC rules would be redundant.

The next situations involve “routine uses” of CPNI, both within the company’s “total service relationship” with the customer and any additional releases of the information that the customer might approve. I believe our consensus was that the benefits of notification might in general be similar to the aforementioned case of large breaches, but targeted against pretexting and insider leaks at a relatively low cost and on an on-going basis that could provide for better fraud detection by the carriers themselves. Informing the consumer of every internal carrier use of CPNI would be overly burdensome and confusing given the low risk involved in such transfers, but routine consumer notification whenever CPNI records are accessed, either by the consumer or by third parties, would increase consumer awareness and hamper the practice of pretexting. The FCC needn’t stipulate the specific notification method, as carriers would be more amenable to a rule that offered them some latitude. However, it’s likely that this can be done at low cost, just as I receive free text messages from Verizon Wireless every monthinforming me that this month’s bill is online. Alternatively, a carrier might print notifications on the bill itself.

However, I have a number of concerns about the real-world effectiveness of routine notifications. Like fine print, a routine notification of this sort is likely to be couched in technical language (e.g. the acronym CPNI itself) and ignored by the consumer. Furthermore,if notification is significantly lagged, as on a monthly bill, it might provide ineffective information for the carriers trying to combat pretexting or for consumers concerned about identity theft. It may also be difficult for the average consumer to differentiate between legitimate and illegitimate accesses of CPNI, especially days and weeks after the fact. Finally, if the decision to opt into increased privacy protections is left to the consumer, it will be underutilized. For these reasons, I believe that notification must be mandatory and used in conjunction with an improved consumer authentication system. Additionally, the FCC must take care to craft specific guidelines as to what is and is not an acceptable method of notification.

That brings me to the possibility of using known secure channels to pre-verify data releases, for instance, fulfilling requests only from the phone number associated with the account. Though more closely related to authentication than notification, such a scheme might use many of the same methods considered above. Compared to the methods previously discussed, pre-verification offers the unique benefit of keeping Pandora’s personal information box closed; after such information is wrongly released, it is hard to erase from semi-public knowledge. However, while pre-verification may be the most effective preventative method against pretexting, our group as a whole expressed concern that it could be significantly burdensome to the consumer.

Personally, I believe the inconveniences are minor compared to the great increase in data security they represent. NKW points out that “notifying end users would lead to more investigations.” Don’t we want to avoid investigations? Investigations are often costly, lengthy, embarrassing, and unfulfilling to the parties involved. In my view, pre-verification is an excellent policy precisely because it leaves little wrongdoing left to investigate.

In summary, notification (especially the “routine” notification in case #2) is compelling because of its extremely low cost compared to the other privacy protection methods our class discussed. It also appeals to the consumer-rights and normative arguments that, whatever happens, the end user has a fundamental right to know where his data is going and choose his carrier accordingly, regardless of the effectiveness of the method.

For your reference, the following is a summary of the comments of Verizon Wireless to the FCC concerning CPNI. Their comments seem are extremely focused toward the question of whether to allow uses of CPNI outside the “total service relationship” with a customer under an “opt-in” or a “notice and opt-out” framework. Notice, in this context, is not the same as the notification schemes we have been discussing in class, but rather notice that it is possible to opt out. The meaning of the term “total service relationship” is somewhat unclear; I’m certain it’s a reference to previous FCC rules, but I have not been able to find a good formal definition. My closest estimate is that it refers to internal uses of CPNI directly related to provision of the customer’s service, which may or may not include a minor amount of very directly targeted marketing.

Verizon Wireless’s comments focus not on the question of acceptable use of CPNI, but whether a “opt-in” requirement or a “notice and opt-out” method is more appropriate for carriers’ use of CPNI beyond that involved in “total service” approach. On this question, they take a largely legal stance rather than discussing CPNI as a matter of policy, with a two-part argument:

1. A “notice and opt-out” regime is sufficient to protect consumer privacy.

Verizon supports this assertion by citing the Gramm-Leach-Bliley Act, which protects more sensitive financial data under a notice and opt-out regime, in addition to previous FCC rules.

2. An “opt-in” regime would eventually face insurmountable legal challenges.

Verizon here cites US WEST v. FCC protecting First Amendment rights to commercial speech, and the Supreme Court’s Central Hudson test requiring restrictions be “narrowly tailored.”

In other words, if a “notice and opt-out” scheme is sufficient, then the more burdensome “opt-in” scheme is illegal.
From a policy perspective, this isn’t too interesting. In the process of making these arguments, however, Verizon Wireless does mention numerous benefits of the expanded use of CPNI by carriers. Broader use of CPNI for marketing would allow carriers to “market efficiently” and “encourage vibrant competition.” Verizon further claims that the consumer, too, would benefit from fewer annoyances. Customers would not have to receive calls from carriers soliciting “opt-ins,” nor be bothered byuntargeted, irrelevant advertising and information.

What does this mean for our class debate? I’m not sure these comments are terribly useful, however, they highlight a few interesting attitudes. One is the recourse to legal standards. It seems to me Verizon Wireless is choosing to focus on the laws that currently defend the status quo, rather than on the merits of the existing policy for all parties. Verizon glosses over concerns from the Opt-In Coalition that opt-out notices will be hidden in fine print and obscured in technical language. The benefits to consumers they cite — namely, fewer telemarketing calls — seem paltry compared to privacy concerns.  My second observation is that Verizon’s concerned enough over this single questionof “opt-in” versus “opt-out” to compose an entire comment on it, yet it hasn’t been addressed much in our discussions of notification. Although it’s difficult to respond directly to the legal point in the Verizon Wireless comment without constructing legal arguments of our own, it’s not a point we should leave unconsidered.

First, a lament… In class on Tuesday, someone pointed out that music is gradually developing into a service rather than a product. I have seen this, and concur. One might have expected the convenience of digital downloads to encourage music consumption; however, currently, we lack vendors that provide consumers high quality DRM-free music on a track-by-track basis. The only way to get high-quality DRM-free music these days is to purchase a full CD, and a number of those even have mechanisms that prevent ripping to a computer. On most sites that sell MP3’s, users aren’t allowed to preview tracks fully. One can sense the character of some songs after thirty seconds; others take thirty full listens. The saddest part of the copyright and filesharing debates for me, personally, is that in the past few years it has become more difficult and complicated for me to find and enjoy the music I love.

But back to the discussion. In the past year or so, a new quasi-legal (mostly in the sense that it hasn’t yet been concertedly and effectively attacked) form of filesharing has appeared on the Internet: the MP3 Blog. An MP3 blog is a weblog that posts unrestricted music files for limited periods of time, accompanied by the author’s usually-positive review of the track or CD. While probably not fair use by the legal standard, at least it seems that offering the song along with review-style text does have non-infringing purposes. The explanatory text is valueless without hearing the song, while the song is valueless if nobody has heard it. Many MP3 blogs focus on particular genres, for maximum interest to the author and maximum usefulness to his or her primary audience.

Not surprisingly, many lesser-known, up-and-coming bands have embraced MP3 blogs as an independent source of real, focused, word-of-mouth publicity. It has been speculated, in fact, that artists or their publicists might leak new tracks to well-read MP3 blogs strategically in order to generate hype. However, larger records and well-known artists have less to gain and more to lose from unauthorized releases of their music; promotion is both a significant cost to labels that market their artists’ music more traditionally, and a significant portion of the service that the label provides to a band. Most MP3 blogs, hoping to retain their quasi-legal status, will readily remove tracks from their website if challenged by an artist or label; however, from the challenger’s point of view, the damage is probably already done.

Despite their value to independent artists, MP3 blogs might also be the next filesharing mechanism to take a legal fall. As we have seen with P2P applications, one or two of the most popular authors might face individual lawsuits, deterring other bloggers. While I don’t believe that MP3 blogs alone are currently a significant enough threat to copyright holders that they would take legal action, there are already software developments that will in time make the MP3 blogging community look and act more like a conventional peer-to-peer filesharing tool. One weblog, The Hype Machine, serves as an aggregator of MP3 blogs, providing a real-time listing of individual tracks that have been posted. Other software tools can be used to automatically grab or “scrape” music files from MP3 blogs. Both of these mechanisms strip the MP3 blogs of even their tenuous claim to fair use or public benefit, and some form of legal action is certain to follow eventually.

Too bad, as MP3 blogs (and Internet radio) are one of the few things helping me to find and enjoy music these days.

Television, as we well know, is deeply ingrained in American culture. According to US Census data, there are 2.4 television sets per household on average, and 94% of Americans tune in weekly. Of course, disrupting such a universally-used service is politically unthinkable; however, disrupting it will be necessary at some point as the nation moves from analog television broadcasting to digital. Even though they may be avid viewers, a significant portion of consumers would find upgrading their own equipment to receive digital broadcasts a decidedly unwelcome cost; those who lack cable or satellite (which will not be affected by the changeover) are probably also the ones most likely to consider analog “good enough.” The improvements in image quality from digital are significantly less valuable to those who tune in primarily for news, sitcoms, and reality shows. Such programming does not require precise detail to remain entertaining. Hence the problem that Congress faces: get an unwilling public and unincentivized broadcasters to move to the digital format, and do so quickly, so that the valuable chunk of spectrum they use for analog transmission can be returned and redistributed.

It must be recognized, however, that we accord television a strange privilege. The government doesn’t get deeply involved with most problems of technological adoption, and the consumer market has addressed obsolescence before. Consumers have gotten quite used to upgrading computers on a regular schedule of perhaps 3 to 7 years, without complaint. Microsoft’s stated support life for its operating systems is 5 years. While it is true that computers do not cease to function all of a sudden by administrative fiat upon reaching a certain age, as these televisions would if analog service were cut off, it is still interesting to observe the lack of consumer reaction to the reasonably aggressive product lifecycles of electronics today. People are quite happy to replace their old computers with faster computers, their Walkmans with Discmans with iPods. Yet we are concerned here about the outcry from people with fifteen-year-old televisions.

I’m not seriously advocating immediate abandonment of the analog signal, as the political considerations are significant, just making an observation. I do believe that transfer of spectrum distribution to the free market, as previous posters advocated, would help to smooth out such aberrations; it would certainly free consumers to pursue other technologies that might be developed were spectrum more freely available.

Of course, one of the arguments for retaining analog television as long as possible is that it is already a near-universal method of communication, and that all citizens ought to have free access to news and emergency information. As an example, it’s likely that television was a primary direct method of informing New Orleans residents of the order to evacuate the city before Hurricane Katrina. Television does bear the power of precedent, here; when almost every US citizen has a television, it’s hard to practically advocate another method of mass communication. However, the spectrum that the broadcasters inhabit is “beachfront property” — the low frequencies that best penetrate solid structures. Even keeping in mind the public service aspect of television I’ve described, is broadcast television really the best use of this spectrum? Computers these days are becoming almost as affordable as television sets. Why limit this portion of the spectrum to broadcasting, when it could be used to provide WiFi to entire cities better and cheaper than ever before? Broadcasting offers only a limited range of programming, while the Internet can provide access both to traditional media and a wide range of data services for both communications and entertainment.

Only 61% of Americans use the Internet on a weekly basis. Perhaps we could risk creating a television “digital divide,” if we were to alleviate the real Digital Divide in the process?

Amazon has had public relations battles in the past over the practice of dynamic pricing, or charging individual customers differently for the same products based on various criteria — the user’s ISP, browser, or previous purchasing habits.  If every company used a ChoicePoint-like service to gain access to full information about a customer’s purchasing tendencies, that customer might find prices raised across the board for products they commonly use.  Alternatively (and this is naturally what retailers would like customers to believe) consumers might be in a better position with dynamic pricing to take advantage of special offers and discounts directed at them.  Either way, in a culture where customers tend to get upset if the shelf price does not match the scanned price at the register, dynamic pricing is a natural source of controversy.  And it’s difficult to make the argument that a structure that removes control from the consumer is simultaneously benefitting the consumer.

I believe that this notion of control is also at the center of recent privacy debates; “privacy” may in fact be the wrong word.  Back when personal information could not be so easily compiled, it could not wander so far afield, nor be used as easily in ways detrimental to the consumer.  Until recently, most of us believe ourselves to be more or less anonymous and equal when we wander into a brick-and-mortar store in the United States, customer loyalty cards notwithstanding.  We believe, as a fundamental tenet, that price pertains only to the object to be bought, and not to us.  Therefore, it seems incredibly unfair to us when a store has increasingly perfect information about our likelihood of buying a product, even as we’re getting more used to lenders knowing our financial standing and employers knowing every detail of our past.  It’s not for me to say what the knowledge balance should be, at least without further study, in a transaction so dependent on probabilities.  I’d like to think, though, that as the consumer ought to be a fully willing participant in the exchange, he or she ought to have some power to withhold personal data.

Consequently, I think the most significant and influential features of the Model Regime of Privacy Protection are those three that pertain to control most centrally:  Informed Consent, Universal Notice, and One-Step Exercise of Rights.  If just these three points of the Model existed, I believe the average consumer’s privacy problem would be solved.  (Employment background checks and credit reports, however, are different and should continue to be allowed, because the institutions in question are not simply trying to make a sale but taking a risk on a person.  It is for these latter applications that a mechanism to ensure accuracy in these databases is particularly required; even 90% accuracy is not enough to be just when a person’s livelihood hangs in the balance.)  It’s because of this strong connection to consumer protection that I agree with the Model’s proposal of giving the enforcement job to the FTC, and fund it publically.  Forcing the burden of opting-out on consumers is merely another erosion of the consumer’s control.  Alternatively, one could decommercialize the information industry entirely by passing a law to allow the collection of information, but ban the transfer or sale.  (Opt-in, of course, could still be allowed.)

Many comparisons have been made in previous posts between the RIAA approach to illegal filesharing and possible methods of confronting online gambling. However, for policy purposes, there are a few key differences between music piracy and online gambling that I would like to highlight.
First we can consider the harm done by each. Even after the RIAA began to sue individuals, upping the stakes, many people believed that they could avoid the RIAA’s eye by only downloading files and not uploading any. Once downloaded, the damage was done, from the RIAA’s perspective; there was no need for the user to hold a connection open to play the downloaded MP3 file. More generally, I believe that the primary harm of internet piracy, again from the RIAA’s perspective, was breaking the monopoly-esque power of the record labels. It disinclined people from buying music in the way that people previously bought music: hearing a couple key tracks on the radio from a highly publicized rock star or diva, and fronting $20 for about thirteen songs of varying quality. Since then, consumers have come to appreciate new and less formal methods of music distribution that generally offer them more value: on-demand downloads, online radio, podcasts, and MP3 blogs. While piracy itself has hurt the RIAA’s profits, I think the shift in the market that piracy precipitated has been at least as troublesome a phenomenon for them. Even as their methods of piracy prevention have become more effective, they still have not seen the recovery they would like.
The harm of internet gambling is qualitatively different, and distributed differently over time. Whether the state bans are intended to protect gamblers from themselves, or simply discourage that form of economic activity, let’s assume that there is good reason for the ban and that the harm is very real. Online gambling requires a continuous connection to the Internet, and an indirect method of payment. Both can be attacked. While the RIAA has accomplished nothing until every “free” copy of a file is gone from the ‘net, every gambler who is prevented from gambling on the Internet is a small improvement in the situation. Making it troublesome for a user to connect to online gambling sites will likely also cut down on the addictive nature of playing. The final thing that is different is the issue of trust. Assuming the RIAA doesn’t sue you, taking a “free” copy of a music file from the Internet is relatively safe. While most people are aware of problems with gambling, there’s a certain assuredness in real casinos that the game is fair. I am surprised that this complacency transfers over so well to the Internet. It’s all too easy to create a scam site claiming to be an online gambling site that is in fact cleverly programmed to take money outright from its participants. This is the front I’d take, with a few large media stories about people who lost everything to internet gambling, and touching upon questions of fairness.

The more important question that intrigues me is the larger one regarding the governance of the Internet. In our first class, we discussed the development of an ad hoc form of trademark law by ICANN, and the ambiguities of jurisdiction apply to many more cases than online gambling. As we have discussed in class and on this weblog, copyright, trademark, and even decency standards tend to come into conflict. Conventionally, aside from gamers who enjoy immersive worlds, people think of the Internet more as an institution than a place, the latter word being reserved for real-world geographies. From this point of view, law would seem to straightforwardly suggest that the user is only in the geographical place and not the virtual one, leaving the problem one of enforcement (the aforementioned “arms race”). Is it possible that we might one day all come to think of the Internet a place of its own, that can be governed? Such a view would does make today’s legal questions of double jurisdiction extra-puzzling, for it is the first suggestion that we now have the mysterious ability to be in two places at once. Jurisdiction itself would start to make little sense, as there is only interaction with other people.