InfoTech & Public Policy

Many people in class on Tuesday and in their posts since have been uneasy with the idea of all phone calls or even all international phone calls being screened by a computer. Others felt that the stakes were too high, and that national security comes before any uneasiness we may feel. While the case in favor of national security has its clear points, our pleas for privacy seem to come simply from a vague discomfort or a blind appeal to freedoms granted in the bill of rights. In order to weigh these conflicting interests it is necessary to get a clear picture of the specific freedoms we sacrifice in the face of this “blanket wiretapping.”

If we assume that the technology and the intelligence, in both information and cleverness, of the NSA is enough that these wiretaps do have the potential to discover and avert potential threats, the question becomes how much is this computer scan violating our privacy. To help figure this out, it makes sense to try to understand how a conventional wiretap does violates privacy. In a conventional wiretap, another human being, more importantly a government agent is listening to and making record of the contents of a person’s call. There seem to be many clear reasons why we need to protect the innocent from such invasions. In order for relationships and interactions to exist in any real way, there needs to be some assurance that we can say things to another person without anyone else knowing or hearing. There is something lost, even if we have no intention of breaking a law or discussing breaking a law, when we know a conversation is being overheard by another person. Yet, we must be sure not to assume that a computer eavesdropping will have the same effect. A computer lacks consciousness (for now), and lacks the ability to judge. More importantly as the system has been described, it lacks the ability to make a record in most cases. There should be no reason why a person would feel intruded upon by a computer searching for keywords in his or her conversation. Yet, for some reason, there is still some uneasiness.

If we imagine the government using conventional wiretaps across every citizen there are clear and justified fears. A government that has that much knowledge of its people’s desires, intentions and actions is on its way to if not already draconian. Yet this danger only arises when all the information is synthesized and all the records are kept. If the NSA’s filtering system is effective, then 99.999% of phone conversations might as well have never even been listened to, and furthermore of those that are listened to and recorded, surely 90% ought to involve discussions of a grave threat to the every citizen in the nation. These numbers may be generous, and perhaps if the system is not so effective there is a danger of a draconian government, but if they can develop a system that has effectiveness on this level, our fears will become unjustified.

Our immediate discomfort from hearing of these secret blanket wiretaps is very understandable. Anytime the government does something without our knowledge the usual assumption is that they must be doing something somehow wrong. If we describe the surveillance as “wiretapping the whole nation,” it’s clear that this is simply too much power. However, if we assume that the NSA has developed an efficient system, describing it as secret blanket wiretaps seems to be misleading. The problem seems to be, and it seems will remain, that we will never be comfortable with this kind of surveillance until we fully understand it. If the government were to come forward and reveal the details of an effective system, there should be no reason to speak out against it, even if we don’t fully respect the dangers it seeks to prevent; the fact is that an effective computer filter does not invade our privacy in the way that a wiretap does. But is it still safe if we just to assume?

The problem is that we cannot be sure to what degree the federal government is intruding into our lives, simply because they have worked so hard to keep it secret. Perhaps if the government had been upfront about the plan, we may have reacted too rashly, and perhaps they knew this. There’s also the chance that being upfront about the system would allow people to circumvent it and render it useless. However, these concerns are not compelling enough to grant the federal government a blind trust. We seem to have fallen into a catch-22.  If we assume the system to be as it has been described, we should have no real argument against it. But since it remains shrouded in secrecy, our fears of a draconian government remain justified and important. Thus we must fight to expose the system, despite the fact that it may be vital to national secret while still respectful of our rights, because we simply don’t know yet.

The future of the video content industry is an issue that requires highly focused policy discussion. A simple policy of complete protection or complete freedom of innovation in the broadcast industry would be too myopic. Some may see the need to protect major broadcasters (ABC, NBC etc.) from imminent obsolescence; however, others feel the narrowcasting solution has too bright a future to be held down. The question we face is how to make sure the old business model is phased out smoothly, and how to nurture the development of a new narrowcasting model.

While some policymakers will try to protect old broadcasters simply out of conservative nostalgia or under-the-table ties to TV executives, there is a real danger in simply leaving them out in the cold. If for instance, ReplayTV had been allowed to eliminate commercials from the TV we watch (assuming everyone soon bought a ReplayTV box), the broadcasters would lose all incentive to continue providing high-quality content. If we had eliminated their entire revenue source, we could have seen an entire collapse of the television programming industry. This may be a desirable consequence as some posts have touched on, but it cannot happen too abruptly.

When such a fundamental change occurs to a major industry like this, it must happen slowly so that the entire base does not fall out from under it. If all the broadcasters go under, we’re stuck watching home videos of people getting hit in the crotch with footballs on youTube.com because there will be no capital and no moneymaking model. Programming would be limited to amateur Wayne’s Worlds broadcast from peoples’ basements. Unfortunately, for now all the capital for video content lies with broadcasters tied down to the old model. If we pull the rug out from under them that capital goes up in smoke with them. Therefore we need to slowly tug at the rug so that they learn to adapt and find a new model on their own, and bring their capital with them.

“Tugging at the rug” may be a vague concept but only because it is not quite clear how to balance the protection of the old titans with innovation. Broadcasters have already looked towards more subliminal integrated advertising as a new model, but not with enough success to completely fuel the market. Subscriptions and per-show purchases are another option that has been met with only limited success. Perhaps the solution will be a combination of many models. However, the details of the new paradigm are not that important to the discussion because in many ways they are simply out of our hands. It is more important to make sure that we do not protect broadcasters’ content rights too vigilantly. Place-shifting and time-shifting appear to be the most desirable modes for people to receive their entertainment; we want TV when and where we want it. Therefore we must walk a tightrope to allow these new narrowcasting broadcasts to flourish while still allowing the old business model to die a slow and painless death.

The specific policy questions are tough. How much should we allow a TV show to be edited, rebroadcast, and distributed? Where should the limits of fair use come down in the best interests of innovation and protection of the entertainment industry? These questions have no simple and all-encompassing answer. We must handle each tug that the innovators make at the broadcasters’ rights on a case by case basis, and at all times make sure that we balance forward-thinking with a protection of this long-established and vital industry.

In our discussion of computer security this week we seemed to come to the consensus that there was at least some degree of market failure. The problems of asymmetric information (lemons), monopoly power, and misaligned incentives seem too great to allow for the claim that the market fully tackles the destructive force of hacking. We all also seemed uneasy with the idea of holding grandma accountable for the malicious activity of that worm that somehow found its way onto her harddrive. However, that uneasiness is in response to how liability would play out in the current market. The more prudent question to ponder is what kind of market will a new set of liability laws lead to. It may in fact be true that the root of the market failure is a lack of liability, and that legislating that liability would be a solution to all of the security and market failure issues.

To understand how effective these laws will be we must look at not only how people will respond but how the market will respond in the long-term. At first examples would be made, just like in the RIAA cases. Grandmas across the country would have their computers hauled off by the FBI and slapped with giant fines. As Avi mentioned in class the unfortunate reaction to this would be a decline in computer sales; people would be afraid of the risks involved with connecting your computer to the internet with all the current security issues and may just avoid them altogether. At that point some people may respond by educating themselves on how to keep their computer safe, certainly a beneficial consequence. After some of the immediate fallout had passed the market would begin to respond by shifting its focus. This is where the real solutions come.

These fears of liability would lead to the development of a market for a more limited computer. The major drawback we touched on time and again in class was the give and take between security and functionality. However, the current market fails to make use of this fact. Everyone from your Grandma to the head of IT at IBM basically uses computers with the same functionality, and that is simply unnecessary. If people have an incentive for security, they will be willing to sacrifice the functionality they never actually make use of for protection from risks. And thus, over time the computer manufactures will design an array of products, each of which has a different balance of functionality and security for different levels of educations and need.

This new market has enormous potential. People will become concerned with how effectively they will be protected from liability, and thus software designers will have to respond by focusing on these issues and making their security features a clear selling point. This will start to eliminate some of the lemon and asymmetric information problems. The incentives problem would be eliminated implicitly in the design of the law. Surprisingly however the major issue of monopoly control may too be solved. If a whole new market for operating systems and software emerges overnight, Microsoft will not be in any better position to handle the new demand than any other start-up. Thus with these new laws, a whole new computer market could pave the way for new software companies to gain market power and recognition.

Many people seem to reject the idea of liability because these malicious attacks happen without anyone ever knowing. However, ignorance has never been an excuse in law, and it seems strange to allow for it now. Furthermore, instead of viewing ignorance as an excuse, it makes more sense to view it as a consequence of a lack of liability in the past. No one needed to know because no one has incentive to know, but changing our viewpoint on this could change the computer market for the good.

When it comes to regulation of any market our policy is generally “hands off”, unless there is some major harm in not regulating some practice.  However, the internet is such a unique and powerful tool, that we must be all the more careful in examining these potential harms, before allowing the market to develop haphazardly.  The danger in failing to maintain network neutrality between ISPs and content-providers just may be great enough to overcome our tendency to let the free market determine its own character.

Most of why the internet has exploded into this seemingly endless world of information derives from the fact that there is almost no barrier to entry.  To start up and maintain a website costs pennies a days.  This means that the success of a website has little to do with capital and almost everything to do with quality of content.  This is a rare and amazing characterisitc for a truly efficient and competitive market.  The internet is as close as possible to a barrier-free market.  This ease of entry is vital to the internet maintaining its depth and variety.  If ISPs were allowed to charge websites for different levels of service to its “real” customers, the internet would become the same as every other market place out there and the power of its simplicity would be lost.

The packet distribution layer of the internet also requires simplicity for efficiency.  Although it’s a common assumption that the free-market will be the best route to efficiency, this may not be the case for a priority tiered network.  The current system for routing packets across ISP’s networks is fairly basic and rudimentary.  This is not for lack of understanding or even completely from a dependence on out-dated systems, but rather because overhead in network exchanges can pile up very quickly, especially with a network of the magnitude of the internet.  If packets sent across multiple networks had to be examined and sorted by some sort of preferential priority at each router, overall efficiency would have to be sacrificed in some form, this simply cannot be denied.  The question then becomes, if so much efficiency and simplicity is given up, what is gained when we sacrifice network neutrality?

The motivations for this new paradigm of network revenues are not that clear or compelling.  ISPs have a definite motivation to create a whole new source of revenues.  Presumably these revenues would be passed on to the consumer in greatly reduced prices, but are these reduced prices that necessary, considering how quickly they have been falling on their own in the past?  The dangers of giving up network neutrality may not be that grave, but it doesn’t seem like there is a clear benefit either.  Perhaps this is not a strong enough argument for regulatory legislation, but it still seems illogical to allow ISPs shift to this less efficient revenue scheme for no good reason.

For my post this week I wanted to take a similar stance to Martin’s but approach the argument from a slightly different angle. Although the virtual world may have begun as just another computer game, it may be more helpful to view these worlds as what they seem to be turning into: independent economic nations. As mentioned in The Unreal Estate Boom, the GDP of these virtual worlds is reaching nearly $300 million, on par with the per capita GDP of Bulgaria. Yet these economies have some unique properties of instability that could threaten more “real” markets if they remain unregulated and unchecked. The interesting question is then, how would the US handle trade with such an unstable economy, and what special steps can they take considering they exist entirely within US jurisdiction.

The most characteristic instability of these virtual-world economies is that all of the wealth that exists in them sits on a server somewhere; it’s not real. Some may claim that all forms of our economy have become digitally abstracted, however, unlike securities markets, online vendors, and digital bank balances, this world is accessible by nearly everyone and exists in near lawlessness. It’s clearly a much more difficult task to hack the NYSE and inject a self-perpetuating destructive virus than it apparently was for a single user to do the same in Second Life, twice. In most cases, free markets would prevent investments from flowing into such an unstable market; however, most users view the virtual world simply as entertainment and don’t spend much time scrutinizing the soundness of their investment. If the government saw large amounts of US dollars flowing into an unstable foreign economy, they might take some steps to hinder the exchange.

Another dangerous characteristic of this new economy is the “government” regulating it: the programmers and company management. A normal nation’s government has a vested interest in maintaining its economy’s stability and growing domestic production. The people in charge of the virtual worlds only really care about keeping membership growing and happy, and thus far have had little interest in the virtual economies that have sprouted. They also have a unique power over this economy that poses a much greater threat than any real government could. They have absolute power over scarcity of resources. With basically the press of a button these “Gods” of the virtual world can double the country’s land resources and dole it out to whomever they choose. They can also make anyone’s possessions disappear, or make anyone’s virtual dreams come true at no cost. Thus far the companies have strived to maintain a sense of fairness in their worlds (however they may define that), but possibility remains for a virtual world whose creators wait until it has amassed an amount of real world wealth and then try to gather it all up then cut and run. We should not depend on the virtuousness of these company owners while we watch these worlds expand and begin to have an actual influence on our own economy.

There is also the sense that this is not just a foreign nation, but an economy that is drawing from our own economy for its growth. US dollars are being earned and spent on battleaxes that aren’t real, and castles that don’t exist. Even though these “products” don’t exist they still somehow have to be “produced”, through a series of mouse clicks and key presses. If interest in this kind of product continues to grow, the workforce that actually makes their living from it will grow with the demand. At some point we will being exchanging large sums of US dollars with likely foreign companies staffed with “sweatshop gamers”. Yet the paradox of this fact is that the only real value of these virtual products is given to them by the arbitrary scarcity that the game designers have given to resources in the world. There seems to be something illogical about spending good money on that, but that may just be the fun of it.

These new economies pose some unique threats that have thus far been overlooked and as real money becomes invested, the allure will grow and they will take on an accelerating, self-perpetuating rate of growth. Yet there doesn’t seem to be much added to the experience for allowing real value to attach to virtual money. The scarcity still exists without outside real-world markets; that is after all what makes it exciting. Furthermore, the level of addiction discussed in other posts seems similar to gambling addictions, which is not a far-off description when virtual money takes on real value. To me the clear solution seems to be to keep virtual and real economies separate, however, I may have misstepped in some of my economic assumptions. I’ve only taken a couple of economics classes, so I welcome any responses or corrections from more experienced economists.

For my post I am responding to the FCC notice on protection of consumer phone records in regards to consumer-set passwords. Instead of repeating a lot of the points made in ER’s post I am going to address some of the counter-points to the consumer-set password and the importance of the opt-out method mentioned in her post.

As ER mentioned in her title, consumers hate passwords, mostly because they hate hassle. Carriers also hate passwords for basically the same reason. So, the question becomes, if neither side of the issue is in favor of them, is this a situation where the government needs to step in and enact a “seat-belt” rule of safety? The answer is yes and no. ER mentioned a clear example of a CEO who would have greatly benefited from password protection of his cell phone information. This CEO is not alone: politicians, former fraud victims, anyone who has strong fears or high costs for their records being released or their phone’s identity stolen will desire a password if given the option. Currently, the protection provided by a social security number or a maiden name is not enough for these individuals. A password would provide enough, by requiring information completely inaccessible through public databases. Yet, not every individual fits into this category. Some have no need or desire for increased protection. An option allows for protection when needed and ease-of-use when desired.

The need to provide an option for a password is pretty clear. The need for that password to be opt-out isn’t as clear and hinges mostly on the carriers. The carriers have their own motivations for not requiring passwords: they need to implement new technology, new training, and service-call-time overall will likely increase. It is these very motivations that would likely lead an opt-in system to turn into basically a non-existent system. We may be able to require the carriers to mention the offer of a password but they will likely hide the feature as well as possible to limit its use. With an opt-out policy the carriers are responsible for making the consumer completely aware of the password and the protection it offers if they indeed want the consumer not to use it. This system aligns the carriers’ incentives for simplicity and low costs with the consumers’ more latent incentive to protect their own privacy. Basically, as an opt-in method, a consumer-set password becomes ineffective, but an opt-out method makes the public fully aware of the importance of passwords.

One of the other main drawbacks brought up in the FCC notice concerning passwords was the difficulty in handling password resets. I think the simplest and most effective solution for this is to not allow password resets over the phone, simply because it eliminates the protection provided by the password in the first place. If a consumer needs to reset her password, she can request it be sent as a text to the cell phone directly, ensuring that only she will receive the password, unless the phone has been lost or stolen, in which case the consumer would probably have reported it in a short period of time. The password could also be sent to a pre-registered email address, which cannot be changed unless with the password. If neither of these solutions are viable for the consumer (an unlikely scenario), the password could be sent directly to the consumer’s home address in writing. In each of these cases the destination for the password is determined before the reset request is made and therefore any reset request would require no verification information and therefore pretexting would be ineffective.

The important features of a consumer-set password policy are that the protection is never compromised, as in poor reset policies; the consumer always has the option to use a password and also the option to not use a password; and that the consumer is made aware of the importance of a password, and more importantly the risks their privacy faces without a password. If these conditions are met, the total cost to carriers will be low, the inconvenience for consumers will be incurred only when they desire it, and the risk of pretexting, the largest of the phone records security issues, will be significantly reduced.

The discussion of bit torrent in class revealed some of the myriad uses for an efficient P2P file-sharing system.  Jon Epstein’s post, A Broader Perspective also entertained the potential for P2P networks to change the landscape of creative expression.  It’s clear that in judging P2P networks we must do more than examine their current legal implications but also their more far-reaching and forward-looking societal implications.

The question becomes: does our current system of regulation allow for this judgment of societal impact.  The court’s decisions have been effective in protecting existing copyright legislation, but these decisions have been limited and somewhat myopic in their scope.  The problem with the judiciary is that it is ultimately limited to interpreting the laws we already have in place in a strict dichotomy: legal or illegal.  This system is unequipped, intentionally so, to examine impacts not expressed in the written law.

Yet the government has not been completely ignorant of the need to protect emerging technologies from existing legal restrictions.  Sometimes the potential is so great that the extenuating issues it may bring up in its infancy can be at first overlooked.  Congress took it upon itself to protect the growth of the internet in the Digital Millennium Copyright Act of 1998.  This Act made explicit the protections of ISPs from copyright prosecution and also made sure that they followed certain regulations to maintain that protection.  The same needs to be done for P2P networks before they become extinct entirely.

P2P networks will continue to be abused by the masses of users out to get free content.  And these “anonymous” networks will continue to pop up, designed by hackers who have little interest in making large profits, only taking down “the man”.  A new P2P protection Act could make designing networks for the clear purpose of spreading copyrighted content while attempting to avoid liability a more serious offense.  It could also protect those networks that do try to serve uninfringing goals, given that they meet some guidelines.  These guidelines could be as simple as tracking content and booting users who spread copyrighted content.

The problem right now is the same old story and the same problem the RIAA is claiming: there is no incentive to create.  Software designers have no incentive to create P2P networks that protect copyrighted content because there is not guarantee that they themselves will be protected.  Similarly software designers have no incentive to create a real money making paradigm of P2P networks because they know that it will be destroyed once it reaches a meaningful size.  The risk of being disassembled entirely by the courts is too great to allow for any real risk-taking.

The system of P2P networks in its infancy has been grossly abused for spreading copyrighted content.  Yet, we can’t let the initial tendencies of its users destroy the technology entirely.  Instead Congress has to take it upon itself to outline what makes a respectful and uninfringing network, fiercely prosecute those networks that don’t meet these guidelines, and just as fiercely protect those networks that do.  The current system is too vague and uneasy to allow P2Ps to reach their full potential.