InfoTech and Public Policy

People may agree or disagree with the need and appropriateness of content-based searches of communications by the government, but they seem to be happening whether we like it or not and whether they are authorized are not. Given this reality, the two options are a serious clampdown on the intelligence agencies or to formalize some kind of mechanism for oversight of these searches. I’d say the first is impractical with so much secrecy surrounding budgets and practices. It also may not be good if there might be legitimate uses of theses searches. This leaves the other option of creating a mechanism to approve and oversee these searches, perhaps as part of the FISA court system or as a separate but similarly structured entity. Sort of the logic: “If you can’t beat ‘um, join ‘um” — and then maybe you can exercise some control through that.

Of course, criteria would have to be set for this type of court/formal approval system. Requests for these searches would have to present the exact algorithms that would be used to search, the generically-defined but intended target of the search, the exact types of communications to be searched and reasons for each of those, perhaps some geographic limitations as far as message origins and destinations, the private sector providers to be cooperated with and utilized for the search, and the expected level of false positives from these searches. There of course could be more criteria as well as more limited qualifications for each category. Further, there could be review after a specified period(s) of these sorts of searches as far as the level and type of false positives actually occurring and, if possible, the national security gains derived thus far from a content search. These reviews could inform the court/system on the need for continuance of the search and any changes in the criteria that initially justified it. It could further offer refined information to apply to other approvals as far as predictability of false positives and the reasonable scope that should be allowed. The point is, rules can be set up that offer some way to control such searches vs. the alternative of complete intelligence agency/presidential discretion.

Such formalization would also be helpful legally. With so much secrecy surrounding even the existence of such programs, companies are stuck in limbo on how to cooperate and how to defend themselves. Leaving it like this could lead to further pushes for dangerous laws that extend sovereign immunity to anyone government works with, sometimes called “government contractor defense.” Such blanket proposals could lead to severe losses in accountability and open the door to further abuses. Even without such laws, under-the-table dealing for such arrangements and the judicial stalemate are serious problems. Having a formal court approve such searches would make these arrangements between government and the private sector at least somewhat more legitimate, reducing private sector and judicial uncertainty as well as some potential for abuse. It’s not a perfect solution, but it would clarify some present issues and keep the worst abuses in check.

Bringing these activities out through some sort of mechanism of approval is possible and far more ideal than the alternative of leaving them completely unregulated. Though such a system might legitimize these activities and perhaps lead to a slightly higher usage of such searches, it is important to keep in mind that these searches will occur either way at some level, and they might be a reasonable response to changes in technology and communications. FISA was a response to the abuses of the Nixon administration, and has generally been thought to work. A new court or expanded FISA might be a reasonable response to current abuses, needs, and loopholes.

While many of us in class favored options to improve computer security that chipped away at the ends through either bounties/enforcement to catch and deter hackers or through research to preempt and stunt attacks, we collectively remained stumped on delivery to the end user and questions of cost and effectiveness. End users undervalue their own need for security and the externalites caused by an individual securing or not securing himself. And the dynamics of a lemons market make it hard to distinguish good from bad software in regards to security. Clearly there are market failures for a problem that will inevitably grow larger and more costly over time. How can government intervene to correct these in a non-harmful way at minimal direct government cost and minimal distortions?

One answer which could work in the case of computer security is defaults. It is a strategy that is becoming more popular for everything from savings plans to organ donation. Essentially, people will tend to follow the default outcome (the one they are placed into when a proactive step is not taken otherwise) even though they are free to choose to do other things. Therefore, if something is made a default, then more people “choose” it than if it is merely an option that would take proactive steps to pursure. This happens both because people are lazy but also because they are uninformed about many things and take defaults as a sort of advice of what the norm is. Socially desirable outcomes can thus be set as default outcomes to increase the instance of their being chosen without restricting the actual choice of the individual. Instead of mandating a behavior, which is rather parternalistic and would lead to calls for offsetting new burdens through funding, the government could simply make certain behaviors default so that choice is maintained but allowing the cost to be bourne by the chooser.

So, how can this be applied to the computer security and software market? First, the government would have to make a mandate of sorts, but on either computer manufacturers or ISPs. This mandate, however, would only require either of these entry points to computers or the internet to make virus software and other protections available to consumers as the default choice when they begin to use the product/service. For instance, on each new computer bought, virus software could figure automatically into the price quoted to the consumer and will come on the machine, unless it is requested to be taken off. This happens with cars all the time. Features are automatically thrown in and added as line items to the price, but can be taken off or not automatically added should the request be made. Thinking long-term, the pre-installed software can be automatically set up and paid for for a few years to avoid lapses in security at later dates. Consumers could still opt out of these costs at will, but they will have to actively choose insecurity, which is much less likely to happen.  And if all computer sellers are required to build this cost into their price automatically, then companies do not have as much room to gain an edge over competitors by offering cheaper comptuers without these protections.  Such requirements for virus software can be placed on ISPs instead, just perhaps in a more complicated way.  When consumers sign up for internet access, they can be steered into packages with antivirus protections.  That, or when starting to use an ISP, their machine is checked to detect virus software, and if it is lacking, then they can be presented with prompts to buy software and warnings of its importance. The prompts could automatically check off a reasonable protection package, but offer a variety of other options, and the consumer would have to take several steps to actively avoid purchasing protection. To really push this, such annoying prompts could appear every time the internet is used by an unprotected consumer to remind them of dangers and to help internalize the externalities they cause in being unprotected. This may ultimately influence them to buy software to end the prompts and pop-ups. Again, choice is maintained, but people are steered into a socially desirable result.

In either the case of computers sellers or ISPs, the costs of such a change are minimal in that it only requires direct offering of protections to consumers. Consumers would end-up bearing the costs, but through their own choice. Some may wish to defend consumers against this cost, but in all honesty, it would not be much. Decent software is not expensive, and if demand goes way up due to default changes, the price is likely to fall.  As for government, it would have to spend very little to enforce a rule as simple as requiring companies to offer software in an automatic fashion.

The question may still remain as far as standards for the level of default that is automaticlaly offered and how to avoid the race to the bottom. But these are issues that can be overcome perhaps by structuring some expert panels or boards to set standards. And these can be very broad. Further, I want to reiterate, a race to the bottom has very little place to go when the cost of decent protection is already rather small, so it may not be a huge problem.

Anyway, default policies can be one option to increase end-user adoption that may work. Along with research and bounties, this combinaiton of approaches would be a good start to containing the computer security threat without overbearing government and ridiculous cost.

Economically, outsourcing IT functions can lead to savings and perhaps efficiency for both parties. It can create jobs and viable industries in developing countries, and perhaps does not overly threaten the livelihood of IT programmers and engineers in the U.S.. Finally, in an increasingly globalized world, the spread and integration of businesses and functions across borders is inevitable. But understanding all of this does not mean outsourcing for some companies or government functions is always the right option. Too often companies and organizations jump on the outsourcing bandwagon without considering the full range of consequences for their own business.

A particular risk many industries face that also applies to the IT sector involves product integrity. It may be cheaper to make something in China, India, or Bangladesh, but is the output really the same? There can be all sorts of checks on quality control, training, strict processes, and screening of employees, but when operations are made more remote, assurance of integrity diminishes. From tainted food products, to inconsistent clothing, to faulty parts on vehicles, many manufacturing industries have trouble upholding the same standards that would be expected in a domestic factory.

While business in the IT world is unique, it faces potentially the same problems and perhaps more in this regard. Its products often require consistency just to be useful, let alone satisfactory. Standardization with overall product lines is critical. The individual product may be responsible for for endless other functions making problems or failure that much more consequential. Competition is fierce and trade secrets can be vital. Finally, private information is often transmitted in incredible volumes and is also easier to compromise in such volumes. These aspects and perhaps others make IT outsourcing especially vulnerable should there be losses in integrity of processes or products. As more parties put their hands on a product and as the central authority has less and less oversight capability, there can be intentional and unintentional breakdowns in what occurs. While the IT specialists may be plentiful and cheap in a foreign place, and while measures may be taken to ensure good outcomes, those measures cost money themselves (most likely more than would be required to implement the same techniques and oversight locally) and the gaps that must be bridged are often hard to anticipate and correct for.  This risk in outsourcing of losing precision and quality is often misjudged or ignored but absolutely necessary for industries, including IT, to recognize when deciding what to send out.

In some cases, companies have discovered outsourcing for certain products and services is overly complicated, and some are moving back to the States. Granted this is not the overall trend, but illustrates how outsourcing brings in all sorts of hidden troubles that can be costly themselves. While basic calculations of savings show cheaper labor, lower costs of inputs, and lower taxes, the costs of oversight, quality, and public relations often get ignored, even though they may ultimately outweigh the “savings.”

The point is that the choice to outsource should not be made so hastily as to overlook the benefits of keeping things on more familiar and more controllable territory. This message is even more important for those industries like IT where high quality output is critical, standardization of output is important, and where sensitive information is exchanging hands. The decision to outsource may still be a good idea for many, but it should not be taken as a given that it is universally necessary or postive. Without these calculations, the risks being taken on have the potential to destroy businesses, endanger clients, and undermine critical operations.

E-government is all the buzz for democratizing government operations by making it easier to offer citizen input. While this is all well and good for taking advantage of dispersed knowledge and effort, government should first try and figure out how to better use the resources it already has. Specifically, I’m refering to the government staff and bureaucracy. While in some cases the influence of an individual public employee is overly large, in most cases the broad expertise that exists is rather untapped and good ideas do not rise to the top. Government employees see a lot and know a lot about issues and government, and a first step for improving government might be to utilize technology to draw out that perspective and expertise.

Government employees know the inner workings of government better than anyone.  They are the whistleblowers quite often, the sources for journalistic leaks, and so on.  But in a large bureacracy and government machine, their knowledge is underutilized.   The government should find ways to solicit from them important information and suggestions regarding operations and policy.  This can be from the bureaucrat who notices an inefficiency that corrrected government-wide could save millions.  Or it can be better feedback from the implementer on the ground for a policy on what works and what doesn’t.  Or it can be the congressional staffer who can anticipate hurdles to policy or who actually went to all those hill briefings and can disseminate what was said.  Technology can be used to create some sort of information network to collect and diseminate these things.  It can be a “facebook” style site where governement employees only have access, create profiles, and utilize applications that allow them to make suggestions, read best practices of others, and engage in discussion.  Or it can be a more topic based system where federal users can search out information but also respond to and suggest problems/solutions that then solicit information from other users.  The military has “CALL” — the Center for Army Lessons Learned — that seeks out, collects, and disseminates information from the bottom up so that good ideas within the ranks are less likely missed.  While this is an imperfect system, it is a reasonable model of what can be done government-wide.

Both for the public good and for their own worklife sanity, government employees will want to share many things they know.  Yet, there might also be the idea of an x-prize for innovation or savings.  Either the best innovator or the biggest saver of government funds who has their idea reported and implemented gets a monetary prize.  Or, perhaps employees can be offered a kickback such as 10% of the savings from an implemented suggestion of theirs for the first year.   These would encourage further participation and create incentives to improve government from within.  Overall, this network would need to ensure professionalism and openness.  While it would not be intended as a whistleblowing mechanism itself, identity and source protections might be important to build in for some information inputs so that federal employees will be more candid and real problems can be rooted out.

Using the staff and bureaucracy more efficiently to make better policy for government is the first step in the direction towards greater citizen involvement. Not only does it achieve some of the same principled goals of e-government by broadening the pool of “experts” consulted, but it allows a controlled experiment of how to collect and effectively utilize information from a broad resource but on a comprehensible scale. Improvement in government processes would occur and the governement could test out the best mechanisms to then bring in broader persepctives on how it does business. Before opening the flood gates, government should first figure out what it already knows and perfect its techniques for harnessing what is out there within itself.

Should a company that runs a fake universe/economy be treated the same as any other real world company? They are actually quite different and would necessitate different approaches and potential regulation.

In the real world, companies provide services and exchange real goods. You buy a house and get a house, you need a sandwich and you get one, you want to hear music so you go to a concert hall, etc. While some things may have inflated values, lack intrinsic value, or have dissipating value, the company does a pretty straightforward thing — it provides something in exchange for money. That money can then be used in a variety of ways by the company/investors, or whoever, but the client relationship is clear in that money or time paid in equals utility of some sort paid out. When this relationship breaks down there can be lawsuits and so on, but regular companies do exchanges with their clients, and not investments. (and even with investment companies, the relationship is more a service and not an investment itself)

Separate from regular companies are investments in various things from banks, to stocks, to bonds, to various ventures meant to hold money and perhaps generate more of it. Money is put in and the intention is to gain more than immediate pleasure. People store their assets in markets and sometimes goods with the intention for realizing their value later and some expectation of market risk. These sorts of things are regulated much more closely than regular companies and are much more analogous to virtual economies.

Specifically this applies to virtual worlds like second life instead of virtual “games” like World of Warcraft and whatnot. With the games, people pay in money, but the investment is for pleasure and not as a store of value. Aside from the black markets for characters and items that exist, the value invested disappears at the end of the month when a new fee is due, and this is the expectation of players.

Things like second life have real trade and economies, however, that leak over into the real world through exchange of currency. What people invest in this virtual world is not just a “fun” thing but often actual investment of assets with the intention of maintaining those and perhaps growing them, and often with some intention (or at least the possibility) to siphon things back into the real world at will. Essentially, some people are looking to get more than enjoyment from such venues, raising this from a game to an actual market.

Therefore, it makes sense to treat things such as second life closer to the way markets are treated rather than just some company. The caveat here is investment in these assets is perhaps riskier than other markets. Other markets typically deal in real goods that have some intrinsic value or a value backed by an inherently strong entity. If things take a turn for the worse, there are assets to sell off, buyouts, minimal values for things, and some skills and actual human capital that can be taken to other enterprises. Moreover, any collapse of value would likely take some time. With a virtual world kind of market, there is nothing. Secondlife could literally disappear in an instant, and if it did there would be nothing to show for all the money and time investment. This would mean even more dramatic effects for the economy and individuals than when gambling with real assets. This kind of risky marketplace, especially when so much money and productive time are involved, deserves perhaps extra policy attention because the ramifications are even greater.

But riskier or not, virtual economies are markets and should be subject to policies that account for that. Probably some sort of special policy will need to be carved out, but it will need to mirror regulations from capital markets, banking, and perhaps gambling. This approach is necessary looking at how such arenas are used and their potential impacts.

So I’m pretty much a lemming when it comes to technology. I don’t always know why I use the systems and products that I do, mostly I know that several people that I consider better informed than myself on the subject told me to do it and there’s a growing wave towards something so that I have to jump on it.  And honestly, I think many people, especially younger generations are like that. T hey gravitate to things because others are, not because they know the merits of those techie things themselves.

Anyway, the point of saying all that was to bring up a funny thing about trends that is more subtle than monopoly power and innovation. Plenty of big name products come out that flop, and plenty of innovative applications and products exist that never reach the mainstream. Ultmately, there’s is the third element to success of starting a buzz and building from there. You have to capture the informed market but also create something enticing so that the less informed actually listen to them. Why is this the case and how does it work?

Why can be answered partly from psychological and political theory. Most people are lazy and looking for information shortcuts. It’s not worth most people’s time to understand tech details and keep up with everything. So they look to others for pre-processed information on what to adopt. In many ways, people are the best marketers to others rather than ads themselves. Social networks are critical suppliers of information from news to products, and technology is no exception. The internet especially works this way as sites, links, videos, etc. become popular because people tell other people and they tell others and it just branches out from there.

How this happens for tech products is a bit tougher to answer, but here are some ideas. With tech things, there’s so much out there, so much that is short-lived, and for laypeople considerable costs in switching (i.e. monetary and adaptation) that a good suggestion is only half the story. Something must capture people’s attention and seem either chic or inevitable. People don’t want to waste effort, but they don’t want to be left out or behind either. Therefore, something must either be inherently or artificially enticing beyond the straightforward quality of the product. Mozilla’s attraction that has set the ball rolling for it I believe is more inherent. It has a cool name, a cool logo, and perhaps hit some good timing as far as frusterations with internet explorer. But that extra element can be generated articficially too as with facebook, gmail, the nintendo wii, and so on. Gmail did this by having invite only accounts at first. Facebook had limited membership, and Nintendo restricts supply. Mystery and mild frusteration make something that much more alluring, just like when we were teenagers. The base slowly builds, and it’s something special to have one or be admitted, and eventually things open wider and wider until the product/site/whatever, has offically exploded into popularity and dominance.

So its not just the genuine characteristics of a tech product that make it prone to success or doom but also an extra element of generating product buzz. Reeling in the tech savvy market is key, but the complement to that which really makes the difference is developing cache that carries the message and the product from one ear to the next where it builds to the mass market. Sometimes a window of opportunity does the job, but companies seem ready to try other tactics as well.

The previous post on e-meds inspired me to think about a similar IT and healthcare issue regarding the creation of a national database for medical records generally. It’s sort of a throwback to previous discussions regarding data collection and identity theft, but with a system that is currently very far removed from its IT potential. 

Currently, there is no central or required electronic database for people’s medical records.  Their medical information is spread all over creation, across several healthcare providers and insurance companies and it is kept in a variety of systems that do not necessarily communicate.  This disjointedness leads to most treating physicians having very limited medical histories for people when making their judgments.  Individuals are often responsible for transferring their records from one provider to the next and there is no single source that collects and distributes this information for doctors to use. Proposals have been made to create a national medical database where physicians all over the country enter any visits, treatments, prescriptions, etc.  Other physicians would have access to it and could use it to have complete, up-to-date accounts of a person’s medical history.  It would be very similar to the way credit history is recorded and accessed, except with a single database (instead of three firms).  In fact, it’s intriguing that such a system developed for credit but yet not for the more fundamental area of health where full and accurate history could be critically necessary.

Yet there are a lot of issues to consider before jumping onto this idea.  Clearly, it would be good as an informative tool for physicians, and patients would stand to benefit from more appropriate treatment that takes into account the more comprehensive knowledge physicians would have access to.  But having such a database is also risky for patients.  First, as with any large collection of personal information, it is vulnerable to identity theft.  Some medical identity theft already occurs today, and it often benefits from the lack of communication in the system.  While credit identity theft is often short-lived due to quick detection, medical identities can often be utilized for much longer as it is harder to recognize false activity in such a system.  But a central database would collect lots more information on lots of people, making identity theft breaches deeper and more widespread.

Another problem relates to insurance.  Some worry that insurance companies might try to access such a database to determine insurance rates, which they currently must base on limited information and actuarial calculations. W hile good for insurance companies, a central database with near-complete health information would inevitably create problems for many people who need affordable coverage.

A further issue that such a database brings up leads to potentially good and bad outcomes.  When false information enters the present system, it can be limited in impact but also almost impossible to remove.  In a more interconnected database, false information that enters the system gets spread to everyone, however there perhaps can be mechanisms set up to dispute and correct problems more easily and completely.   Credit dispute systems, though,  illustrate the shortcomings in even a centralized system correcting itself.  Either way, there are pluses and minuses to each system that may have vital impact on a person’s medical treatment and perhaps their pocketbook.  

Switching to a national database brings up several other issues as well including privacy and inidividual access to one’s own record.  These inevitably will have to be hammered out.  Despite all the negatives, the move to centralizing medical data is still necessary.  The health benefits could be enormous, and it just makes sense in a more transient society where people will see a multitude of healthcare professionals over their lifetime.  All of the issues mentioned above should not discourage movement in that direction but rather inform it and act as caution for policymakers in seeking to develop such a national database.

The NAB has maintained its spectrum over the years through crafty lobbying and savvy political maneuvering.  At one point, they truly did hold a lot of the cards in this back and forth game over who controls spectrum and under what sort of system because broadcasting still touched the masses.   But today they have a very weak hand as broadcasting fades into the background.  Yet they are still successfully playing it against politicians.  Looking at things a little more objectively, politicians have more to gain than lose by upsetting the broadcasters.

Sure, 15% of households still receive television through broadcast signals.  This is a reasonable size chunk, but there are a couple things to note.  First, these are some of the poorest households. While as humans we all care for the downtrodden, politicians actually do not have much to fear from this group.  Typically, the poor do not vote and are nearly impossible to mobilize for a variety of reasons.  The U.S. government has long underserved the poor relative to other population groups in the country precisely because they do not have strong coalitions.  To suddenly believe that this bowing to the NAB is about protecting the poor and protecting one’s office simply makes no sense.  Ignoring the poor’s right to TV is the least of the rights (healthcare, education, living wage, etc.) that federal politicians should care about.  So honestly, political weakness vis-à-vis the NAB is not about votes.  A second thing to note is that this 15% is already down to the level that was acceptably set in other legislation for a switch from analog to digital.  While a slightly separate policy that was honestly set to be an unreachable number of 85% of households having digital tuners, if the same logic applies that you must have 85% of viewers accommodated before making a switch, then broadcasting has already been outmoded for 85% of viewers. Finally, if at some level there is some care for the poor 15% of airwave dependent households, then similar policies of subsidy can be adopted to ensure that the poor can receive basic cable service rather than relying on antennae.

But, the real question behind the power of the NAB is not about the 15%.  It’s about the need for local programming. While people are slowly becoming more addicted to national television, there is a critical demand for local news, which is not being filled by newspapers.  Though eventually online news may be enough, far more than 15% of households still need another medium.  But local television news does not have to be broadcast; creative options exist even though a changeover might be costly for local affiliates.  Again, however, the government can takes steps to ease these transition costs. 

The point is, if you can’t beat em, pay em off.  A simple accounting sheet would cover both problems of viewers and local broadcasters and still create revenue and efficiency that could be used for other purposes.  If there are fears of a backlash from broadcast-bound viewers, or the simple ethical obligation to not hurt this poorer group, then throw some offsetting money at them.  To maintain local television and yet pacify broadcasters, pay them off and help them transition to new technologies (granted they won’t be happy, but they will at some point recognize that they are fighting a losing battle and might bow to a sweet enough deal for fear of more forceful measures later).  Auctioning off the spectrum would rake in government revenue to cover these costs.  Then politicians can do something noble or flashy with the proceeds (i.e. pay off debt, save social security, fund a healthcare system) so that government gains some political goodwill for it standing up to NAB lobbies.  

More than anything, this hold-up on action by the government is really about misinformation and undervaluing the real political situation and possibilities.  If politicians recognize the actual balance of power and money, they would have little to fear in taking back broadcast spectrum.  

Private entities collect, mine, distribute, and act on all sorts of data on private individuals nowadays. Companies such as Choicepoint might even know you better than you know yourself with the aggregation, analysis, and mining tools they employ. And what they find out gets passed on to parties of all sorts, for good uses and for bad, with little regulation. The private sector has almost a blank check to act. And while some are bothered by this, most do not know or care that this is going on. Yet, if one mentions widespread government collection, analysis, mining, and sharing of data, citizens get very upset. Now, there is no doubt that government does collect information, share it at least internally, and mine it to some degree. But they are limited both by law and by public opinion in what they do. So why do people make such a distinction between the private sector’s right to data and the public sector’s?

The main reason given is to avoid big brother government that is all-knowing and all-controlling. Further, the argument goes that government should be especially feared because of the powers it wields over citizens above and beyond what private entities could do. Plus, limited government is just plain ingrained in to the American psyche. These are valid points to some degree, but they do not necessarily make sense when it really comes to protecting individuals and privacy.

First, private companies exercise significant, underappreciated power. Private entities can have enormous impact on an individual’s finances and his/her ability to move freely and live peacefully. If life, liberty, and the pursuit of happiness are ideals, then they have perhaps greater influence on the last than government itself. Tracking and selling people’s information can compromise a person’s way of life and quality of life in extremely intimate ways.

Second, the distinction is illogical. Why people tolerate large, national companies playing with their information in unprotected, secretive ways and yet become up in arms about a national ID system is often contrary to their interest of privacy protection. To determine that consumer preferences and advertising are sufficient reasons to trade in private data but not national security is an unusual and unfortunate distinction.

Third, with the ability to contract for services and data, government may still have access to data and mined information but with the chain of accountability and security now severed. Unless effective barriers and laws are put up against government seeking out outside sources, the same end result of powerful data being used by government is going to occur. This only creates more problems of information being spread across more parties than if it were just housed within the government itself. If the mining is happening anyway, it might as well be government using it for their specific purposes instead of private data centers owning, analyzing, and selling data for a variety of purposes. Moreover, if there are violations of rights that take place through government use of information, the accountability is diminished as private parties with less transparent processes, less internal security, and fewer federal requirements become involved.

Finally, to believe the government will be more inept at handling the information than other entities is not very reasonable. Government screws up, but there is ample evidence to show that the private sector does too. Even the “best” among them compromise data and distribute it poorly. Moreover, in government, there is higher likelihood of those handling very sensitive information having gone through a security check and for there to be processes (though cumbersome) that are again more open than any private sector company would allow.

The point is, government is no saint, but there’s little reason to believe it will be that much more dangerous with certain data tools than the private sector. And ultimately, the distinction might be useless as information can cross the public/private line through many legitimate means. This does not necessarily mean the government should be given unlimited or even large data collection and mining powers, but simply that it is unreasonable and risky for privacy purposes to allow the private sector to roam free and yet to tie the government’s hands. There will, of course, need to be certain distinctions, but policy on the use of data should apply to both sectors more evenly based on real standards for privacy.

So now it seems Microsoft is going to be sharing more of its technical trade secrets in response to European antitrust pressure and the increasing pervasiveness of internet services (see http://www.nytimes.com/2008/02/22/technology/22soft.html?_r=1&ref=technology&oref=slogin). This shift in policy from such a huge company illuminates several recent topics for our class including governance of technology across many borders, the way people interact with the internet, and personal privacy.

First, it’s interesting that Microsoft is giving in to European legal pressure. For a while, Microsoft got away with following business-friendly U.S. law that allows many private practices to stay secret and protects private innovation. But with increasingly global commerce, other countries and governance blocs want to apply their own rules to companies. This brings up the issue of overlapping rules and whether to selectively apply rules in a region or subject consumers to them universally. With European law more demanding than U.S. law, Microsoft had to weigh the consequences of not complying with EU standards (with the potential for punitive action or lost business) alongside the losses of trade secret information and perhaps setting industry precedent. In this case, compliance would be necessary everywhere since revelation of technical workings released in one area could not be feasibly kept from reaching other areas. Microsoft was facing the dilemma that many software and internet companies face on how to operate in a multi-jurisdictional market. Another issue here is when the rules in one market adversely affect another market when they have to be universally applied. The full ramifications are not clear, but when a giant like Microsoft bends, it would seem a sign that this sort of business practice in regards to technology is going to be the norm.

The second big issue here is the increasing relationship between software and the internet that further pushed this change forward. People are using the internet more and more, for increasingly complex tasks, with increasing expectations. This makes old models of separation in business practices harder to maintain because businesses rely on each other to succeed even while they compete. Businesses are dependent on not only their own innovations but those of their peers and allies. While this can be true for real-life commerce, the internet has stepped up the intensity of this relationship. This is how the internet is really revolutionizing commerce and governance. The democratic nature of the internet is having to combine with the independent interests of businesses – and despite being America’s two favorite things, capitalism and democracy do not always go hand in hand. In a simpler world, Microsoft would hold close its secrets to stand on its own, but when so many other parties are necessary to success, compromise must occur and that includes giving a little up to tap into collective gains.

Finally, I personally worry about the privacy issues this entails, not so much for Microsoft, but for individuals and companies. Opening up technical details can make things better by allowing more interaction between software and internet programs, but the accessibility also seems to open the door for more spyware and tracking problems, making personal information and private data contained on PCs that much more vulnerable. Admittedly, I am not fully aware of protections that exist, but it would seem that the same mechanisms that allow service providers to meld information from PC to internet for good could easily be used for bad. Internet identity theft is already a problem; making the inner software workings of PCs more available seems like it might just exacerbate things. In this case, lack of foresight might lead to grave privacy problems.