InfoTech and Public Policy

The benefits  of technology have made people live longer, enjoy a higher quality-of-life, and increased our daily enjoyment and health in countless ways. So, as technology has progressed, there is no reason NOT to let it enter into the world of police enforcement and lawmaking. To that end, it is very important to consider the unintended consequences of any new surveillance policy.

Like Sam, I respect the institution of law, and think that if we pass laws, it is silly to argue against enforcement because it is TOO efficient. The proliferation of laws that are not easily enforceable nor universally accepted degrades public respect for the institution of government. Therefore, the ability to create laws that are ACTUALLY enforced would be very beneficial for society. Imagine if thugs could not get away with murder, or thieves would be caught red-handed. These are the benefits of increased surveillance in the best case. As such, society would actually be more efficient if technology were to be used increasingly in law enforcement.

However, the gulf between policy intention and policy as executed is wide. There are certain important, likely unintended consequences from any unanticipated shock to the level of sophistication in law enforcement. First we must acknowledge that laws on the books are not some objective force of morality keeping people from committing harmful acts. Rather, they are a set of rules passed by those in power through sophisticated mechanisms of favor-trading and political game-playing. One need look no further than the dramatic difference in punishment for crack versus cocaine use to see the arbitrary nature of many of the laws in America.

While increased enforcement would certainly provide greater reason to refrain from committing illegal acts, it would likely come at the cost of greater arbitrariness in the application of the law. It is fair to say that few white collar crimes would be caught on a CCTV television. Also, the drug delivery services in metropolitan areas provide their services to rich clientèle within the safe, protected walls of the upper west and east sides of Manhattan. On the other hand, those more prone to making use of public services, like the poor and most minority groups, would be increasingly monitored with an increase in public surveillance. Given this increased surveillance would unfairly spread the burdens of government spying, certain groups would likely be targeted and the arbitrariness of our legal system would only increase.

Another unintended side-effect of a hastily-created surveillance system is crime displacement. The argument put forth by many criminologists is that crime would simply move down the street, away from the densest camera coverage. Also, stepping up prosecution for laws that were passed with the intention that they would be hard to efficiently enforce (for, example, to create a deterrent effect) would be a retroactive increase in the punishment for a certain crime. The principle of retroactive prosecution is not one favored by American jurisprudence.

These concerns are only the most easily apparent upon contemplation of new policy. Thus, it is safe to say that a strategic plan is needed to fairly increase the efficiency of law enforcement. Without realization of the potentially harmful and non-negligible unintended consequences of new policy, good intentions can (and often do) create more problems than those they set out to solve.

References:

http://www.cnn.com/2007/US/09/18/traffic.congestion.ap/index.html

Sam’s post from Tuesday contained the following argument: “the government should first and foremost follow the ‘do no harm’ principle when concocting new regulations.” I wholeheartedly agree and would like to point out why exactly the harm from security regulation could (would) happen.

If the government regulates security, it will have three avenues: overseeing development of security software, choosing/setting standards, or running a program for the public. Either scenario will intend deadweight losses that vastly exceed the opportunity for gain from better security.

First it must be reiterated that somewhere in the realm of $10-100 B dollars is the extent of harm. America’s GDP in 2006 was around $12 T, or 100-1000x greater than this problem. That means we are dealing with 0.1-1% of societal harm. Many other things likely cause much more harm than the “I Love You” virus. More importantly, the costs of remedy are probably lower. Consider the following examples.

Our broadband network is deplorable compared to much of the developed world (Mossberg), and our economic productivity will likely suffer in the future if this harm is not rectified. 40,000 people per year (a substantial fraction of the population born) dies from a car accident, and countless more are injured. Even more inocuous harms like traffic pose a serious threat: the average American worker sits in traffic for 40 hours a year (CNN), or an average work week. Given Americans work 50 weeks a year (an entire week is 2% of productivity), traffic alone causes more harm that viruses. This is not to mention the other harms from traffic (pollution, inconvenience, etc.). In fact, we wasted about $80 B alone in 2005 from cars sitting in traffic. A 10% improvement in idling efficiency is sizable compared to the harms of computer viruses.

If we are to engage in a costly procedure of standardizing software security, educating the general population about the virtues of network externalities, or (gasp) disseminating specific “government backed” security programs, a proper cost accounting is crucial. If the solution costs greater than $10-100 B per year, it is certainly not welfare improving. Even if it is less, it will likely entail a sizable opportunity cost relative to the alternatives (remember 50 cents on the dollar in government is lost to waste (Pritchett, 1996)).

This is not to say that the threat from destructive computer hackers is not serious, especially if these types of harms have historically followed an exponential trajectory. Rather, endorsing private solutions (which create other public benefits like employment) or diverting funds to be used on security improvements to other areas instead of spending resources on questionable returns is simply wiser. Government staking claims of authority over the issue is the first step towards a wasteful endeavor.

References:
http://www.nytimes.com/2007/11/28/business/28leonhardt.html

http://www.dol.gov/_sec/media/reports/annual2001/strgoal2s3.htm

http://www.heritage.org/Research/labor/bg334.cfm

http://economistsview.typepad.com/economistsview/2006/03/what_jobs_shoul.html

http://en.wikipedia.org/wiki/H1B_visa#Quotas_and_changes_in_quotas

http://en.wikipedia.org/wiki/H1B_visa#Quotas_and_changes_in_quotas

http://jobsearchtech.about.com/od/careerplanning/l/aa010300_chart.htm

http://www.chiefexecutive.net/ME2/Audiences/Default.asp?AudID=328DCF73ACA1493ABBD34BF8AB37D74A

Immigration, hiring, and outsourcing/offshoring policy are three very interlinked topics. Let’s start with hiring (and firing). Companies hire and fire workers frequently. The number of jobs created/lost each quarter is about 8% of the total workforce, or 12 million jobs every 3 months (NYTimes). That’s 50 million jobs a year, much more than the number lost/gained from year to year. Between 1992 and 1999 net of turnover the economy gained about 3 million jobs which equates to 500,000 jobs per year, or 1% of the annual frictional turnover.

With very high turnover like this, companies can and do try to reduce costs with each labor change. Firing a group of people who can be replaced by fewer new employees is one cost cutting measure. Another is using technology or developing worker-technology process improvements to reduce the reliance on labor.

When rehiring, you can choose anyone/anything. Companies are increasingly turning to technology to replace workers, and those who need people seek to hire the cheapest labor available. That entails outsourcing, or hiring illegal immigrants if possible. Both solutions are attractive to companies because these hiring pools are cheaper, easier to hire and fire in the future, and do not require or expect healthcare, etc.

Companies have been avoiding US workers more and more insistently. The CEO Confidence Index, which polls hundreds of CEOs each month, is peppered every survey with comments from CEOs saying things along the following lines: they want to hire, but US employees worth what they cost are hard to find (ChiefExecutive). Thus we can see that the trend away from US to illegal and foreign workers is one made out of the quest for economic efficiency. The quest for efficiency is also what has created and dislodged each monopoly in the modern industrial era, at least according to Joseph Schumpeter, whose name has been dropped in previous readings.

American Federal Government finds itself in the precarious position to either: a) retrain workers to keep the jobs here, or b) let in enough immigrants to raise the wage levels of certain job pools to a more competitive level. It is doing neither. Only about one in four fired workers eventually gets a new job from retraining. And immigration of just 1 million per year (Wiki) is not enough, even assuming all immigrants are seeking jobs. H1B visas, 90,000 of which will be issued in 2009, are just a drop in the turnover bucket.

It is easy to understand the push for offshoring after considering the points above. Without adequate and legal hiring prospects domestically, the need for foreign labor (illegal or offshore) will only increase. We will find ourselves even more out-trained and uncompetitive if nothing is done. A good place to start is increasing immigration quotas and retraining more workers. If even conservative advocacy groups like the Heritage Foundation see a role for government in retraining workers (Heritage policy paper) and Republican presidential nominee John McCain supports more sensible immigration policy, a political compromise appealing to both the left and the right can probably be found. Both of the options above seem like more sensible policies than some of the alternatives. Look at Russia, who is dealing with its problems by hyping national “procreate” days.

Important References
http://www.cnet.com/8301-13739_1-9769645-46.html
http://products.vzw.com/index.aspx?id=mobileTV
http://products.vzw.com/index.aspx?id=music_vcast
http://www.electronista.com/articles/08/04/05/mossberg.3g.iphone.in.60d/

Imagine if the US Postal Service looked through your mail. Or, worse, you didn’t put your mail in an envelope but rather handed it over to the USPS. They would look through it, decide whether its legitimate mail or not, and then give it a priority rating. If it was high-priority, it would get wherever it needed to go faster. Even if the USPS was replaced with FedEx or UPS, who you can choose to patron, it would still be a bothersome development from the point of privacy. What if you disagree with FedEx’s judgment of how important your mail is? Or, even more importantly, what if you don’t want them to know what is in it in the first place?

Nobody really cares what you ship or where you ship it, unless it’s anthrax or plans to blow up a building. However, the internet is a much more complex place, and interests are much more diverse. Comcast recently caught a lot of bad press for delaying BitTorrent traffic, the p2p communication tool that many young people use to pirate music and videos through the internet (CNet). Comcast met a storm of worried consumer advocate groups, even in the case of making it hard to partake in illegal activities, which BitTorrent most often enables.

If it’s going to be hard for someone like Comcast to stop BitTorrenters from sending gigabytes of pirated media across the internet, imagine how hard the sell for Verizon is going to be. Verizon and other major ISPs are major opponents to the new internet doctrine of network neutrality, which seeks to endow all internet traffic with equal rights. Under network neutrality, we won’t have the scary scenario envisioned above for physical shipping become a reality in the world of internet traffic routing.

Verizon’s intentions are economically efficient or greedy depending on who you ask. People who use the internet obviously have different willingnesses to pay for routing services, as well as for the speed of delivery. A business like eBay can’t afford to have traffic delayed that informs users when its auctions end because mere seconds can be the difference between winning that life-size Marilyn Monroe blow-up doll and crying yourself to sleep every night, all alone. A different user of the internet, like Grandma, is probably less worried if her email telling you she figured out how to turn the TV on gets to you a few minutes later. Being able to figure out the difference between the two implies a lot of revenue for Verizon. With this ability to price discriminate, it can then lay fiber optic cables all over the country. More efficient pricing means higher quality provision of services.

However, the issue is not so simple as economic efficiency. Verizon is not just an ISP. It offers mobile phone service, and now is jumping into the world of TV (VZW links). Verizon-as-telephone company and Verizon-as-media-company have vastly different interests than Verizon-as-provider-of-routing-services. Consider the following two scenarios:

1) VCast: Verizon’s video and audio download service allows you to access movies and songs on your mobile phone. Any VP in the VCast division worth his chair is likely preparing operations to roll VCast or some similar service across the fiber Verizon is laying to the home. After all, Verizon offers its TV services on cell phones now, under the name mobileTV. Without network neutrality, Verizon could delay movie purchases you make through the iTunes store, with a nice little delay message advertising its movie download service. Worse, it could block iTunes in totality and redirect people seeking songs & movies to its own service.

2) Skype: The concept of paying a large chunk of money to be able to talk to someone else is rapidly becoming ridiculous. Many service providers are offering free telephony services through the internet. Verizon, on the other hand, charges $100 per month for unlimited cellphone calling and about $30 a month for a land line telephone. If you can get Skype for free on your computer, or worse, Skype mobile on your 3G-enabled cell phone, why pay for phone services? Verizon could block access to Skype or similar services, limiting consumer choice.

However, without price discimination, many people will not even have FiOS in the first place. What’s worse no-FiOS, or FiOS with the requirement that you play by Verizon’s rules? While competition in the ISP provider space would hopefully relegate these fears to the realm of conspiracy theory, these services are provided by a very concentrated industry, and the opportunity for collusion is non-negligible.

One the one hand we have the simultaneous fears of a loss of privacy and vertical market failure. On the other, we have the slower deployment of broadband services because of lower profit opportunities. Technology experts are starting to agree that the state of US broadband is deplorable, and we definitely shouldn’t make it harder for companies to solve this problem (electronista).

Given the importance of keeping infrastructure development current (my thesis estimates a 10% improvement in infrastructure services could double US growth, adding $360 billion dollars to our economy), as well as the importance if privacy and competition concerns (the government could have adopted the open-access model for the 700 mhz spectrum like Google proposed, but it refused), no matter which hand you grab this sword by, you’re likely to get cut.

References:
http://en.wikipedia.org/wiki/Leviathan_(book)
http://en.wikipedia.org/wiki/Social_contract
http://en.wikipedia.org/wiki/John_Locke
http://en.wikipedia.org/wiki/Right_of_rebellion
http://en.wikipedia.org/wiki/Economy_of_Second_Life
http://en.wikipedia.org/wiki/Virtual_world

Thomas Hobbes famously referred to the human condition as “solitary, poor, nasty, brutish and short.” His treatise The Leviathan expands on this stark picture of humanity, explaining that centralized authority is necessary for man to progress from the state of nature to a more civil one. The Leviathan would protect the rights of all and make life the opposite of the state of nature: popular, rich, fun, sophisticated and smart.

Thus was borne the doctrine of the Social Contract, crystallized by John Locke. Governments are instituted among men (and women), so goes the theory, so that individuals may collectively agree to interact in a more fulfilling manner. If someone takes your things in the state of nature you have little recourse.

While the Enlightenment sparked the debate over the nature, form, and justification for government, much has been said since on the topic. The explanation for modern governments goes something like this: by merely existing in such a complex world we assume the need to subvert ourselves to some central authority. Reading the books, traveling the roads, and sharing the ideas of a particular society exist only insofar as the institutions exist for people to share ideas, goods, and services. Taxes, obviously, support all these structures.

When government ceases to provide those benefits, however, people are inalienably endowed with the right of rebellion. The dramatic vision of the oppressed masses unlocking the shackles of tyranny invokes this idea in a rather raw form, but the idea is more general. Government is made by people for people, and to the extent that it is possible, people should be endowed with the right of rebellion or exit.

The problem with the right of rebellion or exit is it is costly. To rebel, you have to enforce on others your vision of the “just” government you wish to share. To exit in the geographical sense you have to pick up all your belongings, say farewell to friends, and pay an exit tax (in the US at least). As such, the history of government has been one of compromise. The needs of most are met because to meet everyone’s needs is impossible.

The world Second Life throws this entire vision of society into disarray. Societal infrastructure can be manufactured at zero marginal cost, much like another copy of a book can be made. The difference now is that we can make rocket cars, Princetons, and all forms of societal interaction imaginable literally out of thin air.

The GDP of Second Life was $500 million dollars in 2006, a 9x improvement year over year. This means its economy is larger than 20 sovereign nations, and growing fast. However, nobody was born into Second Life or forced to stay there. A modern economy was created by individuals voluntarily interacting without a government’s meddling. Combine with this the fact that the creation of whole worlds is rapidly approaching zero cost. Second Life is on an explosive growth track. It came from nothing. All it takes is an open source project for the virtual world to be out of man’s control.

In the context of infinite worlds, infinite goods, and infinite choice, the Social Contract is no longer necessary. We should similarly reconsider the governance of virtual worlds, where choice is vast. The need for a Social Contract may always exist in the real world, where we need food to eat and roads to drive on. Now, however, you can interact with whomever you want, over whatever you want, and in any way you desire without cost. If the terms or content are not amenable to both parties, move on. Find someone else, create a new world, or do something totally different. With the dawn of computer-based societies the world is at our fingertips, quite literally.

References:
http://www.webware.com/8301-1_109-9904867-2.html?tag=nefd.only
http://en.wikipedia.org/wiki/Joseph_Schumpeter
http://slashdot.org/article.pl?sid=08/01/30/2053218&from=rss
http://en.wikipedia.org/wiki/Mozilla_Firefox
http://news.netcraft.com/archives/web_server_survey.html

To briefly recap the Netscape-Microsoft legal showdown: Netscape claimed Microsoft was actively seeking to prevent it from keeping market share through openly destructive tactics (which it was). Microsoft countered that knifing babies and pissing on Java wasn’t exactly destructive behavior (think “it depends on what your definition of the word ‘is’ is”).

Regulatory behavior is based on the following principle: harsh, cut-throat competition from monopolists should be allowed while active measures to “improperly” safeguard market power should not. To that extent, countless hours and millions of dollars have been spent (and are still being spent) arguing over what a “browser” is, what a fair “tying” is, and whether a ham sandwich counts as it.

Let’s consider another point. Regulatory action is infrequently brought by a well-to-do regulator (if ever). There is always a disenfranchised party claiming injury at the hands of the monopolist. In the Microsoft case it was Netscape, who argued that its dwindling market share was because of Microsoft’s unfair abuses of its monopoly. After all, Netscape was the #1 browser in the market before Microsoft decided that it was mission critical to knife the Netscape baby. So the argument goes: given Netscape’s past success and conspicuous lack of strategic missteps, the impartial observer should conclude that Netscape’s success may have been thwarted by Microsoft. But is this viewpoint valid?

How valuable was the browser market back in the early 1990s? In fact, Netscape’s model was built on selling extensive and sophisticated server/software systems to interact with its browser specifically. We all know that the browser-server link now is an easily severable one, and this link too is arguably behind the fall of another tech-bubble bigwig: Sun Microsystems. In fact, the internet was conceived to thrive as a decentralized system. Cisco routers and some other minor exceptions notwithstanding, server software, server hardware manufacturers, and mostly everything else about the server delivery market is very decentralized (Netcraft). In fact, open source Apache dominates the market even over MIcrosoft. As such, maybe there is more to Netscape’s demise than Microsoft’s ill-intentions?

Compare Netscape to Mozilla, who also attempted to dislodge Microsoft from the world of browsers, and has succeeded by achieving cross-platform market share of 15% recently in the US, an enormously impressive feat. Firefox share in Europe is even higher, at 28% on average (Slashdot).

Why has Firefox succeeded where Netscape failed? There are several reasons. First is the raw improvement of technology in relation to the many years ago when Netscape existed. Cloud-computing, the idea where the world is populated by tons of thin clients and all our personal information, preferences, and digital rights are stored in a centralized “cloud” that allows unlimited access at any point in time. In a world of 56k-baud modems and Windows 95, cloud-computing was not a possibility. Now, the world is one of GoogleDocs, FiOS, and browser plug-ins. A dislodging effort from within the system is much more possible in 2008 than in 1998 (Webware).

Key differences between Netscape and Firefox may exist beyond the technological worlds they grew up in. Firefox may have had better execution or a better business model. After all, Firefox has more money than it knows what to do with (mostly because of Google’s “generosity”) even though it is decidedly “not for profit” (Wiki)

The main takeaway is this: Whether Netscape was bad at execution or Netscape suffered at the hands of an overaggressive competitor in Microsoft does not matter. Joseph Schumpeter got only a passing mention in our readings, but his academic contributions are vital. Schumpeter is considered responsible for the term “creative destruction.” Competition exists solely out of the pursuit for monopolistic rents. Upon the attainment of monopoly, a market entrant is similarly motivated to dislodge the incumbent through the process of creative destruction.

Perhaps regulation prolonged Microsoft’s eagerly awaited death by entrenching it further in the market. Or perhaps the innovator’s dilemma is spurring the need for innovation at Redmond that was sorely lacking. Either way, it seems to me Microsoft’s heavy descent was long overdue, if not anticipated, regardless of antitrust regulation. We spend too many of our precious tax dollars on regulators arguing over ham sandwiches.

[NOTE: THIS ESSAY IS 2,200 WORDS LONG AND NOT PART OF THE ASSIGNED POSTS. IT IS INFORMATION AND POLICY RECOMMENDATIONS ON DRM TECHNOLOGY FOR THOSE WHO ARE INTERESTED]

Important sites referenced:
http://www.apple.com/pr/library/2007/05/30itunesplus.html
http://en.wikipedia.org/wiki/Amazon_MP3_Downloads
http://en.wikipedia.org/wiki/Record_label
http://www.drmwatch.com/drmtech/article.php/3492676
http://www.engadget.com/2006/08/25/fairuse4wm-strips-windows-media-drm/
http://en.wikipedia.org/wiki/ITunes_Store
http://en.wikipedia.org/wiki/FairPlay
http://en.wikipedia.org/wiki/Microsoft_PlaysForSure
http://www.engadget.com/2007/08/21/universal-and-rhapsody-launch-drm-free-partnership-test/

In May 2007 Apple led the mainstream pack when they announced iTunes+ songs (Apple press release). For a 30 cent premium, you could buy a song through iTunes with no restrictions on how you could copy it, manipulate, store it, or transfer it (DRM-free). While this revolutionary attitude towards music rights for downloadable files may not have been out of an altruistic desire to meet consumer needs, the invisible hand of the market made it in Apple’s best interest to meet consumer needs. With the “Big Four” record companies becoming increasingly worried about Apple’s market power in the online music distribution they were actively seeking someone(s) to keep Apple in check.

Enter Amazon: in January 2008 they went official with their MP3 store (Wikipedia). They had the Big Four on board and many independent labels. When Apple launched iTunes+ only EMI was on board (though now they offer muck more DRM-free content). Thus the war to the bottom was born. With a precedent set at Apple and the stakes raised by Amazon future claims to DRM-free distribution are starting to propagate through the industry. RealNetworks is currently experimenting with DRM-free offerings (Engadget), and I have no doubt they will join the fray soon if things stay as they are.

DRM-free music, while having the added bonus of freedom in applications for files purchased, entails a large (if mostly hidden) public danger. As we have learned in the realm of privacy, once something is digital it can be distributed without the consent of the author, so any security flaws in current DRM-free music can harm consumers. Security flaws in DRM-free music are rampant and this is unacceptable. iTunes+ and similar DRM-free songs contain information about the purchaser like email & name which can be easily culled if a user’s files are hijacked or security is compromised. A reformulation of DRM, what I call DRM 2.0, is needed to protect consumers and ensure industry has a profitable and secure way to distribute its property digitally. DRM-free does not mean problem free.

A proper DRM 2.0 regime could theoretically very accurately weed out “good” vs “bad” uses for music (Pandora? OK. iTunes? OK. Illegal BitTorrent sharing? No), but what would that regime look like? Ironically it means less concentration of control spread among the various corporate interests, in fact a system very similar to DRM-free. As such, it’s encouraging that the industry is moving in the right direction. A key component of digital technology is the ability to “fingerprint” songs so that they can be identified precisely from whom they come if they are shared (most P2P networks can be easily monitored). And while Felten & his crew have proven digital watermarking no matter how sophisticated can be cracked, the fact that it becomes harder to do so if the fingerprinting is sophisticated means we are back to basic law supply and demand. DRM can hang around more easily, and the best case for society is if the DRM is wisely conceived. Finding a pirate who forgets to remove fingerprints (which can be constantly reformulated and tagged) is easier to find than a pirate who hides behind subnets, firewalls, and VPNs.

Why are we in this predicament? Well, the first iteration of DRM (”DRM 1.0″) was just horrible, so it scared the labels from contracting directly with service companies and accepting their bad DRM technology.

FairPlay (Apple), PlaysForSure (Microsoft), and Rhapsody (Real) were such bad technologies. Both forced transferring files to only approved devices (Wikipedia). This resulted in much consumer angst and confusion. You can’t play songs bought in Rhapsody on an iPod (though Real tried releasing a hack to allow this which Apple subsequently blocked by a software update of its own), and you needed to buy a program to play PlaysForSure files on an iPod. Similarly iTunes songs were prevented from play on “unapproved” devices (aka those made by the competition). Hacking and buying shareware to play your “own” music on your “own” music player hardly seems to be playing fair, playing for sure or instilling rhapsody in consumers. When it was both apparent that DRM played to the advantage of the end provider and that Apple was rapidly dominating the market, the labels scrambled for a backup plan.

So, they came up with DRM-free. For fear of allowing companies too much control, the labels decided to adopt freer technologies that have the identity-theft risk delineated above (”I got my identity stolen while stealing music!” doesn’t exactly instill sympathy in a courtroom). In a world of simple technology this regime may suffice, but options are getting greater and greater, increasing the likelihood of inadvertent file leaks as well as increasing intentional piracy opportunities.

DRM is easily hackable as many have proved over and over again (DRMWatch, Engadget), but that’s not the point. So is fingerprinting. Having to hack DRM or fingerprinting increases the cost of making music untraceable (and thus unable to have rights managed) in an economic sense. Standard supply and demand theory proves with higher costs to evading DRM or fingerprinting, it will be done less frequently.

Two big changes have created the need for “DRM 2.0″, which was previously lacking for technical reasons.

First is the proliferation of smart devices. With UMPCs, iPhones, and (soon) Google-Android mobile devices of all types flooding the market our devices (especially music players) now are capable of much more than simply chugging through bits pounding out audio waves after a simple DRM verification.

Not only are our devices getting smarter, they are getting more talkative. An iPhone can theoretically send information to Apple or AT&T securely if Apple maintains control of communications systems on its devices (read my SDK post regarding the tradeoff of control and open access regarding mobile platforms). The open source Android venture provides key oversight from the engineering community to create, adopt, and perfect communication mechanisms between device and any other agent that can be verifiably secure (think HTTPS for your phone). WiMax and 802.11n will only increase the chatter and thus opportunities for safe chatter.

With smarter and more talkative devices, now the need is paramount for a creative DRM 2.0 solution that sorts out media management on an “application by application basis.” Sophistication of mobile devices and growing troves of unprotected files with unencrypted individual identifiers increased exponentially the benefit of illegal activity. Again economics prevails: higher benefits encourages greater supply (in this case suppliers of nefarious computing activity). Given cooperation between the Big Four, other label interests, Apple, Amazon, Microsoft, Real, device makers, and some key other agents like ISPs and consumer privacy groups, the following would ensure corporate interests are protected concomitantly with consumer interests.

Though the industry is moving in the right direction (I believe markets often do this when they prying hands of regulators are resisted), but that is not to say they are getting it all right. The penalty for adopting DRM 1.0 was that well-intentioned consumers were often prevented from arguably “fair” uses of their digital media. DRM-free has a similar design flaw needing remedy. Fortunately, it is easily fixable. Right now if you use DRM 2.0 music and your files get put up on a sharing website, your name, email, and other identifiers are available for anyone to grab and exploit (think identity theft via your iTunes account). These companies increasingly hold sensitive information like credit cards and social security numbers at risk whenever you buy a DRM-free song. While this risk is borne those illegally sharing (and rightly so), it means that anyone who accidentally loses control of their new “DRM-free” music, files, or other information automatically releases their personal effects to the world for any nefarious purpose. So, while fair for the pirates, it seems unfair for those who play by the rules in good faith. Unfortunately the DRM-free system is approved by labels who have no interest in protecting privacy.

The following SIMPLE change would dramatically alter the benefits of the current DRM-free system in favor of BOTH consumer privacy and profit concerns. Rather than simply having unencrypted personal identifiers along with each song, Apple, Amazon, or Real could easily substitute a public/private key code into each song with a unique identifier. That means if a file shows up on file sharing websites, only Apple (or someone Apple approves) could determine the identity of the thief and not Joe Identitythief. The Big Four could then turn to Apple and say future digital distribution rights are predicated on developing a safe and robust unique identifier for each song. Apple would also have to give the identities of sharers when “egregious” pirating or other unauthorized distribution worth pursuing down the litigation channel is determined. While DRM 1.0 overweighted concerns of stopping people from allowing their devices to play nice, DRM-free solved this problem but puts consumer privacy at great risk. DRM 2.0 is identical to DRM-free but it protects consumer privacy. If labels are willing to accept DRM-free, why then not DRM 2.0? This solution is free of additional regulation, though it would require a little compromise and more open (and technologically sophisticated) dialogue.

Thus Apple (iPod, iPhone, iTunes), Pandora, Amazon, Creative, Microsoft (Zune, XBox marketplace), Real, and any other company involved in the distribution and consumption of media would have a new burden to shoulder, but a new opportunity as well: there is the cost of providing secure storage of a consumer’s files, but now there is the additional opportunity to securely and quickly verify songs with DRM on them (and provide recourse if authorization is improperly denied) from time to time as devices are now smarter and more talkative.

This solution would accommodate the interests of those seeking to protect copyright just as before, but it adds robust consumer protection to the equation. The extra cost by the end service provider comes with a powerful claim to the consumer: no more silly lock outs of songs for “fair” purposes. That’s a strong advertising angle if you are the first to adopt the model.

The best part of this solution is that it requires coercion or regulation of or by no party. All it takes is one company aware of these issues to deal with the Big Four like Apple, Amazon, Real, Microsoft, and Pandora have already. The labels have shown they are willing to deal, though they have historically been a thorn in the side of calls for reform. Even if Amazon and/or Apple did it, they could have DRM, DRM-free, and DRM-free+security. Added options for the consumer’s benefit can never hurt.

To summarize: With DRM 2.0, even if your device can’t prevent unauthorized viruses from stealing your media your identity isn’t lost. If files are circulating around the internet because of malicious code or badly designed devices the consumers are easy to identify by only those who care, and a promise of immunity in exchange for information on what services the consumer uses would weed out inadvertent leakers (who have little to hide) from serial pirates.

The key conclusion of this change is that it shifts the burden from proving an application is legitimate first to proving illegitimacy first. If illegitimacy is not proven, the consumer’s privacy is still protected rather than compromised as a cost of the transaction. Adopting DRM 2.0 would be a big step in the right direction. It could also be called “soft DRM” because it protects rights management without hard authoritative rules that restrict consumer choice. It would assure that incidental leaks wouldn’t increase the risk of identity theft (the occasional leak in a secure system can be remedied through proper technology if the system is designed with that intent).

A DRM system reached by consensus of a couple media makers, distributors, or service providers is not the route (this was DRM 1.0). Nor is one designed by the media makers only (DRM-free). The addition of a strong consumer advocacy perspective would explain to the vital interests that their needs can be met in an environment where the consumer is not put off by purchasing music with soft DRM, DRM 2.0, or whatever you wish to call it. This voice needs to be heard for the sake of efficiency and Pareto improvement. All parties are better off and nobody is worse off.

People will buy DRM music and the music industry will thrive if it formulates this more efficient DRM system. Creativity and the desire to “exchange value” (”pay”) for things with societal benefit in increasingly efficient ways are two fundamental and inalienable features of economic man.

With respect to:

http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2008/03/07/nheathrow107.xml

I couldn’t let this pass without at least mentioning it in passing, even if just as a side note in between weekly posts. Heathrow’s new Terminal will require fingerprinting for all domestic travelers. It’s the first time a major airport will require biometric identification in history. Not to mention the stupidity of biometric security that we’ve discussed at length in the week on privacy, this seems that our distopian fears a la minority report, etc. are finally being realized.

While no sane person will argue that keeping dangerous people (terrorists) off of planes is a good thing (who doesn’t want to save lives), since when did it become accepted that you have a burden of proof for peaceful purposes when you travel? I just hope this trend doesn’t take off (pun intended) on a big scale. This new development in Britain reminds me of an ominous quote by Benjamin Franklin:

“He who would trade liberty for some temporary security, deserves neither liberty nor security.”

Important links:
http://en.wikipedia.org/wiki/American_Bison
http://www.reuters.com/article/pressRelease/idUS113121+12-Feb-2008+BW20080212
http://findarticles.com/p/articles/mi_m0EIN/is_2005_August_3/ai_n14844050/print
http://www2.imsa.edu/programs/pbln/problems/buffalo/teacher/socmath5.gif
http://en.wikipedia.org/wiki/Demographics_of_the_United_States

Let’s start with a comparison that may seem odd to some at first: WiFi and American Bison. What could a modern wireless communications technology and a majestic mammalian relic of the long-gone American Frontier possibly have in common? Well, they both exist(ed) in a regime where property rights are lacking. And while many have claimed that the success of WiFi has shown how beautifully the regime of the commons has combatted the capitalist regime of propertizing in the Coasean sense, I would urge some caution in the conclusion. It all matters upon what time frame you base your vision.

The American Bison was perhaps one of the most populous and useful animals existent on the continent when Europeans arrived in the New World. However, as the 19th century progressed, the bison population went from around 100,000,000, to around 10,000 according to some estimates (IMSA & Wikipedia). That’s a 1:10,000 reduction in the bison population. How could we squander such a beautiful (and useful) natural resource? Well, there are two reasons: 1) usefulness and 2) the tragedy of the commons.

On the first, the benefit of bison is awesome. Bison are, as Princeton economics professor Tim Leonard has explained, “enormous units of protein,” not to mention their other uses as hides, etc. Secondly, nobody owned the bison. Basic economics teaches us that when a useful resource is unowned, no matter how plentiful, its own demise is unavoidable. The well-understood tragedy of the commons issue is exactly the tragedy which befell the bison. No ownership means no beautiful bison and no more enormous units of protein.

In retrospect this all looks so simple. Duh! With nobody owning the bison, it was essentially a race to the end: who could shoot the most first wins. However, we must put into context the world as it was. Bison populations were still astronomically high at the dawn of the 19th century (tens of millions to hundreds of millions). The US population, by comparison, was a measly 5,000,000 or so in 1800. However by 1900, the US population was approaching 100 million (Wikipedia) and it was the bison population that had dropped near extinction. Bison hunters in the 1800s, 1810s, and 1820s had no idea the problem they were creating. The corruption of the commons is not so precipitous when viewed slowly as decades pass. Hindsight vision is always 20:20, as we say. Monday morning quarterbacking is the human tradition.

Now let’s bring WiFi into the picture. People are praising the benefits of the commons at a time where the technology has existed for only a handful of years. Yet WiFi is embarking on an explosive and exponential growth trajectory, eclipsing the rates of change in both the human population (in the positive direction) and the bison population (the opposite direction) throughout the 1800s. It is doubling every 5 years (Reuters). Enterprise WiFi is growing even faster, at something like 30% per year (FindArticles). The rule of 72 teaches us that 32% growth means a doubling every 2-3. At that rate, growing from 1 to 100 would take a measly 20 years. Using more conservative growth figures, we’re still talking 30 years or so. It took the US over 200 years to grow by a factor of 100.

What should we conclude from this? With bison populations dropping by factors of 1,000x+ when US populations grew less than 20x, one should never underestimate the ability of humans to exploit something that’s free and valuable if nobody owns it. With spectrum usage expected to increase at even higher speeds than the human need for protein and hide, perhaps we should think twice about banging the drums of the wisdom of the commons. After all, an inability to foresee human needs and exploitive behavior has made the bison a thing of the past. Let’s not do the same with wireless communications.

Apple recently announced that on March 6 it will unveil to developers the Software Development Kit (SDK) for its iPhone/iPod Touch platform. Why is this significant? The Apple announcement is important because for a while it was never going to happen. When Apple announced the iPhone in January of 2007 (it wouldn’t come out until late June) it simultaneously declared that the iPhone and its kin would be part of a closed platform.

But let’s take a step back. What exactly is all this SDK and “closed platform” stuff about? When a company owns a platform for computer applications, like an operating system, it creates tools for people who want to write programs for that platform so that they can have access to all the necessary and important system procedures and resources. Without this access, it is not impossible for developers to write programs, but it becomes much harder. This is in fact what the fight Microsoft is currently subsumed with. Its critics have claimed that it is less than forthcoming in giving access to software developers (Microsoft argues these are competitors) to make applications for Windows etc.

To understand this issue, we have to realize that an operating system is now different than what it was 5 or so years ago. Apple, with its millions of iPods and iPhones that are running increasingly sophisticated and powerful software (remember now that iPods have Wi-Fi, email, and web-surfing capabilities), now is in control of a mobile operating system. If Apple plays its cards right, one could imagine a future not too distant where the iPhone/iPod OS is running many differing devices, from phones to MP3 players to an assortment of convergence devices (think iPhone meets PC as just one).

Others are keenly aware of the possible power Apple could possess. Microsoft has been struggling for years to meet this market. Its Windows Mobile platform and UMPC-geared Vista software tools have so far made little impact on the market. The biggest competitor in this space, oddly enough, is that ever-recurring technology giant, Google. Google recently announced its Android Open Handset Alliance (OHA), an open source consortium of handset makers, software developers, and other tech companies that are dedicated to an open-source Google-provided OS for mobile devices. The point of the alliance is to be concrete enough to offer tools to make productive applications, but nebulous enough to vary the kinds of devices that can run Android.

Google stands in marked contrast to Apple. By being open-source, Google’s primary motivation is the inclusion of developers with essentially no controls on what they can develop. In fact, their entry to the marketplace was predicated on an SDK announcement at its core. When Apple originally had been anti-SDK, the market did not appreciate it. Developers grumbled, journalists criticized Apple’s draconian controls over its software, and many people started to turn a wary eye to the iPhone/iPod platform. Apple has since reversed its position, which is a good thing, but March 6 has yet to come, so many are still concerned over how exhaustive the SDK support will be. After all, Apple controls the SDK, so it can make a useful one, or it can just as easily limit the scope of its SDK essentially leaving its original view against development intact.

Apple almost snafued what may prove to be its biggest opportunity: to dominate the mobile world, and with it the future of computing (after all, the “device convergence era” is well underway). Given the promise an Apple platform holds for the public, an interesting policy debate is one over to what extent providers of platforms should be required to provide open access to developers. On one side, regulators have spoken, as Microsoft clearly is aware. But the software being Microsoft’s IP and therefore under its creative control is also a legitimate argument. These concerns do not go away with Microsoft. Apple, Google, Firefox, and anyone who will want to be in control of future computing platforms will have to wrestle with this issue as well.