InfoTech and Public Policy

I am a criminal, and with high probability, so are you. Whether it be driving over the speed limit, drinking underage, littering, jaywalking, pirating music, or any number of other misdemeanors, most of us have been guilty at one point or another if not regularly. This raises the question of surveillance; since many of these crimes are public, if “big brother” was watching over you at all times, we would all be regularly fined large amounts.

One possible conclusion that could be drawn from this observation is that increased surveillance in the form of CCTV cameras and EZ-pass speeding tickets are a bad idea because they would lead to the enforcement of laws that people regularly break. This view seemed to be held by a number of people during yesterday’s seminar. This belief was defended with a cynicism against government; its proponents argued that “stupid” laws exist, will continue to exist, and slowly encroach on our freedom as improved technology leads to increased enforcement.

Perhaps I have a naive faith in democracy, but for some reason I’m not willing to believe the idea that a politician supporting regularly enforced $1,000 fines for littering would ever win a reelection campaign. While one possible political solution is to avoid surveillance or not to enforce stupid laws, I would prefer to see the government modernize the stupid laws so they can coexist with modern enforcement methods. I believe that the government has an obligation to minimize crime in as effective and economically efficient way as possible, and these forms of modern technology can help accomplish those goals while minimizing invasion of privacy. The main point of this post is to address effective and fair law enforcement, not privacy; I am working under the assumption that surveillance in public areas is not an unfair invasion of privacy because the public is definitionally not private.

With 20th century enforcement techniques like police cars using radar detectors to catch speeders, penalties have to be relatively high to deter the crime due to the low probability of being caught. Being fined this amount every time the EZ-pass catches you going 1 mph over the speed limit seems unfair. This law could be modernized to lower the penalty for speeding through an EZ-pass since you will be caught every time you speed on the tollways. As an institution, speeding laws are good because they protect the safety of all drivers on the road. Improving their enforcement would improve public safety at low economic cost. If the speed limit is unreasonably low, democratic forces will hopefully lead to an adjustment in these laws.

While I disagree with many laws on the books, I support law in general. I may occasionally engage in civil disobedience along with my fellow highway drivers, but I don’t fear the day when the government can effectively make me obey the speed limit. Law enforcement is intended to make our lives safer, even if individual laws sometimes stray from this ideal. We should spend our energy engaging the democratic process to oppose the laws we disagree with rather than opposing law enforcement.

As a software developer, I take some offense to Douglas Barnes’s unfair assignment of blame for worms primarily to the software companies. While every software developer aspires to write bug free code, those of us who have worked with programs of more than 1000 lines or so know that bug free code does not exist in such programs. Unfortunately, applications like operating systems and web browsers generally take much more than 1000 lines of code. If you could sue me or demand a bounty for every bug you found in my code, I probably would have never gravitated toward this industry, and I certainly would not be tempted to create a start-up, even if I thought of the next Google. It wouldn’t be profitable.

Like a good doctor, the government should first and foremost follow the “do no harm” principle when concocting new regulations. While Barnes is well intentioned, his ideas for regulating the software industry would most likely come at a high cost to innovation. He correctly identifies several market failures in the software industry due to externalities like network traffic from worms and lemon effects from closed source standards monopolies. However, he underestimates the power of the market as a whole. As suggested in the article, significantly raising the bar for security expectations would lead to slower product development with fewer features, which customers want. If this comes at the price of a little more network traffic and a few distributed denial of service (DDoS) attacks, who is the government to say that is a bad thing?

Before you try to burn me in effigy for suggesting DDoS attacks might not be such a bad thing, I am rather suggesting that it is not worth sacrificing the wealth of software solutions currently available and spending millions of dollars regulating the software industry in a quixotic quest to rid the world of software bugs. Market forces already do a decent (but not perfect) job of promoting security. The biggest targets for security exploits are the biggest players in a given market (namely, Windows, Internet Explorer, and Office). In the early part of this decade, a number of horrendously embarrassing worms and viruses exploited these programs, causing Microsoft public humiliation and damaging their once more valuable brand name. As a result, Microsoft has focused much more on security and things have generally improved. Smaller companies, like startups, are generally less targeted and thus it is less necessary for them to spend the resources to adhere to the absolute best practices with regard to security. This allows more innovation, which is good for the economy. It would be impossible for any government regulation scheme to balance what is best for the economy with regard to both Microsoft and a small startup.

It would be nice to create incentives to improve overall network security through measures like firewalls and anti-virus software. Doing so at the consumer level is probably worse than hopeless; I imagine if you sent everyone in the country virus scanning software on a CD, you would not significantly increase the number of computers protected. Most end users lack the economic motivation or technical know-how to protect themselves. The one place Barnes’s article really resonates with me is the paragraph before the conclusion:

To a certain extent, the answer may lie with ISPs, rather than users themselves. Some ISPs have taken to cutting off internet access for a period of time when user equipment becomes worm infected. This approach has merit because ISPs are already motivated to reduce worm traffic; requiring a consistent response from ISPs with respect to worm-infected users would eliminate any tendency of ISPs to compete on the basis of turning a blind eye.

If only we could somehow hold ISPs responsible for the BotNet activity and worms coming from their users, maybe they would force users to install virus scanning software, as Princeton University DormNet does. I’ll leave the exact policy implementation for someone else to ponder…

In our discussions of e-government, we have focused primarily on the ways in which information technology can help inform government decision-making through private citizen input. I would like to discuss the reverse: how policy makers can support the use of information technology to benefit private citizens. Across a wide variety of government services and government supported industries, electronic record keeping can improve our lives directly and indirectly by reducing long term costs and thus decreasing our tax burden.

We can start with the tax system itself. Although I won’t try to dream that our tax system will receive a desperately needed overhaul, a little injection of IT could at least help reduce costs and make filing taxes easier for average citizens. This afternoon, along with no doubt millions of other procrastinators, I mailed in my tax returns to the US Federal Government and the State of Illinois. Although 80 million people (not bad out of a total 300 million people) chose to file their taxes online, the cost of processing the remaining mailed in forms is probably not trivial. Since key paperwork like W-2 forms usually arrive as a piece of paper mailed by employers, filing online is not necessarily more convenient; you apparently have to retype your W-2 form to make it electronic. Additionally, my summer employer had to waste resources processing my request for a duplicate W-2 form because I had never received the first one. This problem would have never occurred if the government maintained a national database of W-2 forms and other relevant records. Besides making relevant records conveniently available in electronic form, (entering pipe dream territory) the IRS should estimate the cost difference of processing an individual record on paper vs. online and offer a tax rebate of that value to online filers.

The tax system was just a minor example of a way in which electronic records can improve the efficiency of our bureaucracy and economy. If we strive to adopt many such policies, it could result in great savings for the government. One particular important area where government support of electronic record keeping could lead to drastic improvements is health care. In the current system, hospitals and private practices implement their own record keeping systems, and the vast majority do so with paper rather than electronic records. This results in an enormous amount of resources wasted processing and maintaining these records as well as costly and easily avoidable medical errors (e.g. your pharmacist gives you the wrong medication because he/she can’t read your doctor’s handwriting). If you move from one health care system to another, even if they both use electronic health records, your new physician will have to waste valuable time getting a detailed medical history that already exists on someone else’s computer. Although theoretically the market should lead health care providers to adopt such a cost saving system on their own, a significant amount of the savings come from network effects. If two private companies develop competing systems of health care record keeping, most hospitals don’t want to spend millions of dollars upgrading to what could turn out to be the HD DVD of health care records. The US government should set up an independent agency to develop a national health record database, subsidize the adoption of this technology by all health care providers, and eventually condition Medicare and Medicaid payments on use of the technology (essentially mandating its universal use). As long as the database is maintained nationally, private companies could compete to develop the appropriate software and hardware for interacting with the database, fostering innovation.

Comcast has recently come under fire for not only discriminating against their users’ choice of how to use their broadband but also for openly lying about it. The power our Internet Service Providers (ISPs) wield over our lives and the opacity with which they wield that power, is frightening. Although Comcast was manipulating network traffic for seemingly benevolent reasons (I believe that Comcast was legitimately trying to maximize the utility of their service for the majority of users), we can imagine more insidious uses of this power. Assume, as a purely hypothetical thought experiment, that Verizon’s broadband Internet service were to subtly drop packets at random from AT&T’s website, frustrating potential AT&T wireless customers and leading them to choose Verizon wireless, thus increasing Verizon’s revenue. Allowing ISPs to discriminate against particular forms of traffic would force regulators to make difficult judgment calls; while my Verizon thought experiment seems like a clear-cut case of anti-competitive behavior, the Comcast case is a bit less cut and dry.

Comcast used a sophisticated and subtle mechanism to drop traffic from clients of the BitTorrent protocol, used for sharing large and predominantly illegal files. BitTorrent also has legitimate uses, like distribution of large open source software packages and distribution of legal media. Traffic from this protocol was causing such a tax on the network that the ordinary browser experience was impaired. Comcast’s solution to the problem, although not ideal, seems reasonable. A better solution, which is what they have ultimately decided to implement, is to limit the total bandwidth of individual users. This takes a bit of extra equipment and installation expense, but it will probably be worth it in the long run for maintaining their customers’ happiness and could have avoided a public relations disaster and legal fees if they had implemented it in the first place. What is more disturbing than their flawed and ultimately rejected policy, however, is that they were able to get away with this policy for several months and publicly lied about it. In order for markets to be effective, consumers have to have complete information about the service being provided.

As it is, consumers have very little choice between broadband service providers (usually one DSL company and one cable company) and switching costs are high, so even the free market won’t always be effective at leading to an efficient solution. First and foremost, as recognized by FCC Chairman Michael Powell, the most important tenet of Internet freedom is the “Freedom to Obtain Service Plan Information” (qtd. in Wu 2007, p. 90). We already have laws on the books (like consumer fraud) that are probably sufficient to punish Comcast for lying to consumers. The courts that receive the lawsuits against Comcast should impose the strictest monetary damages possible on Comcast to send a message to the industry that the cost of getting caught fraudulently manipulating network traffic is not worth the risk. Furthermore, legislators should take action to set up clear laws regarding what is and is not acceptable practice for ISPs. The simplest rule (and fairest) would force ISPs to give all users equal bandwidth regardless of use (unless a premium price were paid for premium service) and impose strict penalties on ISPs caught manipulating network traffic. While this might be initially expensive (replacing equipment in the national cable network), it would limit the amount of legal expense from debating the line between “fair” and “unfair” network manipulation.

And neither is Ultima Online, the massively multiplayer online role-playing game (MMORPG) studied by technology journalist Julian Dibbell. Dibbell suggests in his article Dragon Slayers or Tax Evaders? that Ultima’s universe is akin to a barter club, an organization that facilitates real world transactions using virtual currency for the purpose of tax evasion. Given that real value in U.S. dollars can be assigned to Ultima Online’s virtual currency, the Brittanian gold piece, players of this game could arguably be considered tax evaders.

Ultima Online has several critical characteristics differentiating it from a barter club. First, the vast majority of its members do not realize the monetary value of their Ultima Online assets; most are playing it as a game, its original purpose. Only a small number of players buy and sell goods online. In a barter club, the sole purpose of earning “trade dollars” is to buy goods and services that could otherwise be bought with real dollars. If your landlord and food producer were all members of the barter club, you would not need to make a real income in U.S. dollars. However, in the case of MMORPG games, as far as I know, the virtual currencies are generally not accepted as payment for goods and services outside of the game world. Only the reverse is true – U.S. dollars can be used to buy a sweet new sword for your World of Warcraft character. If one could replace U.S. currency with Brittanian currency, then it would be taxable. However, a player who does not cash out his currency and treats the game as just a game does not gain any value in U.S. dollars from his online play and must somehow make a “real world” income to pay the bills. If the virtual trader does so by selling virtual property on E-bay, he should be taxed for that sale, much like a capital gains tax on selling real world stock.

What about Second Life, which doesn’t try to bill itself as a game but rather a mimic of the real world? This is a more flexible virtual universe. Although “crimes” like stealing and murder are prohibited at the software level, many “criminal” acts ranging from public nudity to bank fraud have been allowed by the software to various degrees. It is easy to dismiss victims of bank fraud as fools, but the impact of these virtual crimes becomes more concrete when you read about the wide variety of bank failures and scams that cost users millions of U.S. dollars (Google “second life bank”). Unlike Ultima Online, Second Life’s primary purpose is decidedly not that of a game, but rather an alternative economy. That would seem to give the U.S. government more of a right to regulate and tax this economy given that it exists in servers on U.S. soil. Intent and purpose is difficult to define; at what point does a “game” or “virtual world” become a barter club? As long as people aren’t satisfying “real world” needs like food and shelter with Linden Dollars (the Second Life currency), the simplest and safest road for policy makers is to allow Second Life to exist as a game, fairly taxing any profits that are converted to U.S. dollars. Invest in Linden Dollars at your own risk.

One of the most popular catchphrases in the technology industry today is “Cloud computing,” defined roughly as a shift from software and data stored on personal computers to services and data stored in server banks accessible anywhere with an Internet connection. This represents an exciting revolution in the way we interact with computers; as more and more people access the Internet through wireless devices whose networks are improving every day, your important documents, media and software services will be accessible wherever you are. Google Apps is an early entrant in this market, and Microsoft has followed close behind with new products like Skydrive and Office Live Workspaces.

Both cynics and realists alike have begun to raise a number of concerns regarding this revolution. Policy makers and market players will need to find ways to alleviate concerns about security, reliability, and privacy if they want to see widespread adoption of these new technologies. Because consumers’ fears are likely to be a major stumbling block for adoption of Cloud computing, I suspect that these three concerns will provide one of the most important areas of competition for the major players in the Cloud market. Google and Microsoft and other companies will wage both technical and marketing battles to sell their systems as the most secure, reliable and private.

As a consumer of these technologies, I have little fear of the security and reliability of Google’s (or insert any other big company’s name) systems. Google has one of the most powerful market incentives to ensure this; to a much greater degree than lost or stolen votes, lost or stolen documents would cause a huge publicity nightmare for Google. I for one trust Google more than I trust myself. Unlike most average consumers, I occasionally remember to back up my data on an external hard drive; even still, if my dorm room were to burn down, my data would be gone. Not so with Google; if their headquarters burns down, they certainly have copies elsewhere. As far as security goes, I suspect it would be easier for my nemesis to physically steal my hard drive than it would be to break into Google’s storage network. Of course, these companies will need to develop methods for keeping this data secure as it travels across the Internet and onto my device, but that will be an interesting area for market competition.

The real concern for consumers and policy makers is privacy. Google in particular has come under fire for giving both employees and the U.S. government access to personal information. This has repercussions outside the U.S.; a number of Canadian companies and Universities have expressed anger over the U.S. government snooping through the private information they store on Google’s servers. Personally, I believe that Internet privacy is an oxymoron and as such every user should assume that any information submitted over the Internet is visible to the public. While this is probably a safe outlook to have about privacy, it would be nice if we could do better. If the U.S. government really cares about innovation and economic growth, it would be well served to examine the implications of its own privacy practices and work with corporations to foster an environment of trust.

http://www.engadget.com/2008/03/21/sony-hates-you-offers-50-fresh-start-option-to-build-your-la/

I figured this was relevant to the competition topic; even though Sony doesn’t have any sort of monopoly over computer hardware, the practice of bundling lots of useless software that people don’t want is common in the hardware industry. Aware of the market’s demand for less crap, Sony is charging $50 extra for them NOT to bundle the software. While pricing the bundled software at negative $50 might seem absurd at first (especially given that a tech-savvy consumer can manually achieve a “fresh start” by reformatting their hard drive), it actually makes some sense; a lot of the bundled software is probably from third parties that pay Sony to bundle their software. Like “free” services covered by advertising, bundled crap helps drive down the cost for consumers. Still, it’s a little unnerving that Sony is so blunt about this strategy.

The emergence of the Internet in the last fifteen years has drastically altered the landscape of our economy. A major problem facing many businesses today is how to profit most efficiently from new technology while avoiding the losses created by criminal activity such as copyright infringement. The music industry, like many pre-digital era industries, is struggling to develop new business models to thrive in the digital era. This is not to say that recording companies do not have a legitimate right to sue corporations and individuals who engage or facilitate copyright infringement; I would rather argue that without developing new business models to profit from the digital economy, there will be sufficient incentive for individuals to develop novel file sharing techniques and these industries will be fighting an endless war with their customers.

The music industry could learn a thing or two from their younger partners in the software industry. Software companies like Microsoft are threatened by free and open source alternatives to their premium priced software. Microsoft has begun to realize the economic realities of this new market, albeit slowly. Microsoft is taking a hint from Google’s playbook and aggressively entering the advertising industry with acquisitions like aQuantive and the proposed merger with Yahoo. Google has been wildly profitable without charging most users a penny. In an interview with the New York Times, J Allard, the Microsoft executive in charge of the Zune music player and download service, proposed just such a model for music:

If we had full rights to every piece of music recorded since the beginning of time, and we could choose what to do with it, we could build a dynamite service… It would be free and available on every device… There would be advertising. Or it would be a loss leader to a higher value proposition.

I don’t claim to know whether such a system would bring the recording industry the same degree of profitability as the pre-digital era. However, they have to come to grips with the modern reality that bits are free. Programmers will continually find ways to free those bits and share them, as can be seen with a slew of failed Digital Rights Management (DRM) regimes and the evolution of file sharing from Napster to BitTorrent. Instead of trying to keep up with hackers through their own technological efforts or legal recourse, the record industry needs to undergo a business revolution. They should be working with Apple, Microsoft, and Amazon to develop a music distribution system that is both profitable and eliminates incentives to cheat. Instead, the record companies are fighting tooth and nail to maintain an outdated system. For example, Microsoft developed a service where you can share music between Zunes, with a limited lifetime of 3 plays. In a sign of their obsession with extracting royalties out of every last play, Sony and Universal forced Microsoft to disable this feature on their songs, rendering it essentially useless. As an outsider, it seems mind boggling that they would oppose what seems like a brilliant free advertising scheme. After all, what is there to lose from a little bit of experimentation? Record companies still provide a valuable service of identifying artists and managing their recordings; they should leave the business of making this profitable in the digital world to their technologically innovative partners. There will certainly be more growing pains as the industry adapts, but it will be cheaper in the long run than waging an eternal War on Change.

Continuing a long tradition starting with AT&T’s monopoly over the telephone market, the United States government continues to support anti-competitive business models in the telecommunications industry. Under the current wireless model, users get to pick bundled packages from one of a small number of wireless providers like Verizon and AT&T. If you want the best network, you pick Verizon, but if you want an iPhone, you are stuck with AT&T. Since I prioritize network over device quality, I chose Verizon. Unfortunately, I’m stuck with a Motorola Razr running Verizon’s proprietary operating system. The user interface of my phone could at best be described as clunky, and the operating system itself is subpar. Apparently, none of the developers of the Verizon OS anticipated a user accumulating a large number of text messages without deleting them; I was very surprised when simply deleting text messages cured my phone’s extreme non-responsiveness. The current regime of wireless competition is analogous to the following hypothetical situation in the wired world: Comcast, as my cable provider, would require me to use hardware provided by one of their partners (say, Dell) and run a Comcast operating system and applications. Alternatively, I could connect to the Internet with Verizon DSL along with their proprietary hardware and software. If Comcast has better bandwidth but Verizon has better software and AT&T has better hardware, I am out of luck.

In comes Google to the rescue. Google is promoting their Open Handset Alliance, a network of stakeholder companies working toward promoting open standards for mobile devices. In particular, Google is developing a (mostly) open source phone operating system called Android. In addition, to ensure a market for this software, Google has used the upcoming auction for the 700 MHz spectrum as an opportunity to pursue greater openness in the wireless market. Google has succeeded at persuading the FCC to mandate a degree of openness by the winner of the auction. This is a big win for consumers. Under the Google proposed system, I can use whatever hardware or software I want, as long as it meets the network’s standards. Wireless companies will be selling only what they provide: their network. Hardware companies will be free to compete; Motorola will have to make better or cheaper phones to compete with iPhone, and software companies like Microsoft and Google will be free to compete for getting the best software possible on your phone as cheaply as possible. Google will give away their software in an effort to expand their user base to increase ad revenue. They can live by their “do no evil” mantra and make a whole lot of money, all while helping consumers like us. Excluding AT&T, everyone wins.

The danger of anonymous defamation has recently become a topic of discussion both internationally and on campus. The wikileaks.org case has received attention from international news media, while the controversial JuicyCampus has been a hot topic of discussion on campus recently, as covered on the front pages of the Daily Princetonian (February 22, 2008) and the Nassau Weekly (February 21, 2008).  JuicyCampus is a website that allows users to anonymously post anything they want (each university has its own section). The website essentially exists as a forum for the defamation of students. While the moral reprehensibility of this site seems clear, it is less clear whether or not the site and its postings are legally protected free speech. The extent to which JuicyCampus tries to prevent libel is one line in their FAQ – “you can’t post lies about people or groups – that’s called defamation and it’s illegal.” “Can’t” seems like a strong word here, given the likely proliferation of lies in threads such as “Sluttiest girl,” “Who is in the closet,” “Which Girls Take it Up the Ass,” and “[Jane Doe]: Wanna-be-Slut or Washed-out-Whore?” I imagine that there are plenty of factually untrue statements contained in these threads that could be construed as defamation. If an identifiable person published these same lies, that individual would be guilty of libel and subject to large damage payments. In one such case, a Florida court charged one blogger $11.3 million for her defamatory blog postings (USA Today, October 11, 2006). A single judgment on this scale would probably be large enough to shut down JuicyCampus.

So why should anonymous Internet users be free from defamation laws when individuals who choose to identify themselves are not? In exchange for anonymity, JuicyCampus becomes the de facto publisher of its content and must accept liability for any defamation contained within. JuicyCampus should have a detailed defamation policy of some kind and take an active stance against this crime. While internally tracking users is probably infeasible due to the ease of IP address cloaking (which they actively advocate in their privacy policy), they could have a simple defamation reporting mechanism where a user could claim to be defamed by a post; that user would be required to submit a detailed report on the nature of the claim including personal identification, and JuicyCampus could adjudicate these claims on a case by case basis, usually resulting in the post being taken down.

Realistically, I don’t expect JuicyCampus to take any such measures absent a court order. Furthermore, although removing defamatory posts would prevent monetary damages (i.e. a future employer reading the posts and withholding a job offer), the emotional harm done to the individual before the defamatory post is removed could justify a lawsuit. If anyone has the courage to take them on, I would encourage them to pursue legal advice. Although it may be too much to expect anonymous web publishers like JuicyCampus and blog hosts to monitor their users, it is a reasonable expectation for them to respond with due diligence to defamation claims or set up a mechanism for tracing their users in the event of a libel suit. While free speech is protected by the constitution, defamation is not; the Internet should not become a safe haven for libel. With the anonymity of the Internet, defamation has become easier than ever. Policy makers must find a way to effectively regulate anonymous speech without becoming big brother.