InfoTech and Public Policy

In his paper, Mr. Orin Kerr argued that the Patriot Act “added several key privacy protections.”  While Mr. Kerr’s assertions are still points of contention, I want to move beyond the debate about what the law means, and focus on the implementation of the law. 

Legislation, by its intrinsic nature, is vague.  Laws often leave the details to be filled in by the applicable agencies.  At the same time, agencies are conditioned to protect its “turf” and, if possible, expand their scope, size, and ultimately their budgets. 

The director of the FBI, Robert Muller, echoed this tendency when he proposed that his agency should have the authority to monitor all internet activities.  Currently, the Department of Homeland Security is responsible for protecting (and monitoring) government networks, pursuant to the “secret” January 2008 directive signed by President Bush.  The National Security Agency already proposed in a January 2008 Congressional hearing that it needs warrantless access to U.S. citizens’ Google search histories, private e-mails and file transfers, in order to spot the cyber-terrorists.  In many ways, we can see there is a multiple-department race to be the “internet security czar,” despite the fact that each department was created under different mandates, with different (albeit overlapping) missions.  The message from the departments, however, was the same – “Trust us.  Give us more power.  We will be responsible.”

The problem with that message is the history of governmental spying is littered with cases straddling the legal divide.  Most recently, in October of 2007, the NSA was implicated in spying of American citizens inside the U.S.  The NSA was allowed to conduct warrantless (including rove wiretapping) spying using all available resources beyond America’s borders.  However, in order to capture all communication messages, the NSA needed access to domestic communication system, something that it could not legally do.  So, it decided to ask American telecommunication companies to help.  Some companies cooperated; one balked.  Quest Communications refused NSA’s requests that came without a court order.  When details of this warrantless spying program was leaked to the public, many major communication companies (AT&T, Verizon, etc) asked for immunity, arguing that government officials should be held liable (and not the telecom) if the programs a telecom helped with were found to be illegal.  According to the FISA legislation, it is a crime to spy on Americans, except when authorized by law. 

The NSA director went even as far as asking for immunity for everyone who participated in that program.  At the same time, he had the audacity to turn around, and asked for expanding the NSA’s power to infiltrate domestic internet service providers and telecoms.  What would happen if Congress grants that authority to the NSA?  As a spy agency, what the NSA does is classified, and often, the only answer we will ever get is, “We assure you that our warrantless spying cases happened because getting the Court’s approval is impossible.  We cannot discuss anymore without going into classified materials.  End of discussion.”

As with many people, I agree that preventing and defeating terrorists’ attacks is a legitimate and important goal; and we need to change the law to catch up with technological changes.  However, we also need to understand that many agencies, by their very nature, would “push the envelope” on privacy protections built into the law.  The discussion of privacy and constitutional protection should never stop when the law is passed.  It should continue in the halls of Congressional committees’ hearings.  After all, who would keep the bureaucracy in check if Congress skirts its oversight responsibility? 

As Douglas Barnes had eloquently pointed out the market failures that allowed internet worms (and other variant cousins) to wreak havocs on the consumer, I would like to continue the case by laying out how government intervention can help improve consumer’s welfare.   Benevolent government interventions are better than no government intervention at all.

The software market is a lemon market.  Typical consumers cannot distinguish bad software from good software. Software publishers face perverse incentives to release software as soon as possible to gain market shares.  Once the software is bought, consumers have no recourse to return the products, except if the medium was defective.  With the proliferation of “medium-less license” software (download via the internet), when a consumer buys a piece of software, he or she has crossed a point of “no-return.”

The intervention for this case is rather straightforward.  Software publishers should be required to allow for a grace-period of 10 days, which should be long enough for the consumers to test the software.  The software should be fully functional during this period.  Many software publishers do this already in the form of demo, but the government should take a step further, mandating a baseline grace period for all software sold.  This should create incentives for software publishers to test for security flaws more thoroughly.  Many markets for other products are already under similar mandates.  For example, the state of California requires a grace period for used cars. 

The other reason for intervention is the consumers themselves.  Humans, unfortunately, are over-optimistic when estimating their chances of getting infected by worms and other evil lurkers on the internet.  It is a well-documented phenomenon in the psychology field.  People tend to see the future through “rose-colored glasses,” as the saying goes.  Hence, most people do not spend extra money to buy security software, if it does not come with the computer already. One possible solution is for the government to create a clear, immediate, and easy incentive for people to buy security software to protect their computers.  The easiest form is a voucher.  Anytime a person buys a computer, he or she will automatically get a voucher, which subsidizes most of the cost of basic security software.  If most consumers take advantage of the vouchers, they would inoculate themselves (and others) against most viruses and worms.  This will not be the first time nor the last time our government gives out technological related vouchers.  Our government is currently offering vouchers for digital television converters to help people with the transition to digital television.

Government intervention is warranted when there is a market failure and the intervention will make consumers better off.  Any intervention will face political obstacles, including opposition from the computer industry.  I believe that the clamor for intervention will happen when a hacker uses a crippling known software breach to render most personal computers useless for a considerable period of time.  The clamor for a “flyer’s bill of rights” erupted when there were massive airlines’ delays due to factors within the airlines’ control.  When will the software industry face the call?

In the “Globalization and Offshoring of Software” reading, the authors made references to the shortage of the high skilled technology workers in the United States, and hence, the obvious raison raison d’etre of the H1-B and L-1 visa programs. 

Currently, the H1-B program grants 65,000 temporary worker visas for high tech foreign workers to work in the U.S.  Proponents of the program – mainly high tech companies – want the increase the limit because they face critical shortage of computer engineers.  The critics charge that business interests abuse the program, import cheaper foreign workers, driving down wage.

It is undeniable that there are loopholes in the program that technology companies have taken full advantage.  The stated purpose of the program was to help American companies fill shortages of employees.  However, meeting the need for cheap dispensable labor source was the unstated driving purpose of the creation of the guest worker programs (including low-skill workers for agriculture). 

Foreign workers help businesses improve their bottom lines.  They generally are paid less their American counterparts, and are not afforded many labor and legal protections that American workers enjoy.  This is true for both high-skill and low-skill foreign workers.

A serious loophole is that companies are not required to prove labor shortage by advertising jobs in the U.S.  In other words, companies do not have to document (through job advertisement or job recruitment) that they cannot get American computer engineers take the jobs that they are filling with foreign workers through the H1-B visa program.  If there is indeed a labor shortage, why are American companies resisting efforts to institute such a requirement? 

Not only American companies are taking advantage of the program’s loopholes to keep shareholders happy, but foreign companies are also exploiting the gaps.  Three biggest users of the H1-B program are based in India – Infosys, Wipro, and Satyam – accounting for 8500 of the visas approved for 2007.  So much for the stated purpose of helping American companies filling labor shortage.

The debate over the H1-B visa program will inevitably lead to the larger debate of immigration reform.  The political dynamic of immigration reform is complex, with often involves strange bedfellows forming coalitions.  The potential future changes to the H1-B visa program will most likely be determined by politics, with every group trying to get the best possible outcome for its own interests.  However, the least we can expect from high tech business interests, in the case of H1-B visa program, is for them to be honest with what they really need and to accept reasonable disclosure requirements.

Many internet service providers (ISPs) have already signed or are considering contracts with advertising companies in tracking the activities of their customers.  This may sound benign or scary, depending on what you have been doing online.   Nevertheless, given the rising importance of internet advertising, the need to track customers’ activities for targeted advertisement would be an unstoppable wave.  In addition to government intervention, which we may need should ISPs go totally uncooperative, there are options that the end-users could advocate for that would significantly improve their privacy control.

First is the opt-in, opt-out notification screen.  There are basically four ways an ISP can get consent from their customers.  One way is to present customers with a screen with both an opt-in and an opt-out choice.  The second way is to have an opt-in screen first with an opt-out screen second.  The most transparent way is to set the default as opt-out, and ask if the customer wants to opt-in.  The least transparent way, and what I suspect is the preferred option by most advertising companies, is to set opt-in as a default and ask if people want to opt out.  In short, default matters. 

Psychological studies have found that people tend stay with the status quo, whatever that is.  In European countries where people are assumed to be organ donors unless they opt-out, eighty percent are donors.  In the U.S with an opt-in system where people have to indicate that they want to be donors, the rate is much lower – thirty percent.  Most Americans, however, indicate that they support organ donations. 

Advertising firms know this about human behavior.  The less transparent the opt-out process is, the more likely people will stick with the default.  Thus, as consumers, we must voice our concerns to ISPs about how we want them to get our permission to track us.  More specifically, if someone closes a pop-up window without making an explicit choice, the program should interpret the action as an opt-out (and not consent to have their surfing monitored).

There is currently no regulation that I know of requiring how or whether ISPs should inform their customers if their activities online are being monitored.  This is not the case with other activities.  Various laws prevent improper access by third parties to many of our activities – seeing a doctor, talking to a lawyer, or submitting a paper for class. 

Many ISPs and advertising companies would probably defend their practices by informing their customers about available websites where people can go to indicate that they do not want to participate in the tracking programs.  The problem – it is one more extra hurdle that customers have to cross to indicate their choices.  Behavioral marketing knows full well that the extra steps required could result in a significant number of people not making that extra effort.  This is the same mechanism working behind mail-in rebates for products.  Typically, less than half of the people eligible actually send in their rebate requests. 

It is time that we tell the ISPs and the advertising firms to stop playing games.  We know the tricks; give us what we want. 

When Virtual Reality Imitates Life

Yesterday – April 1 – Congress has simulcasted its first ever hearing in Second Life.   Note to stakeholders of Linden Research Inc (owner of Second Life), this is not April Fool’s Day news.  This is not so good news either.  I believe this is the first step is a long march of increasing governmental oversight over the virtual world, and rightly so.

Although Philip Rosedale, CEO of Linden Research (LR), downplayed many congressional concerns – consumer protection, privacy, child safety, banking, terrorism and addiction, the concerns are valid.  For example, the protection of minors is problematic, as with most online activities.  Second Life relies on its users to volunteer their true age information.  In order to soliciting minors, a sexual predator can gain access to children-only area simply by lying about his or her true age. 

Even though Second Life’s economic activities use the Linden dollar as a currency, it is convertible into the U.S. dollar.  Consequently, it provides fertile opportunities for money laundering and terrorism.  Theoretically, drug kingpins in Columbia can “wash” and send money through Second Life’s transactions to their brethrens in the U.S.  Terrorist cells can use Second Life as a medium of communication and send money to each other. 

Linden Research is starting to recognize that real-life problems do not stop at the door of its virtual universe.  It will increasingly find that the only way to address many issues in its virtual reality is to invite real-world regulations and solutions.  For example, stung by virtual “banking” fraud—a “banker” offered 40% interest rate to Second Life citizens then fled with $75,000 worth of real money— LR responded by inviting real-world banking regulations into its virtual universe.  Only legal and real-world incorporated banks can now offer “banking” services in Second Life.

It is almost an injustice to discuss the banking issue without mentioning the taxation issue.  With an economy of over $600 million and growing, Second Life will increasingly find it hard to escape the attention of the Ways and Means committee in Congress, which is in charge of setting tax policies.  Many Second Life users argue that the IRS should leave the virtual world alone.  How fair is it when other Americans are toiling long working hours and paying taxes on their incomes when users on Second Life, including some who depend entirely on profits from Second Life transactions for their real-world livelihood, pay no tax on such incomes?   

Mr. Rosedale can try to play the “ignorance is bliss” game for as long as he can, but the beginning of the end of virtual independence is here.  Policy makers are starting to notice as the scope and scale of virtual reality worlds such as Second Life increase.  LR and other owners of virtual universes should be proactive in working with policy makers to resolve real-world policy concerns.  It is very hard to remain invisible when a virtual world has over half a million users.  Google has already opened its first lobbying office in Washington.  It is never too early for LR and others to join the Beltway’s bubble.      

One of our fellow bloggers—SS—reported last week about the positive side of the recent 700Mhz spectrum auction.  The news was euphoric for a moment until economics 101 knocked me back to earth.  The open-access network rule—which Google lobbied hard for and got—promises to bring more choices—devices, services, applications— to the consumers.  However, prices probably will not come down.  For the average Joes and Janes out there (and not the technological trend-setting Princeton students), it is price that matters the most.

Make no mistake about it.  The auction was a big step forward.  The government increased its coffer—$19.2 billion to be exact.  The two biggest wireless providers—Verizon and AT&T—got one of the best beachfront wireless properties—most of the 700Mhz spectrum band.  At these new frequencies, wireless signal can penetrate deep walls and travel further than traditional wireless frequencies.  In short, consumers should expect to get better services and more device choices. 

That is where the good news stopped.  The purchases by the big two (T-Mobile and Sprint stayed put) solidify their hold on the wireless spectrum.  Verizon closes the gap with AT&T, which still has the widest wireless coverage and the biggest subscriber base.  The result is no new competition that will drive down prices.  The majority of the market will still be dominated by the big four along with pockets of niche and regional carriers. 

Even though Verizon promises to open their network for any handheld phones, it has no fear of allowing any new wireless carrier onto their network.  No new competition means less downward price pressure.  As a result, a consumer may notice improvement in wireless signal and services but unlikely to see lower bills.

Early adopters of technology may benefit from the potential new and better services being offer on the new frequencies, such as video streaming.  However, these new services may actually increase the consumers’ total bills.  It is a not-so-hidden secret that wireless carriers make most of their profits from the add-on services.  They will continue to push customers to pay for add-on services, even if they do not really need them.  Furthermore, additional service choices would probably not make any difference to grandma and grandpa.  They just want a phone that can make and receive calls. 

This is not to say that what happened was a negative step.  It was a huge leap toward a more effective spectrum management policy.  However, this serves as my caution that there are still tough battles ahead to foster competition among wireless providers and bring lower prices to the end users.    

While presidential candidates are touting healthcare reform plans that no one understands, something can actually be done now to improve the system’s efficiency and decrease healthcare’s soaring costs.   The cure is in the IT tools.  A bill being considered in the U.S. Senate (S. 2408) would require e-prescribing for Medicare patients.  Congressional Budget Office estimates moving to an electronic prescription system would save $3 billion.

Moving to an electronic prescription system makes sense.  Other European countries have done it.  In addition to cost saving benefits, e-prescribing helps eliminate medical errors from illegible prescriptions and bad drug interactions.  About 1.5 million preventable adverse drug events occur every year.

The legislation intend to pressure medical providers – pharmacies and doctors – to move toward the e-prescribing system by leveraging Medicare’s clout.  The federal government’s Medicaid and Medicare spending accounts for 60% of health care dollars spent.   The federal government simply uses its purchasing power to push for adoption. In order to do business with the federal government, medical providers have to use e-prescribing tools. 

Doctors and their lobbyists in Washington – such as the American Medical Association and the American Academy of Family Physicians – traditionally have been resistant to IT mandates, are now warming up to IT health mandates.  They have lobbied hard, and successfully able to insert financial incentives into the bill.  Doctors would get financial help – carrots – from the federal government when they switch to the e-prescribing system.  In essence, the cost of switching from paper to electronic will be borne by the U.S. government and ultimately American taxpayers.

Many kinks, however, still have to be ironed out.  Privacy concerns still linger.  Most technical issues are still unresolved – which software to drive the system, what are the requirements for software vendors, and how to implement system integration.   That is why the Centers for Medicare and Medicaid Services (CMS) propose setting compliance year in 2011. 

Last but not least, there is no guarantee that this bill would pass this year.  Past legislative attempts for IT health mandates failed due to strong opposition from medical providers.  It is a fact of life in Washington that it is much easier to obstruct rather than to pass legislation.  Now, perhaps sensing that such mandates are inevitable, the industry tries to mend the legislation into a more favorable form.  Even then, there are still big obstacles on the road.  We are still at war.  There will be a new president in the White House next year, which can change the calculus of the players in this battle.  If medical lobbyists feel that they can get a better deal next year, they will fight to stall.  On the contrary, if this is the best deal they can get, then we might see our prescriptions online soon.

More than one million people had donated to Barrack Obama’s presidential campaign.  This sent shockwaves across the universe of seasoned political operatives.  Many are still awestruck by the sheer number of donors alone.  I see it as the first sign post of the new internet democratic political revolution.  The little guys like me who can only donate $100 – chum change in presidential politics –   can finally have a say.

The 2008 presidential race is the first where embracing the Internet is not optional.  It will be a default feature of all future presidential campaigns.  Those who ignore it do so at their own perils.  The traditional top-down fundraising model will wither away while its ardent believers curse the plague of tech-driven politicking.

Fundraising on the internet is not a new vogue. Eli Pariser at Moveon.org figured this out years ago.  Relying on small internet donations, MoveOn.org raised $30 million during the 2004 election cycle.  The medium that MoveOn communicates with its members:  email.  It was unorthodox, if not crazy, a few years ago, to think of a political organization depending on virtual pathways for its lifeline—money.  MoveOn spurs traditional streams:  foundation money, grants, and tax-deductable donations.

On February 1, 2008,  MoveOn endorsed Barrack Obama, whose presidential campaign thus far has the most successful online fundraising operations in history.  The Hillary Clinton presidential campaign lags far behind Obama’s online operations.  Its chief strategist, Mark Penn, has chosen to ignore the power of the Internet for the old traditional top-down regime.  Hillary Clinton campaign raised $20 million online in February 2008 – a very impressive number given that the Republican nominee, John McCain, raised $12 million in total receipts for February. Many have estimated that the Obama campaign raised $50 million total for the month, with most of it coming in from small online donations.

Technology will continue to increase political participation while rendering old orthodox operations obsolete.  For example, consider the roles of Bush’s famous “Rangers” and “Pioneers” – political fundraising juggernauts— who can haul in more cash for political campaigns than bank’s armored trucks.  These fundraisers have enormous political weight.  Through their connections, they can raise hundreds of thousand each for a particular candidate.  The current-soon-to-be-outdated playbook calls for candidates to build relationships with wealthy individuals, who can give the maximum amount - $2300 per year. 

It is increasingly obvious that the number of wealthy individuals who can give the maximum is a finite one.  $2300 is chum change in comparison to the $500 million that a presidential candidate needs to carry through the entire campaign.  There are simply more people who can give small donations.  Barrack Obama demonstrates that a large small-donation donor base can surpass the prowess of traditional model. The bandwidth of the internet can crack through the wall plastered by fundraisers.

The infancy chapter in the internet democratic revolution is still being written.  The “YouTube phenomenon” – free political advertisement videos— is creeping at the heels of paid TV advertisements. FaceBook and MySpace provide voters the feeling of being a part of a community without having to meet up at political rallies.  And thirty years from now, there will be no line item for postage costs in campaign budgets. 

One in four Americans are on MySpace.  Close to a third of its users are under the age of 18.  There are over sixty million active Facebook profiles.  The problem for the bloggers and vloggers (video bloggers) and the generation Me – those that have virtual online profiles—is that there is no real eraser button on the internet.

The U.S. Supreme Court has ruled that whenever a third party possesses personal information, there is no reasonable expectation of privacy.  What can the MySpacing masses do when they grow up and face the time machine called Google? Little indiscretions many years ago thought to be buried deep inside the profiles of social networking sites can come back to life via Google searches.  Jobs can hang in the balance of those searches.

Google is becoming a way for bosses and headhunters to do stealthy checks to find information that is legally off limits during interviews –marital status, fraternity franks, and the names and ages of your family members.  Of course, this info can be had for a nominal fee from data mining companies.  But why pay when you can do the searches yourself, fast and free?  A lawyer friend once jokingly told me, with a serious tone, that Googling will replace the discovery process. 

The main problem with Google searches is that it is hard to discern truthful information from fabricated ones.  A profile for Mary Jane could have been setup by John Smith.  Pictures can be photoshoped.  What should employers do when their potential employees were subjects of gossips on JuicyCampus.com?  During an interview, a person would have the opportunity to correct wrong information.  What can a person do when there is incorrect personal information in Google’s universe?  There is no recourse.

We have not even discussed the potential role of big brother in this.  The Fourth Amendment protects Americans from government’s intrusions such as collecting personal information directly.  However, the government can run around privacy laws by buying personal data from third-party data mining companies.        

To address the shortcoming of current privacy laws, Daniel Solove and Chris Haoofnagle have proposed a model regime for privacy protection.  On Capitol Hill, congressional staffers would probably call it the “Fair Data Mining and Reporting Act.”  Aside from the usual potential suspects opposing such bill –namely commercial data mining companies and business interests, another strong obstacle would be the lack of proponents.  The critical masses that would benefit the most from such a bill are still too busy massaging their online identities, and perhaps not realizing the dangers yet.   Consumer protection groups would have a hard time explaining internet privacy concerns to grandmas and grandpas who are not even on the net. 

In other words, there would be no Fair Data Mining and Reporting Act anytime soon.  In the mean time, what can a member of Generation Me do?  Be careful of what you post online.  It may also be helpful to be a little narcissistic – Google yourself and monitor your online identity.

Last week, one set of headlines called attention to the fact that more Hispanic households than other households will be left behind in the digital television transition.  This week, a NY Times’ headline calls attention to the digital divide in Silicon Valley – the vanishing middle-class workforce.   Two seemingly different issues, and yet, there is a strong connection between two.

On February 17, 2009, broadcast television stations will turn off their analog signals and start transmitting only in digital.  Televisions without a built-in digital tuner will no longer be able to receive over-the-air signals unless they get a special box to change the signals back to analog.  According to Nielsen Media Research, in comparison to other groups, Hispanic households are the least ready for this transition.

This maybe a surprise to some, but it should not be.  On average, we should expect the digital divide to manifest along the cleavages of racial lines.  Non-Hispanic white and Asian households tend to have higher household income levels than African-American and Hispanic households.  Such income inequality often translates into wide gaps with respect to access to technology, such as high-speed internet connections.  It is no surprise then, that minorities such as Hispanics are the least ready in term of having enough digital-ready television sets. 

On the other hand, we are also witnessing a vanishing middle class.  The American economy enjoys many comparative advantages in jobs that require advanced skills.  Often these advanced skills require technological knowledge.  We often heard that politicians, from both sides of the political spectrum, expressing their disdain for the importation of foreign workers for white-collar technology-related jobs.  The answer to such problem lays in equipping and training a competitive domestic workforce.  Given that Hispanic is the largest minority group in the country, it is a fertile recruiting ground for a competitive workforce.

Information technology programs often complaint that they do not get enough minority students, such as Hispanics, to apply.  The reason, I suspect, is not that Hispanic students are not interested or not capable, but rather they were not given opportunities early on to be interested in such careers. 

For example, consider a poor female urban thirteen year-old Hispanic student.  Both her parents work and make barely enough to cover for expenses.  She does not have a computer at home; her primary access to the internet is through her school, which blocks access to social networking sites such as MySpace and YouTube.  When she gets to college, while most of her friends are busying updating their Facebook’s profiles and uploading class presentation videos on YouTube, she receives her first computer by way of financial aid.  She is so behind her peers with respect to information technology that catching up is a daily challenge.

If we multiply this case by the thousand, then these cases represent the lost opportunities of training and recruiting the next generation of American workers.  If we, as a society, do not provide equal access to technological resources, we will not get optimal outcomes.  The future of the American economy depends greatly on training enough workers with advanced skills to be competitive in a global economy.  The social investment for technological knowledge needs to start now, and to start early with Hispanics and African-Americans children.  The health of our future depends on them.