Contractual Omnipotence

I have to disagree, Tim. It’s true that the ISPs are currently stuck playing whack-a-mole with users who violate the TOS. Beyond a certain point it’s not worth their time: if I set up a web server on port 80 I’m pretty sure I’d get an angry letter — but they’re not going to find the SSH daemon I run on a non-standard port. Right now it’s technical users who find themselves butting up against the TOS. And there’s the problem: technical users can find ways around the countermeasures.

But if a popular application ran afoul of an ISP, it would typically be pretty easy for them to block or throttle it — it’ll use an established port or identifiable headers. And the nontechnical users who’re using it won’t have any recourse.

Of course, the app author can keep issuing new releases, but that cat and mouse game is likely to result in the same situation: technical users do what they want and average users remain stymied.

The exception to all of this is encryption, of course, which the ISPs can’t examine. Some, like Rogers, have decided to just throttle all encrypted traffic. I doubt their customers will let them get away with that for too long, though.

I have to disagree, Tim. It’s true that the ISPs are currently stuck playing whack-a-mole with users who violate the TOS. Beyond a certain point it’s not worth their time: if I set up a web server on port 80 I’m pretty sure I’d get an angry letter — but they’re not going to find the SSH daemon I run on a non-standard port. Right now it’s technical users who find themselves butting up against the TOS. And there’s the problem: technical users can find ways around the countermeasures.

But if a popular application ran afoul of an ISP, it would typically be pretty easy for them to block or throttle it — it’ll use an established port or identifiable headers. And the nontechnical users who’re using it won’t have any recourse.

Of course, the app author can keep issuing new releases, but that cat and mouse game is likely to result in the same situation: technical users do what they want and average users remain stymied.

The exception to all of this is encryption, of course, which the ISPs can’t examine. Some, like Rogers, have decided to just throttle all encrypted traffic. I doubt their customers will let them get away with that for too long, though.

Tom, that’s a good point. Obviously, if my grandpa’s ISP wanted to stop him from sending me email, it would be able to do that without too much difficulty.

But I think it’s important to keep in mind that Lessig and Lemley, at least, are specifically focused on the incentives for the creation of new applications. To give you a bit more context from that quote:

One example of this cost to innovation is the uncertainty that is created for future applications of broadband technology. One specific set of such applications are those that count on the Internet being “always on.” Applications are being developed, for example, that would allow the Net to monitor home security, or the health of an at-risk resident. These applications would depend upon constant Internet access. Whether, as a software designer, it makes sense to develop such applications depends in part upon the likelihood that they could be deployed in broadband cable contexts. Under the e2e design of the Internet, this would not be a question. The network would carry everything; the choice about use would be made by the user. But under the design proposed by the cable broadband, AT&T and Time Warner affiliates would have the power to decide whether these particular services would be “permitted” on the cable broadband network. Cable has already exercised this power to discriminate against some services. They have given no guarantee of non-discrimination in the future. Thus if cable companies decided that such services would not be permitted, the return to an innovator would be reduced by the proportion of the residential broadband market controlled by cable.

The concern here is clearly about stifling new entrepreneurs who might be thinking about developing a new application that doesn’t yet have a significant user base. If they have to get the ISP’s permission before deploying their application, they might decide it’s not worth the trouble, and that would be bad for all of us.

But new applications are, by definition, adopted first by early adopters–the sort of people who would know how to download a patch if their favorite bleeding-edge application stopped working. It’s only years later that a popular application is adopted by non-geeks (I got my mother on AIM for the first time about a year ago).

The worry, as I understand it, has always been that an ISP will strangle a new application in its cradle before it reaches the masses. I think it’s generally acknowledged that once an application is popular enough that my mother is using it, there isn’t much reason to worry about an ISP trying to kill it—if for no other reason than it would swamp their tech support staff.

A good practical example of this, I think, is third-party IM clients, which found themselves in the crosshairs not of ISPs but of Yahoo and AOL earlier in this decade. IIRC, popular third-party clients like Trillium, GAIM, and Fire got to the point where the relevant libraries were all shared among clients, and changes were incorporated into new versions of the clients within a matter of days, if not hours. True, my mother wasn’t using those clients, but there were hundreds of thousands of ordinary users, many of them non-programmers, who were. It didn’t take that long before AOL and Yahoo! gave up.

Anyway, my point isn’t that it’s never possible for ISPs to handicap applications they don’t like. But the papers I’ve been reading seem to regard TOS’s as magic wands that can prohibit categories of traffic they don’t like at near-zero cost. At best, ISPs will be able to block applications they don’t like at a cost in terms of negative PR, angry tech support calls, etc, and the magnitude of those costs will be proportionate to the number of users using the application being blocked. It may be overstating things to say that those costs will always exceed the benefit to the ISP of instituting a block, but I think it’s at least as misguided to assume that broadband providers “have the power to decide whether these particular services would be ‘permitted’ on the cable broadband network” without considering the constraints they face.

Tom, that’s a good point. Obviously, if my grandpa’s ISP wanted to stop him from sending me email, it would be able to do that without too much difficulty.

But I think it’s important to keep in mind that Lessig and Lemley, at least, are specifically focused on the incentives for the creation of new applications. To give you a bit more context from that quote:

One example of this cost to innovation is the uncertainty that is created for future applications of broadband technology. One specific set of such applications are those that count on the Internet being “always on.” Applications are being developed, for example, that would allow the Net to monitor home security, or the health of an at-risk resident. These applications would depend upon constant Internet access. Whether, as a software designer, it makes sense to develop such applications depends in part upon the likelihood that they could be deployed in broadband cable contexts. Under the e2e design of the Internet, this would not be a question. The network would carry everything; the choice about use would be made by the user. But under the design proposed by the cable broadband, AT&T; and Time Warner affiliates would have the power to decide whether these particular services would be “permitted” on the cable broadband network. Cable has already exercised this power to discriminate against some services. They have given no guarantee of non-discrimination in the future. Thus if cable companies decided that such services would not be permitted, the return to an innovator would be reduced by the proportion of the residential broadband market controlled by cable.

The concern here is clearly about stifling new entrepreneurs who might be thinking about developing a new application that doesn’t yet have a significant user base. If they have to get the ISP’s permission before deploying their application, they might decide it’s not worth the trouble, and that would be bad for all of us.

But new applications are, by definition, adopted first by early adopters–the sort of people who would know how to download a patch if their favorite bleeding-edge application stopped working. It’s only years later that a popular application is adopted by non-geeks (I got my mother on AIM for the first time about a year ago).

The worry, as I understand it, has always been that an ISP will strangle a new application in its cradle before it reaches the masses. I think it’s generally acknowledged that once an application is popular enough that my mother is using it, there isn’t much reason to worry about an ISP trying to kill it—if for no other reason than it would swamp their tech support staff.

A good practical example of this, I think, is third-party IM clients, which found themselves in the crosshairs not of ISPs but of Yahoo and AOL earlier in this decade. IIRC, popular third-party clients like Trillium, GAIM, and Fire got to the point where the relevant libraries were all shared among clients, and changes were incorporated into new versions of the clients within a matter of days, if not hours. True, my mother wasn’t using those clients, but there were hundreds of thousands of ordinary users, many of them non-programmers, who were. It didn’t take that long before AOL and Yahoo! gave up.

Anyway, my point isn’t that it’s never possible for ISPs to handicap applications they don’t like. But the papers I’ve been reading seem to regard TOS’s as magic wands that can prohibit categories of traffic they don’t like at near-zero cost. At best, ISPs will be able to block applications they don’t like at a cost in terms of negative PR, angry tech support calls, etc, and the magnitude of those costs will be proportionate to the number of users using the application being blocked. It may be overstating things to say that those costs will always exceed the benefit to the ISP of instituting a block, but I think it’s at least as misguided to assume that broadband providers “have the power to decide whether these particular services would be ‘permitted’ on the cable broadband network” without considering the constraints they face.

Tim,

In the long run, it’s not at all clear to me that this is a battle ISPs could win, even if they had free rein to implement any policies they wanted without fear of regulatory intervention.

But that implies that it’s appropriate to be treating this as a battle, something that we should have to fight for. It’s already largely our infrastrucutre. It’s not about the inability of AT&T or whoever to enforce their policies, but rather (at least for me) about the subtle premises surrounding this issue.

AT&T didn’t get where they are solely because of their market prowess – they got there through privilege, subsidy, and regulatory advantage. A lot of their power to set the terms about how individuals can use the infrastructure they run was not because they served their customers well. I fail to see how they can support regulation in their favor and then balk at regulation that constrains them.

The point being that this isn’t about regulating the utilities’ private property. For all intents and purposes, they are not private entities. And if it’s not their private property to do with as they see fit, why should they be the lone policy makers? I agree that getting gov’t involved is bound to be crappy for everybody, gov’t has been involved the whole time – that’s why we’re in this mess, and don’t have more choices.

The idea that we should have to sneak around on the infrastructure we helped build is ridiculous.

Tim,

In the long run, it’s not at all clear to me that this is a battle ISPs could win, even if they had free rein to implement any policies they wanted without fear of regulatory intervention.

But that implies that it’s appropriate to be treating this as a battle, something that we should have to fight for. It’s already largely our infrastrucutre. It’s not about the inability of AT&T; or whoever to enforce their policies, but rather (at least for me) about the subtle premises surrounding this issue.

AT&T; didn’t get where they are solely because of their market prowess – they got there through privilege, subsidy, and regulatory advantage. A lot of their power to set the terms about how individuals can use the infrastructure they run was not because they served their customers well. I fail to see how they can support regulation in their favor and then balk at regulation that constrains them.

The point being that this isn’t about regulating the utilities’ private property. For all intents and purposes, they are not private entities. And if it’s not their private property to do with as they see fit, why should they be the lone policy makers? I agree that getting gov’t involved is bound to be crappy for everybody, gov’t has been involved the whole time – that’s why we’re in this mess, and don’t have more choices.

The idea that we should have to sneak around on the infrastructure we helped build is ridiculous.

I agree that getting gov’t involved is bound to be crappy for everybody, gov’t has been involved the whole time – that’s why we’re in this mess, and don’t have more choices.

Jeremy, I’m not sure we’re in a mess, or at least it’s not obvious that the mess couldn’t get a lot worse if we got the govenrment more involved. Keep in mind that this isn’t just a debate about whether to regulate Verizon and AT&T. It’s also a debate about whether to regulate “pure” Internet telephony companies like Level 3 and Global Crossing, and smaller providers of Internet access like hotels and coffee shops. Perhaps most importantly, any regulations passed now would apply to new entrants in the broadband market, such as the winners of next year’s spectrum auction.

In any event, this post isn’t trying to lay out the whole argument against regulation. I’m just pointing out that the proponents of such regulations routinely over-state the risk to innovation faced by broadband discrimination. It certainly is distasteful to contemplate consumers having to sneak around in order to run disfavored applications. But that’s not as distasteful as what Lessig and Lemley were claiming, which is that innovative applications wouldn’t be able to run at all. I think that in weighing costs and benefits, it’s important that we estimate each accurately.

I agree that getting gov’t involved is bound to be crappy for everybody, gov’t has been involved the whole time – that’s why we’re in this mess, and don’t have more choices.

Jeremy, I’m not sure we’re in a mess, or at least it’s not obvious that the mess couldn’t get a lot worse if we got the govenrment more involved. Keep in mind that this isn’t just a debate about whether to regulate Verizon and AT&T.; It’s also a debate about whether to regulate “pure” Internet telephony companies like Level 3 and Global Crossing, and smaller providers of Internet access like hotels and coffee shops. Perhaps most importantly, any regulations passed now would apply to new entrants in the broadband market, such as the winners of next year’s spectrum auction.

In any event, this post isn’t trying to lay out the whole argument against regulation. I’m just pointing out that the proponents of such regulations routinely over-state the risk to innovation faced by broadband discrimination. It certainly is distasteful to contemplate consumers having to sneak around in order to run disfavored applications. But that’s not as distasteful as what Lessig and Lemley were claiming, which is that innovative applications wouldn’t be able to run at all. I think that in weighing costs and benefits, it’s important that we estimate each accurately.