Andrea Castillo and I have a new paper out from the Mercatus Center entitled “Why the Cybersecurity Framework Will Make Us Less Secure.” We contrast emergent, decentralized, dynamic provision of security with centralized, technocratic cybersecurity plans. Money quote:
The Cybersecurity Framework attempts to promote the outcomes of dynamic cybersecurity provision without the critical incentives, experimentation, and processes that undergird dynamism. The framework would replace this creative process with one rigid incentive toward compliance with recommended federal standards. The Cybersecurity Framework primarily seeks to establish defined roles through the Framework Profiles and assign them to specific groups. This is the wrong approach. Security threats are constantly changing and can never be holistically accounted for through even the most sophisticated flowcharts. What’s more, an assessment of DHS critical infrastructure categorizations by the Government Accountability Office (GAO) finds that the DHS itself has failed to adequately communicate its internal categories with other government bodies. Adding to the confusion is the proliferating amalgam of committees, agencies, and councils that are necessarily invited to the table as the number of “critical” infrastructures increases. By blindly beating the drums of cyber war and allowing unfocused anxieties to clumsily force a rigid structure onto a complex system, policymakers lose sight of the “far broader range of potentially dangerous occurrences involving cyber-means and targets, including failure due to human error, technical problems, and market failure apart from malicious attacks.” When most infrastructures are considered “critical,” then none of them really are.
We argue that instead of adopting a technocratic approach, the government should take steps to improve the existing emergent security apparatus. This means declassifying information about potential vulnerabilities and kickstarting the cybersecurity insurance market by buying insurance for federal agencies, which experienced 22,000 breaches in 2012. Read the whole thing, as they say.
Today on Capitol Hill, the House Energy and Commerce Committee is holding a hearing on the NTIA’s recent announcement that it will relinquish its small but important administrative role in the Internet’s domain name system. The announcement has alarmed some policymakers with a well-placed concern for the future of Internet freedom; hence the hearing. Tomorrow, I will be on a panel at ITIF discussing the IANA oversight transition, which promises to be a great discussion.
My general view is that if well executed, the transition of the DNS from government oversight to purely private control could actually help secure a measure of Internet freedom for another generation—but the transition is not without its potential pitfalls. Continue reading →
The Internet began as a U.S. military project. For two decades, the government restricted access to the network to government, academic, and other authorized non-commercial use. In 1989, the U.S. gave up control—it allowed private, commercial use of the Internet, a decision that allowed it to flourish and grow as few could imagine at the time.
Late Friday, the NTIA announced its intent to give up the last vestiges of its control over the Internet, the last real evidence that it began as a government experiment. Control of the Domain Name System’s (DNS’s) Root Zone File has remained with the agency despite the creation of ICANN in 1998 to perform the other high-level domain name functions, called the IANA functions.
The NTIA announcement is not a huge surprise. The U.S. government has always said it eventually planned to devolve IANA oversight, albeit with lapsed deadlines and changes of course along the way.
The U.S. giving up control over the Root Zone File is a step toward a world in which governments no longer assert oversight over the technology of communication. Just as freedom of the printing press was important to the founding generation in America, an unfettered Internet is essential to our right to unimpeded communication. I am heartened to see that the U.S. will not consider any proposal that involves IANA oversight by an intergovernmental body.
Relatedly, next month’s global multistakeholder meeting in Brazil will consider principles and roadmaps for the future of Internet governance. I have made two contributions to the meeting, a set of proposed high-level principles that would limit the involvement of governments in Internet governance to facilitating participation by their nationals, and a proposal to support experimentation in peer-to-peer domain name systems. I view these proposals as related: the first keeps governments away from Internet governance and the second provides a check against ICANN simply becoming another government in control of the Internet.
Yesterday, an administrative judge ruled in Huerta v. Pirker that the FAA’s “rules” banning commercial drones don’t have the force of law because the agency never followed the procedures required to enact them as an official regulation. The ruling means that any aircraft that qualifies as a “model aircraft” plausibly operates under laissez-faire. Entrepreneurs are free for now to develop real-life TacoCopters, and Amazon can launch its Prime Air same-day delivery service.
Laissez-faire might not last. The FAA could appeal the ruling, try to issue an emergency regulation, or simply wait 18 months or so until its current regulatory proceedings culminate in regulations for commercial drones. If they opt for the last of these, then the drone community has an interesting opportunity to show that regulations for small commercial drones do not pass a cost-benefit test. So start new drone businesses, but as Matt Waite says, “Don’t do anything stupid. Bad actors make bad policy.”
Kudos to Brendan Schulman, the attorney for Pirker, who has been a tireless advocate for the freedom to innovate using drone technology. He is on Twitter at @dronelaws, and if you’re at all interested in this issue, he is a great person to follow.
It seems to me that a lot of the angst about the Comcast-Netflix paid transit deal results from a general discomfort with two-sided markets rather than any specific harm caused by the deal. But is there any reason to be suspicious of two-sided markets per se?
Consider a (straight) singles bar. Men and women come to the singles bar to meet each other. On some nights, it’s ladies’ night, and women get in free and get a free drink. On other nights, it’s not ladies’ night, and both men and women have to pay to get in and buy drinks.
There is no a priori reason to believe that ladies’ night is more just or efficient than other nights. The owner of the bar will benefit if the bar is a good place for social congress, and she will price accordingly. If men in the area are particularly shy, she may have to institute a “mens’ night” to get them to come out. If women start demanding too many free drinks, she may have to put an end to ladies’ night (even if some men benefit from the presence of tipsy women, they may not be as willing as the women to pay the full cost of all of the drinks). Whether a market should be two-sided or one-sided is an empirical question, and the answer can change over time depending on circumstances.
Some commentators seem to be arguing that two-sided markets are fine as long as the market is competitive. Well, OK, suppose the singles bar is the only singles bar in a 100-mile radius? How does that change the analysis above? Not at all, I say.
Analysis of two-sided markets can get very complex, but we shouldn’t let that complexity turn into reflexive opposition.
The volatility of Bitcoin prices is one of the strongest headwinds the currency faces. Unfortunately, until my quantitative analysis last month, most of the discussion surrounding Bitcoin volatility so far has been anecdotal. I want to make it easier for people to move beyond anecdotes, so I have created a Bitcoin volatility index at btcvol.info, which I’m hoping can become or inspire a standard metric that people can agree on.
The volatility index at btcvol.info is based on daily closing prices for Bitcoin as reported by CoinDesk. I calculate the difference in daily log prices for each day in the dataset, and then calculate the sample standard deviation of those daily returns for the preceding 30 days. The result is an estimate of how spread out daily price fluctuations are—volatility.
The site also includes a basic API, so feel free to integrate this volatility measure into your site or use it for data analysis.
I of course hope that Bitcoin volatility becomes much lower over time. I expect both the maturing of the ecosystem as well as the introduction of a Bitcoin derivatives market will cause volatility to decrease. Having one or more volatility metrics will help us determine whether these or other factors make a difference.
You can support btcvol.info by spreading the word or of course by donating via Bitcoin to the address at the bottom of the site.
I am speaking on a panel tomorrow at the Dirksen Senate Office Building at an R Street Institute event on patent reform. Here’s R Street’s description:
The patent reform debate has been painted as one of inventors vs. patent troll victims. Yet these two don’t have to be enemies. We can protect intellectual property, and stomp out patent trolls.
If you’re just tuning in, patent trolls are entities that hoard overly broad patents, but do not use them to make goods or services, or advance a useful secondary market. While there’s a place for patent enforcement, these guys take it way too far.
These entities maliciously threaten small businesses, inventors, and consumers, causing tens of billions in economic damage each year. Since litigation costs millions of dollars, businesses are forced to settle even when the claim against them is spurious.
Fortunately, with growing awareness and support, the patent trolls’ lucrative racket is in jeopardy. With Obama’s patent troll task force, the passage of the Innovation Act in the House, state legislation tackling demand letters, and further action in the courts, we appear to be closer than ever to achieving real reform.
Please join us for a lunch and panel discussion of the nature of the patent troll problem, the industries it affects, and the policy solutions being considered.
Zach Graves, Director of Digital Marketing & Policy Analyst, R Street Institute (Moderator)
Eli Dourado, Research Fellow, Mercatus Center
Whitaker L. Askew, Vice President, American Gaming Association
Robin Cook, Assistant General Counsel for Special Projects, Credit Union National Association
Julie Hopkins, Partner, Tydings & Rosenberg LLP
The festivities begin at noon. The event is open to the public, and you can register here.
In an op-ed at CNN, Ryan Calo argues that the real drone revolution will arrive when ordinary people can own and operate app-enabled drones. Rather than being dominated by a few large tech companies, drones should develop along the lines of the PC model: they should be purchasable by consumers and they should run third-party software or apps.
The real explosion of innovation in computing occurred when devices got into the hands of regular people. Suddenly consumers did not have to wait for IBM or Apple to write every software program they might want to use. Other companies and individuals could also write a “killer app.” Much of the software that makes personal computers, tablets and smartphones such an essential part of daily life now have been written by third-party developers.
Once companies such as Google, Amazon or Apple create a personal drone that is app-enabled, we will begin to see the true promise of this technology. This is still a ways off. There are certainly many technical, regulatory and social hurdles to overcome. But I would think that within 10 to 15 years, we will see robust, multipurpose robots in the hands of consumers.
I agree with Ryan that a world where only big companies can operate drones is undesirable. His vision of personal drones meshes well with my argument in Wired that we should see airspace as a platform for innovation.
This is why I am concerned about the overregulation of drones. Big companies like Amazon, Apple, and Google will always have legal departments that will enable them to comply with drone regulations. But will all of us? There are economies of scale in regulatory compliance. If we’re not careful, we could regulate the little guy out of drones entirely—and then only big companies will be able to own and operate them. This is something I’m looking at closely in advance of the FAA proceedings on drones in 2014.
Everyone seems to be worried about Bitcoin’s carbon footprint lately. Last week, an article on Quartz claimed that Bitcoin miners are spending $17 million per day on electricity in order to reap $4.4 million worth of bitcoins. And Yesterday, Pando Daily ran a piece that ominously warned about Bitcoin’s carbon footprint.
One problem with both of these pieces is that they seem to rely on electricity consumption estimates from blockchain.info. While this site is great for getting stats about the Bitcoin network, it’s not such a great site for estimating electricity consumption. Blockchain.info clearly states that it is using an estimate of 650 Watts per gigahash [per second, I assume] in its electricity calculations. While this may have been a good estimate of the efficiency of the Bitcoin network when the page was first created, the network has become much more efficient since then. Archive.org shows that the 650W/GH/s figure was used on the earliest cached copy of the page, from December 2, 2011; yes, that is over two years ago. Continue reading →
Gordon Crovitz has an excellent column in today’s Wall Street Journal in which he accurately diagnoses the root cause of our patent litigation problem: the Federal Circuit’s support for extensive patenting in software.
Today’s patent mess can be traced to a miscalculation by Jimmy Carter, who thought granting more patents would help overcome economic stagnation. In 1979, his Domestic Policy Review on Industrial Innovation proposed a new Federal Circuit Court of Appeals, which Congress created in 1982. Its first judge explained: “The court was formed for one need, to recover the value of the patent system as an incentive to industry.”
The country got more patents—at what has turned out to be a huge cost. The number of patents has quadrupled, to more than 275,000 a year. But the Federal Circuit approved patents for software, which now account for most of the patents granted in the U.S.—and for most of the litigation. Patent trolls buy up vague software patents and demand legal settlements from technology companies. Instead of encouraging innovation, patent law has become a burden on entrepreneurs, especially startups without teams of patent lawyers.
I was pleased that Crovitz cites my new paper with Alex Tabarrok:
A system of property rights is flawed if no one can know what’s protected. That’s what happens when the government grants 20-year patents for vague software ideas in exchange for making the innovation public. In a recent academic paper, George Mason researchers Eli Dourado and Alex Tabarrok argued that the system of “broad and fuzzy” software patents “reduces the potency of search and defeats one of the key arguments for patents, the dissemination of information about innovation.”
Current legislation in Congress makes changes to patent trial procedure in an effort to reduce the harm caused by patent trolling. But if we really want to solve the trolling problem once and for all, and to generally have a healthy and innovative patent system, we need to get at the problem of low-quality patents, especially in software. The best way to do that is to abolish the Federal Circuit, which has consistently undermined limits on patentable subject matter.