March 2013

Marc Ambinder has some phenomenal reporting in Foreign Policy today about how the NSA assists companies that are the victims of (usually Chinese) cyberespionage. It is a must read.

One thing we learn: “Cyber-warfare directed against American companies is reducing the gross domestic product by as much as $100 billion per year, according to a recent National Intelligence Estimate.”
That is just slightly more than half a percent of GDP, which puts the scope of the threat in perspective.

The most interesting thing, though, is this:

In the coming weeks, the NSA, working with a Department of Homeland Security joint task force and the FBI, will release to select American telecommunication companies a wealth of information about China’s cyber-espionage program, according to a U.S. intelligence official and two government consultants who work on cyber projects. Included: sophisticated tools that China uses, countermeasures developed by the NSA, and unique signature-detection software that previously had been used only to protect government networks.

Press reports have indicated that the Obama administration plans to give certain companies a list of domain names China is known to use for network exploitation. But the coming effort is of an entirely different scope. These are American state secrets.

Very little that China does escapes the notice of the NSA, and virtually every technique it uses has been tracked and reverse-engineered. For years, and in secret, the NSA has also used the cover of some American companies – with their permission – to poke and prod at the hackers, leading them to respond in ways that reveal patterns and allow the United States to figure out, or “attribute,” the precise origin of attacks. The NSA has even designed creative ways to allow subsequent attacks but prevent them from doing any damage. Watching these provoked exploits in real time lets the agency learn how China works.

Will you look at that? Information sharing between the government and the private sector without liability protection. Even more than information sharing, it seems some businesses are allowing the NSA to monitor their systems.

As I’ve said before, there is nothing preventing the government from sharing information about cyberattacks with the private sector. Legislation isn’t required to allow that. As for businesses sharing information with government, they too are free to do so. The only question is whether they should get a free pass for violating contracts or breaking the law when they share in the name of security. I think that would be a mistake.

As Ambiner points out, “the NSA’s reputation has been tarnished by its participation in warrantless surveillance[.]” People don’t trust the NSA with good reason. Security is important, but so are civil liberties. Removing the possibility of liability would also remove any incentive companies might have to be a check on what information the NSA collects. Ambinder writes that given their experience with the warrantless wiretapping program, today “telecoms are wary of cooperating with the NSA beyond the scope of the law.” That’s as it should be. Do we really want to give companies cover to cooperate with the NSA beyond the scope of the law?

According to Ambinder, the NIE suggests “that the NSA will have to perform deep packet inspection on private networks at some point.” (This is the so-called EINSTEIN 3 system This doesn’t sound like a good idea, but if it is to happen, it should be debated in public. Liability protection might allow businesses to allow the NSA to employ the system in secret.

In remarks delivered at the Hudson Institute today, Federal Communications Commissioner Ajit Pai outlined two paths for the Internet Protocol (or IP) transition: One that clings to a legacy of heavily-regulated, monopoly communications networks and another that embraces the future being wrought by the competitive nature of IP communications. He noted that, while the FCC has thus far refused to choose one path or the other, consumers have overwhelming chosen the lightly regulated, competitive IP technologies of the future over the preference for monopoly the government chose in the past. Commissioner Pai has chosen to side with consumers by choosing the future – the path that protects consumers while making it clear that 20th Century economic regulation will not be imported into the IP-world. Continue reading →

In a recent blog post Scott Cleland endorses the Administration’s stance that the DMCA should be reformed to accommodate, as he puts it, “pro-competitive exceptions that consumers who have fully paid for the phone and fulfilled their legal and contractual obligations, of course should be able to use it with other carriers.” As he deftly explains,

In a nutshell, if one has honored one’s legal obligations to others, one should be free to unlock their phone/property because they indeed own the lock and the key. However if one has not honored one’s full-payment and legal obligations to others, one may have the phone in one’s possession, but one does not legally own the key to unlocking all the commercial value in the mobile device. Most everyone understands legally and morally that there is a huge difference between legally acquiring the key to unlock something of value and breaking into property without permission. The core cleave of this cellphone issue is just that simple.

I couldn’t have put it better myself. There is a key distinction to be drawn between two very different conceptions of “cellphone unlocking.”

Continue reading →

I just had a very respectful, reasoned, and, most importantly, informative conversation with Derek Khanna and CTIA on Twitter. It helps clarify a lot about the debate over cellphone unlocking, and I thought I’d share it with you after the jump.

The fact is that carriers today offer a [wide range of unlocked devices](http://blog.ctia.org/2013/03/04/unlocked-devices-2/) for sale, so you never have to worry about unlocking or breaking the law. In fact, almost all of the phones Verizon sells are always unlocked. And as far as I can tell, almost all carriers will unlock your phone, once you end your contract, if you just ask. This is all truly great for consumers.

So I don’t understand why carriers should be opposed to an unlocking DMCA exemption. (To be clear, I’m not aware of individual carriers taking positions on the matter, but their trade association did [file](http://www.copyright.gov/1201/2012/comments/Bruce_G._Joseph.pdf) in the most recent proceeding against the exemption.) It would be better if their customers didn’t have to ask for permission before unlocking a phone that happens to be locked—especially since carriers are willing to give that permission. And if unlocking is no big deal as long as you live up to your contractual obligations, I don’t understand why there should be limits on who can do the unlocking. Here is the exchange: Continue reading →

donny-walter

Conservatives and libertarians believe strongly in property rights and contracts. We also believe that businesses should compete on a level playing field without government tipping the scales for anyone. So, it should be clear that the principled position for conservatives and libertarians is to oppose the DMCA anti-circumvention provisions that arguably prohibit cell phone unlocking.

Indeed it’s no surprise that it is conservatives and libertarians—former RSC staffer Derek Khanna and Rep. Jason Chaffetz (R–Utah)—who are leading the charge to reform the laws.

In it’s response to the petition on cell phone unlocking, the White House got it right when it said: “[I]f you have paid for your mobile device, and aren’t bound by a service agreement or other obligation, you should be able to use it on another network.”

Let’s parse that.

Continue reading →

Joe Karaganis, vice president at The American Assembly at Columbia University, discusses the relationship between digital convergence and cultural production in the realm of online piracy.

Karaganis’s work at American Assembly arose from a frustration with the one-sided way in which industry research was framing the discourse around global copyright policy. He shares the results of Copy Culture in the US & Germany, a recent survey he helped conduct that distinguishes between attitudes towards piracy in the two countries. It found that nearly half of adults in the U.S. and Germany participate in a broad, informal “copy culture,” characterized by the copying, sharing, and downloading of music, movies, TV shows, and other digital media. And while citizens support laws against piracy, they don’t support outsized penalties.

Karaganis also discuses the new “six-strike” Copyright Alert System in the U.S., of which he is skeptical. He also talks about the politics of copyright reform and notes that there is a window of opportunity for the Republican Party to take up the issue before demography gives the advantage to the much younger Democratic Party. 

Download

Related Links

Over at Forbes we have a lengthy piece discussing “10 Reasons To Be More Optimistic About Broadband Than Susan Crawford Is.” Crawford has become the unofficial spokesman for a budding campaign to reshape broadband. She sees cable companies monopolizing broadband, charging too much, withholding content and keeping speeds low, all in order to suppress disruptive innovation — and argues for imposing 19th century common carriage regulation on the Internet. We begin (we expect to contribute much more to this discussion in the future) to explain both why her premises are erroneous and also why her proscription is faulty. Here’s a taste:

Things in the US today are better than Crawford claims. While Crawford claims that broadband is faster and cheaper in other developed countries, her statistics are convincingly disputed. She neglects to mention the significant subsidies used to build out those networks. Crawford’s model is Europe, but as Europeans acknowledge, “beyond 100 Mbps supply will be very difficult and expensive. Western Europe may be forced into a second fibre build out earlier than expected, or will find themselves within the slow lane in 3-5 years time.” And while “blazing fast” broadband might be important for some users, broadband speeds in the US are plenty fast enough to satisfy most users. Consumers are willing to pay for speed, but, apparently, have little interest in paying for the sort of speed Crawford deems essential. This isn’t surprising. As the LSE study cited above notes, “most new activities made possible by broadband are already possible with basic or fast broadband: higher speeds mainly allow the same things to happen faster or with higher quality, while the extra costs of providing higher speeds to everyone are very significant.”

Continue reading →

[Note: I later adapted this essay into a short book, which you can download for free here.]

Let’s talk about “permissionless innovation.” We all believe in it, right? Or do we? What does it really mean? How far are we willing to take it? What are its consequences? What is its opposite? How should we balance them?

What got me thinking about these questions was a recent essay over at The Umlaut by my Mercatus Center colleague Eli Dourado entitled, “‘Permissionless Innovation’ Offline as Well as On.” He opened by describing the notion of permissionless innovation as follows:

In Internet policy circles, one is frequently lectured about the wonders of “permissionless innovation,” that the Internet is a global platform on which college dropouts can try new, unorthodox methods without the need to secure authorization from anyone, and that this freedom to experiment has resulted in the flourishing of innovative online services that we have observed over the last decade.

Eli goes on to ask, “why it is that permissionless innovation should be restricted to the Internet. Can’t we have this kind of dynamism in the real world as well?”

That’s a great question, but let’s ponder an even more fundamental one: Does anyone really believe in the ideal of “permissionless innovation”? Is there anyone out there who makes a consistent case for permissionless innovation across the technological landscape, or is it the case that a fair degree of selective morality is at work here? That is, people love the idea of “permissionless innovation” until they find reasons to hate it — namely, when it somehow conflicts with certain values they hold dear. Continue reading →

Geordi

Yesterday I explained why I’m not too worried about Silicon Valley’s penchant for “solutionism,” which Evgeny Morozov tackles in his new book. Essentially I think that as long as we make decisions about which technologies to adopt via market processes, people will reject those applications that are stupid or bad. Today I want to explore one reason why I’m optimistic that, in the long run, the public will get the technology it wants, despite the perennial squeamishness of some intellectuals.

The problem some thinkers and pundits have with my sanguine let-a-thousand-flowers-bloom approach is that inevitably the public will embrace some technologies that the thinkers don’t like. The result is usually a lot of fretting and hand-wringing by public intellectuals about what the scary new technology will do to our brains or society. Eventually, activists take on the cause and try to use state power to limit the choices the rest of us can make—for our own good, rest assured.

Today it seems that the next technology to get this treatment will be life-logging and personal data mining, as I discussed in my last post. Squarely in the crosshairs right now is Google Glass.

In this CNN op-ed about Glass Andrew Keen waits only seven words before using the adjective “creepy”—the watchword of nervous nellies everywhere. His concern is that those wearing Google Glass will be spying on anyone in their line of sight. Mark Hurst expresses similar concerns in a widely circulated blog post that also frets about what happens when we’re all not just recording but also being recorded.

This time around, though, I think the worrywarts face an uphill battle. That’s because in the case of life-logging and personal data mining, the “creepy” parts of the technologies are one in the same with the technologies themselves. The “creepiness” is not a bug, it’s the feature, and it can’t be severed without destroying the technology.

Continue reading →

solutionism

In the New York Times today, Evgeny Morozov indicts the “solutionism” of Silicon Valley, which he defines as the “intellectual pathology that recognizes problems as problems based on just one criterion: whether they are ‘solvable’ with [technology].” This is the theme of his new book, To Save Everything, Click Here, which I’m looking forward to reading.

Morozov is absolutely right that there is a tendency among the geekerati to want to solve things that aren’t really problems, but I think he overestimates the effects this has on society. What are the examples of “solutionism” that he cites? They include:

  • LivesOn, a yet-to-launch service that promises to tweet from your account after you have died
  • Superhuman, another yet-to-launch service with no public description
  • Seesaw, an app that lets you poll friends for advice before making decisions
  • A notional contact lens product that would “make homeless people disappear from view” as you walk about

It should first be noted that three of these four products don’t yet exist, so they’re straw men. But let’s grant Morozov’s point, that the geeks are really cooking these things up. Does he really think that no one besides him sees how dumb these ideas are?

Continue reading →