Congressmen working on national intelligence and homeland security either don’t know how to secure their own home Wi-Fi networks (it’s easy!) or don’t understand why they should bother. If you live outside the Beltway, you might think the response to this problem would be to redouble efforts to educate everyone about the importance of personal responsibility for data security, starting with Congressmen and their staffs. But of course those who live inside the Beltway know that the solution isn’t education or self-help but… you guessed it… to excoriate Google for spying on members of Congress (and bigger government, of course)!

Consumer Watchdog (which doesn’t actually claim any consumers as members) held a press conference this morning about their latest anti-Google stunt, announced last night on their “Inside Google” blog: CWD drove by five Congressmen’s houses in the DC area last week looking for unencrypted Wi-Fi networks. At Jane Harman’s (D-CA) home, they found two unencrypted networks named “Harmanmbr” and “harmantheater” that suggest the networks are Harman’s. So they sent Harman a letter demanding that she hold hearings on Google’s collection of Wi-Fi data, charging Google with “WiSpying.” This is a classic technopanic and the most craven, cynical kind of tech politics—dressed in the “consumer” mantle.

The Wi-Fi/Street View Controversy

Rewind to mid-May, when Google voluntarily disclosed that the cars it used to build a photographic library of what’s visible from public streets for Google Maps Street View had been unintentionally collecting small amounts of information from unencrypted Wi-Fi hotspots like Harman’s. These hotspots can be accessed by anyone who might drive or walk by with a Wi-Fi device—thus potentially exposing data sent over those networks between, say, a laptop in the kitchen, and the wireless router plugged into the cable modem.

Google’s Street View allows you to virtually walk down any public street and check out the neighborhood—making it easier to navigate to your intended destination, explore a neighborhood you might be thinking of moving to from out of town, point out potential maintenance or streetscape problems to your city, and any number of other wonderfully useful, totally benign things that you could do anyway if you just walked down the street with a camera or a notepad! CWD’s letter tries to outrage Harman by telling her: “Your home is on display for the entire Internet with just a few clicks of a computer mouse.” So what? It’s on display to anyone walking or driving down the street, too! If you don’t like that, put up a fence or landscaping to block the view—or move out of the suburbs to a more remote location!

The Street View cars that take these photos from cameras on their roofs were also equipped with Wi-Fi devices that, much like any Wi-Fi device, look for Wi-Fi hotspots within range. (Just look for “available networks” the next time you’re at a laptop and you’ll see what I mean). This isn’t part of some evil Google conspiracy to “track consumers in their homes,” as CWD alleges. Rather, building a map of wireless hotspots allows any consumer using, say, Google Maps to determine their location more accurately and quickly than would otherwise be possible: If my phone sees 6 hotspots nearby and Google can correlate that data with the pre-existing map of Wi-Fi networks generated by Street View cars, this helps Google Maps pinpoint my location—which make directions and other location-based services work better for me in the future.

But the Street View Wi-Fi software was accidentally misconfigured to capture all wireless data packets (chunks of data) they picked up as Street View cars drove by hotspots, regardless of whether those packets are data packets (potentially containing data sent by users over their home networks) or “beacon” packets that simply announce the presence of a network, and regardless of whether the packets were sent from an unsecured or secured network. The software was designed to discard any data packets from encrypted networks, but not from unsecured networks. Google claims this was an accident, and some security experts agree. Google has promised dispose of all of the data accidentally collected (beyond SSID names).

In early June, Google commissioned an independent analysis, which confirmed that the Wi-Fi software “does not analyze or parse the body of Data frames, which contain user content” and that such data frame bodies would be stored only if sent over an unencrypted wireless network but discarded if sent over an encrypted network. Translation: Google didn’t use any of the packet data it collected.

Some have suggested that Google  should have collected only the network naems (“SSIDs”) from the beacon packets, or perhaps no Wi-Fi data at all. But as cyber-security consultant Robert Graham explained in detail shortly after this story first broke, building an accurate network map with fast-moving vehicles requires collecting as many packets as possible. Again, the better the map, the greater the accuracy of Google’s location-based services for consumers.

Bottom line: Google made a mistake in failing to discard user data after collection but otherwise had good pro-consumer reasons for what it was doing. But why let the facts get in the way of a good PR hit-job? CWD just did essentially the same thing Google’s Street View cars did, driving by Harman’s house to look for unencrypted hotspots. But they went a step further, actually publishing the names of two networks at Harman’s home. If any company had published network names tied to street addresses, privacy advocates would have thrown a fit. But when Consumer Watchdog actually publishes such information… hey, it’s an expose!

And if you were wondering where Rep. Harman lives, you could start by looking her up in publicly available databases, like the Huffington Post’s campaign finance donation database (she’s not in the white pages, that other Orwellian data set few seem to care about). It’s all fine and well for the government to put our name, address and employer online every time we make a donation to a political candidate (along with the donation recipient and amount) because that’s “Transparency.” (Never mind the constitutionally protected right of non-profits like CWD to keep their donor lists private, while other groups like my own think tank voluntarily disclose such info.) But if Google puts up photos of what anyone can see from the street or attempts to map wireless networks to help us all get better, faster free location-based services with our mobile devices… well, that‘s an outrage!

Cyber-Security Begins at Home

Even more galling is that the Senate is rushing to pass legislation giving government sweeping new powers to protect our “national assets” in cyberspace. But cyber-security truly begins at home—with taking a few minutes to secure our own Wi-Fi networks, and then dealing with the hassle of having to remember the password every time we want to authorize a new device. If members of Congress can’t be expected to take responsibility for that, why should we trust them with responsibility over cyber-security on a national level?

This controversy should highlight the need for consumers—especially Congressmen and other government employees—to secure their home Wi-Fi hotspots. While most people who log onto unsecure Wi-Fi networks are perfectly harmless, failing to secure your network could lead to real harms like identity theft—or perhaps even the theft of sensitive data. But those problems aren’t caused by, or even made worse by, Google’s efforts to map Wi-Fi networks. So haranguing Google won’t fix the problem.

But was national security compromised, as CWD claims? Ms. Harman and other Congressmen do have to follow established security procedures, like using encrypted data cards, before accessing sensitive—and, certainly, classified—information. So it seems pretty unlikely that Google could actually have gotten access to any sensitive data even if they had wanted to. Again, their cars were driving by houses, picking up only very small amounts of data from unencrypted networks (unlike the dedicated hacker who might park out front and log data for hours). But if truly sensitive information can be picked up that easily, the Federal government really needs to get its own house—and its telecommuting employee’s houses—in order! If that means sending out a nerd who can set up secure Wi-Fi networks in the Congresswoman’s home (or just follow these simple instructions), that’s probably a smart expenditure of tax dollars.

But that’s the kind of serious discussion we should be having—instead continually looking to breathe new life into a contrived controversy with further innuendo and fear-mongering.

I spend a lot of my time as an Internet policy analyst railing against elitist suggestions that “ordinary” users are just too dumb to take care of themselves online, no matter how effectively technology empowers them to make decisions for themselves about the content they and their children consume, what data they allow to be shared about themselves on social networking sites or while browsing, etc. Indeed, Adam Thierer and I wrote a lengthy paper about What Unites Advocates of Speech Controls & Privacy Regulation? attacking such elitism when enforced by paternalist laws that assume everyone has the same values and that only the wise philosopher-kings of technology policy can possibly protect us all from our own stupidity.

But of course there are plenty of stupid people in the world, and they often do very stupid things—like walking on the side of a highway with just a few feet between a noise barrier and passing cars just because “Google Maps told you to do so!” That’s essentially what Lauren Rosenberg claims in her very stupid lawsuit against Google, after she was hit by a passing car following directions from the beta walking directions tool in Google Maps—and despite the warning Google provided. Danny Sullivan tells the full story at SearchEngine Land, complete with photos that should have caused any reasonably prudent person to think, “Hey, what a minute, maybe that warning label I saw telling me the suggested route might lack sidewalks or pedestrian paths was actually there for a reason!”

Rosenberg seeks several hundred thousand dollars in damages from Harwood (the driver who hit her) and Google, asserting Google was negligent and failed to adequately warn her. The key policy issue this case raises is the same as in many, many aspects of Internet policy: How much disclosure is enough? As clearly shown by the photos in Danny’s post, Google did warn Rosenberg; so the real danger in this case is that the courts (or lawmakers in the future) could set ever-higher standards for increasingly obnoxious warning labels on websites than they would provide on their own. This reminds me of my all-time favorite warning label (on a collapsible baby stroller): “REMOVE BABY BEFORE FOLDING!” (A contest for similarly inane real-life warnings can be found here.)

We laugh about such warning labels in the offline world as examples of a tort system gone awry. It’s costly for manufacturers to label everything and consumers ultimately bear that economic cost, as well as the cost of having to peel/cut extra labels off new products. But on the Internet, unnecessary and gratuitously large or obnoxiously visible (bright, flashing, etc.) labels are far more pernicious because they interfere directly with our use of the product, as they consume a certain percentage of the space available on web pages. This trade-off is particularly acute in the mobile environment.

So I’m going to go out on a limb and predict that, within the next, say, five years, as more and more of our activities are based on information we receive online (like choosing a walking path based on Google Maps directions), we’re going to see lots more of this kind of stupid lawsuit. And with that growing pressure for remove-baby-before-folding-type labels, we’ll hear more of the same outcry for a revival of common sense, but also pressure from the Internet service crowd for some kind of “digital tort reform” to ensure that stupid lawsuits settled in plaintiff-friendly jurisdictions don’t end up driving especially smaller Internet site and service operators out of business with outrageous tort settlements—or equally burdensome warning label requirements.

Remember the infamous $2.86 million judgment awarded to woman who made the very stupid decision to put a copy of freshly brewed coffee between her legs in a car seat in the 1994 case of Liebeck v. McDonald’s Restaurants ? Yes, it’s true that some people may forget that coffee is HOT! but we don’t expect every person serving coffee to repeat the same 5-minute warning about the dangers of hot liquid to pelvic regions every time a cup’a joe is served. Nor do we replace all plastic-lidded paper coffee mugs with spill-resistent, gyroscopically-stabilized (think Segway) insulated sippy cups—despite the theoretical possibility that such unspillable cups could be designed and prevent all coffee spills, thus sparing Americans the agony of that many groinburns.

No, instead of infantilizing Americans by mandating sippy-cups, we expect people to act like adults and make smart decisions for themselves—even though they sometimes make astonishingly stupid decisions. No amount of precaution will ever prevent all injuries. At some point, consumers have to be expected to make smart decisions for themselves.

One might think that the tort system will, despite occasionally silly suits like this one, play a positive role in reminding Internet service providers to—as Google actually did in this case—label their products appropriately, and that in the long-term the right balance will be struck between degrading the user experience and the legitimate need to warn users about real risks so they have the information they need to make smart decisions (especially when the dangers are less obvious than the highway Rosenberg chose to walk on). After all, when was the last time a warning label in Meatspace actually seriously interfered with your use of a product?

Even though Microsoft clearly overshot the mark in the warning label/UI balance with Windows Vista, which drove many users nuts with constant pop-ups,  Windows 7 has struck a much better balance. Cause for optimism on warning labels? Actually, if that example proves anything, it’s that software makers will sometimes err but generally iterate towards better outcomes in the absence of legal pressure. The problem is that, when government gets involved, either through the courts, or regulation, or through theatrical grandstanding by policymakers from their bully pulpit, that healthy dynamic of innovation driven by user demands and reputational forces goes right out the window. That’s particularly likely to happen given the tendency towards techno-panics concerning use of new technologies, especially online.

So, instead, I fear we’re likely to see a growing tendency to stupid warning labels driven by stupid lawsuits and the stupid hysteria they create. That tendency, driven by the tort system, will only be amplified by federal and state policymakers’ newfound nudgeiness—the desire to get us all to make the “right” decisions through subtle governmental tinkering to the “choice architecture” of our daily lives. As Seinfeld‘s Frank Costanza would say: “Serenity now!“

Regular readers will know that Adam and I have been waging a lonely defensive action in the war on “Free!” (ad-supported) content and services online, pointing out that restrictions on data collection and use for advertising would ultimately hurt consumers by reducing funding for the sites they love (1, 2, 3, 4). In short, there is no free lunch! I’ve also written a number of posts this past week about the dangers inherent in antitrust regulation—arguing that government efforts to make online markets more competitive through antitrust tinkering generally do more harm than good (1, 2, 3).

These two debates have long shared a common thread: Some have argued that effects on privacy should become a part of antitrust analysis and those who consider Google to be “Big Brother” want Washington both to clamp down on data use (“baseline privacy legislation”) and to ramp up antitrust scrutiny of the company.

But a French company has opened a much more direct front in the War on “Free.” Bottin Cartographes has sued Google for unfair competition (concurrence déloyale—literally, disloyal competition) and abuse of its market dominance. The case is a little more complicated than English language reports suggest: It’s not just that Google is giving away a product (Google Maps) that Bottin charges, or wanted to charge, for.  Like Google, Bottin charges enterprise users. But Bottin complains that Google doesn’t show ads on the public version of Google Maps. (Neither does Bottin, but maybe that’s part of why they’re upset.) Bottin’s lawyer claims that Google’s “strategy is to capture the market and squeeze out the competition by creating a monopoly for itself.” He goes on to assert that Google is “ruining the market” for mapping services.

Bottin seeks half a million Euros (plus interest) in damages, but their lawyer insists: “It’s not a question of money. Either Google puts advertising on Google Maps or the company must be forced to pay damages and abide by the terms of fair competition.”  The hearing is set for October 16.

This argument, crazy as it sounds, is one Google is likely going to have to fend off repeatedly in the coming years—and not just in Europe, where “unfair competition” is still very much about protecting competitors rather than consumers. Chris Anderson, author of the new book Free, recently addressed this very issue. Anderson’s book describes multiple ways of supporting “Free” content and services.

This use of Free is part of [Google’s] “max strategy” — it uses Free to get its products in the hands of the greatest number of users, and then figures out some way to get money from them (mostly with ads, but sometimes with “pro” versions of the services, in which users can pay for more storage or features, using the “freemium” business model).

Google does, indeed, charge for an Enterprise version of Google Maps, while giving away the basic version for free with no ads. Anderson puts his finger on why this might seem problematic to some:

Google can give away so much because the incremental cost of serving one more Web page to one more user is almost nothing — and falling as technology gets cheaper. This is the difference between the “bits economy” and the “atoms economy.” The marginal cost of production for digital things is so low that Free becomes not just a marketing gimmick but the default price in most markets, driven by economic forces as real online as gravity is in the real world.

But companies still have to make money, so there are limits to how much they can provide free. Not a problem for Google. Its core advertising business is so powerful, dominant and profitable that it can subsidize almost everything else the company does, using Free to get customers in new markets.

Is that fair, when so many of its competitors don’t have a similar golden goose at the core of their operations?

In response, Google’s Dana Wagner pointed out that

1. “almost no one believes that Google would or could start charging exorbitant prices for products like search and Gmail”—for the very same reasons that everyone else gives these services away:  It’s very difficult to charge anything for digital goods and services whose marginal cost is effectively zero.
2. “competition laws are concerned with what’s best for consumers, not for competing companies, and there’s little doubt that from a consumer perspective, free products are usually a great thing.”

In the French case, what would really be best for consumers? Why should freemium be considered unfair competition? Why should anyone be required to charge all users for a service, or show ads, if they can find a way to make money by getting some users to pay? If Bottin can’t compete with its own Freemium model, too bad! (Maybe they could team up with has-been Mapquest?)

And even if Google weren’t charging anyone for Google Maps and really were just cross-subsidizing it from other revenues, why would that be bad? This may well be what’s going on right now with Google Docs, which has no ads ads and isn’t upsold in a Freemium model. As Anderson said of Google Docs:

Microsoft, meanwhile, is doing just the opposite: using the profits from its dominance of word processors and spreadsheets (Microsoft Office) to subsidize its competition with Google in search (Microsoft Bing). In each case, the companies are using a highly profitable paid product to make another product free, on the hopes of gaining market share by taking price off the table.

Dana’s reply is dead-on:

Rather than exemplifying a competitive problem, Chris’s example makes the point that in fact there is robust competition, between two companies pursuing similar strategies to win over users from each other. That’s competition in action!

The same could be said of Google Earth and Microsoft’s Virtual Earth, neither of which is ad-supported or upsold, as well as many of the free services Google offers, such as Goog-411, Google Desktop and Google Scholar. Maybe Google will figure out a way to make money from these services directly. But even if it doesn’t, as Ryan has asked, what’s the harm to consumers?

Vive la Free!

Congress has very wisely cancelled the National Reconnaissance Office’s proposed Broad Area Space-Based Imagery Collection (BASIC) satellite system. The proposal to build two new imaging satellites at a cost to taxpayers of $1.7 billion would have represented a major break from what is possibly the U.S. government’s most successful effort to promote space commercialization to date: buying the imagery it needs from commercial providers, who can also sell imagery to other buyers.

Five years ago, the idea that Internet users could pull up a satellite image of just about any location on the planet at a whim would have seemed ludicrous. Yet that’s precisely what websites like Google Maps and Microsoft’s Live Search offer today—for free! Desktop applications like Microsoft’s Virtual Earth and Google Earth offer even more advanced geospatial tools—again, for free. But of course this library of incredibly rich imagery didn’t just “fall out of the sky,” as they say. It was collected by a handful of expensive commercial remote sensing satellites whose construction was made possible by the National Geospatial-Intelligence Agency‘s (Wikipedia) extraordinarily successful “Nextview” program implemented under the Commercial Remote Sensing Policy of 2003.  Rather than having the Federal government build its own satellites—and pay for the entire cost of the satatellites—the NGA very wisely chose to buy imagery from commercial providers in two ~$500 million, 4-year contracts with U.S. satellite imagery companies:  DigitalGlobe in 2003 and OrbImage (now GeoEye) in 2004.  

These long-term purchase agreements essentially made the U.S. Government the “anchor tenant” in a new class of remote sensing satellites, providing the initial funding for both companies to build and operate their satellites. But because the companies sell roughly half of imagery to foreign governments and commercial buyers like Google and Microsoft, these deals have saved U.S taxpayers money for the purchase of imagery for a wide variety of needs, ranging from agricultural monitoring to military intelligence. At the same time, the Nextview contracts have given birth to a vibrant geospatial industry whose immediate benefits should be obvious to anyone who’s ever pulled up a satellite map online and whose macroeconomic impact is potentially enormous. 

So why mess with success?  If the U.S. Government thinks it needs more satellite imagery, why not simply award another long-term purchase agreement to a commercial provider? Besides reducing the burden on the taxpayers, continuing the NextView approach would support the construction of a new generation of commercial satellites like GeoEye-1, which was launched just last month, and DigitalGlobe’s WorldView-1, launched last year.  Rather than rolling back NextView in favor of building its own systems, the U.S. Government should be looking for other space services it can buy on a commercial basis as a way of building industries rather than programs, ranging from sending crew & cargo to the International Space Station to communications and navigation services for NASA’s planned Return to the Moon.

Rather than giving up on the NextView approach in the area where it has already produced spectacular results, the U.S. government should be looking for other areas in which to apply the NextView model by buying space services from commercial providers.

Full disclosure: I was proud to handle FCC matters for GeoEye while practicing law at Latham & Watkins LLP. I currently have no greater personal interest in their success than should any American who wants to see the private sector succeed where the government has failed in opening up the space frontier to all mankind.