Tag: google

What Was That Ronald Reagan Line Again?

The Washington Post editorializes this morning on the “Google-Verizon” proposal for government regulation of the Internet:

For more than a decade, “net neutrality” — a commitment not to discriminate in the transmission of Internet content — has been a rule tacitly understood by Internet users and providers alike.

But in April, a court ruled that the Federal Communications Commission has no regulatory authority over Internet service providers. For many, this put the status quo in jeopardy. Without the threat of enforcement, might service providers start shaping the flow of traffic in ways that threaten the online meritocracy, in which new and established Web sites are equally accessible and sites rise or fall on the basis of their ability to attract viewers?

What a Washington-centric view of the world, to think that net neutrality has been maintained all this time by the fear of an FCC clubbing. Deviations from net neutrality haven’t happened because neutrality is the best, most durable engineering principle for the Internet, and because neutral is the way consumers want their Internet service.

Should it be cast in stone by regulation, locking in the pro-Google-and-Verizon status quo? No. The way the Internet works should continue to evolve, experiments with non-neutrality failing one after another … until perhaps one comes along that serves consumers better! The FCC would be nothing but a drag on innovation and a bulwark protecting Google and Verizon’s currently happy competitive circumstances.

I’ll give the Post one thing: It represents Washington, D.C. eminently well. The Internet should be regulated because it’s not regulated.

“If it moves, tax it. If it keeps moving, regulate it. And if it stops moving, subsidize it.”

Net Neutrality and Unintended Consequences

Google and Verizon’s proposed framework for net neutrality regulation has provoked cries of protest from advocates of aggressive regulation at places like Free Press and Public Knowledge. Some of the loudest objections have concerned the distinction between the “public Internet,” which (at least for wireline broadband) would be subject to neutrality requirements, and vaguely defined “differentiated” or “managed” services—presumably things like IPTV or digital telephone service—which would not. This, according to the pro-regulation camp, would amount to a massive loophole that defeats the purpose of imposing neutrality rules. As Public Knowledge writes in their press release:

Thus, it is conceivable under the agreement that a network provider could devote 90% of its broadband capacity to these priority services and 10% to the best efforts Internet. If managed services are allowed to cannibalize the best efforts Internet, whatever protections are agreed to for the latter become, for all intents and purposes, meaningless.

This may be right. But if so, it sounds like a reason to be chary of the whole regulatory project. Neutrality or no neutrality, after all, there are a variety of ways to get digital content from producers to subscribers. Traditionally, the cable running to your home comprised separate dedicated channels for cable TV and broadband Internet traffic—though the trend now is toward a more efficient model where the TV content is also delivered as packet-switched data. If you’d rather watch Jersey Shore from the Jersey Shore, you can stream your video to a mobile device like a tablet or smartphone via Internet, but that’s hardly the only way to get your Snooki fix: There’s also, for instance, Digitial Video Broadcasting Satellite to Handheld (DVB-SH) or Qualcomm’s MediaFLO operating on their own dedicated frequencies.  Imposing neutrality rules on wireless broadband (as the Google/Verizon proposal would not – again, to the dismay of regulation fans) shouldn’t affect these services.

My concern, then, is that if neutrality rules foreclose the possibility of cross-subsidy from the providers of subscription-based video streaming or VoIP services, these alternatives become more attractive. Maybe Netflix or Hulu Plus want to be able to offer a deal where your subscription price includes priority delivery of their packets to your smartphone or tablet, making non-WiFi video streaming feasible even if you haven’t sprung for that kind of top-shelf bandwidth for all your wireless data. If neutrality regulation forbids that kind of deal, even with respect to these kinds of “managed services,” one possible effect is to skew investment away from building out next-gen IP networks and toward these kinds of niche services, which strikes me as inefficient. Indeed, it’s precisely the effect Public Knowledge seems to fear, and there’s no obvious reason to suppose that it’s going to be a big problem within IP-based broadband services, but not affect the choice between alternative modes of digital content delivery.

I should close with the caveat that I haven’t looked very closely at the economics here, so while I think the effect I’ve just sketched is theoretically plausible enough, I couldn’t say with any confidence how significant it’s going to be in practice. That said, given that the case for neutrality regulation seems to rest on a smattering of genuine cases of bad behavior by providers and a whole lot of dire speculation about consumer-unfriendly practices that might emerge, I’ll permit myself a little extra latitude to deal in hypotheticals.

What They Know Is Interesting—-But What Are You Going to Do About It?

The Wall Street Journal has stirred up a discussion of online privacy with its “What They Know” series of reports. These reports reveal again the existence and some workings of the information economy behind the Internet and World Wide Web. (All that content didn’t put itself there, y’know!)

The discussion centers around “tracking” of web users, particularly through the use of “cookies.” Cookies are little text files that web sites offer your browser when you visit. If your browser accepts the cookie, it will share the content of the text file back with that domain when you visit it a second time.

Often cookies have distinct strings of characters in them, so the site can recognize you. Sites use cookies to customize your experience. If you voted on a poll, for example, a cookie will cause the site to tell you how you voted. Cookies enable the “shopping cart” function in online stores.

Advertising networks use cookies to gather information about web surfers. Ads are embedded on the main sites people visit, just like the video above and the Amazon Kindle widget in the column on the right. They’re served by different servers than most of the content on the page. Embedded content acts as a sort of  ”third party” to the main transaction between web surfers and the sites they visit. Embedded content can offer cookies just like main sites do—they’re known as “third-party cookies.” 

A network that has ads on a lot of sites will recognize a browser (and by inference the person using it) when it goes to different web sites, enabling the ad network to get a sense of that person’s interests. Been on a site dealing with SUVs? You just might see an SUV ad as you continue to surf.

This is important to note: Most web sites and ad networks do not “sell” information about their users. In targeted online advertising, the business model is to sell space to advertisers—giving them access to people (“eyeballs”) based on their demographics and interests. It is not to sell individuals’ personal and contact info. Doing the latter would undercut the advertising business model and the profitability of the web sites carrying the advertising.

Some people don’t like this tracking. I think some feel it undignified to be a mere object of impersonal commerce (see Seger, Bob). Some worry that data about their interests will be used to discriminate wrongly against them, or to exclude them from information and opportunities they should enjoy. Excess customization of the web experience may stratify society, some believe. Tied to real identities, this data could fall into the hands of government and be used wrongly. These are all legitimate concerns, and I share some of them more, and some less, than others.

One I understand but dislike is the offense some people take at cookies for their “surreptitious” use. How many decades must cookies be integral to web browsing, and how many waves of public debate must their be about cookies before they lose their surreptitious cast? Cookies are just as surreptitious as photons and sound waves, which silently and invisibly carry data about you to anyone in the vicinity. We’d all be in a pretty tough spot without them.

Though cookies—and debate about their privacy consequences—have been around for a long time, many people don’t know even the basics I laid out above. They also don’t know that cookies are within the control of every web user.

As I testified to the Senate Commerce Committee last week, In the major browsers (Firefox and Internet Explorer), one must simply go to the “Tools” pull-down menu, select “Options,” then click on the “Privacy” tab to customize one’s cookie settings. In Firefox, one can decline to accept all third-party cookies, neutering the cookie-based data collection done by ad networks. In Internet Explorer, one can block all cookies, block all third-party cookies, or even choose to be prompted each time a cookie is offered.

Yes, new technologies make cookie control an imperfect protection against tracking, but that does not excuse consumers from the responsibility to exercise privacy self-help that will get at the bulk of the problem.

Some legislators, privacy advocates, and technologists want very badly to protect consumers, but much of what is called ”consumer protection” actually functions as an invitation for consumers to cede personal responsibility. People rise or fall to meet expectations, and consumer advocates who assume incompetence on the part of the public may have a hand in producing it, making consumers worse off. 

If a central authority such as Congress or the Federal Trade Commission were to decide for consumers how to deal with cookies, it would generalize wrongly about many, if not most, individuals’ interests, giving them the wrong mix of privacy and interactivity, for example. And it would leave consumers unprotected from threats beyond their jurisdiction (i.e. web tracking by sites outside the United States). Education is the hard way, and it is the only way, to get consumers’ privacy interests balanced with their other interests.

But perhaps this is a government vs. corporate passion play, with government as the privacy defender (… oh, nevermind). One article in the WSJ series has interacted with lasting anti-Microsoft sentiment to produce interpretations that business interests are working to undercut consumer privacy. Engineers working on a new version of Microsoft’s Internet Explorer browser thought they might set certain defaults to protect privacy better, but they were overruled when the business segments at Microsoft learned of the plan. Privacy “sabotage,” the Electronic Frontier Foundation called it. And a Wired news story says Microsoft “crippled” online privacy protections.

But if the engineers’ plan had won the day, an equal opposite reaction would have resulted when Microsoft “sabotaged” web interactivity and the advertising business model, “crippling” consumer access to free content. The new version of Microsoft’s browser maintained the status quo in cookie functionality, as does Google’s Chrome browser and Firefox, a product of non-profit privacy “saboteur” the Mozilla Foundation. The “business attacks privacy” story doesn’t wash.

This is not to say that businesses don’t want personal information—they do, so they can provide maximal service to their customers. But they are struggling to figure out how to serve all dimensions of consumer interest including the internally inconsistent consumer demand for privacy along with free content, custom web experiences, convenience, and so on.

Only one thing is certain here: Nobody knows how this is supposed to come out. Cookies and other tracking technologies will create legitimate concerns that weigh against the benefits they provide. Browser defaults may converge on something more privacy protective. (Apple’s Safari browser rejects third-party cookies unless users tell it to do otherwise.) Browser plug-ins will augment consumers’ power to control cookies and other tracking technologies. Consumers will get better accustomed to the information economy, and they will choose more articulately how they fit into it. 

What matters is that the conversation should continue. If you’ve read this far, you’re better equipped to participate in it, and to take responsibility for your own privacy.

Do so.

Consumer Watchdog Gets Creepy

When I know I’m going to write something more technical and detailed, I generally switch over to writing on the TechLiberationFront blog, which has a lovable propeller-head audience (and authors). 

If you don’t mind wading through semi-technical talk of radio waves and encryption, you might enjoy the TLF post, “Consumer Watchdog Gets Creepy With Congress Trying to Make its ‘WiSpying’ Case.”

In its misleading and over-the-top effort to highlight corporate wrongdoing, Consumer Watchdog—a California corporation that reported over $3 million in 2008 revenue—arguably did more to invade privacy than the object of its attack.

How Much Government Snooping? Google It Up!

The secrecy surrounding government surveillance is a constant source of frustration to privacy activists and scholars: It’s hard to have a serious discussion about policy when it’s like pulling teeth to get the most elementary statistics about the scope of state information gathering, let alone any more detailed information. Even when reporting is statutorily required, government agencies tend to drag their heels making statistics available to Congress – and it can take even longer to make the information more widely accessible. Phone and Internet companies, even when they join the fight against excessive demands for information, are typically just as reluctant to talk publicly about just how much of their customers’ information they’re required to disclose. That’s why I’m so pleased at the news that Google has launched their Government Requests transparency tool.  It shows a global map on which users can see how many governmental demands for user information or content removal have been made to Google’s ever-growing empire of sites – now including Blogger, YouTube, and Gmail – starting with the last six months.

So far, the information up there is both somewhat limited and lacking context.  For instance, it might seem odd that Brazil tops the list of governmental information hounds until you bear in mind that Google’s Orkut social network, while little-used by Americans, is the Brazilian equivalent of Facebook.

There are also huge gaps in the data: The United States comes in second with 3,580 requests from law enforcement at all levels, but that doesn’t include intelligence requests, so National Security Letters (tens of thousands of which are issued every year) and FISA warrants or “metadata” orders (which dwarf ordinary federal wiretaps in number) aren’t part of the tally. And since China considers all such government information requests to be state secrets – whether for criminal or intelligence investigations – no data from the People’s Republic is included.

Neither is there any detail about the requests they have counted – how many are demands for basic subscriber information, how many for communications metadata, and how many for actual e-mail or chat contents. The data on censorship is similarly limited: They’re counting governmental but not civil requests, such as takedown notices under the Digital Millennium Copyright Act.

For all those limits – and the company will be striving to provide some more detail, within the limits of the law – this is a great step toward bringing vital transparency to the shadowy world of government surveillance, and some nourishment to the data-starved wretches who seek to study it. We cannot have a meaningful conversation about whether censorship or invasion of privacy in the name of security have gone too far if we do not know, at a minimum, what the government is doing. So, for a bit of perspective, we know that U.S. courts reported a combined total of 1,793 (criminal, not intel) wiretaps sought by both federal and state authorities. Almost none of these (less than 1 percent) were for electronic interception.

This may sound surprising, unless you keep in mind that federal law establishes a very high standard for the “live” interception of communications over a wire, but makes it substantially easier – under some circumstances rather terrifyingly easy – to get stored communications records. So there’s very little reason for police to jump through all the hoops imposed on wiretap orders when they want to read a target’s e-mails.

If and when Google were to break down that information about requests – to show how many were “full content” as opposed to metadata requests – we would begin to have a far more accurate picture of the true scope of governmental spying. Should other major players like Yahoo and Facebook be inspired to follow Google’s admirable lead here, it would be better still.  Already, though, that one data point from a single company – showing more than twice as many data requests as the total number of phone wiretaps reported for the entire country – suggests that there is vastly more actual surveillance going on than one might infer from official wiretap numbers.

Consumers in the Driver’s Seat—-Oh, the Humanity!

Yesterday the D.C. Circuit ruled that Congress hadn’t given the Federal Communications Commission power to regulate the Internet and the FCC couldn’t bootstrap that power from other authority. It was a rare but welcome affirmation that the rule of law might actually pertain in the regulatory area.

But the Open Internet Coalition put out a release containing threat exaggeration to make Dick Cheney blush:

“Today’s DC Circuit decision … creates a dangerous situation, one where the health and openness of broadband Internet is being held hostage by the behavior of the major telco and cable providers.”

That’s right. It’s a hostage-taking when consumers and businesses—and not government—hammer out the terms and conditions of Internet access. Inferentially, the organization representing Google, Facebook, eBay, and Twitter believes that Internet users are too stupid and supine to choose the Internet service they want.

What these content companies are really after, of course, is government support in their tug-of-war with the companies that transport Internet content. It’s hard to know which produces the value of the Internet and which should gain the lion’s share of the rewards. Let the market—not lobbying—decide what reward content and transport deserve for their roles in the Internet ecosystem.

As I said of the Open Internet Coalition’s membership on a saltier, but still relentlessly charming, day: “[T]hese companies are losing their way. The leadership of these companies should fire their government relations staffs, disband their contrived advocacy organization, and get back to innovating and competing.”