Tag: microsoft

Google under Siege in the Corporate State

“Google is under siege in Washington like never before,” Politico reports.

In an interview with POLITICO, a Google spokesman argued that a cabal of antitrust lawyers, lobbyists and public relations firms is conspiring against the Internet search giant. The mastermind? Google says it’s Microsoft.

Maybe it’s irony, or maybe it’s payback.

In the 1990s, Microsoft was the tech industry wunderkind that got too big for its britches — and Google CEO Eric Schmidt, then an executive at Sun Microsystems and later Novell, helped knock the software titan down a peg by providing evidence in the government’s antitrust case against it… .

But there are also increasing calls from some Silicon Valley competitors and Washington-based public interest groups for the Justice Department to launch a sweeping antitrust probe of Google. The European Union and the state of Texas have reviews under way.

Google says its rivals are fueling the attacks.

You could have read it here first. In the November-December 2010 issue (pdf) of Cato Policy Report, Adam Thierer wrote, “The high-tech policy scene within the Beltway has become a cesspool of backstabbing politics, hypocritical policy positions, shameful PR tactics, and bloated lobbying budgets.” The telcos, the broadcasters, the wireless industry, the entertainment industry – they all want the federal government to crush their competitors. And, he said, “Everybody — and I do mean everybody — wants Google dead, right now. Google currently serves as the Great Satan in this drama — taking over the role Microsoft filled a decade ago — as just about everyone views it with a combination of envy and enmity.” But then:

Of course, in a sense, Google had it coming. The company has been the biggest cheerleader in the push to impose “Net neutrality” regulation on the Internet’s physical infrastructure providers, which would let the FCC toss property rights out the window and regulate broadband networks to their heart’s content.

Meanwhile, along with Skype and others, Google wants the FCC to impose “openness” mandates on wireless networks that would allow the agency to dictate terms of service. It’s no surprise, then, that the cable, telco, and wireless crowd are firing back and now hinting we need “search neutrality” to constrain the search giant’s growing market power. File it under “mutually assured destruction” for the Information Age.

Google had it coming in another sense, having joined the decade-long effort by myriad Silicon Valley actors to hobble Microsoft through incessant antitrust harassment.Google has hammered Microsoft in countless legal and political proceedings here and abroad.

Thierer also noted that you could have predicted all this by reading Cato publications a decade earlier, such as Cypress semiconductor CEO T. J. Rodgers’s 2000 manifesto, “Why Silicon Valley Should Not Normalize Relations with Washington, D.C.” (pdf). Or indeed Milton Friedman’s 1999 speech on “The Business Community’s Suicidal Impulse”: “You will rue the day when you called in the government. From now on the computer industry, which has been very fortunate in that it has been relatively free of government intrusion, will experience a continuous increase in government regulation.”

You (could have) read it here first.

Uh-oh: Here Comes Edu-Goliath!

The hard-nosed, content-at-all-cost folks at the Thomas B. Fordham Foundation have been warned, and warned, and warned some more: Get the national curriculum standards you think are so incredibly important, and they will almost certainly be captured by the pedagogical progressives who have dominated education for decades – and whose notions you disdain. Well, if what’s being reported by Common Core’s Lynne Munson – and reiterated in this lamentation for Massachusetts by the Pioneer Institute’s Jim Stergios – is accurate, that is already happening. (Actually, some prominent analysts have long said that the national standards – created by the Council of Chief State School Officers and National Governors Association – are already nothing the Fordhamites should embrace.) Writes Munson:

This is strange. P21 is being subsumed into CCSSO. There’s nothing to be read about this on either CCSSO’s or P21′s websites. But according to Fritzwire the two organizations have formed a “strategic management relationship” that will commence December 1.

So what is P21 –  the group cozying up with the standards-writing CCSSO – you ask? Let the Fordham Institute tell you:

The Partnership for 21st Century Skills (P21) has some powerful supporters, including the NEA, Cisco, Intel, and Microsoft. Fourteen states have also climbed aboard its effort to refocus American K-12 education on global awareness, media literacy and the like–and to defocus it on grammar, multiplication tables and the causes of the Civil War. Its swell-sounding yet damaging notions have been plenty influential–but the unmasking and truth-telling have begun, thanks in large part to a valiant little organization named Common Core. And new research validates this and other skeptics’ criticisms. Today the contest resembles David vs. Goliath–but remember who ultimately prevailed in that one.

Uh-oh. It might be time to end the biblical references – it looks more and more like Goliath is going to win.

What They Know Is Interesting—-But What Are You Going to Do About It?

The Wall Street Journal has stirred up a discussion of online privacy with its “What They Know” series of reports. These reports reveal again the existence and some workings of the information economy behind the Internet and World Wide Web. (All that content didn’t put itself there, y’know!)

The discussion centers around “tracking” of web users, particularly through the use of “cookies.” Cookies are little text files that web sites offer your browser when you visit. If your browser accepts the cookie, it will share the content of the text file back with that domain when you visit it a second time.

Often cookies have distinct strings of characters in them, so the site can recognize you. Sites use cookies to customize your experience. If you voted on a poll, for example, a cookie will cause the site to tell you how you voted. Cookies enable the “shopping cart” function in online stores.

Advertising networks use cookies to gather information about web surfers. Ads are embedded on the main sites people visit, just like the video above and the Amazon Kindle widget in the column on the right. They’re served by different servers than most of the content on the page. Embedded content acts as a sort of  ”third party” to the main transaction between web surfers and the sites they visit. Embedded content can offer cookies just like main sites do—they’re known as “third-party cookies.” 

A network that has ads on a lot of sites will recognize a browser (and by inference the person using it) when it goes to different web sites, enabling the ad network to get a sense of that person’s interests. Been on a site dealing with SUVs? You just might see an SUV ad as you continue to surf.

This is important to note: Most web sites and ad networks do not “sell” information about their users. In targeted online advertising, the business model is to sell space to advertisers—giving them access to people (“eyeballs”) based on their demographics and interests. It is not to sell individuals’ personal and contact info. Doing the latter would undercut the advertising business model and the profitability of the web sites carrying the advertising.

Some people don’t like this tracking. I think some feel it undignified to be a mere object of impersonal commerce (see Seger, Bob). Some worry that data about their interests will be used to discriminate wrongly against them, or to exclude them from information and opportunities they should enjoy. Excess customization of the web experience may stratify society, some believe. Tied to real identities, this data could fall into the hands of government and be used wrongly. These are all legitimate concerns, and I share some of them more, and some less, than others.

One I understand but dislike is the offense some people take at cookies for their “surreptitious” use. How many decades must cookies be integral to web browsing, and how many waves of public debate must their be about cookies before they lose their surreptitious cast? Cookies are just as surreptitious as photons and sound waves, which silently and invisibly carry data about you to anyone in the vicinity. We’d all be in a pretty tough spot without them.

Though cookies—and debate about their privacy consequences—have been around for a long time, many people don’t know even the basics I laid out above. They also don’t know that cookies are within the control of every web user.

As I testified to the Senate Commerce Committee last week, In the major browsers (Firefox and Internet Explorer), one must simply go to the “Tools” pull-down menu, select “Options,” then click on the “Privacy” tab to customize one’s cookie settings. In Firefox, one can decline to accept all third-party cookies, neutering the cookie-based data collection done by ad networks. In Internet Explorer, one can block all cookies, block all third-party cookies, or even choose to be prompted each time a cookie is offered.

Yes, new technologies make cookie control an imperfect protection against tracking, but that does not excuse consumers from the responsibility to exercise privacy self-help that will get at the bulk of the problem.

Some legislators, privacy advocates, and technologists want very badly to protect consumers, but much of what is called ”consumer protection” actually functions as an invitation for consumers to cede personal responsibility. People rise or fall to meet expectations, and consumer advocates who assume incompetence on the part of the public may have a hand in producing it, making consumers worse off. 

If a central authority such as Congress or the Federal Trade Commission were to decide for consumers how to deal with cookies, it would generalize wrongly about many, if not most, individuals’ interests, giving them the wrong mix of privacy and interactivity, for example. And it would leave consumers unprotected from threats beyond their jurisdiction (i.e. web tracking by sites outside the United States). Education is the hard way, and it is the only way, to get consumers’ privacy interests balanced with their other interests.

But perhaps this is a government vs. corporate passion play, with government as the privacy defender (… oh, nevermind). One article in the WSJ series has interacted with lasting anti-Microsoft sentiment to produce interpretations that business interests are working to undercut consumer privacy. Engineers working on a new version of Microsoft’s Internet Explorer browser thought they might set certain defaults to protect privacy better, but they were overruled when the business segments at Microsoft learned of the plan. Privacy “sabotage,” the Electronic Frontier Foundation called it. And a Wired news story says Microsoft “crippled” online privacy protections.

But if the engineers’ plan had won the day, an equal opposite reaction would have resulted when Microsoft “sabotaged” web interactivity and the advertising business model, “crippling” consumer access to free content. The new version of Microsoft’s browser maintained the status quo in cookie functionality, as does Google’s Chrome browser and Firefox, a product of non-profit privacy “saboteur” the Mozilla Foundation. The “business attacks privacy” story doesn’t wash.

This is not to say that businesses don’t want personal information—they do, so they can provide maximal service to their customers. But they are struggling to figure out how to serve all dimensions of consumer interest including the internally inconsistent consumer demand for privacy along with free content, custom web experiences, convenience, and so on.

Only one thing is certain here: Nobody knows how this is supposed to come out. Cookies and other tracking technologies will create legitimate concerns that weigh against the benefits they provide. Browser defaults may converge on something more privacy protective. (Apple’s Safari browser rejects third-party cookies unless users tell it to do otherwise.) Browser plug-ins will augment consumers’ power to control cookies and other tracking technologies. Consumers will get better accustomed to the information economy, and they will choose more articulately how they fit into it. 

What matters is that the conversation should continue. If you’ve read this far, you’re better equipped to participate in it, and to take responsibility for your own privacy.

Do so.

Some Thinking on “Cyber”

Last week, I had the opportunity to testify before the House Science Committee’s Subcommittee on Technology and Innovation on the topic of “cybersecurity.” I have been reluctant to opine on it because of its complexity, but I did issue a short piece a few months ago arguing against government-run cybersecurity. That piece was cited prominently in the White House’s “Cyberspace Policy Review” and – blamo! – I’m a cybersecurity expert.

Not really – but I have been forming some opinions at a high level of generality that are worth making available. They can be found in my testimony, but I’ll summarize them briefly here.

First, “cybersecurity” is a term so broad as to be meaningless. Yes, we are constructing a new “space” analogous to physical space using computers, networks, sensors, and data, but we can no more secure “cyberspace” in its entirety than we can secure planet Earth and the galaxy. Instead, we secure the discrete things that are important to us – houses, cars, buildings, power lines, roads, private information, money, and so on. And we secure these things in thousands of different ways. We should secure “cyberspace” the same way – thousands of different ways.

By “we,” of course, I don’t mean the collective. I mean that each owner or controller of a prized thing should look out for its security. It’s the responsibility of designers, builders, and owners of houses, for exmple, to ensure that they properly secure the goods kept inside. It’s the responsibility of individuals to secure the information they wish to keep private and the money they wish to keep. It is the responsibility of network operators to secure their networks, data holders to secure their data, and so on.

Second, “cyber” threats are being over-hyped by a variety of players in the public policy area. Invoking “cyberterrorism” or “cyberwar” is near-boilerplate in white papers addressing government cybersecurity policy, but there is very limited strategic logic to “cyberwarfare” (aside from attacking networks during actual war-time), and “cyberterrorism” is a near-impossibility. You’re not going to panic people – and that’s rather integral to terrorism – by knocking out the ATM network or some part of the power grid for a period of time.

(We weren’t short of careless discussions about defending against “cyber attack,” but L. Gordon Crovitz provided yet another example in yesterday’s Wall Street Journal. As Ben Friedman pointed out, Evgeny Morozov has the better of it in the most recent Boston Review.)

This is not to deny the importance of securing digital infrastructure; it’s to say that it’s serious, not scary. Precipitous government cybersecurity policies – especially to address threats that don’t even have a strategic logic – would waste our wealth, confound innovation, and threaten civil liberties and privacy.

In the cacophony over cybersecurity, an important policy seems to be getting lost: keeping true critical infrastructure offline. I noted Senator Jay Rockefeller’s (D-WV) awesomely silly comments about cybersecurity a few months ago. They were animated by the premise that all the good things in our society should be connected to the Internet or managed via the Internet. This is not true. Removing true critical infrastructure from the Internet takes care of the lion’s share of the cybersecurity problem.

Since 9/11, the country has suffered significant “critical-infrastructure inflation” as companies gravitate to the special treatments and emoluments government gives owners of “critical” stuff. If “criticality” is to be a dividing line for how assets are treated, it should be tightly construed: If the loss of an asset would immediately and proximately threaten life or health, that makes it critical. If danger would materialize over time, that’s not critical infrastructure – the owners need to get good at promptly repairing their stuff. And proximity is an important limitation, too: The loss of electric power could kill people in hospitals, for example, but ensuring backup power at hospitals can intervene and relieve us of treating the entire power grid as “critical infrastructure,” with all the expense and governmental bloat that would entail.

So how do we improve the state of cybersecurity? It’s widely believed that we are behind on it. Rather than figuring out how to do cybersecurity – which is impossible – I urged the committee to consider what policies or legal mechanisms might get these problems figured out.

I talked about a hierarchy of sorts. First, contract and contract liability. The government is a substantial purchaser of technology products and services – and highly knowledgeable thanks to entities like the National Institutes of Standards and Technology. Yes, I would like it to be a smaller purchaser of just about everything, but while it is a large market actor, it can drive standards and practices (like secure settings by default) into the marketplace that redound to the benefit of the cybersecurity ecology. The government could also form contracts that rely on contract liability – when products or services fail to serve the purposes for which they’re intended, including security – sellers would lose money. That would focus them as well.

A prominent report by a working group at the Center for Strategic and International Studies – co-chaired by one of my fellow panelists before the Science Committee last week, Scott Charney of Microsoft – argued strenuously for cybersecurity regulation.

But that begs the question of what regulation would say. Regulation is poorly suited to the process of discovering how to solve new problems amid changing technology and business practices.

There is some market failure in the cybersecurity area. Insecure technology can harm networks and users of networks, and these costs don’t accrue to the people selling or buying technology products. To get them to internalize these costs, I suggested tort liability rather than regulation. While courts discover the legal doctrines that unpack the myriad complex problems with litigating about technology products and services, they will force technology sellers and buyers to figure out how to prevent cyber-harms.

Government has a role in preventing people from harming each other, of course, and the common law could develop to meet “cyber” harms if it is left to its own devices. Tort litigation has been abused, and the established corporate sector prefers regulation because it is a stable environment for them, it helps them exclude competition, and they can use it to avoid liability for causing harm, making it easier to lag on security. Litigation isn’t preferable, and we don’t want lots of it – we just want the incentive structure tort liability creates.

As the distended policy issue it is, “cybersecurity” is ripe for shenanigans. Aggressive government agencies are looking to get regulatory authority over the Internet, computers, and software. Some of them wouldn’t mind getting to watch our Internet traffic, of course. Meanwhile, the corporate sector would like to use government to avoid the hot press of market competition, while shielding itself from liability for harms it may cause.

The government must secure its own assets and resources – that’s a given. Beyond that, not much good can come from government cybersecurity policy, except the occassional good, long blog post.

High-Tech Companies Warn White House about Tax Hike

As I warned in my “deferral” video, the president’s proposal to increase the tax burden on U.S. companies competing in global markets is horribly misguided. The White House has now been put on notice by high-tech executives that they will be compelled to move jobs out of America if this destructive policy is adopted.

Bloomberg reports:

Microsoft Corp. Chief Executive Officer Steven Ballmer said the world’s largest software company would move some employees offshore if Congress enacts President Barack Obama’s plans to impose higher taxes on U.S. companies’ foreign profits. “It makes U.S. jobs more expensive,” Ballmer said in an interview. “We’re better off taking lots of people and moving them out of the U.S. as opposed to keeping them inside the U.S.” 

…Ballmer is one of 10 U.S. software company executives pushing back against the tax proposals in meetings today with White House officials including Jason Furman, deputy director of the National Economic Council, and the heads of congressional committees such as House Ways and Means Committee Chairman Charles Rangel, a New York Democrat. …In a roundtable discussion today, Ballmer, Symantec Corp. Chairman John Thompson and the heads of smaller companies such as privately held Bentley Systems, an Exton, Pennsylvania-based maker of engineering software, said such policies would hurt domestic investment, reduce shareholder value and increase the cost of employing U.S. workers. …Ballmer said…fiduciary responsibility to shareholders would require Microsoft to cut costs, he said, meaning many jobs would be moved out of the country.

Hawaiians Don’t Wait for Government - Rebuild Road

The spirit of 1776 is alive and well in Kauai:

Their livelihood was being threatened, and they were tired of waiting for government help, so business owners and residents on Hawaii’s Kauai island pulled together and completed a $4 million repair job to a state park – for free.

“We can wait around for the state or federal government to make this move, or we can go out and do our part,” Slack said. “Just like everyone’s sitting around waiting for a stimulus check, we were waiting for this but decided we couldn’t wait anymore.”

It’s amazing what a little private initiative and economic incentive can do.  Contrast this story with that of a bridge being built to connect Microsoft campuses in Redmond, WA with federal “stimulus” money.