Topic: Telecom, Internet & Information Policy

Bill Gates’s Flip-Flop

In today’s New York Times, I make the case against software patents, comparing a 1991 memo by Bill Gates to today’s battle between Verizon and Vonage:

[Microsoft general counsel Brad] Smith has argued that patents are essential to technological breakthroughs in software. Microsoft sang a very different tune in 1991. In a memo to his senior executives, Bill Gates wrote, “If people had understood how patents would be granted when most of today’s ideas were invented, and had taken out patents, the industry would be at a complete standstill today.” Mr. Gates worried that “some large company will patent some obvious thing” and use the patent to “take as much of our profits as they want….”

It’s not surprising that Microsoft — now an entrenched incumbent — has had a change of heart. But Mr. Gates was right in 1991: patents are bad for the software industry. Nothing illustrates that better than the conflict between Verizon and Vonage.

Vonage developed one of the first Internet telephone services and has attracted more than two million customers. But last year, Verizon — one of Vonage’s biggest competitors — sued for patent infringement and won a verdict in its favor in March.

The Times has strict word-count limits, so I didn’t have the space to discuss some of the details of my argument. Here is an in-depth analysis of Verizon’s patents. And here is a longer discussion of Microsoft’s change of heart on software patents.

REAL ID Proponents Miss Yet Another Chance

Writing in National Review Online, the Heritage Foundation’s James Jay Carafano argues that Democrats are killing the REAL ID Act (oh, and that the administration and Senate Republicans aren’t supporting it either). This apparently is a reason to oppose comprehensive immigration law reform. Notably, Carafano passes up yet another opportunity to tell us how REAL ID would add to our nation’s protections.

In my spoken testimony to the Senate Judiciary Committee’s hearing on REAL ID (written testimony here), I characterized the two schools of thought among supporters of REAL ID: the “Just Do It” school and the “Do-Overs” school.

Carafano is from Just Do It. Not engaging on the question whether REAL ID would actually add to our protections, he just implores for its implementation. He never explains exactly how REAL ID would secure us, or why counter-measures wouldn’t lay its alleged benefits to waste. Just Do It doesn’t even attempt making the affirmative case for spending $17 billion undermining our privacy through REAL ID.

The Do-Overs school is epitomized by consultant Janice Kephart, a terror profiteer of sorts, who is cashing in on having been a 9/11 Commission staffer. The Do-Overs school at least argues that REAL ID provides security, but somewhat fantastically.

Among their arguments: If we just had REAL ID back in 2001, maybe the fact that one or two of the 9/11 terrorists had overstayed their visas would have prevented them using a driver’s license at the airport, and they would have had to use a passport, and this would have created suspicion that there was an attack of some kind underway, and the plot would have been broken up.

Evidently, hindsight isn’t always 20/20. Had REAL ID been in place, the 9/11 attackers would have figured out that they should stay current on their visas. Had they not, using Saudi passports at the airport, they would have created no suspicion. Remember - this was before 9/11.

Another chance has passed for REAL ID proponents to make the case for its security benefit.

Rumors that the UK Will Abandon National ID

Via SecureID News, politics.co.uk reports on speculation that incoming Prime Minister Gordon Brown will abandon the UK’s national identification card scheme.

Back-handed encouragement for that has come in an open letter to Brown from Conservative shadow home secretary David Davis:

As chancellor you already bear responsibility for the £58 million of taxpayers money wasted on this expensive white elephant… .Experts in the field warn that, far from making us more secure, ID cards risk making us less safe. By clustering a mass of personal information in one place, ID cards will make us a prize target for hackers, fraudsters and terrorists.

Almost a year ago, the Sunday Times reported on leaked emails showing that the UK national ID scheme is in collapse. Much like the U.S. scheme is now.

Phil Bond Doesn’t Understand Security

Here’s an interesting Washington Technology article on the security issues that would be created by implementing the REAL ID Act. Complying with the law would require states to create huge, nationally accessible databases of information about all licensed drivers and ID card-holders. Computer security guru Bruce Schneier, chief technology officer at BT Counterpane Internet Security, is quoted, saying “Computer scientists don’t know how to keep a database of this magnitude secure.”

The really striking quote from the article, though, goes to a different kind of security: security against terrorist attacks. Information Technology Association president Phil Bond is quoted in a statement on the REAL ID Act:

“Today’s system is the system that helped to bring us the terrorist attacks of Sept. 11, 2001,” said Phil Bond, ITAA president, in the statement. “We know the problem, and we have the technology to fix it.”

How many different ways has Bond gotten security wrong? I can’t list them all, but …

The first is the implied causal relationship between our present-day ID card system and terror attacks. There are many causes of terrorism and terrorist attacks - Ron Paul recently stirred the Republican pot by suggesting they include an interventionist foreign policy. To respond to the literal import of Bond’s statement: the ID system in our country did not cause weak groups elsewhere to adopt the strategy of terrorism. Our current ID and licensing system did not “bring us” the terrorist attacks of September 11, 2001.

But Bond was making purposeful use of inaccurate language. His implication is that the current driver licensing system is so lacking in security measures that it can be treated as an equivalent to a real cause of terrorist attack. This is where Bond’s security ignorance shines like a beacon.

For all the benefits they provide, including a modicum of security, identity systems provide almost no security against committed opponents like terrorist organizations, criminal enterprises, or even hardened criminals. In my book Identity Crisis: How Identification is Overused and Misunderstood, I show how identity acts as an economic and social glue. It brings people together for all kinds of transactions, and it holds them together if and when things go wrong. But I also show how breakable this glue is. Identity does not reveal intention.

People who have studied identity and security know that you can’t extrapolate from the use of identity in every-day transactions to the use of identity in counter-terrorism. Commited bad actors will defraud, inflitrate, or corrupt card issuing systems, or create fraudulent identity documents directly - to say nothing of simply avoiding targets that are controlled by identification checks. (That’s not a big improvement in security. There are far more uncontrolled targets than controlled targets.)

Evidently, Phil Bond is not someone who has studied identity and security, which is a shame given that he is the highly regarded leader of a significant technology-industry trade association.

I’ll Take the Frying Pan over the Fire

Via Ars Technica, here’s a Quad-Cities Online report on the state of Illinois using $1 million in taxpayer dollars to fund litigation in support of an unconstitutional ban on video game violence. The money was taken from other budget areas, including public health, welfare, and economic development.

The ideal would be to give the money back to taxpayers. It rightly belongs to them. But given the choice between using the funds to erode free speech rights or using them to support the welfare state, I’ll take the welfare state.