Monthly Archives: September 2009

The Net Neutrality Walk of Shame

at&t logoIt’s the morning after Chairman Genachowski’s impassioned call for new FCC regulations to impose “net neutality” rules on Internet access providers.  No surprise, everyone is reaching for the aspirin.  Communications users have been partying like it’s 1974, when U.S. regulators finally began the painful process of breaking up the long-sanctioned AT&T monopolies on long-distance and equipment.

In the interim, the FCC, in the name of de-regulation, has constructed a remarkably complex machinery of new regulation for existing (telephone) and emerging (data) services.  They’re always a good ten years behind the march of new technology–including new infrastructure technologies such as cable, satellite, wireless, and fiber, as well as new applications such as the Web, voice-over-IP telephone, and the convergence of voice, data, television and everything else.  And they always will be, no matter how many smart people are working on the problem.  (There are many smart people working at the FCC.)

In a deja vu of the passage of the landmark 1996 Communication Act, within days of Genachowski’s speech, everyone was crying foul.  Wireless operators can’t understand why they would be included in neutrality regulations, given the relative competitiveness of the wireless industry (new regulations are presumed to be needed when market mechanisms fail to correct anti-consumer behavior).  AT&T reminded us that the wireless spectrum they bought last year (part of what was given up by broadcast television in the switch to digital broadcast) came with no requirement to be open to any device or application.  Verizon bought a block that did come with that requirement, and AT&T paid “many billions more”  to avoid the open rules.  Oops.

Then AT&T complained that Google, a leading proponent of neutrality rules, was itself violating some of the basic principles with its own Google Voice application, which blocks certain services (900 numbers, free conference call services, etc.) that charge high fees to the customer’s provider that cannot be passed along.   “Traditional” phone companies can’t block those services.  The fees, as the New York Times’ Saul Hansell points out, were originally authorized to help subsidize rural telephone service, but everyone understands that the system has now been thoroughly gamed, part of the post-1996 de-regulation of telephony and the end of Judge Greene’s oversight of the 1982 breakup of the old AT&T.  (Hate them all you want, but as recently as six months ago, AT&T was losing money on every iPhone customer it signed up under its exclusive deal with Apple.)

Google got into similar trouble in late 2008, when it became known that the company had offered to “co-locate” its own servers at key exchange locations of broadband providers in order to speed up delivery of Google content such as YouTube videos. This “fast lane” service seemed to be precisely what the net neutrality advocates feared most, yet it was coming from one of their chief allies and instigators. Google’s defense was that its offer was non-exclusive, meaning any other application provider could make a similar (non-neutral) arrangement.

Reading through some of the comments posted by readers of The New York Times and The Wall Street Journal articles reporting on these developments, one can’t avoid the sense that no one really knows what anyone else really means by neutrality.  “Net neutrality is about the Internet, not the telephone network,” says one reader.  “Neutrality in general does not apply to telephone companies, nor would it benefit them,” says another.

Harold Feld at Public Knowledge, acknowledging that “I do not know how other VOIP providers behave,” nonetheless is confident that neutrality is separable from telecommunications regulation.  “[I]t is easy to make [Google Voice] look like a network neutrality question and try to undermine network neutrality than focus on the merits of either the Google Voice question or the network neutrality question.”  It is, unfortunately, anything but easy.

All of these stories are conflated for a reason beyond simply trying to muddy the waters as much as possible.  Unfortunately, they really are all hopelessly intertwined. Much as the FCC wishes there was still a clear distinction between “the Internet” and “the telephone network,” technology has obliterated that difference.  Internet companies (Vonage, Skype) provide phone service using TCP/IP, “phone companies” offer Internet access over their equipment, while “cable companies” offer the same service over cable–along with phone services and television, which the phone companies also offer.

Under the law, “telecommunications” services are still treated (badly) as common carriers, a significant competitive disadvantage that may or may not still be justifiable.  “Information” services are not.  When AT&T offers Internet, it’s a telecommunications service.  When Vonage offers telephony, it’s an information service.  The current rules don’t distinguish between the two kinds of uses based on the protocol used, the network technology used, or the equipment used.  The current rules distinguish based solely on the historical (that is, pre-1982) business of the provider.  Providers that didn’t exist in 1982 (Vonage, Skype, Google) or who weren’t in the voice business at the time (Comcast, TimeWarner) are presumed to be offering information services, regardless of what services they are offering.

AT&T’s point, hopelessly lost in 25 years of FCC rulemaking, is that regardless of whether it still makes sense to regulate the hell out of their copper-wire phone network, they ought to be held to the same rules as everyone else when offering new services on new infrastructure and new equipment.  Which is to say, far fewer rules than when they are offering POTS (Plain Old Telephone Service).

Pull one strand of this spider web, and every other strand responds.  Unfortunately, net neutrality is bigger than just net neutrality, and not just because Internet providers say it is.  It really is.

There’s a simple solution to all this, one that might make a rational conversation about net neutrality possible.  And that is to eliminate the distinction between common carriers and everyone else.  Hold everyone to the same rules regardless of what information they are transporting–whether voice, video, television, data.   Because regardless of who’s doing what, these days it’s all bits.  There is no rational reason to regulate the bits based on who is transporting them.  The FCC doesn’t even try to justify the distinction anymore.  Let’s just get rid of it.

We need, as I say in Chapter 6 of The Laws of Disruption, a cure for the common carrier.  We need to eliminate most if not all of the FCC’s byzantine sets of taxes, rules, funds, rate-setting, and (for broadcast but not cable TV) content oversight.  When the 1996 Communications Act was signed into law, Congress predicted it would signal the end of the FCC, much as the deregulation of the airline industry ended the reign of terror of the Civil Aviation Board.

Today, the FCC’s budget is bigger than ever.  And in the thirteen years since deregulation, American consumers have fallen behind in every conceivable metric their counterparts in much of Europe and Asia.  We pay more and get less, even as Moore’s Law makes everything faster, cheaper, smaller and Metcalfe’s Law converges all the networks and protocols and applications into a single glorious buffet of information.

True consumer interests are absent from the picture here.  So even when they win, they often lose.  And what constitutes a win is anyone’s guess.

Consumer activists and consumers themselves would do well to channel their anger and energy away from individual providers and individual problems and focus on the real devil.  Let’s really deregulate the communications industry.  Let’s put the squeeze on the only group that actually makes a profit here–industry lobbyists and lawyers.

By the way, understanding the impact of federal regulation on the infrastructure industry (which no one does, or can) is only part of the puzzle.  Phone, cable, and wireless providers are also subject to local regulations, many of which add to and subtract from the perverse incentives that  dictate  industry behavior.  We need to get the almost entirely corrupt local agencies out of the regulatory business altogether.

Ready for that hangover helper now?

The Persistent Myths of Identity Theft

ftc logoLaw Six of The Laws of Disruption deals with the myths and realities of Internet crime.  It’s a subject that’s bothered me for a long time.  Back in the Stone Age (1995), John Perry Barlow and I wrote a Position Paper for Computer Sciences Corporation titled, “Five Privacy and Security Imperatives for Electronic Trade.”   (It’s so old I can’t even provide a link!)

This was before there was any electronic trade, or what came to be known (when it arrived) as e-commerce.  This was in the era where people were saying things like, “No one will ever give their credit card number out over the Internet.”  (Never start a sentence with “no one will ever,” especially when it relates to technology.)

The problem was that most of the people saying “no one will ever” worked for banks and credit card companies.  Many of them were clients of our research program.  They were overwhelmed by the idea of e-commerce.  Technically, they didn’t know how they would integrate their private networks with the public Internet.  From a business standpoint, they didn’t know how they could make it cost-effective to process what were expected to be smaller-dollar transactions in high volume from a new kind of merchant population.  Not to be unkind, but much of the fear surrounding e-commerce was generated to hold back the flood while these companies looked for ways to build dams.

Eventually these problems were resolved, but the fear-mongering has had a lasting effect.  In 2001, according to the Pew Internet & American Life Project, 87% of Americans said they were concerned about credit card theft online; by 2008 it was down only marginally.  Yet by 2009 over 50% of all American adults had paid online with a credit card anyway.

In the interim, of course, an entire industry has emerged with a strong incentive to keep the fear numbers high.  Companies that make money selling anti-virus software, credit reports, identity theft insurance and alternative payment methods (e.g., PayPal) stoke the fears of users that only a fool would ever type his or her credit card number into a web browser.

Identity theft is real, but for those who have been victims of it, generally the loss of money is the least of its damage (banks and credit card companies are legally obliged to return money fraudulently obtained from a customer’s account).  Restoring credit history and credit scores is where the real crimes take place, and the perpetrators are often the consumer’s own financial services providers.

The recent indictment of three men in the theft of 130 million credit card numbers is a good example of the continued obfuscation employed by the industry and their counterparts at the Federal Trade Commission, confusion often left unchallenged by journalists.  The thieves, an American named Albert Gonzalez and his offshore co-conspirators, broke into corporate networks of payment processors as well as major retailers including 7-11 and TJ Maxx.  When Gonzalez, plead guilty, the Associated Press described him as “masterminding one of the largest cases of identity theft in U.S. history.”  Reuters called it “one of the largest identity-theft crimes on record.”

Stealing credit card numbers from corporate computers is a serious crime, but it is not “identity theft.”

The problem is that “identity theft” has come to mean many different things, including what we may now think of as the quaint form where consumers give their credit card number online to a scam artist, often in response to a fake email message purporting to be from their bank or other payment processors.  The scammer uses or sells the number to open new accounts, make fraudulent withdrawals or charges, and otherwise pass himself off as if he was the victim.  (See my 2005 article, “If Feds Fail, What Can Stop Identity Theft?”)

But that’s small potatoes compared to the kind of crime Gonzalez and his colleagues commit, where millions of credit card numbers are stolen and then sold.  Most of these, however, don’t actually result in identity theft—the credit card numbers are used to get cash and merchandise and are quickly disabled by software that recognizes dubious transactions.  Again the financial losses here are borne by the banks and credit card processors, not the consumers or the merchants.  That’s why the software is good and getting better.  It’s their money at stake.

No one’s “identity” is being stolen, but the use of the term to describe every financial fraud involving a computer amps up the terror level of consumers who largely have nothing to fear.  The vast majority of “real” identity theft has nothing to do with computers at all, but rather  begins with a stolen or lost wallet, stolen or simply discarded mail, or inside jobs pulled by clerks and others with legitimate access to the data.

The real problems are on the back-end, where credit card systems are left insufficiently secured, or where laptops with sensitive data are left in the back seats of cars where they are stolen not for the data but for the hardware.  We keep hearing horror stories of government employees, university officials, and private sector employees who can’t even be bothered to put password protection on their logins, let alone encrypt their data.  And the continued use of social security numbers by private enterprises both as a customer ID and an authentication field is probably the most dangerous practice of all.

Oddly enough, these were exactly the problems Barlow and I pointed out in 1995.  The solutions were obvious then, and they’re still obvious now.  But as long as consumers are being misdirected to think it’s their behavior that needs to be controlled, the financial services industry can avoid solving their largely self-made problems.

Meanwhile, electronic commerce doesn’t grow as quickly as it could.

If anyone wants a hardcopy of my 1995 position paper, I’m happy to send it along!

The antitrust sledgehammer

oracle logo

Lovers of freedom and protectors of keeping out-of-print books out of print are dancing with glee at the announcement yesterday from Google and the trade associations who sued the company that they are renegotiating their settlement. This in light of the torrent of objections received by the court, notably a last-minute (technically after the deadline) tirade from the Justice Department that the deal raised serious antitrust concerns.

As I write in Chapter 7 of “The Laws of Disruption,” invocations of antitrust have a nasty habit of boomeranging against those who chant its doctrines, especially when they don’t really understand how dangerous a body of law it is. Most of the IT industry was thrilled (secretly or otherwise), when the Justice Department came down on IBM, AT&T, and more recently, on Microsoft and Intel. What could be better than having a major competitor distracted, perhaps for years, by the 19th century machinery of litigation against the federal government?

Of course some of the loudest braying on behalf of inserting the government into the structure of the computer industry came from Oracle. CEO Larry Ellison famously cheered on the Justice Department’s pursuit of Microsoft; that is, until the Antitrust Division challenged his takeover of PeopleSoft in 2004. Oops.

The Obama Justice Department has promised to put more teeth into antitrust enforcement and it clearly has Google in its sights. This despite the fact that the feds understand nothing of the very different economic properties and behaviors of information. There seems to be something, well, Unamerican about being so successful. We love scampy underdogs, but when they win, we turn on them pretty much immediately as oppressive tyrants. It’s why the Rocky movies never really worked once he won.

Justice is already poking holes in the Bing-Yahoo deal, for example, as Lance Whitney reported the other week. This despite the fact that Google enjoys an enormous majority of the search market (which it got how, exactly? Oh yeah, innovation) and despite the fact that consumers, ten years into the Web revolution, continue to pay NOTHING for search services.

Oracle itself is again is in the antitrust cross-hairs, this time in Europe for its attempt to takeover Sun. U.S. antitrust regulators are misguided; the E.U.’s current class of clowns are just plain mean, setting a new low in undefining a legal standard for “harm to consumers.” (Mostly they just mouth the words as they go after companies who aren’t European enough for E.U. Antitrust chief Neelie Kroes.) Regulators must “examine very carefully the effects on competition in Europe,” Kroes said earlier this month, “when the world’s leading proprietary database company proposes to take over the world’s leading open-source database company.”

Yes, Oracle will take over Sun and then proceed to destroy what’s left of its assets, that is, MySQL, which has .4% of global DBMS revenues. Good business sense there.

Gartner Group’s Donald Feinberg has another explanation. Again, Lance Whitney at CNET has the story. “It’s a political agenda,” Feinberg says bluntly. “[I]t is the re-emergence of protectionism…The EU is looking for how it can protect the companies in Europe.”

Antitrust started out as political. Then it became grounded in economics. Now, with the emergence of a new kind of economy, it’s lost its way and gone back to being political.

Which should serve as a powerful warning to those who get in bed with antitrust regulators. Today, the Google Books settlement and the Oracle-Sun and Yahoo-Bing deals. Tomorrow, when the political winds change, it will be you.

That’s about the only thing predictable about antitrust these days.