Adam Thierer's Blog, page 167

Based on two (1, 2) previous cyber security bills, a draft bill that has been circulating around town backed by Senate Majority Leader Harry Reid would give the White House sweeping new powers over companies that operate "covered critical infrastructure" or (CCI). And more than that, the bill would eliminate a vital aspect of the governmental process: a right to a day in court.

People often think of critical infrastructure as power plants, dams, and public safety communication networks. On the Internet, modems, routers and other specific network equipment could be designated as CCI. But this bill is written broadly, so that the Administration could even designate online services—such as e-mail and cloud computing services—that use the Internet but are not themselves network infrastructure.

All businesses want to keep Americans safe and protect infrastructure that supports the American economy. But what happens if a company (or an industry) wants to challenge their CCI designation? Typically, what makes America work is that we can question authority and even challenge our government in court when we think it's wrong. But this legislation explicitly denies businesses their right to challenge a CCI designation in court.

(4) Final appeal.—A final decision in any appeal under this subsection shall be a final agency action that shall not be subject to judicial review except as part of an enforcement action under section 306(b)(7). [emphasis added]

This part of the bill has to be amended to allow judicial appeals to make it fair for the businesses that will pay for it.

And when courts do review a designation, they should scrutinize whether the Secretary rightly applied–not just "considered"–the specific risk factors in the legislation. The current draft has a low bar for the government, requiring the Secretary to merely consider certain risk factors–and lets the Secretary add other factors, too.

In the event of a major cyber incident, companies should be leading the way in developing a fix, not standing by and waiting for the government to issue orders.

The companies that operate critical Internet infrastructure are not part of the cyber security problem, they are the key to the solution. Rather than punishing these pillars of the security community, lawmakers should be looking for innovative ways to support their efforts.

The high-tech industry has been a strong supporter of government's renewed focus on cyber security. But we want to avoid the situation where government gains the power to issue expansive, unchecked edicts without the right to a day in court.

If you follow the Tech Liberation Front, you'll no doubt have run across the weekly podcast I post here on Mondays. It's called Surprisingly Free and it features in-depth discussions with an eclectic mix of authors, academics, and entrepreneurs at the intersection of technology, policy, and economics–including some of the TLF gang.

We've now released over three dozen episodes and we couldn't have done it without our listeners. For that, I want to thank you. We now want to redouble our efforts to improve the show so that we can grow our audience from hundreds to thousands. To do that, we need your help.

If you don't subscribe to the show on iTunes, how about giving it a shot here. If you do already listen to it, I'd like to ask you to please take this two-minute survey. To make the show better, we need to know what you think. Do you like the topics? Do you like the guests? What do you think of the length? What would you change? Keep the same? Your feedback would mean the world to us. And again, the survey only takes two minutes (a bit more if you want to give us written comments, which we would appreciate).

So, thank you so much for listening to the Surprisingly Free podcast, and thanks for helping us spread the word and make it a better show.

Clear's coverage map shows service in many cities and plans to expand to many more. Competition is rendering moot the call for public utility-style regulation of Internet service in the name of 'net neutrality. I expect to hear soon about how unsatisfactory competition is under triopoly conditions.

If you blinked, you missed it. Heaven knows, I did. The OECD privacy guidelines celebrated their 30th birthday on Thursday last week. They were introduced as a Recommendation by the Council of the Organization for Economic Cooperation and Development on September 23, 1980, and were meant to harmonize global privacy regulation.

Should we fete the guidelines on their birthday, crediting how they have solved our privacy problems? Not so much. When they came out, people felt insecure about their privacy, and demand for national privacy legislation was rising, risking the creation of tensions among national privacy regimes. Today, people feel insecure about their privacy, and demand for national privacy legislation is rising, risking the creation of tensions among national privacy regimes. Which is to say, not much has been solved.

In 2002—and I'm still at this? Kill me now—I summarized the OECD Guidelines and critiqued them as follows on the "OECD Guidelines" Privacilla page.

The Guidelines, and the concept of "fair information practices" generally, fail to address privacy coherently and completely because they do not recognize a rather fundamental premise: the vast difference in rights, powers, and incentives between governments and the private sector. Governments have heavy incentives to use and sometimes misuse information. They may appropriately be controlled by "fair information practices."

Private sector entities tend to have a balance of incentives, and they are subject to both legal and market-punishments when they misuse information. Saddling them with additional, top-down regulation in the form of "fair information practices" would raise the cost of goods and services to consumers without materially improving their privacy.

Not much has changed in my thinking, though today I would be more careful to emphasize that many FIPs are good practices. It's just that they are good in some circumstances and not in others, some FIPs are in tension with other FIPs, and so on.

The OECD Guidelines and the many versions of FIPs are a sort of privacy bible to many people. But nobody actually lives by the book, and we wouldn't want them to. Happy birthday anyway, OECD guidelines.

An interesting and thought-provoking piece by Malcolm Gladwell over at The New Yorker this month takes a look at the intersection between true civic activism (the kind that could get you killed) and "social networking" activism (the kind that only takes a retweet or hitting the "like" button on Facebook).

Gladwell's piece starts off retelling the story of how the Civil Rights "sit-in" movement of the early 1960s spread like wildfire among the younger set without the aid of, god forbid, Facebook or Twitter. Contrast that historical example with the more recent happenings in Iran and the Twitter Revolution, where it seemed that tens of thousands of Twitter users stood in solidarity with the protesting Iranians, some of who were literally dying in the streets. The point Gladwell is making, and one with which I concur, is that for all the hype regarding social networking tools, relying on said tools to advocate significant change will end up in a losing battle or inefficient result.

A big reason, Gladwell postulates, is that social networks are at their core good at increasing participation but inefficient at execution. It's easy to hit the "like" button on Facebook to agree that "I support Darfur victims," or "down with big government," but it's another thing to put your literal neck on the line — as the protestors in South Carolina and Iran did.

So, it will be interesting how this social network aspect affects today's Tea Party. Unlike in 2008, when the Obama campaign made history through social network participation, the Tea Party has no official head, no official hierarchy. The Tea Party seems to be more of a network of independent operators, not a movement orchestrated by a small group of decision-makers with a clear agenda and defined strategy and goals.

For all the "populism" put forth by Obama and his supporters on Facebook, Twitter, et. al., there was a distinct hierarchy — strategic decisions backed up with execution by people who were in charge and accountable to higher-ups. Not so with the Tea Party.

So, at the risk of sounding cliche, we are entering another new experiment in politics and technology. Social networking is giving people the chance to participate merely through the click of a button. But by lowering the barrier to participation to the "least inconvenience," will change actually manage to surface?

My article for CNET News.com this morning analyzes the "leaked" net neutrality bill from Rep. Henry Waxman, chair of the House Energy and Commerce Committee.  I put leaked in quotes because so many sources came up with this document yesterday that its escape from the secrecy of the legislative process hardly seems dramatic.  Reporters with sources inside Waxman's office, including The Hill and The Washington Post, expect Waxman to introduce the bill sometime this week.

The CNET article goes through the bill in some detail, and I won't duplicate the analysis here.  It is a relatively short piece of legislation that makes limited changes to Title I of the Communications Act, giving the FCC only the authority it needs to implement "core" regulations that would allow the agency to enforce violations of the open Internet principles.

With a few notable exceptions, the Waxman bill mirrors both the FCC's own proposed rulemaking from last October (still pending) as well as the Google-Verizon legislative framework the two companies released in July.  All three begin with the basic open Internet rules that originate with the FCC's 2005 policy statement, with some version of a content nondiscrimination rule and a transparency rule added.    (There's considerable controversy over the wording of the nondiscrimination rule; none about transparency.)

The Waxman draft would sunset at the end of 2012.  And it asks the FCC to report to Congress sooner than that if any additional provisions are required to implement key features of the National Broadband Plan, which has sadly been lost to the tempest-in-a-teapot wrangling over net neutrality before and since it was published.

Many commentators who are already condemning Waxman for selling out "real" net neutrality are upset over provisions—including the sensible call for case-by-case adjudication of complaints rather than the fool's errand of developing detailed rules and regulations in advance—that appear in all three documents.  They either don't know or don't care that in that regard Waxman's bill breaks no new ground.

Where the bill differs most is its treatment of wireless broadband.  The FCC's October NPRM, albeit with reservations, ultimately concluded that wireless should not be treated any differently than wireline broadband.  Google-Verizon reached the opposite conclusion, encouraging lawmakers to leave wireless broadband out of any new rules, at least until the market and the infrastructure that supports it become more stable.

Waxman's draft calls for limited application of the rules to wireless broadband, in particular prohibiting carriers from blocking applications that compete with their voice or video offerings.  But it isn't clear if that prohibition refers to voice or video offerings over wireless broadband or extends to products (digital voice, FIOS, UVerse) that the wireless carriers offer on their wireline infrastructures.

And the draft also carves out an exception to that rule for app stores, meaning carriers can still control what apps its customers download onto their wireless devices based on whatever criteria (performance, politics, prudery) the app store operator uses.

If net neutrality needs federal legislation and federal enforcement (it does not), then this bill is certainly not the worst way to go about it.  The draft shows considerable evidence of horse-trading and of multiple cooks in the kitchen, leaves confusing holes and open questions, and, so far, doesn't even have a name.  But at least it explicitly takes Title II reclassification of broadband Internet access, the worst idea to surface in the course of this multi-year debate, off the table.

Reading the draft makes me nostalgic for the "legislative process" course I took in law school with long-time Washington veteran Abner Mikva, who has served in all three branches over his career.  There was the official version of the legislative process—the "Schoolhouse Rock" song, for people of a certain generation—and then there was what really happened.  (See also the classic Simpsons episode featuring a helpful janitor who "resembled" Walter Mondale, "Mr. Spritz Goes to Washington.")

Beyond the text, in other words, is the shadow theater.  Why is Waxman, a strong net neutrality supporter, leading the charge for a bill that gives up much of what the most extreme elements have demanded?  (Watch for the inevitable condemnation of Waxman that will follow the introduction of the bill, and for Tea Party opposition to any Republican support for it.)  Why has FCC Chairman Julius Genachowski expressed appreciation that Congress is working on a solution, when his own agency has in theory already developed the necessary record to proceed?  Why introduce a bill so close to adjournment, with election results so uncertain?

I have my theories, as does every other policy analyst who covers the net neutrality beat.  But predicting what will happen in politics, as opposed to technology, is a losing proposition.  So I'll just keep watching, and trying to point out the most egregious misstatements of fact along the way.

I encourage tech policy wonks in Washington to attend next week's (Oct. 5th) Information Technology and Innovation Foundation event on "A Guide to the Internet Political Landscape," which will feature the release of Rob Atkinson's new report, "Who's Who in Internet Politics: A Taxonomy of Information Technology Policy Perspectives ."  The report identifies nine distinct groupings shaping Internet policy and how these groups view key Internet policy issues, including net neutrality, copyright, and privacy.

Rob is one of my very favorite people in Washington and I always look forward to everything he does–even when I disagree with him!  I remember a great debate we had a decade ago when he invited me to critique his paper on "The Failure of Cyber-Libertarianism: The Case for a National E-Commerce Strategy."  And at the end of the debate he conceded that I was correct and he immediately converted to the libertarian movement.  No, not really!  But it was a hell of a fun time.

I hope for a repeat for some of that fun as Rob was kind enough to ask me to comment on his new "Who's Who in Internet Politics" paper as next week's event along with Morgan Reed of the Association for Competitive Technology.  Rob asked me to peer review an early draft of the study and I can assure you it will make a splash.  Come on over to ITIF next Tuesday, October 5th at 9:30am to hear us discuss it.  You can RSVP here.  Location is 1101 K Street NW, Suite 610.

On the podcast this week, Nick Bilton, Lead Technology Writer for The New York Times Bits blog and a reporter for the paper, discusses his new book, I Live in the Future & Here's How It Works.  In the book, Bilton examines how technology is creatively disrupting society, business, and our brains.  On the podcast, he talks about neuroplasticity and reading, a debate with George Packer about Twitter, innovators' dilemmas in the porn industry, why many CEOs and movie producers bristle at how...

If you store sensitive files on your personal computer which law enforcement authorities wish to examine, they generally cannot do so without first obtaining a search warrant based upon probable cause.  But what if you store personal information online—say, in your Gmail account, or on Dropbox? What if you're a business owner who uses Salesforce CRM or Windows Azure? How secure is your data from unwarranted governmental access?

Both the U.S. Senate and the House of Representatives are...

Up on the NetChoice blog, Steve DelBianco writes about how online child safety was a hot topic at the Internet Governance Forum (IGF) last week in Lithuania. There was one workshop on location-based services that allow users to publish their mobile phone location info to their parents or social network pages (e.g. Foursquare, Loopt, and Facebook Places).

The entire workshop reminded Steve of the movie Minority Report, where a 'precrime' police unit relies on the visions of psychics to...