Adam Thierer's Blog, page 99

From The Hill this weekend:

But James Lewis, the director of the Technology and Public Policy Program at the Center for Strategic and International Studies, said "no serious analyst doubts the risk anymore" of a cyber attack.

"There are people who are naturally skeptical about anything the government says and there are the ones who are paid to be skeptical," Lewis said, but he claimed almost everyone else has accepted the seriousness of the situation.

Since I'm the only other person quoted in the story–making the case that the threat of a catastrophic cyberattack has been exaggerated–that statement can be read as applying to me. I'm certainly naturally skeptical of government (for good reason, I think), and to the extent my organization is also generally skeptical of government, I guess I am paid to be skeptical of government. But the implication that I wouldn't advocate skepticism of government but for payment is insulting. And it also has nothing to do with whether the cyber threat has been blown out of proportion and whether we should be skeptical of such threat inflation.

On that front, I'd like to quote at length from a fantastic 2006 San Francisco Chronicle piece entitled, "The War on Hype," that might as well have been written by me. It is by a certain James A. Lewis:

Or cyber terror. In 1995, the first in a long series of warnings of an "electronic Pearl Harbor" was made. Although terrorists have launched many attacks since 1995, none has involved cyber terror.

The closest thing to a cyber attack occurred in Australia, when a disgruntled employee who had designed the computer system for a sewage treatment plant was able to penetrate the network after 49 consecutive attempts that went unnoticed and release raw sewage. The government report on the incident says this produced an unbearable smell for several days. Residents were unhappy, but able to control their terror.

Cyber terror was at first suspected in the 2003 Northeast blackout. The cause turned out to be incompetence and falling trees. The widespread blackout did not degrade U.S. military capabilities, did not damage the economy, and caused neither casualties nor terror.

One lesson to draw from this is that large, modern economies are hard to defeat. Their vulnerability — to cyber attack or dirty bombs or the other exotic weapons — is routinely exaggerated.

Yes, computer networks are vulnerable to attack, but nations are not equally vulnerable. Countries like the United States, with its abundance of services and equipment and the ability and experience in restoring critical functions, are well equipped to overcome an attack.

Yes, that's the very point I was making in the Hill article, and which I've been making in my writing the last couple of years. But wait, there's more.

What explains this discrepancy between risk and perception?

During the cold war, analysts became accustomed to thinking about horrible things that never happened — from nuclear winter to atomic war. This willingness to suspend disbelief has carried over to the war on terrorism.

When the cold war ended, the United States reassessed what kinds of threats it would face in the future. A series of influential commissions concluded that new kinds of opponents would use asymmetric attacks and unconventional weapons against the American homeland. They would attack vulnerable civilian targets, as no one could challenge the U.S. military and win.

This assessment proved, unfortunately, to be correct, but its corollary — that the new opponents would use unconventional weapons like cyber or bio — missed the mark.

There are important differences between experts and terrorists. Experts imagine exotic attack scenarios. Terrorists are conservative. They prefer guns and bombs.

There's even a hint of how threat inflation can hurt policymaking:

The media, particularly television, prefers to translate complex risks into simple and dramatic tales. Eighty-three people dying in six years is tragic, but not news. Deadly chickens sweeping out of China to infect millions appeals to alarmism and anxiety and attracts audiences and talking heads.

A changing American political culture makes our leaders more anxious. Since the 1960s, the U.S. government has become progressively more cautious and risk-averse. …

Exaggerated concerns shape our spending and strategies for counterterrorism and public health (even if our implementation of these strategies is at times so lax as to appear to welcome risk with open arms).

It's good to know that a serious analyst can doubt the risks associated with cyberattack. If Dr. Lewis has changed his views on the threat posed by cyber, I'm sure it's the result of extensive investigation and careful reflection, and not for any other reason. More to the point, it doesn't matter. Bringing up motives is what you do when you can't counter an argument.

I'm puzzled by Harold Feld's latest post. Last month, Harold laid out his argument that society faces a tradeoff between allocating the wireless spectrum to the highest bidder and maintaining competition in wireless services. I responded by showing geometrically that in most cases, efficient production is much more important than maximal competition; in economics, trapezoids are bigger than triangles.

Harold seemed to get it. My argument was only an intuitive one, but he admitted that he needed to be more rigorous to show that competition in the wireless industry is more important than lowering the cost of producing wireless services.

My response to @elidourado is that we have dueling intuitions. When the FCC goes to set rules, we will both need more rigor.

— haroldfeld (@haroldfeld) February 20, 2012

Today, Harold reprised nearly the same post, without additional economic rigor, and at greater length. So maybe you can see why I'm puzzled.

I continue to believe that trapezoids are bigger than triangles. But for this post, let's put that issue to the side to focus on duopoly, of which Harold seems to have a visceral fear. He's probably not alone.

Duopoly sounds really bad, because it's 1 away from monopoly. But modern economists tend not to place too much emphasis on the number of competitors in an industry, at least not in isolation from other factors. For instance, it is well understood that under what is known as a Bertrand duopoly, economic profits to the firms are zero, and the price to consumers is as low as it is when there are many firms. That does not sound too scary, does it?

Duopoly can be consistent with vigorous competition. For instance, most of the bestselling digital SLR cameras on Amazon.com are made by either Nikon or Canon. Sure, a few other companies have a toehold in the industry, but it is as much a duopoly as the wireless industry is. Despite the dominance of these two firms, the price of DSLRs falls every year, and quality continuously goes up.

So what clues can we look at to see if AT&T and Verizon constitute a harmful or a harmless duopoly? The first one is profits. Now, this is tricky, because we want to look at economic profits, which are not the same as accounting profits. Economic profits are usually less than accounting profits, since we need to subtract out the ordinary return to the physical capital owned by the firm. However, even if we look at accounting profits, it turns out that both AT&T and Verizon lost money last quarter. This is not the kind of thing that nasty duopolies tend to do. Now, it could be that both firms had a bad quarter, and they will be back in the black soon. In fact, that is what I expect. But even so, neither firm is likely to rake in profits hand over fist any time soon—and if you think they are, you should put your money where your mouth is and buy their stock.

Another clue we can look at is fixed costs. In an industry with high fixed costs of being in business, lots of companies is neither a stable equilibrium nor a desirable outcome. Suppose there is an industry in which fixed costs are $100 billion. This would mean that for there to be 10 firms, society would have to pay $1 trillion in fixed costs. By reducing the number of firms from 10 to 2, society saves $800 billion. This situation roughly exists in the market for large, commercial jet aircraft, where the only competitors are Boeing and Airbus. Would we really want there to be more commercial jet producers? There would be a whole lot of duplication of costs, and the price of jetliners and air travel would increase, not decrease. We're better off with a duopoly, and in fact we get duopoly precisely because vigorous competition between the jumbojet giants keeps everyone else out.

Wireless service also has high fixed costs, or, more accurately, declining average costs. Harold notes that if AT&T had been allowed to buy T-Mobile, "it would enjoy 'synergies.' Combining with T-Mo would make it bigger, better able to extract the value (by laying off 'redundant' T-Mo staff and other cost cutting measures)." I'm not sure why he puts sneering quotation marks around "redundant;" those redundancies represent exactly the socially-beneficial fixed cost-cutting I am talking about. If the industry were not to need those employees any longer, then they could be employed elsewhere, which is what is best for society. If Harold has some other normative criterion, he should come out with it.

The bottom line is that appeals to competition based solely on the number of competitors are just no longer persuasive to anyone up on the economics of firms and industries, also known as industrial organization. As both an avid consumer of wireless service and someone with more than a little fondness for IO, I'm not scared of wireless duopoly at all.

[image error]The cover story of this week's The New Republic is a review by Evgeny Morozov of Walter Isaacson's biography of Steve Jobs. In 10,000 words it is more illuminating about what made Steve Jobs tick than Isaacson's 656 pages of warmed-over anecdotes and Wikipedia glosses. Morozov gets it right when he draws the connection between Bauhaus and Apple–functionalism and simplicity über alles. But he doesn't seem to like where this takes Apple or Jobs.

He calls Jobs's adherence to the Bauhaus ideal "a kind of industrial Platonism" in which products have a true form or essence that must be discovered and revealed by a designer. What consumers think they want is irrelevant; they will know what they want when it is presented to them. That's true as far as it goes, but Morozov is the real Platonist here.

Morozov's ultimate indictment of Apple is that it refuses to consider the externalities its technologies impose on "society." One may love one's Apple products and how they have improved one's life, but, Morozov says,

We need to identify the other moral instructions that may be embedded in a technology, which it promotes directly or indirectly. And this fuller analysis requires going beyond studying the immediate impact on the user and engaging with the broader–let us call it the "ecological"–impact of a device. ("Ecological" here has no environmental connotations; it simply indicates that a technology may affect not only its producer and its user, but also the values and the habits of the community in which they live.)

What is this negative externality Apple's technology is inflicting on the value and habits of our communities? It's that apps will kill the open Internet, except not for the reasons we think. Morozov cites and dismisses Jonathan Zittrain's "generativity" critique saying that Zittrain is concerned only with the threat to innovation. Morozov, on the other hand, is concerned with loftier "ethical and aesthetic considerations." Namely, that Apple's app paradigm "may be destroying the Internet in much the same way that the automobile destroyed the sidewalks and the playgrounds."

The point is not that we should forever cling to the shape and the format of the Internet as it exists today. It is that we should (to borrow Apple's favorite phrase) "think different" and pay attention to the aesthetic and civic externalities of the app economy. Our choice is between erecting a virtual Portland or sleepwalking into a virtual Dallas. But Apple under Steve Jobs consistently refused to recognize that there is something valuable to the Web that it may be destroying.

After reading a competing cover story about Portland in another newsweekly, I'm not sure the choice is as clear as Morozov thinks it is. But the message is clear: like Portland's planners do about a "livable city," Morozov has a vision of what is the Internet's pure form, and it's not one left to messy markets.

Morozov quotes a Newsweek interview with Jobs just a few years after the Web was invented. Jobs sees it as "the ultimate direct-to-customer distribution channel." He essentially predicts that you'll be able to buy books online and that the bookstore will know what you like.

That the Web did become a shopping mall fifteen years after Jobs made his remark does not mean that he got the Web right. It means only that a powerful technology company that wants to change the Web as it pleases can currently do so with little or no resistance from anyone. If one day Apple decides to remove a built-in browser from the iPad, as the Web becomes less necessary in an apped world, it will not be because things took on a life of their own, but because Apple refused to investigate what other possible directions—or forms of life—"things" might have taken. For Jobs, with his pre-political mind, there was no other way to think about the Internet than to rely on the tired binary poles of supply and demand.

The notion that Apple turned the web into what it is today singlehandedly is laughable. Apple was moribund until 2000, didn't introduce the iTunes Store until 2003, and has never had a strong presence on the web. The web has become what it is today because the convenience of getting any book you want, whenever you want it, and cheaply beats little bookstores stocked by proprietor's whims, however aesthetically pleasing they may be–which they're often not. And for the record, I hope we can all agree the web is more than a shopping mall.

More to the point, though, Jobs was not as much a Pied Piper as we'd like to think he was. Depite all his marketing moxie, he was constrained by the market. If Jobs ever thought there was a true essence of a computer, it was the Power Mac G4 Cube. As Isaacson says, "it was the pure expression of Jobs's aesthetic." And it was a flop. "Jobs later admitted that he had overdesigned and overpriced the Cube, just as he had the NeXT computer." Remember the NeXT cube? How about the iPod Hi-Fi? The buttonless iPod shuffle? Ping? Those tired poles of supply and demand told Jobs "no" time after time, but we might just as easily dismiss gravity or entropy as tired.

If Apple were to remove the browser from the iPad today, there would be, shall we say, less demand for the tablet. If at some future date there is no more demand for a web browser, and Apple removes it to little fanfare, then what is the harm?

I guess it is some Platonic Internet that we'd lose. A pure internet that we don't know we want. One that only philosopher-kings can see. One they will discuss at "Berlin-based think tanks" and in the pages of "quarterly magazines," as Morozov praises Google for sponsoring. And it's an Internet the philosopher-kings would plan for us the same way Neil Goldschmidt and his friends planned Portland.

No thanks. I prefer a Steve Jobs, pursuing a functionalist ideal with little care for the consequences, yet checked by those tired poles and the "perennial gale of creative destruction" that will someday catch up with Apple.

The DOJ's recent press release on the Google/Motorola, Rockstar Bidco, and Apple/ Novell transactions struck me as a bit odd when I read it.  As I've now had a bit of time to digest it, I've grown to really dislike it.  For those who have not followed Jorge Contreras had an excellent summary of events at Patently-O.

For those of us who have been following the telecom patent battles, something remarkable happened a couple of weeks ago.  On February 7, the Wall St. Journal reported that, back in November, Apple sent a letter[1] to the European Telecommunications Standards Institute (ETSI) setting forth Apple's position regarding its commitment to license patents essential to ETSI standards.  In particular, Apple's letter clarified its interpretation of the so-called "FRAND" (fair, reasonable and non-discriminatory) licensing terms that ETSI participants are required to use when licensing standards-essential patents.  As one might imagine, the actual scope and contours of FRAND licenses have puzzled lawyers, regulators and courts for years, and past efforts at clarification have never been very successful.  The next day, on February 8, Google released a letter[2] that it sent to the Institute for Electrical and Electronics Engineers (IEEE), ETSI and several other standards organizations.  Like Apple, Google sought to clarify its position on FRAND licensing.  And just hours after Google's announcement, Microsoft posted a statement of "Support for Industry Standards"[3] on its web site, laying out its own gloss on FRAND licensing.  For those who were left wondering what instigated this flurry of corporate "clarification", the answer arrived a few days later when, on February 13, the Antitrust Division of the U.S. Department of Justice (DOJ) released its decision[4] to close the investigation of three significant patent-based transactions:  the acquisition of Motorola Mobility by Google, the acquisition of a large patent portfolio formerly held by Nortel Networks by "Rockstar Bidco" (a group including Microsoft, Apple, RIM and others), and the acquisition by Apple of certain Linux-related patents formerly held by Novell.  In its decision, the DOJ noted with approval the public statements by Apple and Microsoft, while expressing some concern with Google's FRAND approach.  The European Commission approved Google's acquisition of Motorola Mobility on the same day.

To understand the significance of the Apple, Microsoft and Google FRAND statements, some background is in order.  The technical standards that enable our computers, mobile phones and home entertainment gear to communicate and interoperate are developed by corps of "volunteers" who get together in person and virtually under the auspices of standards-development organizations (SDOs).  These SDOs include large, international bodies such as ETSI and IEEE, as well as smaller consortia and interest groups.  The engineers who do the bulk of the work, however, are not employees of the SDOs (which are usually thinly-staffed non-profits), but of the companies who plan to sell products that implement the standards: the Apples, Googles, Motorolas and Microsofts of the world.  Should such a company obtain a patent covering the implementation of a standard, it would be able to exert significant leverage over the market for products that implemented the standard.  In particular, if a patent holder were to obtain, or even threaten to obtain, an injunction against manufacturers of competing standards-compliant products, either the standard would become far less useful, or the market would experience significant unanticipated costs.  This phenomenon is what commentators have come to call "patent hold-up".  Due to the possibility of hold-up, most SDOs today require that participants in the standards-development process disclose their patents that are necessary to implement the standard and/or commit to license those patents on FRAND terms.

As Contreras notes, an important part of these FRAND commitments offered by Google, Motorola, and Apple related to the availability of injunctive relief (do go see the handy chart in Contreras' post laying out the key differences in the commitments).  Contreras usefully summarizes the three statements' positions on injunctive relief:

In their February FRAND statements, Apple and Microsoft each commit not to seek injunctions on the basis of their standards-essential patents.  Google makes a similar commitment, but qualifies it in typically lawyerly fashion (Google's letter is more than 3 single-spaced pages in length, while Microsoft's simple statement occupies about a quarter of a page).  In this case, Google's careful qualifications (injunctive relief might be possible if the potential licensee does not itself agree to refrain from seeking an injunction, if licensing negotiations extended beyond a reasonable period, and the like) worked against it.  While the DOJ applauds Apple's and Microsoft's statements "that they will not seek to prevent or exclude rivals' products form the market", it views Google's commitments as "less clear".  The DOJ thus "continues to have concerns about the potential inappropriate use of [standards-essential patents] to disrupt competition".

Its worth reading the DOJ's press release on this point — specifically, that while the DOJ found that none of the three transactions itself raised competitive concerns or was substantially likely to lessen the competition, the DOJ expressed general concerns about the relationship between these firms' market positions and ability to use the threat of injunctive relief to hold up rivals:

Apple's and Google's substantial share of mobile platforms makes it more likely that as the owners of additional SEPs they could hold up rivals, thus harming competition and innovation.  For example, Apple would likely benefit significantly through increased sales of its devices if it could exclude Android-based phones from the market or raise the costs of such phones through IP-licenses or patent litigation.  Google could similarly benefit by raising the costs of, or excluding, Apple devices because of the revenues it derives from Android-based devices.

The specific transactions at issue, however, are not likely to substantially lessen competition.  The evidence shows that Motorola Mobility has had a long and aggressive history of seeking to capitalize on its intellectual property and has been engaged in extended disputes with Apple, Microsoft and others.  As Google's acquisition of Motorola Mobility is unlikely to materially alter that policy, the division concluded that transferring ownership of the patents would not substantially alter current market dynamics.  This conclusion is limited to the transfer of ownership rights and not the exercise of those transferred rights.

With respect to Apple/Novell, the division concluded that the acquisition of the patents from CPTN, formerly owned by Novell, is unlikely to harm competition.  While the patents Apple would acquire are important to the open source community and to Linux-based software in particular, the OIN, to which Novell belonged, requires its participating patent holders to offer a perpetual, royalty-free license for use in the "Linux-system."  The division investigated whether the change in ownership would permit Apple to avoid OIN commitments and seek royalties from Linux users.  The division concluded it would not, a conclusion made easier by Apple's commitment to honor Novell's OIN licensing commitments.

In its analysis of the transactions, the division took into account the fact that during the pendency of these investigations, Apple, Google and Microsoft each made public statements explaining their respective SEP licensing practices.  Both Apple and Microsoft made clear that they will not seek to prevent or exclude rivals' products from the market in exercising their SEP rights.

What's problematic about a competition enforcement agency extracting promises not to enforce lawfully obtained property rights during merger review, outside the formal consent process, and in transactions that do not raise competitive concerns themselves?  For starters, the DOJ's expression about competitive concerns about "hold up" obfuscate an important issue.  In Rambus the D.C. Circuit clearly held that not all forms of what the DOJ describes here as patent holdup violate the antitrust laws in the first instance.  Both appellate courts discussion patent holdup as an antitrust violation have held the patent holder must deceptively induce the SSO to adopt the patented technology.  Rambus makes clear – as I've discussed — that a firm with lawfully acquired monopoly power who merely raises prices does not violate the antitrust laws.  The proposition that all forms of patent holdup are antitrust violations is dubious.  For an agency to extract concessions that go beyond the scope of the antitrust laws at all, much less through merger review of transactions that do not raise competitive concerns themselves, raises serious concerns.

Here is what the DOJ says about Google's commitment:

If adhered to in practice, these positions could significantly reduce the possibility of a hold up or use of an injunction as a threat to inhibit or preclude innovation and competition.

Google's commitments have been less clear.  In particular, Google has stated to the IEEE and others on Feb. 8, 2012, that its policy is to refrain from seeking injunctive relief for the infringement of SEPs against a counter-party, but apparently only for disputes involving future license revenues, and only if the counterparty:  forgoes certain defenses such as challenging the validity of the patent; pays the full disputed amount into escrow; and agrees to a reciprocal process regarding injunctions.  Google's statement therefore does not directly provide the same assurance as the other companies' statements concerning the exercise of its newly acquired patent rights.  Nonetheless, the division determined that the acquisition of the patents by Google did not substantially lessen competition, but how Google may exercise its patents in the future remains a significant concern.

No doubt the DOJ statement is accurate and the DOJ's concerns about patent holdup are genuine.  But that's not the point.

The question of the appropriate role for injunctions and damages in patent infringement litigation is a complex one.  While many scholars certainly argue that the use of injunctions facilitates patent hold up and threatens innovation.  There are serious debates to be had about whether more vigorous antitrust enforcement of the contractual relationships between patent holders and standard setting organization (SSOs) would spur greater innovation.   The empirical evidence suggesting patent holdup is a pervasive problem is however, at best, quite mixed.  Further, others argue that the availability of injunctions is not only a fundamental aspect of our system of property rights, but also from an economic perspective, that the power of the injunctions facilitates efficient transacting by the parties.  For example, some contend that the power to obtain injunctive relief for infringement within the patent thicket results in a "cold war" of sorts in which the threat is sufficient to induce cross-licensing by all parties.  Surely, this is not first best.  But that isn't the relevant question.

There are other more fundamental problems with the notion of patent holdup as an antitrust concern.  Kobayashi & Wright also raise concerns with the theoretical case for antitrust enforcement of patent holdup on several grounds.  One is that high probability of detection of patent holdup coupled with antitrust's treble damages makes overdeterrence highly likely.  Another is that alternative remedies such as contract and the patent doctrine of equitable estoppel render the marginal benefits of antitrust enforcement trivial or negative in this context.  Froeb, Ganglmair & Werden raise similar points.   Suffice it to say that the debate on the appropriate scope of antitrust enforcement in patent holdup is ongoing as a general matter; there is certainly no consensus with regard to economic theory or empirical evidence that stripping the availability of injunctive relief from patent holders entering into contractual relationships with SSOs will enhance competition or improve consumer welfare.  It is quite possible that such an intervention would chill competition, participation in SSOs, and the efficient contracting process potentially facilitated by the availability of injunctive relief.

The policy debate I describe above is an important one.  Many of the questions at the center of that complex debate are not settled as a matter of economic theory, empirics, or law.  This post certainly has no ambitions to resolve them here; my goal is a much more modest one.  The DOJs policymaking efforts through the merger review process raise serious issues.  I would hope that all would agree — regardless of where they stand on the patent holdup debate — that the idea that these complex debates be hammered out in merger review at the DOJ because the DOJ happens to have a number of cases involving patent portfolios is a foolish one for several reasons.

First, it is unclear the DOJ could have extracted these FRAND concessions through proper merger review.  The DOJ apparently agreed that the transactions did not raise serious competitive concerns.   The pressure imposed by the DOJ upon the parties to make the commitments to the SSOs not to pursue injunctive relief as part of a FRAND commitment outside of the normal consent process raises serious concerns.  The imposition of settlement conditions far afield from the competitive consequences of the merger itself is something we do see from antitrust enforcement agencies in other countries quite frequently, but this sort of behavior burns significant reputational capital with the rest of the world when our agencies go abroad to lecture on the importance of keeping antitrust analysis consistent, predictable, and based upon the economic fundamentals of the transaction at hand.

Second, the DOJ Antitrust Division does not alone have comparative advantage in determining the optimal use of injunctions versus damages in the patent system.

Third, appearances here are quite problematic.  Given that the DOJ did not appear to have significant competitive concerns with the transactions, one can create the following narrative of events without too much creative effort: (1) the DOJ team has theoretical priors that injunctive relief is a significant competitive problem, (2) the DOJ happens to have these mergers in front of it pending review from a couple of firms likely to be repeat players in the antitrust enforcement game, (3) the DOJ asks the firms to make these concessions despite the fact that they have little to do with the conventional antitrust analysis of the transactions, under which they would have been approved without condition.

The more I think about the use of the merger review process to extract concessions from patent holders in the form of promises not to enforce property rights which they would otherwise be legally entitled to, the more the DOJ's actions appear inappropriate.  The stakes are high here both in terms of identifying patent and competition rules that will foster rather than hamper innovation, but also with respect to compromising the integrity of merger review through the imposition of non-merger related conditions we are more akin to seeing from the FCC, states, or less well-developed antitrust regimes.

[Cross posted at Truth on the Market]

On the podcast this week, Gabriella Coleman, anthropologist and the Wolfe Chair in Scientific and Technological Literacy in the Department of Art History & Communication Studies at McGill University, discusses hacktivist group Anonymous. Coleman begins with an overview of Anonymous originating with online pranks that eventually evolved into political activism. The group, according to Coleman, began seeking "lulz" on the message board 4chan. The pranks consisted of Internet memes and practical Internet jokes called trolling. She then discusses how the group moved into activism using denial of services attacks to shut down websites and how it issued a series of videos against the Church of Scientology. The discussion then turns to the recent arrest of several LulzSec members, including Sabu, the hacker turned FBI informant.

To keep the conversation around this episode in one place, we'd like to ask you to comment at the webpage for this episode on Surprisingly Free. Also, why not subscribe to the podcast on iTunes?

Six months may not seem a great deal of time in the general business world, but in the Internet space it's a lifetime as new websites, tools and features are introduced every day that change where and how users get and share information. The rise of Facebook is a great example: the social networking platform that didn't exist in early 2004 filed paperwork last month to launch what is expected to be one of the largest IPOs in history. To put it in perspective, Ford Motor went public nearly forty years after it was founded.

This incredible pace of innovation is seen throughout the Internet, and since Google's public disclosure of its Federal Trade Commission antitrust investigation just this past June, there have been many dynamic changes to the landscape of the Internet Search market. And as the needs and expectations of consumers continue to evolve, Internet search must adapt – and quickly – to shifting demand.

One noteworthy development was the release of Siri by Apple, which was introduced to the world in late 2011 on the most recent iPhone. Today, many consider it the best voice recognition application in history, but its potential really lies in its ability revolutionize the way we search the Internet, answer questions and consume information. As Eric Jackson of Forbes noted, in the future it may even be a "Google killer."

Of this we can be certain: Siri is the latest (though certainly not the last) game changer in Internet search, and it has certainly begun to change people's expectations about both the process and the results of search. The search box, once needed to connect us with information on the web, is dead or dying. In its place is an application that feels intuitive and personal. Siri has become a near-indispensible entry point, and search engines are merely the back-end. And while a new feature, Siri's expansion is inevitable. In fact, it is rumored that Apple is diligently working on Siri-enabled televisions – an entirely new market for the company.

The past six months have also brought the convergence of social media and search engines, as first Bing and more recently Google have incorporated information from a social network into their search results. Again we see technology adapting and responding to the once-unimagined way individuals find, analyze and accept information. Instead of relying on traditional, mechanical search results and the opinions of strangers, this new convergence allows users to find data and receive input directly from people in their social world, offering results curated by friends and associates.

As Social networks become more integrated with the Internet at large, reviews from trusted contacts will continue to change the way that users search for information. As David Worlock put it in a post titled, "Decline and Fall of the Google Empire," "Facebook and its successors become the consumer research environment. Search by asking someone you know, or at least have a connection with, and get recommendations and references which take you right to the place where you buy." The addition of social data to search results lends a layer of novel, trusted data to users' results. Search Engine Land's Danny Sullivan agreed writing, "The new system will perhaps make life much easier for some people, allowing them to find both privately shared content from friends and family plus material from across the web through a single search, rather than having to search twice using two different systems."It only makes sense, from a competition perspective, that Google followed suit and recently merged its social and search data in an effort to make search more relevant and personal.

Inevitably, a host of Google's critics and competitors has cried foul. In fact, as Google has adapted and evolved from its original template to offer users not only links to URLs but also maps, flight information, product pages, videos and now social media inputs, it has met with a curious resistance at every turn. And, indeed, judged against a world in which Internet search is limited to "ten blue links," with actual content – answers to questions – residing outside of Google's purview, it has significantly expanded its reach and brought itself (and its large user base) into direct competition with a host of new entities.

But the worldview that judges these adaptations as unwarranted extensions of Google's platform from its initial baseline, itself merely a function of the relatively limited technology and nascent consumer demand present at the firm's inception, is dangerously crabbed. By challenging Google's evolution as "leveraging its dominance" into new and distinct markets, rather than celebrating its efforts (and those of Apple, Bing and Facebook, for that matter) to offer richer, more-responsive and varied forms of information, this view denies the essential reality of technological evolution and exalts outdated technology and outmoded business practices.

And while Google's forays into the protected realms of others' business models grab the headlines, it is also feverishly working to adapt its core technology, as well, most recently (and ambitiously) with its "Google Knowledge Graph" project, aimed squarely at transforming the algorithmic guts of its core search function into something more intelligent and refined than its current word-based index permits. In concept, this is, in fact, no different than its efforts to bootstrap social network data into its current structure: Both are efforts to improve on the mechanical process built on Google's PageRank technology to offer more relevant search results informed by a better understanding of the mercurial way people actually think.

Expanding consumer welfare requires that Google, like its ever-shifting roster of competitors, must be able to keep up with the pace and the unanticipated twists and turns of innovation. As The Economist recently said, "Kodak was the Google of its day," and the analogy is decidedly apt. Without the drive or ability to evolve and reinvent itself, its products and its business model, Kodak has fallen to its competitors in the marketplace. Once revered as a powerhouse of technological innovation for most of its history, Kodak now faces bankruptcy because it failed to adapt to its own success. Having invented the digital camera, Kodak radically altered the very definition of its market. But by hewing to its own metaphorical ten blue links – traditional film – instead of understanding that consumer photography had come to mean something dramatically different, Kodak consigned itself to failure.

Like Kodak and every other technology company before it, Google must be willing and able to adapt and evolve; just as for Lewis Carol's Red Queen, "here it takes all the running you can do, to keep in the same place." Neither consumers nor firms are well served by regulatory policy informed by nostalgia. Even more so than Kodak, Google confronts a near-constantly evolving marketplace and fierce competition from unanticipated quarters. If regulators force it to stop running, the market will simply pass it by.

[Cross posted at Forbes]

On Wednesday, administration and military officials simulated a cyber attack for a group of senators in an attempt to show a dire need for cybersecurity legislation. All 100 senators were invited to the simulation, which "demonstrated how the federal government would respond to an attack on the New York City electrical grid during a summer heat wave, according to Senate aides." Around 30 Senators attended. Some post-game reactions:

After the briefing, [Sen. Jay] Rockefeller spokesman Vincent Morris said: "We hope that seeing the catastrophic outcome of a power grid takedown by cyberterrorists encourages more senators to set aside Chamber of Commerce talking points and get on this bill." [Sen. Mary] Landrieu said the simulation "just enhanced the view that I have about how important" cybersecurity is. She added: "The big takeaway is it's urgent that we get this done now."

So how catastrophic did the simulation get? How many casualties? What was the extent of the simulated damage? Did thousands die a la 9/11? A "cyber 9/11″ if you will? We'll likely never know because such a simulation will be classified.

Yet as policymakers consider the cost-benefit of cybersecurity legislation, I hope they'll remember that we've already had many a blackout in New York City in real life and, well, they didn't lead to catastrophic loss of life, panic or terror. As Sean lawson has explained:

[A]ttacks upon the electrical grid are often featured prominently in cyber-doom scenarios. But historically, just what has happened when the power has gone out? As mentioned above, a series of blackouts in New York City in the 1930s indicated that people did not panic and society did not collapse at the loss of electrical power (Konvitz, 1990). That pattern continued through the remainder of the last century, where "terror, panic, death, and destruction were not the result" of power outages. Instead, as Nye (2010: 182–183) has shown,
"people came together [and] helped one another," just as they do in most disaster situations.

In August 2003, many initially worried that the two-day blackout that affected 50 million people in the United States and Canada was the result of a terrorist attack. Even after it was determined that it was not, some wondered what might happen if such a blackout were to be the result of intentional attack. One commentator hypothesized that an intentional "outage would surely thwart emergency responders and health-care providers. It's a scenario with disastrous implications" (McCafferty, 2004). But the actual evidence from the actual blackout does not indicate that there was panic, chaos, or "disastrous implications." While the economic costs of the blackout were estimated between four and ten billion dollars (Minkel, 2008; Council, 2004), the human and social consequences were quite minor. Few if any deaths are attributed to the blackout. A sociologist who conducted impromptu field research of New York City residents' responses to the incident reported that there was no panic or paralysis, no spike in crime or antisocial behavior, but instead, a sense of solidarity, a concern to help others and keep things running as normally as possible, and even a sense of excitement and playfulness at times (Yuill, 2004). For example, though the sudden loss of traffic lights did lead to congestion, he notes that the situation was mitigated by "people spontaneously taking on traffic control responsibilities. Within minutes, most crossing points and junctions were staffed by local citizens directing and controlling traffic . . . All of this happened without the assistance of the normal control culture; the police were notably absent for long periods of the blackout" (Yuill, 2004). James Lewis (2006) of the Center for Strategic and International Studies has observed that "The widespread blackout did not degrade U.S. military capabilities, did not damage the economy, and caused neither casualties nor terror."

Lawson goes on to explain that citizens are not terrorized by loss of power. More than anything, we are "irked" and we redouble our efforts to be resilient in the face of adversity. This is not to say that we should simply lie down and accept cyber attacks as they may come, but policymakers and the public should resist being scared into hasty policy decisions that will have many long-term consequences. Fear is not an appropriate basis for policymaking, and we should never allow it to supplant critical thinking.

For example, the Rockefeller spokesman notes that the simulation was of "a power grid takedown by cyberterrorists," yet as Thomas Rid has shown, "terrorists are unlikely culprits of an equally unlikely cyber-9/11." The more likely scenario of a cyber attack blackout is one carried out by a foreign state power in conjunction with a conventional attack. And thinking about conventional attack on the homeland requires a completely different type of analysis.

Cross-posted from JerryBrito.com

On the podcast this week, Rebecca MacKinnon, a former CNN correspondent and now Senior Fellow at the New America Foundation, discusses her new book, "Consent of the Networked: The Worldwide Struggle for Internet Freedom." MacKinnon begins by discussing "Net Freedom," which she describes as a structure that respects rights, freedoms, and accountability. She discusses how some governments, like China, use coercion to make private companies act a as subcontractors for censorship and manipulation. She goes on to discuss a project she launched called Global Network Initiative, where she urges companies like Google and Facebook to be more socially responsible. MacKinnon believes technology needs to be compatible with political freedoms, and she issues a call to action for Internet users to demand policies that are compatible with Internet freedoms.

To keep the conversation around this episode in one place, we'd like to ask you to comment at the webpage for this episode on Surprisingly Free. Also, why not subscribe to the podcast on iTunes?

Today, the FCC issued a Notice of Inquiry, responding to an emergency petition filed last August regarding temporary shutdown of mobile services by officers of the San Francisco Bay Area Rapid Transit (BART) district. The petition asked the FCC to issue a declaratory ruling that the shutdown violated the Communications Act. The following statement can be attributed to Larry Downes, Senior Adjunct Fellow at TechFreedom, and Berin Szoka, President of TechFreedom:

What BART did clearly violated the First Amendment, and needlessly put passengers at risk by cutting off emergency services just when they were needed most. But we need a court to say so, not the FCC.

The FCC has no authority here. The state did not order the shutdown of the network, nor does the state run the network. BART police simply turned off equipment it doesn't own—a likely violation of its contractual obligations to the carriers. But BART did nothing that violated FCC rules governing network operators. To declare the local government an "agent" of the carriers would set an extremely dangerous precedent for an agency with a long track-record of regulatory creep.

There are other compelling reasons to use the courts and not regulators to enforce free speech rights. Regulatory agencies move far too slowly. Here, it took the FCC six months just to open an inquiry! Worse, today's Notice of Inquiry will lead, if anything, to more muddled rulings and regulations. These may unintentionally give cover to local authorities trying to parse them for exceptions and exclusions, or at least the pretense of operating within FCC guidelines.

It would have been far better to make clear to BART, either through negotiations or the courts, that their actions were unconstitutional and dangerous. Long before today's action, BART adopted new policies that better respect First Amendment rights and common sense. But now the regulatory wheels have creaked into motion. Who knows where they'll take us, or when?

After the NSA's aggressive pursuit of a greater role in civilian cybersecurity, and last week's statement by Sen. John McCain criticizing the Lieberman-Collins bill for not including a role for the agency, some feared that the new G.O.P. cybersecurity bill would allow the military agency to gather information about U.S. citizens on U.S. soil. So, it's refreshing to see that the bill introduced today–the SECURE IT Act of 2012–does not include NSA monitoring of Internet traffic, which would have been very troubling from a civil liberties perspective.

In fact, this new alternative goes further on privacy than the Liberman-Collins bill. It limits the type of information ISPs and other critical infrastructure providers can share with law enforcement. Without such limits, "information sharing" could become a back door for government surveillance. With these limits in place, information sharing is certainly preferable to the more regulatory route taken by the Liberman-Collins bill.

It seems to me that despite Sen. McCain's stated preference for an NSA role, the G.O.P. alternative is looking to address the over-breadth of the Lieberman-Collins bill without introducing any new complications. The SECURE IT bill is also more in line with the approach taken by the House, so it would make reaching consensus easier.

I'll be posting more here as I learn about the bill.

UPDATE 12:06 PM: A copy of the bill is now available. Find it after the break.

UPDATE 2:55 PM: Having now had an opportunity to take a look at the bill and not just the summary, it does appear it includes a hole through which the NSA may be able to drive a freight train. While NSA monitoring of civilian networks is not mandated, information that is shared by private entities with federal cybersecurity centers "may be disclosed to and used by"

any Federal agency or department, component, officer, employee, or agent of the Federal government for a cybersecurity purpose, a national security purpose, or in order to prevent, investigate, or prosecute any of the offenses listed in section 2516 of title 18, United States Code …

That last bit limits law enforcement's use of shared cyber threat information to serious crimes, but the highlighted bit potentially allows sharing with the NSA or any other agency, civilian or military, for a any "national security" reasons. That is troublingly broad and a blemish on this otherwise non-regulatory bill.

Information sharing with the NSA might be fine as long as it is not mandatory and the shared information is used only for cyber security purposes.

Cross posted from JerryBrito.com

SECURE IT.introduction