Technology, Thoughts, and Trinkets

Technology is neither good or bad. It’s also not neutral. Network neutrality, a political rallying cry meant to motivate free-speech, free-culture, and innovation advocates, was reportedly betrayed by Google following the release of a Verizon-Google policy document on network management/neutrality. What the document reveals is that the two corporations, facing a (seemingly) impotent FCC, have gotten the ball rolling by suggesting a set of policies that the FCC could use in developing a network neutrality framework. Unfortunately, there has been little even-handed analysis of this document from the advocates of network neutrality; instead we have witnessed vitriol and over-the-top rhetoric. This is disappointing. While sensational headlines attract readers, they do little to actually inform the public about network neutrality in a detailed, granular, reasonable fashion. Verizon-Google have provided advocates with an opportunity to pointedly articulate their views while the public is watching, and this is not an opportunity that should be squandered with bitter and unproductive criticism.

I’m intending this to be the first of a few posts on network neutrality.[1] In this post, I exclusively work through the principles suggested by Verizon-Google. In this first, and probationary, analysis I will draw on existing American regulatory language and lessons that might be drawn from the Canadian experience surrounding network management. My overall feel of the document published by Verizon-Google is that, in many ways, it’s very conservative insofar as it adheres to dominant North American regulatory approaches. My key suggestion is that instead of rejecting the principles laid out in their entirety we should carefully consider each in turn. During my examination, I hope to identify what principles and/or their elements could be usefully taken up into a government-backed regulatory framework that recognizes the technical, social, and economic potentials of America’s broadband networks. Read more…

We live in an era of digital abundance, an era where we can genuinely rethink the underlying economics of information creation and dissemination as the cost of creation, storage, and dissemination infrastructures approach zero. Against fears that this threatens to ‘undermine’ content production we see the rise in the quantity of content that is produced and, correspondingly, a rise in novel approaches to profit from the generation of that content in an abundant bitscape. We should resist efforts to undermine abundance through Digital Rights Management protocols.

As reported by Ars Technica, the IEEE is developing a novel kind of DRM that would see ‘content’ folders encrypted and only accessible after individuals used decryption keys to access that content. For rights holders and some content producers, this is seen as having the merit of securing their ‘goods’ by attempting the replicate the scarcity of atoms in the bitscape. Consumers would ‘benefit’ because they would not longer have to deal with onerous licensing terms: they would own the keys and the keys would have value because of their capacity to ‘open’ content streams. Of course, this would also introduce the pain in the ass of key management, something that few consumers are likely to want to suffer through any more than the already existing consumer ‘protection’ measures they regularly encounter.

The IEEE’s motivations behind this DRM system are to remedy problems caused by non-rivalrous digital content. Paul Sweazey has stated that;

…a truly non-rivalrous system makes commerce too difficult, even impossible, and that we need to create ways for the digital world to mirror the constraints of the physical one.

The creation of this rivalrous system is seen as a ‘middle road’ between advocates of abundance and total DRM lockdown. I would suggest that what we’re really seeing is just another attempt to undermine (arguably) the most significant quality of the bitscape, which is the capacity to replicate information across networks spanning the globe without diminishing the ‘holdings’ of whomever held the original copy. Moreover, it demonstrates a continued unwillingness and/or inability to experiment with novel business models that, while perhaps reducing overall revenue compared to past years/decades, will enable companies to continue delivering profits in the long-term. Value continues to be perceived as existing in the sales of digital things, and instead of seeking out novel ways to extract derivative value from their ubiquitous existence resulting from widespread copying there is an attempt to totally monetize all copies. This is in defiance of demonstrably successful freemium strategies, as well as other related schemes that work to gain widespread brand awareness and capitalize off the sale of rivalrous goods to a small percentage of users. 

I have incredible doubts that any key system will remain secure over the long-haul (and, by long-haul, I mean just 10-20 days of the system being deployed). There are just too many parties that will do everything in their power to break the encryption and key management system, and history has proven that the attackers tend to far outstrip the defenders in the field of content protection algorithms. Central is that technological security systems tend to be incredibly brittle, fail poorly, and enable modes of attack that relatively ineffective against human-based security. Schneier, in his 2006 book Beyond Fear, notes that;

Technology gives attackers leverage because they can do more in an attack. Class breaks give attackers leverage because they can exploit one vulnerability to attack every system within a class. Automation gives attackers leverage because they can exploit vulnerabilities a million times.. Technique propagation gives attackers leverage because now they can try more attacks, including ones they can’t even understand. Action at a distance and aggregation also give attackers leverage because now there are many more potential targets (p. 99).

A DRM scheme that aims to use encryption keys to establish digital bits as rivalrous will fall prey to each of the items noted in that quotation.

Making customers screw around with encryption keys, have adequate key management systems, always requiring connections to the ‘net to access keys, or any other ways that engineers imagine customers dealing with key management is almost destined to fail. Engineers are, in this case, trying to stuff the genie back in a bottle instead of working with progressive MBAs and innovators who are trying to create (and often, though certainly not always, succeeding) novel business models that leverage add-on services, scarce extras, and other things that are genuinely exclusive to monetize digital distribution systems. Focusing on protection, in this case, is the dead wrong way to to and highly unlikely to do much other than waste a lot of people’s time that could otherwise be productively exercised.

Last week Ofcom provided information about its proposed three-strike scheme for punishing those accused of copyright violation. This provision is baked into the DNA of the UK’s newly minted Digital Economy Act (DEA). Out of the information provided, we learn that business interests trump citizen interests in the provision of free and open wifi networks. In the case of businesses:

Where a Wi-Fi network is provided in conjunction with other goods or services to a customer, such as a coffee shop or a hotel, our presumption is that the provider is within the definition of internet service provider.

This can (and should) be juxtaposed against how an individual person/subscriber might experience the legal ramifications of providing an open Wi-Fi network:

We consider that a person or an undertaking receiving an internet access service for its own purposes is a subscriber, even if they also make access available to third parties … Those who wish to continue to enable others to access their service will need to consider whether [to] take steps to protect their networks against use for infringement, to avoid the consequences that may follow.

The ‘clear’ (read necessary, but absurd) response should be for most homes (let’s say any with Internet access) to immediately allocate some part of the house to a ‘service business’ and start up a family business. The services and goods provided can be minimal, and presumably few will actually take homes up on their offers, and by becoming businesses of some ilk that provide ‘free and open’ Internet the home’s occupants will be shielded from the threat of copyright infringement and digital excommunication. 

Hmm…perhaps the ‘more clear’ (read: what should be done, and thus is totally unrealistic) solution is to get rid of the DEA and re-write it using an evidence-based policymaking approach that draws on objective third-party studies. Of course, while asking for absurdities like evidence-based policy around copyright, I might as well also add to the list world peace and the end of human rights abuses…

Forrester has come out with a report that, in Susana Schwartz’s summary, “suggests that more should be done to integrate data about [ISPs’] customers’ online behaviours to offline systems.” In effect, to assist ISPs monetize their networks they need to aggregate a lot more data, in very intelligent ways. The killer section of the actual report is summarized by a Forrester researcher as follows:

“By integrating online and offline data, operators and their enterprise customers could add information about customers’ online behaviors to existing customer profiles so that CSRs could more efficiently handle calls and provide more relevant cross sell/upsell opportunities,” Stanhope said. “So much of the customer experience now comes from online activities that there is a huge repository of data that should be pushed deeper into enterprises for insights about interactions; enterprises collect so much data about what people do and see on their Web sites, yet they do little to draw insight.”

The aim of this is to ‘help’ customers find services they unknowingly are interested in, while making ‘more intelligence’ available to customer service representatives when customers call in. We’re talking about a genuinely massive aggregation of data that goes through ISP gateways and a dissolution of Chinese firewalls that presently segregate network logs with (most) subscriber information. Just so you don’t think that I’m reading into this too deeply, Stanhope (a senior analyst of consumer intelligence with Forrester Research) said to Schwartz:

Our clients are starting to plan for and lay the technical foundational by looking at how to bring together disparate environments, like CRM databases and customer databases, and then what they have to do to gather Web data, social media and search data so they can leverage what they already have … Many are now starting to look at how that can be a hub for Web data, which can be leveraged by other systems.

It’s this kind of language that gets privacy advocates both annoyed and worried. Annoyed, because such a massive aggregation and usage of personal data would constitute a gross privacy violation - both in terms of national laws and social norms - and worried because of the relative opaque curtain separating their investigations from the goings-on of ISPs. When we read words such as Stanhope’s, correlate it with the vendor-speak surrounding deep packet inspection, and look at the technology’s usage in developing consumer profiles, there is a feeling that everyone is saying that DPI won’t and can’t be used for massive data aggregation as configured…but it could and (Stanhope hopes) likely will once the time is right.

Canada has a strong regulatory position against the use of DPI or other network forensics for the kind of actions that Stanhope is encouraging. This said, given that ‘research’ groups like Forrester along with other parties that pitch products to ISPs are making similar noises (as demonstrated at last year’s Canadian Telecom Summit) a nagging pit in my stomach reminds me that constant vigilance is required to maintain those regulatory positions and keep ISPs from bitting into a very profitable - but poisonous for Canadians’ privacy - apple.