Our little corner of the blogosphere has been lit on fire by the recent article in the Wall Street Journal claiming that Google was coming out against Net Neutrality. Now, there are plenty of problems with this article. Contra WSJ, to quote David Isenberg:

“Google’s edge caching isn’t new or evil
Lessig didn’t shift gears on NN
Microsoft and Yahoo have been off the NN bandwagon since 2006
The Obama team still supports NN
Amazon’s Kindle support is consistent with its NN support”

This is all more or less true (I think Lessig would himself agree that his opinions about net neutrality have evolved). However, none of this says that Google isn’t violating the principle of net neutrality. Let’s use Google’s own summary of the idea, that broadband providers “should not be allowed to prioritize traffic based on the source, ownership or destination of the content.” Strictly speaking, this does seem to conflict with Google’s OpenEdge program. The program aims to cache Google’s search and video content on servers within network operators’ facilities. Such deals would save bandwidth for the network operators and increase access speeds for broadband customers. Such deals would also give Google a distinct advantage over its search and video competitors. Says one of the commenters on David Isenberg’s above-referenced blog:

“The plan is for Google to install equipment that will bypass the public Internet and ensure that their content, e.g. YouTube, will be delivered to ISP customers faster and more reliably than competing services such as Netflix Instant Watch that depend on the public Internet for delivery. If there weren’t a performance advantage, there would be no reason to do this.

“Whether this violates [network neutrality] depends on whose definition you take, and from what era. Current Lessig says it’s fine as long as any (rich) company has access to the [cable operator], but historical Lessig said such arrangements (“access tiering”) are not fine because only a few large players can enjoy their benefits.”

Now, this might not be bad. It might not hurt innovation. It might not be evil. But it certainly violates net neutrality, if we define the principle strictly as bit-by-bit non-discrimination. That said, such a violation might not be such a big deal. Instead of asking whether this deal prioritizes certain services or content over other services or content, let’s ask whether this deal promotes users’ autonomy and generative capacity. Long-term, those seem to be the questions that matter.

Finally, at the risk of burying the lede, let me add that before publishing this post I asked JZ’s thoughts on the matter. Here’s what he wrote:

“I don’t see this as a gotcha moment, but it’s a useful pointer to a larger debate about the role of intermediaries like Akamai, which make high-bandwidth streaming work better for its customers thanks to similar arrangements.  Akamai and deals like the ones Google seek might be helpful to the Net because they ease the pressure for more formal, network-embedded discrimination, since big content providers can have their needs met with what amounts to an endpoint kludge.  And so long as the network itself isn’t discriminating, P2P provides a neat form of easy high-bandwidth distribution within the reach of any content provider — so long as the material in question is popular enough for enough P2P users to seed it.  But at its extreme, if one imagines a public Net with no further buildout and a migration of most content to edge staging points by those who can afford it, the rise of bandwidth arbitragers isn’t good.  I’m not currently that worried about this scenario because the bottlenecks in bandwidth turn out to be towards the edges rather than in the middle of the network.”

Some of you may know that the FCC is auctioning off the 2155-2175 MHz (AWS-3) band of spectrum later next month, which could open up a whole host of new wireless technologies to consumers. Right now the commission is considering a number of public-interest requirements for the eventual winner of the auction to fulfill, among them:

(1) that the winner must allocate 25% of the spectrum for free, family-here wireless Internet
(2) that the winner must build the network to be accessible to 95% of Americans within ten years

Now, I’ve got a few concerns about these proposals. In fact, I’ve blogged some of those concerns at the Open Net Initiative. But what I don’t have any concerns about, and what I vigorously support, is the idea of some public interest provisions to be mandated for the spectrum winner.

Yet apparently, the Bush administration does have problems – problems with the very idea of public interest provisions. In a recent letter to Congress, the acting head of the National Telecommunications and Information Administration (NTIA) wrote that:

“Auctions without price or product mandates create a level playing field…Restrictions and conditions on spectrum use, however well intentioned, are not the most effective or efficient way to encourage development of services or to assist underserved areas.”

Now, I don’t want to be facetious, but saying that “auctions without price or product mandates create a level playing field,” is a little like saying “anarchy creates a level playing field.” If there are no rules or restrictions, of course the playing field is fair, in so far as the strongest or richest player wins. But is that always what we want in a spectrum auction? Is our goal really to have the strongest or richest player win? As a matter of law, we can’t: federal law prohibits regulators from considering revenues when designing spectrum auctions. And as a matter of public policy, we shouldn’t: from aerospace to the Intenret, the government has often played a role in designing innovative environments. What troubles me about a condition-less wireless auction is that we might make a lot of money in the short-term, but at the price of innovation in the long-term.

Let’s focus on Section 201, which would prevent US companies from “locating” sensitive user information within Internet-Restricting Countries. Just what “locating” means here is not entirely clear: is a Chinese GMail subscriber’s email located on her own computer, in Mountain View, California, or on one of the many routers in between? Regardless, the goal here would be to make it more difficult for Internet-restricting governments to claim jurisdiction over, and gain access to, user data.

Unfortunately, as the Center for Democracy and Technology makes clear (pdf), Sec. 201 would almost certainly fail to achieve its objective, and might actually cause more harm than good. If US companies couldn’t place important servers within IRCs they would be forced to degrade some low-latency services (e.g. IM) and discontinue others (e.g. VoIP). This would discourage US investments in these countries and encourage less scrupulous foreign companies to take their place.

More importantly, Section 201 would be unlikely to impact IRCs jurisdictional claims. As Internet law rapidly evolves, countries have repeatedly and successfully demanded that information be controlled or monitored, even when that information is hosted outside their borders. Forcing US companies to locate their servers outside IRCs would only make their services less reliable; it would not make them less regulable.

If the goal of GOFA is to discourage US companies from violating human rights, then it will probably be successful. But if the goal of the Act is to make the Internet more free and more safe, and not just push rights violations on foreign companies, then more must be done. Here are three suggestions that together might accomplish what Sec. 201 aims to do:

1. Publicize privacy restrictions: If companies are clear with their users that they intend to follow the laws of IRCs, users will be less likely to put dangerous content online. Many of the largest ICT firms are already working in coordination with the Berkman Center to create an industry standard for disclosing their privacy policies.
2. Push privacy protection to the edges: By giving users in IRCs access to privacy protection technologies like Tor or Anonymizer, users will be able to protect their own privacy without government mandates.
3. Make that push to the edges possible: Protections against surveillance are pointless if content is automatically filtered. Congress can mandate export controls against IRCs, preventing US companies from selling filtering technologies to these countries. In fact, GOFA begins the process of mandating just such export controls.

GOFA is, on balance, a step in the right direction. But the problems with Sec. 201 show that the government cannot protect the Internet openness by itself. These suggestions would shift some of that responsibility for protecting freedom and innovation towards interested individuals and responsible companies.

-Brendan Ballou

Why might this be? Why would content producers fail to enforce their legal right to prevent most of this ripping and sharing? It’s unlikely that film and television producers are unaware of or unconcerned by DVD ripping. Rather, they probably think that this sort of infringement is too hard to prosecute, and that the individual infringers are too “low value” to worthy any sort of extensive legal action. Content producers also probably recognize that at least some of these infringing uses actually add value to their products: ripping a DVD to post clips on an Internet fan page, or sharing a DVD with a friend who becomes an addict of the show might actually increase legal viewership.

What we’re seeing here is the emergence of what Professor Tim Wu calls “tolerated use.” This is use that is not legal, but that content creators take only occasional action to prevent. In this way the specific case of DVD ripping is like Internet users posting copyrighted content onto YouTube, or fans of Lost posting the transcripts of the show on Lostpedia. These sorts of infringing uses are generally hard to prosecute, involve low value targets, and occasionally create marketable opportunities for the original content creator or distributor. Theoretically the content creators could swoop down at any time and stop the unlawful infringement, but for the most part it just isn’t in their interest to do so.

Is tolerated use a good thing? Maybe. In general consumers get to continue to use their technologies in the ways that they want, and content creators get to maintain ultimate control over their products. However, the situation with tolerated use is analogous to the situation with the Facebook API. While coders on Facebook can in theory create most any kind of product they want, Facebook reserves the right to block or impose charges for the product at any point. The coders are free as a matter of fact, but not as a matter of law.

The same situation is going on with DVD rippers and tolerated use. People can rip DVDs, share those DVDs with a few friends, and post clips on YouTube. But they can’t do so “resiliently.” That is, their use could be blocked or controlled at any moment.

This sort of fragility in action almost certainly deters innovation and deprives individual users of a sense of autonomy. In a choice between total technological lock-down and tolerated use, tolerated use is certainly superior. But to the extent that innovation and autonomy are things we value, tolerated use is only a partial solution to over-broad copyright laws; it is not an ideal.

-Brendan Ballou

“Whether a single event, or a coordinated event, whether intentional, or accidental, it is simply a matter of time before a catastrophic network event happens. And when it happens — think of it as a kind of i9/11 event, but the bad guys are not Al-Qaeda — will we be prepared for the inevitable iPatriot Act response? Are we better prepared than civil libertarians were when we were hit with the USA Patriot Act? Have we even framed the right debate?”

First, will there be an ‘i9/11′, and second, will it prompt an ‘iPatriot Act’? The actual chances of a catastrophic network failure are pretty slim. But were one to occur, it would probably look a lot like the attacks on the DNS root servers in 2007. Here’s what happened:

The 13 Domain Name System (DNS) root servers record who controls the Top-Level Domains (‘.com’, ‘.edu’, ‘.uk’, and so forth) and where. This file of information is quite small, and very few computers actually have to call upon the root servers to find the sites they’re looking for. But without them, the single Internet we’re used to would fracture, and computers would have no easy, reliable way to find the IP addresses they’re looking for.

On February 6, 2007, hackers issued a Distributed Denial of Service (DDoS) attack on the root servers, sending gigabytes of useless requests every minute in order to overload the roots and prevent them from responding to genuine Internet traffic. Such an attack was made possible only by harnessing the power of hundreds or thousands of ‘zombie’ computers infected with malicious bots.

The 2007 DDoS attack failed, however. Because the malicious network traffic was relatively easy to distinguish from genuine network traffic, and because most of the DNS root servers were able to distribute the requests over hundreds of component computers, only two of the 13 servers (each themselves made of dozens of computers) were affected. And this was the most successful such attack against the network. In order to noticeably disable network traffic, hackers would have to (in theory at least) destroy all thirteen servers.

All of this is to say that a catastrophic network failure, while possible, is unlikely. But that’s not to say there won’t be an ‘iPatriot Act’. In fact, we’re already seeing its development in agencies and hearings across the country, as regulators push policies that discourage open, generative products and encourage closed, tethered ones.

Take, for example, the Department of Homeland Security’s list of ‘best practices’ for software developers. Among the suggestions:

Don’t trust users: “Developers should assume that the environment in which their system resides is insecure. Trust, whether it is in external systems, code, people, etc., should always be closely held and never loosely given.”
Secure the end-points: “Attackers are more likely to attack a weak spot in a software system than to penetrate a heavily fortified component. For example, some cryptographic algorithms can take many years to break, so attackers are not likely to attack encrypted information communicated in a network. Instead, the endpoints of communication (e.g., servers) may be much easier to attack.”

In themselves these are not bad pieces of advice. But within DHS’s broader vision of online security, they indicate that the government considers safe technologies to be tethered technologies, and vice versa.

Take as further examples any of the current IP-enforcement laws working their way through Congress. H.R. 4279 would create an IP czar at the Department of Justice; S. 522 would create an entire ‘Intellectual Property Enforcement Network’; and S. 2317 would allow the Department of Justice to sue copyright infringers in civil as well as criminal court.

What’s interesting about these bills is that more often than not, Intellectual Property protection is packaged as consumer protection. In fact, just last month the Senate held a hearing entitled “Protecting Consumers by Protecting Intellectual Property”, in which witnesses and legislators advocated for the very bills discussed above.

What all of this amounts to is that agencies and officials are pushing increasingly closed systems of code and increasingly strict Intellectual Property regulations. Both of these encourage increasingly tethered appliances. We don’t need a catastrophic network failure to have an ‘iPatriot Act’: such an act is already in the works.

But it isn’t the only kind of lock-down Apple is pushing. Like the original one, this new iPhone will remain tethered to the AT&T network. Customers can buy a phone for $199-$299 so long as they sign up for a 2-year contract, or they can pay up to $699 upfront with no such requirement. But either way, users cannot bring the iPhone to a new carrier without hacking it. (Which raises the question: why would anyone pay $699 for a phone without a contract? That’s an awful lot of money for an iPod Touch with a camera.)

This sort of locking hurts consumers where AT&T has no network, or where the network is unreliable. It also hurts consumers who want to shop for different coverage plans, who want to mix-and-match phone and data services (maybe get AT&T’s 3G data service, but Verizon’s voice service), or who want to use different contracts when they travel abroad.

And it hurts innovation as well. After all, if you’re a potential developer, would you invest your time coding an application that only works on one network? And would you invest time in an application that can be blocked by AT&T at any time? You might, but in general these sorts of controls make innovation on the iPhone less attractive and less likely.

So why does Apple do it then? Because it has no interest in helping independent innovators. They’ve locked the code and locked the phone to the network so that they can better monetize any future applications developers might produce (not to mention that this lock down fits quite nicely with AT&T’s own business plan). The result is that Apple and AT&T gained almost complete control over the iPhone, but at the cost of innovation.

“Zittrain insists that generativity at the code level is the most important kind, but it is not clear that this is really under threat. In the early days of home-computing, most enthusiasts learnt the essentials of programming. (Remember Basic?) As other uses such as word-processing and e-mail came along, computers became general-purpose tools, and sales went up. Did it matter that the proportion of users who actually learnt how to program declined? Of course not. As long as some people know how, most do not have to. And as long as there are hundreds of millions of PCs out there, innovation on the internet will continue. Despite Zittrain’s concerns, the emergence of other, simpler internet-access devices alongside PCs seems unlikely to change that.”

The question Standage is asking – and it’s one that’s been echoed here and here – is this: why will my iPhone hurt the Internet’s generativity (that is, its capacity for innovation and creation)? If I’m not a programmer, does it matter that I’m not allowed to program my phone? The simply answer of course is no, it doesn’t matter. But the overall market for appliances like the iPhone does matter, and unless we act as responsible consumers, this market for “tethered” appliances – those that do not allow user innovation and that remain controlled by the manufacturer – might destroy the market for generative ones.

Let’s look at a few statistics. Contrary to popular wisdom, a huge percentage (pdf), and in some industries a majority, of product innovations are created by consumers, not manufacturers. When a consumer added foot straps (pdf) to a windsurfing board to control his movement mid-flight, he exploded the market for competitive windsurfing. When Linus Torvalds (pdf) started an open-source operating system, he inadvertently created a technical-support market for businesses like Red Hat and IBM. These specific examples are huge innovations, creating whole new companies and industries. Most user-generated innovations are not nearly so large. But they are still significant. Over 60% of innovations in the semiconductor industry come from semiconductor users, not manufacturers; over 70% of innovations in the scientific instrument industry come from users. And these user-driven innovations are generally qualitative improvements of their products. That is, users generally add new features and new functionality to the products they use; manufacturers generally make existing functions and features more useful.

Yet most of the innovations come from a minority of users. Only about 10-40% of users in a particular field modify their products (pdf). What this means is that the ‘generative’ market – that is, people who add functionality to the products they use – is not large.

Should we expect Apple to produce two iPhones: one ‘tethered’ phone for consumers worried about security and reliability, and one ‘generative’ phone for the 10%-40% of consumers who want to modify their phones? Probably not. Apple and companies like it lock down their products specifically to stop ‘generative users’ from modifying their products. After all, if a generative user fixes a bug or creates a new killer app, how can Apple monetize that user’s creation? Better, Apple executives think, to let such problem solving and innovation occur ‘in house’.

From all this we can draw two conclusions. First, generative technologies are worth sustaining as innovation enabling devices. But second, because only a small percentage of the market actually innovates, generative technologies are not self-sustaining.

The good news however, is that we can protect generative technologies by acting as responsible consumers. Does this mean putting ‘Certified Generative’ stickers on products that enable innovation, on par with ‘Certified Organic’ stickers in grocery stores? Maybe. But more likely it means using good passwords, not opening unknown email attachments, and running community safety programs like Herdict. It means using technologies responsibly, so that generative machines are just as safe and reliable as tethered ones.
Generative technologies – technologies that allow users to innovate – are worth sustaining. And I believe that through responsible shopping and surfing, the market for these generative technologies can be sustained.