Category Archives: Blog

The Equifax Hack: Time to get serious about consumer data protection

What’s said about money can be said about data: No one treats other people’s information the way they treat their own.

Last week, Equifax—one of the “big three” consumer credit rating and reporting agencies— disclosed a massive hack that compromised the personal information of 143 million U.S. consumers. What makes this hack so damaging is that Equifax’s databases contain a motherlode of information about consumers—names, addresses, dates of birth, Social Security numbers, bank accounts, credit cards and more—all in one place.

Such hacks fuel the supply side of identity fraud and theft. Criminal hackers then sell the information wholesale via the “dark web” to other criminals who then use it to create fraudulent credit cards or other financial accounts. The “street” value of personal data goes up the more information there is to connect to a specific individual. By itself, a credit card number has a small degree of value. Add the expiration date, and the value ticks up. Add the CVV code (the three-digit number of the back of the card), and the value ticks up more. Connect it with a name and address and Social Security number and the value skyrockets.

If you’re lucky, the process ends with a phone call from a credit-card issuer asking you to verify a big-ticket purchase in a far-flung foreign capital. If not, you can find yourself debited for thousands of dollars in purchases you did not make and face years of battling with banks to clean up your credit rating. In the worst case, your personal or business bank accounts may be accessed and drained.

The Equifax hack is damaging in at least three ways: the number of records stolen, the wealth of information they contain and that, as a major credit-reporting company, consumers are obliged to use it to conduct everyday business, ranging from applying for retail credit to renting an apartment. This last point is critical, because it’s where the curmudgeonly criticism—that if you don’t want your data stolen, don’t put it online—breaks down. Consumers today increasingly have no choice but to put personal data online. The so-called “internet of things” will depend on it.

This is not meant as a slam. The internet of things will have enormous social benefits. Further development of the platform and accompanying applications should be encouraged. But a key element in making it work will be consumer confidence in the security of the personal data that’s collected as a matter of course.

This why both the government and commerce must address the Equifax hack as a significant problem. Although I tend to favor that government takes a light hand on business, there needs to be a thorough investigation as how this hack happened. Unfortunately, if the past is any indication, the Equifax hack will likely be traced to disregard of internally published cybersecurity protocols. The hacker may have been clever enough to break through a firewall, but that breach probably was aided by system information acquired by the target’s carelessness, such as:

All these and more violate best practices for data protection that can be found on any basic list of ways to safeguard data, be it on a home PC or a corporate server farm. When there’s loss because of failure to follow established standards of behavior, whether or not encoded in law, it’s negligence. And negligence is actionable.

If consumers are to remain confident in the security of their data in an environment where they are asked to share it in greater quantities, policy attitudes must change. That starts with the government realizing that cybersecurity is too big to be managed top down by a single “office” or “czar.” Responsibilities, strategies and tools must be distributed throughout the federal and state levels of government with the understanding that different hackers have different objectives. The Equifax hack was motivated by criminal profit. That means detection, prevention, regulations and response should be quite different here than for other targets, such as the Pentagon or defense contractors (espionage) and critical infrastructure (terrorism and cyberwarfare).

For one, the Equifax hack should be treated as an international organized crime problem. Solutions call for multilateral efforts with Interpol as well as other national police agencies. Treaties and accords should be pursued, but cooperation is possible without them. A model could be the Virtual Global Taskforce, an international private-public partnership of law-enforcement agencies, nongovernmental organizations and industry that has successfully targeted child pornography and child sexual exploitation.

But the private sector should be held accountable as well, especially when breaches occur because internal cybersecurity protocols and processes have been routinely ignored. Prosecutors should push for stronger penalties and judges should be reluctant to approve defendant-friendly settlements that fail sufficiently to punish a company for its carelessness.

Legislators should enact laws that guarantee baseline protection for consumers and compensation when negligence leads to loss. When a company requests or requires valuable personal data, it should be treated as under contract to do its best to protect that data. The best practices are already there. All the public needs are legislative teeth to ensure they are followed.

In the end, this transcends Equifax or any single data breach. Policymakers are still coming to grips with how the internet has exponentially increased the value of personal information. If consumers have little or no confidence in those they must entrust with it, the digital economy will be worse for it.

Originally published on the R Street Institute blog Sept. 8, 2017

Senate Takes Up Privacy Protection with New ECPA Bill

Faced with a national consensus concerning NSA’s activities as a large-scale violation of citizen privacy and a court ruling declaring PRISM unconstitutional, momentum has been building slowly in Congress to legislate boundaries around future government attempts at data collection.

U.S. Sens. Patrick Leahy (D–VT) and Mike Lee (R–UT) Thursday reintroduced a bill they had cosponsored offering revisions of the Electronic Communications Privacy Act (ECPA) to extend Fourth Amendment protections to private data stored on servers on the Internet or in the “cloud.” Among the legal weaknesses NSA had been able to exploit was ECPA’s silence on Internet-related communications. ECPA, which sets out rules for law enforcement agencies that want to tap phone conversations, became law 30 years ago when there was no concept of e-commerce, cloud storage, web searching, or other routine Web-based applications people now use daily.

The House took a major step toward reform, passing the Email Privacy Act in February. A Senate version of the bill was also expected to be introduced this week.

The Leahy-Lee bill, christened the EPCA Modernization Act of 2017, updates ECPA and requires the government to obtain a warrant to access emails, social media posts and other online content stored in the cloud. The bill also eliminates the 180-day sunset on stored communications. Previously a warrant was not required for communications stored beyond 180 days.

In addition to Congress, some states are taking action. In July 2015, Montana became the first state to enact a comprehensive law requiring police to obtain a search warrant before obtaining location information generated by personal electronic devices, such as cell phones. In October 2015, California Gov. Jerry Brown signed CalECPA, a bipartisan bill requiring police to get a warrant before searching online accounts or personal communications devices.

These actions come none too soon. In addition to NSA’s surveillance activities, state and local police are using devices called Stingrays, which mimic cell phone reception towers to trick phones into revealing identifying information and location data. Congress, along with legislatures in states such as New York, South Carolina, and Utah, has introduced bills that would require search warrants for Stingray use. In September 2015, the Department of Justice made it policy that federal law enforcement agencies obtain a search warrant before using Stingrays.

The lack of specific Fourth Amendment protection is partly responsible for the massive scope of the government’s use of the Internet to violate citizens’ privacy. NSA hid behind judicial interpretations suggesting cloud data has no explicit legal protection, but this is use of a technicality to evade the principle of the law. The intent of ECPA was to prevent the very sort of fishing expeditions NSA has been conducting.

Had there been appropriate judicial and legislative oversight, it is difficult to imagine these surveillance programs would have grown as large and intrusive as they became. After the December 2015 attack in San Bernardino, California by two radicalized terrorists, some, including presidential candidate Sen. Marco Rubio (R-FL), questioned the wisdom of curtailing warrantless NSA surveillance even though the program failed to alert the government to those attackers or their plan.

In a rush to identify suspects, law enforcement too often overlooks constitutionally protected civil liberties. Any future surveillance programs should be subject to strict oversight from lawmakers and an independent judiciary. Those safeguards should recognize

  • The right of Internet companies to be notified when their infrastructure is being used for surveillance;
  • The right of Internet companies to disclose instances when they have been asked to assist with surveillance and turn over information;
  • The necessity of due process;
  • Domestic civilian surveillance is within the purview of conventional courts, not FISA or secret military courts; and
  • Requests for data should be held to the same standard as other search warrants: The requester must identify the suspect, the probable cause, the data to be searched, and the specific information being sought.

In a free society, individuals are not automatically assumed to be suspects requiring or justifying constant surveillance. Citizens have the right to go about their business without answering to the state for every thought, act, purchase, or social media comment.

DFS and the right to gamble – even a little bit

With the baseball season in high gear and football training camps due to open next week, we can expect another uptick in interest in fantasy-sports leagues and their controversial offshoot, daily fantasy sports (DFS).

The kerfuffle over DFS speaks directly to both our cultural and legislative ambiguity toward gambling. Fantasy sports wagering wasn’t a problem until it became daily. Only then did the nanny state bring the hammer down. Legislators who wrote the fantasy sports carve-out into the Unlawful Internet Gaming Enforcement Act (UIGEA), the 2004 law that made it all but impossible for U.S. residents to gamble online, now protest that they never intended it to be a springboard for DFS.

In fantasy sports, contestants pool their money and they each select a line-up of real-life players in a given sport—baseball, football, hockey, even golf and NASCAR. The performance of each player is tracked and the fantasy team is awarded points based on individual achievement—e.g., home runs in baseball and touchdowns in football. In the traditional version, points were accumulated over an entire season, with the fantasy contest winner determined only after the final slate of games were played. DFS sites like FanDuel and DraftKings introduced fantasy contests that cover just one day of game play (or, in the case of football, one week’s slate of games).

This sparked an explosion of popularity. According to the Fantasy Sports Trade Association, more than 41 million people played fantasy sports in the United States and Canada in 2014. That, plus a major promotional push by both companies last year, attracted attention from a number of states that saw it as a form of unregulated gambling. Response has varied. Nevada declared that DFS operators must have gaming licenses. Massachusetts Attorney General Maura Healey said DFS is legal gambling, but proposed a series of regulations.

New York Attorney General Eric Schneiderman, however, declared DFS to be illegal and ordered a shutdown of all DFS activity in the state – although soon after, the Empire State passed legislation permitting DFS. Mississippi, Missouri, Rhode Island and Tennessee are among states that also have legalized DFS, while it remains banned in Iowa, Louisiana, Arizona and Washington State. An up-to-date DFS legislative tracker can be found here.

The policy questions raised by DFS should force us to rethink the whole notion of gambling regulation. If, by regulation, we mean assuring games are fair, players have a means to press legitimate complaints and restrictions against underage play are enforced, most can get on board with that. What should be questioned are regulations that, in the same jurisdiction, permit one kind of gambling, such as lotteries and horse racing, yet prohibit others, such as poker, sports betting or, in our jeux du jour, DFS.

Moreover, for consumers, state-sanctioned games often offer much poorer odds than “illegal” games. Lotteries, for example, are a notoriously bad bet. DFS players, on the other hand, can be long-term winners if they have a head for probability, sufficient resources and discipline, and the time to learn optimum ways to play. It’s not easy, but as with poker and sports betting, it’s been proven possible.

This takes us to the specious “skill versus luck” question in gambling regulation. FanDuel and DraftKings say DFS is a game of skill; therefore it is not gambling, an argument that only makes sense in terms of the way some state laws are written. This, too, needs to change. In reality, many gambling games combine both. New Jersey, in fact, has passed legislation that allows “skill-based” machine games to be introduced in Atlantic City casinos.

In short, if some gambling is going to be legal, then all gambling should be legal, whether it’s done at a casino, racetrack, convenience-store lottery kiosk or online. Former President Barack Obama publicized his NCAA tournament bracket and even joked with late-night entertainer Stephen Colbert about making bets on the Super Bowl.

What does it say about our culture when a head of state, in a scripted (and therefore vetted) sketch, makes a joke about illegal sports betting? It’s a knowing wink that acknowledges that most everyone, at some time in their life, makes a bet. Heck, President Trump’s one-time ownership of casino properties was just another thing voters didn’t hold against him.

Lawmakers must stop limiting choice in the name of protecting consumers from themselves. In a free society, everyone has the right to decide what to do with their money, and that most everyone, even the president, likes to “place some action.”

An earlier version of this blog appeared on rstreet.org.

Network Neutrality Would Have Killed Unlimited Bandwidth Plans

Network neutrality has been in the news again as, over the past two weeks, proponents have been marshaling forces against the Federal Communications Commission’s push to undo the most significant piece of Internet regulation fostered by the Obama administration.

Not that it wouldn’t be a bad thing.

Net Neutrality was the touchstone of Obama Internet policy. He expressed support for the rule as far back as his 2008 campaign. Even so, debate about net neutrality remained contained within the policy sphere until Federal Communications Commission Chairman Thomas Wheeler began rulemaking in 2014. That effort attracted support not only from industry leaders such as Google and Facebook, but from such popular commentators such as HBO’s John Oliver, driving a record 3.7 million submissions during the FCC’s public comment period.

The FCC voted 3-2 in favor of the regulation in February 2015, part and parcel with a decision to reclassify Internet service providers (ISPs) as regulated utilities under the Telecom Act of 1996, declaring them akin to the landline phone companies of the 20th century. While not an executive order, it was another example of the White House bypassing Congress on creating new regulation—controversial because some Constitutional scholars believe only Congress had the authority to revise the Telecom Act’s language. That may all be moot if current Chairman Ajit Pai follows through on his plan to revise the rule.

Not all of network neutrality is contentious. Everyone agrees that ISPs should allow users to access all legal websites and use the device of their choice. The crux of the network neutrality dispute was whether ISPs could treat traffic differently as it crossed their networks, such as partitioning bandwidth for video streaming services or employing network management tools to ensure better error correction. This extended to pricing as well. Under network neutrality, Verizon or AT&T could not charge Netflix or YouTube a higher price for their use of network resources, even though those services exacted a cost in terms of capacity and management.

It is ironic, then, that Zero Rating became the first test of network neutrality.

Zero rating, or toll-free data, is the ISP practice of exempting certain services from consumer data caps. For example, your monthly wireless data plan may include 20 gigabytes of data, but you will incur added charges if you go over that limit. Applications providers who have zero rating agreements with the service provider do not have their data counted against the limit. T-Mobile’s Binge On is an example.

Facebook’s zero rating plan ran afoul of regulators in India, who considered it a net neutrality violation. In the U.S., groups such as the Electronic Frontier Foundation, Free Press and the Center for Media Justice have complained that it violates the FCC rule. They do have a point. While network neutrality was envisioned as supply side regulation—to prevent ISPs from putting some providers as a disadvantage by charging them more to reach customers, zero rating is a demand-side pricing practice that, in their opinion, fosters the same outcome—putting some providers at an advantage because customers don’t have no pocketbook limit on their use.

What undeniable, however, is that zero rating is a boon for consumers. At the end of the day, it gives them more data for the buck and helps close the digital divide. Instead, the India government’s ruling against Facebook has deprived some 19 million Indians of affordable Internet access.

This may be why the FCC until recently has been quiet about zero rating even as AT&T and Verizon adopted the practice. This changed the day after election day, when the agency cautioned AT&T that including DirecTV video streaming in its zero rating package might be unfair. Though left unsaid, the warning has implications for AT&T’s pending deal to acquire media and content giant Time Warner.

Along with illustrating net neutrality’s unintended consequences, the FCC’s inconsistency on zero rating issue also validates the criticism net neutrality opponents have voiced from the start—it hogties the rapidly moving information technology sector in a “Mother, may I” regulatory regime. When AT&T and Netflix agree on zero rating, it’s OK. Should AT&T include HBO, acquired via Time Warner, it’s not. Will the FCC permit zero rating for T-Mobile, which has 17 percent market share, but prohibit it for Verizon, which has 35 percent? We don’t know. That’s the problem. Ad hoc rulemaking serves neither consumers nor the industry.

Despite the so-called outrage, which has been much less compared to 2015, it is doubtful that Pai’s FCC will sustain the rule and, may go as far as re-reclassifying ISPs under Title I, where they were placed under the Telecom Act and where they rightfully still should be. Nonetheless, the best outcome might be Congressional action to amend the Telecom Act to prevent such arbitrary FCC tinkering in the future.

An earlier version of this blog ran on Inside Sources November 24, 2016

 

The FCC Targets Cable Set-Top Boxes—Why Now?

With great fanfare, FCC Chairman Thomas Wheeler is calling for sweeping changes to the way cable TV set-top boxes work.

In an essay published Jan. 27 by Re/Code, Wheeler began by citing the high prices consumers pay for set-top box rentals, and bemoans the fact that alternatives are not easily available. Yet for all the talk and tweets about pricing and consumer lock-in, Wheeler did not propose an inquiry into set-top box profit margins, nor whether the supply chain is unduly controlled by the cable companies. Neither did Wheeler propose an investigation into the complaints consumers have made about cable companies’ hassles around CableCards, which under FCC mandate cable companies must provide to customers who buy their own set-top boxes.

In fact, he dropped the pricing issue halfway through and began discussing access to streaming content:

To receive streaming Internet video, it is necessary to have a smart TV, or to watch it on a tablet or laptop computer that, similarly, do not have access to the channels and content that pay-TV subscribers pay for. The result is multiple devices and controllers, constrained program choice and higher costs.

This statement seems intentionally misleading. Roku, Apple TV and Amazon Fire sell boxes that connect to TVs and allow a huge amount of streaming content to play. True, the devices are still independent of the set-top cable box but there is no evidence that this lack of integration is a competitive barrier.

A new generation of devices, called media home gateways (MHGs), is poised to provide this integration, as well as manage other media-based cloud services on behalf of consumers. This is where Wheeler’s proposal should be worrisome. He writes:

The new rules would create a framework for providing device manufacturers, software developers and others the information they need to introduce innovative new technologies, while at the same time maintaining strong security, copyright and consumer protections.

This sounds much more like a plan to dictate operating systems, user interfaces and other hardware and software standards for equipment that until now has been unregulated. Wheeler gives no explanation as to how his proposal will lead to lower prices or development of a direct-to-consumer sales channel.

[M]y proposal will pave the way for a competitive marketplace for alternate navigation devices, and could even end the need for multiple remote controls, allowing you to use one for all of the video sources you use.

What Wheeler really wants is FCC management of the transition from today’s set-top boxes to the media home gateways (MHGs) just beginning to appear on the market—a foray into customer premises equipment regulation unseen since the 1960s.

For good reason, the words “media home gateway” never appear in Wheeler’s Re/Code article. By avoiding mention of MHGs, he can play his “lack of competition” card, as he did in Thursday’s press briefing on his proposal.

There’s more than a whiff of misdirection here. Set-top boxes are a maturing market. An October 2015 TechNavio report forecasts the shipment volume of the global set-top box market to decline at a compound annual rate of 1.34 % over the period 2014-2019. By revenue, the market is expected to decline at a compound annual rate 1.36% during the forecast period. When consumers “cut the cable cord,” as some 21 million have, it’s set-top boxes that get unplugged.

At the same time, TechNavio forecasts the global MHG market to grow at a compound annual rate of 7.82% over the same period. Elsewhere, SNL Kagan’s Multimedia Research Group forecasts MHG shipments will exceed 24 million in 2017, up from 7.7 million in 2012. The long list of MHG manufacturers includes ActionTec, Arris, Ceva, Huawei, Humax, Samsung and Technicolor.

MHGs are the “alternative navigation devices” Wheeler coyly refers to in his Re/Code essay. These devices will replace the set-top boxes in use today, but because of their ability to handle Internet streaming, they are likely to be available through more than one channel. That’s why they only way to view Wheeler’s call to “unlock the set-top box” is as a pre-emptive move to extend the FCC’s regulation into the delivery of streaming media.

To be sure, if the FCC mandates integration of streaming options into cable-provided MHGs, streaming companies would gain stronger foothold into consumers’ homes, which would then allow them to share their apps, gather data on users, and, perhaps most lucratively of all, control the interface on which channels are displayed, as noted by The Verge’s Ashley Carman.

Yet the streaming companies that would appear to benefit most from this proposal have thus far been quiet. Perhaps because Wheeler has made no secret that he believes Apple TV, Amazon Fire and Roku are multichannel video programming distributors (MVPDs), FCC-speak for “local cable companies.” Is his “unlock the box” plan precisely the opposite? Is it an effort to fold streaming aggregators into the existing cable TV regulatory platform, with all its myriad rules, regulations, legal obligations and—dare we say it—fees and surcharges? You might roll your eyes, but this is the only analysis in which the proposal, which focuses on “device manufacturers, software developers and others,” makes sense.

But does the FCC have the right to require cable companies to share customer data acquired through the infrastructure and software they built and own? It’s yet another iteration of the old unbundled network elements model that is consistently shot down by the courts yet one that the FCC can’t seem to get past.

Arcane details aside, the FCC should not be involved in directing evolution paths, operating software or other product features. It creates too much opportunity for lobbying and rent-seeking. History shows that when the government gets granularly involved in promoting technology direction, costs go up and innovation suffers as capital is diverted into politically-favored choices where it ends up wasted. The debacles with the Chevy Volt and Solera are just two recent examples of the dangers inherent when bureaucrats try to pick winners, or give a subset of companies in one industry an assist and the expense of others.

This post originally appeared Feb. 1, 2016 on the R Street Institute official blog.

Realities of Zero Rating and Internet Streaming Will Confront the FCC in 2016

For tech policy progressives, 2015 was a great year. After a decade of campaigning, network neutrality advocates finally got the Federal Communications Commission to codify regulations that require Internet service providers to treat all traffic the same as it crosses the network and is delivered to customers.

Yet the rapid way broadband business models, always tenuous to begin with, are being overhauled, may throw some damp linens on their party. More powerful smart phones, the huge uptick in Internet streaming and improved WiFi technology are just three factors driving this shift.

As regulatory mechanisms lag market trends in general, they can’t help but be upended along with the industry they aim to govern. Looking ahead to the coming year, the consequences of 2015’s regulatory activism will create some difficult situations for the FCC.

Zero rating will clash with net neutrality

 The FCC biggest question will be whether “zero rating,” also known as “toll-free data,” is permissible under its new Open Internet rules. Network neutrality prohibits an ISP from favoring one provider’s content over another’s. Yet by definition, that’s what zero rating does: an ISP agrees not to count data generated by a specific content provider against a customer’s overall bandwidth cap. Looking at from another angle, instead of charging more for enhanced quality—the Internet “toll road” network neutrality is designed to prevent, zero rating offers a discount for downgraded transmission. As ISPs, particularly bandwidth-constrained wireless companies, replace “all-you-can-eat” data with tiered pricing plans that place a monthly limit on total data used—and assess additional charges on consumers who go beyond the cap—zero rating agreements become critical in allowing companies like Alphabet (formerly Google), Facebook and Netflix, companies that were among the most vocal supports of network neutrality, to keep users regularly engaged.

T-Mobile has been aggressive with zero rating, having reached agreements with Netflix, Hulu, HBO Now, and SlingTV for its Binge On feature. Facebook, another network neutrality advocate, has begun lobbying for zero rating exceptions outside the U.S. Facebook founder and CEO Mark Zuckerberg told a tech audience in India, where net neutrality has been a long-standing rule, that zero rating is not a violation, a contention that some tech bloggers immediately challenged.

When it came to net neutrality rulings, the FCC may have hoped it would only have to deal with disputes dealing with the technical sausage-making covered by the “reasonable network management” clause in the Title II order (to be fair, zero rating involves some data optimization). But any ruling that permits zero rating would collapse its entire case for network neutrality. The Electronic Frontier Foundation, another vocal net neutrality supporter, understands this explicitly, and wants the FCC to nip zero rating in the bud.

The problem is that zero-rating is not anti-consumer, but a healthy, market-based response to bandwidth limitations. Even though ISPs are treating data differently, customers get access to more entertainment and content without higher costs. Bottom line: consumers get more for their money. For providers like Alphabet and Facebook, which rely on advertising, there stands to be substantial return on investment. Unlike blanket regulation, it’s voluntary, sensitive to market shifts and not coercive.

How long before these companies who lobbied for network neutrality begin their semantic gymnastics to demand exemptions for zero rating? The Court of Appeals may make it moot by overturning Title II reclassification outright. But failing that, expect some of the big Silicon Valley tech companies to start their rhetorical games soon.

 Internet streaming will confound the FCC

The zero rating controversy is just one more outgrowth of the rise in Internet streaming.

For the past seven years, the FCC’s regulatory policy has been based on the questionable assertion that cable and phone companies are monopoly bottlenecks.

Title II reclassification is aimed at preventing ISPs from using these perceived bottlenecks to extract higher costs from content providers. Yet at the same time, the FCC, in keeping with its cable/telco/ISPs-are-monopolies mindset, depends on them to fund its universal service and e-rate funds and fulfill its public interest mandate by carrying broadcast feeds from local television stations.

The simple fact is that the local telephone, cable and ISP bundlers are not monopolies. The 463,000 subscribers the top 8 cable companies lost in the second quarter of 2015 are getting their TV entertainment from somewhere. Those who are not cutting the cord completely are reducing their service: Another study estimated that 45 percent of U.S. households reduced the level of cable or satellite service in 2014.

Consumers are replacing their cable bundle with streaming options such as Roku, Amazon Fire, Apple TV and Google Play. These companies aggregate and optimize the Internet video for big screen TVs and home entertainment centers. Broadcast and basic cable programs are usually free (but carry ads); other programming can be purchased by subscription (Netflix, HBO Now) or on demand (iTunes, Amazon). While in many cases consumers retain their broadband connection, that remains their only purchase from the cable or telephone company. But even that might be optional, too. Millennial consumers are comfortable using free WiFi services or zero-rated wireless plans like T-Mobile’s Binge On.

But as consumers cut the cord, cable revenues go down. When cable revenues drop, so does the funding for all those FCC pet causes. The question is how hard will the FCC push to require streaming services to pay universal service fees, or include local TV feeds among their channel offerings? Under the current law, the FCC has no regulatory jurisdiction over streaming applications, unless, as with Title II, it tries to play fast and loose with legal definitions. The FCC has never been shy about overreaching, and as early as October 2014 Chairman Tom Wheeler suggested that IP video aggregators could be considered multichannel video programming distributors, a term that to date has been applied only to cable television companies.

Ironically, streaming stands to meet two long-held progressive policy goals—a la carte programming selection and structural separation of the companies that build and manage physical broadband networks and the companies that provide the applications that ride it. Cable and Internet bundles are so 2012! Yet 2016 finds the FCC is woefully unprepared for this shift. In fact, last we looked was encouraging small towns to borrow millions of dollars to get onto the cable TV business.

Over the past seven years, the FCC has pursued Internet regulations from an ideological perspective—treating it as a necessary component of the overall business ecosystem. In truth, regulation is supposed to serve consumer interests, and should be applied to address extant problems, not as precautionary measures. Unfortunately, the FCC has chosen to ignore market realities and apply rules that fit its own deliberate misperceptions. The Commission’s looming inability to find consistency in enforcing its own edicts is a problem solely of its own making.

Time is Ripe to Redouble Patent Reform Efforts

The Heartland Institute today is releasing my policy brief on patent abuse, one of the few areas where there is bipartisan consensus on the problem. As I write in the paper, patent assertion entities (PAEs), known pejoratively as “patent trolls,” exist to exploit weaknesses in the U.S. patent system. Their business model is built on the fact it is often cheaper for defendants to settle a patent infringement claim than to endure a lengthy court process, risking an unfavorable ruling and incurring significant legal fees. PAEs do not stockpile patents or assert the patents they control for legitimate purposes, such as defending their investment in research or development. The patent itself is usually the primary asset PAEs control with any real revenue-earning potential.

The patent abuse industry takes an enormous toll on U.S. consumers:

Because software and technology patents can be arcane and often difficult for juries to determine differentiation, a trial is often a coin toss for defendant. Moreso if the plaintiffs bring the case in one of several federal districts notorious for finding infringement, such as East Texas. The decision to settle, even if the patent claim is questionable or even outright frivolous, is often a question of economics. The defendant agrees to pay the demanded license fee rather than risk heftier legal costs of a trial and the possibility of losing all rights to the product.

Enterprises should be using the marketplace, not the courtroom, to evaluate investment and return opportunities. Patent reform can help by changing the cost-benefit ratios of litigation so frivolous patents are deterred but plaintiffs with legitimate cases are still able to bring a case.

Specific recommendations for reform include:

  • Federal legislation should empower the United States Patent and Trademark Office (USPTO) to better address the changing nature of patents, particularly regarding software. USPTO needs to better understand methodologies and mechanisms in the way software is written. It also needs clearer rules on what end-functions – shopping carts, location mapping, web indexing, and cross referencing, for example – can be deemed proprietary and subject to license.
  • Courts are important in patent enforcement, but a lack of suitable guidelines from USPTO leaves juries and courts too much leeway in interpreting patent law. The U.S. Supreme Court has provided some guidance for lower courts in calling on plaintiffs to be specific as to their infringement claims. Congress and state legislative bodies should follow the Court’s lead and craft legislation that demands higher and more specific standards for the establishment of infringement.
  • Congress should confirm President Obama’s nomination of Michele K. Lee as director of USPTO. The agency has a poor reputation when it comes to evaluating software patents and other high-technology innovation. Placing Lee, currently USPTO acting director and a former Google executive, in charge of the agency will address this perception and help implement a real shift in USPTO’s approach to contemporary patent issues.
  • The White House, through the U.S. Commerce Department and U.S. Trade Representative’s Office, should use the Transatlantic Trade and Investment Partnership and the Trans-Pacific Partnership negotiations to address the growing problem of state-sponsored patent trolling. If governments persist in using frivolous patent suits to block U.S. entry into their domestic markets, the United States should turn to treaty organizations such as the World Trade Organization for enforcement and redress.
  • Regulatory bodies such as the Federal Communications Commission that set standards necessary for the interoperability of devices should avoid heavy reliance on patented technology. These decisions result in a government-mandated monopoly that leads to overpricing of licenses, as seen with the ATSC television standard.

The complete paper, Why Patent Reforms Are Needed: Intellectual Property Abuses Threaten Innovation and Cost Consumers Billions, can be found here on the Heartland Institute web site.

Network Neutrality’s Watershed Moment

After some ten years, gallons of ink and thousands of megabytes of bandwidth, the debate over network neutrality is reaching a climactic moment.

Bills are expected to be introduced in both the Senate and House this week that would allow the Federal Communications Commission to regulate paid prioritization, the stated goal of network neutrality advocates from the start. Led by Sen. John Thune (R-S.D.) and Rep. Fred Upton (R-Mich.), the legislation represents a major compromise on the part of congressional Republicans, who until now have held fast against any additional Internet regulation. Their willingness to soften on paid prioritization has gotten the attention of a number of leading Democrats, including Sens. Bill Nelson (D-Fla.) and Cory Booker (D-N.J.). The only question that remains is if FCC Chairman Thomas Wheeler and President Barack Obama are willing to buy into this emerging spirit of partisanship.

Obama wants a more radical course—outright reclassification of Internet services under Title II of the Communications Act, a policy Wheeler appears to have embraced in spite of reservations he expressed last year. Title II, however, would give the FCC the same type of sweeping regulatory authority over the Internet as it does monopoly phone service—a situation that stands to create a “Mother, may I” regime over what, to date, has been an wildly successful environment of permissionless innovation.

Important to remember is that Title II reclassification is a response to repeated court decisions preventing the FCC from enforcing certain provisions against paid prioritization. Current law, the courts affirmed, classifies the Internet as an information service, a definition that limits the FCC’s regulatory control over it. Using reclassification, the FCC hopes to give itself the necessary legal cover.

But the paid prioritization matter can addressed easily, elegantly and, most important, constitutionally, through Congress.

As a libertarian, I question the value of any regulation on the Internet on principle. And practically speaking, there’s been no egregious abuse of paid prioritization that justifies unilateral reclassification. It’s not in an ISPs interest to block any websites. And, contrary to being a consumer problem, allowing major content companies like Netflix to purchase network management services that improve the quality of video delivery while reducing network congestion for other applications might actually serve the market.

But if paid prioritization is the concern, then Thune-Upton addresses it. It would allow the FCC to investigate and impose penalties on ISPs that throttle traffic, or demand payment for quality delivery. On the other hand, Thune-Upton would also create carve outs for certain types of applications that require prioritization to work, like telemedicine and emergency services, and would allow for the reasonable network management that is necessary for optimum performance—answering criticisms that come not only from center-right policy analysts, but from network engineers.

Legislation also gives the FCC specific instructions, whereas Title II reclassification opens the door to large-scale, open-ended regulation. Here’s where I do indulge my libertarian leanings. Giving the government vague, unspecified powers asks for trouble. All we have to do is look at the National Security Agency’s widespread warrantless wiretapping and the Drug Enforcement Administration’s tracking of private vehicle movements around the country. Disturbing as they are to all citizens who value liberty and privacy, these practices are technically legal because there are no laws setting rules of due process with contemporary communications technology (a blog for another day). As much as the FCC promises to “forbear” more extensive Internet regulation, it’s better for all if specific limits are written in.

At the same time, the addition of regulatory powers invites corporate rent-seeking whereby companies turn to the government to protect them in the marketplace. Even as the FCC was drafting its Title II proposal, BlackBerry’s CEO, John Chen, were complaining that applications developers were only focusing on the iPhone and Android platforms. Chen seeks “app neutrality,” essentially a law to require any applications that work on iPhone and Android platforms to work on BlackBerry’s operating system, too, despite the low marker penetration of the devices.

Also, forcing the FCC to work inside narrow parameters means it can more readily ease up or even reverse itself in case a ban on paid prioritization leads to intended consequences, like a significant uptick in bandwidth congestion and measureable degradation in applications performance.

Finally, successful bi-partisan legislation can put net neutrality to bed. If the White House remains stubborn and instead pushes the FCC to reclassify, it almost assures a lengthy court case that not only would drag out the debate, but likely end with another decision against the FCC. But even if the court rulings go the FCC’s way, Title II is no guarantee against paid prioritization. Allowing Congress to give the FCC the necessary authority is constitutionally sound approach and has a better chance of meeting the desired objectives. Congress is offering a bipartisan solution that is reasonable and workable. The Obama administration has been banging the drum for network neutrality since Day 1. This is its moment to seize.

The inevitability of the sharing economy

Uber, AirBnB and other companies that mine the so-called “sharing economy” continue to face legal and regulatory challenges, both in the United States and internationally.

At heart, these services use the Internet to scale up the sort of thing young people have done for ages. Going home for the weekend? Post a note on a dorm bulletin board offering to share gas and you’d likely get a ride. Coming into town for a big concert? With a few phone calls you could easily find a friend of a friend of a friend who would let you crash on his couch in return for a couple of six packs.

This is why Uber, Lyft and AirBnB strike such a chord with millennials. These three companies have the most mindshare, but there are many others on the rise: DogVacay (pet-sitting),RelayRides and GetAround (peer-to-peer car renting) and TaskRabbit (household chores and office help). They align perfectly with twenty-something economics, ever moreso today when your first “job” might be little more than an unpaid internship. Meanwhile, the platforms offer individuals a means of income in a changing job environment where conventional long-term employment opportunities are decreasing in favor automation and contract workers.

That’s why, in the end, these services will win out, despite any short-term setbacks they encounter along the way from unimaginative local lawmakers with little else to do. They bring considerable ground-level muscle to a local economy. In the case of apartment- and ride-sharing, the easier it is to get buyers and sellers to and around your town, the more money they will spend in your town.

In 2014, I attended city council hearings on ride-sharing in Houston and San Antonio. Although each had different outcomes, an air of inevitability was evident in both meetings, as if city council members tacitly understood that, no matter what they decided that day, the sharing economy is here to stay. The Houston City Council bowed to reality, and gave Uber and Lyft considerable room to operate. San Antonio…not so much. There, insurance requirements for Uber and Lyft drivers, which exceed those for regular cab drivers, seem designed to make it too costly for ride-sharing services to take root. However, the regulation will be revisited in six months.

The most incisive comment during the San Antonio public hearing came from Councilman Ron Nirenberg, who said that everything he heard from Uber and Lyft supporters was about expanding the market and improving service for consumers, while all he heard from cab company representatives were attacks on ride-sharing companies.

From where I was sitting, this observation largely was true. One of the few cab drivers who did not attack Uber and Lyft didn’t help the case for cab companies either. She said she made an effort to keep her cab clean and would lower her fare to match Uber’s if a rider could show her the quote. So while she may have intended to argue against ride-sharing, she implicitly admitted that ride-sharing competition was making her a better service provider.

But the competitive aspect is not all there is. No matter what their political make-up, city councils know that opposition to Uber, AirBnB and the larger sharing economy runs counter to the very policies they need to create functional urban environments into the future.

Technology is part of it. But consider also the considerable taxpayer dollars devoted to policies designed to deliver residential density and re-establish neighborhoods—bike-sharing, green space and zoning initiative that favor small and diverse shops and restaurants, rather than national chains. The value of these programs is diminished when cities simultaneously stick to outmoded mechanisms from past eras, like micromanaging the local livery market.

Attempting to nurture a population base of young professionals while deliberately preventing these same young professionals from connecting for mutual economic benefit…well, counterproductive is a nice word for it.

Originally posted Jan. 30, 2015 at www.restreet.org.

Muni broadband: Even dumber in 2015 than 2005

Ahead of his State of the Union address, President Barack Obama went to Cedar Falls, Iowa to tout municipal broadband. Despite a landscape littered with missed goals, incomplete build-outs and outright financial ruin, Obama still thinks local governments should saddle themselves with millions in debt to fund broadband systems that would compete with service providers that have been there for years.

To press the point, the Obama administration is pushing for federal legislation to pre-empt states from blocking municipal broadband projects, even though, as ultimate guarantors of the bonds, they have full right to. A number of states, after seeing the financial damage these projects do, have done so already.

The principal argument for municipal broadband is market failure: Internet service providers are entrenched duopolies that have no interest in serving residents without the financial means to pay upward of $100 a month for a broadband package. Yet while touting the wonders of the 10 Gb/s fiber to the home access the City of Cedar Falls is providing, Obama neglected to mention that it costs $275 a month. Broadband for the people, indeed.

Let’s say it one more time: municipal broadband doesn’t work. Even systems that are operating — such as those in Lafayette, La., and Chattanooga, Tenn. — have not achieved their goals of providing ubiquitous fiber-to-the-home, higher-quality service and cheaper rates than incumbents. While the may boast positive cash flow, they are still losing money and behind their revenue plans.

It’s only going to get worse. Current municipal systems followed the “triple-play” model, bundling phone, cable and high-speed Internet into a package that could generate the average revenue per user necessary to meet operating costs and service debt.

Ten years ago, these business plans made some sense, although in most cases, the consultants who wrote them played down the competitive threat of satellite TV and the high cost of programing acquisition.

But what the feasibility studies didn’t foresee was the rise of over-the-top (OTT) video networks that bypassed cable TV systems. First came Netflix and Hulu, then Showtime and CBS announced plans to stream programming. Then came the real game-changer—ESPN’s plan, announced in January, to stream live sports.

This was significant because live sports is one of the main reasons people retain cable TV. Make the Super Bowl an OTT option, and suddenly, cord-cutting becomes attractive not just for twentysomething renters content to watch movies on their tablets, but for entire households. (Thanks to devices like Google’s Chromecast, video programming downloaded from phone or tablet can be routed directly the family widescreen TV.)

This trend has the major ISP/cable concerned. An estimated 7.6 million U.S. households have scrapped pay TV over the past several years. Nearly one-fifth of Americans who have Netflix or Hulu Plus accounts don’t subscribe to a cable or satellite TV service, according to research from Experian Marketing Services. These consumers may be holding onto Internet service only, or using 4th generation wireless service. But for large wireline ISPs that banked on bundling, these numbers present a bleak outlook.

How much more a problem is this going to be for munis? For example, Lafayette’s $140 million broadband bond issue anticipated it would see 3 to 6 percent annual growth in cable TV revenue for next 15 to 20 years. That’s just not going to happen. These operations face a major reckoning.

UTOPIA, a fiber-based broadband network financed by a group of 11 Utah cities, provides a grim preview. After failing to reach the threshold of customers needed to pay the debt on construction, the project was turned over to Australia-based Macquarie Capital. As part of the agreement for Macquarie to fund completion of the network, the UTOPIA cities proposedassessing residents a $20 a month utility surcharge for the next 30 years. Who knows what broadband will be like in 2045, but Utah homeowners will still be paying off a technology platform that, by then, will be as old as a Commodore 64 is to us. Is it any wonder that five of the UTOPIA communities have balked at this deal?

Despite the president’s continued cheerleading for municipal broadband, it’s hard to see, given the pressure on conventional ISP wireline bundling, even a conservative municipal broadband project plan getting the necessary underwriting—at least at rates below junk status.

Google Fiber, which prices 1 Gb/s access with TV at $120, is expanding into more cities. Now the company has plans to enter wireless with a new business model. New market developments like these make the cries of monopoly less and less credible. Municipal broadband is hardly the “necessity” for digital inclusion Obama claims it is.

Rather than sink millions into building a system that will never come close to paying for itself, cities can do more for broadband investment by revisiting the franchise fee process, streamlining the wireless tower siting process and reducing right of way fees. This has helped attract disruptors like Google, and overall, will do more to foster private investment and development far better than the government-funded approach.

For more about market-friendly ways cities can spark broadband investment, see my R Street paper, “Alternatives to Government Broadband.”

Originally posted Jan. 28, 2015 at www.restreet.org.