The FTC and Google: Did Larry Learn his Lesson?

The FTC and Google settled their differences last week, putting the final touches on an agreement. Commentators began carping from all sides as soon as the announcement came. The most biting criticisms have accused the FTC of going too easy on Google. Frankly, I think the commentators are only half right. Yes, it appears as if Google got off easy, but, IMHO, the FTC settled at about the right place.

More to the point, it is too soon to throw a harsh judgment at Google. This settlement might work just fine, and if it does, then society is better off than it would have been had some grandstanding prosecutor decided to go to trial.

Why? First, public confrontation is often a BIG expense for society. Second, as an organization Google is young and it occupies a market that also is young. The first big antitrust case for such a company in such a situation should substitute education for severe judgment.

Ah, this will take an explanation. (more…)

Tiered Broadband Pricing

Kellogg Insight’s Editor, Tim De Chant, and I sat down to discuss tiered pricing for broadband. It was a pretty interesting conversation, and Tim distilled it into a blog post. If you are curious to see the original post and other posts by Tim, see his blog, Expertly Wrapped. With Tim’s permission, here is a reposting:

**************************************************************************

Consumers and startups to be affected by metered broadband, By Tim De Chant

As more people are looking forward to a future overflowing with data—Facebook, Twitter, Netflix, YouTube, a seemingly limitless number of websites, and more—broadband providers are looking to limit the amount of data they provide. And with those limits will come new—and most likely higher—prices.

Data caps aren’t new—they have been widely implemented by wireless providers—but they haven’t been widely implemented among traditional broadband providers. Now, that seems to be changing. Many providers complain that their network is overloaded, and that the costs of upgrading it to handle the added traffic are prohibitive. To maintain a quality service for their customers, providers say they have to raise prices.

Unfortunately, it’s not that clear cut, said Shane Greenstein, a professor of management and strategy and expert on internet economics. There are a number of issues clouding the matter, one of which is time of day. Overuse “usually does not matter most of the day. It generally only matters between 7 PM and 10 PM, when use is highest,” he said. “The usual justification for usage based pricing (or caps, for that matter) appear quite weak outside the 7 to 10 PM window.” (more…)

What does the average surfer know about Creative Commons?

What do you know about Creative Commons, the legal frameworks that support many web-based activities, such as Wikipedia, Flickr, or YouTube? You probably do not know too much, if you are like most people. Most users do not know the legal details behind the web – and that is a fact, as you will see in a moment.

You might reasonably respond that it does not matter what users know. Knowing the legal details makes no difference to enjoying and using the services. Indeed, the general ignorance of the users shows just how sophisticated and easy-to-use many of the leading web services have become. You also might respond in a contrary fashion, that most users are inviting disaster by remaining ignorant. Knowing the details does not matter on 99 days of pain-free use, but someday there will come a day it matters, and not knowing will bite users hard.

Those two opposing responses are both reasonable answers, I believe, because the state of the discussion remains in flux. No good answer to these questions dominates the topic for now. At present it is enough to ask the question, and recognize that the answer is open.

(more…)

The Craigslist Killer and Online Privacy

Let’s discuss the Craigslist killer, online privacy, and police procedures.

Why has this old case from 2009 gotten new attention? The murder itself was rather gruesome and unusual, and the events grabbed considerable attention at the time, especially in the Boston area where they took place. However, it all happened several years ago. Why remember them now? As it turns out, the Boston Police recently released a range of documents concerning the case (which is a good thing – kudos to the Boston Police for being transparent). A few reporters have looked closely at these documents. This has generated a series of online comments about how the police used information technology — ISPs, cell phones, Facebook, email — to connect the murder to the suspect.

Let’s bring the conversation to the attention of readers of this space. It shows how technical progress lowers the costs of performing new technical capabilities, which generate new possibilities for action. A big part of the online privacy debate concerns the simple policy question: how best can society use this new capability? The question is not new, to be sure, but it is hard to appreciate that question without understanding just what is possible. This example offers a good illustration about what online technology made very cheap and what police departments do with it.

On one level there is nothing shocking here. As it turns out, when Facebook receives a subpoena it complies. So do ISPs. So do cell phone companies. Anything anyone does from home leaves an online trace, and any determined police department can deploy subpoenas to associate that online trace with an individual. Police use this routinely when they have a good lead, and it can be useful in catching murderers.

More to the point, online privacy debates are best illustrated in the situations where the debate matters the least, such a successful criminal investigation of a murder. That is because these are the type of situations in which everyone cooperates. As the case illustrates, using comparatively routine processes to trace his actions online, police could take some impressive actions.

In brief, the case makes clear why police should have the ability to use these capabilities, and it makes clear how easy it is to do. The latter observation might be novel for many readers.

Recap and remark

In this instance, the murderer is called the Craigslist killer because he used Craigslist to find his victim. For our purposes, the case has one distinctive feature: Despite being a medical student at Boston University, which surely suggests he had some sort of brain on his shoulders, the Craigslist killer really did not understand how many online clues he was leaving for the police.

The facts of the case are straightforward, albeit gruesome. Back in the spring of 2009 a second year medical at Boston University medical school got into financial problems – due to gambling, it seems. He hatched a scheme to pay his debts through robbery. His potential victims were masseuses he solicited on Craigslist. They did not know him, and he contacted the victims with new email accounts and temporary cell phones. Once he met them, he would handcuff them at gunpoint and rob them. He did this three times before he was caught. The second of these went badly, and he shot the poor victim three times, murdering her in an upscale downtown Boston hotel. (If you want to know all the details about the Craigslist killer, read it here).

Reading this account I was reminded of a sardonic rule of thumb communicated to me by an old friend, who was a professional prosecutor: it is a good thing that most criminals are so stupid, otherwise they would never get caught. He meant the following: it is rather difficult for prosecutors to catch criminals, but many law-breakers make the task much easier by doing a range of things that connect them to the crime, namely, by NOT covering their tracks very smartly. From the prosecutor’s perspective, a thoughtful criminal only need take a small set of actions, and they are much harder to catch. Yet, most of them never think to do so.

The Craigslist killer’s actions illustrate a few such actions, especially on line. These are remarkable because of the contrast with other actions taken by the killer. He was smart enough to find vulnerable victims in Craigslist, and contact them in ways that made it challenging to identify him. He essentially did that by buying prepaid cell phones (which made it hard to trace to him in particular).

As example of one of the dumb things he did… after the murder he kept one of the cell phones at his residence (hidden, presumably, from his companion). But after the murders the police searched his residence and found it. Let’s just say it: such physical evidence is pretty damning, so it is pretty darn stupid to keep the phone at home. I am no expert — but, I dunno’ — it might have been a good idea to throw away the cell that contacted a victim.

Here is another example. Though the killer successfully committed his first robbery, he committed the second one (which led to the murder) in a hotel across the street on the next day. He also used exactly the same method, giving the police a pretty good clue they were dealing with the same individual (which made identifying him much easier). He committed the third one the following night 45 minutes away from Boston (again, using the same method), in spite of the massive publicity surround the murder (which, again, made identifying him much easier).

Anyway, all of this looks pretty stupid to the prosecutors. This guy took action to make his cell phone use anonymous, and then lost a lot of anonymity through his choice of time/place. A little spacing across police jurisdictions, and little patience, and he would have been much harder to find.

But, really, his email and Facebook behavior was clueless, so let’s focus on that. It did lead to the loss of anonymity, and that is worth understanding in detail.

The Craigslist killer acted in ways that tied him directly to his emails. The emails went between him and his victim. If anonymity is the goal – and clearly he had some inkling of its importance through his cellphone purchases – then why didn’t it extend to his email behavior?

He did not behave as if he realized what a trace he was leaving. For example, he acquired his email account the day before he used it to contact his victim, and did it from his home. From his home — whoa, that is stupid. Working from his home made it easy to trace. The email provider and ISP both have access to the same IP address, and the police used subpoenas to connect one with the other.

This association is one of the more remarkable details of the case precisely because the ISP was almost uncooperative. Here is what happened. The police sent a subpoena to the ISP asking for the address affiliated with the IP address they obtained from the email provider. The police got the email address from — no surprise — the victim. In this case, the email provider was Microsoft, and the firm seems to have complied comparatively quickly. In contrast, the ISP — Comcast, in this case — gave a somewhat more bureaucratic answer. They said, in effect, that it would be a couple weeks, unless the police gave them a good reason to be in a rush. Given the high profile of the case, the police had no problem doing that. Then the ISP made an exception to its default behavior, which is a slow answer, and complied quickly.

Notice how important was the online piece. Once the police had that address they could stake out the place. That eventually let them get an ID on the individual as well as fingerprints. They also were able to get photos (from Facebook, and from records at Boston University), which they could then show to the other victims. That allowed them to solve the case in less than a week.

Summing up

There is something deeper running throughout the recent release of documents. On one level, the documents illustrate something that has become almost a standard refrain among the more experience and sophisticated Internet research community, namely, there is less privacy online than in typical offline life. This so despite the attempts of many lawyers to make the online world less vulnerable to government snooping.

The case makes that refrain very apparent: with a search warrant, government prosecutors can find out quite a lot about just about any suspect who has an active online life.

The documents also illustrate another rule of thumb about privacy online. There are two kinds of surfers present, those who seem to behave as if they DO NOT comprehend the lack of privacy online, and those who are wary about whether the Internet will become big brother-ish. The Craigslist killer seems to have been the former.

Looking behind the surface, one other theme runs throughout this case. Nobody other than the killer did anything wrong. The police got it right. They followed proper civil procedure. The firms cooperated. A murder case got solved. The entire experience should make any sensible person want to say “Hurray for civil society.”

Yet, not trivially, the situation also showcases that the improvement in information technology in the last decade is not an unalloyed improvement. Indeed, less restrained governments and police forces can easily use information technology in ways that may have little to do with enforcing criminal law. Tracing emails to political dissidents should be easy. Censoring unwanted communication is no problem. Shutting down the leadership of an electronic communication network also appears comparatively trivial. I am no lawyer, but these events give me additional respect for the importance of subpoenas and other processes to ensure that police use them only when criminal behavior provides probable cause.

What would you say to David Cameron about Google?

Why was Google invented in the US and not the UK? Jonathan Haskell, Professor at Imperial College in London, asked that question in his most recent blog post. What motivated him to ask it? He got a little nudge from his Prime Minister, David Cameron, who asked the same question.

Haskell justifiably hesitates to put too much emphasis on one single factor. At the same time, he wants to use the example to suggest that aspects of the law for copyright play a role. In particular, he stresses that the US has a legal notion called “fair use” while the UK lacks such a notion.

The argument stresses that fair use eliminates the need  for contracting every time a new use or user builds an incremental innovation using a small part of copyrighted material. This matters for certain online innovations — such as innovative search tools. More generally, fair use reduces the costs of innovations that make use of lots of little bits of copyrighted material. In the absence of fair use the innovator would have to contract with every copyright holder, which can be cumbersome or prohibitively expensive. Haskell’s argument stresses the the equivalent UK notion is much narrower, which raises contracting costs, and, thus, disables experimentation in many online activities.

I do not have any reason to disagree with this insight. The characterization of US copyright law is reasonable for this argument. However, not being an expert on UK copyright law, all I can say is that Haskell’s argument sounds plausible to me.

I would like to add one observation and pose two questions.

The observation summarizes something I said in a prior post about Google’s early history. Summarizing that earlier post,  Google’s success did not arise from a single epiphany. It came from the accumulation of many innovations. Google’s success  had many fathers, including Google’s imitation of, and improvement over, innovations done by Overture. That was accomplished with multiple inventions, including page-rank, as well as investment in more speed and reliability. It also including further development of its second-price quality-weighted position auction.  NSF funding paid for initial advance, and Silicon Valley’s ecosystem played a big role too. The efforts of many clever computer scientists played a role, as did the efforts of many bloggers.

Second, let’s pose a question. Does the US law for safe harbor play a role? Does the UK have anything equivalent? The US laws largely were defined in the DMCA, which passed in 1998. While I do not think the US safe harbor rules played a role in Google’s early growth, these processes certainly played a role in YouTube’s experience. Their importance has been widely recognized too. It has come up prominently in recent issues about reforming copyright law in the face of piracy.

The argument for safe harbors — e.g., adopting and executing routine procedures for taking down copyrighted material limits the liability to a hosting site — goes something like this: a well defined procedure for no liability helps innovators by giving them legal certainty about what does and does not violate another copyright holder’s rights. Does the UK have something equivalent?

The second question concerns antitrust. Does the application or lack of application of antitrust law play any role in the difference between the US and UK experience?  I usually think of US antitrust law as friendly to innovators, and particularly focused on keeping channels open, which helps entrepreneurs. It also leads to deconcentration of ownership. How does that compare with the UK?

I also ask this question partially as a result of a recent court decision in France. Yes, France has nothing to do with the UK, but this example is just too weird to go without mention, so please forgive the lack of segue. The French court found Google violated antitrust law because it gave away its maps for free. A french map maker complained and won their suit, apparently, by convincing a judge that free maps violated France’s antitrust laws. I have seen some wacky court decisions over the years, but on the surface this one sure seems inexplicable. Is the UK as wacky as all this?

To summarize, Jonathan Haskell asks a great question, motivated by his Prime Minister’s question. Why did Google start in the US and not the UK? He and I agree that multiple factors ultimately played a role. Haskell also suggests the definition of fair use has something to do with it. I wonder if safe harbors and antitrust also play a role.

What do you think?

Invasion of the Internet Body snatchers

If you have been musing about the misguided policies in SOPA and PIPA that generated protests, what do you make of misguided international governance of the Internet? This article in Politico raises an interesting possibility, that the ITU will assert itself into Internet governance, ostensibly to coordinate security and taxation across countries. As is well known, numerous countries would like to see this happen because it allows them to indirectly use the ITU to control pieces of the Internet.

I bet the same people who protested SOPA and PIPA would view this decision-making body with about the same paranoia as Donald Sutherland in the remake of “Invasion of the body snatchers.” Like Sutherland, they will want to stay awake forever, lest the aliens come in while they are asleep and steal the independence of the Internet.  (Alright, maybe that stretches the metaphor a tad, but you get the idea).

Of course, there is a key difference. The ITU is one of those international organizations that does not have to answer to anybody in particular. None of its decision makers have to stand for reelection. None of the leaders have much to fear from any web-based protest.

I do not know about you, but if the ITU sticks its nose into Internet governance I do not see this turning out well.

Don’t get me wrong. I have met several people from the ITU over the years. All of them have been very polite and thoughtful and well-spoken. But that is still not the same as being held accountable. 

How would the Internet community react to more international governance, such as from the ITU? If I had to guess — and this not going out on much of a limb — the same people who mistrust a few Hollywood lobbyists with the text of a law about piracy will trust the decisions of many non-US governments even less. Will they bend their behavior to abide by a directive that emerged from negotiations between a government in Paris and a government in Bejing or Moscow? How about, say, Kinshasa or Caracas? Ya, right.

I am just saying. The same instincts that led Sergey Brin and Larry Page to defy Bejing — and, mind you, at some financial loss to their firm — are the same instincts that fueled the SOPA and PIPA revolt. These sentiments exist widely.

It is nothing personal, nor foreign-phobic. These sentiments have been around for quite some time. For as long as I have been watching policy making in this space — which is approximately two decades — there has always been a big and vocal community who guards their independence. This community is thoughtful and a bit defiant, and, importantly, suspicious of any bottlenecks or concentration of authority.

As David Clark so succinctly and graciously summarized the sentiment in 1993:

We reject: kings, presidents and voting. We believe in: rough consensus and running code.

Sure, the venue for the recent protests is new, and so is the instrument for protesting. But read the online chatter about SOPA and PIPA. It has the same tone and sensibility, less revolution, more evolution in the target and means. The ITU would get as much revolt today as any other authority.

Here is what I mean. Over the years various firms and authorities have become the target for this sensibility. More than two decades ago (in Clark’s speech) the targets were the largest telephone companies, especially AT&T in New Jersey and the global standards bodies trying to coordinate technical developments across countries in the early 1990s. Among the many concerns at the time, there was deep suspicion against the way any one decision maker would impose their interests too strongly, ruining the accomplishments of the community.

These same instincts would resist the ITU, should it try to insert itself.  Different venue, but the same protest.

In the article Phil Weiser  gets it right on target, “Part of the challenge is to defend the bottom-up governance model.”

Donald Sutherland understood the problem with the defense in Invasion of the Body Snatchers. It means never going to sleep.

Platforms and a visit to Japan

During the first week of December I visited Tokyo, Japan, and spoke about platforms. This was my first visit to Japan.  Accordingly, this post mixes commentary with a bit of travelogue.

Platforms are reconfigurable base of components on which participants build applications. Platforms have a long history in computing and electronics, with examples going back to IBM, Microsoft and Intel, among many others. Google and Apple are recent practitioners, and their prominence has renewed interest in platform strategies. It is, however, not entirely transparent to a non-expert how the (newer) discussions about platforms relates to the (familiar) analyses of standardization. My talk pointed out some of those links.

Background to set the scene: I stayed at Hitotsubashi University (on the left), a lovely campus in a residential neighborhood a train ride out from downtown Tokyo. I traveled there at the invitation of Professor Reiko Aoki, a professor at the university, and a member of an advisory group for the government on technology policy. She arranged for a presentation at the university, and another at the Research Institute for Economy Trade and Industry (REITI), a part of METI, the government agency with many experts in industrial policy. Professor Aoki and I both share an interest in standards. Sadao Nagaoka, also from Hitotsubashi and an expert in technology policy, provided commentary. We are pictured together at REITI at METI (at the top).

(more…)

Mobile mergers and insider baseball conversations

Here is a fact. The FCC recently announced it would move to have a hearing about the AT&T and T-Mobile merger. In response, AT&T withdrew its application from the FCC, delaying the hearing indefinitely (or until AT&T resubmits the application).

What is that all about? At a procedural level it is just a detail — the FCC reviews mergers involving the transfer of licensing. The Department of Justice (DOJ) has a review process too, but just a different standard of review. The DOJ uses antitrust, while the FCC considers whether the merger is in the “public interest.” Even if the FCC delays its review, the FCC must continue to do its review. The first hearing in front of judge takes place in February.

Today’s post provides a little insider baseball about these reviews (The Wiktionary definition for insider baseball “Matters of interest only to insiders”), trying to explain the chess moves to a wider audience. Seemingly small procedural moves provide a window on the likely outcome of this merger. To paraphrase Robin Bienenstock and Craig Moffett of Bernstein Research, AT&T has not thrown in the towel, but they are acting like a firm who understands the odds of success are low. I prefer to think of it this way: economic substance does matter. This requires a brief explanation. (more…)

Limits to broadband diffusion?

The National Telecommunications Information Administration just published the findings from its latest survey about Internet use within US households. In case you missed it, here is a summary: broadband adoption among US households went up, but not by much.

Actually, that is not entirely fair. Viewed at short intervals, broadband adoption will appear to be a slow moving process. However, a little stepping back from the short run headlines reveals good news and bad news in this report. That is the point of this post. (more…)

US Broadband in Maps, Graphs, and some Bars

To be sure, most of us do not use government statistical reports as anything more than bedtime reading for inducing soporific reactions. It is cheaper than a sleeping pill.

But those expectations would be too harsh for the most recent broadband report from the FCC. It contains a great deal of data, and it is really quite informative. I would go even further. It is a useful vehicle for learning about the basic economics of broadband. For that purpose, however, it has one drawback: it is a wee bit too long, as in 88 pages.

This post will save you some time. Much of the key insights can be summarized in three pictures — a map, a graph and some bars. The post  will start with the map, then go to the graph, then end with the bars. (For those keeping score at home these pictures are taken from pages 62, 78 and 79 of the report.)

(more…)