Can Big Internet Security Problems Be Fixed Retroactively? (2/2)6th October 2018
Via the Real News Network; Pt. 2 of a series, “US Policy Toward Global Internet Governance Is Misguided Says Richard Hill.”
LYNN FRIES: It’s The Real News. I’m Lynn Fries. We are continuing our discussion with Internet governance expert Richard Hill. Richard Hill is president of the Association for Proper Internet Governance and a former official at the International Telecommunication Union. Welcome back, Richard.
RICHARD HILL: Thank you.
LYNN FRIES: Let’s pick up where we left off in Part 1. Your concluding point was that there should be no discussion of free flow of data at the World Trade Organization until certain preconditions are met; notably, global agreement on antitrust regulation and on data privacy protections. Talk now about the background to this. Talk more about this U.S.-led push.
RICHARD HILL: Yes. The U.S. has long taken the view that data should flow freely around the world and anybody should be free to connect. Those who remember Clinton back when she was Secretary of State may recall that she had an initiative on Freedom to Connect. Now notice that it’s very interesting, it’s not the Right to Connect. Because the right to connect would imply that you get to do it at an affordable price. If you have the right to have something, you have to be able to afford it. It’s Freedom to Connect. So, well, if you have enough money or personal data that’s of value to us, then you are allowed to connect. Otherwise, we don’t really care. And that agenda really is again a U.S. corporate agenda.
As many people know, of course, the Silicon Valley types, Google and those people, were on pretty good terms with the Clinton administration and then also the Obama administration. That’s no longer the case. We’ll see what’s going to happen now. But anyway, they were pushing that agenda because that’s their business model. Their business model is they give you a service which is ‘free’ in exchange for your providing personal data. Then they use that personal data to create targeted advertising which makes a lot of money for them. And as most people know, these companies are wildly profitable. We have never seen companies there are that profitable anywhere in the world. And basically they are doing it by providing services which are valuable but they’re much less valuable than the personal data that we are providing. So my personal data is not worth very much, but combined with everybody else’s personal data it’s worth a great deal of money. And the service they provide is nowhere near as valuable as the data they’re receiving, which is why they are having such high profits.
So basically their model is they want to continue to do that and they view data localization as a severe threat to that and also privacy regulations as a threat. They haven’t publicly come out too strongly against the European Global Data Protection Regulation. But I know they are worried about it. They have sort of taken measures to minimize its effect. And even I have seen some internal industry briefings basically where they are saying this is a bad thing and you want to make sure it doesn’t happen elsewhere in the world.
LYNN FRIES: Comment on how artificial intelligence fits into all this and relations between the U.S. and China.
RICHARD HILL: Much of modern artificial intelligence is actually based on massive data analysis and therefore on massive data collection. In China right now there are no data privacy laws. So the Chinese companies have a base of about a billion people on which they can collect data which is a pretty big base. And the U.S. companies don’t have that base. And now are getting worried because with the European Global Data Protection Regulation it looks like they might lose control or at least have less control over a significant portion of the European data which is a large population. I forget exactly what it is now but it is like more than 300 million. It’s actually bigger than the U.S. population. So suddenly, U.S. companies will not have access to as much data as the Chinese companies And in the end, long term, that might be a disadvantage for them which is again why they are pushing for this free flow of data.
LYNN FRIES: Give a concrete example of how private data is going to become extremely important.
RICHARD HILL: Let’s take the case of traffic flows in a city. And let’s say that in some city there is a dominant private ride sharing operator. Let’s call it Uber, for the sake of convenience. They are going to have a lot of data about the traffic flows in the city. Now, that data is actually generated by us, the citizens who are taking those rides around the city. Now when it comes to urban planning or when it comes to training an artificial intelligence system that will monitor the traffic lights and facilitate the traffic flows and so on, who is going to own all that data? Should it be Uber, because they are the people who collected it? Or should it be us, the citizens? Because we are the ones who generated it, and properly are the owners of the data because it’s our data. So it’s not just a question of the individual ownership of data, me as a citizen. It’s also a question of the collective ownership of a bunch of citizens. And this becomes particularly important when you consider artificial intelligence.
Now, much of modern artificial intelligence, for example, the algorithms and programs and stuff that’s used to create self-driving cars, is actually based not on some clever people figuring out how to do it, but on brute-force analysis of a lot of data. You put a lot of sensors in the car. And you drive it around a lot with a human. And you collect all the data from the sensors and you see what they do and did. And then you create algorithms that emulate that. So when they see the same data pattern, they will act the same way as the human did. So a lot of artificial intelligence is actually based on the data. Without the data, you wouldn’t have artificial intelligence.
So the question becomes who gets to own the value-added of that artificial intelligence? When all these self-driving cars and trucks replace all those truck drivers and all those cab drivers and even us as people, who gets the value-added from that? You know we are not paying salaries to those people anymore. Well, who gets that money? That increased efficiency because we’re not paying people anymore? Who gets that? Is it the people who own the data and the artificial intelligence algorithms? Which is just a few guys sitting today in Silicon Valley, tomorrow in China. And I think that’s been a vastly underestimated aspect here. U.S. policies which are designed to favor U.S. corporations are actually going to favor Chinese corporations. This free market model, unrestricted flow of data, et cetera, actually is going to favour some of these big Chinese players a lot more than U.S. players.
But it’s a fundamental question. Shouldn’t the value added come back to me as a citizen? Because I am the person who enabled that, as did a community, because it’s actually the collection of all of our data that does that. My individual data is not worth very much. It’s the collection of all that data put together that’s worth a lot. So really we have to go back, I think, to the idea of community ownership or at least returning the value back to the community. Because that really is a public good, all of that data.
LYNN FRIES: What do you think explains this concentration of ‘over the top’ Internet companies in the U.S. and China?
RICHARD HILL: Yes, the computer and telecom businesses have always been a fairly concentrated business. In computers, we tend to see serial monopolies. You used to have IBM, and then you had Digital Equipment. And now you have Microsoft and Google with Android, and so on.
Now, the reason for that is because you have two phenomena that are called market failures. One is network externalities. Why do most people use Microsoft Word? Well, because most people use Microsoft Word. It’s simpler just to stick to the same product that everybody else is using. It’s the same for the telephone network. Why is there only one telephone network in the world? I mean, there are different operators, but they are all interconnected. Well, because there’s no benefit in having two separate telephone networks. I want to be able to call anybody. So that’s called the positive externality, the network effect. The other thing is economies of scale. In that business, once you produce something the cost is in the Research & Development. And then the cost of actually producing it and shipping it out is very low. So think of Microsoft’s business model. It costs them a fair amount of money to develop a new version of say Word. But then basically, it’s free to ship it out. Because they used to send diskettes or CD-Roms or whatever, now they don’t even do that. You just download it off the Internet. And so the marginal cost of production is very low. And so there’s a huge economy of scale. So once you get up to a certain level it becomes extremely profitable. And then, of course, you use that profit to improve the product and to market it and so on. And it makes it very difficult for competitors to come in.
So those two factors combined have led traditionally to a great deal of concentration. And we are seeing it again. So, yes, China has a separate market, but in the Chinese market, it is very concentrated. And in the rest of the world it is very concentrated. You know, what’s the alternative to Facebook? LinkedIn? Not really, right? What’s the alternative to Google search? Bing? Not really. And so on.
Now, what’s the solution to that? Well, the traditional solution was traditional antitrust regulation. Show that they are harming the consumers, et cetera. The problem today is that it’s not clear they are harming consumers. And maybe they are, because the value of the services is less than the value of the data. But you know, that’s kind of a hard argument. And nobody knows how to value data these days. So really we have to have a different thinking, in my view. And say that something has to be done at the public infrastructure level, and that’s where you create the level playing field and you have competition.
So for example, the basic telecom infrastructure should be viewed as a public infrastructure. That’s what the net neutrality debate is about in the U.S. It’s not couched in those terms but that’s really what it’s about. At what price should people be allowed to use this common infrastructure? And of course, that’s not controversial for roads, for water distribution, electrical power distribution, air traffic control. I mean you name it. There’s lots of areas where we say, look, there’s kind of a basic level that has to be usable by everybody. It’s not necessarily provided by the State, but it’s regulated in such a way that everybody has access. And then you compete on top of that layer. And we are only beginning to understand that for the Internet. What is the common layer that should be made available to everybody?
And again, net neutrality is that debate. Maybe that should go higher. Maybe everybody should get email. Why should I have to go to Google to get email? Shouldn’t email be a public service? After all, the postal system is a public service. Right? I don’t have to choose some private vendor in order to go send my letters. I can. I can use DHL or whatever if what I want is special delivery. But the basic service is available to everybody at a kind of fixed subsidized cost considered to be affordable for everybody. So maybe we should do the same for email. These are things that need thinking about. But again, there’s a blockage of thinking about any of these things because the mantra is “oh no everything is working just fine. Don’t touch it.”
LYNN FRIES: As things stand, internet domain names and addresses are privately owned. And so too is the physical backbone of the Internet.
RICHARD HILL: That’s right. Names and addresses are controlled on the Internet by ICANN, which is a private organization. Basically, it’s a club of the people who provide those services, whether it’s the IP addresses or the domain names. It’s not exactly the same people, so it’s not the same club. On the whole the system has worked reasonably well. Although there’s some friction in certain areas.
What I think is more interesting is the question of the affordable access, because that’s not talked about so much. People here in the West don’t see it because we don’t pay that much for Internet access. But if you go to developing countries, you see it’s just dramatic. Already they pay more than we do in absolute terms. In some cases, they’re paying 50 times as much as we do for the same access in terms of purchasing power. To me this is shocking. We have basically about one third of the world who is not able to access the Internet at anything that people would consider to be affordable prices.
Now, why is that? There are two explanations. And unfortunately we don’t have enough data to be able to tell which is true. I think probably both are true to some extent. The explanation of the U.S. and that camp is well, it’s because you still have nasty telecom monopolies in those countries which are restricting access. So what you need is to drop all regulatory barriers. Let the free market work, et cetera.
So the other explanation is that, well, at the international level there’s a cartel of very big operators who are routing all the international traffic; those people don’t actually charge each other. They have a free arrangement, interconnect arrangement. It’s called clearing. So basically, they exchange the data. And they exchange such big volumes that they don’t measure it and don’t charge for it. So it’s a barter system. But if you’re small and you want to connect to them, they charge you the full cost of connecting. So basically, developing countries are paying for the full cost of connecting to the Internet including for all of the spam and advertising and all that stuff they receive which doesn’t necessarily give them much value.
And the question is whether those big operators are acting in some sort of anti-competitive manner. Now, one of the reasons there is no data is because they are not charging prices. As I said, it’s a barter system. I send you data, you send me data. Now think of the airline system. Would you be comfortable with the airline system if you knew that the arrangements between airlines was a barter system? That they didn’t actually charge each other? It seems kind of strange. But that’s the current setup. And again, the economists who cooperate or work with the U.S. in OECD and elsewhere say, oh no, this is perfect. It’s all working fine, et cetera.
Well, the reality is it’s not working fine, because developing countries pay much too much to connect to the Internet. It’s not affordable. And then they say well, yes, that’s true. But that’s not because of the international clearing system, it’s because of these national, nasty regulations. We don’t know. I personally don’t think that’s true. I think it’s more due to the international setup.
LYNN FRIES: The intellectual property regime in trade agreements are part and parcel of this mantra that monopoly privileges incentivize private sector investment and innovation. Yet the Internet was a public, not a private, innovation.
RICHARD HILL: Yes. You know, there are these myths out there that having very strong copyrights and very strong patents will favor innovation. Well, the truth is, and there is research on it, sometimes it does and sometimes it doesn’t, and it depends. But for example, if you take pharmaceuticals, where there’s a phenomenon of evergreening; take a pharmaceutical, you get a patent on it. And when the patent expires, they make some very minor insignificant change to the formula. And then they get a new patent, then a new patent again. You know, this doesn’t make any sense, and most observers understand that. So the question of which government measures favor innovation and which of them don’t is a rather difficult one.
The Internet is an interesting example, because there’s kind of this myth out there that it was created by the private sector. The current thing we see of course was created by the private sector, but that’s true also of anything else, whether it’s telephone, or airplanes, or whatever. You know, it’s all private companies who actually implemented these services on a large scale.
If you look at the origin, it was actually a military project. I suppose people know it was originally called the ARPANET. It was a project funded by the U.S. Department of Defense in order to connect their computers in order to detect incoming ballistic missiles, and that kind of thing. It’s a long line of research that started actually before the Second World War, how to use computers to project artillery and missiles and those kinds of things. And so out of that military project grew this connection which was first academic and research-centered work related to the military.
And then the idea came, well, let’s see what happens if it goes public. And I think they didn’t think that through. Because some of the key features that you need to go public, such as security, were missing. The Internet was originally conceived as a closed, private network. Not private in the sense that it was not public, but private in the sense that it was in a closed environment. So you didn’t need security, you know, because you had trusted research labs. Plus there were no PCs at the time. It was not a question of connecting individuals. It was a question of connecting what we call the servers, fairly big computers that were in secure computer centers. And that’s why we are having all these problems now. Because we took an insecure network and then allowed it to connect insecure devices. And so now we have this big problem in security that we are trying to fix retroactively.
LYNN FRIES: Talk more about why we have this big security problem.
RICHARD HILL: Yes. Well, why do we have this security problem on the Internet? Well basically for market failures. And what are the market failures in security? Network externalities and information asymmetry.
So why do we have an externality with security on the Internet? Well, because the insecurity of my PC right here, now, when we are talking together, may be affecting you. It is not really because my computer is secure, but you don’t know that. I could have some virus in my PC now which is spreading into your computer. And you don’t know that. So my lack of security creates a problem for everybody else. This is a typical negative externality. If I pollute in the river it doesn’t bother me, but it bothers everybody else downriver. You see that, for example, with the leaks of credit card information. If I am using an online shopping site and they lose the credit card information, what do I have to do? I have to go to my bank and get a new credit card. Well, the bank doesn’t necessarily charge me for that directly, but they do indirectly because of the cost in replacing the credit card. But the company that lost the credit card data, they don’t see that cost. They simply say, oh, oops. We made a mistake. Let’s build a new database. So that’s another example of an externality.
The other market failure is because we as consumers can’t know what is and is not secure. How do I know that this PC I am using is sufficiently secure? Yes, I installed all the patches, the updates. I have antivirus software, and so on. But how do I know which antivirus software is better than another one? How can you choose between McAfee and Semantec or Kaspersky or whatever? You know it’s very difficult. So the consumer is unable to evaluate the safety of the product. By the way, that’s a standard feature. We’ve solved this for electrical power because we have Underwriter’s labs and other government mandated safety standards. We solved this with cars. There’s government mandated safety standards. We solved this with airplanes. There’s government mandated safety standards. So why do we have this blind spot in an area that’s so technical people cannot possibly know whether the product is safe to use or not? And we don’t have any standards on that. This is kind of crazy. People are beginning to understand that it’s kind of crazy and it’s going to come. But I think it’s long overdue. And I’m not the only one saying this by the way. A lot of security experts agree. And this really should be addressed. And it has to be addressed at the international level because otherwise it will be a race to the bottom.
LYNN FRIES: We have to leave it there. Richard Hill, thank you.
RICHARD HILL: Thank you. It’s a pleasure.
LYNN FRIES: And thank you for joining us on The Real News Network.