First off, I have to admit a bias here. I have researched this topic before, and actually wrote to the FCC to encourage them to classify ISPs as a telecommunications company under Title II of the Telecommunications act, mentioned in the "Net Neutrality: What You Need to Know Now" article.
So, what is net neutrality? The best analogy I've heard is to treat internet networks the same way roads are treated. For example, UPS, FedEx, etc. can't discriminate against certain packages. They can't charge Amazon more, they can't charge eBay sellers more; etc. Their only job is to move material from point A to point B, they can't discriminate between what they're moving. Similarly, ISPs can't charge Netflix more to use their internet pipes.
A final simplification: When you purchase internet service, you're just purchasing a pipe that serves out bits. You can't be charged more or less for whatever type of bits you get out of that pipe.
The argument for net neutrality is that without this, ISPs can do some ugly stuff. Comcast significantly slowed down Netflix to force them to pay, for example, before the new rules were passed. It's also not hard to imagine a world where you would have to bundle certain internet services as well. "Base internet access is $1,000,000 a month, the Netflix package is $2 billion and YouTube is $1 billion." They could force you to bundle internet coverage the same way they force you to bundle television channels. All without ever actually laying down any more cable.
The argument for net neutrality is that some unnecessary data (Netflix, etc) is overflowing the pipes and important data (healthcare, etc.) is getting slowed down. So the corporations should be able to charge Netflix in order to lay down new cable and build them a fast lane.
My thoughts: The argument against Net Neutrality seems totally bunk to me. If you have a pipe of size X, you can distribute that pipe to N people, then each person pays for a piece of the pipe. Equally distributing this pipe would give everyone in the neighborhood X/N bandwidth. That's a terrible system, but that's not what net neutrality says. The ISPs can divide their bandwidth however they want, based on who pays the most. So everyone pays a certain amount and gets a pipe of a certain size to fit their needs.
So if I'm at home trying to sign up for healthcare (or something else important) and the website is super slow because my brother is using all the bandwidth on Netflix, I don't think "curses, if only the ISP slowed down Netflix for me so that this wouldn't happen." I think "We need to buy a bigger internet pipe" or "Get off Netflix! I'm doing actually important stuff!"
In my opinion, there's no reason to artificially discourage use of Netflix by paying more for it. If I notice the internet slowing down, I'll buy a bigger pipe, which will give ISPs the money they need to lay down more cable. I don't want to be forced to purchase the "Netflix package" to actually enjoy a show.
How to implement it is a much more difficult question. I think the best way would be monitoring internet speeds for certain websites to make sure the ISPs don't slow down one particular site, and responding to any lawsuits. Also monitoring ISP deals and offers to ensure they don't create "The Netflix Package." I don't really care how much this "burdens" Comcast. I'll care once competition is restored, but without competition, someone has to fight the monopoly and enforce burdens.
I don't understand how Net Neutrality prevents innovation. If anything, it supports it. Without neutrality, ISPs could easily charge a fee to every website ever to avoid being massively slowed down. That would make creating a new website much more expensive. Currently, you can set up a website that serves bits as quickly as Google, Facebook, or any other giant. This has lead to a plethora of new and interesting independent sites. The loss of net neutrality could stifle that innovation.
Finally, whether "The Internet is a public service and access should be a basic right." This one is harder. We think that about roads, but roads aren't partially owned by corporations. Perhaps the best example is electricity? But is electricity a "basic right"? (A quick Google shows that electricity being a basic right is still somewhat debated). So on the spectrum of basic rights: Life, liberty, pursuit of happiness: Yup. Electricity: Probably? Taking it away from the country for a long period of time would kill people. Internet: Probably not? Taking it away wouldn't kill people or deprive them of basic rights...yet.
Should it be a public service, regulated like a utility like water or electricity? Probably, and I think it's becoming more necessary. Schools usually assume you have internet access and require it for assignments. Many services are going entirely online, like banking, flight and hotel booking, etc. Soon enough, I posit that internet access will be assumed, and not having a connection will severely impact your ability to function in society (manage finances, file taxes, book trips, buy anything). Therefore, letting corporations pick and choose which (legal) data can go through their Internet pipes sounds like a terrible idea.
Sunday, March 26, 2017
Sunday, March 19, 2017
Corporate Personhood (and Sony)
Corporate personhood is the idea that a corporation is legally a person. It has (some) rights, it can be sued, etc. This is useful in many cases. As the "If Corporations Are People, They Should Act Like It" article points out, it means that the government can't just barge in and seize all of Google's servers, because Google is protected with the Fourth Amendment rights to be free of unreasonable searches and seizures.
There are other legal benefits of corporate personhood pointed out in that article. For example, if a corporation harms an individual or group of individuals, those individuals can sue the company directly. The company has a much bigger pot of money to dole out than all of its executives combined. Therefore, the plaintiffs actually stand a chance to recover what they've lost.
Recently, however, some more dubious rights have been awarded to corporations; namely the right to spend unlimited amounts of money on political campaigns. This has huge social and ethical impacts on society, because elections are now more than ever influenced by which ever groups have the most money. I think awarding this right of unlimited spending to companies (and individuals, for that matter) was a terrible mistake. However, this mistake is separate from the idea of corporate personhood. We can easily have a society where corporations are treated mostly as people, but cannot spend unlimited amounts of money on a campaign; in fact, we've had that society for most of America's existence.
Ethically, the results of corporate personhood overall are more difficult to sort out. As the "How Corporations Got The Same Rights As People (But Don’t Ever Go To Jail)" article points out, corporations are recognized as not having a soul. So they aren't really expected to do the "right" thing, just whatever makes them the most money. This view causes problems, however.
For example, Sony was unethical when it installed a rootkit on millions of devices. The idea was to enforce copy protection. However, this software ate up users CPU and made computers more vulnerable to attacks. Furthermore, it was nearly impossible to remove. I think this is akin to selling a little robot along with the CD that would constantly buzz around the house and zap you whenever you tried to copy something you shouldn't. That seems wildly unethical, and I don't see how that situation is any different than the rootkit version.
However, I don't think Sony was sufficiently punished. Sure, they had to pay a fine, but it didn't seem to hurt them as a corporation. If a person committed that sort of hacking scheme and was caught, they would likely spend much of their life in jail. In comparison, Sony seemed to hardly be hurt. Most of the retribution seemed to come in the form of extra-legal hacks. I think this is the largest problem with the way corporate personhood is dealt with in practice. The company pays a fine and most of the employees at fault don't get punished as they should.
Overall, companies get the same rights as individuals. So shouldn't Sony (and companies like them) have just been more ethical in the first place, like individuals generally are? What Sony did was illegal as well as unethical, but what if it had just been unethical? Would that have been wrong since corporations are treated as people?
I would argue no, under current law. Corporations are treated as people mainly out of convenience, not because they actually act as people. The current law requires corporations to respect the desires of their shareholders first. And the shareholders of public corporations just want their stock to increase in value. So companies are legally encouraged to care only for maximizing shareholder wealth. (I'm taking a Corporate Finance class this semester. This is exactly what we are taught the role of a financial manager is: maximize shareholder wealth).
This idea needs to change if we are to expect corporations to be ethical. Perhaps new regulations are in order. Perhaps more ordinary employees and stockholders should serve on the board of companies. I don't know how to make companies more ethical, but some sort of legislative change is needed if we are to expect companies to care about anything other than maximizing profit.
There are other legal benefits of corporate personhood pointed out in that article. For example, if a corporation harms an individual or group of individuals, those individuals can sue the company directly. The company has a much bigger pot of money to dole out than all of its executives combined. Therefore, the plaintiffs actually stand a chance to recover what they've lost.
Recently, however, some more dubious rights have been awarded to corporations; namely the right to spend unlimited amounts of money on political campaigns. This has huge social and ethical impacts on society, because elections are now more than ever influenced by which ever groups have the most money. I think awarding this right of unlimited spending to companies (and individuals, for that matter) was a terrible mistake. However, this mistake is separate from the idea of corporate personhood. We can easily have a society where corporations are treated mostly as people, but cannot spend unlimited amounts of money on a campaign; in fact, we've had that society for most of America's existence.
Ethically, the results of corporate personhood overall are more difficult to sort out. As the "How Corporations Got The Same Rights As People (But Don’t Ever Go To Jail)" article points out, corporations are recognized as not having a soul. So they aren't really expected to do the "right" thing, just whatever makes them the most money. This view causes problems, however.
For example, Sony was unethical when it installed a rootkit on millions of devices. The idea was to enforce copy protection. However, this software ate up users CPU and made computers more vulnerable to attacks. Furthermore, it was nearly impossible to remove. I think this is akin to selling a little robot along with the CD that would constantly buzz around the house and zap you whenever you tried to copy something you shouldn't. That seems wildly unethical, and I don't see how that situation is any different than the rootkit version.
However, I don't think Sony was sufficiently punished. Sure, they had to pay a fine, but it didn't seem to hurt them as a corporation. If a person committed that sort of hacking scheme and was caught, they would likely spend much of their life in jail. In comparison, Sony seemed to hardly be hurt. Most of the retribution seemed to come in the form of extra-legal hacks. I think this is the largest problem with the way corporate personhood is dealt with in practice. The company pays a fine and most of the employees at fault don't get punished as they should.
Overall, companies get the same rights as individuals. So shouldn't Sony (and companies like them) have just been more ethical in the first place, like individuals generally are? What Sony did was illegal as well as unethical, but what if it had just been unethical? Would that have been wrong since corporations are treated as people?
I would argue no, under current law. Corporations are treated as people mainly out of convenience, not because they actually act as people. The current law requires corporations to respect the desires of their shareholders first. And the shareholders of public corporations just want their stock to increase in value. So companies are legally encouraged to care only for maximizing shareholder wealth. (I'm taking a Corporate Finance class this semester. This is exactly what we are taught the role of a financial manager is: maximize shareholder wealth).
This idea needs to change if we are to expect corporations to be ethical. Perhaps new regulations are in order. Perhaps more ordinary employees and stockholders should serve on the board of companies. I don't know how to make companies more ethical, but some sort of legislative change is needed if we are to expect companies to care about anything other than maximizing profit.
Sunday, March 5, 2017
Internet of Things
I've had a long-running argument with a friend that the Internet of Things can be a good thing. She is convince that it is the worst idea conceived by man, and will be the downfall of mankind. After reading the articles, I'm starting to see where she's coming from...although I think it can be repaired.
The motivations for the IoT is to make everything easier to access and smarter. Home controls that you can configure online. Dumpster sensors that make garbage collection more efficient. Cars that can talk to the internet. Even things like Echo and Alexa that listen and process everything you say, so they can respond to your wish immediately. You can have control over your own things from anywhere, which is quite convenient.
The main problem is, of course, security. If you can access that webcam remotely, how do you make sure no one else can? If your car can send and receive arbitrary data from the internet, how do you make sure your users don't download a virus? (Or at least, how do you guarantee that the virus can do no harm?)
So what should programmers do about security? In a perfect world, they would develop 100% safe code. But that will never happen. So they should insist on increasing security efforts to their managers, but ultimately, how much effort to spend on security is up to the company. Security requires a significant effort from a team of engineers; the company must decide to allocate these resources.
Because the companies decide how secure a product is, how much security is put into the device is directly proportional to how much consumers would care about a failure, because the more secure the thing is, the more expensive it is.
Therefore, cars seem relatively secure (despite the inflammatory articles). Consumers are hyper-sensitive to car hacking, and companies are even more so. I'm sure Ford has every possible incentive to make sure its cars are hack-proof. Imagine all Fords on the highway suddenly stopping, or veering off the road. It would destroy the company instantly. In this industry, interests are aligned; the industry sees the need to invest in security.
However, most IoT industries don't have this drive. They are pushed to create the "minimum viable product," always pushing down costs. As one article puts it, "Consumers do not perceive value in security and privacy. As a rule, many have not shown a willingness to pay for such things." Security becomes a second thought, because consumers don't seem to care about buying a cheap, insecure webcam.
Which brings up the idea of who is liable when breaches occur. Ideally, the company who made the item. This is obvious in the case of cars, but what if someone just set no password? Or had a really bad password? It's the user's fault, right? But what if the default is no password? Then the company is probably to blame. Also, how do you discover a webcam hack? You know if your car stops on the road, but how do you know that you're being watched? In short, companies should be liable, but the waters get really murky really fast.
I think the government needs to step in and regulate this industry. Have certain security requirements for anything that connects to the internet. (Although there might be an inherent conflict of interest with the surveillance discussion from last week...). The impact of an insecure IoT is frightening. With microphones and cameras, others could hear and see everything about your life. Whether that's hackers or the government, I think that's a dangerous road to walk down. Even the devices that don't have cameras/microphones could (and have been) used as a botnet. Those are two serious problems with an insecure IoT.
Overall, do I fear the Iot? Billions of interconnected devices? Yes and no. At the current pace of security, yes. I would not buy a smart home, webcam, Echo, or Alexa. I think security has the potential to improve, however. If meaningful strides are made, perhaps overseen by a new government agency (a few administrations down the line, I guess), I would trust a web of objects. But not today.
Subscribe to:
Posts (Atom)