DISQUS

One correction--I should have said "liable in tort" in that opening sentence. The privacy law would impose its own kind of liability.

I'm not sure I agree that making those who lose data liable is the right answer to this question. Let's analyze this approach a bit further.

Normally, if one person's negligent act or omission injures another, the negligent person can be liable in tort. So, for instance, if you get distracted and drive into the back of someone else's car, you can be legally liable for the damage you cause to their car. This same principle should apply to a corporation that injures someone by leaking that person's sensitive data, unless there is some law that shields the corporation from liability. I don't know whether such a law exists, but for the sake of argument let's assume it doesn't.

So, assuming these people are already liable in tort, the next question is why aren't they changing their behavior under a flood of lawsuits?

Two possibilities come immediately to mind. The first is that no one person is hurt enough to justify the year or two of effort and $50K-$150K in legal fees it'd take to win a judgment. The classic solution to that sort of problem is to allow class actions: let a whole class of plaintiffs pool their similar claims, with one legal team leading the charge, and divvy up any damages they recover. I, personally, don't have a big problem with class action lawsuits in the right circumstances, but the current political and legal climate seem to frown on them.

The second possibility is that those data collecting entities may be able to contract around liability. Maybe when you sign up for your credit card, for instance, the contract includes a clause that says, in effect, "you agree not to sue us if we lose your data." But if all the credit card companies had a clause like that, then no one would end up suing them for data loss because the only way to get a credit card would be to agree to a contract waiving your right to sue. The classic solution to that kind of problem is to pass a consumer protection law which says, in effect, you can't waive your right to sue someone who loses your data even if you want to waive that right. Again, I don't have a big problem with consumer protection laws in the right circumstances, but they're not the sort of thing I'd normally expect this forum to support.

Finally, if you're interested in overall economic efficiency, litigation is usually a poor choice. It's generally slow, expensive, and inefficient. There are times when it's necessary or appropriate, but are you sure you really want it as your primary enforcement mechanism?

I'd guess the blocking questions came up because some critics of NN have said it would prevent a network provider from blocking spam zombies or viruses looking for exploitable systems when the source is the provider's own network.

The questions about prioritizing packets come up for a number of reasons. IP version 4 allows something called "type of service" or "quality of service," but anecdotally very few networks seem to support it. It's possible some of them are prioritizing based on other traits of the packets, like port number. It may also be possible that they have plans to prioritize but haven't started doing it yet. Some forms of NN disagree with prioritization, others disagree with it only when a network changes the priority level depending on the content's source (as opposed to the type of content), so for example they might object if AT&T;, which co-brands its DSL service with Yahoo, were to prioritize Yahoo searches over Google searches for all AT&T; customers.

Remember that two of the five commissioners have taken fairly strong stances against the NN provisions in the AT&T;/BellSouth merger, suggesting they would be hostile to NN. (pdf) Two others seem to favor some form of NN. The fifth abstained from voting on the AT&T; deal, so I'm not sure where he stands. So while some on the libertarian side may be suspicious of an FCC power grab, here, some NN proponents are probably just as suspicious that this is a procedural maneuver to bury the debate. (The FCC doesn't have to act on a notice of inquiry. They can gather all the comments and then say "based on these comments, we don't think regulation is necessary right now.") A third possibility is that it's a power struggle in which the FCC's trying to head off congressional legislation. Or, maybe they're just trying to hash it out once and for all so they don't have to revisit it every time they need to vote on a new telecom or cable merger.

I agree with you that there are "many, many social problems that fester due to a lack of communication," in fact, I think the OLPC project is potentially revolutionary (literally, in the political sense) for that reason. But if some information is good, does it necessarily follow that more information is better? Or does it make a difference what kind of information we're adding to the mix?

Based on the comments to this post, I suspect the real divide is over whether our systems are effective and reliable at turning data into knowledge, which really gets back to your first point about filtering. If you think the filtering process works reliably at letting people make good decisions, and you believe the filters will keep working reliably as the information flow increases, then you'd naturally think that more information is necessarily better--after all, the amount of signal's going to grow with the amount of noise. On the other hand, if you think too much information will break the filters, or you think some of them might already not be as effective as they should be, then you might expect there will come a point of information overload, or even think we might have passed that point.

I think it's important to distinguish between media sources generally, which are abundant (modulo the net neutrality/site blocking debate), and the electromagnetic spectrum, which is a public commons and a limited resource with the broadcast technologies currently in use. Because the spectrum is a commons, federal law requires the FCC to regulate radio "as public convenience, interest, or necessity requires." (47 U.S.C. § 303) While regulating in the public interest is a pretty fuzzy standard, and there's a lot of debate about whether the FCC's actually living up to that requirement, I think you need to be careful about lumping speech on the radio in with speech in media in general without considering the fact that there are reasons to distinguish between them in how we regulate.

In the meantime, how 'bout writing your representative?

People will put up with a tremendous amount of inconvenience either if they think it'll keep them safer or if the restrictions increase gradually enough. Consider what East Germans were willing to tolerate with the Stasi, for example, or the rationing in the U.S. during WW II to help the war effort.

The things likely to spark a backlash are either a very sudden, sharp increase in security-related restrictions or a sudden piece of news that makes a critical number of people believe the existing measures are not effective at keeping them safe. For instance, a law that prevented all interstate highway travel without prior authorization would probably do it, or news of a COINTELPRO-like operation using watch lists to target popular political figures.

OK, I had a chance to do a lot of reading about the economics over the weekend. I've published an annotated bibliography.

Is there a legitimate market for student papers to be included in plagiarism-checking databases? Or for resale to further plagiarism?

If there are no legitimate markets at all, it seems like that fact would tend to undercut the cost recovery rationale for copyright, limit the infringement argument (because there's no improper appropriation), and maybe strengthen at least one factor of a fair use defense.

If you're looking at packet shaping and prioritization as a handle on the smart network/dumb network debate, you might also consider a third technique which proved effective in practice: have your company connect to multiple service providers and steer outbound traffic down one link or the other. It takes advantage of the fact that traffic tends to be asymmetric, with most of outbound from the company. (Picture someone like YouTube using this stuff.) Routescience used to have some stuff called Adaptive Network Software that did that. (You can find a quick overview here, but it helps if you speak NANOG :-) . They've since been acquired by Avaya but might be willing to furnish whitepapers. I think Sockeye had something similar, too. A good general lesson to draw is that getting good performance across a wide range of applications without embedding intelligence in the network can be a difficult technical challenge.

For other references, I assume you've already gone trundling through the cites in Rob Frieden's Network Neutrality or Bias paper?

I'm not sure I follow. If you're advocating a requirement that people vote based only on watching CSPAN and reading the Congressional record, then it might make sense, but the reality is that most voters follow developments second-hand through news reporting. If they're going to do that, I don't see why translated news should be significantly worse. It's true that diplomats and lawyers need access to the precise language, but most people operate in a world of policy and/or loyalty considerations, where translations should be adequate.

It seems to me that the really difficult issues with line-drawing are likely to arise in areas such as embedded software. Should an FM radio be patentable? What about a software radio that has exactly the same functionality with fewer parts? Should a defibrillator be patentable? What about one that shapes the voltage based on heart activity? Would it make a difference if the voltage-shaping feature were implemented in hardware or in software? Should the voltage-shaping feature be independently patentable? Even if implemented entirely in software? The lines get fuzzy because the distinction between hardware and software is fuzzy--there is an area of overlap in which you can achieve the same goal using either. You could choose a bright line rule saying no feature is patentable if implemented entirely in software, even if it accomplishes the same goal as one implemented in hardware, but you'd need policy reasons for making such a distinction.

The second point you raise about having to interact on a daily basis with lawyers is valid but not unique to software. We might all benefit from empirical data on whether patents are a net gain or net loss to innovation, coupled with research to identify the significant traits of the industry that determine what effect patents are likely to have. For example, patents might slow development in rapidly moving areas such as software in which the industry norm is to protect trade secrets, or it may be that the effort we put into preventing reverse engineering and guarding our trade secrets is more expensive than having the lawyers working with the programmers. We might have a gut feeling on this question--I certainly do--but too much legislation in this world gets made on gut feelings that turn out to be wrong.

Thanks, the article certainly helps. So, to paraphrase, just to make sure I have it: <ul>
<li>The Supreme Court allowed software patents provided the software meets a funky § 101 requirement.</li><li> AT&T; has a patent on a codec.</li><li> Microsoft sent a gold copy of the codec overseas so their affiliates could reproduce it.</li><li> AT&T; claims Microsoft has violated a law against exporting components of patented inventions.</li><li> (Presumably said law also has teeth to prevent someone from sending one copy of the component overseas for copy and reproduction by overseas affiliates.)</li><li> Microsoft says, "software is not a component, it's more like a blueprint, so we're not liable for overseas reproductions." </li><li>AT&T; counters, "no, it's a component, therefore you're liable for the overseas reproductions."</li></ul>
My (fuzzy) understanding of the § 101 requirement is that the software must accomplish a particular purpose in the real world. Do I have it now?

I hope so, because my next question is going to be whether the Supreme Court is likely to distinguish between software for embedded systems and software for general purpose computers.

I agree that treating executable code as somehow permanent is questionable from a technical (as opposed to legal) standpoint. I haven't dug deeply into Windows recently, but both DOS and Linux modify the executable image of the software on disk as they load it, or portions of it, into RAM--they perform segment fixups, link in the necessary libraries, and so on. I believe a similar process happens as the OS loads device drivers. Also from that same technical standpoint, trying to create some clear dividing line between hardware and software seems difficult. For example, an FPGA straddles that fuzzy line: a series of ones and zeros rewires the device's components.

What I don't understand, though, is how these issues fit into patent law in this case. If you have time to write it, I'd love to see a post that provides a some context, summarizing the issues in the case and how this discussion plugs into them.

It's not a technical problem--many operating systems have had file system encryption for years--it's a social and legal one. There's been considerable discussion of a related issue, liability for software bugs, on Bruce Schneier's blog. I'm not yet convinced a liability rule is the right answer for software bugs because software engineering is still such a young field. On the other hand, I can see a stronger argument in favor of liability for data loss because, at least with lost laptops, effective and fairly inexpensive methods of preventing it already exist. It may make sense to let customers and citizens hold corporations and governments liable for the consequences of negligently losing their sensitive data. Of course, if we did that we should also let the corporations and governments turn around and recover whatever they can from the people who intentionally misuse that data.