September 22, 2006!  There are other logo colors too, for all the different moods of OneWebDay.  Try orange:

So I brought the viola to Vancouver.  It's nice to have it here, and it gives me something to do that is fully analog.  Wave forms. 

Although I have to say that it came to me tonight that I have been assiduously playing the same Bach partita, off and on, for the last 25 years.  I used to play it on the violin, now I play it on the viola, and I'm still not completely happy with how it sounds.

Give me another 25 years and I'll get it right.

The ICANN meetings are long.  This one runs Sunday to Sunday, with sub-meetings booked back to back.  It's as if all possible ICANN interactions take place face to face during these thrice-annual meetings.  I'm wondering whether there's a way to lighten the load of these meetings for everyone concerned.  It's expensive to attend (obviously) and time-consuming. 

Is there a way to use the key goal of transparency to inform this -- to have more happen online, in a visual way?  Docket sheets, ways to track what's going on visually (think small policy-wagons going horizontally across a time line, with moments when comments are coming in demarcated with vertical lines and flags)?  There should be a better way to get things done than to have all interactions be face to face.  There's always a need to have part of communications as close to full-bandwidth (in person) as possible.  But if that's making it difficult for people to participate, why focus so much energy on in-person only, to the exclusion of other lower-bandwidth ways to communicate? 

Speaking of meetings, there are lots of meetings tomorrow, Tuesday, that potentially conflict.  So I want to underline a couple that I'll do my level best to attend.  I may not be able to stay for the entire time, but I'll be there at some point.

1.  From 12:30 to 2:30pm tomorrow, in the Grand Ballroom A-C, there's a meeting about the VeriSign settlement.

2.  From 2:30pm to 6:30pm tomorrow,  in the Stanley Park Ballroom 3, there's a meeting about whois questions.

More later.

I'll be in Vancouver at the ICANN meetings from now until next Sunday afternoon.  I took a walk this afternoon that looped around this:

I've recently been reading these (q&a about the VeriSign settlement agreement) and these (the proposed new VeriSign agreements) and this (the current MoU) and this (the original NSI Amendment 11) and this (the current IANA agreement) and this (which describes ICANN's view of the IANA services) and many many other related documents.  I'll blog this week, but I won't be able to do a play-by-play -- it is shaping up to be an enormous swirl of events.  I'll be walking around and finding people to talk to.  I'm not an official board member until the last minutes of the meeting on Sunday.

(Thanks to Joi Ito for the Vancouver picture)

I heard something wonderful this afternoon.  It had a dramatic back-story:  the singer had been ill this year, and kept canceling concerts.  People wondered anxiously whether she was going to cancel this one.  Was she still sick?  Was she dying?

The music:  settings of glowing Pablo Neruda poems by the singer's adoring husband. 

The conductor:  scarcely moving, beloved by the crowd, conjuring astonishing sounds from the players.

Okay, okay:  The piece was Neruda Songs by Peter Lieberson, the singer was Lorraine Hunt Lieberson (who started off as a violist but has gone on to much better things), the conductor was James Levine, and the orchestra was the Boston Symphony.  Everything came together for an unforgettable span of time this afternoon.  Hunt Lieberson was luminous.  Before the applause there was a time of silence that seemed to go on forever.

The BSO will repeat this program (totally delightful programming, too:  Til Eulenspiegel and Mahler 4) on Monday the 28th at Carnegie Hall.  If I could, I'd go hear it again.

Within the last ten days or so, the key vendor of CALEA compliance services (VeriSign) has taken a very stern tone [pdf] with the FCC, saying that the Commission has read CALEA far too narrowly.  VeriSign wants any SIP-using service to be part of the program, and suggests that interconnection with the traditional telephone network shouldn't necessarily be the standard for compliance.  Translation:  any possible multimedia application (whether connected to the phone network or not) and all connections to the internet should be designed in advance so as to be easily tappable by law enforcement.

(What's a SIP-based service?  It's any service using the Session Initiation Protocol, an IETF signaling protocol that can be used in connection with any multimedia or voice or gaming application.  GoogleTalk will use SIP; MSN Messenger already does; a host of VoIP applications already do.  It's a very broadly used peer-to-peer protocol.)

VeriSign is also arguing that the rest of the world is moving smoothly along the vendor-assisted interception path, and that "the only impediment to implementation domestically principally lies in the Commission's actions" in the CALEA proceeding.  We are ready, sayeth VeriSign (describing itself as a member of the "entrepreneurial and innovative global lawful interception industry") to provide these compliance services at minimal cost, but the Commission is getting in the way.  Really, how could you, Commission? 

Similarly, the DOJ has also taken a very stern tone [pdf] with the FCC, saying that the Commission has read CALEA far too narrowly.   They'd like CALEA to cover any application that is capable of connecting to the traditional telephone service, whether for receiving or making calls, and they want all services (not just broadband services) to be covered, no matter what equipment they use. 

What's extraordinary about all this firmness on the part of the sole listener (DOJ) and the key vendor (VeriSign) is that the FCC has reached very far indeed to do their bidding already.  By virtue of a less-than-weak reading of CALEA (which doesn't apply to "information services"), the Commission has gotten up the nerve to act like Congress and proclaim that a huge range of actors have to be CALEA compliant within 18 months, without saying what compliance means.  Non-compliant firms will be subject to fines of $10,000 a day.  So entities have to start complying without knowing what to do, and they won't even know whether they're covered -- because the FCC is sometimes flip about whether they are.  Enormous, arbitrary, capricious, and aggressive confusion is in the air.

It's all pretty astonishing and pretty abusive, and the DC Circuit will have its say soon.  The CDT coalition just filed a very strong request for a stay of the CALEA order with the FCC, and will file a similar request in court on December 7 if the Commission doesn't respond.  The stay request points out that the FCC has effectively delegated its authority to decide how CALEA will be complied with to the DOJ.  A key line: 

With the looming deadline, the FBI can say in its “discussions” with industry representatives, “Define call-identifying information our way and you’ll be fine, define it a different way and we may bring a civil action against you for non-compliance in 18 months."

But if you listen to VeriSign, we're all being silly, the world has moved on, and we should just shape up and get with the program.  I feel sorry for the well-meaning professional staff at the Commission.  They're under tremendous pressure.

Here's an announcement from CDT.  This is a wonderful opportunity that has been established in honor of Ron Plesser, someone who befriended many many people over the years and was a joy to be with:

RON PLESSER PUBLIC INTEREST FELLOWSHIP IN PRIVACY LAW AND INTERNET POLICY

The law firm of DLA Piper Rudnick Gray Cary has established a public interest fellowship at the Center for Democracy and Technology (“CDT”) in honor of Ron Plesser, a senior partner at the firm who died suddenly last fall.  Ron was a leader in the fields of e-commerce, freedom of information, and privacy law who began his career as a public interest lawyer. Over the course of his legal career, Ron helped frame the still-evolving legal standards for information policy in the digital era.  In order to encourage new lawyers to follow in his path, the first fellowship will be awarded in 2006 to a recent law school graduate to practice in the areas of privacy law and Internet policy at CDT for two years under the direction of the organization’s senior attorneys.

CDT works to promote democratic values and constitutional liberties in the digital age. With expertise in law, technology, and policy, CDT engages in a variety of strategies to enhance free expression and privacy, including advocacy, public education and research.. CDT works on legislation, participates, participates in agency rulemakings, engages in litigation, and fosters consensus building among public interest and private sector stakeholders. www.cdt.org

Ron Plesser worked closely with CDT from its founding a decade ago.  The fellowship will honor his memory by identifying and nurturing the careers of young lawyers interested in learning the consensus building approach to policymaking that Ron’s career exemplified.  The Plesser fellow will work on projects offering an opportunity to exercise leadership, and will broadly participate in the organization’s legal and public policy activities, in order to provide the fellow with a strong foundation upon which to pursue a public interest legal career in the privacy and Internet policy field.  www.ronplesserfellowship.org

How to Apply:  Third year law students and recent law graduates with exemplary academic records, an interest in privacy, information policy, civil liberties and technology policy, and a demonstrated commitment to public interest law are encouraged to submit applications to dani at cdt.org by January 31, 2005. Individuals completing other fellowships are welcome to apply. Applicants should include a cover letter explaining their interest in the field of privacy and Internet policy and two writing samples. Two letters of recommendation will be required of leading candidates, but may optionally be submitted with the application. CDT is an equal opportunity employer, and women and minorities are particularly encouraged to apply.

Important Deadlines:

January 31, 2005- All applications must be submitted

February – March- Semifinalists selected and interviewed
Late  March-  Plesser Fellowship Committee reviews one or more finalists, selects Fellow and  extends offer

June- September 2006- Fellow commences work at CDT, on a date to be agreed between CDT and the Fellow

Fellowship Candidate Evaluation Criteria:

• The candidate’s demonstrated or stated commitment to public interest generally and specifically to the area of privacy and civil liberties;
• The candidate’s academic record, professional/ volunteer activities, subject matter expertise indicating that s/he possesses the relevant skills, initiative to make the Fellowship a success;
• The candidate’s legal writing and research skills;
• The candidates commitment and ability to fulfill the two-year term required by the program; careers of public interest careers;

Terms of Fellowship:

The Plesser Fellowship requires a two-year commitment from the Fellow.  The fellowship will pay a salary of $50,000 plus health care and other benefits.

Sometimes the Commission can be a little flip, a little offhand.  This happened in the CALEA order [pdf] that was released in late September.  After saying that educational networks like those operated by universities and research libraries (including Internet2) probably wouldn't be subject to CALEA, the Commission stated:

To the extent, however, that these private networks are interconnected with a public network, either the PSTN or the Internet, providers of the facilities that support the connection of the private network to a public network are subject to CALEA [because they are substantial replacements for local telephone service].

There's a lot in the text of this footnote snippet.  (It's note 100, for those of you who like footnotes.)

First of all, defining the PSTN and the internet as [roughly equivalent] "public networks" is a big rhetorical step.  It seems as if the internet is being reframed as another flavor of telephone network.  Rhetoric matters.  That's why they called it the "broadcast flag" -- who could possibly be against a patriotic flag waving in a friendly way to protect beloved broadcast programs?  As it turned out, of course, the broadcast flag was a massive cost-shifting and innovation-squelching effort of which the flag (the marking scheme) was the smallest and most inoffensive part.  Names set the initial terms of debate, and there is reason to worry about setting up the traditional telephone network and the internet as peers -- both "public networks" that need to be protected and regulated like public libraries and public highways.

Beyond the naming scheme, it's quite a step to say that any private network (say, any enterprise VPN) that is capable of connecting to the internet must be CALEA-compliant -- if that's what the footnote is saying.  If it's not saying that, what is it saying?  What entities "support the connection of [a] private network to a public network"?  Arguably all actors involved in making it possible for one network to connect to another -- all device manufacturers, all access providers, anyone who leases a line that connects to an ISP, all technicians. 

An enormous consortium of associations calling itself the Higher Education Coalition recently filed comments in the CALEA proceeding.   The Higher Education Coalition points out that private networks are exempted from CALEA, and that CALEA's coverage is specifically limited to common carriers. 

But beyond the legal-beagle analysis, the Coalition's points on burden are very strong:  since 2004, only one higher education institution has received a wiretap request, and it was complied with very swiftly -- within 24 hours.  So what's the problem?  Why would law enforcement need this subset of private networks to change all of their systems in advance so as to make them easily tappable?   And here's what the vendors say (remember the new form of regulatory capture):  "if the Commission or DOJ adopted an expansive reading of the [CALEA] Order, higher education and research institutions would have to replace much--if not all--of their network equipment."  Even doing this with software would be "costly," according to these vendors. 

This could cost billions of dollars -- just for the universities.

Now, the most important point of all is that the FCC hasn't yet said what anyone subject to its expansive reading of CALEA will have to do.  All it has done is announce who may be covered by CALEA, and that these entities (any business with a private network that is capable of connecting to the internet? any free VoIP application that can interconnect?) will have just 18 months to comply.  The clock is already running on an entirely uncertain, and hugely expensive, mandate.

Washington Internet Daily puts it well:

Especially in the Internet governance debate [at WSIS], conflicting parties presented very different interpretations of what the cut deal including an Internet Governance Forum [meant]. . . .

The still-deep rift over the governance issue was exemplified by the contrast between visions on the future of the Internet. John Marburger, dir., White House Office of Science & Technology Policy, said the result was "to do no harm to a system that works so well." ITU Secy. Gen. Yoshio Utsumi, however, at the concluding press conference, spoke about a regionalization of the Internet, saying "the Internet in 5 years will be a very different network."

It sounds, from a great distance, as if the ITU is continuing to make a play to have some kind of "oversight" over ICANN.  And it's likely that the Governmental Advisory Committee wants to have more say as well.

The ITU's continued work on next generation networks (NGNs) seems to fit here.  They're drawing up specifications and pleading with industry to work with them -- they already have Cisco as a sponsor -- in an effort to show that they can work quickly.  It's hard to tell (as usual) exactly what is going on.  Certainly there's a big push on ITU's part for IPTV standards.

ITU may want to position itself as the source of standards for the internet as a whole.  Because what ICANN does (or should do) is approve global consensus-based standards for naming and addressing, the tensions will continue for the forseeable future. 

Here's a quote from a recent ITU NGN telco meeting, also from tomorrow's Washington Internet Daily:

Speakers were asked how to make NGN easy for consumers to use. One thing NGN might accomplish is creation of a self-sustaining network service that gives users a safer, simpler and more secure experience, [a UK trade group chair] said. With NGN and broadband access, he said, stable devices can be developed that "half-wits" can use.

That's one vision of the online future:  the online world will be designed in advance for half-wits.

Reps. Boucher and Terry have introduced a bill [pdf] that would support universal service (roughly, telephone service in rural areas) by imposing a tax on any entity providing voice communications over any platform.

So the bill defines "communications service providers" to include any entity that "uses telephone numbers or Internet protocol addresses, or their functional equivalents or successors, to offer a service or a capability (i) that provides or enables real-time voice communications; and (ii) in which the voice component is the primary function."

This must mean that any provider of free voice services is covered too, whether or not they connect to the traditional telephone network.  This must cover Skype.  The idea is that the FCC is supposed to begin a rulemaking that would lead to charging "communications service providers" for universal service. 

Section 4 (starting on p. 17 of the draft) says that another rulemaking is supposed to establish mandatory rules for tracking all services -- presumably so that USF can be assessed.  This section is truly startling.  It appears, among other things, to outlaw encrypted online traffic.  Take a look at this:

Communications service providers [this includes any application that uses IP addresses to provide real-time voice communications] shall ensure that all traffic that originates on their networks contains sufficient information to allow for traffic identification by other communications service providers that transport, transit, or terminate such traffic, including information on the identity of the originating provider, the calling and called parties, and the jurisdiction in which the traffic originates. . . .

This is outrageous.  This means that any voice application has to label its packets so that everyone else handling their packets can tell exactly what's going on.  Who's talking.  Where they are.  This is unbelievable.

Such rules shall include mandatory requirements for identification of all traffic by the originating provider and shall require that such traffic identification information is transferred to transporting, transiting, and terminating providers unchanged and unaltered. The rules shall also establish procedures for carriers to contest insufficiently labeled traffic in a prompt manner and shall establish appropriate enforcement and penalty provisions for carriers that insufficiently label traffic. The processes to adjudicate insufficiently labeled traffic shall require the relevant providers to demonstrate their compliance with the Commission’s traffic labeling standards.

Don't be confused by the sloppy label "carriers" in this section.  Communications service providers, again, includes anyone providing a voice service online, whether for a fee or not, and whether or not they've been a traditional telephone company.

Follow the money.  The USF "social policy" is the most important of the lot, because congressional constituents care about it.  This is only a bill, but it's even worse than what we've seen coming out of the Commission on E911 and CALEA.  We're taking a major step to tax the internet -- a huge step beyond assessing USF fees for use of telephone numbers, which was the standard policy suggestion not long ago.

If this bill passes, the FCC will be asked to make rules standardizing the identification of all online traffic.  You've never seen a tech mandate like this one.

Okay, the gloves are off.  The section-by-section analysis says only that the bill "[R]equires telecommunications carriers to identify all traffic which originates on their networks so carriers that terminate traffic can seek appropriate intercarrier compensation," but this bill is about much more than that.  Because the bill's definition of "communication service providers" is so broad -- because it includes Skype and maybe even Xbox -- the bill's twin goals are to outlaw unidentified packets and tax the internet.

Read the bill -- let me know if I've misunderstood it.

We know that incumbents often use regulation as a tool to raise the costs of their competitors.  What's new about the E911 and CALEA regulatory capture stories at the FCC is that a whole new set of actors saw the opportunity to help incumbents raise competitors' costs and make money by moving telephony social policies over to the internet:  vendors of outsourced compliance services.

It's a much more sophisticated game.  Rather than urge the FCC to issue an impossible-to-comply-with-and-unbelievably-costly regulation (like, say, either E911 or CALEA), help the FCC to draft an impossible-to-comply-with-and-unbelivably-costly regulation while helpfully pointing out that there are plenty of third parties out there who can help you comply.  You, young whippersnapper competitor, don't have to reinvent the wheel -- just use the vendors' wheels that are already out there.

The ex parte filings before the FCC tell the whole story.  It's a case study in capture, facilitated by very well-meaning (and steeped in telephony culture) civil servants who were told they had serious problems to solve.  Vendors showed up to explain exactly how these problems could be fixed by regulated entities in standard ways that didn't involve reengineering their systems ("just outsource!").  And the result, in both the E911 and CALEA contexts, is crushing for new online businesses and entities that didn't think they were regulated -- like universities.

There's an echo here of recent efforts to get rid of fair use in copyright.  We don't need it, so the argument goes, because the digital age makes it possible to charge for these kinds of uses.  Well, the power to charge for something doesn't necessarily carry with it the right to charge for it.  Similarly, that there are ways to pay for compliance with a particular policy doesn't mean that the policy is a good idea.

What with ICANN, and WSIS, and the FCC, there's an awful lot to do to protect the free flow of information online.  Thank goodness Doc is getting a movement together to save the net. 

The UN Secretary-General has been invited to "convene a new forum for multi-stakeholder policy dialogue."   Everyone can see his/her hearts' desires in the WSIS deal:  ICANN can believe that it has survived for another day; governments can belive that they will have "an equal role and responsibility for international Internet governance"; and there will be an enormous meeting in Greece by the second quarter of 2006 to start the Internet Governance Forum going.

Here's the "oversight" paragraph:

77.  The IGF [Internet Governance Forum] would have no oversight function and would not replace existing arrangements, mechanisms, institutions or organisations, but would involve them and take advantage of their expertise. It would be constituted as a neutral, non-duplicative and non-binding process. It would have no involvement in day-to-day or technical operations of the Internet.

ICANN needs to strengthen its legitimacy so that it is apparent to the world that ICANN doesn't need oversight from a UN body or any other multi-government institution.  This will take a lot of work -- we're barely at the beginning.  I'm focused on paying attention to the steps that are necessary to get there. 

Early reports from WSIS, via Jamie Love, are that plans for an "Internet Governance Forum," a body that would have some relationship to the UN but would not itself make binding rules, are moving ahead.  ICANN's role remains the same, for the time being.  We'll need more detail about all this, so I'm reluctant to make any pronouncements about what this means.

I'm moving offices tonight, and my packing up revealed yet another copy of the August 2004 CALEA NPRM.  Back when it came out I marked it up -- and on the front page there's a note reading, "is there anything CALEA doesn't cover?"

The Mercury News had a fine editorial yesterday about this very subject.  The headline reads:  "Lawsuit reflects profound flaws in FCC rules for online eavesdropping."  Here's an excerpt:

The new rules would extend the Communications Assistance for Law Enforcement Act, or CALEA, to a wide swath of the Internet. The 1994 law currently requires telephone companies to design their networks so they can quickly intercept conversations at the request of law enforcement.

Under the new rules, ISPs or anyone else operating a network connected to the Internet -- a university, a city or coffeehouse offering wireless Internet access, a private company -- would be forced to install specialized equipment throughout their communications infrastructure. Internet phone firms and other innovators would have to engineer complex changes to their products to facilitate eavesdropping. . ...

[B]y forcing as yet unspecified design mandates on new communications products, the government would be killing the innovation goose. Products that could not accommodate the eavesdropping technology would never reach the market. And those that could, would be pricier. Free Internet telephones, for instance, may never be available if the government imposes high costs on service providers.

....When Congress passed CALEA, it specifically exempted the Internet from it. Any changes to the law to accommodate the needs of law enforcement should be carefully debated by lawmakers -- not imposed by the FCC in the form of dangerous and costly new mandates on the Internet.

That's right.  If Americans hope to lead the world in guiding the regulatory structure for the internet, we need to get our own house in order.  We need to talk this through -- slowly -- and think hard about what "social policies" (if any) should be lifted from the world of telephones and imposed on online life.  Right now, we're hurtling towards a controlled online future without evaluating the economic costs these regulations may impose on society as a whole.

I'm not there, and I haven't seen many messages about it.  I'm wondering what will come out of it.  Am I waiting for white smoke or black smoke?  What would the black smoke result be?  

It's hard to tell what's going on unless you're there, I have a feeling.  Send word!

But can what WSIS decides make a difference to our online lives?  It's our internet.  All of ours.  Of course we're all subject to local laws, and to contracts (some we sign, some our ISPs sign, some about which we don't have much choice).  But in the end, it's not law that matters.  What matters is how we choose to spend our attention.   

Our attention can't be arrested -- not even by an international governmental forum.

I suppose if the world decides to create a kind of global Ministry of Information, with perfect control over all evils that could possibly arise online, that might have an effect on our attention -- but that's a long way off.  Surely greater connectivity is what really matters, not greater control.

But, as I say, I'm waiting.

The FCC's E911 order was supposed to be complied with by November 28.  The idea was that all "interconnected VoIP" customers would have acknowledged by then the limitations on any E911 service provided by their vendors, and would have received stickers repeating this warning.  VoIP customers who didn't have E911 service were to be cut off.  (None of this ever happened to wireless or wireline companies that were having trouble with 911 services -- no acknowledgements, no limitations on marketing, and certainly no requirement to terminate service.)

The Commission has relented, slightly.  They'll forbear from enforcing the acknowledgement requirement, as long as they keep getting detailed reports from the VoIP providers.  And:

Although we do not require providers that have not achieved full 911 compliance by November 28, 2005, to discontinue the provision of interconnected VoIP service to any existing customers, we do expect that such providers will discontinue marketing VoIP service, and accepting new customers for their service, in all areas where they are not transmitting 911 calls to the appropriate PSAP in full compliance with the Commission’s rules.

That's remarkable.  Stop selling these wildly successful services, you industry, until you've plugged into our legacy emergency system.  Okay, so you don't have authority to plug into the system.  Go work with a third party!  Okay, so no third parties have nationwide nomadic 911 capabilities (and when one emerges, it will have a captive market) -- just do your best, and we'll be watching.  In fact, we think you should do just what Verizon and AT&T did when they did their mergers.  They had some great plans for compliance, and it's only coincidental that those plans were filed just before we allowed the mergers to go through.

We think (this is still the voice of the FCC, although parody is difficult in the blog format) that Verizon had an "innovative compliance plan" for nomadic 911.  Here are the details:

By November 28, Verizon expects to have a capability to detect when a customer’s VoiceWing telephone adapter is disconnected from the network. If we detect that the customer’s adapter has been disconnected, we will suspend the customer’s service, with the exception of 911 calls and calls to customer service. At the same time, we will send the customer an e-mail and post a message to the customer’s Personal Account Manager asking the customer to confirm his or her existing Registered Location, or register a new location.

While in suspend status, if the customer attempts to make any calls, other than 911 calls or calls to customer service, before he or she confirms or registers a new location, Verizon will intercept the call and play an announcement that will inform the customer of the service suspension and transfer the customer to a customer service representative for assistance. If the customer confirms to the service representative that the customer’s Registered Location has not changed, full service will be restored by Verizon. If the customer indicates that he or she has moved from the existing Registered Location, service will remain suspended unless and until the customer registers a new address in an area where Verizon can provide 911 service. If the customer fails to choose either option (for example by hanging up), service will remain suspended . . . As a result, the customer will be required to register a new address when the service is used nomadically.

Ta-daah!  Very innovative.  And the FCC is strongly encouraging VoIP providers to mimic the AT&T/Verizon promises -- here's the threat:  "The Bureau applauds the steps undertaken by AT&T, MCI and Verizon and strongly encourages other providers to adopt similar measures.  The Bureau will carefully review a provider’s implementation of steps such as these in deciding whether and how to take enforcement action."

Someone publicly suggested at the Pulver conference the other day that the E911 rules had been written by third-party providers of E911 compliance technology.  Digging, digging.  At any rate, this shows what regulatory mischief can be done at key moments in a company's history -- such as when a merger needs to close.

Translating common carriage to the 21st century internet is difficult, because companies and regulators are getting used to cutting across the protocol stack.  So much more of this will happen, of course, in the absence of any rules saying discrimination is unlawful, and it will take years to write any such rules. 

"Transport" wants to do more discrimination so as to make money for itself, and so is demanding the right to be free to run its "own" network.  Many people think we should create and enforce the norm of neutrality, thus ensuring that no applications or content or devices are ever discriminated against.  

But applications want to discriminate too.  Should email providers be forced to provide address portability?  Should search engines be forced to reveal the algorithms that they use, so that they can be checked for fairness?  No, you say, shocked.  But shouldn't they be treated as common carriers if the transport layer is?  Where does the principle of nondiscrimination stop?  Can't you imagine law enforcement requiring end-to-end encryption so that no discrimination could possibly occur (no packet inspection possible) but then saying that as a trade it will need the keys to all of this within two hours after any encryption scheme is released? 

And what if the transport layer sees itself as a speaker -- doesn't it have First Amendment claims (however specious) about wanting to support its own video and gaming services that could tie us up in court for years? 

What happened to all of the deep concerns about technical mandates that came out in the broadcast flag context?  Do they just disappear at the lower layers?  Are the lower layers incapable of innovation?  Should they be fixed in one form?  Wouldn't it be better just to force access providers to be truthful about what they did, so that consumers could figure out what was going on and decide for themselves?

I am as committed to the ideal of the open internet as the next guy, and my dream is to have OneWebDay support that goal.  But the mischief that can be done to our future (in so many unexpected ways) by insisting on statutory and regulatory definition of neutrality seems to outweigh the possible benefits of this path.  There is so much nonsense, so much horse-trading, between where we stand now and the glorious goal of neutrality.  The sad fact is that Americans don't mind vertical integration one bit, and the duopolists know that.  Not only that, but price discrimination in a competitive market is actually a good thing.  Now all we need is a competitive market.

I'd rather see a future that doesn't depend on a "third pipe" but that includes broadband internet access that is neither cable nor DSL.  I can imagine a network owned by its users, or by a cooperative, or subsidized by a large company that has no interest in controlling use of the network.  Our devices will be doing most of the computation, so there will be no way to tell the difference between devices and routing.  We'll have network-aware applications, too.

This admittedly techno-determinist view fits with how the internet was supposed to work.  Routing is not supposed to be centrally determined, and the idea of mesh networks pushes this even more to the edge -- individual devices will make decisions about routing.  As long as we don't make this kind of broadband provision illegal (even by accident, by some casual legislative drafting), it will likely emerge in time. 

As David Reed might say, we're in a phase transition of sorts, and there are many people who want to force us into hierarchical and rigid solids.  Stay liquid, and the outcome will be extremely positive -- as humans, we're good at being liquid. 

I've lost my voice, which is bad timing for the much-looked-forward-to Pulver conference tomorrow.

Here's what I would say if I could say it:

Can the FCC’s course of regulation under Title I of the Communications Act succeed in developing an effective framework to goven the Internet and new communications technologies like VoIP?  Is it either beneficial or likely for Congress to step in with a more detailed and (ideally) more rational strategy?

We seem to be limited in our imagination.  So I’ll start with the unimaginative answer:  The FCC’s current course "under Title I" has been disastrous, unprincipled, ad hoc, and puts enormous weight on some very slender reeds – an administrative housekeeping “necessary and proper” rules statement in Title I (never designed to support legislative rulemaking), and dicta in Brand X.  The world has changed since Southwestern Cable, and, in light of Mead, in the absence of a delegation from Congress the FCC just doesn’t have the power to regulate the internet – particularly in light of Section 230.  It’s just too important a step to be taken based on silence (and conflicting statements) from Congress.

But that’s a statement I can make without imagination, and it doesn’t lead us anywhere.  I only get to leave you with one big idea, so this is it:  I want to persuade us that all of this talk about convergence over the last few years is not true.  Stepping away from interpretation of the 1996 Act itself, it seems to me that telephone services are fundamentally different from the internet, and the notion of carrying particular social policies over from the telephone world to the internet (without taking into account what the internet is) is already proving to be hopelessly wrongheaded, needlessly expensive, and shortsighted. 

The question assumes that we need “an effective framework to govern the internet.”  There’s a lot of law that already applies online, and I have not seen a demonstration that more new law is needed – and, in any event, it’s not the FCC that is in the best position to do it.  If we’re going to depart from the central Section 230 notion that the online world is unfettered by special-purpose federal or state laws, that should be a conscious choice.  Right now, it’s all ad hoc, backwards looking, and unprincipled.  And destructive.  E911 and CALEA certainly fit this description, and I have a feeling that universal service will too when it erupts from the Commission.

We need a sustained national conversation about all this – maybe we’ll end up with this same approach, but I’d like to think not. Why can’t we be both more hopeful and emphatic – take the lead, around the world – about the approach to the internet that we want?  What are the “social policies” that make sense for the online world?  Focusing particularly on universal service, which seems hopelessly corrupt and mismanaged, why not assess a general purpose tax to support broadband access? Devote resources to consumer education and the development of better client-side protections against spyware and spam?  Get law enforcement data streams they need instead of getting them involved in application design?  Work on requiring things that feel like phones to have innovative windows to useful health data (that third party vendors compete to manage and provide) instead of plugging into hopelessly outdated legacy 911 systems? 

What happened to our leadership on internet policy?  When did we lose the ability to walk and slide back into the sea?  We experimented and tugged and pulled and came up with the idea of linking machines together with a common language, making it possible for humans to interact in unprecedented ways.  Now we’re turning those machines back into the machines we thought we were escaping – telephones, cable systems, and televisions – using insiders’ language so that we can hide what’s going on from the general public.  What happened?

What, if any, version of common carriage rules should govern Internet communications platforms?  More specifically, can some concept of Network Neutrality be defined and enforced proactively in the form of prescriptive regulations?

I think this is the wrong question.  It assumes the limited world of online access providers we’ve got, makes them into “communications platforms,” and then suggests we need to make rules about them.  Not very imaginative.  I have lost faith in our ability to write about code in words, and I’m confident that any attempt at writing down network neutrality will be so qualified, gutted, eviscerated, and emptied that it will end up being worse than useless.  Besides, I’m sure there are very good reasons to manage networks, and writing down the difference between management and incremental control of users’ experiences is an impossible task. 

The only way around this issue is to avoid it by encouraging the development of alternative online access methods, and being careful not to let the incumbents call them illegal.  Let the dinosaurs huddle together in the snow, controlling and commoditizing to their hearts’ content.  We’re made of better stuff.  It should be no more illegal to have an open wireless network in your house than to practice the piano with the windows open.  And having an open wireless network can lead to a community mesh network and a host of devices that open immediately to others, connecting us to the world. 

If that’s not possible, then the second best solution is structural separation, paying off the carriers for their stranded costs and moving to open utility platforms.  BT seems to think that’s a fine idea; why couldn’t it work here?
 
As Internet communications platforms become more significant, what types of regulatory strategies—best practices developed by market actors; self-regulatory regimes; agency regulation; or antitrust oversight—are likely to be most effective in governing markets ranging from the Internet backbone (think Cogent-Level 3) to VoIP (think SIP interoperability) to instant messaging (the recent MSFT-Yahoo! Deal) to broadband (i.e., port blocking, preferential treatment, etc.)

I’m not confident that any of the issues listed in the question are actually “problems.”  Nor do I think that the FCC has a role in any of them.  Peering is private, SIP is an open standard, we don’t force private bookstores to share their customer lists (so why treat IM any differently), and network access may require management   If there are problems in any of these areas that are caused by a lack of competition, then let’s use our very broad antitrust statutes to work on them.  But otherwise, we should lead the world by letting our imagination take us forward.  Not every change in the world needs to be addressed by a regulatory strategy, and there’s a very high risk that those who are comfortable with the regulatory world will use levers that are easily available to them to make life uncomfortable for their upstart competitors.

We so easily slide into the notion that the internet is “bad” and needs to be regulated.  We’re cutting off the best of ourselves this way; we should be encouraging it to have a life of its own, to catalyze new ways of living and doing business, and only getting in the way when market control leads to an absence of choices and inappropriately high prices.

The work I'm doing on OneWebDay and the work I'm going to do for ICANN are related.  Both of these projects are aimed at preserving innovation and the free flow of information that is the net. 

Two important questions for internet governance debates are "who" and "when."  The ICANN experiment suggests that the "who" is the community as a whole.  The "when" question is about when global rules should be made (rarely) and when local autonomy should be preserved (most of the time).  ICANN's processes (done right) focus work on the few global rules that are needed for the narrow domain of naming. 

That's the reverse assumption from what I've understood to be coming out of the UN/WSIS discussion.  There, most people seem to be assuming that someone should be in charge of the internet, and that someone inevitably will be.  Why assume that?  Why not keep things open, and allow the edges to make rules for themselves?  Connectivity for developing nations should certainly be a focus of global discussion.  But international institutions aimed at "governing the internet" will inevitably have negative effects on the innovation and information flows that make the internet work so well.

I'm a huge fan of Martin Geddes's blog.

A few days ago, he said:  "Telcos that divide connectivity from service, by design or through regulation, are in a better position to survive."  He's pointing out that the song is not the CD, and people will always figure this out given a chance.

You can’t put the genie back in the bottle. It only takes one Napster to make people see that the music and the disc were separable. It only takes one Amsterdam [municipal fiber network] to succeed to blow away the “it doesn’t work” argument. Bit haulage and application service are equally separable and economically viable independently.

There has to be a way to make a strong empirical case in this country that we are being forced to cover the past outlays of inefficient, monopolistic telephone companies, and that these same companies plan to ask us to pay for services we don't want.  Meanwhile, we can focus on building our own wireless mesh networks that don't feed on regulatory barriers.

Bob Frankston has been talking about this and related subjects for some time.

Today was a Yale Law School reunion devoted to entrepreneurship.  It wasn't my year to reune, but, heck, it's only a train ride away and I was curious what this particular law school would have to say about entrepreneurs.

I talked to Dean Koh very briefly, and said that the energy and sense of humor of the people talking was truly remarkable.  He smiled.  He wanted to show the law students that they have a lot of options -- they can certainly work for law firms, but they can also build all kinds of institutions.  It was a splendid idea for an alumni weekend.  (But, boy, does Yale have to shape up in terms of its tech approach.  Stanford's technology law program is much stronger than Yale's.  The last Stanford LS alumni magazine had on its cover the GCs of MSN, Google, Cisco, eBay, Yahoo!, Qualcomm, Autodesk, and Oracle -- all Stanford alums.  We need to have a technology law building at Yale, like those Berkman people, or at least a few rooms where people can hang around and feel entrepreneurial. C'mon, guys, compete!)

One of the panels featured Tom Bernstein of Chelsea Piers (and the Texas Rangers, and many other projects) fame.  He said that his approach had always been to have big ideas about crying needs, and then to carry them out with passion, persistence, and patience.  (These successful business people carry around "alliterative rules of three" in their pockets.)  So, for example, it was a big idea to build an enormous sports complex on a wasteland waterfront in NYC.   It took a while (and a lot of sales and marketing) to bring the project to completion, but it met a crucial need in NYC, and now kids in NYC grow up going to Chelsea Piers.

Daniel Egger made the point that lawyers are sometimes a little bashful about selling, and that they have to get over that in order to be successful entrepreneurs.  Bernstein agreed, and said he is now shameless about selling because he truly believes in his projects and knows they'll benefit they people he's talking to.

All very inspiring.  But I was sitting in the third row thinking about ICANN, and it came to me that all of this relates. 

The ICANN experiment is a big idea that meets a crucial need.  It's not a regulatory agency.  It's a forum for the discussion of global policies for domain names.  Its form of standard-setting (which includes policymaking), done right, should match the way the internet works:  most things should be left to local control, with only a few global rules imposed with which most people are willing to go along. 

But maybe (I'm not on the board yet, I'm not speaking for anyone except myself, I have an enormous amount of learning to do, and I'll be in listening mode for months to come) ICANN has been a little bashful about marketing.  For whatever reason, the word isn't getting across.  ICANN has some tremendous institutional comparative advantages ("value-add," as a Tom Bernstein might say) that perhaps should be emphasized.  Done right, this big idea can benefit the entire world.  It just takes some passion, persistence, and patience.  Or time, trust, and technique.  You get the idea.

Dear friends:

ICANN announced today that I have been nominated to serve on its board, along with Njeri Rionge (who has been reappointed). 

I am deeply honored to have the opportunity to work with the ICANN community, and I look forward to digging in and helping out.  

I'm going to need your help over the next three years.  I'll do my best to keep the lines of communication open, and I'll be urging ICANN to do better at explaining its limited mission to the world and opening its processes to view.

Pat Schroeder and Bob Barr put out an op-ed in today's Washington Times that is just amazing.

Surely it is animosity towards Google that is driving the authors' copyright analysis.  (Google should make sure its Washington office has the resources it needs to both march up on the Hill to explain things to people and contribute richly to campaigns.)

Google is NOT scanning copyrighted books and putting them up on their web site.  That's not what's going on.  (My earlier post explained this.)  Google is making three sets of sentences from particular books available in response to search queries.  Google is making very clear what its plans are.

Schroeder and Barr claim that "If publishers and authors have to spend all their time policing Google for works they have already written, it is hard to create more."  A more tenuous, incredible utilitarian argument would be hard to imagine.  I'm confident that Google's program will have less than zero effect on authors' incentives to create. 

All computers do is make copies.  It cannot be that the step of making a nonpublic copy as a necessary element of providing (clearly transformative) search results is illegal.  I "copy" pages into my mind in order to remember them and talk about them later.  Is that infringement?  I make money from talking about them later.  Is that commercial destruction of someone else's market?

The crux of Schroeder's and Barr's point must be this statement: 

Google envisions a world in which all content is free; and of course, it controls the portal through which Internet user's [sic] access that content. It would completely devalue everyone else's property and massively increase the value of its own.  

This is really about fear and hatred of Google, not principled arguments about copyright law.  That's odd, because Google doesn't control access to "content" -- network providers do.  If another search company came up with a better algorithm and a more appealing interface, we'd go there.  (Sorry, Google.)

A reader of this blog sent me this statement [short pdf] written by Steve Lucasik (head of DARPA during the 1970s) and Tony Rutkowski (of VeriSign, but not speaking for VeriSign). 

Here's the essence of the statement -- three points:

1.  It professes disbelief that anyone after 9/11 could dare question the FCC's legitimate authority to impose law-enforcement-derived design requirements (CALEA, for the insiders) on the internet.

In the past, this kind of challenge [suits filed challenging FCC's interpretation of the CALEA statute] by such groups was part of the "fun and games" of the Washington K-Street scene. Today, however, in light of the enormous scaling of network vulnerabilities, attacks, and cybercrime, as well as the events of 9/11, it is difficult to believe that such challenges to responsive, responsible FCC actions would continue.

2.  It picks up on the Brand X dicta and claims that FCC has any and all powers it wants under Title I of the Communications Act.

The FCC in its [CALEA] Order took the right steps under its CALEA authority. The reality is that the Commission could also require the same capabilities entirely under its Title I authority and responsibilities, if not other longstanding authority provided by Congress.

In fact, proceeding to exercise Title I authority has become increasingly important as the Commission moves away from common carrier regulatory models, and puts into place needed public infrastructure capability requirements for open Next Generation Networks. This includes everything from public safety and emergency preparedness requirements to consumer protection to competitive unbundling and Universal Service Fund reform.

3.  And it says that other countries are far ahead of the U.S. in meeting the forensic needs of law enforcement.

The [legal] challenge [to the CALEA order] also stands in stark contrast to other countries where far more extensive forensic requirements have been cooperatively and effectively established and implemented among government authorities and network providers.

Here's a brief response:

1.  Congress has been explicit about what CALEA covers, and it clearly doesn't cover the internet or information services generally.  The FCC can't rewrite a statute.  Only Congress can do that.  We dare to question the FCC's jurisdiction because we can read the statute for ourselves.  The Commission's reading of CALEA imposes enormous burdens on a huge swathe of our nation's economy, with no legal justification.  So, yes, we dare.  And the snide tone of this statement ("fun and games"), together with the reference to 9/11, only makes us more suspicious of the legal arguments made by the Commission.

2.  The events of 9/11 have not given the FCC (or law enforcement authorities) carte blanche to rewrite existing law.  If Title I is your authority for CALEA, Title I is being stretched out of recognition.  Title I imposes no specific requirements on anyone.  It's being abused to provide a vessel for imposing former common-carrier regulations (like CALEA, E911, and USF) on the internet and internet applications, but at some point the Supreme Court (or Congress) will be re-awakened and will notice that this abuse is taking place without any explicit delegation from Congress.  I'll keep writing, and other people will keep litigating, until the unprincipled use of Title I is reined in.

In the meantime, it's interesting to see the quick and easy move to NGN made by the authors of the statement.  This, then, is what's really going on:  we're leaving the (relatively) principled arena of common carriage regulation and moving into an entirely unprincipled, ad hoc regulatory approach to the internet that has as its stated goal making the internet much more like a mobile phone network.

Congress never said it wanted this.  The people never said they wanted this.  The FCC doesn't get to do this by itself, without any authority from the rest of us.

3.  In other countries, the telephone system is often owned by the government, and the providers of telephony are anxious to crush their internet competitors with the costs of "social policies" like assistance to law enforcement and emergency services.  So what?  The U.S. is different.  It should be different.  It should decide, in a sustained national conversation, how to treat internet services.  All of this regulatory sleight-of-hand is distasteful, unprincipled, and corrupting.

This statement reveals the battleground. It's not a safe and well-lit place.  The terms of engagement appear to involve McCarthy-esque smears of lawyers and companies who dare to question the legitimacy of any act taken in the name of "security."  The statute we're looking at -- Title I of the Communications Act -- has no details or limits that might protect against the depredations of law enforcement.  And we're being out-manuvered by people who have a lot of time to spend in Geneva.

We can't afford to be as smug as this statement.