ernesto.falcon's Techdirt Profile

ernesto.falcon

About ernesto.falcon

Posted on Techdirt - 9 November 2020 @ 12:10pm

We Do Not Have the Internet We Deserve

Nothing that currently exists can compete with fiber. Nothing replicates the future growth fiber networks will deliver, simply because nothing that moves data has the inherent capacity of a fiber wire. It isn’t even close by any technical measurement. However, barely 30 percent of Americans have access to fiber infrastructure, despite the fact that 100 percent of Americans have become dependent on high-speed access during the pandemic.

In a few short years, more than one billion fiber-to-the-home gigabit Internet connections will have been deployed in Asia. That fiber infrastructure will be capable of reaching symmetrical ten gigabits, 100 gigabits, and well into the terabit era of broadband access in a cost-effective basis as applications and services continue to evolve and advance. Deployment at a large scale is possible, but the U.S. still lags far behind.

Here is how bad our high-speed access market is today: every big American ISP has stopped deploying fiber services at any serious scale. This leaves a vast majority of Americans stuck with inferior cable Internet service. When you factor in the monopoly power held by the ISPs—preventing Americans from switching to better service—it becomes a perfect storm. That storm broke with the pandemic, where we all suddenly found ourselves needing quick and reliable Internet access.

Only small private and local public providers are connecting folks to the future, but their efforts are stymied by incumbents and not sufficiently supported. That means most people can’t switch from cable when they opt to throttle uploads or are unable to deliver the speeds they’ve advertised if we all use the Internet at the same time. You still have landlords getting away with keeping fiber competitors out of apartment complexes in exchange for a kick back from companies like Comcast.

The remaining Americans who don’t even have access to cable are dependent on obsolete copper lines for communications held by companies like the now-bankrupt Frontier Communications and AT&T. In Frontier’s case, their overreliance on its slow Internet monopoly led to their downfall as they systemically avoided the necessary investments needed to transition to fiber leaving countless rural communities in dire straits. As for AT&T, they are trying to figure out how to cut people off the copper network and just give them cell phones to make more money with a less reliable connection. And the wireless industry spent precious years hyping 5G at the Federal Communications Commission (FCC) and Congress only to now come to admit that 5G everywhere does not happen without dense fiber networks everywhere.

Now the good news: this is all fixable. If we change our telecom policies and how we invest in telecom infrastructure, fiber to the home (FTTH) is already economically feasible in a super-majority of communities if the right policies and government efforts are in place. A recent study by the Fiber Broadband Association found that FTTH is commercially feasible up to the 90th percentile of population density. For the remaining 10 percent, the Americans in the most rural of territories, we are seeing successful models led by the public sector such as rural cooperatives on long-term capital investments in FTTH.

For example, a rural cooperative in Missouri today can deliver gigabit service at $100 a month at a population density of 2.4 people per square mile. The demand is there but it is being suppressed by the slow Internet monopolists through bans on local governments building fiber and incumbent industry efforts to have the FCC hinder competition. If we break down the barriers that are suppressing the parties most ready to deploy fiber, 21st century infrastructure will come.

First, if the large private ISP model has failed (and it has), we need to start exploring our alternatives. One such alternative is simply having the government build the infrastructure and make it open to all comers. This “open access fiber” approach, fiber that is available on a shared infrastructure, is starting to take off. Utah’s “Utopia” network is leading the way, connecting more and more households in the area to an expanding open-access fiber network run by local cities. Residents within Utopia’s service area enjoy 11 private options for gigabit service, compared to whatever the majority of Americans have one or two high-speed services.

This type of approach to broadband infrastructure, where the government builds the wires and shares its capacity to broadband providers, holds tremendous promise. In essence, the government builds the roads and allows commerce to follow. One study predicts a structurally separated network deployment could connect rural homes to fiber without subsidies and through long term low-interest financing.

Other shared approaches are bearing fruit. In Alabama, the state legislature passed a law clarifying that electric utilities could leverage their easements and private rights-of-way to enable telecommunications services over their fiber assets. In response, Mississippi’s C Spire arranged an exclusivity agreement with Alabama Power in exchange for deploying fiber to the home to communities throughout the state through the utilities network. The exclusivity gave C Spire the confidence that their investments in the utility’s fiber network to make it broadband-ready could be recovered from newly connected customers, while Alabama Power was assured that C Spire would try to attract as many customers as possible to provide a stable and growing revenue base to the electric utility, resulting in lower rates. Joint ventures that leverage interdependent needs for fiber can help make more markets accessible because the demand is already there.

Lastly, the only way we are going to get everyone connected to 21st century ready access is the same way we did it with the roads, electricity, and water: the government needs to lead. Internet access needs to be part of its infrastructure policy, especially light of the private sector failing to deliver to all people.

Estimates are that nearly $100 billion is needed to deliver 100 percent coverage with FTTH in America, with the majority of that cost being associated with the most rural parts of America. That sounds like a lot, but here is the important thing to know about fiber: once you lay that line, you are done building broadband infrastructure for potentially 70 years or more. To put that in context, the publicly available commercial Internet hasn’t even existed for 70 years. All of the advancements in speed and capacity (that will far exceed satellite, cable, and wireless) will come from inexpensive hardware upgrades, not high cost labor and construction work. This is why countries like China are aggressively building fiber infrastructure at a rate nine times faster than the United States.

This reality has prompted Rep. James Clyburn to draft legislation to create an American universal fiber program. It has already passed the House, and now we must force the Senate to understand the breadth of this problem and simplicity of this solution. If we can get an electric line to everyone, we can get a fiber line there too.

The bill emphasizes open-access fiber networks that would replicate the success demonstrated by Utah’s local governments. Building these types of networks would shatter the nearly 15-year decline into the giant monopolies or duopolies that most Americans experience when trying to get high-speed Internet access. Instead, you could get Internet access from your local businesses, non-profits, and even your local schools and libraries.

The bill will also free up local governments and cooperatives to pursue community broadband. The removal of state laws advocated by the major national ISPs that ban local communities from building their own broadband access network is long overdue. The local public sector has proven to be an essential part of the solution to reach universal fiber as rural cooperatives, small cities, and townships are building fiber networks in areas long ago skipped by the private sector.

The bill also fixes a small-seeming, large-impact, and long-standing problem of Internet access in the United States by updating what we mean by broadband. Today’s federal definition of broadband was established in 2015 and stands at 25 megabits per second download and 3 megabits per second upload. This 25/3 standard makes it appear as if there are more broadband options than there truly are, hiding the monopoly. In other words, it is both useless and harmful. To fix this, the bill would establish that communities lacking 25/25 broadband are “unserved” and establish a minimum standard of 100/100 megabits per second for federally funded projects. These higher metrics would avoid wasting money on legacy networks that are unable to deliver relevant speeds and focus on future proof networks that have fiber at their core.

We have to fix our Internet, and soon.

The pandemic has not resulted in as much of an explosion of Internet usage as it has a bump in usage that is within normal parameters of what was coming—that is, pandemic usage is roughly in sync with projections for Internet usage in around 2022. The future, as they say, is now.

If your Internet access is failing you now, you have just been given a sneak peek of what 2022 looks like for your home. Broadband consumption has been on the rise as long as we’ve tracked it, and as the billion gigabit fiber connections are activated globally, the applications and services that use that capacity will come to market. If the United States government, the states, and the local governments do not actively tackle this infrastructure problem soon, we will just be unable to access the latest advancements. Not only that, but our economic competitiveness will decline as China continues to rise and the 21st century technology industries will begin to find their homes where the infrastructure is available. The next Silicon Valley may not be in America if we continue on this trajectory.

We will also start to see the creation of a new type of digital divide where Americans live with either 1st class or 2nd class Internet. Fibered networks are getting cheaper to operate yet are delivering larger amounts of data while legacy networks are quickly getting more expensive to maintain. That means low income neighborhoods and rural areas stuck on the legacy 20th century network are going to pay more for less, while high-income users connected to fiber will enjoy the benefits of lower prices. Efforts to subsidize access to the Internet for low income people will become more and more difficult on decaying lines, while free Internet zones will become more normalized in wealthy communities as the costs continue to decline on fiber.

None of this is set in stone. We have the market we choose and if we start making the right choices soon, we can solve these problems. But that takes everyone collectively demanding more from our policy makers and the industry and adopting a new approach.

Ernesto Falcon is Senior Legislative Counsel at the Electronic Frontier Foundation with a primary focus on intellectual property, open Internet issues, broadband access, and competition policy.

Posted on Techdirt - 3 June 2020 @ 12:00pm

Many Think Internet Privacy Is Lost, But That's Because You Can't Sue Anyone Who Violates It

Over 90% of Americans feel like they have no control over their online privacy. It is not hard to understand why so many of us feel so powerless when it comes to using the Internet, nor is the solution to such a pervasive feeling all that complicated.

It just boils down to rules and liability—or, in other words, making sure if a company violates your privacy per the law that there is an inescapable penalty. The clearer and more direct the path to holding a company accountable for violating your privacy—much like your physical health, property rights, emotional wellbeing, or other things held in legally enforceable trusts—the more confidence will return to the Internet marketplace.

But we don’t have these clear enforceable rights in today’s American consumer privacy legal system for a vast majority of Internet privacy related activity. In fact, when the next Google or Facebook scandal rolls around in terms of user privacy, think back to the last one—likely just a few months old—and ask how much in damages the company paid and whether the company had to compensate individual people for the violation.

In many cases, that answer is going to be no penalty, which then feeds into users’ sense of powerlessness. But the fact that companies often have to pay no penalty, and the fact that we do not have laws in place to remedy these privacy harms, is a choice we have made. It is not the natural order of things, and it is not inevitable.

We have, as a society, made decisions under our intellectual property laws where absolutely no liability is allowed to promote another profitless value, namely our freedom of expression. For example, the practice of criticizing a film on YouTube while playing portions of it in the background is considered a fair use. This means, despite copyright holders having the exclusive rights over the public performance of their work, we have decided to extinguish liability when it involves the expression of criticism.

In the absence of fair use, the critic using the film, as well as YouTube, would be directly liable for a lot of money for playing portions of it. However, we counterbalance and limit the economic right of the filmmaker in order to promote free speech values through fair use. In essence, we keep a liability-free zone for criticism and that is generally seen as a net positive for users. It also promotes the creation of open platforms, allowing those speakers to discover audiences and build engagement.

But in consumer privacy we have not seen nearly the same benefit yielded back to consumers in exchange for the mostly liability-free zone. There is no race to the top in guarding consumer’s personal information, because the profit maximizing effort isn’t about augmenting our privacy, it is about tearing it down as much as possible for profit. This is why we keep getting these privacy scandals. There is no need to apply morality to the analysis as often happens when people observe corporate behavior, but rather the simple question of how profit maximization (which corporations have to pursue under the law) is being countered by law to reflect our expectations.

When we look at the problem of consumer privacy from this angle, it becomes fairly clear that private rights of action for consumer personal privacy would be transformative. No longer would a corporation view experiments with handling personal information as a generally risk free profit making proposition if financial damages and a loss of profit were involved.

Industry wants a Consumer Privacy Law—Just so Long As You Can’t Sue Them

The long road of industry opposition—and the extreme hypocrisy of now pretending to endorse passage of a comprehensive consumer privacy law—is worth reflecting on in order to understand why in fact we have no law today.

If we go back a little over a decade to a privacy scandal that launched a series of congressional hearings, we find a little company called NebuAd that specialized in deep packet inspection.

NebuAd’s premise was scary in that it proposed to allow your ISP to record everything you do online and then monetize it with advertisers. I was a staffer on Capitol Hill when NebuAd came to Congress to explain their product, and still remember the general shock at the idea being proposed. In fact, the idea was so offensive it garnered bi-partisan opposition from House leaders and ultimately led to the demise of NebuAd.

The legislative hearings that followed the growing understanding of “deep packet inspection” led to discussions of a comprehensive privacy bill in 2009. But despite widespread concern with developing industry practices as the technology was evolving, we never got anywhere out of concern for the freemium model of Internet products. It is hard to remember this time, but back then the Internet industry was still a fairly new thing to the public and Congress.

The iPhone had just launched two years earlier, and the public was still in the process of transitioning from flip phones to smartphones. Only three years prior had Facebook become available to the general public. Google had only a small handful of vertical products, the newest being Google Voice—which allowed people to text for free at a time when each text you sent cost a fee.

All of these things were seen as net positive to users, yet all hinged on the monetization of personal information being relatively liability free. So for years policymakers, including an all out effort by the White House in 2012, searched for a means to balance privacy with innovation. Companies generally known as “big tech” today were still very sympathetic entities in that the innovations they continued to produce were seen as both novel and useful to people. Therefore, their involvement was actively solicited by the White House in trying to jointly draft a means to promote privacy while allowing the industry to flourish.

Ultimately, it was a wasted effort because what industry actually wanted was the liability free zone to be baked into law with little regard to increasing degradation of user privacy. It used to be that most of the Internet companies still had competitors with each other forcing them to try to be more attractive to users with greater privacy settings. Even Google Search was facing a direct assault by Microsoft with their fairly new Bing product.

As efforts to figure out a privacy regime for Internet applications and services were being stalled by the Internet companies, progress was being made with the substantially more mature and the already regulated Internet Service Provider (ISP) industry.

Congress had already passed a set of privacy laws for communications companies under Section 222 of the Communications Act, so a great many ISPs, being former telephone companies, had a comprehensive set of privacy laws applicable to them (including private rights of action). But their transition into broadband companies began to muddy the waters, particularly as the Federal Communications Commission started to say in 2005 that broadband was magically different and therefore should be quasi-regulated.

Having learned nothing from the fiasco of NebuAd and potentially having “deep packet inspection” banned for ISPs, other privacy invasive ideas kept getting rolled out by the broadband industry. Things such as “search hijacking”—where your search queries were monitored and rerouted—became a thing. AT&T began forcibly injecting ads into WiFi hotpots at airports, wireless ISPs preinstalled “Carrier IQ” on phones to track everything you did (which ended when people sued them directly under a class action lawsuit), and Verizon invented the “super-cookie,” prompting a privacy enforcement response from the FCC in 2014.

Even after the FCC stopped treating broadband as uniquely different from other communications access technology in 2015, the industry continued to push the line. In that same year telecom carriers partnered with SAP Consumer Insight 365[9] to “ingest” data from 20 to 25 million mobile subscribers close to 300 times every day (we do not know which mobile telephone companies participate in this practice, as that information is kept a secret). That data is used to inform retailers about customer browsing, geolocation, and demographic data.

So unsurprisingly, the FCC came out with strong, clear ISP privacy rules in 2016 that continued the long tradition of privacy protections for our communication networks.

However, the heavily captured Congress, which had never taken a major pro-privacy vote on Internet policy in close to a decade, quickly took action to repeal the widely supported FCC privacy rules on behalf of AT&T and Comcast. Ironically, the creation of ISP privacy rules by the FCC only happened because Congress created a series of privacy laws, including private rights of action, for various aspects of our communication industry more than a decade prior.

While many of the leaders of the ISP privacy repeal effort claim to be foes of big tech, they have done literally next to nothing to move a consumer privacy law. In fact, all they did was solidify the capture of Congress by giving AT&T and Comcast a reason to team up with Google and Facebook in opposing real privacy reform.

EFF witnessed this joint industry opposition first hand as we attempted to rectify the damage Congress did to broadband privacy with a state law in California. In fact, between ISPs and big tech we had absolutely no new privacy laws passed in the states in 2017 in response to Congress repealing ISP privacy rules.

Despite the arrogant belief they could sustain perpetual capture at the legislative level, along came an individual named Alastair McTaggert who personally financed a ballot initiative on personal privacy that later became the California Consumer Privacy Act (CCPA).

While they could “convince” a legislator of the righteousness of their cause with political contributions, they had no real means to convince the individual that the status quo was good. After Cambridge Analytica and wireless carriers selling geolocation to a black market for bounty hunters, virtually no one thinks this industry should be unregulated on privacy.

So rather than continue to publicly oppose real privacy protections, the industry has opted to pretend it supports a law just so long as it gets rid of state laws (including state private rights of action), putting all our eggs into the basket of a captured regulator. In other words, they only will support a federal privacy law if it further erodes our personal privacy rather than enhance it.

This opening offer from industry is a wild departure from other privacy statutes that have all included an individual right to sue such as wiretaps, stored electronic communications, video rentals, driver’s licenses, credit reporting, and cable subscriptions. Not to miss their marching orders, industry-friendly legislators were quick to put together a legislative hearing on consumer privacy that literally had no one representing consumers.

But this game by industry, where so long as they can hold and finance enough legislators to prevent any real law from passing, will only last so long. Afterall, their effort to ban states from passing privacy laws is effectively dead once the Speaker of the House from California made it clear she would not undermine her own state’s law on behalf of industry.

Furthermore, Senator Cantwell, a leader on the Senate Commerce Committee, has introduced comprehensive legislation that includes a private right of action and more than a dozen Senators led by Senator Schatz have endorsed the concept supported by EFF of creating an information fiduciary. As more and more legislators make publicly clear the parameters of what they consider a good law, it becomes harder for industry to sustain the behind the scenes opposition. But we are still far away from the end, which means more has to be done in the states until enough of Congress can break free of the industry shell game.

If We Do Not Restore Trust in Internet Products, People Will Make Less Use of the Internet and That Comes with Serious Consequences

As we wrestle with containing COVID-19, a solution being proposed by Apple and Google in the form of contact tracing is facing a serious hurdle. A majority of Americans do not want to use health data applications and services from these companies because they do not trust what they will do with their information. Since they can’t directly punish these companies for abusing their personal health data, they are exercising the only real choice they have left: not to use them at all.

Numerous federal studies from federal agencies such as the Department of Commerce, the Federal Trade Commission, and the FCC all point to the same end result if we do not have real privacy protections in place for Internet activity. People will simply refrain from using applications and services that involve sensitive uses such as healthcare or finances. In fact, lack of trust in how our personal information is handled has a detrimental impact on broadband adoption in general. Meaning a growing number of people will just not use the Internet at all in order to keep their personal information to themselves.

Given the systemic powerlessness users feel about their personal information when they use the Internet, the dampening effect it has on fully utilizing the Internet, and the loss of broadband adoption, it is fairly conclusive that the near liability free zone is an overall net negative as a public policy. Congress should be working to actively give users back their control, instead of letting the companies with the worst privacy track records dictate users’ legal rights. Any new federal data privacy law must not preempt stronger state data privacy rules and contain a private right of action.

While special tailoring has to be done for startups and new entrants with limited finances to ensure they can enter the market under the same conditions Google and Facebook launched, this is not true for big tech.

Establishing clear lines of liability and rules for major corporate entities, efforts to launch the next privacy invasive tech will be scrutinized by corporate counsel eager to shield the company from legal trouble. That ultimately is the point of having a private right of action in law. It is not to flood companies with lawsuits, but rather for them to operate in a manner that avoids lawsuits.

As users begin to understand that they have an inalienable legal right to privacy when they use the Internet, they will begin to trust the products with greater and more sensitive uses that will benefit them. This will open new lines of commerce as a growing number of users willingly engage in deeply personal interactions with next generation applications and services. For all the complaints industry has about consumer privacy laws, the one thing they never take into account is the importance of trust. Without it we start to lose the full potential of what the 21st century Internet can bring.

Ernesto Falcon is Senior Legislative Counsel at the Electronic Frontier Foundation with a primary focus on intellectual property, open Internet issues, broadband access, and competition policy.

More posts from ernesto.falcon >>