• Law, Policy -- and IT?

    Tracy Mitrano explores the intersection where higher education, the Internet and the world meet (and sometimes collide).

Title

AT&T and Dyn Attack

What they have in common ...

 

October 23, 2016
 

Two main headlines confronted us this week. The AT&T proposed purchase of Time Warner and the Dyn cyberattack.  Question: What do these two events have in common? Answer: how commerce operates in the “free market,” and how those operations affect the public.  

I predict that under any administration, the Department of Justice will approve with minimal adjustments the Time Warner purchase. I make this prediction based on a few assumptions. One assumption is that it is a natural progression of corporate development in the information economy. That assumption is based on an elemental understanding of the internet. For the sake of alliteration that is easy for students to remember, when I teach essentials of the internet I suggest that they think of: commerce, communication and content. In other words, as a technology in this early 21st century global context, the internet has the foundational potential of pulling these areas together. If the appeal of free market economics is that it goes with the flow of historical change, then this proposal is a good example of it. 

Hand in hand with this assumption is the recognition that U.S. anti-trust law emerged out of and is still confined to 20th century economic context. Industrialization shaped it. One can transpose content or information for oil and steel since all are commodities to be traded on the market, but the corporate forms, domestic v. foreign markets, and indeed the underlying transportation technologies have changed the game. Think, for example, of the difference between railroads and the internet. And then think again to compare the salability of a thing such as a chair and now of your medical records on the black market. Antitrust law needs to be updated. Although not perfect, the European Commission has a much better handle on this concept of information as the driving economic force, hence its more stringent anti-trust actions that cause for frequent confusion and outcry in the U.S. 

Knowing this, AT&T will happily sell off those communications parts of its current structure that would call for antitrust review under the Federal Communications Commission. That review would go deeper and be more trenchant. To keep things simple (is anything worth $85 billion ever simple?), they will shed communications stuff in order to be reviewed only by the Federal Trade Commission, which portends an easier legal path. Do you see the point? If you have a radio or television station, you are in the communications category that calls for a more rigorous review. If you are not, and AT&T can easily knock those off, the you get the easier regulatory path. But that is not how the internet or this new economy actually works. The internet merges communications, commerce and content. U.S. law deprives itself of a proper review because its categorical definitions are out of date. Indeed, it is not even clear that under this current review the real brackets against the corporate power, such as Apple Inc., Google, or Amazon, rather than Verizon-Yahoo alone, will be a part of the analysis.   

From this analysis don’t assume a judgment on my part. On balance, without extensively reviewing the matter, I veer towards approval of the purchase. I also prognosticate, whether I were to like it or not, that the DOJ will ultimately approve it. I do not believe for a minute, however, that the actual interests of the consumer are being taken into account, nor can they be under the current structure of regulatory law and specifically anti-trust. In a sentence: Because contemporary U.S. anti-trust law lacks an understanding of how information is valued or drives a global market, it does not know how to evaluate internet companies or businesses for public interest. So buckle your wallet belts, consumers, this merger will go through. As a result, you will pay more for mediocre services such as internet connectivity and in the subtle ways you will be influenced and maneuvered into certain terrains of content.

Which brings me to the Dys case. No one should be surprised by it, and no one in security circles is. Internet of things has long been on the radar, and hacked ancillary devices such as printers have already been the source of everything from data breach to racist propaganda emerging spontaneously in the workplace. The Chinese manufacturers of networked cameras or other such devices are not the first to invent easy passwords; U.S. vendors have been doing it for years. It does not take the aptitude of rocket science to put it all together to create Marai, an algorithm to coordinate a denial of service attack. 

What is surprising is what we do not learn from history. In the 1990’s the U.S. government used antitrust law to clip Microsoft’s wings and get its cut. The damage to all sectors of society: government, industry and education did not so much come from bundling of software onto the manufacture of personal computers (the demise of a superior internet browser, Netscape, aside), as it did from the malware that took advantage of the default insecure settings on Microsoft products. Not even consumer plaintiff lawyers thought to bring a class action suit, never mind expecting the Federal Trade Commission to get in the act.  Microsoft was then smart, they settled the antitrust eventually, and remade themselves into a mature and responsible company, one that takes both privacy and security seriously.  

The government?  Not so much.  In perpetual reactive mode, it just sits back and allows bad things to happen before it does so much to protect consumers or, for that matter, to help business protect itself.  No one company wants to pay for regulation, I get that, but it is in their interest, as well as the public, to force their hand.  No one does that because it is so politically inexpedient.  But then please do not act all surprised when the obvious happens, an eventuality that not only can be predicted but should be managed for everyone’s sake: industry as well as the public, especially with national security hanging in the balance.

Usually in these circumstances readers could predict my response. “Global internet governance,” that is what she’ll talk about. Yup, not least when the best the government has to offer is the Vice President saying on Meet the Press, “We’re sending a message,” Mr. Biden said. “We have the capacity to do it.”  Playground politics insufficiently meets serious potential consequence. If global internet governance is too much of an imaginative leap – and I would hate to think of what it will take to make a difference (but, again, thinking of history, what it took to get the United Nations in place) – then let’s start with something relatively more modest: regulations around the security of consumer devices. Still, with what I know about American and its regulatory environment, I am not holding my breath.
 

Read more by

Back to Top