Friday, February 26, 2010

Engineers, Commissars and Regulators: Layered self-regulation of network neutrality

My post Ostrom and Network Neutrality suggested that a nested set of self- or co- regulatory enterprises (Ostrom 1990:90) could be useful when designing regulatory approaches to network neutrality, but I didn’t give any concrete suggestions. Here’s a first step: create separate arenas for discussing engineering vs. business.

One’s immediate instinct when devising a shared regulatory regime (see the list of examples at the end) might be to involve all the key players; at least, that’s what I pointed to in When Gorillas Make Nice. However, I suspect that successful self-regulatory initiatives have to start with a relatively narrow membership and scope: typically, a single industry, rather than a whole value chain. That’s the only way to have a decent shot at creating and enforcing basic norms. Legitimacy will require broadening the list of stakeholder, but too many cooks at the beginning will lead to kitchen gridlock.

Let’s stipulate for now that the key problem is defining what “acceptable network management practices” amount to. Most participants in the network neutrality debate agree that ISPs should be able to manage their networks for security and efficiency, even if there is disagreement about whether specific practices are just good housekeeping or evil rent-seeking.

The engineering culture and operating constraints of different networks are quite distinct: phone companies vs. cable guys; more or less symmetrical last mile pipes; terminating fiber in the home vs. at cabinet; and not least, available capacity in wireline vs. wireless networks. Reconciling these differences and creating common best practices within the network access industry will be hard; that’s the lowest layer of self-regulation. The “Engineers” should be tasked with determining the basic mechanisms of service provision, monitoring compliance with norms, and enforcing penalties against members who break the rules.

The core participants are the telcos (e.g. Verizon, AT&T) and cable companies (e.g. Comcast, Time Warner Cable), in both their wireline and wireless incarnations. Only within a circumscribed group like this is there is any hope of detailed agreement about best practices, let alone the monitoring and enforcement that is essential for a well-functioning self-regulatory organization. Many important network parameters are considered secret sauce; while engineers inside the industry circle can probably devise ways monitor each other’s compliance without giving the MBAs fits, there’s no chance that they’ll be allowed to let Google or Disney look inside their network operating centers.

The next layer of the onion adds the companies who use these networks to deliver their products: web service providers like Google, and content creators like Disney. Let’s call this group the “Commissars”. This is where questions of political economy are addressed. The Commissars shape the framework within which the network engineers decide technical best practices. It’s the business negotiation group, the place where everybody fights over dividing up the rents; it needs to find political solutions that reconcile the very different interests at stake:

  1. The ISPs want to prevent regulation, and be able to monetize their infrastructure by putting their hand in Google’s wallet, and squeezing content creators.
  2. Google wants to keep their wallet firmly shut, and funnel small content creators’ surplus to Mountain View, not the ISPs.
  3. Large content creators want to get everybody else to protect their IPR for them.
  4. New content aggregators (e.g. Miro) want a shot at competing in the video business with the network facility owners.
This is not an engineering argument, and a Technical Advisory Group (TAG) along the lines described by Verizon and Google (FCC filing) would not be a suitable vehicle for addressing such questions. The Commissars are responsible for answering questions of collective choice regarding the trade-offs in network management rules, and adjudicating disputes that cannot be resolved by the Engineers among themselves.

The Engineers can work in parallel to the Commissars, and don’t need to wait for the political economists to fight out questions about rents; in any case, it will be helpful for the Commissars to have concrete network management proposals to argue about. There will be a loop, with the conclusions of one group influencing the other. The Commissars inform the Engineers about the constraints on what would constitute acceptable network management, and the Engineers inform the Commissars about what is practical.

Finally, government actors – call them the “Regulators” – set the rules of the game and provide a backstop if the Engineers and Commissars fail to come up with a socially acceptable solution, or fail to discipline bad behavior. Since the internet and the web are critical infrastructure, governments speaking for citizens are entitled to frame the overall goals that these industries should serve, even though they are not well qualified to define the means for achieving them. Final adjudication of unresolved disputes rests with the Regulators.


Ofcom, Initial assessments of when to adopt self- or co-regulation, December 10, 2008,

Elinor Ostrom, Governing the Commons: The Evolution of Institutions for Collective Action, Cambridge University Press, 1990

Philip J. Weiser, Exploring Self Regulatory Strategies for Network Management: A Flatirons Summit on Information Policy, August 25, 2008,

Examples of self- and co-regulatory bodies

The Internet Watch Foundation (IWF) in the UK works to standardize procedures for the reporting and taking-down of abusive images of children. It was established in 1996 by the internet industry to allow the public and IT professionals to report criminal online content in a secure and confidential way. (Ofcom 2008:9, and IWF)

The UK “Classification Framework” for content on mobile phones is provided by the Independent Mobile Classification Body (IMCB) with the aim of restricting young people’s access to inappropriate content. It is the responsibility of content providers to self-classify their own content as “18” where appropriate; access to such content will be restricted by the mobile operators until customers have verified their age as 18 or over with their operator. (Ofcom 2008:9, and IMCB)

The Dutch organization NICAM (Nederlands Instituut voor de Classificatie van Audiovisuele Media) administers a scheme for audiovisual media classification. It includes representatives of representatives of public and commercial broadcasters, film distributors and cinema operators, distributors, videotheques and retailers. (Ofcom 2008:9, and NICAM)

Amateur radio service and frequency coordinators provide examples of self-regulation in spectrum policy. The American Radio Relay League (ARRL) has an understanding with the FCC that it manages the relevant enforcement activities related to the use of ham radio. Only in the most egregious cases will ARRL report misbehavior to the FCC Enforcement Bureau. (Weiser 2008:23)

The Better Business Bureau’s National Advertising Division (NAD) enforces US rules governing false advertising, using threats of referrals to the FTC to encourage compliance with its rules. (Weiser 2008:24, and NAD)

US movie ratings are provided by a voluntary system operated by the MPAA and the National Association of Theater Owners.

Friday, February 12, 2010

Ostrom and Network Neutrality

My previous post scratched the surface of a self-regulatory solution to network neutrality concerns. While this isn’t exactly a common pool resource (CPR) problem, I find Elinor Ostrom’s eight principles for managing CPRs are helpful here (Governing the Commons: The evolution of institutions for collective action, 1990).

Jonathan Sallet boils them down to norms, monitoring and enforcement, and that’s a good aide memoire. It’s useful, though, to look at all of them (Ostrom 1990:90, Table 3.1):
1. Clearly defined boundaries: Individuals of households who have rights to withdraw resource units from the CPR must be clearly defined, as must the boundaries of the CPR itself.

2. Congruence between appropriation and provision rules and local conditions: Appropriation rules restricting time, place, technology, and/or quantity of resource units are related to local conditions and to provision rules requiring labor, material, and/or money.

3. Collective-choice arrangements: Most individuals affected by the operational rules can participate in modifying the operational rules.

4. Monitoring: Monitors, who actively audit CPR conditions and appropriator behavior, are accountable to the appropriators or are the appropriators.

5. Graduated sanctions: Appropriators who violate operational rules are likely to be assessed graduated sanctions (depending on the seriousness and context of the offense) by other appropriators, by officials accountable to these appropriators, or by both.

6. Conflict-resolution mechanisms: Appropriators and their officials have rapid access to low-cost local arenas to resolve conflicts among appropriators or between appropriators and officials.

7. Minimal recognition of rights to organize: The rights of appropriators to devise their own institutions are not challenged by external governmental authorities.

8. (For CPRs that are parts of larger systems) Nested enterprises: Appropriation, provision, monitoring, enforcement, conflict resolution, and governance activities are organized in multiple layers of nested enterprises.
Many but not all of these considerations are addressed in the filing and my comments: The headline of section B that “self-governance has been the hallmark of the growth and success of the Internet” reflects #2. My point about involving consumers speaks to #3. The TAGs mooted in the letter address #4 and #6, but not #5. The purpose of the letter is to achieve #7.

In addition to the lack of sanctions, two other key issues are not addressed. Principle #1 addresses a key requisite for a successful co-regulatory approach: that industry is able to establish clear objectives. Given the vagueness of the principles in the filing, it’s still an open question whether the parties can draw a bright line around the problem.

I believe #8 can help: create a nested set of (self- or co-) regulatory enterprises. While I don’t yet have concrete suggestions, I’m emboldened by the fact that nested hierarchy is also a hallmark of complex adaptive systems, which I contend are a usable model for the internet governance problem. Ostrom’s three levels of analysis and processes offer a framework for nesting (1990:53):
  • Constitutional choice: Formulation, Governance, Adjudication, Modification
  • Collective choice: Policy-making, Management, Adjudication
  • Operational choice: Appropriation, Provision, Monitoring, Enforcement
I think the TAGs are at the collective choice level. It would be productive to investigate the institutions one might construct at the other two levels. The FCC could usefully be involved at the constitutional level; even if one doesn't dive into a full-scale negotiated rule-making or "Reg-Neg", government involvement would improve legitimacy (cf. Principle #7). At the other end of the scale, operational choices include mechanisms not just for monitoring (and some tricky questions about disclosure of "commercially confidential" information) but also enforcement. The latter could be as simple as the threat of reporting bad behavior to the appropriate agency, as the Better Business Bureau’s National Advertising Division does (see Weiser 2008:21 PDF).

When Gorillas Make Nice

Verizon and Google’s recent joint FCC filing about the values and governance of the internet largely echoes the conclusions of a Silicon Flatirons summit in August 2008 (PDF): that self-governing institutions are the best way to manage day-to-day questions of network neutrality, with the government acting as a backstop when market forces and self-regulation fail.

The filing seems to come in two parts: a statement of principles, and a sketch of how self-governance might work. I’ll largely ignore the first part, since clearly Google and Verizon found little to agree on. The three key principles are motherhood (consumer transparency and control), Google’s non-negotiable (openness) and Verizon’s (encouraging investment), respectively; it’s hard to argue with any of this, except to observe that the hard work lies in achieving them simultaneously.

The most useful resource on self-regulation in communications I’ve seen is Ofcom’s 2008 statement on “Identifying appropriate regulatory solutions: principles for analysing self- and co-regulation” (PDF). It concluded that self-regulation is most likely to work when “industry collectively has an interest in solving the issue; industry is able to establish clear objectives for a potential scheme; and the likely industry solution matches the legitimate needs of citizens and consumers.”

If their effort is to succeed, the companies will have to build an institution that represents all interests. Let's stipulate that the three main stakeholder groups are content players, network operators and consumers; Google and Verizon fall in the first two groups. On the network side, they’ll need to add the cable industry (always much more leery of network neutrality than the long-regulated telcos), and on the content side, the studios. The trickiest part will be finding a “consumer voice” with some legitimacy; everybody, not least these companies, claims to have the consumer’s best interest at heart.

The filing is predictably vague about the basis on which government would become involved, and is silent about how its proposed institution would enforce its own norms. That’s a mistake. It’s in the companies’ best interest to declare which sword they want hanging over their heads. If they don’t, there won’t be sufficient incentive to Do the Right Thing in the short term (the CEO will ask, “If I’m not breaking a law, why should I go the extra mile?”), which means that eventually a mountain of punctilious rules will be imposed on them. (It’s my understanding that this is what happened over the last decade with accessibility to the internet for those with disabilities: tech companies promised a decade ago they’d solve the problem, didn’t do all that much, and now Rep. Markey is writing detailed rules.)

It’s not clear to me whether the filing is proposing self- or co-regulation, defined by Ofcom (2008) as follows:

Self-regulation: Industry collectively administers a solution to address citizen or consumer issues, or other regulatory objectives, without formal oversight from government or regulator. There are no explicit ex ante legal backstops in relation to rules agreed by the scheme (although general obligations may still apply to providers in this area).

Co-regulation: Schemes that involve elements of self- and statutory regulation, with public authorities and industry collectively administering a solution to an identified issue. The split of responsibilities may vary, but typically government or regulators have legal backstop powers to secure desired objectives.
I think co-regulation is indicated here. Without a backstop there will not be sufficient incentive for good behavior. Politically, too, the term “self-regulation” has become anathema in Washington DC because the financial melt-down is deemed to have been due to a failure in the same. (Not that it matters, but I think this assessment is incorrect on two counts: self-regulation is only part of a much larger problem in the financial crisis; and even if it weren’t, the lessons learned are not easily transposable to communications policy. Still, it’s probably best to use another term, like shared regulation, supervised delegation or bounded autonomy.)

Wednesday, February 10, 2010

The internet is not an ecosystem, but…

The “internet ecosystem” metaphor is ubiquitous; I’ve used it myself, though with some trepidation. I think I can now reconcile why it’s both wrong and useful.

It’s wrong, strictly speaking, since many aspects of the ecosystem-internet mapping are questionable. As I blogged in 2007 about the “business ecosystem” terminology, the validity of the metaphor is undermined by quite a large number of mapping mismatches:
Number: a food web consists of billions of interactions among animals and plants; a business web comprises a relatively small number of companies

Metrics: Biomass a typical rough measure of an ecosystem; does that map to total revenue, profitability, return on investment, or something else?

Topology: An ecosystem is a lossy, one-way energy flow; as each organism is eaten by the next, energy is lost. Business relationships are reciprocal, and generate value.

Time scales: Species change slowly, but companies can change their role in a system overnight through merger, acquisition or divestiture.

Choice: Interactions between firms can be changed by contract, whereas that between species is not negotiable except perhaps over very long time scales by evolution of defensive strategies.

Foresight: Humans are pre-eminent among animals in their ability to anticipate the behavior of other actors, explore counter-factuals, think through What If scenarios, etc. The response of a system containing humans to some change is therefore much more complex than that of a human-free ecosystem. “Dumb” agents in an adaptive system respond to the change; humans respond to how they think other humans will respond to their response to those people’s responses etc.

Goals: Biological systems don’t have goals, but human ones do. There are no regulatory systems external to ecosystems in a state of nature (if such things still exist on this planet), but there are many, such as rule of law and anti-trust, in human markets. Natural processes don’t care about equity or justice, but societies do, and impose them on business systems. If ecosystems were a good model for business networks, there would be no need for anti-trust regulation.
The connotations of the metaphor are also misleading. Ecosystems are often used to connote stability and vibrant self-regulation; in fact, they often suffer catastrophic collapses. Companies are exhorted to invest in their ecosystem with the goal of becoming a keystone species. It’s not clear why they should do so, from the ecosystem perspective: keystone species don’t typically represent a lot of biomass. Their “bottleneck position”, however, is attractive from the perspective of a company that wants to extract rents through market power.

However, the ecosystem concept has gained traction because there is a deeper truth: both the internet and ecosystems are both examples of complex adaptive systems. (A complex adaptive system may be defined as a collection of interacting, adaptive agents; other examples include the immune system, the human body, stock markets, and economies. Note that adaptive systems are often nested.)

Thus, the internet is to an ecosystem as a whale is to an elephant. It could be useful to think in terms of elephants if one has to manage oceans but doesn’t know much about whales, since both are large, social mammals. However, one can just as well explain whales in terms of elephants – and the differences, e.g. living on land vs. in water – can be decisive in some cases.

With this realization, the utility and limitations of using an ecosystem metaphor when thinking about the internet, as I did in my Internet Governance as Forestry paper, have become much clearer to me. Lessons from managed ecosystems can illuminate the dynamics and pitfalls of managing the internet, and principles (such as the Resilience Principles I outlined in my recent talk at Silicon Flatirons; my presentation starts around time code 01:36:00 of the video) derived from one can be applied to the other.

Monday, February 08, 2010

Resilience and Realpolitik

Resilience is a fashionable meme - rightly so, since it offers an alternative to the "find the efficient optimum" approach to solving problems in political economy. (I would say so, of course; see e.g. my presentation at Silicon Flatirons recently, and my paper on forestry as a metaphor for internet governance.)

As reported by The Economist (A needier era: The politics of global disruption, and how they may change, Jan 28th 2010), a report for the Brookings Institution on international politics in an age of want suggests that Governments should think more in terms of reducing risk and increasing resilience to shocks than about boosting sovereign power.  This is analogous to advocating reducing risk and increasing resilience vs. boosting wealth creation in the economy. The reason given is that the new threats are networks (of states and non-state actors) and unintended consequences (of global flows of finance, technology and so on).

I've seen (and propagated) the same memes in the context technology policy: the determining factors are inter-locking networks of agents, and unintended consequences that shift more quickly than legislation.

It's ironic, given my claim that the resilience approach is a counter to neoclassical economics, that the article closes with a Milton Friedman quote...