Driving While Online: Does the NHTSA Know Best?

Many generations of technology ago—that is to say, in the 1950s—there was a popular TV show called "Father Knows Best," starring Robert Young as the father of four children whose escapades and misfortunes always wound up with the kids having a talk with Daddy.  When this happened, you knew the final commercial break was coming up and everything would be tied up neatly in a few more minutes. 

Real family life in the 1950s wasn't as easy to fix as "Father Knows Best" portrayed, and neither is the problem of drivers getting distracted by portable devices such as mobile phones, tablets, and so on.  Some observers are attributing the recent rise in per-mile auto fatalities in the U. S. mainly to electronic distractions, and the U. S. National Highway Transportation Safety Administration (NHTSA) has a Department of Transportation (DOT) that has recently issued a draft set of "guidelines" for makers of electronic devices and automotive manufacturers to follow in order to address this problem.

Everybody admits there's a real problem.  If you've driven more than a few hours in rush-hour traffic in any major city, you've probably seen people doing things at the wheel that you can't believe they're doing, like texting or studying something on the car seat, even watching videos.  The question is what to do about it.

Lots of municipalities have tried to attack the problem by passing a no-hand-held-device-use ordinance for drivers, but enforcing such a thing is not something that highway patrol officers get real excited about, and the consensus is that these ordinances have not made a big dent in the problem.

So on Nov. 23, the NHTSA announced a draft of guidelines for makers of portable devices:  mobile phones, tablets, GPS display systems, you name it.  Two of the new concepts that these guidelines, if followed, would introduce to the driving public are "pairing" and "Driver Mode."

Pairing refers to an electronic connection between the portable device and the vehicle's built-in displays and controls.  Historically, the automakers have taken the NHTSA's word seriously regarding its recommendations for how to incorporate safety features in cars.  Although guidelines do not have the force of law, they can become law if Congress so chooses, and so many safety features such as seat belts and air bags showed up in cars as options before they were made mandatory.  In an earlier set of guidelines, the NHTSA set up rules for built-in instrumentation that would meet the agency's non-distraction requirements.  This involves things like not requiring the driver to glance away from the road for more than two seconds at a time and so on.  Their reference maximum distraction is tuning a radio manually.  Anything that distracts you more than that is basically regarded as too much.

Assuming the car's built-in controls and displays meet that criterion, pairing basically ports the portable device's controls to the car's built-in controls, which automatically meet the distraction guidelines already.  Maybe this sounds easy to a regulatory agency, but to this engineer, it sounds like a compatibility nightmare.  For pairing to work most of the time, every portable device that anyone is likely to use in a car will have to be able to communicate seamlessly with the wide variety of in-car systems, and be able to use those systems as a remote command and control point instead of the device's own controls and displays.  Maybe it can be made to work, but at this time it looks like a long shot.  And even if it does, you have the problem of those die-hards (such as yours truly) who cling to cars that are ten or fifteen years old and will never catch up to the latest technology.  (Those folks tend not to buy the latest portable devices either, but there are exceptions.)

Recognizing that pairing won't solve all the problems, the next step is Driver Mode.  This is an operational mode that goes into effect when the device figures out it's in a moving car.  Most new portable gizmos these days have built-in GPS systems, and so they can detect vehicle motion without much of a problem, although there might be issues with things like rides on a ferry boat and so on.  But those situations are rare enough to be negligible.  Once in Driver Mode, the device will refuse to let the user do things like texting, watching videos, and other activities that distract more than the reference tuning-the-radio operation would. 

One can foresee problems with Driver Mode as well.  The NHTSA says the user should be able to switch it off, and if this option is available, my guess is a lot of people will choose to disable Driver Mode altogether.  A determined distracted driver is going to find a way to text while driving no matter what, but the hope is that with these new measures in place—pairing and Driver Mode, mainly—the number of incidents of distracted driving will decrease, and we will resume our march to fewer traffic accidents that has been going on historically for the last several decades.

While the NHTSA deserves credit for encouraging device makers and car manufacturers to consider these ideas, it is not clear that there is a lot of enthusiasm for them, especially on the part of the mobile phone makers.  Automakers selling big-ticket cars can more easily adapt their products to the different requirements of different legal regimes in the U. S. and, say, France.  But piling a bunch of complicated pairing features onto phones sold only in the U. S. may not be an easy thing to convince phone makers to do.  Unless the U. S. initiative proves so popular that it becomes a global phenomenon, my guess is that mobile phone makers will resist building in the pairing function, especially because they would have to deal with a bewildering variety of host controls and displays in cars that would be hard to keep up with.

This issue is just one aspect of the huge upheaval in the auto industry that IT is causing right now.  Integrating cars with the Internet and portable devices, and making sure in-car displays work without causing wrecks, are only two of the many challenges that car makers face in this area.  Ironically, the move toward driverless cars, if successful, would render all the driver-distraction precautions pointless anyway.  If the driver's not doing anything, it's fine to let him or her be distracted.  That's Google's hope, anyway, in developing driverless cars:  less time paying attention to driving means more time on the Internet. 

The hope is that all the confusion will eventually settle down, or at least we will make the transitions to highly IT-intensive cars that are still at least as safe to drive as the older ones, if not safer—until we don't have to drive them at all.  But it looks like right now, at least, car makers will have to aim simultaneously at two targets that are moving in opposite directions. 

Sources:  An article summarizing the NHTSA proposed guidelines appeared in the San Jose Mercury-News on Nov. 23, 2016 at http://www.mercurynews.com/2016/11/23/biz-break-feds-nudge-phone-makers-to-block-drivers-from-using-apps-behind-the-wheel/.  The NHTSA press release about the guidelines can be found at https://www.nhtsa.gov/About-NHTSA/Press-Releases/nhtsa_distraction_guidelines_phase2_11232016, and the press release has a link to a .pdf file of the draft guidelines.

The Day The Internet Goes Down

This hasn't happened—yet.  But Bruce Schneier, an experienced Internet security expert with a track record of calling attention to little problems before they become big ones, is saying he's seeing signs that somebody may be considering an all-out attack on the Internet.  In an essay he posted last month called "Someone Is Learning How to Take Down the Internet," he tells us that several Internet-related companies which perform essential functions such as running domain-name servers (DNS) have come to him recently to report a peculiar kind of distributed denial-of-service (DDOS) attack.

For those who may not have read last week's blog about ICANN, let's back up and do a little Internet 101.  The URLs you use to find various websites end in domain names—for example, .com or .org.  One company that has gone public on its own with some limited information about the attacks is Verisign, a Virginia-based firm whose involvement with the Internet goes back to the 1990s, when they served as the kind of Internet telephone book for every domain ending in .com for a while, before the ICANN, now an internationally-governed nonprofit organization, took over that job.  Without domain-name servers, networked computers can't figure out how to find websites, and the whole Internet communication process pretty much grinds to a halt.  So the DNS function is pretty important.

As Schneier explains in his essay, companies such as Verisign have been experiencing DDOS attacks that start small and ramp up over a period of time.  He likens them to the way the old Soviet Union used to play tag with American air defenses and radar sites in order to see how good they were, in case they ever had to mount an all-out attack.  From the victim's point of view, a DDOS attack would be like if you were an old-fashioned telephone switchboard operator, and all your incoming-call lights lit up at once—for hours, or however long the attack lasts.  It's a battle of bandwidths, and if the attacker generates enough dummy requests over a wide enough bandwidth (meaning more servers and more high-speed Internet connections), the attack overwhelms the victim's ability to keep answering the phone, so to speak.  Legitimate users of the attacked site are blocked out and simply can't connect as long as the attack is effective.  If a critical DNS is attacked, it's a good chance that most of the domain names served will also disappear for the duration.  That hasn't happened yet on a large scale, but some small incidents have occurred along these lines recently, and Schneier thinks that somebody is rehearsing for a large-scale attack.

The Internet was designed from the start to be robust against attack, but back in the 1970s and 1980s, the primary fear was an attack on the physical network, not one using the Internet itself.  Nobody goes around chopping up fiber cables in hopes of bringing down the Internet, because it's simply not that vulnerable physically.  But it's likely that few if any of the originators thought of the possibility that the Internet's strengths—universal access, global reach—would be turned against it by malevolent actors.  It's also likely that few of them may have believed in original sin, but that's another matter.

Who would want to take down the Internet?  For the rest of the space here I'm going to engage in a little dismal speculation, starting with e-commerce.  Whatever else happens if the Internet goes down, you're not going to be able to buy stuff that way.  Schneier isn't sure, but he thinks these suspicious probing attacks may be the work of a "state actor," namely Russia or China.  Independent hackers, or even criminal rings, seldom have access to entire city blocks of server farms, and high-bandwidth attacks like these generally require such resources.

If one asks the simple question, "What percent of retail sales are transacted over the Internet for these three countries:  China, the U. S., and Russia?" one gets an interesting answer.  It turns out that as of 2015, China transacted about 12.9% of all retail sales online.  The U. S. was next, at about 8.1%.  Bringing up the rear is Russia, at around 2%, which is where the U. S. was in 2004.  Depending on how it's done, a massive attack on DNS sites could be designed to damage some geographic areas more than others, and without knowing more details about China's Internet setup I can't say whether China could manage to cripple the Internet in the U. S. without messing up its own part.  But there is so much U. S.-China trade that Chinese exports would start to suffer pretty fast anyway.  So there are a couple of reasons that if China did anything along these lines, they would be shooting themselves in the foot, so to speak.

Russia, on the other hand, has much less in the way of direct U. S. trade, and while it would be inconvenient for them to lose the use of the Internet for a while, their economy, such as it is, would suffer a much smaller hit.  So based purely on economic considerations, my guess is that Russia would have more to gain and less to lose in an all-out Internet war than China would.

A total shutdown of the Internet is unlikely, but even a partial shutdown could have dire consequences.  Banks use the Internet.  Lots of essential utility services, ranging from electric power to water and natural gas, use the Internet for what's called SCADA (supervisory control and data acquisition) functions.  The Internet has gradually become critical piece of infrastructure whose vulnerabilities have never been fully tested in an all-out attack.  It's not a comfortable place for a country to be in, and in these days of political uncertainty and the waning of dull, expert competence in the upper reaches of government, you hope that someone, somewhere has both considered these possibilities in detail, and figured out some kind of contingency plan to act on in case it happens. 

If there is such a plan, I don't know about it.  Maybe it's secret and we shouldn't know.  But if it's there, I'd at least like to know that we have it.  And if we don't, maybe we should make plans on our own for the Day The Internet Goes Down.

Sources:  Bruce Schneier's essay "Someone Is Learning How to Take Down the Internet" can be found at https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html.  I obtained statistics on the percent of U. S. retail e-commerce sales from the website https://ycharts.com/indicators/ecommerce_sales_as_percent_retail_sales, the China data from https://www.internetretailer.com/2016/01/27/chinas-online-retail-sales-grow-third-589-billion-2015, and the Russia data from https://www.internetretailer.com/commentary/2016/02/08/russian-e-commerce-domestic-sales-slump-chinese-imports-soar.  I also referred to the Wikipedia article on Verisign.

The Wireless-Car-Hack Recall: A Real-Life Drama in Three Acts

Act One—2010-2011

As automakers begin to build in more wireless technology to enable not only hands-free mobile phone use from their cars but streaming audio services and navigational and safety aids as well, some researchers at UC San Diego and the University of Washington look into the possibility that these new two-way communication paths can be used to hack into a car's computer for nefarious purposes.  After months of work, they manage to use a wireless connection to disable the brakes on a particular car, which to this day remains anonymous.  Rather than releasing the maker's name in their research publication in 2011, the researchers suppress it, and instead go privately to the car's manufacturers and warn them of the vulnerability.  Also in 2010, more than 100 car owners in the Austin, Texas area whose vehicles were linked into a system that can disable a car if the owner gets behind in his payments, found that their cars wouldn't start.  Only, they weren't deadbeats—one of the enforcement company's employees got mad at his boss and intentionally disabled the cars. 

Act Two—2012-2013

Two freelance computer security specialists, Charlie Miller and Chris Valasek, read about the UCSD/University of Washington wireless-car-hack study and decide to investigate the issue further.  They apply for and receive an $80,000 grant from the U. S. Defense Advanced Research Projects Agency (DARPA), with which they buy a Ford Escape and a Toyota Prius.  With this hardware, they teach themselves the intricacies of the automakers' internal software and as a first step, develop a wired approach to hacking into a vehicle's control systems.  This allows them to plug a connector into the car's diagnostic port and operate virtually any system they wish.  However, when they show this ability at Defcon 2013, a hacker's convention, representatives of automakers are not impressed, pointing out that they needed a physical connection to do the hacking.  That inspires Miller and Valasek to go for the ultimate hack:  wireless Internet control of a car, and demonstration of same to a journalist.

Act Three—2014-2015

After reading dozens of mechanics' manuals and evaluating over twenty different models, the pair decide that the model most vulnerable to an online hack is the Jeep Cherokee. Miller buys one in St. Louis and the pair begin searching for bugs and vulnerabilities in software.  Finally, in June of 2015, Valasek issues a command from his home in Pittsburg and Miller watches the Cherokee respond in his driveway in St. Louis.  They have succeeded in hacking remotely into the car's CAN bus, which controls virtually all essential functions such as brakes, throttle, transmission, wipers, and so on. 

After the lukewarm reception they received from automakers a couple of years earlier, they have decided a stronger stimulus is needed to get prompt action.  When they informed Fiat Chrysler Autos of their hacking work into the firm's Cherokee back in October of 2014, the response was minimal.  Accordingly, they invite Wired journalist Andy Greenberg to drive the Cherokee on an interstate highway, telling him only in general terms that they will do the hack while he's driving, and surprise him with particular demonstrations of what they can do. 

Greenberg must have felt like he was in a bad sci-fi flick about aliens taking over.  As he recalled the ride, "Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass."  During the finale, the hackers disabled the transmission, throwing it into neutral and causing a minor backup on the interstate.

Greenberg's article appears on Wired's website on July 21.  On July 24, Fiat Chrysler Autos announces a recall of 1.4 million vehicles to fix software flaws that allow their cars to be hacked remotely via the UConnect Internet connection that Miller and Vasalek used.  It is the first recall ever due to a demonstrated flaw that lets hackers access a car through its Internet connection.

. . . Back in December of 2014, I blogged on the possibility that someone would figure out how to use the Internet to hack into a car's controls.  At the time, I reported that several automakers had formed an Information Sharing Advisory Center to pool knowledge of problems along these lines.  And I hoped that nobody would use a remote hack for unethical reasons.  What Miller and Vasalek have done has ruffled some feathers, but falls short of truly illegal activity. 

Instead, it's in the tradition of what might be called "white-hat" hacking, in which security experts pretend to be bad guys and do their darndest to hack into a system, and then let the system designers know what they've done so they can fix the bug.  According to press reports, pressure from the National Highway Traffic Safety Administration prompted Fiat Chrysler Autos to issue the hacking recall as promptly as they did, only three days after the Wired article appeared.  The annals of engineering ethics show that a little adverse publicity can go a long way in stimulating action by a large organization such as a car company. 

You might ask why Fiat Chrysler's own software engineers couldn't have done what Miller and Vasalek did, sooner and more effectively.  That is a complex question that involves the psychology of automotive engineers and what motivates them.  Budgeting for someone to come along and thwart the best efforts of your software engineers to protect a system is not a high priority in many firms.  And even if an engineer with Fiat Chrysler had concerns, chances are that his superiors would have belittled them, as they did Miller and Vasalek's demo of the wired hack in 2013.  To do anything more would have required a whistleblower to go outside the company to the media, which would have probably cost him his job. 

But this way, Miller and Vasalek get what they wanted:  real action on the part of automakers to do something about the problem.  They also become known as the two Davids who showed up the Goliath of Fiat Chrysler, and this can't do their consulting business any harm.  Best of all, millions of owners of Cherokees and other vehicles can scratch one small worry off their list:  the fear that some geek somewhere will pick their car out of a swarm on a GPS display somewhere and start messing with the radio—or worse.

Sources:  The Associated Press article on the Fiat Chrysler Auto recall appeared in many news outlets, including ABC News on July 24 at http://abcnews.go.com/Technology/wireStory/fiat-chrysler-recalls-14m-vehicles-prevent-hacking-32665419.  The Wired article by Andy Greenberg describing the Cherokee hack is at http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/.  My latest previous blog on this subject appeared on Dec. 1, 2014 at engineeringethicsblog.blogspot.com/2014/12/will-remote-car-hacking-stop-before-it.html.

Will Remote Car Hacking Stop Before It Starts?

The bomb exploded as the car reached the intersection of Park Place and Forest Park Boulevard in Fort Worth, Texas.  The explosion was loud enough to be heard at an elementary school a couple of blocks away, and I was one of several students who got to the scene before emergency crews had cleaned it up.  From the front doors rearward the car looked nearly normal, but there was just a blackened pile of junk where the front end used to be.  The driver was killed instantly.  From what I recall, later investigation of this mid-1960s incident turned up ties to organized crime, and I'm not sure but what the criminals put the bomb in the wrong car.  Even the Mafia makes mistakes.

To commit that crime, someone had to make a powerful time bomb and gain physical access to the car in order to plant it.  In the near future, it will be logically possible to wreck a car and kill the driver without ever laying a finger on either one.  Once wireless networking and Bluetooth communications are integrated in new models of automobiles, a sufficiently dedicated hacker might be able to wrest control of the car from the driver and do anything he likes, including driving the car off a cliff or into a gravel truck.

So far as anyone knows, no one has committed a successful crime by hacking into a car's software.  On the other hand, automotive software hacking for benign purposes has been around for a decade or more.  While teens of an earlier generation would get greasy in a garage staying up till midnight to hop up a '57 Chevy for drag racing, today's hot-rodders hack into the valve-control software and tune up the timing to suit their purposes.  The keyhole for this activity is the OBD-II port—the place an auto tech plugs a computer into your car to diagnose why your check-engine light is on. 

In a demonstration for the U. S. military, cyberhackers showed how they could use the port to exert virtually total control over a current-model car, locking the brakes or even killing the engine.  This kind of hacking requires extensive knowledge of the car's software and a good deal of reverse engineering, so it is currently not cost-effective for the bad guys to do it.  And with non-networked cars, it still requires physical access to the car.  But automotive-industry leaders are trying to anticipate the day when new cars are totally networked and become part of the Internet, which will open them up to attacks from anywhere in the world.

According to recent press reports, automakers are organizing an automotive version of an Information Sharing Advisory Center (ISAC), similar to the ones that the banking and other information-critical industries have formed to promote the sharing of news about cyber-threats among competing firms and to develop countermeasures fast.  Just as significant as their actions is the fact that they are publicizing their actions.  One could speculate that the car companies are trying to send a signal to potential automotive cyber-attackers that the industry is not sitting idly by, waiting for the first fatality before something is done to prevent such attacks.  Instead, they are putting defenses in place well before any attack occurs—a sound military tactic.

There may be a lesson here about the tendency of organizations to lose effectiveness with time.  Computers have been used in cars for less than a generation.  But cars have had ignition keys for close to three generations.  The GM ignition-switch failures, with their resulting fatalities and massive recalls, stem from the negligence of engineers who have been doing basically the same thing since the 1930s, although the details have certainly changed over the years.  But the engineers in charge of computer security have grown up in an environment where hacking and cyberattacks are an ordinary part of life, and to pretend otherwise would be a mark of incompetence.  So it is no great surprise to hear that car companies are trying to get ahead of computer criminals by forming an ISAC.

Even so, you can imagine situations in which the mere threat of such an attack would be profitable for criminals.  Say you're the CEO of UPS, and one day near the peak Christmas-shipping season you get an email instructing you to deposit two million dollars in a certain Swiss bank account by a certain time.  If you don't, the sender promises to throw a digital monkey wrench into your entire fleet of trucks, all at once.  The CEO would at least have to take such a threat seriously. 

I feel like taking a mental bath after putting myself into the mindset of a cybercriminal that way, but unfortunately, that is what competent computer-security people have to do in order to come up with ways to thwart such attacks.  The only sure defense against such blackmail is to have enough encryption and other measures in place so that no conceivable attack will stand a good chance of working.  There is always a chance that some evil super-genius will figure out a way to hack the best defenses, but statistically, such people are rare and most cyber-threats involve only the average amount of cleverness. 

The organizers of the first automotive ISAC are to be congratulated for their foresight in anticipating what could be a really messy and dangerous problem, and I hope that automotive cyberattacks are prevented before they can even get off the ground.  But no one knows exactly how cars will interact with the Internet in the future, and depending on how the systems develop, the best efforts of the good guys may be foiled sooner or later by a bad guy.  Let's hope that day is a long way off.

Sources:  Justin Pritchard's report on the organization of an automotive ISAC and successful test attempts at automotive cyberattacks was distributed by the Associated Press and carried by numerous news outlets such as ABC News on Nov. 25, 2014 at http://abcnews.go.com/Technology/wireStory/computer-hackers-dissect-cars-automakers-react-27132494.  The online edition of Auto News carried another report from a Society of Automotive Engineers conference announcing the formation of the industry's first ISAC, at http://www.autonews.com/article/20141021/OEM11/141029957/auto-industry-forming-consortium-to-fight-hackers.  My blog on the GM ignition switch recall appeared on June 9, 2014 at http://engineeringethicsblog.blogspot.com/2014/06/the-switch-from-hell-gms-barra-and.html.

How Neutral Is the Net?

Earlier this month, President Obama asked the U. S. Federal Communications Commission (FCC) to classify the Internet as a public utility in order to preserve net neutrality.  While in principle the FCC is an independent regulatory authority, it usually takes the President seriously, and this proposed action led to both cheers and boos. 

The cheering came from mostly liberal observers who see threats to the Internet coming from internet service providers (ISPs), who have expressed a desire to discriminate (either favorably or unfavorably) among their customers.  One form of discrimination that has come up for discussion is that a big outfit such as Google or Facebook would pay ISPs for preferential treatment—a "fast lane" on the Internet so their websites would work faster compared to everyone else's.  Another idea, one that Comcast actually tried to implement a few years ago, is that certain types of Internet services that hog bandwidth (such as file sharing of music and videos) could be artificially slowed or discriminated against.  In that case, the FCC told Comcast to quit discriminating, and it did.  But more recently, similar attempts on the part of the FCC to enforce net neutrality have been struck down by federal courts, which said that the FCC doesn't have the legal authority to regulate the Internet in that way.  Hence the President's call to reclassify the Internet as a Title II public utility, which refers to a section in the FCC's enabling legislation that was originally intended to cover things like the telephone network.

And that leads to the boos, coming mainly from conservatives who see danger in letting the FCC treat the Internet basically the same way it treats the phone network.  Hidden on your phone bill is a little item called the Universal Service Fee.  On my cellphone bill it's $2.22 a month.  It was originally intended to provide subsidies for rural telephone service, but like most government fees and taxes, once it was planted as a tiny seed it put down roots and is now a mighty oak of revenue for the FCC, which supports itself entirely on fees.  If the phone network was not classified under Title II, the FCC could not assess this fee.  But such fees can be charged to a Title II service, which the Internet would become if the FCC does what the President asked it to.  That doesn't mean we would instantly start paying fees as soon as the FCC reclassified the Internet, but it does mean that they would have the legal right to.

From the viewpoint of consumers, it's hard to make an argument that a non-neutral net would be anything but bad.  The net (so to speak) effect of a non-neutral net would be to restrict access to something or other—either the firms that couldn't afford the extra fees that the ISPs want to charge the Googles for fast-lane services, or the types of services that cause ISPs headaches such as certain file-sharing activities.  But how neutral is the net today?

The picture is sometimes painted of a happy, absolutely free Internet world where equality reigns, versus a dismal, corporate-dominated few-rich among many-poor non-neutral Internet that the liberals warn us may happen if we don't guard net neutrality.  The facts are otherwise.  Right now the Internet is a great deal less neutral than it used to be.  If you don't belong to Facebook, for instance (as I don't), access to that world within a world of social media is highly restricted from you.  This has come about not because of anything an ISP has done, but because Facebook, in order to operate, requires certain information from you before you join, and hopes your signing up and consequent Facebook profile will attract other viewers.  Many of the various Google accounts and services work the same way.  My point is that there are huge regions on the Internet that are closed to you unless you pony up something to get into them (not necessarily cash), which is basically what the net-neutral advocates say will happen unless we preserve net neutrality.  But it already happens.

And what about people who live in areas that have slow or no access to the Internet?  It's not neutral to them.  Nobody has gone so far as to say every citizen of the U. S. has a right to X megabits per second access to the Internet.  But there was a time when the idea that everyone should have access to a telephone was a radical notion that telephone companies fought against, until the Bell System decided to join instead of fight and willingly put itself under the supervision of government authorities in exchange for promoting universal access. 

As I blogged in this space a few years ago, when you have a large network that thrives on maximizing the number of people connected to it, any artificial attempt to limit that access damages the system.  And over time, most such systems have ways of figuring this out, and tend to rid themselves of such restrictions.  But government fees and regulations are another matter.  It took years of court battles to free up the phone system from the old-style regulated monopoly pattern that was appropriate to the technology of 1945, but by 1980 was outmoded and needed to change. 

By and large, the Internet has stayed fairly neutral, not so much because the players all have a principled commitment to net neutrality, but because restrictions that move it in the non-neutral direction tend to harm the system as a whole.  My own inclination is to let things more or less alone, rather than reclassifying the Internet into a category that would make it vulnerable to a whole array of regulations that might be well-intended at the time, but could become albatrosses around the neck of a technology that has so far proved to be quite agile and dynamic.  But whatever happens, we should all realize that net neutrality is an ideal that has never been completely realized in practice.

Sources:  President Obama's statement on favoring FCC action to preserve net neutrality was announced on Nov. 10, 2014, and is available at http://www.whitehouse.gov/net-neutrality.  I referred to the conservative National Journal's piece on his move at http://www.nationaljournal.com/tech/obama-s-net-neutrality-plan-could-mean-new-internet-fees-20141120.  I also referred to the Wikipedia articles on network neutrality and the Federal Communications Commission.  My blog "Will the Net Stay Neutral if Google Doesn't Want It To?" appeared on Aug. 9, 2010.

Can Engineers Fix the Political System?

From now until early November, U. S. citizens will be bombarded by more political ads than most people care to hear.  While I won’t take sides today, I sense a general opinion that the U. S. Congress in particular, and perhaps the whole range of U. S. political systems in general, is severely impaired if not quite broken down.  And during an election year, it’s more noticeable than ever.

Support for this sense comes from a book by economist Arnold Kling, who thinks the U. S. has outgrown a political system that may have worked fine when the country was much smaller, but has now become antiquated and needs serious overhauling.  His basic point is that while the knowledge needed to govern the country is increasingly diffused by means of the Internet and other advanced technologies, the present political system tends to concentrate power in the hands of a few hundred elites:  the President and his executive-branch heads, members of Congress, quasi-independent bureaucrats such as the Federal Reserve Board, and leaders of large private corporations.  This leads at best to a kind of paralysis in which the elites do things that basically feather their own nests, while the great mass of people have little voice or influence on what the elites choose to do to them (I could have written “for them” instead of “to them” but sometimes it’s hard to tell which preposition is more appropriate).

Rather than just complain, Kling proposes some solutions, and says some very nice things about engineers in the process.  He cites the way that the Internet’s technical rules are arrived at as a good example of “just-in-time government.”  Although the process is somewhat different now, for many years the Internet was governed by a series of ad-hoc Internet Engineering Task Forces (IETFs).  A typical task force would be called together by an engineer who thought there was a problem that needed fixing.  Other engineers interested in the problem would volunteer their time to form a working group which would have meetings (either virtual or face-to-face) to discuss alternatives and agree on a plan of action.  Eventually the solution would be agreed upon and circulated in the form of a final draft.  If nobody objected strenuously within a certain time, the draft became Internet “law.”  Though Kling doesn’t mention it, many technical standards such as the ones about how wireless devices interact (you may have heard of IEEE 802.11, which is one such standard for local area networks) are arrived at by essentially the same kind of task-force mechanisms.

Kling points out that in contrast to well-paid civil servants, volunteers do not have an incentive to keep their problem alive so as to justify their working on it indefinitely.  They have their own jobs they’d like to get back to, and fixing the problem expeditiously is more appealing than prolonging it.  On the other hand, if you are the government-paid Assistant Sub-Executive Secretary of the Department of Circumlocution or something, you may be tempted to say that “further study is needed” no matter what problem comes up.

Kling uses IETFs as an example of ways that societies can govern themselves without the need for a superstructure of permanently empowered individuals whose terms in office last for many years.  He has other ideas as well that would make government run more like a competitive business and allow individuals to choose which regulatory and tax regime they would like to live under, without the disagreeable necessity of moving from one place to another physically.

Kling makes a good point about the excessive concentration of power with the following example.  If you divide the total budget of $4.3 billion for Montgomery County, Maryland by the number of County Council members, the spending per legislator is an astonishing $500 million.  There are few CEOs of private companies who can boast of controlling so much cash.  By contrast, Switzerland is divided into 26 “cantons” with between about 50 to 100 legislators in each canton.  The highest per-legislator spending level in Switzerland—a nation, not a county—is $76 million.  And Switzerland spends more per person on its relatively small population than the U. S. does.  When the U. S. was smaller, the spending per legislator was closer to what Switzerland’s is today, and it was probably easier for an average citizen to get the attention of a legislator, simply because there weren’t as many citizens then as there are today.  We would need upwards of a thousand congressmen in Congress today in order to move substantially closer to Switzerland’s situation.

And that brings up the main problem with all these nice ideas: as with many wide-ranging proposals to remake the political system, the problem is how to get there from here.  It’s unlikely that anyone in Washington is going to look kindly on the idea that we should have ten or a hundred many times as legislators as we do now.  And the alternative, to move power from Washington back to the individual states, is also one that has a rough time getting heard, although there are slight signs that the U. S. Supreme Court is thinking it might be time to move that way.

In the near term, the best we average citizens can do is to vote for people who might possibly be inclined to look beyond their own interests and do what is right for the city, state, or nation, regardless of whether it means a decrease in his or her own power.  Such people are increasingly rare, but if you find one, I encourage you to vote for them, while you still have the opportunity.

Sources: Arnold Kling’s Unchecked and Unbalanced:  How the Discrepancy Between Knowledge and Power Caused the Financial Crisis and Threatens Democracy  was published by Bowman & Littlefield (Lanham, MD) in 2010.

Note to Podcast Enthusiasts:  I was recently interviewed by Jeffrey Shelton and Chris Gammell of “Engineering Commons,” a podcast they put together weekly.  The resulting podcast was posted Sept. 6 and if you want to hear your scribe opinionate on a wide range of ethics-related matters, you can download it at theengineeringcommons.com.