Day: 28 November 2017

Ben Thompson Is Wrong About the Deregulation of ISPs

Ben Thompson writes a reasonable-sounding yet largely wrong defence of the proposal to reclassify ISPs under Title I instead of Title II, beginning with a smart debunking of that Portuguese cellular pricing infographic you’ve probably seen:

So to recount: one Portugal story is made up, and the other declared that a 10GB family plan with an extra 10GB for a collection of apps of your choosing for €25/month ($30/month) is a future to be feared; given that AT&T charges $65 for a single “Unlimited” plan that downscales video, bans tethering, and slows speeds after 22GB, one wonders if most Americans share that fear.

It’s a sillier infographic than you might realize — contrary to what Congressman Khanna wrote, the E.U., of which Portugal is a part, actually has net neutrality laws, albeit ones that permit some zero-rating; I’ll get to zero-rating a little later. But the prior excerpt and its succeeding paragraph form the thesis for Thompson’s argument:

That, though, is the magic of the term “net neutrality”, the name — coined by the same Tim Wu whose tweet I embedded above — for those FCC rules that justified the original 2015 reclassification of ISPs to utility-like common carriers. Of course ISPs should be neutral — again, who could be against such a thing? What is missing in the ongoing debate, though, is the recognition that, ever since the demise of AOL, they have been. The FCC’s 2015 approach to net neutrality is solving problems as fake as the image in Wu’s tweet; unfortunately the costs are just as real as those in Congressman Khanna’s tweet, but massively more expensive.

Thompson follows this by acknowledging several instances when ISPs were not treating data neutrally, but concludes that contemporary regulatory action or public pressure illustrate a lack of need for Title II classification. I find this reasoning to be ill-considered at best. First, the Madison River incident:

The most famous example of an ISP acting badly was a company called Madison River Communication which, in 2005, blocked ports used for Voice over Internet Protocol (VoIP) services, presumably to prop up their own alternative; it remains the canonical violation of net neutrality. It was also a short-lived one: Vonage quickly complained to the FCC, which quickly obtained a consent decree that included a nominal fine and guarantee from Madison River Communications that they would not block such services again.

It’s worth recognizing that the consent decree references Title II guidelines. Thompson cites two more cases of net neutrality violations — Comcast blocking the BitTorrent protocol under the guise of it being network management policy, and MetroPCS offering zero-rated YouTube, which I’ll get to later — but, strangely, doesn’t mention AT&T’s blocking of FaceTime on certain cellular plans. No other video chatting apps were prohibited, raising the question of why AT&T decided to target FaceTime users.

Recently, Verizon began throttling video streaming on their cellular network, too, with the exception of its NFL app which, by the way, is also exempt from data caps. The FCC under Tom Wheeler said that AT&T was violating net neutrality rules when they exempted their own DirecTV service from users’ data caps, too, giving it an unfair advantage over other streaming video services. Comcast hilariously argued that their broadband-powered service for streaming video to laptops was exempt from the anticompetitive agreement they signed when they acquired NBCUniversal.

That makes this claim, in Thompson’s recap, obviously incorrect:

There is no evidence of systemic abuse by ISPs governed under Title I, which means there are no immediate benefits to regulation, only theoretical ones

There is clearly plenty of evidence that ISPs will not treat data the same if offered the opportunity to do otherwise. And, I stress again, we aren’t simply talking about internet providers here — these are vertically-integrated media conglomerates which absolutely have incentive to treat traffic from friendly entities differently through, for example, zero-rating, as AT&T did with DirecTV, Verizon does with their NFL app, and T-Mobile does for certain services.

Thompson:

Again, zero-rating is not explicitly a net-neutrality issue: T-Mobile treats all data the same, some data just doesn’t cost money.

What? No, really, what? T-Mobile treats all data the same except the data they treat differently might be one of the worst arguments in this whole piece, and there are a few more rotten eggs to get to. If consumers are paying for some data and there’s other data they’re not paying for, they’re naturally going to be biased towards using the data that isn’t going to cost them anything. And that makes this argument complete nonsense as well:

What has happened to the U.S. mobile industry has certainly made me reconsider [the effect on competition by zero-rating]: if competition and the positive outcomes it has for customers is the goal, then it is difficult to view T-Mobile’s approach as anything but a positive.

T-Mobile’s introduction of inexpensive so-called “unlimited” data plans — throttled after a certain amount of data has been used, of course — drove competitors to launch similar plans, that much is true. But zero-rating had very little to do with those consumer-friendly moves. And, as if to conveniently illustrate the relative dearth of competition in the US cellular market, Sprint has a chart on their website showing that single-line unlimited plans cost a similar amount per month from AT&T, T-Mobile, and Verizon; Sprint’s plan is cheaper, but they also have worse performance and coverage.

Thompson next tackles the argument that zero-rating is anti-competitive:

Still, what of those companies that can’t afford to pay for zero rating — the future startups for which net neutrality advocates are willing to risk the costs of heavy-handed regulations? In fact, as I noted in that excerpt, zero rating is arguably a bigger threat to would-be startups than fast lanes, […]

This is probably true, and that’s why it’s so important that these rules are in place.

[…] yet T-Mobile-style zero rating isn’t even covered by those regulations! This is part of the problem of regulating future harm: sometimes that harm isn’t what you expect, and you have regulated and borne the associated costs in vain.

In fact, zero-rating is, in general, covered by the 2015 net neutrality rules. That’s why the FCC sent letters to AT&T and Verizon stating that aspects of those companies’ zero-rating practices discriminated against competitors.

But T-Mobile was careful with their zero-rating practices and made sure that there were competing services offered for free. As an example, they exempt Apple Music and Spotify from data limits. But what if you wanted to listen to a mixtape on DatPiff or an indie artist on Bandcamp? That would count against your data cap, which makes those services less enticing to consumers. It clearly benefits the established players, and reduces the likelihood that a startup can compete.

If anything, I think zero-rating services should actually be banned. It’s worse for consumers in the short term, but from a more expansive viewpoint, it encourages providers to be more honest about what kinds of speeds they can offer with their infrastructure. That might even get them to invest in more robust networks.1

Third, if the furor over net neutrality has demonstrated anything, it is that the media is ready-and-willing to raise a ruckus if ISPs even attempt to do something untoward; relatedly, a common response to the observation that ISPs have not acted badly to-date because they are fearful of regulation is not an argument for regulation — it is an acknowledgment that ISPs can and will self-regulate.

This is completely disproven by countless instances of corporate wrongdoing in modern American history. Banks and hedge funds already have a terrible name for helping cause the 2008 financial crisis, but many of them are still around and more valuable than ever. BP is still one of the world’s biggest oil and gas companies despite causing one of the world’s biggest environmental catastrophes.

Moreover, it isn’t as though ISPs are revered. They regularly rank towards the bottom of consumer happiness surveys. It’s not like their reputation can get much worse. And, with a lack of competition — especially amongst fixed broadband providers — it’s not like Americans have many options to turn to when their ISP suddenly starts behaving badly.

I could nitpick this article all day long, but this is, I think, the part of Thompson’s piece that frustrates me most:

I believe that Ajit Pai is right to return regulation to the same light touch under which the Internet developed and broadband grew for two decades.

This statement here isn’t just wrong — it’s lazily wrong. It is exactly the claim that Ajit Pai makes, and which Rob Pegoraro did a fantastic job debunking in the Washington Post in May:

But Pai’s history is wrong. The government regulated Internet access under Clinton, just as it did in the last two years of Barack Obama’s term, and it did so into George W. Bush’s first term, too. The phone lines and the connections served over them — without which phone subscribers had no Internet connection — did not operate in the supposedly deregulated paradise Pai mourns.

Without government oversight, phone companies could have prevented dial-up Internet service providers from even connecting to customers. In the 1990s, in fact, FCC regulations more intrusive than the Obama administration’s net neutrality rules led to far more competition among early broadband providers than we have today. But Pai’s nostalgia for the ’90s doesn’t extend to reviving rules that mandated competition — instead, he’s moving to scrap regulations the FCC put in place to protect customers from the telecom conglomerates that now dominate the market.

Thompson’s argument is exceptionally flawed, almost to the point of disbelief. But there is one thing he may be right about: it’s fair to argue that Title II may not be the perfect law for ISPs to be governed by. There are reasonable arguments to be made for writing new legislation and passing it through the appropriate channels in Congress.

But I think it’s completely absurd to change their classification without sufficient neutrality-guaranteeing legislation in place. Unfortunately, I wouldn’t trust this Congress to write and pass that law. Therefore, it is reasonable to keep ISPs under Title II until such a bill can be passed. The “wait and see” approach Thompson favours is not fair to consumers who get to play the part of the lab rat against influential lobbyists, large corporations, and a faux-populist legislative body.

See Also: TC Sottek of the Verge, Klint Finley of Wired, Matt Stoller of the Open Markets Institute, Jay Pinho, and Ernesto Falcon of the Electronic Frontier Foundation.

Update: Even if you believe that the American broadband market is sufficiently competitive — it isn’t — that ISPs can be trusted to not discriminate against some forms of traffic once given the freedom to — doubtful — and that existing regulatory structures will allow any problems to be fixed on a case-by-case basis, it still seems far more efficient to prevent it in the first place. There’s an opportunity to treat internet service as a fundamental utility; let’s keep it that way, whether that’s through Title II classification or an equivalent replacement.

  1. In a footnote, Thompson says that he’s previously argued for local loop unbundling to spur competition. I’m not a subscriber so I can’t read his argument, but I say, “why not both?” ↥︎

Desert Bus, Now in VR polygon.com

Owen S. Good, Polygon:

A VR edition of the epochally awful, intentionally mind-numbing minigame from the unreleased Penn & Teller’s Smoke & Mirrors 21 years ago has a listing on Steam. The game supports the HTC Vive and Oculus Rift headsets, plus motion controllers and gamepads (partial support).

From four screenshots shown, it looks like the game has been remastered with new graphics. But the gameplay is still the same: Drive a bus from Tucson, Ariz. to Las Vegas, in real-time (eight hours), fighting its misaligned steering the whole way.

Via Andy Baio who incorrectly calls Desert Bus the “worst game ever made”. Frankly, I hope a version of this comes to the iPhone.

MacOS High Sierra’s Authentication-Free Root Account macrumors.com

Juli Clover, MacRumors:

There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with with a blank password and no security check.

The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username “root” with no password. This works when attempting to access an administrator’s account on an unlocked Mac, and it also provides access at the login screen of a locked Mac.

As with any security issue, it would have been preferable for this to be disclosed to the vendor — in this case, Apple — privately before being publicly exposed. And, still, this is a huge problem for anyone whose recently-updated Mac is occasionally in the vicinity of other people. Apparently, pretty much any authentication dialog is susceptible, including worrying things like Keychain Access or changing a drive’s FileVault state. It appears to be a bug introduced in High Sierra; I failed to reproduce it on a machine running MacOS Sierra.

I don’t want to speculate on whether something like this would be caught in code review or a penetration testing scenario. Apple may do both of those things and it may have simply bypassed loads of people. I also don’t know how much buggier Apple’s operating systems are now compared to, say, ten years ago, if they are truly buggier at all. Maybe we were just more tolerant of bugs before, or perhaps apps crashed more instead of subtly failing while performing critical tasks.

But there has been a clear feeling for a while now that Apple’s software simply doesn’t seem to be as robust as it once was. And perhaps these failures are for good reasons, too. Perhaps parts of MacOS and iOS are being radically rewritten to perform better over the long term, and there are frustrating bugs that result. In a sense, this is preferable to the alternative of continuing to add new features to old functionality — I’d be willing to bet that there’s code in iTunes that hasn’t been changed since the Clinton administration.

Even with all that in mind, it still doesn’t excuse the fact that we have to live and work through these bugs every single day. Maybe a security bug like this “root” one doesn’t really affect you, but there are plenty of others that I’m sure do. I’m not deluded enough to think that complex software can ever be entirely bug-free, but I’d love to see more emphasis put on getting Apple’s updates refined next year, rather than necessarily getting them released by mid-September.1 There’s a lot that High Sierra gets right — the transition to APFS went completely smoothly for me, and the new Metal-powered WindowServer process seems to be far more responsive than previous iterations — but there is also a lot that feels half-baked.

Update: It gets worse — based on reports from security researchers on Twitter, this bug is exploitable remotely over VNC and Apple Remote Desktop. So, not only is this bug bad for any Mac left in a room with other people, it’s also bad for any Mac running High Sierra and connected to the internet with screen sharing or other remote services enabled. It’s worth adding a strong password to the root user account if you haven’t already. Thanks to Adam Selby for sending this my way.

Update: This bug has been known for at least two weeks, according to a post on Apple’s official developer forums.

Update: Apple has rolled out a fix for this bug that you should install immediately. Even if you don’t, it will install itself.

  1. For extra irony, recall that High Sierra was pitched as a refinement of MacOS Sierra. ↥︎