Before Net Neutrality Eats the World (Part 12): Why Net Neutrality Threatens Homeland Security and Cybersecurity

(Note: On September 9, the U.S. Court of Appeals for the D.C. Circuit will hear oral arguments in Verizon’s challenge of the Federal Communications Commission’s December 2010 Order on “Preserving the Free and Open Internet.” This series explores fundamental issues at stake.)

The Federal Communications Commission’s (FCC) references to homeland security in the Order (p. 17963) insist that nothing supersedes or limits the ability of a provider to cope with threats or emergency needs:

Commenters are broadly supportive of our proposal to state that open Internet rules do not supersede any obligation a broadband provider may have—or limit its ability—to address the needs of emergency communications or law enforcement, public safety, or homeland or national security authorities…. Broadband providers have obligations under statutes such as the Communications Assistance for Law Enforcement Act, the Foreign Intelligence Surveillance Act, and the Electronic Communications Privacy Act that could in some circumstances intersect with open Internet protections, and most commenters recognize the benefits of clarifying that these obligations are not inconsistent with open Internet rules.

Here I’m leaving alone what I regard as overwhelming need for the statutes FCC mentions to be overhauled to protect individuals from unconstitutional searches and general snooping; I’m focusing solely on FCC’s implication that security and net neutrality are not enemies.

In reality, everything about net neutrality influences the broader evolution of networks-as-assets, prioritization of emergency information, and cybersecurity; indeed, few conceivable policies would supersede such concerns more. In the extreme, if only authenticated networks that discriminated against every packet were the way to have infrastructure security, the Order would clearly conflict with such objectives; it can likewise obstruct interim measures.

There’s little appreciation in the Order for the fundamental, elemental importance of proprietary control over networks to combat security threats and assure general reliability and growth flexibility. For those we need, not neutrality, but a plethora of overlapping wired and wireless communications networks, redundancy schemes, cyber-insurance, information sharing standards not dictated by Washington, and more projects that don’t even exist yet. (See “Cybersecurity Finger-pointing: Regulation vs. Markets for Software Liability, Information Security, and Insurance,” CEI Issue Analysis, May 31, 2005.)

Apart from providing a better, cheaper and more robust version of the openness that today’s advocates of net neutrality seek, property rights in networks better assure that security gets embedded, and that emergency services for first responders benefit.

Network neutrality would undermine the lessons that have not yet been learned about improving tomorrow’s security. In this age of potential “cyberterror,” to protect a network might sometimes mean not merely discrimination but outright exclusion could play a role.

The lessons learned will allow us to better deal with cyber-security, privacy, and piracy — many problems with which stem from inadequate ability to authenticate users and price online network usage. (See “Cybersecurity and Authentication: The Marketplace Role in Rethinking Anonymity–Before Regulators Intervene,” Knowledge, Technology & Policy, July 2007, Volume 20, Issue 2, pp 97-105.)

FCC’s pondering whether network discrimination benefits anybody or not is irrelevant if a network is destroyed. When it comes to security, as with consumer welfare, the choices are the same: neutrality, or infrastructure wealth and variety. Which approach adds flexibility and protects networks’ future, which damages them?

A basic question in today’s high tech, information-based economy is whether big capitalism, or big government best protects our critical infrastructures like communications and electric power grids.

Net neutrality hints that Washington should have more of a say. The opposite is the case:

(1) Although there may not always be a fully bright line, we need to better distinguish between protection and security; between the private sector’s door locks and barbed wire — versus the police or the Department of Homeland Security.

(2) Then, we must not initiate government protection or cybersecurity programs over essential commercial pieces of the economy that make future private sector assumption of that role impossible when technology or conditions change.

The principle should be that government’s protection function, which can easily and inappropriately subsume and overwhelm the private sector’s own security role and create dependency, must never undermine the ability of markets to expand, or privatize, or self-insure, or self protect, unlike the approach taken with airport security.

In contrast, net neutrality can create a TSA for the Internet.

Market competition can best achieve needed cybersecurity and critical infrastructure security; net neutrality’s fundamental disdain for infrastructure property rights undermines those crucial goals.

Innovations in cyber insurance, network administrator training, firewalls and other security software, security outsourcing, third party monitoring of grids, quality of service and liability assurances, just to name a few, can best flourish if industry is not looking over its shoulder concerned about its “net neutrality” violations.

Next Time: Alternatives to Compulsory Neutrality: Communications Liberalization By The FCC