Mark Goldberg


www.mhgoldberg.com






Learning from Australia

Bronwyn Howell authored an important commentary in Cartt.ca with “Lessons from Australia’s national network mess.” Based on observations about Australia’s broadband and mobile markets, she warns that politicizing Canadian telecommunications regulation is a bad idea.

Australia appears to be a simple counter example to Canada, with similar population density and geographic challenges. However, the political interventionism in Australia’s mobile and internet markets should serve more as a cautionary tale than a gold standard.

Like her recent piece on the AEIdeas blog, “Upping the political ante in mobile markets: A cautionary tale from Canada” (the subject of my post “A cautionary tale of political interference“), Dr. Howell warns that we should be concerned when “politicians usurp the role of regulators and start making matters of regulatory purview the subject of election campaigns.”

Advanced communications infrastructure is too important to be abandoned to the vagaries and short-term agendas of the political process. Australia’s failed NBN experiment is stark reminder, for Canadians, of how expensive this trade off can be.

Paul Burbank at Faskens wrote an article (see: “Calling All Voters – Be Wary of Wireless Promises this Election Season”) that sums up the election hype over mobile prices: “Affordability has become a central theme in this campaign and cheaper wireless makes for great politics. But great politics doesn’t always translate to great policy.”

A coordinated risk assessment of 5G

Last week, the European Commission released a coordinated risk assessment [pdf, 1.7 MB] on cybersecurity in 5G networks.

As stated in the accompanying press release:

The report is based on the results of the national cybersecurity risk assessments by all EU Member States. It identifies the main threats and threats actors, the most sensitive assets, the main vulnerabilities (including technical ones and other types of vulnerabilities) and a number of strategic risks.

According to the report, the roll-out of 5G networks is expected to have the following effects:

  • An increased exposure to attacks and more potential entry points for attackers: With 5G networks increasingly based on software, risks related to major security flaws, such as those deriving from poor software development processes within suppliers are gaining in importance. They could also make it easier for threat actors to maliciously insert backdoors into products and make them harder to detect.
  • Due to new characteristics of the 5G network architecture and new functionalities, certain pieces of network equipment or functions are becoming more sensitive, such as base stations or key technical management functions of the networks.
  • An increased exposure to risks related to the reliance of mobile network operators on suppliers. This will also lead to a higher number of attacks paths that might be exploited by threat actors and increase the potential severity of the impact of such attacks. Among the various potential actors, non-EU States or State-backed are considered as the most serious ones and the most likely to target 5G networks.
  • In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country.
  • Increased risks from major dependencies on suppliers: a major dependency on a single supplier increases the exposure to a potential supply interruption, resulting for instance from a commercial failure, and its consequences. It also aggravates the potential impact of weaknesses or vulnerabilities, and of their possible exploitation by threat actors, in particular where the dependency concerns a supplier presenting a high degree of risk.
  • Threats to availability and integrity of networks will become major security concerns: in addition to confidentiality and privacy threats, with 5G networks expected to become the backbone of many critical IT applications, the integrity and availability of those networks will become major national security concerns and a major security challenge from an EU perspective.

[emphasis in original document]

The European Commission says, “these challenges create a new security paradigm, making it necessary to reassess the current policy and security framework applicable to the sector and its ecosystem and essential for Member states to take the necessary mitigating measures.”

The EU has set a target of December 31, 2019 to develop a “toolbox” of these “mitigating measures”.

If there are strategies to be developed to mitigate security risks associated with the next generation of networks, we need to first develop an understanding of the types and sources of potential threats. To date, much attention has been directed to a single hardware supplier, but the EU observed that “The deployment of 5G networks is taking place in a complex global cybersecurity threat landscape.” It isn’t so simple a matter of banning or approving suppliers of network gear based on the location of corporate headquarters.

The EU seems to have a more sophisticated analytic approach, understanding that there are numerous challenges with global supply chains and a number of strategies available to mitigate those risks.

As the EU has found, the challenges of 5G architectures create a new security paradigm. We should be working to understand the security framework required for the entire 5G ecosystem in order to prepare appropriate mitigating measures.

A cautionary tale of political interference

This morning, Bronwyn Howell, adjunct scholar at the American Enterprise Institute, published “Upping the political ante in mobile markets: A cautionary tale from Canada” on the AEIdeas blog.

It is worth a careful read, urging caution for those advocating political interference in the telecommunications marketplace.

The politicization of matters such as the price of a mobile connection flies in the face of the conventional wisdom (if not even an article of faith) holding from at least the early 1990s that the long-term interests of telecommunications consumers are best served by political interests staying as far away as possible from day-to-day industry activities. Policy entities such as the Organisation for Economic Co-operation and Development (OECD) and the International Telecommunications Union (ITU) have urged nation states to delegate competition and regulatory oversight to independent authorities, and to allow the private sector to be the primary investors in network capacity and services wherever possible.

That isn’t to say that there is no role for politicians in setting policy.

Of course, the delegation of network ownership, competition, and regulatory oversight does not mean politics doesn’t have a role in telecommunications policy. Government subsidies play an important role in ensuring access to disadvantaged populations and providing funding for infrastructure in regions where private investment would not otherwise occur. Political debate is important for making decisions about which communities and activities should receive scarce taxpayer funds. There is also room to debate the finer features of the powers delegated to the arms-length overseeing agencies — for example, clarifying their powers to act in certain ways when undertaking their constitutionally-assigned duties.

A number of times, I have criticized surveys that find that anything less than 100% of Canadians want lower prices for anything. Of course we do. Whether it is milk, chicken, housing, gasoline, sushi, cauliflower or communications services, of course we all want lower prices for things we buy. That is what makes the politicization of telecom prices so attractive as a campaign promise. “No rational mobile consumer would disagree with a proposal that they should pay less for the same service, so it’s all too easy for voters to support politicians promising to deliver this result without giving much thought to whether there is a problem with current prices or the longer-term consequences of the methods by which price reductions will be achieved.”

There is a good reason why the ITU has stated [pdf, 254 pages] “the regulator should have sufficient independence to implement regulations and policies without undue interference from interested parties such as politicians or other government agencies (functional independence).”

We all want lower prices for everything. Let the CRTC weigh the evidence, consider the consequences of intervention, and make a determination away from the super-charged election campaign rhetoric. In the meantime, take a few minutes to read the cautionary tale being told of Canada’s telecommunications market.

The debate about phone rates doesn’t belong on the campaign trail; it should be adjudicated by an independent regulator.

Mozilla v. FCC: In praise of a lighter touch approach

Yesterday, the US Court of Appeals for the District of Columbia released its decision [186 pages, pdf] in Mozilla v. FCC, better known as the challenge to the FCC’s Restoring Internet Freedom order.

A few excerpts are notable from my initial read. Among the first paragraphs is this summary:

Petitioners––an array of Internet companies, non-profits, state and local governments, and other entities––bring a host of challenges to the 2018 Order. We find their objections unconvincing for the most part, though we vacate one portion of the 2018 Order and remand for further proceedings on three discrete points.

On the question of broadband investment being inhibited by heavy-handed regulation and being promoted under the FCC’s lighter-touch approach:

We are, in short, unpersuaded by Petitioners’ and Intervenors’ objections to the Commission’s finding and their implicit claim that uncertainties associated with that finding render arbitrary the Commission’s overall judgment—that there are net public policy benefits from reclassification, based not only on a likelihood of increased investment and innovation but also on the absence of any “discernable incremental benefit relative to Title I classification.”

The court discusses the economic analyses at length, including a criticism of “Mozilla does not address shortcomings of the Free Press figures, pinpointed by the agency, including for example its failure to exclude investment abroad.”

As to the benefits of a “light-touch” regulatory approach,

the 2018 Order’s transparency rules—combined with the deterrent effects of “market forces, public opprobrium, and enforcement of the consumer protection laws”—can “mitigate potential harms.”

In sum, a “light-touch” approach can in the Commission’s judgment secure Internet openness and encourage innovation at lower cost than the Title II Order, while yielding unique benefits.

The court’s decision is quite readable, as are the 2 concurring opinions and the third appended opinion that concurs in part and dissents in part (with respect to the part of the ruling that vacates the FCC’s preemption of state law. While a number of media accounts seem to suggest that the ruling will allow state-by-state regulation of net neutrality, this is an incorrect reading.

There are discussions throughout the court ruling that appear to be quite relevant to Canada’s regulatory environment.

In “Keeping out of the way”, I wrote: “I continue to look optimistically to the future. As I have written before [such as here and here], the future will be brighter for Canadian innovation if the government would try harder to get out of the way.”

Shana tova – 5780 – שנה טובה

The Jewish calendar is based on a lunar cycle, with adjustments every few years where an entire month is added in order to recalibrate the religious harvest festivals with the proper seasons.

Within the Jewish community, people often speak about the holidays coming late, or coming early, relative to the common calendar. This year, the new moon on Sunday evening (September 29) marks the start of Rosh Hashana [literally, “head of the year”], welcoming the Jewish year 5780. It is just about right on schedule. As an easy relative measure, this year Christmas will take place right in the middle of Hanukkah. The sun and the moon are aligned.

Rosh Hashana starts a 10 day season of personal reflection, culminating in the fast day of Yom Kippur, the Day of Judgment, taking place this year on the evening of Tuesday, October 8, and continuing until night falls October 9th. In religious services, we hear the stentorian blast of a shofar [ram’s horn], triggering a period of introspection, examining the past year while looking forward to improvement in the year ahead. There are, of course, family dinners that customarily feature a number of traditional foods, like honey [for a sweet year]. As I have noted in previous years, it is very different from the kind of festivities and partying that mark the secular transition from December 31 to January 1.

The Canadian election on October 21 takes place at the end of the harvest festival of Sukkot, a week long festival that marks the end of summer and the beginning of the winter rainy season.

It is my hope that 5780 will be marked by peace, good health, by personal and professional growth and may it also be a year of inspiration for all of us.

Our offices will be closed on Monday and Tuesday (September 30 and October 1) and closed again the following Wednesday (October 9) to observe the holy days.

שנה טובה ומתוקה