Abstract

China is making an active push to enlarge its role in the development of Internet-related technical standards. The prevailing narrative surrounding this trend suggests that Beijing is aiming to uproot the liberal, democratic values embedded in the Internet’s technical foundation and governance arrangements in favor of authoritarian-friendly alternatives. For many, these fears were fully realized when Chinese tech giant Huawei came to the UN-affiliated International Telecommunications Union (ITU) and proposed the development of a future core Internet protocol called “New IP”. This proposal allegedly sought to redesign the architecture of the Internet in a way that would both enhance and export the Chinese government’s capacity for digital repression. Informed by the understanding of Chinese standards influence as a geopolitical and ideological threat, many are now calling for a more aggressive response to countering Chinese engagement in Internet standards bodies.

Yet, the conventional narrative seems to be missing something. Specifically, it overlooks the fact that the sophisticated Internet control apparatus China has developed over the years can already censor and surveil quite effectively at present and that shifting responsibility for core protocol development to the state-driven ITU would not necessarily enhance its ability to do so. A more comprehensive understanding of this trend is needed.

Using New IP as the primary case study, this article examines China’s standard-setting push, its potential motivations, and its implications for the future of the global Internet. We conclude that it is far from clear that New IP was indeed intended as a trojan horse for digital authoritarianism. Observing that technical evolution of the Internet—particularly the type endorsed in Huawei’s proposal—plays a prominent role in China’s long-term industrial policy strategy, we find it equally plausible that New IP was motivated by economic considerations, something that has largely been absent from the debate over China’s standards ambitions. We thus caution against the presumption that Chinese-developed standards are intended to advance the cause of digital repression as well as against politically driven opposition to growing Chinese participation at Internet standard-setting bodies. This insight is crucial, as the way American policymakers and Internet stakeholders respond to this trend will undoubtedly impact both the future of the global Internet and U.S. technological leadership in this domain.

Abstract

Whether network slicing complies with the net neutrality rules currently in force in Europe and previously applicable in the U.S. presents a key issue in the deployment of 5G. In many ways, both regimes frame the issues in a similar manner, with the exceptions for reasonable traffic management and specialized services likely to play the most important roles. Both regimes also focus on similar considerations, including the requirement that measures be based on technical rather than business considerations and the distinction between measures aimed at improving the performance of the entire network or specific applications, although both distinctions are problematic in some respects. Both regimes also emphasize application agnosticism and end-user choice, with European law finding the former implicit in the latter. At the same time, European and U.S. law reflect some key differences: the regimes cover different types of entities, frame the issues in terms of nondiscrimination versus throttling and paid prioritization, take different positions on whether measures must be limited to temporary or exceptional circumstances, and place different weight on the impact of the rules on investment and on the relevance industry standards. The relatively undeveloped state of both legal regimes means that the ultimate answer must await enforcement decisions and actions by NRAs, and any subsequent judicial challenges to these decisions.

Abstract

Although most studies of major communications reform legislation focus on the merits of their substantive provisions, analyzing the political dynamics behind the legislation can yield important insights. An examination of the tradeoffs that led the major industry segments to support the Telecommunications Act of 1996 (the “1996 Act”) provides a useful illustration of a political bargain. Analyzing the current context identifies seven components that could form the basis for the next communications statute: (1) universal service; (2) pole attachments; (3) privacy; (4) intermediary immunity; (5) net neutrality; (6) spectrum policy; and (7) antitrust reform. Assessing where industry interests overlap and diverge and the ways that the political environment can hinder passing reform legislation provides insights into how these components might combine to support the enactment of the next Telecommunications Act of 1996.

Abstract

The right to be forgotten, which began as a part of European law, has found increasing acceptance in state privacy statutes recently enacted in the U.S. Commentators have largely analyzed the right to be forgotten as a clash between the privacy interests of data subjects and the free speech rights of those holding the data. Framing the issues as a clash of individual rights largely ignores the important scholarly literatures exploring how giving data subjects the ability to render certain information unobservable can give rise to systemic effects that can harm society as a whole. This Essay fills this gap by exploring what the right to be forgotten can learn from the literatures exploring the implications of adverse selection, moral hazard, and the emerging policy intervention know as ban the box.

Abstract

Medical devices are increasingly connected, both to cyber networks and to sensors collecting data from physical stimuli. These cyber-physical systems pose a new host of deadly security risks that traditional notions of cybersecurity struggle to take into account. Previously, we could predict how algorithms would function as they drew on defined inputs. But cyber-physical systems draw on unbounded inputs from the real world. Moreover, with wide networks of cyber-physical medical devices, a single cybersecurity breach could pose lethal dangers to masses of patients.

The U.S. Food and Drug Administration (FDA) is tasked with regulating medical devices to ensure safety and effectiveness, but its regulatory approach—designed decades ago to regulate traditional medical hardware—is ill-suited to the unique problems of cybersecurity. Because perfect cybersecurity is impossible and every cybersecurity improvement entails costs to affordability and health, designers need standards that balance costs and benefits to inform the optimal level of risk. FDA, however, conducts limited cost-benefit analyses, believing that its authorizing statute forbids consideration of economic costs.

We draw on statutory text and case law to show that this belief is mistaken and that FDA can and should conduct cost-benefit analyses to ensure safety and effectiveness, especially in the context of cybersecurity. We describe three approaches FDA could take to implement this analysis as a practical matter. Of these three, we recommend an approach modeled after the Federal Trade Commission’s cost-benefit test. Regardless of the specific approach FDA chooses, however, the critical point is that the agency must weigh costs and benefits to ensure the right level of cybersecurity. Until then, medical device designers will face continued uncertainty as cybersecurity threats become increasingly dangerous.

ICLE Academic Affiliate Christopher Yoo participated in the FTC’s Hearing #11: The FTC’s Role in a Changing World on the panel, Implications of Different Legal Traditions and Regimes for International Cooperation. Read the full transcript here. Video of the event is embedded below

ICLE academic affiliate Christopher Yoo participated in the FTC’s Hearing #10: Competition and Consumer Protection Issues in U.S. Broadband Markets on the panel, Evolving Markets and Technological Developments: Policy Applications. Read the full transcript here. Video of the event is embedded below.