What Canada Needs To Do

All submissions have been posted in the official language in which they were provided. All identifying information has been removed except the user name under which the documents were submitted.

Submitted by StanleyChow 2010–07–14 08:32:04 EDT
Theme(s): Digital Infrastructure

Summary

Stanley Chow, the submitter, is a researcher in computer/network security who has dozens of patents and technical papers in different areas of security. This submission is not affiliation with any other company or entity.

Innovation in the digital world requires a level playing field for small players. Like any other field, Digital innovations start out small and are easily blocked by existing (and soon to be obsolete) large players. These blockages can originate from many quarters:

  • Traditional businesses — Innovative products are, by definition, new with no market share. This means innovations are likely to hurt some existing businesses — the ones that don't adapt to the new ways. A particularly glaring example is the push to expand copyright to protect the existing business model of the music and video distribution business.
  • Government — can purposely or accidentally help of hinder innovation. This can take the form of enshrining business models into the law — for example, the laws mandated the role of AAA credit rating in the financial meltdown. It can also be in the form of (perhaps unintentionally) preventing new business models. For example, some documents must be paper documents with signatures.
  • Technology — In some cases, the existing may be sufficient in theory, but is impractical in practice. For example, Microsoft talked about tablet computing for a decade, releasing dozens of models (with partners) to no avail; Apple comes out with the right OS with multi–touch technology and iPad is a best seller.
  • Risk allocation/handling — models that are based on traditional practices. New digital practices are sure to require new laws, insurances, etc. to handle the new kinds of risks.

I think Canadians have a good consensus of what is desirable, and even how to accomplish that. The problem is really that of removing blockages and making it easier.

Submission

Outdated business models

The music and video market place is evolving at a tremendous pace — with new channels of distribution, new models of business. The new ways are very exciting as well as financially rewarding to the creative communities; but simultaneously threatens existing businesses like the music labels.

Looking at it from the point of view of the music labels, they sell billions of dollars of CD every year, paying the creative artists next to nothing, ending up with profits in the billions of dollars. The new digital distribution channels completely eliminates the need for the music labels — going directly from the band to the consumer (some call this the dis–intermediation effect of the Internet). Of course the records labels are unhappy, and they are looking for ways to preserve their profit making machine.

On the whole, they seem to concentrating on "pirate" as the label for everything new and using the law to beat back innovation. It is understandable that these businesses spent large sums of money lobbying for laws to enshrine their existing profits. Understandable, but not what Canada should be doing.

Open standards

Innovators also face the interoperability' problem in that the incumbents, by definition, own most of existing assets. One favorite tactic is to force some interface/API then preventing competitors from using that interfacer/API. This has a long history including IBM in the mainframes, Microsoft in Windows O/S, and all of them were eventually ruled illegal, but many innovative companies went broke waiting for the verdict. Companies like to frame this is as protecting their Intellectual Properties, but the vast majority of times are plainly trying to bankrupt competitors by forcing long and expensive lawsuits.

If Canada is to have a vibrant digital economy with innovations that succeed in the market , we must have an environment where innovations are not crushed by frivolous law suits and huge license fees for what amounts to extortion.

Reasonable pricing model for traffic

The question of "Net Neutrality" is much discussed these days. Clearly, an ISP would like the ability to charge more for some packets, this give them another way to make money. However, the ISP provides the access to the net (indeed ISP is Internet Service Provider), and the added value for each packet is created by the content providers and other digital innovators. There is no justification for the ISP to share in these created value.

Innovation will only happen if the value created flows to the creator.

Digital security

Digital security is very difficult even for professionals (and I speak as a researcher in computer and network security). It is essentially impossible for any lay person to maintain the security of a home computer (this is true even for IT people not specializing in security). There are several implications:

  • Any form of eSignature will be subject to massive fraud
  • Liability is now a very large problem — both in monetary terms and in complexity terms.
  • eCash is similarly hard

Some form of eSignature (or Digital Signatures) is very much necessary for many proposed business models, but there is currently no implement ion that is secure for widespread practical use. There are several reason:

  • Traditional paper signatures are relatively easy to forge, but very hard to forge in massive numbers in geographically diverse areas. In other words, traditional signatures are not very secure, but the exposure is usually limited to relatively small sums in isolated areas, so banks (and other businesses) treat it as a cost of doing business. Consumers mostly just write–off the lose ("it will cost more in lawyer fees…").
  • eSignatures are much more brittle in that a hacked computer can easily leak the private key so that the criminal can sign arbitrary contracts, even retroactively. This means the potential exposure is essentially unlimited. Consumers will not so easily write–off this loss. Banks cannot treat it as a cost of doing business.
  • Even with good encryption and good system design, it is difficult to achieve security in the face of a hacked user computer. It is an open research problem as to whether it is even possible in theory.
  • Some hardware, like smartcards that do encryption, can help; but even they are open to many attacks. In any case, given the cost of the hardware and cost of infrastructure, it is unlikely that any of these will be widespread.

This does not mean that eSignatures is impossible or undesirable. It just means we must evolve a risk allocation model that is suitable for the digital economy as opposed to using the old model.

One thing that is worth mentioning is that banks now have "terms of use" agreements that are very lopsided. According to one study, all the Canadian banks now require user computers to have:

  • Correctly configured firewall
  • Correctly configured anti–virus program
  • Uptodate on all system patches
  • Uptodate on all virus signatures
  • Uptodate on all browser patches
  • Each visit to bank site is preceded by, and followed by, complete browser cache flushes.

And other more esoteric requirement. In the event of any fraudulent transaction, the user will be responsible unless the user can prove compliance with all of requirements. I am comfortable in estimating that 99.99% of consumers will fail to comply (and if, by some miracle, most consumers do comply, the Banks will just up the ante). Banks are not currently relying on this provision since the losses are still acceptable; but clearly their lawyers see the potential exposure and are laying the legal groundworks for when the losses mount.

Micro–payment system needed

One technology enabler that is missing is a digital micro–payment system.

Currently, most on–line transactions are carried out with credit cards. This has a number of problems:

  • High overhead — only practical for transaction over $10
  • Leads to fraud — the "card not present" transaction is well known to be a major source of fraud both in leaking credit card numbers and fraudulent transactions
  • Requires credit card — not everyone has a credit card

For many forms of digital transaction, it can be profitable to have prices that are a fraction of a penny. For example, you do a Google search and the results point to a Globe and Mail article. Currently, this is no effective way for G&M to be charge for that article — people have tried pay–per–view, monthly subscription, tied to paper subscription, etc.; but none of them really work. Currently, G&M ends up giving you the article for free, or may be gets some advertizing revenue.

Assume that is a functional and effective micro–payment system, you would happily pay a penny for the article, spending may be a total of a few dollars a month. G&M could make quite a pretty penny from all those fractions of pennies (I could not resist the pun). There are many interesting business opportunities for content providers, for content aggregators, all the way to content consumers. This is what is needed to build the new digital economy.

Note that a micro–payment system does not have to anonymous; we need to design in the right kind and degree of privacy.

The public consultation period ended on July 13 2010, at which time this website was closed to additional comments and submissions. News and updates on progress towards Canada’s first digital economy strategy will be posted in our Newsroom, and in other prominent locations on the site, as they become available.

Between May 10 and July 13, more than 2010 Canadian individuals and organizations registered to share their ideas and submissions. You can read their contributions — and the comments from other users — in the Submissions Area and the Idea Forum.

Share this page

To share this page, just select the social network of your choice:

No endorsement of any products or services is expressed or implied.

x Close