March 23, 2023

Archives for June 2005

Intellectual Property, Innovation, and Decision Architectures

Tim Wu has an interesting new draft paper on how public policy in areas like intellectual property affects which innovations are pursued. It’s often hard to tell in advance which innovations will succeed. Organizational economists distinguish centralized decision structures, in which one party decides whether to proceed with a proposed innovation, from decentralized structures, in which any one of several parties can decide to proceed.

This distinction gives us a new perspective on when intellectual property rights should be assigned, and what their optimal scope is. In general, economists favor decentralized decision structures in economic systems, based on the observation that free market economies perform better than planned centralized economies. This suggests – even accepting the useful incentives created by intellectual property – at least one reason to be cautious about the assignment of broad rights. The danger is that centralization of investment decision-making may block the best or most innovative ideas from coming to market. This concern must be weighed against the desirable ex ante incentives created by an intellectual property grant.

This is an interesting observation that opens up a whole series of questions, which Wu discusses briefly. I can’t do his discussion justice here, so I’ll just extract two issue he raises.

The first issue is whether the problems with centralized management can be overcome by licensing. Suppose Alice owns a patent that is needed to build useful widgets. Alice has centralized control over any widget innovation, and she might make bad decisions about which innovations to invest in. Suppose Bob believes that quabbling widgets will be a big hit, but Alice doesn’t like them and decides not to invest in them. If Bob can pay Alice for the right to build quabbling widgets, then perhaps Bob’s good sense (in this case) can overcome Alice’s doubts. Alice is happy to take Bob’s money in exchange for letting him sell a product that she thinks will fail; and quabbling widgets get built. If the story works out this way, then the centralization of decisionmaking by Alice isn’t much of a problem, because anyone who has a better idea (or thinks they do) can just cut a deal with Alice.

But exclusive rights won’t always be licensed efficiently. The economic literature considers the conditions under which efficient licensing will occur. Suffice it to say that this is a complicated question, and that one should not simply assume that efficient licensing is a given. Disruptive technologies are especially likely to go unlicensed.

Wu also discusses, based on his analysis, which kinds of industries are the best candidates for strong grants of exclusive rights.

An intellectual property regime is most clearly desirable for mature industries, by definition technologically stable, and with low or negative economic growth…. [I]f by definition profit margins are thin in a declining industry, it will be better to have only the very best projects come to market…. By the same logic, the case for strong intellectual property protections may be at its weakest in new industries, which can be described as industries that are expanding rapidly and where technologies are changing quickly…. A [decentralized] decision structure may be necessary to uncover the innovative ideas that are the most valuable, at the costs of multiple failures.

As they say in the blogosphere, read the whole thing.

MacIntel: It's Not About DRM

The big tech news today is that Apple will start using Intel microprocessors (the same brand used in PCs) in its Macintosh computers, starting next year. Some have speculated that this might be motivated by DRM. The theory is that Apple wants the anticopying features that will be built into the hardware of future Intel processors.

The theory is wrong.

Though they’re not talking much about it, savvy people in the computer industry have already figured out that hardware DRM support is a non-starter on general-purpose computers. At most, hardware DRM can plug one hole in a system with many holes, by preventing attacks that rely on running an operating system on top of an emulator rather than on top of a real hardware processor. Plenty of other attacks still work, by defeating insecure operating systems or applications, or by exploiting the analog hole, or by capturing content during production or distribution. Hardware DRM blocks one of the less likely attacks, which makes little if any difference.

If DRM is any part of Apple’s motivation – which I very much doubt – the reason can only be as a symbolic gesture of submission to Hollywood. One of the lessons of DVD copy protection is that Hollywood still seems to need the security blanket of DRM to justify accepting a new distribution medium. DVD copy protection didn’t actually keep any content from appearing on the darknet, but it did give Hollywood a false sense of security that seemed to be necessary to get them to release DVDs. It’s awfully hard to believe that Hollywood is so insistent on symbolic DRM that it could induce Apple to pay the price of switching chip makers.

Most likely, Apple is switching to Intel chips for the most basic reason: the Intel chips meet Apple’s basic needs better than IBM chips do. Some stories report that Intel had an advantage in producing fast chips that run cool and preserve battery power, for laptops. Perhaps Apple just believes that Intel, which makes many more chips than IBM, is a better bet for the future. Apple has its reasons, but DRM isn’t one of them.

Book Club: Code and Other Laws of Cyberspace

[Index of all book club postings]
[RSS feed (book club postings)]
[RSS feed (book club comments, but not postings)]

Freedom to Tinker is hosting an online book club discussion of Lawrence Lessig’s book Code, and Other Laws of Cyberspace. Lessig has created a wiki (an online collaborative space) with the text of the book, and he is encouraging everyone to edit the wiki to help create a new edition of the book.

You can buy a paper version of the book or read it online for free.

We’ll read one or two chapters each week, and we’ll discuss what we read on the main Freedom to Tinker blog.

Below is the current reading schedule, which will be updated periodically.

Date Readings due Discussion
Friday June 10 Preface and Chapter 1 discuss
Friday June 17 Chapter 2 discuss
Friday June 24 Chapters 3 and 4

Virtually Unprotected

Today’s New York Times has a strongly worded editorial saying the U.S. is vulnerable to a devastating cyberattack, and national action is required.

We are indeed vulnerable to cyberattack, but this may not be our most serious unaddressed vulnerability. Is the threat of cyberattack more serious than, say, the threat of a physical attack on the natural gas distribution system? Probably not. Nonetheless, cyberattack is a serious enough problem to merit national attention.

As a participant in the Princeton Project on National Security, I have learned about national security planning; and it seems that the traditional governmental processes are ill-suited for addressing cyberthreats. The main reason is that national security processes result in plans for governmental action; but the cyberthreat problem can be solved only by private action. The cyber infrastructure is in private hands, and is designed to serve private ends. Government can’t easily change it.

Other critical infrastructures, such as the electric power system, are also in private hands, but they are more amenable to government influence for various reasons. The electric power system is operated by a relatively small number of companies; but the cyberinfrastructure is operated by many companies and by ordinary citizens. (The computer you are reading this on is part of the cyberinfrastructure.) The electric power industry has a longstanding, strong industry association focused on reliability; but the infotech industries are disorganized. The electric power industry has historically consisted of regulated monopolies accustomed to taking orders from government; but the infotech industry has been more freewheeling.

There are a few levers government could try to manipulate to get the private stewards of the cyberinfrastructure to change their behavior. But they don’t look promising. Mandating the use of certain security technologies is costly and may not improve security if people comply with the letter but not the spirit of the mandate. Changing liability rules is problematic, for reasons I have discussed previously (1, 2, 3). Using the government’s purchasing power to change producers’ incentives might help, but would have limited effect given the relatively small share of purchases made by the government.

To make things worse, our knowledge of how to secure the cyberinfrastructure is rudimentary. Improving the security of critical systems would be hugely expensive; and large improvements are probably impossible anyway given our current state of knowledge.

Probably the best thing government can do is to invest in research, in the hope that someday we will better understand how to secure systems at reasonable cost. That doesn’t solve the problem now, and doesn’t help much even five years from now; but it might do a lot of good in the longer term.

What is the government actually doing about cybersecurity research funding? Cutting it.

Book Club

I’m thinking about running a Freedom to Tinker book club. I would choose a book and invite readers to read it along with me, one chapter per week. I would post a reaction to each chapter (or I would ask another reader to do so), and a discussion would follow in the comments section. This would become a regular feature, with a posting every Friday (tentatively).

To start, I’m considering Larry Lessig’s book, Code, and Other Laws of Cyberspace. It’s not a new book, but it’s been hugely influential – perhaps too influential. Larry is now running a wiki, which started with the book’s text, and which will form the basis for a new edition. So we could contribute our ideas to the wiki and help to shape the next edition of the book.

Please let me know what you think of the book club idea in general, and about reading Code specifically.