Should ISPs be privacy crusaders?

I was somewhat miffed that submissions from Telecom and Vodafone (who account for the vast majority of Internet connections) on the Telco Spying Bill did not call for protecting the privacy of their customers from government’s intrusive and ubiquitous surveillance plans. Both submissions before the Law and Order Committee last week were essentially about protecting their business interests.

Then it struck me that it was exactly the right perspective for them to take. Why did I do an about turn on this? Here’s why.


My own views about the Telco Spying Bill are reflected in Mega’s submission. In addition, I’ve been interested and involved in privacy issues for a long time now. It’s no accident that my previous blog’s URL (Yes2Privacy) was derived from the anti-ID cards movement No2ID.

Telecom and Vodafone will be network operators under the Telco Spying Bill. Like other ISPs, they are already obliged under existing law to work with the government on lawful interception. The Bill provides them with several benefits, including simplifications of their legal obligations.

Their two main objections to the Bill are coverage of OTT services (more on that below) and the GCSB’s role in the design and procurement of their network infrastructure. Their concerns are mostly about cost impacts with some unease about their ability to innovate and bring products to market quickly.

In other words, their submissions were strictly business. It was all about their costs, their world view, and their concerns. Not that this was unexpected. A focus on impacts on their business has been the consistent, sole focus of ISPs in the past, whether it was the 3 strikes copyright law or DIA’s filter.

The Guardian and Forbes articles

While Jeff Jarvis’ article in the Guardian We need encryption for private communications was in a different context of the NSA revelations, he made a very relevant point:

So it is left to the internet industry to give us the protection we deserve… We rely on internet companies – Google, Yahoo, Microsoft, AOL – to provide private communication services and to store and protect our data. So it is up to them to fight for us or we will lose faith in them… net companies need to band together now to do whatever they can to better protect us. For if they won’t do it, who will?

Notably, Jeff casts the burden on service providers, not ISPs. In fact, both Google and Microsoft have expressed their opposition to the Telco Spying Bill (Google warns of backlash to spy bill and Google, Microsoft slate spying bill).

About the same time, there was a Forbes article The Origin Of ‘The World’s Dumbest Idea’: Milton Friedman which debunked the notion that a business should focus exclusively on an inward-looking maximisation of profits (shareholder value):

A whole set of organizations responded by doing things differently and focusing on delighting customers profitably, rather than a sole focus on shareholder value… The new management paradigm is capable of achieving both continuous innovation and transformation, along with disciplined execution… Organizations implementing it are moving the production frontier of what is possible.

The article implies that ISPs need to think and act beyond a narrow self-interest. There are overall business gains from taking up issues that are important to their customers and in so doing maximise the long-term business benefits.

OTT services

Somewhat amusingly, both ISPs and Chorus insisted on referring to service providers as OTT (Over The Top) services. More than anything, it shows their world view. It’s their network and their whole centre of the universe. They seem to forget that their customers are really paying to access online services that they as customers value- the likes of Google, YouTube, Skype and Facebook. The value in the network is what people do with it.

Following on from this inward-looking perspective, service providers are seen as a competitive threat to the ISP’s own services. Therefore all three submissions focussed heavily on spreading the cost burden of lawful interception for a ‘level playing field’.

Little thought was given to right and wrong. No objections were made about if and why online services should be subject to lawful interception in the way physical access networks are. This makes ISPs very weak in trying to develop useful and valuable services to compete with ‘OTT’ services on their network. Taking a customer-centric view is absolutely the first step.

ISPs as privacy crusaders

So there a few conflicting thoughts about ISPs acting as privacy crusaders. The Forbes article points to a need for taking a wider view for long-term benefits. The Guardian article puts the onus on service providers rather than ISPs.

What do people think? Should ISPs be privacy crusaders? Should they speak out against NZ being turned into a surveillance state? Or should they just focus on their own business impact?

My own thoughts are now in the ‘no’ camp. Mostly because if ISPs develop a position on one issue, such as protecting customers from excessive government surveillance, it becomes a slippery slope. People and government will then expect them to take a position on the whole range of content flowing over their networks. This leads to making ISPs responsible as gatekeepers of all online content and activities accessed by their customers, something that is clearly undesirable.

Final thought: there is no competitive differentiator in being a privacy crusader, at least in New Zealand. People talk about a desire for greater online privacy but, in economic terms, it is not ‘demand’, i.e. people are unwilling to use their money to switch to an ISP that positions itself as a privacy crusader.

And so perhaps the question might not be ‘Should ISPs be privacy crusaders?’ but ‘Do New Zealanders care enough about their privacy to make it worthwhile for an ISP to be a privacy crusader?’


2 thoughts on “Should ISPs be privacy crusaders?

  1. Hi Vikram,

    Thanks for drawing my attention to this post. And I agree with your answer that they should, only where it returns. Now that could be reputationally, which often leads to fiscal benefits. Remember when Google wasn’t going to be evil. There is also going to be a bump, if it hasn’t been seen already, for services, dare I say it, like Mega who make privacy the unique selling proposition, while not loading a huge premium on it. Which fits with your closing question, and I think the answer is, yes, for some. For enough to make it worthwhile… How expensive is encryption when the client does it?

    There’s also, I believe a lesson in this observation:

    “…if ISPs develop a position on one issue, such as protecting customers from excessive government surveillance, it becomes a slippery slope. People and government will then expect them to take a position on the whole range of content flowing over their networks.”

    for InternetNZ.

    The protections of a common carrier are predicated on impartial carriage, so is the defence of open and uncaptureable.

    If you move up the stack, you eat it all, or you deal with explaining what choices you make.

    • Thanks Hamish, good insights. Interesting to see if any ISP sees a business advantage in differentiating itself on privacy grounds. With 80% customers with just 2 ISPs, I often wonder what it will take for the NZ market to get more competitive.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s