Richard Hill has a doctorate in statistics from Harvard and spent a decade with the International Telecommunications Union (ITU) dealing with numbering and tariffing issues, network operations, and economic and policy issues. Today on POWER PLAYS, he speaks with Ayden Férdeline about whether the ITU is fit for purpose and how it could evolve in the future.
Richard Hill is the principal of Hill & Associates in Geneva, Switzerland.
Intro [00:00:05] You're listening to POWER PLAYS, the podcast charting how important decisions about the Internet - its infrastructure and its institutions - have been made. Here's your host, Ayden Férdeline.
Ayden Férdeline [00:00:30] Welcome to POWER PLAYS, I'm Ayden Férdeline. Today on the show, we're speaking with Richard Hill. He is a fascinating individual with a long professional background in technology, telecommunications and Internet governance. He spent a decade with the International Telecommunications Union dealing with numbering and tariffing issues, as well as economic and policy issues. And on a personal level, he's someone who I respect greatly because of how he forms his positions, listens to evidence and keeps a top of his brief. A listener note, we recorded this conversation in November 2020, and I hope you enjoy the conversation as much as I did. Richard, hi, before we get started, I wanted to begin with an icebreaker. It's something that I always ask people on POWER PLAYS, and that is, what is a contrarian thought that you have about business or culture that others might disagree with you on?
Richard Hill [00:01:27] That's a difficult one for two reasons. I used to have this gigantic list of contrarian thoughts, but over time, although my thoughts haven't changed, they're getting less and less contrarian. Which is worrisome, or maybe not. Let me see. I think what I'd like to toss out here, which actually I have heard
Richard Hill [00:01:48] from others, so it's not a 100 percent contrary. We all are happy because of all this innovation and technology and the price of computers goes down and that today's smartphone is so powerful, et cetera, et cetera,
Richard Hill [00:01:58] but maybe too much innovation
Richard Hill [00:01:59] is actually creating problems.
Richard Hill [00:02:01] Somebody actually said quite some time
Richard Hill [00:02:02] ago that was wonderful, that we used all the science and technology to put a man or a person on the moon in '69, I think it was. And what's been the biggest innovation after that? Twitter and Facebook. Is that really what we wanted? OK, that's not true. It wasn't the only big innovation since then. That's making the point. We seem to be doing these things which have unforeseen effects. And now more and more people everywhere, civil society as well as governments, are becoming conscious of the fact that there are some unforeseen negative side effects of the way that we're deploying these technologies. So it's not the technology itself, but the way we're deploying it.
Richard Hill [00:02:43] And it's maybe because its being deployed too fast.
Richard Hill [00:02:46] So maybe actually this permissionless innovation that some people refer to is not such a great thing. And we should have constraints on innovation. We do, for example, for pharmaceuticals.
Richard Hill [00:02:56] You can't now go out and say, I've got a vaccine, everybody take it.
Richard Hill [00:03:00] You have to go through a rather elaborate process of proving that the vaccine is safe and effective before you're allowed to deploy it. I don't know. That's my contrarian thought. Maybe we need more constraints on technology and its deployment and not fewer.
Ayden Férdeline [00:03:14] That's a great point. I think I agree with you that this idea of moving fast and breaking things has had its day and hasn't always helped create a world that we want to live in. So, Richard, you spent a large chunk of your career in Switzerland and over a decade of your career working at the ITU, the International Telecommunications Union. I'm curious, though, what brought you to Switzerland and eventually to Geneva and into the world of telecommunications in the first place?
Richard Hill [00:03:42] So that's a little complicated. Despite my name, I'm actually Italian or rather half. My mother was Italian from the south of Italy, from Naples. And there are blond people in the south of Italy because those Vikings got around and the south of Italy was
Richard Hill [00:03:56] conquered actually in the Middle Ages by Normans who are descendants of the Vikings.
Richard Hill [00:04:01] So my mother was from Naples and my
Richard Hill [00:04:02] father was American and he was in the army during World War Two. They met at Naples. I was born in Trieste in the north of Italy, lived a little bit in Germany, then wound up in San Francisco for a while. Then they split up and my mother moved back to Italy and I grew up in Rome. But then I went to university in Boston.
Richard Hill [00:04:20] And actually I always wanted
Richard Hill [00:04:21] to go back to Europe and I studied statistics at university. And it turns out that in Switzerland at that time, there were hardly no statisticians. And so I was able to get a job with a company called AC Nielsen, which is a marketing fairly big, well known marketing company in Lucerne.
Richard Hill [00:04:39] But I had visited Geneva
Richard Hill [00:04:41] when I was much younger, when I was a teenager, and I like Geneva because of the lake. And it's a beautiful place as those who've been there know. And so when an opportunity came up to Hewlett-Packard in Geneva, I jumped on it and moved to Geneva. And I've been here ever since. So how did I get into telecoms? So although I studied statistics, I was already working as a computer programmer at the time and then later continued to be actually employed as in computers. I did work for four years as a statistician with Nielsen, but the bulk of my career has been in information technology. And when I was managing a computer center for Hewlett-Packard, we obviously were communicating with other computer centers, although it wasn't that obvious at the time. They using some of your, Ayden you're too young for that. But modems that were twelve hundred board and the whistle on the analog line and things like that. And in fact, even when I was at MIT, we were using remote computers at the time. Well, actually there were typewriters, electric typewriters that were tied to the main computer. So I'd always been in computers. And as computers were communicating, of course, I started getting involved in technology. And when I was at Hewlett-Packard after managing that computer center, I wound up actually in the Hewlett-Packard telecom team, which at the time was deploying TCP/IP internally. Hewlett-Packard, it was funny. Hewlett-Packard was selling X25 outside, but using TCP/IP inside. And actually that team had at that time deployed that the largest Internet at the time. There was a company, it wasn't an external internet, but it had actually the most connected computers of any Internet at the time. So I got familiar with the Internet at the very early stages. And then after that, actually, I wound up with a cellular company, a mobile company, which was a startup at the time called Orange Switzerland. It was loosely tied to the Orange that was in the UK and elsewhere. And then I was on the computer side, but still basically deep into the telecoms. And then from that I moved into ITU because actually for what they were trying to do at the time, the work that was ongoing, they wanted somebody who knew computers as well as telecoms. And so I got even deeper into telecoms. But I coming at telecoms as a net head, I met a lot of bell heads when I was at Orange, but I'm coming at it from the net head point of view.
Ayden Férdeline [00:07:07] Can you speak a little bit about the projects that you were working on in the 80s and 90s just to contextualize for our listeners your background? And so they can understand the transition you would later make into what you were doing at the ITU?
Richard Hill [00:07:22] Yeah, sure, that's a very good point. So let's start at the beginning, my first contact with computers was something that some people have heard of, but probably most of you haven't seen. Punch cards. And that's why, by the way, it's 8-bits. Because it had eight columns. And they had eight rows and they had 80, 80 columns and you'd have a machine and you type the stuff up and then
Richard Hill [00:07:40] you'd put it into a reader and then you'd get a printout and you'd see whether your program worked or not. And I did the calculations
Richard Hill [00:07:45] Then I wound up actually my first job
Richard Hill [00:07:49] programing for a research project that was doing software for econometric analysis and being at MIT, that was a very advanced setup. And they have actually the world's what are the world's most advanced computers at the time, which was a digital computer which had
Richard Hill [00:08:03] twice as much memory as any other computer ever built.
Richard Hill [00:08:06] It had 64K. Wow. Back then this would have been around '72, '73.
Richard Hill [00:08:12] And that computer was on timesharing which meant that you
Richard Hill [00:08:15] didn't use these punch cards anymore, you were actually connected through this mechanical typewriter. And then later we had screens and stuff like that. So that was
Richard Hill [00:08:23] the first link. And then later when I was at Hewlett-Packard, we
Richard Hill [00:08:26] have this issue of how to connect the office. In that case with their office in the Middle East and in Athens, in Greece
Richard Hill [00:08:33] to the central office
Richard Hill [00:08:36] regional center that we had in Geneva, because some of the processing for the orders and shipments was done in Geneva and then sent back off to the US, etc. Hewlett-Packard is a very large company, a very decentralized with different factories producing different things
Richard Hill [00:08:50] and so on. So you have to have very good internal
Richard Hill [00:08:52] communications in order to make make things work. Prior to that, they've been using telex or whatever. But by the time I was there, they had their own computer network of some kind, and that was really core to the company's business. And you could really see at the company level exactly what we're now seeing at the international level with these integrated supply chains that span the world. And you want seamless communications. And a lot of it is asynchronous. You're not necessarily you don't call up the phone or you send some structured message that something happens and then they send something back, which could be a product.
Ayden Férdeline [00:09:25] And the networks at the time that Hewlett-Packard were using, were they proprietary networks or was this the early days of open networking?
Richard Hill [00:09:34] Yeah. So that's actually when there's sort of interesting things happen. As most people know,
Richard Hill [00:09:40] at that time, IBM was the dominant supplier by far and not just in big computers, but also medium and fairly small computers. And of course, many of IBM's customers have this same issue and they wanted to interconnect. And so IBM developed its own network, which was called at that time, SNA, and the other manufacturers competing with IBM. If they wanted to compete, they had to be able to do that. So digital equipment, which was the biggest competitor of IBM at the time, had TechNet and then everybody else, including Hewlett-Packard, and there were other people at the time with names that have disappeared now, like Honeywell and so forth.
Richard Hill [00:10:16] They said, well, why don't we all get together
Richard Hill [00:10:18] and do something against IBM? And they actually managed to get digital to come in, too. And so they developed what was going to be a kind of common open standard protocol. And they were doing that through the International Standards Organization, ISO, the International Electro Technical Committee, IEC, and the ITU through a thing called JTC-1, joint technical committee one. And that was called the Open System Interface, of which some bits actually still survive. The certificates that are used for https. The X500 certificates come out of that work and then some other things that are still being used. But then TCP/IP came along and so that all got derailed. But really it was this need to respond to the business requirements of large customers that were using large computers but wanted to be able to integrate them. Of course that was predated somewhat by the military requirement as communications is extremely important for the military and to defend against ballistic missiles and so on. You want to integrate your radar warning stations with stations that are further away that can do something, etc. So actually, a lot of the history of computing, if you look at it, came out of a requirement to satisfy military needs in terms of computing power. But let's stick to the civilian side.
Ayden Férdeline [00:11:36] When I think about how telecommunications policy was originally set. If I think about, for example, spectrum policy, that electromagnetic spectrum is a finite resource and therefore it must be managed as a public good. I feel like there has been a shift away from policy that was planned, controlled, and supposedly for the public benefit, and towards more of a reliance on market processes, what is the right of private enterprise or not to be vetted by regulation? Is that something that you started to see in your career as early as when you were at Hewlett-Packard?
Richard Hill [00:12:15] I was right into that because that happened in the '70s, which was at the beginning of my career. And in fact, when I
Richard Hill [00:12:21] was, for example, at MIT, but also at Hewlett-Packard, one of the things we suffered from is the inability to establish high bandwidth connections because of regulation. And there are two kinds of regulation. One is at that time, this is well known about AT&T, but the other phone companies did it too, they wouldn't let you attach equipment to their network unless they had certified it, et cetera, et cetera, which is not bad, per se, but it was bad in detail. I'll come back to that. And they also had the
Richard Hill [00:12:47] monopoly on the big lines, on the lease lines, connecting on the pipes, and they would collude on the price so that you couldn't get those lines at a decent price because they being a monopoly, they weren't making money. So what went wrong? Let's take the AT&T case, which is the clearest, but it's true elsewhere. I don't think that it was bad that these were regulated monopolies, because I think a lot of these markets are natural monopolies. How many roads are going to have between Beirut and Damascus? One. So either you let a robber baron run it or you say, no, we don't like that one guy gets to make all that money, let's make that a public good, and then everybody can use it at a shared price. And that was the basic idea behind roads and telecommunications from ancient times. It's a public infrastructure and it's also used for imperial reasons. But that's something else. And the idea was and it's the same for the mail, the idea is that, OK, first there's private mail, OK, then there's the Royal Mail. And then wait a minute, the king is there for everybody. So let's make it the public mail. And in the US, which never had a king, it was always the public mail. But what happened is that the people who are supposed to be regulating AT&T and France Telecom and everybody else, it was the same. Weren't really paying enough attention or they really didn't care that much. So what happened is that these monopolies started not using their monopoly profits in ways that were actually helping the users, but to do other things. So in some cases, it was good. Like Bell Labs, AT&T was funding Bell Labs, which gave us practically every innovation that we have, including transistors, out of its monopoly profits. But they were also paying high salaries and not just on top, but to everybody. And they ensured very comfortable returns on their stocks and bonds. So it was a preferred investment vehicle, et cetera, but that had nothing to do with telecom. So for the telecom user, the prices were too high and the innovation was too low. Now, since it's a regulated monopoly, the regulator could have in theory fixed that. The regulator could have come in and said, wait a minute, guys, we don't agree with that. You have to have more innovation. So do allow external devices to be attached, et cetera. Stop being so restrictive. And by the way, your prices, we don't agree, lower them. If you know something about France that actually happened at that period. I think it was in the '80s. It used to, at that time, it took three years or something to get a telephone line in most French cities and they had a change in government. And the government said that this is nonsense. And so they had a big push and suddenly they made a leap and it became much faster to get a telephone. The prices dropped and that's where they started investing in Minitel. Everybody actually had the phone telephone directory online on a little terminal. This is way before the Internet. So proper regulation could have resulted in change, but for various reasons that didn't happen, in particular in the US. And it's a mystery. It's not clear because the US was on a path where AT&T and IBM were going to dominate the combined telecom and computer spectrum. And suddenly the government threw a bomb into that by breaking up AT&T, by also pushing IBM and all these new actors came out. So that had a very positive effect, which prices went way down. And we've got much more innovation. And if they hadn't done that, we wouldn't have the Internet as we know it. We'd have something else, but it wouldn't be today's Internet. But I'm a big believer in the pendulum kind of thing. So I think that they went too far and now it's time to go back. So I'll just give you one example of this strange, perverse side effect of deregulation, which I know about because of my work at ITU. At ITU it was basically the ICANN of telephone numbers. It doesn't work the same way, though, because basically each country gets a telephone number. And by country you mean something that is recognized by the U.N. So it's on the official list of U.N. states. And the function I had is to decide whether it's one, two, three or three, four or five, basically. And of course, most of them have been assigned long ago. But every now and then a new one comes up and there are other numbers which people don't know about, which are very important, which are used in mobile telephony and other things for which there's a fairly active work going on about how to assign them, allocate them, etc. and who gets them. So what the perverse side effect I'm mentioning is Papua New Guinea became an independent country and so they get their country code. OK, fine. So I give the country code and it's published and everybody knows about it. And for years, people would call me up from the US saying, I can't dial the Papua New Guinea number. Why not? I did a little bit of research, it turns out, because in many countries when they privatized and deregulated, they didn't think to put in a new regulation which hadn't been there before, saying, oh, and by the way, you must route all country codes because unlike the Internet, there's no central automatic root file which drives all the interconnections. We know in the DNS there's the authoritative root file and then there are these root servers, et cetera, et cetera. And when ICANN makes a change, it gets updated in the master server and then replicated around the world. That's not how it works in telephony. When I assign the country code for Papua New Guinea, the ITU publishes it on the website. Great. And now every operator in the world has to be willing to go to the ITU website, grab that and program it. OK, mostly they have agreements with other operators so the big operators do that and the little ones simply follow. But some of them don't. And the reason they don't is because the route has to be manually coded. Again, unlike the Internet, there's no automatic propagation of routes and that costs money, doesn't cost very much. If you're going to make one get revenue from one call a year to Papua New Guinea, it isn't going to pay even for the small amount of time to program it. So you don't do it. Now, some countries don't have that. For example, in Switzerland, it is mandatory that every operator allows you to call every country code that is published by ITU. But that's not true in all countries. Mostly it's not a problem because for commercial interests, all the operators are coding. But there are these corner cases that come up and I think that's an example of where actually we need more regulation. We went too far in deregulating. Europe I think is better. I think the European regulatory model is not so bad, but the US, I think, is off the walls, as anybody who knows about net neutrality will understand that the U.S. regulatory environment is not healthy and many countries are confused and don't know what to do.
Ayden Férdeline [00:19:06] That's really fascinating. It never occurred to me that there was not a central automatic equivalent of the A root server, but for telephony.
Richard Hill [00:19:16] They keep pushing this thing. Oh, the telephony is this hierarchical top down, blah, blah. Yeah, it's government driven. Then in the end, it's actually in some ways the naming and addressing is more decentralized than for the Internet. Other things are less centralized. I'll tell you a funny anecdote which really happened to me. So when I was at Orange, I was the IT infrastructure manager. So not the top computer manager, still pretty high up in the company.
Richard Hill [00:19:41] And it happened that all the senior management had been traveling and my boss's boss were also traveling. And at that time, this is a mobile network and SS7. At that time, we were using Swisscom to provide the SS7 connectivity and you can't make mobile phone calls without SS7.
Richard Hill [00:19:59] So in Switzerland we were using the national, we had our own SS7. For International, we were using Swisscom and Swisscom had a computer problem. One of the things that isn't supposed to happen, nonstop systems, etc, etc. they did a software upgrade and because the software was the same on every single replicated system, actually the redundancy didn't work. And so they were actually down from I think it was like sixteen hours. So they couldn't make any calls at all.
Richard Hill [00:20:24] We could still make all our calls, we couldn't make international calls.
Richard Hill [00:20:28] And so I was the senior technical guy on the spot and people said, what do we do? Because our customers now can't make international calls.
Richard Hill [00:20:37] We couldn't call our managers who are traveling because they're all on our mobile network. So they couldn't be reached. And so I was it and I said, yeah, can't we reprogram? So instead of going through Swisscom, can we go through France Telecom or Deutsche Telekom or whatever?
Richard Hill [00:20:51] And the guys came back and said, yeah, this is all manual. So what we have to do is actually we have to send faxes to like twenty operators to say, hey, watch, watch out, we're no longer routing this way. We're routing that way. And I said, how long is that going to take? They said about eight hours. And I said, I'll take the risk. Let's just wait and it turned out to be the right decision, but that shows you how this is much less centralized and much more manual than the Internet, which is logical, right? Because the Internet is more recent. So, of course, it had more automation built into it from the start. Telephony is still a lot of legacy.
Ayden Férdeline [00:21:27] I want to touch a bit upon what was the impetus for the privatization and liberalization of telecoms in, I guess, from the '70s to the '90s and the Internet-OSI Standards War. I'll let you explain that. But at a high level, a long running debate in computer science between engineers, organizations and nations is over which communications protocol would result in the best and most robust computer networks. TCP/IP ultimately won out over OSI. What do you think went well here and what should have been done differently?
Richard Hill [00:22:04] I don't know what should have been done differently, because it's normal, we learn from our mistakes, but let's say what should we now do to correct what isn't optimal or to improve things? So the driver for privatization and liberalization was clear, there was a lack of innovation and the prices were too high. The push came primarily from big companies like my former employer, Hewlett Packard, because those companies had very high telecom costs, because they have a lot of employees and also because they're very international. And also they wanted to be more innovative. So we wanted to be able to deploy high-end modems, which we knew existed, an engineering company. Obviously, they knew that the stuff they weren't building them themselves, but they knew that this stuff could be built and you couldn't do it. So basically, it was a lobby of the large corporate users, much more than individual users who pushed saying, look, this isn't working. And for various reasons, the regulator was unable to solve that. And so the solution was seen to break up the monopoly, privatize it, liberalize it. And it did have the intended effect of favoring innovation and lowering prices. So this kind of coincided with what I had mentioned earlier, which was a bunch of computer manufacturers had allied to develop networking standards that would compete against IBM's networking standard, SNA, because they wanted to be able to compete on the network side with IBM as well as on the computing side. And in parallel to that, the US Department of Defense had funded the development of research into connecting computers for military purposes, which turned out to be TCP/IP. But then of course, turned out it's all the same thing. And so the question became, OK, what should we use? Should we use TCP/IP or should we use that OSI protocol, as you mentioned, which was the one developed by all these computer manufacturers under ITU, ISO, IEC. And actually it's paradoxical. All the governments of the world, including the US government, were pushing OSI. There was actually a formal procurement standard saying all US government agencies have to buy OSI. But as the Defense Department is a state within the state in the US, not just in the US, also elsewhere. So they didn't care about that. And they said, we're going to do our thing, which is TCP/IP, and they were able actually to outspend. The US Department of Defense was able to outspend the entire rest of the world in terms of deploying computer networks at the time. So TCP/IP became very widely deployed. And then I can take this specific case of Hewlett-Packard, but it was the case of many other companies because Hewlett-Packard is big on the defense business. They had to communicate with the Department of Defense, so they had to start having TCP/IP inside. And once they started having TCP/IP inside, it became fairly clear what we're going to do. We're not going to have X25 and OSI and TCP/IP. Let's just go with TCP/IP. It has some advantages. In particular it's clear that TCP/IP is a brilliant invention and so it was able to create these great data networks that had two advantages and disadvantages. It didn't foresee billing. So that was even annoying within Hewlett-Packard because we had previously been on the polluter pays principle. If you put data into the network, you pay for it. Suddenly we couldn't do that anymore. So flat rate. So inside a company flat rate means free. What are you going to do? It just give the network everybody. Give them as much bandwidth as they need and that's it. OK, fine. That's had a very deleterious consequence jumping forward that the only model we seem to have for funding the Internet is advertising. Targeted advertising, right? Which means exploiting people's personal data, which as we know, has huge implications. And everybody now understands that this is really not a good idea. So clearly, that was a stupid mistake. You were going to create a network and we're going to have no mechanism whatsoever for measuring the traffic on the network so that we can allocate the costs on the basis of usage. So I think that was a fundamental flaw and it was no criticism of the designers because the designers were designing a private military network. This was a network to be used by the military because the military doesn't care about costs. They have other problems. The other big failure was lack of security. And again, it's because of the design flaws. Give us a network that can connect military computers, OK?
Richard Hill [00:26:10] By definition, all those military computers are secure and are in secure sites. And so you don't have to worry about network security. So there is no network security and there still isn't. And it's proving extremely hard to retrofit. Whereas one of the reasons that OSI didn't get deployed is because it had billing and because it had security. So of course, it was much more expensive to to implement, more cumbersome, et cetera, et cetera. So it couldn't compete against TCP/IP if people didn't care about security. Now, as long as you were connecting mainframes, OK, security is not a big deal. But then Bill Gates came along. And deliberately and I speak with knowledge, deliberately gave us an operating system that was totally insecure, even though at that time everybody knew how to build secure operating systems. Why did he do that? Because it's cheaper, right? It required a smaller chip and less memory to have a system that didn't distinguish between supervisor mode and the user mode, if you like. Now, that didn't basically have any security at all. And so that drove out CPM, which was a little bit more complicated because it had some semblance of security. Now you take totally insecure devices attached to an insecure network and what you get. What we have. Spam, phishing, viruses, Trojans, you name it. So we lost this public infrastructure idea. So coming back to another thread that you mentioned, which is important, roads and communication mechanisms via telegram, telephone, whatever, were always viewed as something that the government provides. Well, the king or the noble, but then in more evolved times that the government provides for the use of all citizens. And it's also strategic because it allows you to project power. And there is some thinking that maybe the dominance of TCP/IP is not accidental. Maybe that was deliberate at the time because of course they do get an advantage from having a lot of control over the infrastructure and most of the data passing through the US and so on, as we know from the Snowden revelations regarding the NSA. But there was always this concept of, yeah, it's a public infrastructure, less in the US, of course, because of its peculiar history, but certainly strong in Europe, it's a public infrastructure, has to be a service available to everybody under fair conditions and so on. And the kind of we lost that with privatization and liberalization. Again, Europe, it's not a big problem, but in the US it resurfaces with the net neutrality debate. It's a question of how much money are you allowed to make from the last mile? Basically what's it's about. Right, because if you don't think that the last miles public and therefore must be available to everybody at a reasonable price, it's by wire. I can do anything I like with it. In fact, the guy from AT&T actually said that it's my cable and I'm going to charge what I damn want for it. Another anecdote that you'll find amusing because you've seen this expression repeatedly when you talk about making fundamental changes to the Internet. If it isn't broken, don't fix it. How many times have we heard that one? Actually, if you go back to the '70s, that's exactly what AT&T said when it was trying to block the adoption of TCP/IP, because, of course, all the big telcos and all of those big computer manufacturers were against TCP/IP. And that's why it's called the OSI Wars, because there really was a struggle between the more innovative TCP/IP-type people and the old stream telco and computer people who were saying, oh, we have this OSI and so on. And of course AT&T would say, well, telephone network works fine. Why do you want to replace it with this strange stuff that we don't know anything about? If it isn't broken, don't fix it. The circle repeats. And I don't know if you've noticed, but many people have. The lack of innovation in telephone network was partly due to anti-competitive decisions, but also partly due to the fact that you've got a gigantic installed base. It gets very difficult to replace things. It's expensive and might be dangerous because you change something. You don't know if it works. And of course, the Internet is now suffering from exactly the same problems. You can't get IPv6 in because you have this gigantic IPv4 base. And for example, when they introduce the multilingual character sets, they didn't dare to go to 8-bit because they weren't sure it was going to work. So they came up with this strange cluje of the IDN's because, OK, look, we're not sure you have this giant installed base. Let's stick to 7-bit and make sure that everything works. So when you have a huge infrastructure deployed, it gets very difficult to change it. And again, I think that's some of the lessons we have to learn. And how can you change that? In the end, sometimes because of externalities, people will not make decisions that are good for the common good because they don't see the externality. I was just in a talk on the pandemic. Why doesn't everybody wear masks? Because I don't think that I'm at risk, so I'm not going to wear a mask. But wait a minute. I might be putting somebody else at risk and people don't necessarily integrate that into their calculations. So at some point, you need an external force to externalize, to internalize the externalities and, for example, impose masks or whatever. And I think here, for example, security is a typical case. It's well understood now that the market will never give us enough security because of market failures, in particular information asymmetry. How do you know which antivirus is good for you? You can't know. How do you know how long the passwords should be and how often you change them? You have all this advice, but you're not a technical expert. And very few people actually are able to make the appropriate risk benefit trade off. And the other is externalities. If my PC is insecure, maybe I don't care because I don't have anything on it. But wait a minute. If it gets a virus that then affects your PC, that's going to bother you. But I don't care about that because I don't see or the famous example of the big marketing, big online shopping company that loses the credit card data. OK, they don't care, right? Nothing happened from their point of view, they lose reputation, but each individual user has to go off and get a new credit card. Maybe they don't pay for it, but they do indirectly through their credit card fees because the credit card company that does have a cost. So somehow there is a real cost there, which is not seen by the entity who didn't have sufficient security. And this is well known everywhere else. In pharmaceuticals, we have mandatory safety standards, electrical appliances, cars, airplanes, anything, you name it. We have mandatory safety and security standards because we know that people first can't evaluate that by themselves. And second, they're externalities. And in ICTs, this is not just about the network or the Internet. This is in general and ICTs are risk blind to that. So going back to MSDOS, that should never have been allowed to be deployed, at least not connected to a network. OK, if you want to have totally insecure devices, not connected, fine. If you thought about it, the governments would have said, no, wait a minute, you cannot connect insecure devices to an insecure network because that's going to lead to catastrophe. We have to start thinking now, OK, can't change the past, but how do we go forward? And in fact, that's happening because now what I'm saying now is it's not only me saying that as these things are being said clearly by a number of players.
Ayden Férdeline [00:33:04] Thanks. There's so much to unpack there. I really like the anecdote that you brought up that if it isn't broken, don't fix it. However, what if it is broken? How then do we go about fixing it? And what are the vehicles that we have to do that? I'm wondering if you think, based upon the decade that you spent working at the ITU, the International Telecommunications Union, whether you think that the ITU is a vehicle that will be able to bring about some of the changes that are necessary, be that in telephony, whether that be in the development of networks, communication protocols, some other capacity, is the ITU going to be able to reinvent itself to stay relevant? Will the ITU change, or do we need some sort of new structure or new mechanism of bringing about cooperation on some of these issues?
Richard Hill [00:33:52] Yeah, that's a very good question. So the short answer is, I think that the ITU should be able to reinvent itself, but I'm not convinced that it will be able to do. And I'll explain why. I'll start with Booz Allen Hamilton study, which was I think it must be like 10, 15 years ago, which made an attempt to come up with the world's most enduring institutions.
Richard Hill [00:34:16] And number one was the US Constitution, which is fair enough, because that's the oldest constitution. Maybe that's a problem as we see with the current elections. But still, it's endured with not that many changes, whereas other countries have completely thrown out and had new constitutions. Or in the case of the U.K., it's a complicated evolutionary process. And another one they had I forget it was number two or three on the list was actually the ITU because the ITU goes back to 1865. So it's an extremely old institution and it has had huge transformations. And basically the ITU has survived by growing. So initially it was telegraphy, and then it was wireless telegraphy was added, and then telephony was added, and then modern networks started to be added. But that's where it got stuck because of these OSI Wars. So ITU was on a path to produce the network standards that would be used around the world, et cetera, et cetera. And then we have these OSI Wars and, of course, everything shifted to the IETF on the one side. And although people don't notice it so much on the wireless side, which is very important, of course, mobile telephony, mostly for reasons that the US was trying to push its technology and didn't succeed to do that in the ITU and the Europeans succeeded by creating ETSI. So as all of the wireless stuff, is that the. Even more from my point of view, a pernicious actually a lot of the important standards, for example, on roaming and building are done by the GSMA, 3GPP, and things like that. And that's an industry group. So, again, this is part of the privatization trend. Governments are slow and inefficient, which is true. So let's let industry do it because they're going to be fast, which is true sometimes. ICANN is not particularly fast, but that's for other reasons. But wait a minute. What's the driving goal of industry? Maximize profit. For who? For the shareholders. OK, if you have a lot of shareholders, maybe that's OK. But in a lot of these industries, you only have one shareholder, Bezos or Zuckerberg. You don't, but individuals have huge disproportionate say and you count them. There's only about a dozen of these guys. OK, mobile network is a little bit more complicated, but still there's very high level of concentration at the top, the few really big operators. And so you're know letting organizations and people make decisions where their motivation is to increase their profits. Whereas government, OK, there are lots of corrupt governments, but in theory, the government is not trying to do that, it's trying to increase the well-being of everybody. And that's one of the reasons the governments are so slow because of trying to figure out what's better for everybody. It's much easier to say what's going to increase my share price. That's much easier to figure out what's that going to be, what's going to drive out competition or collude with other people in some way to raise prices and so on, have ever more patents? You've heard that the current mobile phones have a thousand patents in them or something like that? It's completely crazy. So allowing industry to make decisions has an advantage. It's going to be quicker and more innovative, but it has a disadvantage. The decisions are not necessarily in the common good, and that's what's been seen pretty clearly, that if we outsource control of content to Facebook. Are they going to do what's in the common good? They're going to do what increases Facebook's profitability. And you can't criticize them for doing that because we live in a capitalist system and in a capitalist system, private companies are supposed to maximize profits. So you can't tell Zuckerberg, hey, you're maximizing profits. That's bad. That's stupid, of course, he is maximizing profits. That's what he's supposed to do.
Richard Hill [00:37:55] That's what the law says he's supposed to do. So you need to find a different system, and I think that you need to recognize that some of this stuff has to be not necessarily run by the government, but at least regulated by the government. We have the great example of attempting to privatize energy distribution in the US with the famous Enron failure. We said, oh, let's let the private sector produce energy. OK, fine, but let's also let them distribute it. Wait a minute. You can't not have competition on the wires that carry electricity in your house so it isn't going to work.
Richard Hill [00:38:25] So you're going to have a private monopoly. So either you regulate it very closely or you don't. And if you don't, you're going to get a scandal because these guys are going to maximize profits and it's going to hurt the individual users, which wasn't the purpose of the exercise. The purpose of the exercise was to make it better for individual users.
Richard Hill [00:38:40] So we're into that fundamental conundrum. What is a public good that must be available to everybody and deliver it to everybody? And I would submit that a basic level of connectivity, but even e-mail and search is now in that category. So these should no longer be entirely controlled by private companies. Provided by private companies? Yes, of course. But there has to be a set of rules that make it available to everybody at a fair price.
Ayden Férdeline [00:39:04] This is a really interesting concept. And it's something that you wrote about in your piece calling for a new convention on data in cyberspace, where you said that it would appear that data was poised to revolutionize social and economic life, much like steam power and mechanization did three centuries ago. And you said that we're simultaneously in a race to capitalize on this technology while developing a means of controlling it. And what I found really interesting in your piece was that you didn't necessarily succumb to the prevailing view that the multistakeholder model of Internet governance must reign supreme and unchallenged. You said that there are alternative ways of governing the Internet. Could you speak a bit about what they would look like and maybe just briefly introduce your article for those who have not read it yet?
Richard Hill [00:39:58] Yeah, and I'll come back to the ITU because I realize now I didn't really answer your question about whether the ITU could or would be able to provide the framework, but I'll discuss that in this framework of the convention where it fits quite well.
Richard Hill [00:40:08] The first comment, this idea that data is the information revolution actually comes from our colleague Parminder Jeet Singh, who most people know very well as he's the one who introduced me to that idea. And I think it's true. We have the agricultural revolution which changed everything. Then we had the industrial revolution that changed everything. And now we're having the information revolution, which clearly is changing everything. And just as it took a long time to
Richard Hill [00:40:28] figure out how to govern the agriculture in a reasonable way, as opposed to a few big landowners and kings exploiting everybody else, and also the industrial revolution as just having the robber barons exploit all these underpaid workers. How do we now handle data so that the value of data is equitably distributed as opposed to essentially all of it going to for people in Silicon Valley and to people in China, which is the current situation almost literally. And so we need to figure that out. So actually, personally, I am an anarchist, but only in theory, not in practice, because I don't see how anarchy works on a big scale and it works reasonably well at small scale, but not at a big scale. So in a way, I agree with Milton Mueller, also a colleague known to everybody. Well, ideally, we want governance by the people, for the people, but how do we get there?
Richard Hill [00:41:18] And Milton is saying we don't really like the nation-state because the nation-state does lots of terrible things, which is true with us. Let's do something else. OK, but what's something else? So theoretically, I think we ought to have the equivalent of the Swiss or the US Federation. They have their defects, but they have lots of good things in their governance model, at the world level. So we should have a global federation where people elect the equivalent of a US house and the equivalent of the US Senate by some mechanism, etc.. This isn't going to happen in your lifetime, or your children's lifetime. We're not going to get there. So what do we do? So what we have is the nation-state. So either we say let's get rid of nation state because these guys are evil. For example, they tried to prevent TCP/IP. They didn't succeed. They weren't really that bad because although they tried to stop TCP/IP, they didn't succeed and then let private companies do everything. And this actually been explicitly called for that in the multistakeholder model, as if a stakeholder should have equal standing and so the private companies can veto decisions by governments. Wait a minute then. How do we get the public interest? Because companies are looking out for the public interest because of competition. True, if you have a competitive market, but if you don't have a competitive market, which is the case for most things in ICT is because of network effects and economies of scale. Google is dominant search. Then that doesn't work. I don't like Google. What am I supposed to do? Yes, I have tried the other ones. They're actually, for me, not as good. Maybe for somebody else they're as good, but not for me. So what am I going to do? Why do I use Microsoft Word? Because everybody else uses Microsoft Word. Have I tried OpenOffice? Yes. As long as the document is simple, it works fine. When you start doing something complicated, if the other party doesn't have OpenOffice, it doesn't work. You cannot rely on competition to ensure governance. The other problem with this multistakeholder model is that, as we all know, companies are very influential at the national level on governments. So by actually allowing governments industry to participate directly at the international level, you're giving them two bites of the apple because they get to influence national policy and then they get to come in and also influence it directly at the international level. And in parentheses, that's one of the big problems with WTO. WTO is far too dominated by corporate interests, not that they participate directly in WTO, but they have so much influence at the national level that in fact most WTO agreements are done in the favor of large multinational corporations and that wound up not really helping people very much. But that's a side discussion. Now, coming back, the ITU was actually the original, quote, multistakeholder institution, because after it was created in 1865, governments only, and then seven years later, I think was in St Petersburg in 1872, they realized this doesn't work because we're discussing technical things. Should we use Morse code or not Morse code? And what is the level of signal that should be going down the wires and stuff like that. We're government bureaucrats, we don't understand the stuff. Let's bring in the private sector, which is actually running these things, OK, they were government monopolies, but still that was private sector. So you had the telegraph companies. And so they allowed those people to come in as basically speaking observers, we'd say today. And so the ITU has recognized since 1872 this category of sector member, which are private companies, and depending on the type of decision they have more or less influence over budget matters. They [most governments] have zero [little] influence for technical matters. Basically, they're running things unless some government wants to intervene for political reasons. So that model actually has existed for a long time. And if you know the history of multistakeholder, that actually it also exists in other walks of life. It's not just in telecoms that it's existed. So the right form of it is not a problem. As my colleague, Norbert Bollo, who is also fairly well known and I have written, what we think is that the multistakeholder process is excellent and in fact indispensable for consultation. But then when you actually get to a decision which may affect public policy or is in the public interest, really that should be reserved to democratic governments. Now, it's true that most governments are not democratic and I don't count the US as being a democratic government personally. It has the trappings of democracy, but not the substance. That's a different discourse. But OK, what's the alternative? Right. Again, they say, OK, most governments are not democratic. But wait a minute, private companies, which is the alternative, that's the least democratic structure that we know. Employees don't vote for who gets to be the boss.
Richard Hill [00:45:41] Employees can't, even unless they're heavily unionized, negotiate regarding their salaries or their working conditions. That's a pure top down structure. There's the owners. The shareholders choose the management and then the management manages top down totally, entirely. OK. In some very good companies like Hewlett Packard, you get the upward communication and consultation, et cetera. But still, it's a completely top-down structure. And again, what's the purpose of a company? To make money for the owners. Wait a minute. How is this going to give us the public interest? So there's a problem, right? The current structure of the nation-states, the United Nations, ITU, etc., is suboptimal for sure. But what's the alternative? So I think we have to work on it. For example, in the ITU, clearly they were too closed and not sufficiently transparent. That's improved. It has not improved enough, but we should continue to push that. And that brings me to the issue of why will the ITU, I think, not be able to evolve to provide the kind of governance that we need? One reason is because many of its member governments don't actually want that. It's clear. The Chinese or Russian or Arab concept of how to run the world is probably not well aligned with ours. So there's going to be a blockage there. But there's something more pernicious, which is basically that the US is sabotaging. And it's not just that the ITU, as Trump pulled out of the World Health Organization, has sabotaged the World Trade Organization, et cetera, et cetera. People dream it will be better under Biden. No. The form will change, the glove will be velvet, but the hand will be the same steel hand. Because Obama was doing similar things, it just wasn't as visible. Basically, the US is still in an imperialistic mode and wishes to dominate. So it will sabotage any international institution that it cannot dominate and for structural reasons, because of the way the ITU is organized, the US, although it is very influential, still more influential than China, despite what some people say, it doesn't control things to its liking. And so it simply blocks things in the ITU. And because it's an influential country and a major contributor to the budget, it's difficult to get around that. So on the one hand, with the US blocking things. On the other hand, some authoritarian countries are pushing things that we don't like, it's difficult to find a consensus in the ITU. So for anything that is not highly technical, basically you don't move forward. Now, to me, having lived the Cold War, it's strange because I never thought the Cold War - I was born in 1949 - I never thought the Cold War would end in my lifetime, but I certainly never imagined that it would revive in my lifetime. And I remember, I wasn't really in international organizations back then, but I had some contact with them in various contexts. Basically, what happened then? You've seen the video of Khrushchev banging the shoe when he was at the UN. Basically, you'd have the East and the West and you'd start the discussion with a set time of insults. So you're capitalist imperialist oppressors and you are anti-democratic, dictatorial, blah, blah, blah. And when we're done changing insults, you got down to technical work and got done. And so actually there was a great deal of cooperation at the technical level. A lot of international standards were made very successfully, including in the ITU, but also elsewhere, through East-West cooperation. Now it seems to go all the way down. You get down to some totally harmless technical protocol and it gets politicized and you start arguing. But you've also seen that with Covid. So we focus on whether it was worse because China didn't talk soon enough about it or not. Yeah, OK. That's not exactly the pressing issue right now. We can come back to that
Richard Hill [00:49:11] in two or three years when we've sorted things out. So everything gets politicized. And I attribute that to the fact that before you had these two blocks and then the Eastern Bloc disintegrated and the US had the illusion that it was going to be unipolar and dominate everything, but for various reasons, including US internal politics, they don't have actually the will to be a global empire like the Romans used to be or the Brits at some stages. And so they're not exercising that role. So now you have these other powers popping up, some regional, some very low level, and the big one like China. And so now everybody's confused and you have this multipolar world. And so you just can't simply have the simple ideological discussion of communism versus capitalism and it gets much more complicated. And so everything is, quote unquote politicized. Nothing wrong with politics, per se, but there is when it's not moving forward and you're just bickering. And that's what we're seeing. So even things that everybody should agree on, I think everybody now agrees we should have security standards like no brainers. Don't ship webcams with default password admin so that any idiot can hijack them. Right. Just don't do that. So it seems like a no brainer that we should agree to do that. If you don't like the ITU doing it, do it somewhere else. But the problem is the US always says, no, don't do it in forum X. I've been in any number of forums where the proposal comes in. Let's do something at the ITU. The US and its allies say no, we don't want to do that here. OK, but then you go to the next forum and they don't want to do that there either. Because they're still in this mode, the market will fix everything or slowly we're getting out of it. I think on security, they're beginning to understand that the market isn't going to fix. But as late as 10 years ago, the mantra from the US was the market will fix it. Right, because users demand security. So the market will provide security because they're not seeing that there are market failures, which I mentioned. Information asymmetry and externalities. So I'm really not optimistic about the EU's ability to transform itself. What might work is that the ITU, as I mentioned, always grew by absorbing other things. So as because better than I because you follow that much more closely than I do now, there's a push to enhance the IGF, to turn it into IGF plus kind of thing.
Richard Hill [00:51:20] If that works, then maybe in 20 years that will then be attached to the ITU or the other way around. So people will say, wait a minute, this is all related. And so let's put it together, because nobody's going to say that the IGF should have a development effort, whereas the ITU does. The ITU does a lot about trying to help developing countries build networks, et cetera. They'll say, wait a minute, they're doing policy stuff there and development stuff there, wouldn't it be logical that they come together so they might eventually, in some future get merged? There was somebody proposed years ago, let's create an I sector in the ITU because they have a development sector, radio sector and telecommunications sector. Let's create the Internet sector, a whole new sector, maybe with different rules and glue that in. If people actually wanted if there were a will on the part of states to solve some of these issues, which at present there really isn't, although it's beginning to come, there would be the mechanism to do that. And that's what I outlined in what you said. I'm proposing a treaty which is to some extent cut and paste, for example. I just took, I attribute, of course, but I took Brad Smith, the chief executive officer of Microsoft's idea that we need a Geneva Digital Convention, he called it. Because we know that one of the issues is that states it's primarily the US, but for sure, the Russians, the Chinese and probably the English and the Germans and some others are doing it, too. And the French, they're stockpiling and the Israelis, they're stockpiling malware because they want to be able to use that either for cyber defense or cyber attack. Guess what? The stuff leaks. And when it leaks, the bad guys use it. So Wannacry came from that and that picture came from that. These were US stockpiles that got into the black market and were used by criminals. So Brad Smith is basically saying, look, states should agree not to stockpile malware, number one. And number two, to disclose faults as soon as they find them. So not have zero day faults where I know about the fault and I'm going to exploit it, but then, you know, nobody else can fix it until after it's become public. So that's one element. The other elements are basic infrastructure and monetization of data, et cetera, that we've discussed. And if there were a will to do that. But people say it takes forever to negotiate a treaty. That's because people don't agree. If people agree, it's fairly easy to negotiate a treaty. It's not done in a day. Obviously, it takes two to three years. But once you have the agreement on what to do, you get the experts together. You hammer out the words and you do that. And the ITU actually would be the perfect framework or shell organization in which to do that. The ITU is, there's not some giant staff that is running things which some people criticize ICANN for. I don't know how true that is, but in the case of the ITU, the staff is extremely weak. It's really the member states. It's the membership that's running things. So if the membership were willing to do that, it would be a good framework. Staffers basically organize a meeting, publishing documents, you know, and stuff like that. And the ITU does have this plenipotentiary conference which meets every four years, which is a treaty making conference. It's unusual, right. Most treaty making conferences are ad hoc. You have to actually convene it, convince everybody to call one, and so on. Whereas the ITU has this convenient regular mechanism. Every four years they can make treaties and that conference could call for a sub conference called the World Conference on International Telecommunications, which the last one was in 2012 with some rather strange results. But basically they could call for another WCIT. I'd give it a four year preparation period and then everybody could come together and do all the wonderful things that I've outlined in the treaty. But it's really a lack of will. So it comes back to your fundamental question. Could ITU do it? Theoretically, yes. In practice, no, because there's no will to do that. Paradoxically, though, and I put that in my paper, just put the knife in and turn it, that the dominant states, which are, of course, the US and its allies, the other OECD states are calling for binding treaty level provisions in the WTO precisely on the topics that they refuse to discuss in the ITU. So, for example, they want to use the WTO to have treaty provisions on spam when they refuse to have any discussion of treaty provisions on spam in the ITU. Or security.
Richard Hill [00:55:17] Wait a minute. Since when are trade negotiators the right people to negotiate treaty level provisions on spam? What they're proposing is not bad. I don't have a problem with the substance, but it's just the thought that this is ridiculous, right? If you're going to do try to do something about spam at treaty level, that is as an intergovernmental agreement, at least within the institution where first of all, industry can participate directly, civil society to some extent. It's not great, but it's better than zero. And you have experts, the people from the government who actually might know something about spam as opposed to trade negotiators who know nothing about spam. And by the way, the WTO is the most closed international organization of any because it has no provision whatsoever for formal participation by non-state actors. And that's a deliberate choice, which they still maintain today, which you can argue the ITU is not sufficiently open. The UN is not sufficiently open, blah blah, but they have some provision. So does WIPO. They all do, except WTO. WTO is zero space for non-state actors and also at the national level, if you've ever tried to work with the people at the national level, who, the WTO, they're very closed. So, for example, from the Swiss ITU representatives, the Swiss government, I can get anything I want. The WTO people won't even talk at the national level.
Ayden Férdeline [00:56:30] Wow.
Richard Hill [00:56:31] And so just to close out, in my paper, I say, look, apparently there is a will to negotiate treaties because you're trying to do it in WTO. Now what you're trying to do. First of all, it's wrong venue. And second of all, it's the wrong content because what you're trying to do is actually enshrine the free flow of data and continue allowing Zuckerberg and company to make monopoly profits. Forget that. Here's something better. And by the way, you could do that at ITU, if you wanted too.
Ayden Férdeline [00:56:54] This has been a fascinating conversation. Richard Hill, thank you very much.
Richard Hill [00:56:59] You're very welcome. I really enjoyed it.
Ayden Férdeline [00:57:01] That was Richard Hill. Next week on POWER PLAYS we'll be interviewing the angel investor, Esther Dyson.
OUTRO [00:57:08] This has been POWER PLAYS, the podcast that takes you inside the rooms and into the minds of the decision makers responsible for some of the most instrumental decisions that helped shape the Internet which we all use today. If you'd like to help us spread the word, please give us a five-star review and tell your friends to subscribe. We're available on every major listening app as well as at POWERPLAYS.XYZ.