MAGAZINE

TECH & INNOVATION

February 24, 2009 / Spring 2009 / Issue 54(originally published by Booz & Company)

TECNOLOGÍA E INNOVACIÓN
24 de febrero de 2009 / Primavera de 2009 / Número 54
(publicado originalmente por Booz & Company)

Watching over the Web

Cuidando la web
For broadband service providers — and the Internet in general — “digital
confidence” pays off.

Para los proveedores de servicios de banda ancha, e Internet

en general, la "confianza digital" se amortiza.
by Thomas Künstner, Manuel Kohnstamm, and Stephan Luiten
por Thomas Künstner, Manuel Kohnstamm y Stephan Luiten
The Illustration by Lars Leetar
La Ilustración de Lars Leetaru.

Internet’s growth is no longer driven by technology.

El crecimiento de Internet ya no está impulsado por la tecnología.

In much of Europe, more than 70 percent of households have

broadband Internet access 
En gran parte de Europa, más del 70 por ciento de los hogares tiene acceso a Internet de banda
ancha

along with cable television and wireless access); the same

technology is rapidly reaching saturation in Asia and North
America as well
(junto con televisión por cable y acceso inalámbrico); La misma tecnología está alcanzando
rápidamente la saturación en Asia y América del Norte también

.No wonder that online advertising is growing at 32 percent per

year or that in the business-to-business realm,
 No es de extrañar que la publicidad en línea esté creciendo a
un 32 por ciento por año o en el ámbito de empresa a empresa,
Forrester Research Inc. estimates Web 2.0–related sales will
grow by 47 percent per year,
Forrester Research Inc. estima que las ventas relacionadas con la Web 2.0 crecerán un 47 por
ciento por año,

resulting in almost US$5 billion (€4 billion) in growth worldwide

by 2013. 
resultando en un crecimiento mundial de casi US $ 5 mil millones (€ 4 mil millones) para 2013.

Moreover, the next-generation networks of digital video and

wireless services are expected to accelerate all these trends —
at increased broadband speeds,
Además, se espera que las redes de próxima generación de video digital y servicios inalámbricos
aceleren todas estas tendencias, a mayores velocidades de banda ancha,

with ubiquitous connectivity, and through many types of devices.

Con conectividad ubicua, ya través de muchos tipos de dispositivos.

There is a risk, however, that this momentum will founder as the

hidden costs and risks of the Internet become more evident
Sin embargo, existe el riesgo de que este impulso se hunda a medida que los costos ocultos y los
riesgos de Internet se hagan más evidentes.

Already, the statistics on fraud, criminal cyber-attacks,

Ya, las estadísticas sobre fraudes, ciberataques criminales.

and lost business are cause for concern. 

y los negocios perdidos son motivo de preocupación.

Twelve percent of Europeans avoid shopping online because of

concerns about Internet security. 
Doce por ciento de los europeos evitan comprar en línea debido a preocupaciones sobre la
seguridad de Internet.

According to Booz & Company analysis, 

Según el análisis de Booz & Company,

the number of online attacks approximately doubled each year

between 2002 and 2005, 
la cantidad de ataques en línea se duplicó aproximadamente cada año entre 2002 y 2005, lo que le
costó a la industria un costo

costing the industry an estimated $1 trillion (€843 billion) in 2005

alone in lost revenue
le cuesta a la industria un estimado de $ 1 billón (€ 843 mil millones) solo en 2005 en ingresos
perdidos,

idle time, repairs, and reputation damage.

Tiempo de inactividad, reparaciones y daños a la reputación.
A separate analysis of Internet scams (in the U.S. in 2007)
showed them costing their victims as much as $4,000 each.
Un análisis separado de las estafas en Internet (en los EE. UU.
En 2007) mostró que les costó a sus víctimas hasta $ 4,000
cada una.
In short, for those businesses — and governments — that want
to see the Internet fulfill its potential, the single most critical
factor is not technology. 
En resumen, para aquellas empresas y gobiernos que desean que Internet alcance su potencial, el
factor más crítico no es la tecnología.

It is confidence.
Es confianza.

Digital confidence is the level of trust that consumers place in

this emerging infrastructure.
La confianza digital es el nivel de confianza que los consumidores depositan en esta infraestructura
emergente.

Digital confidence is tangible enough that its value can be

estimated: 
La confianza digital es lo suficientemente tangible como para poder estimar su valor:

In the European Union, for instance, the economic upside

amounts to an extra 11 percent growth (about $58 billion or €46
billion) on top of the $550 billion (€436 billion) overall revenue
base of the Internet in 2008
En la Unión Europea, por ejemplo, el alza económica equivale a un crecimiento adicional del 11 por
ciento (aproximadamente $ 58 mil millones o € 46 mil millones) además de la base de ingresos
general de Internet de $ 550 mil millones (€ 436 mil millones) en 2008

When digital confidence deteriorates, content providers and ad-

vertising markets are the most negatively affected businesses.

Cuando la confianza digital se deteriora, los proveedores de contenido y los mercados de

public
 In 2008, in an in-depth scenario exercise for Liberty Global Inc.
En 2008, en un ejercicio de escenarios en profundidad para
Liberty Global I
a leading cable TV company, Booz & Company calculated the
difference between 

Booz & Company, una empresa líder de televisión por cable, calculó la diferencia entre

  “getting digital confidence right” (a best-case scenario for the

year 2012) and getting it “wrong” (a worst-case scenario in
which many people would curtail their time and activity online
because they didn’t feel safe). 
mantener la confianza digital correcta ”(el mejor de los casos para el año 2012) y hacerlo“ mal ”(el peor de
los casos en el que muchas personas reducirían su tiempo y actividad en línea porque no se sentían seguros).

Even in the worst-case scenario, consumers would not abandon

the Internet, but they would use it less often and spend less
money online. 

Incluso en el peor de los casos, los consumidores no

abandonarían Internet, pero lo usarían con menos frecuencia y
gastarían menos dinero en línea.

The overall cost in Europe could be $156 billion (€124 billion),

or almost 30 percent of the total market at stake —
approximately 1 percent of the total estimated European Union
gross domestic product. And there would be similar costs
elsewhere throughout the world.
El costo general en Europa podría ser de $ 156 mil millones (€
124 mil millones), o casi el 30 por ciento del mercado total en
juego, aproximadamente el 1 por ciento del total estimado del
producto interno bruto de la Unión Europea. Y habría costos
similares en otras partes del mundo.

In short, for any Internet-based business, digital confidence

pays off.

En resumen, para cualquier negocio basado en Internet, la

confianza digital da sus frutos.
That’s why many organizations — public agencies, private
companies, and not-for-profit groups — have attempted to
promote it.

Es por eso que muchas organizaciones (agencias públicas,

empresas privadas y grupos sin fines de lucro) han intentado
promoverlo.

But the industry is gradually realizing which organizations stand

at the core of the issue: broadband service providers. 

Pero la industria se está dando cuenta gradualmente de qué

organizaciones se encuentran en el centro del problema: los
proveedores de servicios de banda ancha.

These telephone, cable, or access companies represent the first

line of contact for consumers, typically charging them a monthly
subscription fee to connect their computers, entertainment
systems, and mobile devices to the Internet.

Estas compañías de teléfono, cable o acceso representan la

primera línea de contacto para los consumidores, por lo general
cobran una tarifa de suscripción mensual para conectar sus
computadoras, sistemas de entretenimiento y dispositivos
móviles a Internet.

The senior management teams of those companies are turning

their attention to digital confidence.
Los equipos de alta dirección de esas empresas están ce
ntrando su atención en la confianza digital.
They recognize that they are not just selling access; their
customer relationships depend on their ability to provide a
reliable and attractive communications marketplace and a
medium that is reasonably safe from attack, fraud, and threat. 
Reconocen que no solo están vendiendo acceso; sus
relaciones con los clientes dependen de su capacidad para
proporcionar un mercado de comunicaciones confiable y
atractivo y un medio que esté razonablemente a salvo de
ataques, fraudes y amenazas.
But this type of access has not been easy to deliver, and it will
be even more difficult in the future.
Pero este tipo de acceso no ha sido fácil de entregar, y será
aún más difícil en el futuro.
The complexities are great, and the moral and political issues
are tangled and contradictory. 
Las complejidades son grandes, y los problemas morales y
políticos son enredados y contradictorios.

Government cannot resolve the contradictions; no matter how

enlightened and proactive Internet regulatory agencies may be,
regulations in themselves cannot ensure that people trust the
online world. 
El gobierno no puede resolver las contradicciones; No importa
cuán ilustradas y proactivas sean las agencias reguladoras de
Internet, las regulaciones en sí mismas no pueden garantizar
que las personas confíen en el mundo en línea.

Ultimately, the guarantors of digital confidence need to be the

broadband providers. And that recognition alone represents a
significant step change for the industry. 

En última instancia, los garantes de la confianza digital deben

ser los proveedores de banda ancha. Y ese reconocimiento por
sí solo representa un cambio significativo en la industria.

And that recognition alone represents a significant step change

for the industry. 

Y ese reconocimiento por sí solo representa un cambio

significativo en la industria.

It means that providers will have to see themselves as the

critical link in a value chain that includes consumers, the various
“suppliers” of Internet services, and the governments in whose
jurisdictions the providers operate.
Significa que los proveedores tendrán que verse a sí mismos
como el enlace crítico en una cadena de valor que incluye a los
consumidores, los diversos "proveedores" de servicios de
Internet y los gobiernos en cuyas jurisdicciones operan los
proveedores.

True digital confidence could also transform the way people use
the Internet — or, more precisely, it could complete the
transformation already begun. 
La verdadera confianza digital también podría transformar la
forma en que las personas usan Internet, o, más precisamente,
podría completar la transformación ya iniciada.

Future growth in an Internet-based economy will not be driven

by penetration of service; the number of people paying for
service is finally approaching a saturation point.
El crecimiento futuro en una economía basada en Internet no
será impulsado por la penetración del servicio; el número de
personas que pagan por el servicio finalmente se acerca a un
punto de saturación.

Instead, growth in the Internet area will be driven by increases in

usage

En cambio, el crecimiento en el área de Internet será impulsado

por aumentos en el uso.
As people gain the confidence to make more use of online
commerce — turning naturally to Net-based software, banking
services, catalogs, ticket agencies, publications, music and
video download sites, and many more applications to come —
the medium will realize its full potential as an enabler of
commerce and civilization.

A medida que la gente se gane la confianza de hacer un mayor

uso del comercio en línea (convirtiéndose naturalmente en
software basado en Net, servicios bancarios, catálogos,
agencias de venta de entradas, publicaciones, música y sitios
de descarga de videos, y muchas más aplicaciones por venir),
el medio se dará cuenta de todo su potencial. Potencial como
facilitador del comercio y la civilización.

Reasons for Concern

Razones de preocupación
Most people have had personal experience with some form of
Internet abuse or breakdown, but the problems are so complex
and interwoven that few people see their full extent and impact.
La mayoría de las personas ha tenido experiencia personal con
algún tipo de abuso o avería de Internet, pero los problemas
son tan complejos y están tan interconectados que pocas
personas ven todo su alcance e impacto

There are, essentially, four categories of concern:

Hay, esencialmente, cuatro categorías de preocupación:
Network integrity and quality of service.
Integridad de red y calidad de servicio.
These concerns involve the reliability of the technological
platform
Estas inquietudes implican la fiabilidad de la plataforma
tecnológica.

Criminal attacks can undermine access to the Internet. 

Los ataques criminales pueden minar el acceso a Internet.
Viruses and malware (deliberate attacks through the system on
end-user devices and local area networks) take a toll that can
include not just inconvenience but also large-scale hardware
destruction: 
Los virus y malware (ataques deliberados a través del sistema
en dispositivos de usuario final y redes de área local) cobran un
precio que puede incluir no solo inconvenientes, sino también
destrucción de hardware a gran escala:

Consumers Union found that over a six-month period, spyware

infections prompted nearly 1 million U.S. households to replace
their computers.
Consumers Union descubrió que durante un período de seis
meses, las infecciones por spyware hicieron que casi 1 millón
de hogares estadounidenses reemplazaran sus computadoras.

Even the ubiquitous, low-level irritation of spam e-mail takes a

toll; 55 percent of Internet users say spam has reduced their
trust in the integrity of their e-mail, and 18 percent see spam as
a “big problem.” 

Incluso la ubicua irritación de bajo nivel del correo electrónico

no deseado cobra un precio; El 55 por ciento de los usuarios de
Internet dicen que el spam ha reducido su confianza en la
integridad de su correo electrónico, y el 18 por ciento ve el
spam como un "gran problema".

Finally, peaks in traffic load can lead to slow service or weak

connectivity, a problem that threatens to grow as more people
download and stream video from the Internet.
"Finalmente, los picos en la carga de tráfico pueden llevar a un
servicio lento o una conectividad débil, un problema que
amenaza con crecer a medida que más personas descargan y
transmiten videos desde Internet.

 Network providers have known for some time that about 80

percent of Internet bandwidth is consumed by only 10 percent of
consumers, and congestion goes up with use of file-sharing and
video applications.
Los proveedores de redes han sabido por algún tiempo que
aproximadamente el 80 por ciento del ancho de banda de
Internet es consumido por solo el 10 por ciento de los
consumidores, y la congestión aumenta con el uso de
aplicaciones de video y uso compartido de archivos.
For example, when the BBC iPlayer was introduced in
December 2007, bandwidth usage surged in the U.K., so much
so that Internet service providers (ISPs) tried to get the BBC to
partially fund the network upgrades they needed.

Por ejemplo, cuando se introdujo BBC iPlayer en diciembre de

2007, e
l uso de ancho de banda aumentó en el Reino Unido, tanto que
los proveedores de servicios de Internet (ISP) intentaron que la
BBC financiara parcialmente las actualizaciones de red que
necesitaban.

• Privacy and data protection.

Privacidad y protección de datos.

The safety of consumers’ private electronic information — their

identities, passwords, and usage profiles, and even the
information they post about themselves — must be ensured.

Debe garantizarse la seguridad de la información electrónica

privada de los consumidores, sus identidades, contraseñas y
perfiles de uso, e incluso la información que publican sobre
ellos mismos.

People need to feel secure that their private data won’t be

published inadvertently or without their consent, and that they
won’t be vulnerable to identity theft, in which criminals replicate
or use their private data for fraud. 
Las personas deben sentirse seguras de que sus datos
privados no se publicarán de forma involuntaria o sin su
consentimiento, y que no serán vulnerables al robo de
identidad, en el que los delincuentes replican o utilizan sus
datos privados para el fraude.

Most social networking sites allow users to limit access to only

friends and trusted individuals, but almost half of the consumers
on these sites make their profiles available to everyone.

La mayoría de los sitios de redes sociales permiten a los

usuarios limitar el acceso solo a amigos y personas de
confianza, pero casi la mitad de los consumidores en estos
sitios hacen que sus perfiles estén disponibles para todos.

The effects of this choice on personal safety, security, and

reputation are still uncertain:
Los efectos de esta elección en la seguridad personal, la
seguridad y la reputación aún son inciertos:
For instance, as businesses use Web searches to check the
validity of job applications, outdated or fraudulent information
about a person may show up, with the applicant having no
recourse to delete or change it. 
Por ejemplo, a medida que las empresas utilizan búsquedas en
la Web para verificar la validez de las solicitudes de empleo,
puede aparecer información obsoleta o fraudulenta sobre una
persona, y el solicitante no tiene ningún recurso para eliminarla
o modificarla.

Organizations also face data risks: 

Las organizaciones también enfrentan riesgos de datos:

In the United Kingdom, the national revenue and customs

department had to apologize to customers of investment bank
UBS Laing and Cruickshank after losing a computer disk, sent
by the bank, that contained addresses and account details of
UBS’s Personal Equity Plan investors.
En el Reino Unido, el departamento nacional de ingresos y aduanas tuvo que pedir disculpas a los
clientes del banco de inversiones UBS Laing y Cruickshank luego de perder un disco de
computadora, enviado por el banco, que contenía las direcciones y los detalles de la cuenta de los
inversionistas del Plan de Equidad Personal de UBS.

• The protection of minors.

• La protección de los menores.

The well-being of those younger than 18 must be defended in

the online world.
El bienestar de los menores de 18 años debe defenderse en el mundo en línea.

This includes protecting children from exposure to sexually

explicit, violent, and otherwise undesirable content; 
Esto incluye proteger a los niños de la exposición a contenido sexualmente explícito, violento y,
por lo demás, indeseable;

discouraging cyber-bullying and other hostile behavior (such as

the posting of demeaning photographs); 
Esto incluye proteger a los niños de la exposición a contenido sexualmente explícito, violento y,
por lo demás, indeseable;
preventing solicitation of children by adults; and fighting the
sexual abuse of children online, including prosecuting the
purveyors of child-related sexual content. 
prevención de la solicitud de niños por parte de adultos; y combatir el abuso sexual de niños en
línea, incluido el enjuiciamiento de los proveedores de contenido sexual relacionado con niños.

The extent of this threat is often underestimated, but it is

substantial;
El alcance de esta amenaza a menudo se subestima, pero es sustancial;

almost 25 percent of youths surveyed have been exposed to

indecent material, and one June 2008 posting in Australia of
sexual content involving children received 12 million hits within
76 hours.
casi el 25 por ciento de los jóvenes encuestados han sido expuestos a material indecente, y una
publicación en junio de 2008 de contenido sexual que involucra a niños en Australia recibió 12
millones de visitas en 76 horas.

• Piracy and theft Piratería y robo.

. E-commerce transactions must be protected for all parties. 
Las transacciones de comercio electrónico deben estar protegidas para todas las partes.

For business and content providers, including video producers,

being able to distribute their work safely without fear of copyright
violation or theft is a precondition for doing business online. 
Para las empresas y los proveedores de contenido, incluidos los
productores de video, el hecho de poder distribuir su trabajo de
forma segura sin temor a violaciones de derechos de autor o
robo es una condición previa para hacer negocios en línea.
E-commerce services also need protection against consumers’
failure to pay or failure to provide agreed-upon goods or
services. 
Los servicios de comercio electrónico también necesitan protección contra la falta de pago de los
consumidores o la falta de provisión de bienes o servicios acordados.

Users must be sure they are not exposed to criminal

prosecution for using legitimate protocols and applications, such
as peer-to-peer file-sharing systems.
Los usuarios deben asegurarse de no estar expuestos a un proceso penal por el uso de protocolos
y aplicaciones legítimos, como los sistemas de intercambio de archivos punto a punto.

Piracy and theft can carry immense costs and are difficult to
avoid completely.
La piratería y el robo pueden acarrear costos inmensos y son difíciles de evitar por completo.

From one country to the next, there is much disagreement about

acceptable practices, and great disparity in legislation.
De un país a otro, hay mucho desacuerdo sobre las prácticas aceptables y una gran disparidad en
la legislación.

At the same time, many individual problems, like phishing

(identity theft through online fraud), involve cross-border crimes
that require international cooperation to prosecute

. Al mismo tiempo, muchos problemas individuales, como el phishing (robo de identidad a través
del fraude en línea), involucran delitos transfronterizos que requieren cooperación internacional
para procesar.

Moreover, many of the riskiest aspects of the Internet — such

as the anonymity of digital environments and the ability to easily
create false identities — are the same elements that enrich
digital life and attract participants.
Además, muchos de los aspectos más riesgosos de Internet, como el anonimato de los entornos
digitales y la capacidad de crear fácilmente identidades falsas, son los mismos elementos que
enriquecen la vida digital y atraen a los participantes.

Few regulators can keep up with the speed and scope of

challenges in this market
Pocos reguladores pueden mantenerse al día con la velocidad y el alcance de los desafíos en este
mercado.

For instance, in the U.K. in May 2008, new laws were

announced to close a legal loophole that had unintentionally
overlooked drawings and computer-generated images of child
sex abuse.
Por ejemplo, en el Reino Unido en mayo de 2008, se anunciaron nuevas leyes para cerrar una
brecha legal que había pasado inadvertidamente dibujos e imágenes generadas por
computadora de abuso sexual infantil.

Most legal remedies also carry costs; the “three strikes and
you’re out” rule advocated by content owners to punish
copyright violators would require network providers to invest in
monitoring and policing activity going through their “pipes.” 
La mayoría de los recursos legales también conllevan costos; la regla de las "tres huelgas y usted
está fuera" recomendada por los propietarios de contenido para castigar a los infractores de
derechos de autor requeriría que los proveedores de la red inviertan en actividades de
monitoreo y vigilancia policial a través de sus "tuberías".

” This could lead to a direct overall cost of about $190 million

(£130 million) per year in the U.K. alone — in addition to its
implications for consumer data privacy.
Esto podría llevar a un costo general directo de aproximadamente $ 190 millones (£ 130
millones) por año solo en el Reino Unido, además de sus implicaciones para la privacidad de los
datos del consumidor.
Similarly, just about every “filtering” solution, whether for e-
mailed spam or offensive content, also runs the risk of blocking
desired content or slowing down the system.
De manera similar, casi todas las soluciones de "filtrado", ya sea para correo no deseado o
contenido ofensivo, también corren el riesgo de bloquear el contenido deseado o ralentizar el
sistema.

That is why regulators and government agencies are so

challenged, and why they often oscillate between heavy-
handed, unenforceable rules and a passive philosophy of self-
regulation. 
Es por eso que los reguladores y las agencias gubernamentales
son tan retados, y por eso a menudo oscilan entre las reglas de
mano dura e inaplicables y una filosofía pasiva de
autorregulación.

Commercial firms are thus left to struggle with the same

ambiguities. Should a network provider block illegal and
undesired Web content, which may mean facing the risk of legal
liabilities?
De este modo, se deja a las empresas comerciales luchar con las mismas ambigüedades. ¿Debe
un proveedor de red bloquear contenido web ilegal e indeseado, lo que puede significar
enfrentar el riesgo de responsabilidades legales?

 If so, who determines what “illegal and undesired” means?

Where should the line be drawn? If child sexual abuse content
is blocked, what about racist content? And so on.
Si es así, ¿quién determina lo que significa "ilegal y no deseado"? ¿Dónde debería dibujarse la
línea? Si el contenido de abuso sexual infantil está bloqueado, ¿qué pasa con el contenido
Four Roles for a Provider
Cuatro roles para un proveedor

What, then, can a network provider do to lead the way out of

this impending crisis?
Entonces, ¿qué puede hacer un proveedor de red para salir de esta crisis inminente?

The answer lies not only in meeting legal requirements, but in

staying ahead of the curve by adopting proactive policies and
practices to drive digital confidence.
La respuesta radica no solo en cumplir con los requisitos legales, sino en mantenerse a la vanguardia
mediante la adopción de políticas y prácticas proactivas para impulsar la confianza digital.

Case studies around the world show that a “can do” vision is
realistic; the answer lies less in technological solutions and
more in providers’ taking a stand on the role they intend to play. 
Los estudios de caso en todo el mundo muestran que una visión de "puedo hacer" es realista; la respuesta
está menos en las soluciones tecnológicas y más en los proveedores que toman una posición sobre el
papel que pretenden desempeñar.

For example, is a network provider merely a conduit, operating

the digital highways with no control over content or activity on
them? 
Por ejemplo, ¿es un proveedor de red simplemente un conducto que opera las autopistas digitales sin
control sobre el contenido o la actividad en ellas?

Or can the provider help set the rules for how to travel on these
highways — and then help police them?
¿O puede el proveedor ayudar a establecer las reglas sobre cómo viajar en estas carreteras y luego
ayudar a vigilarlas?
In reality, network providers have played four different roles on
the Internet. 
En realidad, los proveedores de red han jugado cuatro roles diferentes en Internet.

They have acted as teachers, with no corrective power,

educating users about threats and ways to counter them.
Actuaron como maestros, sin poder correctivo, educando a los usuarios sobre las amenazas y las formas
de contrarrestarlos.

For example, they may refer patrons to Internet safety

information sites like “Web Wise Kids” that produce material to
help children protect themselves. 
Por ejemplo, pueden referir a los usuarios a sitios de información de seguridad de Internet como "Web
Wise Kids" que producen material para ayudar a los niños a protegerse.

Network providers have also been substitute parents, taking

proactive measures to protect users. 
Los proveedores de la red también han sido padres sustitutos, tomando medidas proactivas para proteger
a los usuarios.

YouTube thus filters out copyright-protected content. 

Así, YouTube filtra contenido protegido por derechos de autor.

Referees, in subsystems where there is self-imposed mutual

agreement, help enforce those rules on a case-by-case basis,
and often have recourse to real punishment (like removing
people from networks). 
Los árbitros, en subsistemas donde existe un acuerdo mutuo autoimpuesto, ayudan a hacer
cumplir esas reglas caso por caso, y con frecuencia recurren a un castigo real (como eliminar a las
personas de las redes).

The Dutch cable company UPC NL blocks access to domains

that have content with child sexual abuse, using a list provided
by the Netherlands police authorities.
La compañía de cable holandesa UPC NL bloquea el acceso a dominios que tienen contenido con
abuso sexual infantil, utilizando una lista provista por las autoridades policiales de los Países Bajos.
And sometimes providers play the role of police, enforcing
mandates with strict rules and some aspect of due process,
such as “three strikes and you’re out.”
Y a veces los proveedores desempeñan el papel de policía, imponiendo mandatos con reglas
estrictas y algún aspecto del debido proceso, como "tres huelgas y usted está fuera".

Many network providers have learned that no single approach

will serve them in dealing with any particular problem. Consider
the case of “botnets.” 
Muchos proveedores de redes han aprendido que ningún enfoque único les servirá para tratar un
problema en particular.

These represent a severe form of network integrity infringement

for criminal purposes: 
Estos representan una forma grave de infracción de integridad de la red con fines delictivos:

Personal computers in businesses, universities, and homes are

controlled remotely by an unauthorized, malicious third party
without the PC owners’ awareness. 
Las computadoras personales en empresas, universidades y hogares están controladas de forma
remota por un tercero no autorizado y malintencionado, sin que los propietarios de las
computadoras tengan conocimiento.

A single botnet can involve as many as several hundred

thousand computers.
Una sola botnet puede involucrar hasta varios cientos de miles de computadoras.

They are used for politically motivated denial-of-service (DoS)

attacks, such as the famous attack on Estonia in April 2007 that
immobilized the country and the April 2008 attack on Radio Free
Europe.
Se utilizan para ataques de denegación de servicio (DoS) por motivos políticos, como el famoso
ataque a Estonia en abril de 2007 que inmovilizó al país y el ataque de abril de 2008 a Radio Free
Europe.

They also enable online fraud, and they are responsible for an
estimated 80 percent of worldwide spam.
También permiten el fraude en línea y son responsables de aproximadamente el 80% del spam
mundial.

Education is an important measure against botnets: 

La educación es una medida importante contra las botnets:

Service providers can teach end-users to safeguard their

computers with antivirus and firewall software.
Los proveedores de servicios pueden enseñar a los usuarios finales a proteger sus computadoras
con antivirus y software de firewall.

But groups that only educate, like Blue Security, a now-defunct

small producer of Internet antispam software, are themselves
vulnerable to attack. 
Pero los grupos que solo educan, como Blue Security, un productor pequeño y extinto de software
antispam de Internet, son vulnerables al ataque.

Blue Security was pushed out of business by a massive denial

of service attack in May 2006
Blue Security fue cancelado por un ataque masivo de denegación de servicio en mayo de 2006

It is much more effective when service providers combine

education with the parent stance — blocking data “packets”
associated with botnets — 
Es mucho más efectivo cuando los proveedores de servicios combinan la educación con la postura
de los padres, bloqueando los "paquetes" de datos asociados con las redes de bots.

and a police role, usually in cooperation with actual police, to

help monitor traffic, trace botnet-related activity, and isolate the
servers where the botnet originates.
y un rol de policía, generalmente en cooperación con la policía real, para ayudar a monitorear el
tráfico, rastrear la actividad relacionada con la red de bots y aislar los servidores donde se origina
la red de bbot

In the past, the natural role for ISPs has been that of teacher.En el
pasado, el papel natural de los PSI ha sido el de los docentes.

After all, their core business purpose has been, and still is, to
provide a secure, reliable, and powerful network for Internet
traffic, without engaging in what happens over its network.
Después de todo, su propósito comercial principal ha sido, y sigue siendo, proporcionar una red
segura, confiable y poderosa para el tráfico de Internet, sin involucrarse en lo que sucede en su
red.

This has helped them limit risks and liabilities in areas where
they have no responsibility or control — for example, the nature
of the content being transmitted.
Pero los consumidores están exigiendo un mayor nivel de confianza en línea. Y los beneficios por
proporcionarlo son cada vez más claros.

But consumers are demanding a higher level of trust online. And

the payoffs for providing it are becoming clearer
Pero los consumidores están exigiendo un mayor nivel de confianza en línea.
For example, when parents are comfortable with the level of
protection provided for their children, they allow them to use the
Internet more. 
Por ejemplo, cuando los padres se sienten cómodos con el nivel de protección provisto para sus
hijos, les permiten usar más Internet.

When traffic management is robust enough to provide

consistent speeds, more people turn to the Internet for videos
and entertainment.
Cuando la gestión del tráfico es lo suficientemente robusta como para proporcionar velocidades
constantes, más personas recurren a Internet para videos y entretenimiento.

The extent to which a network operator is able to guarantee a

high quality of service and optimal broadband experience for all
users is a major competitive edge in infrastructure competition, 
La medida en que un operador de red puede garantizar una alta calidad de servicio y una
experiencia de banda ancha óptima para todos los usuarios es una ventaja competitiva importante
en la competencia de infraestructura,

and playing the role of teacher alone will not be enough.

Providers will end up expanding their roles.
jugar el papel de maestro solo no será suficiente. Los proveedores terminarán expandiendo sus
roles.

That does not mean taking on a major policing role

Eso no significa asumir un papel policial importante.

Consumers use the Internet precisely because they want choice

and interactivity; 
Los consumidores usan Internet precisamente porque quieren elección e interactividad;
providers that are too restrictive may risk losing a competitive
edge, as consumers seek out alternatives
los proveedores que son demasiado restrictivos pueden arriesgarse a perder una ventaja
competitiva, ya que los consumidores buscan alternativas.

The answer is for network providers to see their primary role as

providers of digital confidence.
La respuesta es que los proveedores de la red vean su función principal como proveedores de
confianza digital.

This means not just declaring, but internalizing, confidence-

building procedures and protocols, and making them part of the
organization’s culture.
Esto significa no solo declarar, sino internalizar, crear procedimientos de confianza y protocolos, y
convertirlos en parte de la cultura de la organización.

Thus, if you are an executive at an Internet service provider, you

need to deliberately choose the combination of roles to play for
each area of concern, with an eye toward safeguarding the
entire system to which you provide a gateway. 
Por lo tanto, si usted es un ejecutivo de un proveedor de servicios de Internet, debe elegir
deliberadamente la combinación de roles que desempeñará en cada área de interés, con miras a
salvaguardar todo el sistema al que proporciona una puerta de enlace.

As a teacher, for example, start by building customer

awareness. 
Como profesor, por ejemplo, comience por crear conciencia en
el cliente.
Develop well-conceived and continually improved programs on
such threats as identity theft, piracy, and online behavior
(including addressing bullying, restricting solicitation, and
defining what constitutes unacceptable content).
Desarrolle programas bien concebidos y continuamente mejorados sobre amenazas tales como el
robo de identidad, la piratería y el comportamiento en línea (incluido el acoso escolar, la
restricción de solicitudes y la definición de contenido inaceptable).

Target your messages to specific user groups, including parents

and children.
Dirija sus mensajes a grupos de usuarios específicos, incluidos padres e hijos.

Also target business clients with education on spam filters and

protection against DoS attacks. 
También apunte a clientes comerciales con información sobre filtros de spam y protección contra
ataques DoS.

Do not delegate this job to other groups; you can partner with
others, but you must be seen as the source of digital
confidence.
No delegue este trabajo a otros grupos; Puede asociarse con otros, pero debe ser visto como la
fuente de confianza digital.

As a substitute parent, provide the tools and resources needed

to back up your education — for example, make high-quality
content- and spam-filtering software easily available.
Como padre sustituto, proporcione las herramientas y los recursos necesarios para respaldar su
educación, por ejemplo, haga que el software de filtrado de correo no deseado y contenido de alta
calidad esté fácilmente disponible.

Even more importantly, be as transparent and consistent as

possible in your communications with consumers.
Aún más importante, sea lo más transparente y consistente posible en sus comunicaciones con los
consumidores.
Let them know exactly what your policies are, and make sure, if
you promote a form of protection, that people at every level of
the company understand it and can help consumers adopt it.
Hágales saber exactamente cuáles son sus políticas y asegúrese, si promueve una forma de
protección, que las personas de todos los niveles de la empresa lo entiendan y puedan ayudar a
los consumidores a adoptarlo.

As a referee, be prepared to step away from your home ground

when you can do so transparently. 
Como árbitro, prepárese para alejarse de su hogar cuando
pueda hacerlo de manera transparente.

Contrary to some perceptions, consumers accept restrictions —

but only when those restrictions are enforced with clear
statements and a consistent, reliable framework. 
Contrariamente a algunas percepciones, los consumidores aceptan restricciones, pero solo cuando
esas restricciones se aplican con declaraciones claras y un marco consistente y confiable.

For example, if a consistent, high-quality user experience,

without perceptible delays requires active traffic management,
consumers will accept that, so long as it is fair and transparent
Por ejemplo, si una experiencia de usuario consistente y de alta calidad, sin demoras perceptibles
requiere una gestión activa del tráfico, los consumidores lo aceptarán, siempre que sea justo y
transparente.

And when you take on the policing role, recognize that you can-
not act alone. 
Y cuando asuma el rol de policía, reconozca que no puede actuar solo.

For example, blocking (or reducing the speed of access to)

some Internet sites can place a company at legal risk
Por ejemplo, bloquear (o reducir la velocidad de acceso a) algunos sitios de Internet puede poner a
una empresa en riesgo legal.

Only if you are mandated by law to block certain Internet sites

owing to content concerns will you be less vulnerable to
accusations of infringement of copyright, civil liberties, freedom
of speech, and Net neutrality.
Solo si la ley lo obliga a bloquear ciertos sitios de Internet debido a problemas de contenido, será
menos vulnerable a las acusaciones de infracción de derechos de autor, libertades civiles, libertad
de expresión y neutralidad de la red.

The Internet industry as a whole, sooner or later, will have to

demonstrate that it is serious about digital confidence by
developing coherent solutions.
La industria de Internet en su conjunto, tarde o temprano, deberá demostrar que se toma en serio
la confianza digital desarrollando soluciones coherentes.

Network operators and ISPs will need to work closely with each
other, and with regulators around the world, to build collective
confidence in the Internet. 
Los operadores de red y los proveedores de servicios de Internet (ISP) deberán trabajar
estrechamente entre sí y con los reguladores de todo el mundo, para crear confianza colectiva en
Internet.

They will need to address all areas that clearly fall outside an
individual service provider’s activity: for example, blacklisting
illegal content, enforcing laws against spamming, and
preventing large-scale DoS attacks.
Deberán abordar todas las áreas que claramente queden fuera de la actividad de un proveedor de
servicios individual: por ejemplo, incluir en la lista negra contenido ilegal, hacer cumplir las leyes
contra el envío de correo no deseado y prevenir ataques DoS a gran escala.
The most effective solutions will have the commitment of all
players, and they will proportionately allocate the cost of
implementation and the resulting financial rewards. 
Las soluciones más efectivas tendrán el compromiso de todos los participantes, y asignarán
proporcionalmente el costo de la implementación y las recompensas financieras resultantes.

Regulators must allow industry to develop such solutions and

foster stakeholder cooperation and financial support programs
while allowing competitive pressures to work, rather than
applying regulation that may be counterproductive from a
consumer point of view and may cause economic damage. 
Los reguladores deben permitir que la industria desarrolle dichas soluciones y fomentar la
cooperación de las partes interesadas y los programas de apoyo financiero, mientras que permite
que las presiones competitivas funcionen, en lugar de aplicar una regulación que puede ser
contraproducente desde el punto de vista del consumidor y puede causar daños económicos.

For example, our analysis shows that a strict quality-of-service

regulation banning most forms of traffic management could
increase the capital expenditure requirements of network
operators across Europe by up to $8 billion (€6 billion).
Por ejemplo, nuestro análisis muestra que una regulación estricta de la calidad de servicio que
prohíbe la mayoría de las formas de gestión del tráfico podría aumentar los requisitos de gastos de
capital de los operadores de redes en toda Europa hasta en $ 8 mil millones (€ 6 mil millones).

In the meantime, network operators are increasingly aware that

they need to build and invest in their customers’ digital
confidence to grow new advanced services.
Mientras tanto, los operadores de red son cada vez más conscientes de que necesitan construir e
invertir en la confianza digital de sus clientes para desarrollar nuevos servicios avanzados.

Their reputation, their competitive advantage, and the overall

growth of the medium depend on it. Nothing, not even their
technological edge, is as critical to their future success.
Su reputación, su ventaja competitiva y el crecimiento general del medio dependen de ello. Nada,
ni siquiera su ventaja tecnológica, es tan crítico para su éxito futuro.

Reprint No. 09102

Reprint No. 09102

Author Profiles:
Perfiles de autores:

Thomas Künstner is a partner with Booz & Company’s

communications, media, and technology practice. Based in
Düsseldorf, he focuses on convergence markets and advises
top management teams in the communications and media
industry on strategic and organizational issues.
Thomas Künstner es socio de las prácticas de comunicación, medios y tecnología de Booz &
Company. Con sede en Düsseldorf, se centra en los mercados de convergencia y asesora a los
equipos de alta dirección en la industria de las comunicaciones y los medios de comunicación en
cuestiones estratégicas y organizativas.

Manuel Kohnstamm is the managing director of public policy

and communications for Liberty Global, a leading international
cable operator and provider of telephone and broadband
services in Europe, the Americas, and Asia/Pacific. He is also a
board member of Belgian cable operator Telenet NV and
president of the industry group Cable Europe.
Manuel Kohnstamm es el director gerente de políticas públicas y comunicaciones de Liberty Global, un
operador de cable internacional líder y proveedor de servicios de telefonía y banda ancha en Europa,
América y Asia / Pacífico. También es miembro de la junta del operador de cable belga Telenet NV y
presidente del grupo industrial Cable Europa.

Stephan Luiten is the director of public policy for Liberty Global.

He was formerly the director of Brussels-based E.U. public
affairs consultancy European Strategy (now Grayling). He has
also worked for the European Commission’s Directorate
General Internal Market

Stephan Luiten es el director de políticas públicas de Liberty Global. Anteriormente, fue director de E.U.
Consultoría de asuntos públicos Estrategia Europea (ahora Grayling). También ha trabajado para la
Dirección General de Mercado Interior de la Comisión Europea.

Also contributing to this article were Booz & Company Principals

Michael Fischer and John Ward. This article was adapted from
the 2008 Liberty Global report “Digital Confidence: Securing the
Next Wave of Digital Growth,” by Thomas Künstner, Michael
Fischer, John Ward, Martin Brunner, and Florian Pötscher.
También contribuyeron a este artículo los directores de Booz & Company, Michael Fischer y John
Ward. Este artículo fue adaptado del informe de Liberty Global 2008 "Confianza digital: asegurando la
próxima ola de crecimiento digital", por Thomas Künstner, Michael Fischer, John Ward, Martin Brunner
y Florian Pötscher.

FINNN
 February 24, 2009 / Spring 2009 / Issue 54(originally published by Booz & Company)

Watching over the Web

For broadband service providers — and the Internet in general — “digital
confidence” pays off.

by Thomas Künstner, Manuel Kohnstamm, and Stephan Luiten

  
  
  
  
  
The Internet’s growth is no longer driven by
technology. In much of Europe, more than 70
percent of households have broadband
Internet access (along with cable television
and wireless access); the same technology is
rapidly reaching saturation in Asia and North
America as well. No wonder that online
advertising is growing at 32 percent per year
or that in the business-to-business realm,
Forrester Research Inc. estimates Web 2.0–
related sales will grow by 47 percent per year,
Illustration by Lars Leetaru
resulting in almost US$5 billion (€4 billion)
in growth worldwide by 2013. Moreover, the next-generation networks
of digital video and wireless services are expected to accelerate all
these trends — at increased broadband speeds, with ubiquitous
connectivity, and through many types of devices.

There is a risk, however, that this momentum will founder as the

hidden costs and risks of the Internet become more evident. Already,
the statistics on fraud, criminal cyber-attacks, and lost business are
cause for concern. Twelve percent of Europeans avoid shopping online
because of concerns about Internet security. According to Booz &
Company analysis, the number of online attacks approximately
doubled each year between 2002 and 2005, costing the industry an
estimated $1 trillion (€843 billion) in 2005 alone in lost revenue, idle
time, repairs, and reputation damage. A separate analysis of Internet
scams (in the U.S. in 2007) showed them costing their victims as much
as $4,000 each.
In short, for those businesses — and governments — that want to see
the Internet fulfill its potential, the single most critical factor is not
technology. It is confidence. Digital confidence is the level of trust that
consumers place in this emerging infrastructure. Digital confidence is
tangible enough that its value can be estimated: In the European
Union, for instance, the economic upside amounts to an extra 11
percent growth (about $58 billion or €46 billion) on top of the $550
billion (€436 billion) overall revenue base of the Internet in 2008.
When digital confidence deteriorates, content providers and ad-
vertising markets are the most negatively affected businesses. In 2008,
in an in-depth scenario exercise for Liberty Global Inc., a leading
cable TV company, Booz & Company calculated the difference
between “getting digital confidence right” (a best-case scenario for the
year 2012) and getting it “wrong” (a worst-case scenario in which
many people would curtail their time and activity online because they
didn’t feel safe). Even in the worst-case scenario, consumers would
not abandon the Internet, but they would use it less often and spend
less money online. The overall cost in Europe could be $156 billion
(€124 billion), or almost 30 percent of the total market at stake —
approximately 1 percent of the total estimated European Union gross
domestic product. And there would be similar costs elsewhere
throughout the world.
In short, for any Internet-based business, digital confidence pays off.
That’s why many organizations — public agencies, private companies,
and not-for-profit groups — have attempted to promote it. But the
industry is gradually realizing which organizations stand at the core of
the issue: broadband service providers. These telephone, cable, or
access companies represent the first line of contact for consumers,
typically charging them a monthly subscription fee to connect their
computers, entertainment systems, and mobile devices to the Internet.
The senior management teams of those companies are turning their
attention to digital confidence. They recognize that they are not just
selling access; their customer relationships depend on their ability to
provide a reliable and attractive communications marketplace and a
medium that is reasonably safe from attack, fraud, and threat. But this
type of access has not been easy to deliver, and it will be even more
difficult in the future. The complexities are great, and the moral and
political issues are tangled and contradictory. Government cannot
resolve the contradictions; no matter how enlightened and proactive
Internet regulatory agencies may be, regulations in themselves cannot
ensure that people trust the online world. Ultimately, the guarantors of
digital confidence need to be the broadband providers. And that rec-
ognition alone represents a significant step change for the industry. It
means that providers will have to see themselves as the critical link in
a value chain that includes consumers, the various “suppliers” of
Internet services, and the governments in whose jurisdictions the
providers operate.
True digital confidence could also transform the way people use the
Internet — or, more precisely, it could complete the transformation
already begun. Future growth in an Internet-based economy will not be
driven by penetration of service; the number of people paying for
service is finally approaching a saturation point. Instead, growth in the
Internet area will be driven by increases in usage. As people gain the
confidence to make more use of online commerce — turning naturally
to Net-based software, banking services, catalogs, ticket agencies,
publications, music and video download sites, and many more
applications to come — the medium will realize its full potential as an
enabler of commerce and civilization.
Reasons for Concern
Most people have had personal experience with some form of Internet
abuse or breakdown, but the problems are so complex and interwoven
that few people see their full extent and impact. There are, essentially,
four categories of concern:
• Network integrity and quality of service. These concerns involve the
reliability of the technological platform. Criminal attacks can
undermine access to the Internet. Viruses and malware (deliberate at-
tacks through the system on end-user devices and local area networks)
take a toll that can include not just inconvenience but also large-scale
hardware destruction: Consumers Union found that over a six-month
period, spyware infections prompted nearly 1 million U.S. households
to replace their computers. Even the ubiquitous, low-level irritation of
spam e-mail takes a toll; 55 percent of Internet users say spam has
reduced their trust in the integrity of their e-mail, and 18 percent see
spam as a “big problem.” Finally, peaks in traffic load can lead to slow
service or weak connectivity, a problem that threatens to grow as more
people download and stream video from the Internet. Network pro-
viders have known for some time that about 80 percent of Internet
bandwidth is consumed by only 10 percent of consumers, and
congestion goes up with use of file-sharing and video applications. For
example, when the BBC iPlayer was introduced in December 2007,
bandwidth usage surged in the U.K., so much so that Internet service
providers (ISPs) tried to get the BBC to partially fund the network
upgrades they needed.
• Privacy and data protection. The safety of consumers’ private
electronic information — their identities, passwords, and usage
profiles, and even the information they post about themselves — must
be ensured. People need to feel secure that their private data won’t be
published inadvertently or without their consent, and that they won’t
be vulnerable to identity theft, in which criminals replicate or use their
private data for fraud. Most social networking sites allow users to limit
access to only friends and trusted individuals, but almost half of the
consumers on these sites make their profiles available to everyone.
The effects of this choice on personal safety, security, and reputation
are still uncertain: For instance, as businesses use Web searches to
check the validity of job applications, outdated or fraudulent
information about a person may show up, with the applicant having no
recourse to delete or change it. Organizations also face data risks: In
the United Kingdom, the national revenue and customs department had
to apologize to customers of investment bank UBS Laing and
Cruickshank after losing a computer disk, sent by the bank, that
contained addresses and account details of UBS’s Personal Equity
Plan investors.
• The protection of minors. The well-being of those younger than 18
must be defended in the online world. This includes protecting
children from exposure to sexually explicit, violent, and otherwise
undesirable content; discouraging cyber-bullying and other hostile
behavior (such as the posting of demeaning photographs); preventing
solicitation of children by adults; and fighting the sexual abuse of
children online, including prosecuting the purveyors of child-related
sexual content. The extent of this threat is often underestimated, but it
is substantial; almost 25 percent of youths surveyed have been exposed
to indecent material, and one June 2008 posting in Australia of sexual
content involving children received 12 million hits within 76 hours.
• Piracy and theft. E-commerce transactions must be protected for all
parties. For business and content providers, including video producers,
being able to distribute their work safely without fear of copyright
violation or theft is a precondition for doing business online. E-
commerce services also need protection against consumers’ failure to
pay or failure to provide agreed-upon goods or services. Users must be
sure they are not exposed to criminal prosecution for using legitimate
protocols and applications, such as peer-to-peer file-sharing systems.
Piracy and theft can carry immense costs and are difficult to avoid
completely. From one country to the next, there is much disagreement
about acceptable practices, and great disparity in legislation. At the
same time, many individual problems, like phishing (identity theft
through online fraud), involve cross-border crimes that require in-
ternational cooperation to prosecute. Moreover, many of the riskiest
aspects of the Internet — such as the anonymity of digital
environments and the ability to easily create false identities — are the
same elements that enrich digital life and attract participants.
Few regulators can keep up with the speed and scope of challenges in
this market. For instance, in the U.K. in May 2008, new laws were
announced to close a legal loophole that had unintentionally
overlooked drawings and computer-generated images of child sex
abuse. Most legal remedies also carry costs; the “three strikes and
you’re out” rule advocated by content owners to punish copyright
violators would require network providers to invest in monitoring and
policing activity going through their “pipes.” This could lead to a
direct overall cost of about $190 million (£130 million) per year in the
U.K. alone — in addition to its implications for consumer data
privacy. Similarly, just about every “filtering” solution, whether for e-
mailed spam or offensive content, also runs the risk of blocking
desired content or slowing down the system.
That is why regulators and government agencies are so challenged,
and why they often oscillate between heavy-handed, unenforceable
rules and a passive philosophy of self-regulation. Commercial firms
are thus left to struggle with the same ambiguities. Should a network
provider block illegal and undesired Web content, which may mean
facing the risk of legal liabilities? If so, who determines what “illegal
and undesired” means? Where should the line be drawn? If child
sexual abuse content is blocked, what about racist content? And so on.
Four Roles for a Provider
What, then, can a network provider do to lead the way out of this
impending crisis? The answer lies not only in meeting legal
requirements, but in staying ahead of the curve by adopting proactive
policies and practices to drive digital confidence. Case studies around
the world show that a “can do” vision is realistic; the answer lies less
in technological solutions and more in providers’ taking a stand on the
role they intend to play. For example, is a network provider merely a
conduit, operating the digital highways with no control over content or
activity on them? Or can the provider help set the rules for how to
travel on these highways — and then help police them?
In reality, network providers have played four different roles on the
Internet. They have acted as teachers, with no corrective power,
educating users about threats and ways to counter them. For example,
they may refer patrons to Internet safety information sites like “Web
Wise Kids” that produce material to help children protect themselves.
Network providers have also been substitute parents, taking proactive
measures to protect users. YouTube thus filters out copyright-
protected content. Referees, in subsystems where there is self-imposed
mutual agreement, help enforce those rules on a case-by-case basis,
and often have recourse to real punishment (like removing people from
networks). The Dutch cp company UPC NL blocks access to domains
that have content with child sexual abuse, using a list provided by the
Netherlands police authorities. And sometimes providers play the role
of police, enforcing mandates with strict rules and some aspect of due
process, such as “three strikes and you’re out.”
Many network providers have learned that no single approach will
serve them in dealing with any particular problem. Consider the case
of “botnets.” These represent a severe form of network integrity
infringement for criminal purposes: Personal computers in businesses,
universities, and homes are controlled remotely by an unauthorized,
malicious third party without the PC owners’ awareness. A single
botnet can involve as many as several hundred thousand computers.
They are used for politically motivated denial-of-service (DoS)
attacks, such as the famous attack on Estonia in April 2007 that
immobilized the country and the April 2008 attack on Radio Free
Europe. They also enable online fraud, and they are responsible for an
estimated 80 percent of worldwide spam.
Education is an important measure against botnets: Service providers
can teach end-users to safeguard their computers with antivirus and
firewall software. But groups that only educate, like Blue Security, a
now-defunct small producer of Internet antispam software, are
themselves vulnerable to attack. Blue Security was pushed out of
business by a massive denial of service attack in May 2006. It is much
more effective when service providers combine education with the
parent stance — blocking data “packets” associated with botnets —
and a police role, usually in cooperation with actual police, to help
monitor traffic, trace botnet-related activity, and isolate the servers
where the botnet originates.
In the past, the natural role for ISPs has been that of teacher. After all,
their core business purpose has been, and still is, to provide a secure,
reliable, and powerful network for Internet traffic, without engaging in
what happens over its network. This has helped them limit risks and
liabilities in areas where they have no responsibility or control — for
example, the nature of the content being transmitted.
But consumers are demanding a higher level of trust online. And the
payoffs for providing it are becoming clearer. For example, when
parents are comfortable with the level of protection provided for their
children, they allow them to use the Internet more. When traffic
management is robust enough to provide consistent speeds, more
people turn to the Internet for videos and entertainment. The extent to
which a network operator is able to guarantee a high quality of service
and optimal broadband experience for all users is a major competitive
edge in infrastructure competition, and playing the role of teacher
alone will not be enough. Providers will end up expanding their roles.
That does not mean taking on a major policing role. Consumers use
the I
nternet precisely because they want choice and interactivity; providers
that are too restrictive may risk losing a competitive edge, as
consumers seek out alternatives.
The answer is for network providers to see their primary role as
providers of digital confidence. This means not just declaring, but
internalizing, confidence-building procedures and protocols, and
making them part of the organization’s culture.
Thus, if you are an executive at an Internet service provider, you need
to deliberately choose the combination of roles to play for each area of
concern, with an eye toward safeguarding the entire system to which
you provide a gateway. As a teacher, for example, start by building
customer awareness. Develop well-conceived and continually
improved programs on such threats as identity theft, piracy, and online
behavior (including addressing bullying, restricting solicitation, and
defining what constitutes unacceptable content). Target your messages
to specific user groups, including parents and children. Also target
business clients with education on spam filters and protection against
DoS attacks. Do not delegate this job to other groups; you can partner
with others, but you must be seen as the source of digital confidence.
As a substitute parent, provide the tools and resources needed to back
up your education — for example, make high-quality content- and
spam-filtering software easily available. Even more importantly, be as
transparent and consistent as possible in your communications with
consumers. Let them know exactly what your policies are, and make
sure, if you promote a form of protection, that people at every level of
the company understand it and can help consumers adopt it.
As a referee, be prepared to step away from your home ground when
you can do so transparently. Contrary to some perceptions, consumers
accept restrictions — but only when those restrictions are enforced
with clear statements and a consistent, reliable framework. For
example, if a consistent, high-quality user experience, without
perceptible delays requires active traffic management, consumers will
accept that, so long as it is fair and transparent.
And when you take on j policing role, recognize that you cannot act
alone. For example, blocking (or reducing the speed of access to) some
Internet sites can place a company at legal risk. Only if you are
mandated by law to block certain Internet sites owing to content
concerns will you be less vulnerable to accusations of infringement of
copyright, civil liberties, freedom of speech, and Net neutrality.
The Internet industry as a whole, sooner or later, will have to
demonstrate that it is serious about digital confidence by developing
coherent solutions. Network operators and ISPs will need to work
closely with each other, and with regulators around the world, to build
collective confidence in the Internet. They will need to address all
areas that clearly fall outside an individual service provider’s activity:
for example, blacklisting illegal content, enforcing laws against
spamming, and preventing large-scale DoS attacks.
The most effective solutions will have the commitment of all players,
and they will proportionately allocate the cost of implementation and
the resulting financial rewards. Regulators must allow industry to
 develop such solutions and foster stakeholder cooperation and
financial support programs while allowing competitive pressures to
work, rather than applying regulation that may be counterproductive
from a consumer point of view and may cause economic damage. For
example, our analysis shows that a strict quality-of-service regulation
banning most forms of traffic management could increase the capital
expenditure requirements of network operators across Europe by up to
$8 billion (€6 billion).
In the meantime, network operators are increasingly aware that they
need to build and invest in their customers’ digital confidence to grow
new advanced services. Their reputation, their competitive advantage,
and the overall growth of the medium depend on it. Nothing, not even
their technological edge, is as critical to their future success.
Reprint No. 09102
Author Profiles:

Thomas Künstner is a partner with Booz & Company’s communications, media, and technology
practice. Based in Düsseldorf, he focuses on convergence markets and advises top management
teams in the communications and media industry on strategic and organizational issues.

Manuel Kohnstamm is the managing director of public policy and communications for Liberty
Global, a leading international cable operator and provider of telephone and broadband services
in Europe, the Americas, and Asia/Pacific. He is also a board member of Belgian cable operator
Telenet NV and president of the industry group Cable Europe.


MAGAZINE


The Internet’s growth is no longer driven by
technology. In much of Europe, more than 70
percent of households have broadband
Internet access (along with cable television
and wireless access); the same technology is
rapidly reaching saturation in Asia and North
America as well. No wonder that online
advertising is growing at 32 percent per year
or that in the business-to-business realm,
Forrester Research Inc. estimates Web 2.0–
related sales will grow by 47 percent per year,
Illustration by Lars Leetaru
resulting in almost US$5 billion (€4 billion)
in growth worldwide by 2013. Moreover, the
next-generation networks of digital video and wireless services are
expected to accelerate all these trends — at increased broadband
speeds, with ubiquitous connectivity, and through many types of
devices.

There is a risk, however, that this momentum will founder as the

hidden costs and risks of the Internet become more evident. Already,
the statistics on fraud, criminal cyber-attacks, and lost business are
cause for concern. Twelve percent of Europeans avoid shopping online
because of concerns about Internet security. According to Booz &
Company analysis, the number of online attacks approximately
doubled each year between 2002 and 2005, costing the industry an
estimated $1 trillion (€843 billion) in 2005 alone in lost revenue, idle
time, repairs, and reputation damage. A separate analysis of Internet
scams (in the U.S. in 2007) showed them costing their victims as much
as $4,000 each.
In short, for those businesses — and governments — that want to see
the Internet fulfill its potential, the single most critical factor is not
technology. It is confidence. Digital confidence is the level of trust that
consumers place in this emerging infrastructure. Digital confidence is
tangible enough that its value can be estimated: In the European
Union, for instance, the economic upside amounts to an extra 11
percent growth (about $58 billion or €46 billion) on top of the $550
billion (€436 billion) overall revenue base of the Internet in 2008.
When digital confidence deteriorates, content providers and ad-
vertising markets are the most negatively affected businesses. In 2008,
in an in-depth scenario exercise for Liberty Global Inc., a leading
cable TV company, Booz & Company calculated the difference
between “getting digital confidence right” (a best-case scenario for the
year 2012) and getting it “wrong” (a worst-case scenario in which
many people would curtail their time and activity online because they
didn’t feel safe). Even in the worst-case scenario, consumers would
not abandon the Internet, but they would use it less often and spend
less money online. The overall cost in Europe could be $156 billion
(€124 billion), or almost 30 percent of the total market at stake —
approximately 1 percent of the total estimated European Union gross
domestic product. And there would be similar costs elsewhere
throughout the world.
In short, for any Internet-based business, digital confidence pays off.
That’s why many organizations — public agencies, private companies,
and not-for-profit groups — have attempted to promote it. But the
industry is gradually realizing which organizations stand at the core of
the issue: broadband service providers. These telephone, cable, or
access companies represent the first line of contact for consumers,
typically charging them a monthly subscription fee to connect their
computers, entertainment systems, and mobile devices to the Internet.
The senior management teams of those companies are turning their
attention to digital confidence. They recognize that they are not just
selling access; their customer relationships depend on their ability to
provide a reliable and attractive communications marketplace and a
medium that is reasonably safe from attack, fraud, and threat. But this
type of access has not been easy to deliver, and it will be even more
difficult in the future. The complexities are great, and the moral and
political issues are tangled and contradictory. Government cannot
resolve the contradictions; no matter how enlightened and proactive
Internet regulatory agencies may be, regulations in themselves cannot
ensure that people trust the online world. Ultimately, the guarantors of
digital confidence need to be the broadband providers. And that rec-
ognition alone represents a significant step change for the industry. It
means that providers will have to see themselves as the critical link in
a value chain that includes consumers, the various “suppliers” of
Internet services, and the governments in whose jurisdictions the
providers operate.
True digital confidence could also transform the way people use the
Internet — or, more precisely, it could complete the transformation
already begun. Future growth in an Internet-based economy will not be
driven by penetration of service; the number of people paying for
service is finally approaching a saturation point. Instead, growth in the
Internet area will be driven by increases in usage. As people gain the
confidence to make more use of online commerce — turning naturally
to Net-based software, banking services, catalogs, ticket agencies,
publications, music and video download sites, and many more
applications to come — the medium will realize its full potential as an
enabler of commerce and civilization.
Reasons for Concern
Most people have had personal experience with some form of Internet
abuse or breakdown, but the problems are so complex and interwoven
that few people see their full extent and impact. There are, essentially,
four categories of concern:
• Network integrity and quality of service. These concerns involve the
reliability of the technological platform. Criminal attacks can
undermine access to the Internet. Viruses and malware (deliberate at-
tacks through the system on end-user devices and local area networks)
take a toll that can include not just inconvenience but also large-scale
hardware destruction: Consumers Union found that over a six-month
period, spyware infections prompted nearly 1 million U.S. households
to replace their computers. Even the ubiquitous, low-level irritation of
spam e-mail takes a toll; 55 percent of Internet users say spam has
reduced their trust in the integrity of their e-mail, and 18 percent see
spam as a “big problem.” Finally, peaks in traffic load can lead to slow
service or weak connectivity, a problem that threatens to grow as more
people download and stream video from the Internet. Network pro-
viders have known for some time that about 80 percent of Internet
bandwidth is consumed by only 10 percent of consumers, and
congestion goes up with use of file-sharing and video applications. For
example, when the BBC iPlayer was introduced in December 2007,
bandwidth usage surged in the U.K., so much so that Internet service
providers (ISPs) tried to get the BBC to partially fund the network
upgrades they needed.
• Privacy and data protection. The safety of consumers’ private
electronic information — their identities, passwords, and usage
profiles, and even the information they post about themselves — must
be ensured. People need to feel secure that their private data won’t be
published inadvertently or without their consent, and that they won’t
be vulnerable to identity theft, in which criminals replicate or use their
private data for fraud. Most social networking sites allow users to limit
access to only friends and trusted individuals, but almost half of the
consumers on these sites make their profiles available to everyone.
The effects of this choice on personal safety, security, and reputation
are still uncertain: For instance, as businesses use Web searches to
check the validity of job applications, outdated or fraudulent
information about a person may show up, with the applicant having no
recourse to delete or change it. Organizations also face data risks: In
the United Kingdom, the national revenue and customs department had
to apologize to customers of investment bank UBS Laing and
Cruickshank after losing a computer disk, sent by the bank, that
contained addresses and account details of UBS’s Personal Equity
Plan investors.
• The protection of minors. The well-being of those younger than 18
must be defended in the online world. This includes protecting
children from exposure to sexually explicit, violent, and otherwise
undesirable content; discouraging cyber-bullying and other hostile
behavior (such as the posting of demeaning photographs); preventing
solicitation of children by adults; and fighting the sexual abuse of
children online, including prosecuting the purveyors of child-related
sexual content. The extent of this threat is often underestimated, but it
is substantial; almost 25 percent of youths surveyed have been exposed
to indecent material, and one June 2008 posting in Australia of sexual
content involving children received 12 million hits within 76 hours.
• Piracy and theft. E-commerce transactions must be protected for all
parties. For business and content providers, including video producers,
being able to distribute their work safely without fear of copyright
violation or theft is a precondition for doing business online. E-
commerce services also need protection against consumers’ failure to
pay or failure to provide agreed-upon goods or services. Users must be
sure they are not exposed to criminal prosecution for using legitimate
protocols and applications, such as peer-to-peer file-sharing systems.
Piracy and theft can carry immense costs and are difficult to avoid
completely. From one country to the next, there is much disagreement
about acceptable practices, and great disparity in legislation. At the
same time, many individual problems, like phishing (identity theft
through online fraud), involve cross-border crimes that require in-
ternational cooperation to prosecute. Moreover, many of the riskiest
aspects of the Internet — such as the anonymity of digital
environments and the ability to easily create false identities — are the
same elements that enrich digital life and attract participants.
Few regulators can keep up with the speed and scope of challenges in
this market. For instance, in the U.K. in May 2008, new laws were
announced to close a legal loophole that had unintentionally
overlooked drawings and computer-generated images of child sex
abuse. Most legal remedies also carry costs; the “three strikes and
you’re out” rule advocated by content owners to punish copyright
violators would require network providers to invest in monitoring and
policing activity going through their “pipes.” This could lead to a
direct overall cost of about $190 million (£130 million) per year in the
U.K. alone — in addition to its implications for consumer data
privacy. Similarly, just about every “filtering” solution, whether for e-
mailed spam or offensive content, also runs the risk of blocking
desired content or slowing down the system.
That is why regulators and government agencies are so challenged,
and why they often oscillate between heavy-handed, unenforceable
rules and a passive philosophy of self-regulation. Commercial firms
are thus left to struggle with the same ambiguities. Should a network
provider block illegal and undesired Web content, which may mean
facing the risk of legal liabilities? If so, who determines what “illegal
and undesired” means? Where should the line be drawn? If child
sexual abuse content is blocked, what about racist content? And so on.
Four Roles for a Provider
What, then, can a network provider do to lead the way out of this
impending crisis? The answer lies not only in meeting legal
requirements, but in staying ahead of the curve by adopting proactive
policies and practices to drive digital confidence. Case studies around
the world show that a “can do” vision is realistic; the answer lies less
in technological solutions and more in providers’ taking a stand on the
role they intend to play. For example, is a network provider merely a
conduit, operating the digital highways with no control over content or
activity on them? Or can the provider help set the rules for how to
travel on these highways — and then help police them?
In reality, network providers have played four different roles on the
Internet. They have acted as teachers, with no corrective power,
educating users about threats and ways to counter them. For example,
they may refer patrons to Internet safety information sites like “Web
Wise Kids” that produce material to help children protect themselves.
Network providers have also been substitute parents, taking proactive
measures to protect users. YouTube thus filters out copyright-
protected content. Referees, in subsystems where there is self-imposed
mutual agreement, help enforce those rules on a case-by-case basis,
and often have recourse to real punishment (like removing people from
networks). The Dutch cable company UPC NL blocks access to
domains that have content with child sexual abuse, using a list
provided by the Netherlands police authorities. And sometimes
providers play the role of police, enforcing mandates with strict rules
and some aspect of due process, such as “three strikes and you’re out.”
Many network providers have learned that no single approach will
serve them in dealing with any particular problem. Consider the case
of “botnets.” These represent a severe form of network integrity
infringement for criminal purposes: Personal computers in businesses,
universities, and homes are controlled remotely by an unauthorized,
malicious third party without the PC owners’ awareness. A single
botnet can involve as many as several hundred thousand computers.
They are used for politically motivated denial-of-service (DoS)
attacks, such as the famous attack on Estonia in April 2007 that
immobilized the country and the April 2008 attack on Radio Free
Europe. They also enable online fraud, and they are responsible for an
estimated 80 percent of worldwide spam.
Education is an important measure against botnets: Service providers
can teach end-users to safeguard their computers with antivirus and
firewall software. But groups that only educate, like Blue Security, a
now-defunct small producer of Internet antispam software, are
themselves vulnerable to attack. Blue Security was pushed out of
business by a massive denial of service attack in May 2006. It is much
more effective when service providers combine education with the
parent stance — blocking data “packets” associated with botnets —
and a police role, usually in cooperation with actual police, to help
monitor traffic, trace botnet-related activity, and isolate the servers
where the botnet originates.
In the past, the natural role for ISPs has been that of teacher. After all,
their core business purpose has been, and still is, to provide a secure,
reliable, and powerful network for Internet traffic, without engaging in
what happens over its network. This has helped them limit risks and
liabilities in areas where they have no responsibility or control — for
example, the nature of the content being transmitted.
But consumers are demanding a higher level of trust online. And the
payoffs for providing it are becoming clearer. For example, when
parents are comfortable with the level of protection provided for their
children, they allow them to use the Internet more. When traffic
management is robust enough to provide consistent speeds, more
people turn to the Internet for videos and entertainment. The extent to
which a network operator is able to guarantee a high quality of service
and optimal broadband experience for all users is a major competitive
edge in infrastructure competition, and playing the role of teacher
alone will not be enough. Providers will end up expanding their roles.
That does not mean taking on a major policing role. Consumers use
the Internet precisely because they want choice and interactivity;
providers that are too restrictive may risk losing a competitive edge, as
consumers seek out alternatives.
The answer is for network providers to see their primary role as
providers of digital confidence. This means not just declaring, but
internalizing, confidence-building procedures and protocols, and
making them part of the organization’s culture.
Thus, if you are an executive at an Internet service provider, you need
to deliberately choose the combination of roles to play for each area of
concern, with an eye toward safeguarding the entire system to which
you provide a gateway. As a teacher, for example, start by building
customer awareness. Develop well-conceived and continually
improved programs on such threats as identity theft, piracy, and online
behavior (including addressing bullying, restricting solicitation, and
defining what constitutes unacceptable content). Target your messages
to specific user groups, including parents and children. Also target
business clients with education on spam filters and protection against
DoS attacks. Do not delegate this job to other groups; you can partner
with others, but you must be seen as the source of digital confidence.
As a substitute parent, provide the tools and resources needed to back
up your education — for example, make high-quality content- and
spam-filtering software easily available. Even more importantly, be as
transparent and consistent as possible in your communications with
consumers. Let them know exactly what your policies are, and make
sure, if you promote a form of protection, that people at every level of
the company understand it and can help consumers adopt it.
As a referee, be prepared to step away from your home ground when
you can do so transparently. Contrary to some perceptions, consumers
accept restrictions — but only when those restrictions are enforced
with clear statements and a consistent, reliable framework. For
example, if a consistent, high-quality user experience, without
perceptible delays requires active traffic management, consumers will
accept that, so long as it is fair and transparent.
And when you take on the policing role, recognize that you cannot act
alone. For example, blocking (or reducing the speed of access to) some
Internet sites can place a company at legal risk. Only if you are
mandated by law to block certain Internet sites owing to content
concerns will you be less vulnerable to accusations of infringement of
copyright, civil liberties, freedom of speech, and Net neutrality.
The Internet industry as a whole, sooner or later, will have to
demonstrate that it is serious about digital confidence by developing
coherent solutions. Network operators and ISPs will need to work
closely with each other, and with regulators around the world, to build
collective confidence in the Internet. They will need to address all
areas that clearly fall outside an individual service provider’s activity:
for example, blacklisting illegal content, enforcing laws against
spamming, and preventing large-scale DoS attacks.
The most effective solutions will have the commitment of all players,
and they will proportionately allocate the cost of implementation and
the resulting financial rewards. Regulators must allow industry to
develop such solutions and foster stakeholder cooperation and
financial support programs while allowing competitive pressures to
work, rather than applying regulation that may be counterproductive
from a consumer point of view and may cause economic damage. For
example, our analysis shows that a strict quality-of-service regulation
banning most forms of traffic management could increase the capital
expenditure requirements of network operators across Europe by up to
$8 billion (€6 billion).
In the meantime, network operators are increasingly aware that they
need to build and invest in their customers’ digital confidence to grow
new advanced services. Their reputation, their competitive advantage,
and the overall growth of the medium depend on it. Nothing, not even
their technological edge, is as critical to their future success.
Reprint No. 09102
Author Profiles:

Thomas Künstner is a partner with Booz & Company’s communications, media, and technology
practice. Based in Düsseldorf, he focuses on convergence markets and advises top management
teams in the communications and media industry on strategic and organizational issues.

Manuel Kohnstamm is the managing director of public policy and communications for Liberty
Global, a leading international cable operator and provider of telephone and broadband services
in Europe, the Americas, and Asia/Pacific. He is also a board member of Belgian cable operator
Telenet NV and president of the industry group Cable Europe.

TECH & INNOVATION

February 24, 2009 / Spring 2009 / Issue 54(originally published by Booz & Company)
 Watching over the Web
For broadband service providers — and the Internet in general — “digital
confidence” pays off.

by Thomas Künstner, Manuel Kohnstamm, and Stephan Luiten

  
  
  
  
  
The Internet’s growth is no longer driven by
technology. In much of Europe, more than 70
percent of households have broadband
Internet access (along with cable television
and wireless access); the same technology is
rapidly reaching saturation in Asia and North
America as well. No wonder that online
advertising is growing at 32 percent per year
or that in the business-to-business realm,
Forrester Research Inc. estimates Web 2.0–
related sales will grow by 47 percent per year,
Illustration by Lars Leetaru
resulting in almost US$5 billion (€4 billion)
in growth worldwide by 2013. Moreover, the
next-generation networks of digital video and wireless services are
expected to accelerate all these trends — at increased broadband
speeds, with ubiquitous connectivity, and through many types of
devices.
There is a risk, however, that this momentum will founder as the
hidden costs and risks of the Internet become more evident. Already,
the statistics on fraud, criminal cyber-attacks, and lost business are
cause for concern. Twelve percent of Europeans avoid shopping online
because of concerns about Internet security. According to Booz &
Company analysis, the number of online attacks approximately
doubled each year between 2002 and 2005, costing the industry an
estimated $1 trillion (€843 billion) in 2005 alone in lost revenue, idle
time, repairs, and reputation damage. A separate analysis of Internet
scams (in the U.S. in 2007) showed them costing their victims as much
as $4,000 each.
In short, for those businesses — and governments — that want to see
the Internet fulfill its potential, the single most critical factor is not
technology. It is confidence. Digital confidence is the level of trust that
consumers place in this emerging infrastructure. Digital confidence is
tangible enough that its value can be estimated: In the European
Union, for instance, the economic upside amounts to an extra 11
percent growth (about $58 billion or €46 billion) on top of the $550
billion (€436 billion) overall revenue base of the Internet in 2008.
When digital confidence deteriorates, content providers and ad-
vertising markets are the most negatively affected businesses. In 2008,
in an in-depth scenario exercise for Liberty Global Inc., a leading
cable TV company, Booz & Company calculated the difference
between “getting digital confidence right” (a best-case scenario for the
year 2012) and getting it “wrong” (a worst-case scenario in which
many people would curtail their time and activity online because they
didn’t feel safe). Even in the worst-case scenario, consumers would
not abandon the Internet, but they would use it less often and spend
less money online. The overall cost in Europe could be $156 billion
(€124 billion), or almost 30 percent of the total market at stake —
approximately 1 percent of the total estimated European Union gross
domestic product. And there would be similar costs elsewhere
throughout the world.
In short, for any Internet-based business, digital confidence pays off.
That’s why many organizations — public agencies, private companies,
and not-for-profit groups — have attempted to promote it. But the
industry is gradually realizing which organizations stand at the core of
the issue: broadband service providers. These telephone, cable, or
access companies represent the first line of contact for consumers,
typically charging them a monthly subscription fee to connect their
computers, entertainment systems, and mobile devices to the Internet.
The senior management teams of those companies are turning their
attention to digital confidence. They recognize that they are not just
selling access; their customer relationships depend on their ability to
provide a reliable and attractive communications marketplace and a
medium that is reasonably safe from attack, fraud, and threat. But this
type of access has not been easy to deliver, and it will be even more
difficult in the future. The complexities are great, and the moral and
political issues are tangled and contradictory. Government cannot
resolve the contradictions; no matter how enlightened and proactive
Internet regulatory agencies may be, regulations in themselves cannot
ensure that people trust the online world. Ultimately, the guarantors of
digital confidence need to be the broadband providers. And that rec-
ognition alone represents a significant step change for the industry. It
means that providers will have to see themselves as the critical link in
a value chain that includes consumers, the various “suppliers” of
Internet services, and the governments in whose jurisdictions the
providers operate.
True digital confidence could also transform the way people use the
Internet — or, more precisely, it could complete the transformation
already begun. Future growth in an Internet-based economy will not be
driven by penetration of service; the number of people paying for
service is finally approaching a saturation point. Instead, growth in the
Internet area will be driven by increases in usage. As people gain the
confidence to make more use of online commerce — turning naturally
to Net-based software, banking services, catalogs, ticket agencies,
publications, music and video download sites, and many more
applications to come — the medium will realize its full potential as an
enabler of commerce and civilization.
Reasons for Concern
Most people have had personal experience with some form of Internet
abuse or breakdown, but the problems are so complex and interwoven
that few people see their full extent and impact. There are, essentially,
four categories of concern:
• Network integrity and quality of service. These concerns involve
the reliability of the technological platform. Criminal attacks can
undermine access to the Internet. Viruses and malware (deliberate at-
tacks through the system on end-user devices and local area networks)
take a toll that can include not just inconvenience but also large-scale
hardware destruction: Consumers Union found that over a six-month
period, spyware infections prompted nearly 1 million U.S. households
to replace their computers. Even the ubiquitous, low-level irritation of
spam e-mail takes a toll; 55 percent of Internet users say spam has
reduced their trust in the integrity of their e-mail, and 18 percent see
spam as a “big problem.” Finally, peaks in traffic load can lead to slow
service or weak connectivity, a problem that threatens to grow as more
people download and stream video from the Internet. Network pro-
viders have known for some time that about 80 percent of Internet
bandwidth is consumed by only 10 percent of consumers, and
congestion goes up with use of file-sharing and video applications. For
example, when the BBC iPlayer was introduced in December 2007,
bandwidth usage surged in the U.K., so much so that Internet service
providers (ISPs) tried to get the BBC to partially fund the network
upgrades they needed.
• Privacy and data protection. The safety of consumers’ private
electronic information — their identities, passwords, and usage
profiles, and even the information they post about themselves — must
be ensured. People need to feel secure that their private data won’t be
published inadvertently or without their consent, and that they won’t
be vulnerable to identity theft, in which criminals replicate or use their
private data for fraud. Most social networking sites allow users to limit
access to only friends and trusted individuals, but almost half of the
consumers on these sites make their profiles available to everyone.
The effects of this choice on personal safety, security, and reputation
are still uncertain: For instance, as businesses use Web searches to
check the validity of job applications, outdated or fraudulent
information about a person may show up, with the applicant having no
recourse to delete or change it. Organizations also face data risks: In
the United Kingdom, the national revenue and customs department had
to apologize to customers of investment bank UBS Laing and
Cruickshank after losing a computer disk, sent by the bank, that
contained addresses and account details of UBS’s Personal Equity
Plan investors.
• The protection of minors. The well-being of those younger than 18
must be defended in the online world. This includes protecting
children from exposure to sexually explicit, violent, and otherwise
undesirable content; discouraging cyber-bullying and other hostile
behavior (such as the posting of demeaning photographs); preventing
solicitation of children by adults; and fighting the sexual abuse of
children online, including prosecuting the purveyors of child-related
sexual content. The extent of this threat is often underestimated, but it
is substantial; almost 25 percent of youths surveyed have been exposed
to indecent material, and one June 2008 posting in Australia of sexual
content involving children received 12 million hits within 76 hours.
• Piracy and theft. E-commerce transactions must be protected for all
parties. For business and content providers, including video producers,
being able to distribute their work safely without fear of copyright
violation or theft is a precondition for doing business online. E-
commerce services also need protection against consumers’ failure to
pay or failure to provide agreed-upon goods or services. Users must be
sure they are not exposed to criminal prosecution for using legitimate
protocols and applications, such as peer-to-peer file-sharing systems.
Piracy and theft can carry immense costs and are difficult to avoid
completely. From one country to the next, there is much disagreement
about acceptable practices, and great disparity in legislation. At the
same time, many individual problems, like phishing (identity theft
through online fraud), involve cross-border crimes that require in-
ternational cooperation to prosecute. Moreover, many of the riskiest
aspects of the Internet — such as the anonymity of digital
environments and the ability to easily create false identities — are the
same elements that enrich digital life and attract participants.
Few regulators can keep up with the speed and scope of challenges in
this market. For instance, in the U.K. in May 2008, new laws were
announced to close a legal loophole that had unintentionally
overlooked drawings and computer-generated images of child sex
abuse. Most legal remedies also carry costs; the “three strikes and
you’re out” rule advocated by content owners to punish copyright
violators would require network providers to invest in monitoring and
policing activity going through their “pipes.” This could lead to a
direct overall cost of about $190 million (£130 million) per year in the
U.K. alone — in addition to its implications for consumer data
privacy. Similarly, just about every “filtering” solution, whether for e-
mailed spam or offensive content, also runs the risk of blocking
desired content or slowing down the system.
That is why regulators and government agencies are so challenged,
and why they often oscillate between heavy-handed, unenforceable
rules and a passive philosophy of self-regulation. Commercial firms
are thus left to struggle with the same ambiguities. Should a network
provider block illegal and undesired Web content, which may mean
facing the risk of legal liabilities? If so, who determines what “illegal
and undesired” means? Where should the line be drawn? If child
sexual abuse content is blocked, what about racist content? And so on.
Four Roles for a Provider
What, then, can a network provider do to lead the way out of this
impending crisis?