Two Research Topics Involving Social Applications
To illustrate the kinds of research it envisions on the social applications of information technology (IT), the committee looks briefly at two research topics. The first, deconstructing wireless, is the subject of an ongoing collaborative effort to analyze the wireless communications industry. The second, network security, is well known and is being pursued by researchers around the world. It is touched on here to demonstrate its interdisciplinary aspects.
One actual research project on the social applications of IT is “deconstructing wireless,” which is being conducted by researchers at the University of California at Berkeley, Princeton University, and the Swiss Federal Institute of Technology at Lausanne.1 This collaboration of engineers and economists is taking a fresh look at the wireless communication industry. The researchers define deconstruction as a research paradigm that takes a top-down, interdisciplinary view of a large-scale global system, in this case wireless networking. Deconstruction is necessitated by the confluence of technology and economic, business, and policy considerations in such systems.
A system and market like wireless networking is heavily influenced by the rapid pace of technological advance as well as by policy (e.g., telecommunications regulation, privacy concerns, and universal service requirements), law (e.g., intellectual property protection and competitive
constraints), economics (e.g., investments, network externalities, lock-in), business considerations (e.g., complementors and competitors, standardization), and the needs and wishes of users (both individuals and organizations). In the past, researchers have addressed these influences one by one. This project recognizes that there are strong relationships between these influences that can be exploited to create new opportunities. Although wireless technology can be shaped in many ways, the most effective design for the technology needs to take into account economics, industry, and policy issues.
The methodology of deconstruction differs from standard systems analysis (see Figure A.1). The first step is to decide which specific business and societal goals will be the central focus. For their work on wireless networking, the researchers chose two:
Achieving a level of flexibility in the system architecture such that new terminal software can be quickly deployed and the barriers to entry for new services and business models can be lowered and
Maximizing the effectiveness of competition in the industry by removing technological and other impediments to competitive offerings and market entry.
Once these goals had been set, the next step was to postulate an architecture for the system that seemed best able to achieve the goals. Postulating an architecture is part of a “divide and conquer ” strategy to
break the research challenges into manageable pieces. Of course, the elements of the overall architecture are critically important in their own right because they not only influence much of the research that will follow but also ultimately determine the model that will be used for industry structure and competition.
Deconstruction deliberately ignores issues like legacy systems and the practical need for incremental advances in the technology. It does so in order to create a mental experiment that, because it takes nothing for granted, can yield real breakthroughs in insight. If important opportunities are identified in this way, they can later influence real-world systems, or perhaps even result in entirely new networks (just as the Internet once did).
Finally, many individual research issues must be addressed to realize the business and societal goals in the context of the postulated architecture. In this project, the issues have been technological, economic, and policy-related. Two of the collaborators (Katz and Farrell) are economists with experience in telecommunications regulation at the Federal Communications Commission and can address economic and policy issues. The other three researchers are technologists who can address technical issues.
One way to better understand the deconstruction process used in the wireless networking project is to examine the classification of interdisciplinary work shown in Figure A.2. It divides disciplines into three categories: (1) those that emphasize the foundations of knowledge (e.g., the
humanities, physical and biological sciences, communications devices, and electronics); (2) those that emphasize systems, which are assemblages of elements that perform higher-level functions (e.g., chemistry and cosmology in the physical sciences, physiology and ecology in the biological sciences, sociology, economics, and law in the social sciences, and power, computing, and communications in engineering); and (3) those that interact directly with people, organizations, and society (e.g., business, music, and the arts). Of course, some disciplines incorporate work that would fall into two or three of these categories, examples being engineering and the health sciences.
Deconstruction focuses on the systems level. It recognizes that many real-world systems, like wireless networks, are actually mixes of different types of systems, especially technical and social, and it brings together perspectives from different disciplines to address common challenges. The deconstruction of wireless networks that is being performed must have, at a minimum, contributions from engineering (communications and computing), social sciences (economics and law), and business.
The confluence and interdependence of technical and nontechnical factors become evident in this research. There are many new technologies (known or unknown but motivated by this application) that could be applied to wireless networks. With existing or new technologies, the architecture of the network itself and the structure of the industries that support it could be shaped in many ways. The question becomes, What way will come closest to achieving the business and societal goals set forth at the beginning? How can investment in new networking concepts be stimulated, and how can users be induced to actually adopt the new technologies? Will new networking concepts (better ideas) automatically be adopted by a free marketplace, or is regulatory intervention required? These questions can only be answered satisfactorily by considering a host of economic and policy questions. In turn, the forces at play in the marketplace and in the regulatory arena directly affect how the technology is molded and positioned.
A simple example will serve to illustrate this last point. Mobile code is a promising technology for dynamically downloading software to processors internal to the network and to terminals. Such processing has been proposed, for example, for converting between different data representations or for accommodating parts of a network with widely different capabilities (like wireless access and fiber backbone). This should contribute to competition by allowing new application functionality to be transparently deployed long after the infrastructure supporting it is provisioned. However, it raises a host of questions: How is that software licensed and paid for? Who provides the necessary processing cycles, and how are they paid for? How is the allocation of these processing
resources determined, since they are shared over multiple applications and users, coordinated in a way that achieves end-to-end objectives? In the presence of virulent competition, they are likely owed by different economic entities, which raises questions that go beyond coordination to include pricing and settlements of revenues. These questions have stimulated new research on the coordination of multiple resource allocations using e-commerce mechanisms (such as some sort of auction). This suggests that existing e-commerce mechanisms such as credit card clearing-houses, might be employed. Because the revenues for each usage are likely to be small, however, the technology has to be conceptualized to result in very small transactions costs, which affects both the technology design and the viable economic mechanisms it implements. The best combination of effectiveness and cost will be obtained by considering mechanism and technology design as a whole.
Large public networks such as the Internet and the public switched telephone network represent a formidable management challenge. Not only are they large and complex systems, but they display the characteristics of sociotechnical systems. They must meet the needs of their subscribers, and they involve many people in their operation and maintenance. Their ownership is fragmented, so that operation and maintenance must be effected across different service providers who often simultaneously complement one another (they provide end-to-end service) and compete with one another (for customers). Hands-off business relationships must be maintained in negotiating arrangements for interconnection, for determining pricing to customers, and for settlement of revenues.
Generally three levels of management are recognized for such networks. Network management encompasses provisioning the network's facilities and operating them, including detection of and recovery from faults. Service management enables the opportunistic establishment of end-to-end services in response to customer requests. Business management ensures that customers are monitored and billed for services and that the resulting revenue is passed back to constituent service providers.
It can be presumed that such a network is under continual assault from many directions, from hackers and even terrorist organizations. These assaults may be directed at users of the network or at the network itself. The perpetrators may have monetary gain, terrorist disruption, or simple vandalism in mind. Most existing approaches to security focus on the users and uses directly, attempting to make them secure individually under the assumption that the network environment itself is not secure.
In addition, the network operator will take measures to protect the network itself.
Efforts to monitor the Internet in an attempt to detect and foil criminal or terrorist attempts will involve the network infrastructure taking a much greater responsibility than heretofore for the security of users, on a massive scale, and suggests an important, supplementary role for the network and service management functions. While it appears to be a promising direction for research into what is undoubtedly a serious problem, many approaches could be taken. Thus, it would be interesting to mount an effort on greatly expanded security measures in networks, with the goal of identifying approaches that are on the one hand affordable and, on the other, effective at identifying and foiling attacks and protecting sensitive data and bringing the perpetrators to justice.
To a large extent, security is a technical challenge, as the questions raised have significant technical components. How can malicious behavior be distinguished from normal innocuous network usage (the answer may involve a kind of pattern matching at both micro and macro levels)? How can security mechanisms be made scalable and affordable? Once such behavior is identified, how can it be verified with sufficient reliability to allow corrective action, and what sorts of action might be mounted? How can technical measures be put in place that will allow the perpetrators to be identified and their behavior proven to the satisfaction of a court? Which aspects can be automated, and which necessarily involve human intervention and judgment?
Taken as a whole, the network, its legitimate users, its operators, and the malicious agents constitute a sociotechnical system. That is, many issues of a nontechnical or only partly technical nature arise and must be considered before a reasonable conclusion can be reached. How can legitimate users' rights to privacy be preserved, and what are those rights? What is the likely nature of attacks that may be mounted, and for what purpose are they mounted? What characteristics of such attacks may allow them to be identified? What are the range of potential security breaches of the network and its users, and what would be their impact? Considering these impacts, how much can be spent on countermeasures, and how can the costs and risks to a business be analyzed?
The proposed approaches would have to deal with some practical realities. Network operators are businesses that must have revenue to compensate for costs. The willingness of users to pay for measures to counter somewhat speculative or unknown risks must be assessed. There must be some viable economic model to determine who pays for and who benefits from these measures. That such networks often have multiple ownership, which means fragmented operational responsibility, must be taken into account.
Experts and researchers in several disciplines could contribute to this research, in addition to computer scientists on the technical aspects. Risk analysis and cost/benefit analysis would fall to economists, who would set the parameters on the acceptable costs and cost recovery mechanisms. The organizational structures that would most effectively realize the security functions—including, for example, human interventions —could be studied by business. Motivations and scenarios for attack could be provided by political scientists, allowing the range of possibilities to be narrowed. In the case of individual vandals and hackers, psychological profiles and likely behavior patterns would be very useful input.
1. The researchers are David Messerschmitt, Michael Katz, and Joseph Farrell from the University of California at Berkeley, Sergio Verdu from Princeton, and Jean-Pierre Hubaux from the Swiss Federal Institute of Technology.