������Ƶ

A number of high-profile tech policy issues are dominating the summer headlines, including the proposed merger between Comcast and Time Warner Cable and . But what may not be immediately apparent is how these two are related. If approved, the Comcast-Time Warner Cable merger could dramatically expand the number of American customers subject to data caps on their home broadband plans. While consumer advocates, , have been warning of economic harms of data caps for years, also shows that data caps actually undermine cybersecurity by discouraging users from downloading critical software security updates.

Data caps are monthly limits placed on broadband subscriptions where a user must pay a fee if the amount of data they consume exceeds the threshold. Comcast has recently in certain markets and earlier this year one of its top that he expects Comcast to implement “usage-based billing”—its term for data caps—on all its customers within the next five years. This contrasts with Time Warner Cable, which promised to keep its unlimited plans “” after initial trials of capped broadband plans proved . But with Comcast attempting to acquire Time Warner Cable for over $45 billion, that promise may not apply for long. Many Time Warner Cable their concern about the merger for this and other reasons.  

The economic and competitive concerns of data caps. Failed trials show that data caps are not popular, nor are they an effective tool to address concerns about , particularly on wired networks. Congestion occurs in moments of peak demand, but data caps discourage usage at all times, even during off hours when the network has plenty of capacity. Indeed, data caps seem most adept at discouraging online video—so much so that in 2012 the into cable companies on the effects of data caps on competition from online video services.

But data caps can to do more than make it harder for online services to compete and frustrate consumers. They can also undermine online security.

Research has found that individuals subscribing to broadband plans with data caps were less likely to download and install software updates out of a concern for going over their data limits. Software updates typically include many important security patches. Using outdated software is considered a and is one of the because hackers can take advantage of known weaknesses to obtain unauthorized access.

These findings come from the paper “‘.” The research provides some much needed insight into how data caps and overage charges on broadband service actually impact an individual’s behavior online. They found significant consequences that go beyond watching fewer YouTube videos. This evidence points to the larger effects of creating a “culture of bandwidth scarcity” in broadband access. In such a system an individual’s online behavior reflects a zero sum game mentality. One activity (watching a movie online) is only made possible at the expense of another (avoiding a security update).

In addition, within this culture of bandwidth scarcity, users actually lack the tools and information to appropriately ration their usage. Individuals often associated time, not type of activity, with higher bandwidth consumption. So, for example, a website that loaded quickly (allowing for a quicker browsing visit) was perceived to be less bandwidth intensive than a website that loaded slowly. But speed is not a proxy for file size. Depending on where content is stored online relative to the user, a more bandwidth intensive YouTube video could load faster than a bandwidth light text-based website. They also found that households sought to limit their time spent browsing the most popular websites, such as Facebook, as a way to prevent against going over a data cap. Behavioral findings like this indicate that popular websites and services that are not bandwidth intensive could still see their use impacted if ISPs shift to a pricing structure with data caps and overage fees.

If Comcast and Time Warner Cable merge, we could see the expansion of data caps to millions of currently uncapped customers. This is just one of why the merger is very . The potential harm of data caps add weight to arguments that the proposed merger is with conditions and should be rejected. What’s more, as cybersecurity and stories about data breaches make regular headlines, it’s clear that additional research needs to be done to study how data caps impact online security and individual behavior online more broadly.