Published on 23 Feb 2015
“All the logic that we are seeing in the Net Neutrality debate is assuming that nothing has changed; it’s assuming that it’s 1995. What’s actually happened is that people get more and more service, year in and year out,” says Daniel Berninger, a telecom activist who was involved in the early days of internet-phone service of Vonage.
Net Neutrality proponents, including President Obama, argue that internet-service providers (ISPs) need to be regulated by the Federal Communications Commission (FCC) in order to keep the internet “free and open.”
Berninger heads up VCXC, a nonprofit that is pushing for regulatory and policy changes to speed up the transition to IP-based networks for voice and data sharing. He’s an unsparing critic of FCC Chairman Tom Wheeler’s plan to implement Net Neutrality by regulating broadband network operators under Title II or “common carrier” provisions of federal law.
Title II has historically applied to telephone companies, which were regulated as public utilities and subject to government scrutiny regarding every aspect of service, including pricing and universal service obligations. Since the mid-1990s, the internet has been classified as an “information service,” which is subject to much less regulation under Title I of the relevant federal law.
“Title II regulation has been around for 80 years,” says Berninger, “and we know exactly what it can accomplish and what it can’t accomplish … in all the things that it touched, it essentially destroyed innovation.” In 1956, he explains, as part of a consent decree involving ATT, phone service was regulated by the FCC under Title II while “information services” were essentially unregulated. “We split communications and computing and treated them entirely different — essentially as a twin experiment. Well, one twin prospered and one twin did not do very well.” Berninger argues that virtually all the problems that proponents of Title II regulation and Net Neutrality worry over — such as the blocking of specific websites and the deliberate slowing of traffic — haven’t occurred precisely because ISPs are subject to market competition and must constantly innovate to keep customers happy. FCC regulation would hamper that.
The FCC will vote on Wheeler’s proposal later this week and is widely expected to endorse it. The FCC has lost two previous attempts to assert regulatory control over the internet.
February 25, 2015
February 23, 2015
Cory Doctorow is concerned about some of the possible developments within the “Internet of Things” that should concern us all:
The digital world has been colonized by a dangerous idea: that we can and should solve problems by preventing computer owners from deciding how their computers should behave. I’m not talking about a computer that’s designed to say, “Are you sure?” when you do something unexpected — not even one that asks, “Are you really, really sure?” when you click “OK.” I’m talking about a computer designed to say, “I CAN’T LET YOU DO THAT DAVE” when you tell it to give you root, to let you modify the OS or the filesystem.
Case in point: the cell-phone “kill switch” laws in California and Minneapolis, which require manufacturers to design phones so that carriers or manufacturers can push an over-the-air update that bricks the phone without any user intervention, designed to deter cell-phone thieves. Early data suggests that the law is effective in preventing this kind of crime, but at a high and largely needless (and ill-considered) price.
To understand this price, we need to talk about what “security” is, from the perspective of a mobile device user: it’s a whole basket of risks, including the physical threat of violence from muggers; the financial cost of replacing a lost device; the opportunity cost of setting up a new device; and the threats to your privacy, finances, employment, and physical safety from having your data compromised.
The current kill-switch regime puts a lot of emphasis on the physical risks, and treats risks to your data as unimportant. It’s true that the physical risks associated with phone theft are substantial, but if a catastrophic data compromise doesn’t strike terror into your heart, it’s probably because you haven’t thought hard enough about it — and it’s a sure bet that this risk will only increase in importance over time, as you bind your finances, your access controls (car ignition, house entry), and your personal life more tightly to your mobile devices.
That is to say, phones are only going to get cheaper to replace, while mobile data breaches are only going to get more expensive.
It’s a mistake to design a computer to accept instructions over a public network that its owner can’t see, review, and countermand. When every phone has a back door and can be compromised by hacking, social-engineering, or legal-engineering by a manufacturer or carrier, then your phone’s security is only intact for so long as every customer service rep is bamboozle-proof, every cop is honest, and every carrier’s back end is well designed and fully patched.
February 11, 2015
February 9, 2015
Michael Geist on the rather disturbing news that Canadian intelligence agencies are busy watching the uploads of every internet user (including the Canadian users that CSE/CSIS are theoretically banned from tracking by the letter of the law):
… the problem with oversight and accountability as the primary focus is that it leaves the substantive law (in the case of CSE Internet surveillance) or proposed law (as in the case of C-51) largely unaddressed. If we fail to examine the shortcomings within the current law or within Bill C-51, no amount of accountability, oversight, or review will restore the loss of privacy and civil liberties.
First, consider the Snowden revelations that the CSE has been the lead on a surveillance initiative that gathers as many as 15 million uploads and downloads per day from a wide range of hosting sites that even appear to include the Internet Archive. The goal is reputed to be to target terrorist propaganda and training materials and identify who is uploading or downloading the materials. The leaked information shows how once a downloader is identified, intelligence agencies use other databases (including databases on billions of website cookies) to track the specific individual and their Internet use within hours of identified download.
The Levitation program, which removes any doubt about Canada’s role in global Internet surveillance, highlights how seemingly all Internet activity is now tracked by signals intelligence agencies. Note that the sites that host the downloads do not hand over their usage logs. Rather, intelligence agencies are able to track who visits the sites and what they do from the outside. That confirms a massive surveillance architecture of Internet traffic operating on a global scale. Is improved oversight in Canada alone going to change this dynamic that crosses borders and surveillance agencies? It is hard to see how it would.
Moreover, these programs point to the fundamental flaw in Canadian law, where Canadians are re-assured that CSE does not – legally cannot – target Canadians. However, mass surveillance of this nature does not distinguish between nationalities. Mass surveillance of a hundred million downloads every week by definition targets Canadians alongside Internet users from every corner of the globe. To argue that Canadians are not specifically targeted when it is obvious that the personal information of Canadians is indistinguishable from everyone else’s data at the time of collection, is to engage in meaningless distinctions that only succeed in demonstrating the weakness of Canadian law. Better oversight of CSE is needed, but so too is a better law governing CSE activities.
February 7, 2015
At The Diplomat, Nancy Tang explains a sudden outbreak of “Straight Man Cancer” among China’s Weibo users:
“A woman only has one ambition. In her heart, she sees love and childrearing as the most important thing in life.” On January 12, 2015, scholar Zhou Guoping thus tweeted on Weibo, the popular Chinese microblogging platform. Zhou later responded to the backlash, saying, “I agree with women’s liberation and equality between women and men… However, no matter how talented [women] are or what achievements they reach, if [a woman] refuses to, or doesn’t know how to be a gentle lover, a caring wife, a loving mother, the sense of beauty she gives me will be greatly reduced.” Both tweets were subsequently removed by Zhou.
Chinese commentators quickly diagnosed Zhou, a popular public intellectual at the state think tank Chinese Academy of Social Sciences, with “Straight Man Cancer.” The term “Straight Man Cancer,” coined in mid-2014, refers to chauvinist, judgmental behavior and language that propels sexist double standards or belittles women. Zhou’s controversial tweets exposed him to public scrutiny and attracted state attention. Communist Party mouthpiece People’s Daily re-posted an editorial, calling for the use of law and public opinion in order to “prevent ‘Straight Man Cancer’” in the private realm from “spreading into the public domain.” State news agency Xinhua also published the transcript of a newspaper interview with Zhou, in which he shamelessly called himself a “feminist.”
Zhou is by no means the sole Chinese straight man afflicted with Straight Man Cancer. In the aftermath of Zhou’s tweets, Chinese netizens have dug up other notable cases of public figures infected by the “epidemic.” Han Han, popular author-blogger and youth icon, is another representative of the cancerous straight male among Chinese millennials. He has stated in an interview that “there is no way that my girlfriend would [be allowed to] work outside of the household.” The renowned Chinese translator of Haruki Murakami, Lin Shaohua, has warned men against housework, which he thinks of as detrimental to masculinity and having the potential to make men effeminate or gender-bent. Tsinghua University sociologist Sun Liping has suggested that decreasing female employment and facilitating earlier female retirement would alleviate the social pressure caused by China’s large population. New Confucian scholar Qi Yihu has also advocated that women work only half-time so that they can rear children. Meanwhile, even these infuriating sexist remarks are eclipsed by intolerable misogynistic violence: While most sexists perpetrate unfair stereotypes, some actively hate on women and harm women’s well-being. For instance, the celebrity English teacher Li Yang, misogynist and perpetrator of domestic violence, is considered a “terminally ill” case of Straight Man Cancer.
February 5, 2015
At Coyote Blog, Warren Meyer is starting to think that a large number of internet fans are idiots:
So, out of the fear […] that some people will get better service than others — something that, oh by the way, has never really happened so is entirely hypothetical — you are urging on a regulatory regime originally designed for land-line phone companies, a technology that basically went unchanged for decades at a time. The phones that were in my home at my birth in 1962 were identical to the one in my dorm room when AT&T was broken up in 1982. Jesus, we are turning the Internet into a public utility — name three innovations from an American public utility in the last 40 years. Name one.
And all you free-speech advocates, do you really think the Feds won’t use this as a back-door to online censorship? We are talking about the same agency that went into a tizzy when Janet Jackson may have accidentally on purpose shown a nipple on TV. All that is good with TV today — The Sopranos, Game of Thrones, Arrested Development, etc. etc. etc. results mainly from the fact that cable is able to avoid exactly the kind of freaking regulation you want to impose on the Internet.
Here is my official notice — you have been warned, time and again. There will be no allowing future statements of “I didn’t mean that” or “I didn’t expect that” or “that’s not what I intended.” There is no saying that you only wanted this one little change, that you didn’t buy into all the other mess that is coming. You let the regulatory camel’s nose in the tent and the entire camel is coming inside. I guarantee it.
February 2, 2015
January 29, 2015
Christopher Taylor points out that the folks who advised Comcast on their recent home security advertising campaign rather missed the mark:
Comcast is trying to act like using any other security system is old fashioned; its actually a tag line in some of their ads “don’t be old fashioned.” They’re using the old knight in armor to stand in for any other security system which, not being “in the cloud” and accessible “anywhere” from your smart phone is thus dated and old.
But consider; which would be preferable?
- An internet based system which, by its own advertising notes that you can turn it off “from anywhere” using only a phone, and look at cameras anywhere in your home, just by using the phone.
- An armored knight with a broadsword.
Now, perhaps you’re new to the internet and aren’t aware of this, but it gets hacked pretty much every minute of the day. Passwords are stolen and sold on Chinese and Russian websites. Your smart phone is not secure.
I once found a website (now gone) that had live feeds of people’s homes from around the world by clicking on various names. All they did was use commonly used passwords and logged into the security systems. It was like this weird voyeuristic show, but really boring because it was all empty rooms and darkness — people turn on their security when they leave, not when they do fun stuff to watch.
What I’m saying is what should be abundantly obvious to everyone who has a television to watch Comcast ads: this is a really stupid, bad idea. You’re making it easier for burglars to turn off your security system and watch for when you aren’t home. You’re making it easier for evil sexual predators and monsters to know your patterns and when you’re home or alone. Get it?
This is like publishing your daily activities and living in a glass building all day long. It seems cool and high tech and new and fancy, but its just really stupid.
But an armored knight? Unless he goes to sleep, he’s a physical, combat-ready soldier that acts as a physical deterrent to intruders.
And its not even old fashioned. It’s so old an image, it doesn’t even feel old fashioned, it feels beyond vintage to a fantasy era. Which is cooler to you, being guarded by a knight in shining armor with a sword, or your smart phone?
These ads have a viral feel to them, like some hip college dude with a fancy business card came up with it for Comcast, but they don’t make sense. I doubt they even get people to want to buy the product.
January 14, 2015
Cory Doctorow explains why David Cameron’s proposals are not just dumb, but doubleplus-dumb:
What David Cameron thinks he’s saying is, “We will command all the software creators we can reach to introduce back-doors into their tools for us.” There are enormous problems with this: there’s no back door that only lets good guys go through it. If your Whatsapp or Google Hangouts has a deliberately introduced flaw in it, then foreign spies, criminals, crooked police (like those who fed sensitive information to the tabloids who were implicated in the hacking scandal — and like the high-level police who secretly worked for organised crime for years), and criminals will eventually discover this vulnerability. They — and not just the security services — will be able to use it to intercept all of our communications. That includes things like the pictures of your kids in your bath that you send to your parents to the trade secrets you send to your co-workers.
But this is just for starters. David Cameron doesn’t understand technology very well, so he doesn’t actually know what he’s asking for.
For David Cameron’s proposal to work, he will need to stop Britons from installing software that comes from software creators who are out of his jurisdiction. The very best in secure communications are already free/open source projects, maintained by thousands of independent programmers around the world. They are widely available, and thanks to things like cryptographic signing, it is possible to download these packages from any server in the world (not just big ones like Github) and verify, with a very high degree of confidence, that the software you’ve downloaded hasn’t been tampered with.
This, then, is what David Cameron is proposing:
* All Britons’ communications must be easy for criminals, voyeurs and foreign spies to intercept
* Any firms within reach of the UK government must be banned from producing secure software
* All major code repositories, such as Github and Sourceforge, must be blocked
* Search engines must not answer queries about web-pages that carry secure software
* Virtually all academic security work in the UK must cease — security research must only take place in proprietary research environments where there is no onus to publish one’s findings, such as industry R&D and the security services
* All packets in and out of the country, and within the country, must be subject to Chinese-style deep-packet inspection and any packets that appear to originate from secure software must be dropped
* Existing walled gardens (like Ios and games consoles) must be ordered to ban their users from installing secure software
* Anyone visiting the country from abroad must have their smartphones held at the border until they leave
* Proprietary operating system vendors (Microsoft and Apple) must be ordered to redesign their operating systems as walled gardens that only allow users to run software from an app store, which will not sell or give secure software to Britons
* Free/open source operating systems — that power the energy, banking, ecommerce, and infrastructure sectors — must be banned outright
David Cameron will say that he doesn’t want to do any of this. He’ll say that he can implement weaker versions of it — say, only blocking some “notorious” sites that carry secure software. But anything less than the programme above will have no material effect on the ability of criminals to carry on perfectly secret conversations that “we cannot read”. If any commodity PC or jailbroken phone can run any of the world’s most popular communications applications, then “bad guys” will just use them. Jailbreaking an OS isn’t hard. Downloading an app isn’t hard. Stopping people from running code they want to run is — and what’s more, it puts the whole nation — individuals and industry — in terrible jeopardy.
January 13, 2015
Michael Geist says that the fiasco with the new Canadian copyright notice scheme was not necessary and that the minister should have paid closer attention:
Last week I posted on how Rightscorp, a U.S.-based anti-piracy company, was using Canada’s new copyright notice-and-notice system to require Internet providers to send threats and misstatements of Canadian law in an effort to extract payments based on unproven infringement allegations. Many Canadians may be frightened into a settlement payment since they will be unaware that some of the legal information in the notice is inaccurate and that Rightscorp and BMG do not know who they are.
The revelations attracted considerable attention (I covered the issue in my weekly technology law column – Toronto Star version, homepage version), with NDP Industry Critic Peggy Nash calling on the government to close the loophole that permits false threats. Nash noted that “Canadians are receiving notices threatening them with fines thirty times higher than the law allows for allegedly downloading copyrighted material. The Conservatives are letting these companies send false legal information to Canadians in order to scare them into paying settlements for movies or music no one has even proved they’ve actually downloaded.”
With the notices escalating as a political issue, Jake Enright, Industry Minister James Moore’s spokesman, said on Friday the government would take action. Enright said that “these notices are misleading and companies cannot use them to demand money from Canadians”, adding that government officials would be contacting ISPs and rights holders to stop the practice.
January 5, 2015
January 4, 2015
Russell Brandom explains why a slight change of wording in a recent court case may have handed the Motion Picture Association of America (MPAA) exactly the kind of power they’ve been demanding to crack down on piracy and “infringement”:
Hollywood’s war on piracy has reached a strange impasse. While the MPAA and others have launched lawsuits against US-based infringers, reaching offshore torrent sites like Isohunt and The Pirate Bay is still a slow process, and whenever a site is taken down, others quickly pop up to fill its place. As a result, the MPAA has consistently pushed for the power to block infringing sites from the internet: first by pushing for new laws like SOPA in 2011, then through a series of novel legal tactics. The fight has pitted them against some of the most powerful companies on the web, and drawn them into a long, secret battle with Google.
But leaked documents show that Hollywood has a new secret weapon in the fight, a little-known legal venue that’s poised to take on new powers over the digital realm. It’s called the International Trade Commission, a quasi-judicial agency that regulates imported goods as they enter the country. Traditionally, that means physical goods — if you want to ship in a boatload of fake iPhones, the ITC is the agency that will stop you — but the ITC recently gave itself the power to rule on data as it crosses US borders, as a result of a complex 3D printing case. If the ruling holds, it could have huge implications for the way data moves across the global web, and give the MPAA the site-blocking powers it’s been grasping at for years.
The heart of the case is a company called ClearCorrect, which 3D prints clear plastic braces custom-designed for each patient’s teeth. Much of the technology involved in the process is already under patent, but ClearCorrect has gotten around those patents by farming out its intricate computer modeling to an office in Pakistan. That modeling violates a number of US patents — and if ClearCorrect were shipping back the resulting braces in a box, it would be a simple case: the goods would be contraband, to be stopped at the border. But instead, ClearCorrect is only transmitting digital models from Pakistan and printing out the braces in local offices in Texas. The only thing coming in from Pakistan is raw modeling data. So what’s a trade commission to do?
In April of last year, the ITC arrived at an answer with huge repercussions: stop the data at the border. The ITC is only supposed to rule on “articles,” which has usually been taken to mean physical goods, but last year’s ruling took it to include data too. That gives the ITC the power to stop ClearCorrect’s contraband braces data at the border, but it could have far greater implications. If a web service like Gmail or Facebook ends up on the wrong side of a patent dispute, the court could potentially forbid the service from transmitting data into the US until the dispute is resolved — making the cost of a losing a court battle astronomically higher. It would also require powerful new tools for monitoring data as it crosses national borders, a fundamental break from the international structure of the web. Aware of the huge issues at stake, the ITC stayed the ruling until the Federal Circuit weighs in later this year — but already, legal groups are reeling from the possible consequences.
December 31, 2014
The annual statistics update on traffic to Quotulatiousness since January 1st (it’s also co-incidentally, the 2,000th day since I started posting here after moving from the original MovableType site at Jon’s website).
Over five million hits. That’s a pretty good number for an obscure Canadian blog. Certainly better numbers than The New Republic was managing just recently.
If I had any Photoshop skillz at all, I’d put together a Quotulatiousness version of the old McDonalds sign with the caption “Over Five Million Served”.
The final count of visitors to the blog will be about 1,500-2,500 higher, as I did the screen captures at around 11:30 in the morning.
December 17, 2014
Canadian telcos: “there is no need for legally mandated surveillance and interception functionality”
Sounds good, right? Canada’s telecom companies telling the government that there’s no reason to pass laws requiring surveillance capabilities … except that the reason they’re saying this is that “they will be building networks that will feature those capabilities by default“:
After years of failed bills, public debate, and considerable controversy, lawful access legislation received royal assent last week. Public Safety Minister Peter MacKay’s Bill C-13 lumped together measures designed to combat cyberbullying with a series of new warrants to enhance police investigative powers, generating criticism from the Privacy Commissioner of Canada, civil liberties groups, and some prominent victims rights advocates. They argued that the government should have created cyberbullying safeguards without sacrificing privacy.
While the bill would have benefited from some amendments, it remains a far cry from earlier versions that featured mandatory personal information disclosure without court oversight and required Internet providers to install extensive surveillance and interception capabilities within their networks.
The mandatory disclosure of subscriber information rules, which figured prominently in earlier lawful access bills, were gradually reduced in scope and ultimately eliminated altogether. Moreover, a recent Supreme Court ruling raised doubt about the constitutionality of the provisions.
Perhaps the most notable revelation is that Internet providers have tried to convince the government that they will voluntarily build surveillance capabilities into their networks. A 2013 memorandum prepared for the public safety minister reveals that Canadian telecom companies advised the government that the leading telecom equipment manufacturers, including Cisco, Juniper, and Huawei, all offer products with interception capabilities at a small additional cost.
In light of the standardization of the interception capabilities, the memo notes that the Canadian providers argue that “the telecommunications market will soon shift to a point where interception capability will simply become a standard component of available equipment, and that technical changes in the way communications actually travel on communications networks will make it even easier to intercept communications.”
In other words, Canadian telecom providers are telling the government there is no need for legally mandated surveillance and interception functionality since they will be building networks that will feature those capabilities by default.