Tag Archives: government

CISPA and the problem with volunteering data

Posted on by
So, CISPA, Cyber Information Sharing and Protection Act, is the newest cyber bill on the block. There is a difference between this and the other laws though. In SOPA and PIPA the laws were mandatory, and the government could simply act. In CISPA companies can willingly filter material and this may be based upon information the government provides as a threat. This was a bad situation and internet companies seem to like this law. Facebook and Microsoft are straight up supporting the law. There is uncertainty in the public if Google is or not.

So, in this law the government and internet companies can voluntarily share information about cyber threats and suspicious activities online. However, the problem with voluntary sharing programs is that they can turn into “voluntary” programs. What do I mean? Well, if the government is not required to give the information to all parties that could be affected in some sort of terrorist act the government could decide to give information to companies that are sharing information with the government. Additionally, the government could punish companies, like Twitter, that fight the government over privacy issues by not sharing information.

These are pretty obvious problems with this type of law. It assumes that each event is independent and previous actions have no consequent. This is a faulty premise. If this is viewed as a multi-turn prisoner’s dilemma, it’s obvious that with repeat interactions the best actions will always be to share. This will likely lead to sharing when there are cases of doubt over if the company should share or not. Companies will fault on the side of security over privacy, because the future benefits outweigh any punishment the users can enact on the companies.

These types of pseudo quid pro quo is impacting the US government in other ways including lobbying. It is likely that this information exchange will be used by companies whenever there are negotiations for future laws. They will be able to say, “you need to respect our rights to X, look how friendly we’ve been with the government” and then show a list of times they voluntarily gave data to the government. This was a tactic that Ma Bell used to keep their monopoly as long as they did. Because the company was providing the government with extra public goods (military research), the government was willing to over look the fact that the company was a monopoly and perhaps should be broken up.

CISPA is a dangerous law that we need to carefully weigh accepting. We need to pressure internet companies to step away from the law. We also need, if it passes, better understanding of when companies hand over data willingly and for what reasons. We should also be notified any time a company hands over our data about us to the government for any reason.

Are we talking past each other with the net neutrality debate?

Posted on by

I started reading (yes another book) “Internet Architecture and Innovation” on my flight to Portland Tuesday night. It’s going to be a really interesting read, if you like the internet, economics and innovation of course. One of the first parts discusses the history of the internet and a design principle called end to end. This means that when something is transmitted certain events must happen. There are two meanings to the same principle though, which complicates things. In one version only peers can “talk” to each other and share the information. This isn’t exactly literal, because if I’m skyping the data isn’t just between skype on my pc and yours, it goes through many, but the idea is that only your pc and mine know we are skyping. In the second method, some intermediaries might know that we are skyping, through something called deep packet inspection where a router is able to read the information it processes. Both ways are still called end-to-end. Which is obviously a problem.

Another easy example. One version would require equal up and download speeds, the other doesn’t. Let’s say you have a picture and want to upload it, in the one version it would take you the same time to upload as to download it the next day back to your pc. We know this doesn’t happen.

Until reading this book I really thought that the internet was truly designed in an equal and neutral manner. However, this isn’t the case. Using these two design principles results in an internet that looks very different and we would expect it to evolve differently based on which understanding was applied.

It’s obvious that for consumers the first option is better. Where the network behind the internet is neutral and a “dumb” pipe. Why is it better? Because no one would be able to intercept your data or change the speeds you get your information or even cap your data downloads. This is bad for network owners because they can’t charge or filter as easily for specific content. They simply become a pipe that information flows through.

The differences in incentives and contexts which the design rules are applied drives this discussion. Since the participants believe they are talking about the same thing there is confusion over the disconnect. This leads to an obvious other problem, our clueless elected officials. They don’t understand how the internet works at the simplest level, let alone the esoterics of the minute differences in this argument. It is no wonder they have tried to do back door deals to get this topic to go away.

This also has led to confusion within the internet community of how the telcoms can say that the internet wasn’t developed as a neutral platform. In a way they are correct, in other ways they are wrong. It was just a matter of what was being discriminated. Before it was up vs down speeds, now it could be content. Which to them is no different. For us, it matters a whole lot more.

Content and implicit threats

Posted on by

I’m reading “consent of the Networked” right now. The book is about digital rights, privacy, government and the internet. Once i finish I will write a review for the Urban Times. I found out about the book through TechDirt’s book club. One of the major points the author makes about repressive regimes is the activities of pronationalist actors that are not truly part of the government.

These actors are typically regular people and act as hackers, journalists or progovernment rally organizers. They are found in many countries including China, Iran, the former regime of Tunisia and Libya. In a way these groups are a counter weight to “organizations” like Anonymous, dissent groups and the “liberal” media. However, these organizations are unlikely in the US and Europe right?

Well according to the author now. These groups do exist in the US and in some cases are formal business like HBGary. Some of them actually work for the US government and others do with a wink and a nod. These groups help monitor internet users and potential members of groups like Anon. In many cases this extends the impression of continual  observation by the government and other actors, which can lead to self censorship and self selection for activities.

Has this happened to me? You bet it has, but I didn’t really think much of it at the time or how it could really impact me. One of the times happened during a Facebook conversation about Wikileaks, which I was supporting. The person I was discussing doesn’t like me much and thinks I’m “a rube.” He suggested that I should get a job which requires security clearance so I would get an understanding of how things actually work and that I was niave. Of course I disagree with the fact that I’m niave and I view the world in a much more complex manner than his black and white view. However, I had been thinking of applying to a government type position and he told me I should be careful what I say, which he is correct. This then led me to rein in my views and self censor. This had serious implications on how I discussed topics for some time.

The other times are slightly different and after I started blogging. For one my brother is in the Boarder Patrol which gives him clearance and my sister does stuff she can’t talk about. So, to some extent, I don’t want to negatively impact their ability to work either. This does have a moderating affect as well.

The final source was actually my dad writing to me about my post about anonymous and my discussion of using DDoS as potentially a source of public demonstration on the internet. I was not surprised that he suggested I be careful, he did retire as a Major in the Army Reserves. However, when responding I told him I was already being careful with my wording due to self censorship. I already expect that I’m likely to have my material spring up on someone’s radar due to the content I write about. So, I do try to be careful.

In a democracy where these threats should be minimized we have to worry about it. Why should the rest of the world be different or any less oppressive?

Continued fall out from MegaUpload arrests

Posted on by

A few days ago I discussed some of the actions taken by the hacker community and the impression that the MegaUpload arrests were related to SOPA. After some time we see that this arrest didn’t happen over night, you could argue the announcement and the timing was done poorly. However, I think that we should be paying attention to the ramifications of these arrests. Torrent Freak is reporting that there has been a massive response from the Cyberlocker companies. These cyberlockers were similar to MegaUpload in that a user would be able to upload a song and then anyone would be able to download it or stream the video. Now these companies are removing the search capabilities from their website and are restricting users to only their files.

While, what MegaUpload may have done may be illegal, the impact of the arrests is a foretelling of the impact of a law like SOPA. Internet companies argued that SOPA would be a job killing bill that it would kill innovation and break the internet. I think that this action clearly demonstrations that they are correct. For instance, Torrent Freak mentioned that several companies are shutting their doors and others are changing their services. Since it’s space based service, it is likely that each of these companies only has a few employees. However, they make a good chunk of change. MegaUpload was making several million and their competitors were likely making millions a month.

All of that money is going to be gone by next billing cycle. Not a single one of those companies where users were paying a premium will pay them another dime. Ad revenue will dry up, MegaUpload made almost a million alone since 2007 on ads. All of this money was getting put back into the economy through the purchase of servers, software and other equipment. It allows employees to buy stuff and was making a positive contribution to the economy.

From the different companies there was obviously innovation occurring. MegaUpload never allowed duplicates on its servers and when a duplicate was uploaded it would find another version of it and supply the link to the end user. Infringing content would just have the link removed, not the actual content. This would make searching for the real version difficult for copyright holders as it would be a game of wack the mole where the content would appear here, then with another link and so forth.

What other solutions could have been reached? I think there’s plenty of space here for further innovation for a business model. As users are using sites like this for personal storage and for video streaming, users are paying for content as well as clicking and viewing ads. Clearly there should be a way for the content owners to make money off of it as well. However, I have yet to read an article or a comment about the content industry approaching any of these companies, other than through DMCA, about working to pay some sort of royalty or set up a license agreement.

I think that a way to bring the balance back from the power being exclusively in the hands of the RIAA and MPAA (I’m just going to type RIAA from here on out), companies like Pandora.com, Spotify, Last.FM, MegaUpload (or any of its competitors), Google/YouTube, Vemeo and anyone else that uses licensed content should form their own consortium. Let’s just call it Content Users and Managers of America or CUMA for sure (I couldn’t think of anything really witty there (it doesn’t have to be just of America)). CUMA would provide a counter balance to the RIAA in that it provides equal footing and a way to combine the might of the end users. There are demands for these products, but the products simply do not demand the price premium they used to demand. Since these products aren’t able to demand the premium and the RIAA thinks that it should, they are overcharging as there are freely available alternatives which people flock to. Essentially, the RIAA needs to realize that for the websites allowing people to access the are getting paid pennies (if that) for a single view on a website. So for most sites, they can make more money if they don’t pay licensing fees. Lowering licensing fees is something that CUMA would be able to work for, to put it inline with expected ad revenue. This would allow for broader innovation in the market and reduced piracy.

It’s obvious from the amount of money that MegaUpload made that people are willing to pay to be able to watch as much content as they can when they want it. I feel like a broken record here (ha HA!), but people are willing to pay for content if it’s easily accessible.

I expect additional fall out from this. If SOPA or some similar style bill ever passes, expect this type of reaction to occur in other segments of the online industry. Online content is one of the places with a great deal of innovation and killing it would be a shame when there are possible solutions to this problem without resorting to industrial policy making and picking winners.

Update: I just saw this article Looks like MegaUpload has figured out a way to allow musicians to make money off of free downloads for original works through their site. This is some seriously awesome innovation.

The Government Strikes Back

Posted on by

The internet had thought it won a great victory with the black out of some seriously major websites, however it was a short lived victory as the Fed and its allies the vicious RIAA and MPAA have regrouped and launched a stunning counter attack destroying a rebel outpost on Hoth… errr Actually, The US government has shut down MegaUpload.com and arrested several employees for copyright infringement. You may remember MegaUpload for recently being involved in a dispute with Universal over a YouTube video. Where Universal issued false DMCA take down notices which required YouTube to take down the video. However, this video wasn’t infringing and MegaUpload sued Universal for the false claims. The interesting thing about this video is that it’s about all the legal ways you can use MegaUpload. The video is essentially an attempt by the company to show that there are legitimate uses for their services which, I’m assuming, was an attempt to get them into the safe harbor provisions of the DMCA.

To me, this action really shows that the US government doesn’t need SOPA to pass for it to censor the internet. It already has the ability to do so. SOPA would just put a rubber stamp approval on the actions that the government is already taking. This should be a wake up call. Yes, we had one with the joke of hearings for SOPA previously, however this is a slap in the face of the internet. It’s basically saying, sure we heard you, but you know what? you don’t matter.

Sure it might not be as easy as it would have been with SOPA passing and it’s not breaking the internet the way that SOPA would, but it’s still happening. As much as I hate Maddox, he’s right in his post about SOPA. We really have been pretty complacent, myself included. Yes, I’ve written a bunch, signed petitions and emailed my senators and congressmen multiple times, but big deal. Right now this is a hot button topic, but this isn’t going to go away. No one spoke up about the NDAA because it didn’t impact your ability to read Reddit or surf wikipedia. That law is as bad or worse than SOPA depending on what you think of freedom and civil liberties.

When I got home last night and saw that MegaUpload had been shut down, I was miserable. It made me feel completely impotent. That I was unable to impact the way the US government acts in any meaningful way. At this point, I’m not really sure what to do about this. If any other government would be doing this the US would be up in arms (perhaps literally) and would put a stop to it. Our government is doing this in our name and it’s horribly depressing that I can’t do anything to stop it.

Maddox is right. SOPA only failed because we were paying attention and we were able to get the tech giants behind us on it. SOPA will rear its ugly head again and we might be sleeping. The empire has struck back and we need to decide what we are going to do about it. Are we going to get some ewoks and take it down or are we going to keep signing petitions?

Anonymous has decided to fight back and has launched a large number of attacks on internet websites. As citizens that are deeply concerned with the MegaUpload action we need to ask ourselves, is this an appropriate response? Is this a way of protesting and assembling in an online space? Should anonymous be locked up for doing this? I think that this is a type of protest. Anonymous is as frustrated as I am and have decided to do something in response. It’s obvious that they felt like this is a direct attack on the internet in response to the SOPA protests and the “abuse of power” the internet displayed in taking down websites to protest SOPA.

It also begs the question, what will these website attacks actually accomplish?

What are some of your thoughts on this?

Update 1: I just saw that some 9,000 Hackers have joined Anonymous

Update 2: Apparently Anonymous is using a link that directs users to a Low Orbit Ion Canon DDoS tool that uses the users computer to attack a website. This is an interesting tactic as it will make it very difficult for agents to determine who was malicious and those that were  ignorant of what they were doing. Thus making the tool a more effective protest tool. It will be interesting to see what the ramifications of this new tactic are. I think it will be used again in the future and will make it as “easy” as signing a petition to join a DDoS without having to do the hard work of setting up the LOIC on your computer. Interesting.