Greetings. Man, it's flashback city here today. It has been a long time since anyone has dared yell "get a haircut" at me, and similarly ages since I've heard hippies blamed for anything! Well, the haircut drought continues, but U2's manager, Paul McGuinness, claims that he's figured out why the music industry is in "collapse" (hint, he doesn't blame the typically awful quality of new "talent" releases). No, Paul has homed in on well-known hippie freaks like Steve Jobs and Bill Gates! You do remember when Steve and Bill used to hang out with Timothy Leary, right? No? You don't recall Switch On, Log In, and Buzz? Maybe he'll include those other hippies Google's Brin and Page in his next tirade. Anyway, Paul wants governments around the world to pass legislation ordering ISPs to declare war on "illegal" music downloaders, to demonstrate a true understanding of the value of music. No need for due process -- just swing the magic TCP axe! Three strikes and you're out! is the policy he wants. (Hmm, out of exactly what I wonder?) And based on his vast computer science knowledge, Paul also rejects the claims of those who suggest that ISPs couldn't effectively target illegal downloads without massive collateral damage (a topic currently under discussion over on the NNSquad mailing list, by the way). I get the creepy feeling that Paul's channeling Joe Friday from the old Dragnet television series. I may not remember everything from the 60s, but The Age of Aquarius was never like this. --Lauren-- |
Greetings. While the FCC has been pretty much asleep at the switch as far as Network Neutrality and ISP abuses are concerned, it would be unfair to suggest that the Commission has been completely sitting down on the job in all respects -- they've got the bare buttocks situation firmly in their grasp. The FCC has proposed to fine the ABC television network $1.43 million over buttocks and "small area of the side of one breast" shots in a more than five-year-old episode of the NYPD Blue television series. The time lag between the airing and this fine may help to explain the Commission's lack of attention to critical Internet issues -- staff has probably been hard at work on the Blue case, giving the matter frame-by-frame attention so that they couldn't be accused of falling down on the job. Needless to say, I consider the fine ridiculous, especially since ABC broadcast the series with parental warnings (and appropriate V-chip flags from the time that system was available). This sort of behavior by the Commission makes the U.S. a laughingstock throughout most of the Western world, and seems to be treading very close to an extortionist trade-off against the 1st Amendment. It's also a horrendous waste of time and effort, to boot. Free advice for the FCC -- take your minds away from the buttocks and breasts -- and instead concentrate on protecting consumers from ISPs who seem to increasingly feel that it's open season to filter, monitor, block, modify, and manipulate the contents of their subscribers' and Web services' data. And while you're at it, you might get off your own behinds and do something meaningful about that half of the U.S. population that apparently still doesn't realize that their analog TVs are currently scheduled to go dark in a year or so. There are many areas where the FCC could make a positive and crucial difference, but we really don't need your protection from the big bad buns, thank you very much. --Lauren-- |
Greetings. Yesterday I discussed the case of a Florida Middle School resource officer who was under dual investigations due to his MySpace page being linked to "friends" who in some cases themselves were found to be linked to porn sites. I expressed strong concerns regarding this sort of indirect responsibility being implied. After all, you can only control your own site, and directly linked pages can change without your knowledge or control at any time. When we're talking about indirect (links to links) pages, the situation is even more ludicrous. I also noted yesterday that the school's own Resources page was problematic when viewed from the standpoint of indirect links, and suggested that a double standard was perhaps being applied. Today comes word that the school's Web site has apparently been shut down (and as I type this, it continues to be inaccessible), reportedly due to the presence of a direct gay porn link on their resources page. I'm told that the school currently has no explanation for this link. However, even giving them the benefit of the doubt and assuming that they were hacked in some manner, this incident certainly emphasizes the dangerous folly of trying to assign responsibility to a Web site or its author for linked pages that aren't their own, and the even more gross insanity of trying to extend such responsibility to indirectly linked pages. [ Update Within an Update: 17:45 PST: The link in question appears to be a clip art domain name that expired years ago, and then was sometime later obtained by the porn site. I think that this aspect very nicely demonstrates the impossibility of policing the contents of pages that are not your own. Here we have a direct link from the school's site that illustrates this, at the same time that the school officer is being investigated for indirect links, which are even more "distant" from the officer's own MySpace page. ] Employing the usually dubious concept of "guilt by association" when evaluating Web links -- particularly indirect ones -- is a sure fire way not only to drag the Internet into a litigation firestorm, but also to decimate the concepts of justice and free speech on the Net. --Lauren-- |
Blog Update (January 25, 2008): Update on Indirect Link Risks: School Site Shut Down Due to Porn Link Greetings. Just to prove yet again that witch hunts in the U.S. aren't restricted to 1692 Salem, we have the sophomoric story of a Florida Middle School resource officer under police and state attorney general investigation because "friends" linked from his MySpace page had themselves linked to pornographic sites. The details are illuminating, and more than a little distressing for anyone who cares about free speech. And golly, it looks like the school involved has its own indirect link contents problems, too. Gulf Middle School's "Resources" page links to a variety of clip art sites, and they link to ... well ... let's just say that the entire Internet opens up at that stage. I'm curious as to why the authorities in Florida are so quick to investigate a school employee for indirect link contents, while obviously the school itself -- which has a "We can accept no responsibility for content on any pages linked" notice on their resources page -- presumably feels that it should be immune to such investigations related to their own official Web site. If authorities start applying "safe for children" standards to everyone whose Web page links to other pages that themselves at some point and in some fashion link to "inappropriate" material, the entire Internet will be on the chopping block in a "degrees of separation" accusation orgy. --Lauren-- Blog Update (January 25, 2008): Update on Indirect Link Risks: School Site Shut Down Due to Porn Link |
Greetings. Recently in For Google and Others, Few Good Deeds Go Unpunished, I noted how difficult it could be for a corporation to do "good deeds" that have no obvious profit motive, without being roundly criticized one way or another. A perfect example appeared today, when ABC News' site variously promoted and titled a story with the main home page headline: If You Love to Hate Google, Read This (as I type the entry you're reading, that's still the title bar text showing on the ABC News article -- at one point earlier today the actual story headline was: Is Google Rich and Stingy? Company Announces an Underwhelming $25 Million in Do-Good Grants). The story draws various negative comparisons with Microsoft's philanthropic efforts, and asks whether the $25 million announcement was merely a publicity stunt. Talk about looking a gift horse in the mouth. I couldn't help but shake my head at the slant of the article. I guess I'm the only person left who thinks of $25 million as significant money. Yeah, I know, back when Jed Clampett moved to Beverly Hills that was enough moola to get personal daily attention from banker Mr. Drysdale, but it's the 21st century now -- what's 25 Meg anymore, huh? It's still a lot of money for the groups that receive it, that's what it is. I find attempts to somehow make moral judgments based on the comparative size of one's charitable or other similar contributions at any given point in time to be disquieting at best, especially when we're talking about relatively young firms, however well-endowed they happen to be at the moment. If one really wishes to draw -- in a fair context -- comparisons with much older firms that's one thing. But to predicate an entire story on terms like "stingy," "underwhelming," and "love to hate" -- when we're talking about many millions of dollars being contributed, well, the term "unseemly" doesn't do justice to the article's bad taste. I fully expect that as time goes on, both Google as a firm and the many individuals who have been enriched by Google's success will contribute ever more immense amounts of money to a wide range of worthy causes. But that's up to them, not to you or me. If I were sitting in Googleplex building 43 today and saw that ABC News story, I might try to just shrug my shoulders, but then again I might be thinking of some lyrics from the Ballad of John and Yoko: Christ you know it ain't easy, Google has its glories and its problems, like any other firm comprised of mere mortals. But lambasting them for giving millions of dollars in grants on the theory that "it's not enough" is impolite, counterproductive, and just plain wrong. --Lauren-- |
Greetings. After an outpouring of objections and ridicule, including my own small contribution, the California Energy Commission has now reversed itself, removed mandatory government-controlled thermostats from the California 2008 Building Standards, and will instead concentrate on much more sensible opt-in and opt-out alternatives. Ta-da! --Lauren-- |
Greetings. The FCC's Wireline Competition Bureau today issued two calls for comments related to Network Management Practices By Broadband Network Operators -- Translation: Fallout from the recent Comcast P2P interference debacle. I urge all interested parties to take advantage of this opportunity to get their thoughts and suggestions on this matter into the record. Deadlines: Comments Due: February 13, 2008 Please see the FCC files (pdf): and Comment Sought On Petition For Declaratory Ruling Regarding Internet Management Policies --Lauren-- |
Greetings. In Can You Go to Prison for Lying to a Web Site?, Strangling the Internet with ID, and other essays, I've noted the continuing drumbeat of government toward forcing all Internet users to be identified at all times, and what this might mean for free speech and the willingness of persons to use a vast array of Internet services -- from mainstream "social networking sites" to search engines to blog comment pages. I've long been convinced that the "hook" of choice of those who wish to see the Internet "locked down" will be that same third-rail issue driving calls for involuntarily implanted ID chips (back in the news in England, by the way) -- pedophiles and child abuse. Deep in today's announcement of MySpace's agreement with states' Attorneys General regarding new child protection measures is mention of a new "Internet Safety Technical Task Force" -- to "explore all new technologies that can help make users more safe and secure including age verification." It's the "age verification" aspect that should immediately raise eyebrows. There simply isn't a practical means to verify the age of an Internet user without verifying their identity. Use of "third parties" to isolate sites from identify information is of little help from a privacy standpoint, since the records of those third-party operations can easily be subjected to abuse in an array of ways. Any promises that such measures would only be applied to social networking sites will quickly become inoperative, since kids (who are damned smart when it comes to the Net) will likely migrate to other sorts of sites for communications if they feel constrained on the "official" social networking services. This will then likely lead to calls for the identity requirements to be extended to any site that allows users to communicate with other persons or post information, and sites where any "inappropriate" material might be obtained -- including, I'm willing to bet, ultimately calls to restrict search engines in the same way. And even with such a privacy-decimating crackdown, the really nasty stuff involving children will still continue in various constantly morphing underground forms, heavily encrypted and hidden in manners that will always have the kids one step ahead of the adults. Reasonable measures to help protect children are a concept that we can all applaud -- and some of the specific technical measures announced by MySpace today do seem reasonable within limited contexts. But when I pull out to the critical wide shot, I see immense privacy, liberty, and financial risks for the Internet and its legitimate users, sites, and businesses in the long run from misguided efforts to extend identity shackles broadly across the Net's infrastructure. I hope that my crystal ball is wrong about this one. But whenever we're told that the Internet and the world's information must be widely constrained to protect children, and that the anonymity of law-abiding persons must be sacrificed in the process, well, human history teaches us to be very skeptical indeed of the motives driving those persons who wish to protect us with iron fists hidden within velvet gloves. As always, the more things change, the more they stay the same. --Lauren-- |
Blog Update (January 16, 2008): California Regulators Cancel Mandatory Thermostat Authority Attention citizens! Attention to your Telescreen now! That means YOU, Roberts88739T, and YOU Debros02935Y. Attention! By order of the California State Regulatorium, your environmental temperatures are hereby and forever placed under our direct command. Starting next year, if all goes as planned, your new or substantially modified homes and commercial buildings by edict shall be equipped with thermostats that will be controlled via FM broadcast signals. We will transmit temperature recommendations! We will override your temperature settings as we see fit! You and your equipment will freeze or burn by our dictates! Oh glorious technology of the 21st century, come to fruition in reality from the nether regions of bureaucrats' dreams! You need not fear hacking of this wondrousness. All associated Internet connections will be protected with the same sorts of precision security used for touchscreen voting systems! And citizens, be warned! While this will likely be a one-way system for now -- making it difficult for us to detect simple but illicit tampering directly -- our vast network of thermostat informants will be ready and willing to report any and all transgressors, with the full weight of the criminal justice system waiting like the Sword of Damocles. So give glory to the Masters of Megawatts! All hail the Honchos of Heat! Genuflect to the Autocrats of Air Conditioning! And coming soon, mandated devices that will allow us to control when and where you have sex. More details about these in our next Telescreen bulletin. Until then, you may return to your designated legal, state-decreed activities. This announcement has been brought to you by the California State Ministry of Environmental Monitoring and Control. Have a nice day! - - - --Lauren-- Blog Update (January 16, 2008): California Regulators Cancel Mandatory Thermostat Authority |
Greetings. Why does AT&T apparently feel that protecting the financial interests of the entertainment industry is more important than fighting terrorism or child abuse? Let's explore how recent AT&T statements concerning their Internet operations provide an illuminating look into their corporate priorities. The saga of ISP plans to become the prying eyes of the Internet continues to unfold, most recently with AT&T's public enthusiasm for the concept of monitoring at the network level for what they define as copyright violations associated with pirated entertainment materials (e.g. those satanic P2P applications). In response to some of my recent postings on this subject, a large number of readers have asked me various forms of basically the same very provocative question. To wit: If AT&T is going to openly spy on the contents of data traffic flows between individual Internet users and take actions based on that surveillance, are they also taking responsibility to find, remove, and/or report all other potentially illicit, dangerous, or otherwise objectionable materials on the network? That is, by intruding themselves into non-public data communications streams in this manner, are they essentially abdicating their effective immunity to civil or criminal actions related to data transiting their network facilities? I'm not referring here to whatever secret data pipelines AT&T has been feeding to NSA or other spooks in furtherance of illegal government surveillance operations, but rather the company's openly discussed public plans for routine network content surveillance, which have been receiving so much publicity lately. This topic presents a range of legal questions that would ultimately have to be settled by courts -- and there's no guarantee that those courts will necessarily rule the way that AT&T's legal team have presumably assumed. But it's certainly a fascinating issue, with a number of decidedly non-trivial implications. Keep in mind that we're talking about the surveillance of private data in end-to-end user communications. This is a wholly different situation from, for example, YouTube's filtering of materials that have been submitted by users for public dissemination. While one can argue about particular specifics, in general it's clear that YouTube or other public access sites should be free to apply whatever rules they wish to filter submitted items that will be seen by the public on those sites -- in fact it would be crazy not to apply some sort of mechanism to classify and/or remove various types of items in such a public viewing environment. Nor are AT&T's new plans analogous to scanning for viruses or spam before they reach subscriber mailboxes -- those are functions provided for the presumed benefit of those subscribers themselves, and generally can be controlled to a significant extent by users if they wish. What AT&T is now talking about is clearly most similar to straightforward wiretapping of individual, private communications. It appears to be the same principle that would apply if AT&T decided to monitor all of our phone calls to listen for discussions of illicit or illegal activity, and then act on that surveillance. There's only one really significant difference -- such widespread monitoring of phone call contents would typically be obviously illegal (at least in the U.S.) -- but monitoring of Internet data contents still resides in something of a grey area, and both ISPs and government have been all too willing to exploit this situation. But apart from these legal niceties, and the fact that encryption would render most content surveillance (though not necessarily traffic analysis) moot in short order, it's certainly the case that AT&T's plans represent a major thrust into a brave new world of Internet content spying. And as such, one can't help but wonder about their particular choice of targets and priorities. If AT&T and perhaps other ISPs are ready to jump into this particular deep quagmire, why haven't though chosen to seek out uses of the network that presumably have truly negative consequences for all of society, not just for the pocketbooks of the entertainment giants? Hell, if you're going to make the case that's it's OK and beneficial to monitor Internet traffic content at the network level, don't start by kowtowing to the MPAA and RIAA -- let's see some of that old Ma Bell AT&T guts like in the old days! Here's what you do ... Forget the music and movies for now and let's really concentrate on targets that will be an easy sell for that segment of the population who thinks privacy is an antiquated old idea ready for the trash heap anyway! Announce that you're going to monitor the Internet for anything that might be child porn related. Proclaim that you'll sift through every unencrypted byte for any communications that might suggest illegal activity -- everything from overdue library books to terrorism to political troublemakers. If you're going to push the idea of tossing the Constitution and Bill of Rights out the window, at least do it with vigor, with substance, with style! Don't waste your revolutionary spying effort on silly songs and forgettable films! Give the surveillance-mongers something that they can really dig their teeth into for some serious publicity and propaganda! True, by concentrating your surveillance platform on unencrypted P2P you might stand to make a significant dent in all of that darn data that you can't monetize the way you'd wish, but we certainly know that you wouldn't dream of implementing content spying just to make yourself and the entertainment moguls mere money! And ya' know what? If people don't want to believe that you'd do this all out of a true concern for society and not just a matter of simple greed, you should just tell 'em to go stuff themselves! After all, you're not Google! You don't have a "don't be evil" creed. You're AT&T. You're the phone company. You're an ISP. You're allowed to be evil! Show us what you're made of, AT&T! Be a real example for other ISPs! It's your network. It's your data! We peon Internet users will just have to learn to fall into line with your world view, or go back to smoke signals and cave paintings. Now get out there and show those beer-infused guys who founded this country -- and who scribbled down all of that constitutional nonsense -- just how obsolete their notions really are in the 21st century! Make Big Brother Mother Bell proud! And thank you for using AT&T. --Lauren-- |
"I'll get you, my pretty -- and your little dog, too!" Greetings. The New York Times is reporting that NBC, Microsoft, AT&T, digital filtering companies, and other assorted spooks were all abuzz at the Consumer Electronics Show over the prospects for spying on and preventing -- oops, I mean "filtering" -- of Internet content at the network level, as demanded by the RIAA, MPAA, and, well, you know the drill. This topic has come up so often lately that I wouldn't even mention it again here except for a quick prediction and an observation. Prediction: Such attempts to detect, block, or alter Internet traffic flows by ISPs will accelerate widespread user moves toward pervasive Internet encryption and "underground" applications, on a scale that couldn't even be imagined today. That's not to endorse piracy. As I've noted many times before, I've been very sympathetic to the intellectual property concerns involved. However, I must admit that as these guys have become more and more intrusive (remember the calls for DRM to be embedded into A/D converters?), my sympathy is waning with increasing speed. Content filtering conducted by individual Web sites is between those sites and their users. Spying on or interfering with the core Internet and primary user connections is unacceptable prying and interference. Observation: The closing paragraph of the NYT story reads: After the session, [Mr. Cicconi of AT&T] told me that ISPs like AT&T would have to handle such network filtering delicately, and do more than just stop an upload dead in its tracks, or send a legalistic cease and desist form letter to a customer. “We’ve got to figure out a friendly way to do it, there’s no doubt about it,” he said. I particularly enjoy the word delicately in this context. I'm reminded of the Wicked Witch of the West's concern in 1939's The Wizard of Oz: "These things must be done delicately ... or you hurt the spell ... " If ISPs and their brethren insist on trying to turn the Internet into a commercial surveillance pipeline, we can be sure that the Net's technology and users will find suitable responses. There is, after all, more than one way for a house to fall on a witch. --Lauren-- |
Greetings. You've probably heard the tragic story of the 13-year-old girl who committed suicide after being spurned by a MySpace identity she thought was a 16-year-old boy, but that actually was a profile created by the mother of a neighborhood parent. It's a sad event indeed, and the perpetrator certainly deserves condemnation, even though a suicide was not a reasonably predictable outcome of the very unfortunate exchange. Prosecutors in Missouri, where the girl lived, were unable to find a statute that would apply in such a case, but federal prosecutors here in L.A. (MySpace is based locally in Beverly Hills) are reportedly exploring prosecuting the parent under federal wire fraud statutes -- which can carry penalties of up to 20 years in prison -- apparently for not being truthful in the associated MySpace profile. Much as I understand the emotions in play, such a move could potentially carry awesome negative consequences for the open use of the Internet. If anyone reading this blog entry has never provided false information about their name, age, sex, location, or other characteristics to a Web site, you should definitely be considered for a sainthood somewhere down the line. The precedent that could be set by prosecuting a social networking profile that contained false information could strike a blow to the basic concepts of anonymity that protect Internet users from a wide variety of privacy-invasive practices. While one could argue that prosecutors would only go after egregious cases, we also know that prosecutorial overreaching and misconduct are not infrequent occurrences. If this particular sad case becomes an excuse to squash anonymity on the Internet, by criminalizing the creation of pseudonym-identities in situations where the commission of crimes is not contemplated, we will be entering into very dangerous territory indeed. There have already been legislative efforts to require verifiable ID for social networking sites, which could rather easily evolve into an "Internet driver's license" and requirements that virtually everyone on the Net be provably identified at all times online. This would primarily push "undesirable" activities totally underground and do even more damage, but the political attractiveness of such an approach might be undeniable among the usual suspects. Attempts to blame and constrain the Internet in response to human tragedies are almost always misguided and replete with the potential for widespread collateral damage. They're traps that we should do our utmost to avoid, even in -- especially in -- the most emotionally heartrending of cases. --Lauren-- |
Greetings. Yesterday I briefly discussed the government's inane plan in Australia for mandatory ISP blocking of material considered "inappropriate" for children, to be enforced on all home and school customers unless they opt-out with their ISP ("raise your hand if you want the filthy, disgusting porn feed!"). As I've previously suggested, if customers wish to voluntarily sign-up to use blocking software (which typically allows for some degree of customization), or subscribe to an Internet feed supposedly "sanitized" via a government purity list (doomed to be unsuccessful, but more on that later) that's a valid choice, but forcing subscribers to opt-out is a reversal of a basic freedom of speech principle and cannot be condoned. I'm reminded of a scene in Woody Allen's 1971 film Bananas, where he's subjected to a very loud and embarrassing price check while attempting to nonchalantly buy an "adult" magazine (praise be to YouTube, here's the scene itself -- at least for now ...) But beyond this aspect, the practical ramifications of such blocking are staggering, even apart from the fact that kids will be the very first to find the virtually infinite ways around such attempts at prohibition. What would the government block? Photos? Movies? Texts? Hardcore porn? "Suggestive" material? And speaking of YouTube, will Australia attempt to block that entire site? There's plenty of "naughty" stuff on YouTube, with more pouring in all the time, much of it uncategorized in any way that would simplify the blocking process. Or perhaps Australia will simply choose to place the entire operations of Google on their default block list. After all, search engines are a veritable cornucopia of "inappropriate" material that can be located with great ease. Google's cache will usually give access to the text portions of sites even if those sites are directly blocked to customers. And what of Google Images? Without even changing any settings from their defaults, Google Images can provide virtually endless photos and drawings (albeit somewhat small) that the Australian government would no doubt consider to be "inappropriate" or worse. And this brings us to the crux of the matter. Google and other search engines cannot be reasonably expected to be the arbiters of such materials in furtherance of censorship, and even when they're pressured into bed with government censors as the cost of access, the associated blocking will be pitifully ineffective, while still managing to do significant collateral damage to personal freedoms and privacy principles of the most fundamental order. In the long run, attempts to "effectively" forbid access to a set of Internet sites and/or to censor the contents of search engines, are likely to lead toward defining not those sites that are blocked, but rather a relatively small set of constrained sites that are the only ones permitted. In essence, all that is not explicitly authorized becomes forbidden. This is not a recent phenomenon of course. Such control has been the dream of totalitarian regimes and rulers since the invention of the printing press, and earlier. In the modern age, even when veneered with privacy-invasive "opt-out" provisions, we're seeing the same old dark specter of government control combined with shameless pandering to the most emotional fears of the populace, with the technical realities of the situation purposely marginalized or completely ignored. Luckily for us all, the Internet is a much more powerful tool for freedom of speech than the would-be dictators of decency can possibly realize. But the damage that can be done simply through attempts to choke the Net is still very real, and the risks of these efforts disrupting the delicate balance that keeps many societies free are omnipresent. The resulting negative impacts for everyone could be far worse than embarrassment from buying a magazine, of that much we can be sure. --Lauren-- |
Greetings. Can excessive ultraviolet light exposure cause brain damage to politicians? One might think so after reviewing the Australian government's plan to require ISPs to perform Chinese-style blocking of Internet sites that the government considers to be "inappropriate" for children -- based on a government blacklist. Down in the merry old land of Oz, this mandatory blocking would apply by default to all home and school Internet subscribers. ISPs would have to be contacted individually by users who wished to obtain an unblocked feed by being added to an opt-out list (which I suspect would rapidly become known as the "pervert list" by the Australian overlords of Internet decency). I won't insult your intelligence by listing here the myriad reasons -- you know them as well as I do -- why such a plan is doomed to failure (but I will note that even the so-called "Great Firewall of China" Internet blocking infrastructure leaks like a sieve -- and that's in an environment where penalties can be very harsh indeed). Obviously, what we're actually looking at in the Australian case is political grandstanding of the most base sort. To make censored feeds available upon request is one thing, but to make censorship the default and then require persons to specifically identify themselves to opt-out is turning the concept of freedom of communications on its head. Speaking of heads, it wouldn't hurt the politicians down under to stay out of the summer sun, or at least wear hats more often. Fried brains are not conducive to the creation of sensible Internet (or any other) policies. And since the inane COPA and similar Internet censorship laws are still bouncing around the courts here in the U.S., the same prescription might well apply to our own politicians as well. "Quis custodiet ipsos custodes?" --Lauren-- |
Greetings. Would you even know if an ISP spied on or tampered with your Web communications? While encryption is the obvious and most reliable means available to avoid unwanted surveillance or intrusions into the data streams between Web services and their users, it's also clear that pervasive encryption will not be achieved overnight. In the meantime, we see ISPs apparently moving at full speed toward various data inspection and content modification regimes, and laws to protect Web services and their users from inappropriate or unacceptable ISP actions are being fought tooth and nail by ISPs and their corporate parents. Some announced concepts, like AT&T's alarming plans to "monitor" Internet communications to find "pirated" content, appear most akin to wiretapping in the telephone realm (would people accept the monitoring of all phone calls in search of any illegal activity? Even given the current telcos/NSA controversies, I would tend to doubt that this would be widely applauded). Others, like Comcast's unacceptable disruption of P2P traffic, appear to partly be extremely aggressive "traffic management" and partly outright packet forgery in the furtherance of interfering with communications. And of course, we still have the ongoing Rogers saga, where direct modification of data streams to insert ISP-generated messages or, as suggested by related hardware vendor, advertising, is the order of the day. Encryption is the only sure approach to deal with the potential for ISP (or other) surveillance on Internet connections, and even encryption will permit a significant degree of traffic analysis in the absence of anonymized proxy architectures. But in the case of ISP tampering with data streams, is there anything we can do for now -- short of the goal of full-page encryption -- to inform users that their Web communications are being adulterated? Can a Web service be sure that their users are able to see the actual Web pages that are being transmitted -- unmodified by ISPs? Can this be accomplished with the highly desirable attribute of not requiring major server-side modifications to the Web pages themselves? There are a number of non-trivial issues to consider. First, as we all know, a Web page is frequently composed of many disparate elements, often hosted by a variety of completely different servers under the control of multiple entities. How can we define "a Web page" in a way that takes all of these elements and data sources into account, especially when each user may see not only differing primary text and images, but totally different ads? Would the amount of real-time data coordination necessary to create and communicate such a single-user page "validation snapshot" be practical, or useful in a relative sense given the amount of work that would be required? Assuming that we can create such a snapshot, a secure mechanism to immediately transmit this validation data to the user's Web browser would then be necessary, bringing back into the mix the probable need for some encrypted data, albeit of a very small amount as compared with fully encrypted Web pages. The last step in the validation process would be for the user's Web browser (or a suitable plugin) to alert the viewer in the case of suspected data tampering, along with providing necessary details that would be useful in logging and/or reporting the incident. I won't get into technical details here on approaches to the nitty-gritty aspects of this concept. I have some ideas on implementation techniques, though I'd much rather see a rapid move toward full encryption. However, I would certainly be interested in your thoughts regarding this concept of Web page validation and whether or not it might have a useful role to play, particularly to help gather evidence that might be useful in the ongoing network neutrality debates. Thanks as always. --Lauren-- |
Greetings and Happy New Year! If you've ever wondered how low some government officials might sink to try push through a tax that they know is unpopular -- such as on telephone services and the Internet for example -- you need look no further than the upcoming presidential primary ballot here in L.A. for this coming February 5th. Rushed onto the ballet is a little gem called Proposition S. I don't much mind when tax proposals are presented in an honest manner, but Proposition S is ... well ... "instructive" is one word that comes to mind. The other words I might choose aren't appropriate for this venue. While the outcome of "S" will only directly affect those living in Los Angeles, anyone might still wish to listen to the very short audio piece (well under two minutes in length) that I've put together as a hopefully useful -- and for me, emotionally cathartic -- gesture toward the goal of a well-informed electorate. After all, you never know when your own local politicos might try the same ballot stunt in your neighborhood. The audio presentation is called: "S" is for Sneaky: L.A.'s Telephone & Internet Tax Proposition Proposition S would almost be funny, if it wasn't such an embarrassment! --Lauren-- |