Access Denied! Why You Should Care about Net Neutrality

This article was originally featured on the Truman National Security Project’s Doctrine Blog on April 26, 2017.

If you get frustrated when it takes longer than normal for a site to load or appreciate the freedom to visit the site of your choosing without impediment, you should be watching what happens with net neutrality.

But what is net neutrality? Often referred to as “Open Internet,” net neutrality is the underlying principle of the Internet that internet service providers (ISPs) provide open and consistent access to any application or content that rides over their networks. This prevents ISPs that provide broadband and telecom service, like AT&T and Comcast, from also providing preferential treatment to companies willing and able to pay more for faster speeds. After all, if ISPs aren’t required to maintain consistent connectivity, consumers will likely limit their searches and consumption to sites that load easily.

Net neutrality additionally prevents the ISPs from blocking content of their choosing, which becomes important in that such blocking can put limits on free speech and press. The Internet is often a platform for marginalized voices. Small businesses, people of color, citizens of oppressive regimes, and activists can use the Internet to amplify their otherwise discreet and often silenced messages. Without net neutrality, ISPs could block unpopular speech and prevent dissident voices from speaking freely online. Without net neutrality, we may not know of many of the injustices perpetuated around the world or in our own back yard! On another note, less politically harmful but equally as disruptive, you may not be able to find the business or product you’re looking for or watch the movie of your choosing without an additional fee. Equally alarming, limited access to information and content can also impede competition, therefore potentially manipulating the market.

No matter your economic status, political beliefs, racial identity, sexual orientation, or ISP, you deserve to have the same access to any website you choose to visit. However, FCC Chairman Ajit Pai has a draft plan, which he has not presented publicly, that will reportedly severely weaken net neutrality rules for all. Instead of clear rules that require ISPs to treat all data the same, Pai is proposing a voluntary system where providers promise in writing they will not block web pages or slow down traffic. Theoretically, under his plan, as long as ISPs commit to protecting net neutrality in their terms of service, the FCC can eliminate its rules defaulting to the Federal Trade Commission (FTC) to punish ISPs that do not comply with their net neutrality promises.

This may sound “ok” on the surface, but ISPs would only be bound by net neutrality requirements to the extent they promise to follow them — no standardization or mandatory level of protection. This type of voluntary system leaves too much room for “creativity” on how to make money by manipulating internet traffic or how to silence unwelcomed perspectives. Importantly, this construct would require changes to FTC Act, leaves unclear how consumers would know whether content is being blocked in order to file a claim, and requires claims be tied to consumer harm. Additionally, there isn’t enough competition among telecom and broadband providers to demand compliance. Not to mention, there is little to stop ISPs from removing net neutrality clauses from their terms of service in the future.

Essentially, the greatest attribute of the Internet is its freedom, and the ability to search without restriction or limit is fundamental to such freedom. Rolling back current consumer and competition protections stands in direct opposition to maintaining a free and open internet.

In 2014, citizens and businesses successfully cried out for protection from manipulation of service speeds and paid prioritization. Then FCC Chairman Wheeler released rules, “the Open Internet Order,” one year later. Earlier this month, current FCC Chairman Pai discussed plans for net neutrality with the Internet Association — a lobbying group representing Facebook, Google, Twitter, and other large tech companies — and the organization took to the media to underscore their support for these rules. Internet Association members have made clear they are prepared to fight against any dilution of net neutrality rules. Hopefully, this strong show of support for strong net neutrality will cause Chairman Pai to reimagine his plan.

On the heels of President Trump signing the Congressional resolution to overturn Internet privacy rules — the first sign of an agenda to roll back FCC protections implemented in recent years — Pai’s inclination toward a voluntary framework is a call to vigilance, if not a call to action, for those invested in and enjoying net neutrality.

This week, members of Congress have answered the call by requesting Pai to reveal his net neutrality plans. Democracy and a stable economy demand access to information. Every citizen and business who values the freedom to search the Internet without restrictions and receive all content consistently should lend their voice to preserving net neutrality rules.

View at Medium.com

Advertisements

Do Not Track Me… But Cater to Me

We have all become accustomed to having our technology cater to most of our needs in very personal way. However, we all desire to retain a certain amount of privacy.  For example, our cellphones track our every move and click while occasionally make calls – and yet we would be lost without the maps and ability to request anything from “Siri.” Our cable boxes may bring our favorite shows and movies but they also report back to providers all of your family’s television viewing habits.  We all appreciate the convenience that customization provides however that means a loss of privacy….

Why Are We Worried?
The latest buzz word is the The Internet of Things (IoT). What is that? “The Internet of Things” refers to the concept that the Internet is no longer just a global network for people to communicate with one another using computers, but it is also a platform for devices to communicate electronically with the world around them. The result is a global “network of physical objects that contain embedded technology to communicate or interact with people, things, and the external environment. It includes everything from traffic sensors to refrigerators, thermostats, medical devices, and wristwatches that can track or sense the environment and use the data they collect to provide a benefit, or transmit the data to a central repository for analysis, or both.”

This network of objects enables providers of goods and services to use your personal behavior to profile and evaluate your activities and habits.  The Internet of Things will result in increased data collection, amplifying the importance of simplifying choices and giving control to individuals with real-time notices. Transparency will facilitate consumer understanding of the collection, use and sharing of personal data. However, there is a real danger of data being used in unexpected ways. The Internet of Things has created a potential perfect storm of four major information policy concerns: online safety, privacy, security, and intellectual property issues. The goal is to determine what “reasonable” expectations regarding data usage should be, and then manage consumer expectations accordingly. Measures ensuring the network’s resilience to attacks, data authentication, access control and client privacy need to be established.  An ideal framework would consider the underlying technology and involve collaboration on an international scale.

The need to balance reasonable activity on the Internet and use of The Internet of Things with responsible privacy protections is exponentially increasing. This balance is extremely important because the last thing we want is to stifle innovation by over legislating this area.

Laws to Watch
At least 14 states have proposed legislation on the 2014 docket that is intended to increase privacy protection for consumers and limit both government and private sector surveillance via the Internet of Things. At the federal level, several bills are already making their way through Congress.

State
AB370, an amendment to the California Online Privacy Protection Act of 2003 (“CalOPPA”). CalOPPA requires owners of commercial websites and online service providers (“operators”) to conspicuously post a privacy policy. The privacy policy must disclose to consumers, among other things, the categories of personally identifiable information (PII), such as name, hone address, email address, social security number,  the operator collects and with whom the operator shares such information. Operators affected by CalOPPA include website operators and, as interpreted by the California Office of Attorney General, operators of software and mobile apps that transmit and collect PII online.

Federal 
The Black Box Privacy Protection Act is a bill in front of Congress that prohibits the sale of automobiles equipped with event data recorders-unless the consumer can control the recording of information. Additionally, the data collected would belong to the vehicle owner.

The We are Watching You Act is a bill in front of Congress that requires the operator of a video service (such as a DVR or Xbox) to display the message “We are watching you” as part of the programming provided to the consumer prior to the device is collecting visual or auditory information from the viewing area. This is not likely to pass but its a sign of legislation to come.

The Federal Trade Commission (FTC) has this phenomenon on its radar, it hosted an all-day workshop entitled, “Internet of Things: Privacy and Security in a Connected World in November. The FTC has also released a number of reports and guidelines that direct business on how to protect consumer privacy.

International 
With Internet Governance on the forefront of international discussion, international “Internet of Things” legislation is not the priority and likely to be left up to each country to decipher. International collaboration on issues like this early is one out come I hope comes from these Internet Governance talks…. but we’re a long way out from that happening.

The examples listed are a narrow sampling of privacy legislation designed to protect users from unwanted intrusions. Most notably, states have passed a number of laws protecting privacy rights in recent years.

Conclusion
The Internet of Things will bring tremendous new benefits to consumers but we must balance the need for consumer privacy. State, federal and international regulators must work to restrict government and private-sector collection and control of the data IoT will create. In the meantime, make sure you are aware of the information you provide through your IoT. Explore privacy settings and read privacy policies if you are concerned about sharing too much data with providers. Know what your priorities are as it relates to customization and privacy. If you value convenience and do not mind a prying eye or two, if it means a personalized user experience, share your data freely. However, if you value preserving your privacy be proactive about doing so until lawmakers can find the appropriate balance. Do not shun technology just educate yourself.

Security Risks & the Healthcare Roll Out

Anticipation of the healthcare roll-out tomorrow, October 1, 2013, has sparked heated debate and concern over costs, employer rescission of benefits, and questions about the Health Insurance Marketplace. One question, raised by the FTC and other stakeholders, remains to be fully addressed: What security measures will be put in place to protect Marketplace consumers from identity theft?

The new Health Insurance Marketplace allows you to fill out an application and see all the health plans available in your area. While all insurance plans are offered by private companies, the Marketplace is run by either your state or the federal government. As designed, consumers create an account online or over the phone with a “navigator.”  Under the Affordable Care Act (ACA), the government is training additional customer service professionals to help consumers “navigate” the Health Insurance Marketplace. To create an account, participants must provide their personal data such as household size, income, passport, address, and potentially a social security number for every member of the household that needs coverage. 

What measures are being taken to dispose of information gathered by customer service professionals? What safeguards are in place to prevent identity theft? Scammers are already calling consumers and pretending to be navigators to gather their personal information.  How will consumers know the difference?

​How to protect yourself in the interim:

  • Do not give personal information to cold calls or emails from navigators or others representing themselves as part of the Marketplace.
  • ​If you call-in or seek help in person, ask navigators what the internal policy is on handling your personal information. 
  • Share the least amount of information necessary when shopping for health plans.

For more information about the healthcare roll out visit healthcare.gov

Update October 1, 2013: The government has released the following on avoiding consumer fraud http://oig.hhs.gov/fraud/consumer-alerts/alerts/marketplace.asp

Snapchat images may come back to haunt you!

Snapchat is a mobile phone application intended to allow users to send photos to their friends and limit the amount of time for which the photos can be viewed.  Once the allotted viewing time has elapsed, Snapchat is supposed to delete the photos entirely from the recipient’s device as well as from Snapchat’s servers so that it cannot be accessed again. Many users send images to protect their privacy while enjoying the ability to share an image with another for brief intervals. Usually the user places a high value on the claim of permanent deletion following the reveal of the image. Snapchat has even implemented mechanisms to let sends know if recipient’s take screenshots of the images.Snapchat currently reports that its users send 150 million “snaps” per day a sign of its rising popularity. The question is are your snapchats really deleted?

Way back when Snapchat was first launched, Buzzfeed discovered a loophole that allowed cached Snapchat videos to be rewatched on an iOS browser like iFunBox. In response, Snapchat founder Evan Spiegal told Buzzfeed, “The people who most enjoy using Snapchat are those who embrace the spirit and intent of the service. There will always be ways to reverse engineer technology products — but that spoils the fun!”

The Electronic Privacy Information Center (EPIC), a self-described public interest research center focusing on privacy issues and consumer advocacy, filed a complaint with the Federal Trade Commission (FTC) on May 16, alleging that Snapchat’s representations that its users’ photos “disappear forever” once viewed by a recipient are deceptive and likely to mislead consumers.  The complaint alleges violations of Section 5 of the Federal Trade Commission Act and requests the Commission to investigate.

The complaint alleges that Snapchat does not delete a file after its been viewed instead Snapchat adds “.nomedia” extension tot he end of the file name which renders the file unviewable. However, any tech-savvy user could alter the file name by removing the “.nomedia” extension and the files are again viewable.

Since launch, Snapchat has slowly but progressively admitted that the app isn’t actually as privacy-friendly and secure as it’s made out to be. In fact Snapchat recently published a point-by-point blog post going over how it stores and deletes Snapchat data, with the tender warning at the very bottom that says, “If you’ve ever tried to recover lost data after accidentally deleting a drive or maybe watched an episode of CSI, you might know that with the right forensic tools, it’s sometimes possible to retrieve data after it has been deleted. So … you know … keep that in mind before putting any state secrets in your selfies :)”

Snapchat’s policies do not describe this process and do not advise users that the files are recoverable.  Snapchat’s privacy policy does, however, state that “[a]lthough we attempt to delete image data as soon as possible after the message is received and opened by the recipient. . . we cannot guarantee that the message contents will be deleted in every case “  For example, the policy goes on to state, “users may take a picture of the message contents with another imaging device or capture a screenshot of the message contents on the device screen.”

 
The complaint alleges that Snapchat’s representations to users “that photos sent using its app would be deleted after a user-designated amount of time” are “likely to mislead the reasonable consumer” and that those representations are material.  In addition to asking the FTC to investigate Snapchat’s claims that users’ images are permanently deleted, the complaint asks that the FTC require Snapchat to make improvements to its security practices to successfully delete users’ photos and to cure any deceptive statements about its services.

What does all of this mean for you?

BE CAREFUL!  As I continue to stress when dealing with social media, your content never really goes away! Everything online lives on.  This app is not an exception, at least not yet.

However, there is a lot of skill and effort involved in retrieving these images it is not likely that most recipients will expend the time and energy necessary to recover old images. They are more likely to screenshot the image upon receipt.

Lets be honest, Snapchat is a common medium for sexting and sending other inappropriate content… If you have to send it via Snapchat, can the recipient really be trusted and even more is it worth finding out?