Access Denied! Why You Should Care about Net Neutrality

This article was originally featured on the Truman National Security Project’s Doctrine Blog on April 26, 2017.

If you get frustrated when it takes longer than normal for a site to load or appreciate the freedom to visit the site of your choosing without impediment, you should be watching what happens with net neutrality.

But what is net neutrality? Often referred to as “Open Internet,” net neutrality is the underlying principle of the Internet that internet service providers (ISPs) provide open and consistent access to any application or content that rides over their networks. This prevents ISPs that provide broadband and telecom service, like AT&T and Comcast, from also providing preferential treatment to companies willing and able to pay more for faster speeds. After all, if ISPs aren’t required to maintain consistent connectivity, consumers will likely limit their searches and consumption to sites that load easily.

Net neutrality additionally prevents the ISPs from blocking content of their choosing, which becomes important in that such blocking can put limits on free speech and press. The Internet is often a platform for marginalized voices. Small businesses, people of color, citizens of oppressive regimes, and activists can use the Internet to amplify their otherwise discreet and often silenced messages. Without net neutrality, ISPs could block unpopular speech and prevent dissident voices from speaking freely online. Without net neutrality, we may not know of many of the injustices perpetuated around the world or in our own back yard! On another note, less politically harmful but equally as disruptive, you may not be able to find the business or product you’re looking for or watch the movie of your choosing without an additional fee. Equally alarming, limited access to information and content can also impede competition, therefore potentially manipulating the market.

No matter your economic status, political beliefs, racial identity, sexual orientation, or ISP, you deserve to have the same access to any website you choose to visit. However, FCC Chairman Ajit Pai has a draft plan, which he has not presented publicly, that will reportedly severely weaken net neutrality rules for all. Instead of clear rules that require ISPs to treat all data the same, Pai is proposing a voluntary system where providers promise in writing they will not block web pages or slow down traffic. Theoretically, under his plan, as long as ISPs commit to protecting net neutrality in their terms of service, the FCC can eliminate its rules defaulting to the Federal Trade Commission (FTC) to punish ISPs that do not comply with their net neutrality promises.

This may sound “ok” on the surface, but ISPs would only be bound by net neutrality requirements to the extent they promise to follow them — no standardization or mandatory level of protection. This type of voluntary system leaves too much room for “creativity” on how to make money by manipulating internet traffic or how to silence unwelcomed perspectives. Importantly, this construct would require changes to FTC Act, leaves unclear how consumers would know whether content is being blocked in order to file a claim, and requires claims be tied to consumer harm. Additionally, there isn’t enough competition among telecom and broadband providers to demand compliance. Not to mention, there is little to stop ISPs from removing net neutrality clauses from their terms of service in the future.

Essentially, the greatest attribute of the Internet is its freedom, and the ability to search without restriction or limit is fundamental to such freedom. Rolling back current consumer and competition protections stands in direct opposition to maintaining a free and open internet.

In 2014, citizens and businesses successfully cried out for protection from manipulation of service speeds and paid prioritization. Then FCC Chairman Wheeler released rules, “the Open Internet Order,” one year later. Earlier this month, current FCC Chairman Pai discussed plans for net neutrality with the Internet Association — a lobbying group representing Facebook, Google, Twitter, and other large tech companies — and the organization took to the media to underscore their support for these rules. Internet Association members have made clear they are prepared to fight against any dilution of net neutrality rules. Hopefully, this strong show of support for strong net neutrality will cause Chairman Pai to reimagine his plan.

On the heels of President Trump signing the Congressional resolution to overturn Internet privacy rules — the first sign of an agenda to roll back FCC protections implemented in recent years — Pai’s inclination toward a voluntary framework is a call to vigilance, if not a call to action, for those invested in and enjoying net neutrality.

This week, members of Congress have answered the call by requesting Pai to reveal his net neutrality plans. Democracy and a stable economy demand access to information. Every citizen and business who values the freedom to search the Internet without restrictions and receive all content consistently should lend their voice to preserving net neutrality rules.

View at Medium.com

Conversational Commerce: Are You Ready?

Guest post by Jason Miller.

Texting Dominos a pizza emoji and a deliveryman showing up at you door “30 minutes” later with a pizza exemplifies the integration of Business to Consumer (B2C) transactions. Well, the same transactional principles may forever change the B2C relationship. Imagine if instead of sending a text and receiving a pizza, you could text your local grocery store your shopping list or text Amazon about a product you want—and have it delivered the same day.

These possibilities represent the next evolution of the B2C relationship called, “conversational commerce,” which has already taken Asia by storm. It allows users to order on-demand services and products through text messages or other messaging services, established a new commercial platform that may change the game yet again. TechCrunch reported that: China’s WeChat generates over $1B in revenue from its 440 million users, which allows them to use text messages to their pay bills and order products, while Japan’s LinePay takes a similar approach.

The principle is most mobile-phone users spend most of their time texting; why should they have to switch a different app, search for the product, enter their payment information, and then place their order. But soon consumers will be able too simply send a text to the company they wish to make a purchase from. Expanding texting’s potential to making payments, buying products, etc. may alleviate these cumbersome tasks altogether.

While at first-glance commercial communication may seem a bit novel, the United States has certainly taking notice of its impact in Asia. American tech-giants, like Facebook and Google, are jumping on the bandwagon. TechCrunch noted that Facebook, for example, is in the process of implementing these capabilities into their “Messenger App,” allowing users to order food and even speak with businesses directly. Meanwhile, many start-ups have also developed to take their share of this expanding market. Such as Magic, a concierge-type delivery service that lets uses order almost any product for delivery through text, which oddly enough I started using the day I read about it.

Though the market is young in the States, its validity as a commercial platform is clear and a possibly lucrative one at that. If there’s money to be made, then I think its safe to presume that large companies will attempt to adapt their current systems to implement this developing commercial space within their business model (i.e., Facebook, etc.). Hopefully allowing me text a masseuse to and recreate my favorite scene from Boy Meets World; Griff was my hero.

Note from the Digital Counselor:

Entrepreneurs and small business owners should be on the look out for ways to integrate this into their business model. Early adoption could be a standout feature and create a niche that may enable rapid growth. However, rapid growth necessitates the ability to scale quickly, which can be hard for a small business with little capital. Although a great tool, businesses looking to implement must look at potential impacts to their business model and ultimately their bottom line.

About the Author:

Jason Miller is law student at American University Washington College of Law. Jason is originally from Rockville, MD, and studied communications at University of Maryland. While in undgrad, Jason & his friends founded a globally followed music blog, with about 100k unique visitors per month. After graduating, Jason worked at the U.S. Senate for two years before going to law school.

 

Disclaimer: The views expressed here are solely those of the author in his private capacity and do not in any way represent the views of TheDigitalCounselor.com, any other poster/blogger of this blog or any entity affiliated with blog posters. Any comments by TheDigitalCounselor.com do not reflect the views or ideas of any organization or individual that may or may not be affiliated or associated. 

Accepting Guest Blog Posts

I have accepted a position that will not allow me to write in 2016. However, I want to continue to provide information on cyber, intellectual property (IP), social media, security, privacy, and technology law and policy to you all.  So…. I am accepting  submissions from guest bloggers!

Please send me your best cyber, IP and tech law and policy posts. Many of this blog’s followers are entrepreneurs, technophiles, tech novices, bloggers, social media user and those intrigued by tech, so please cater your posts to that audience. Please send posts to thedigitalcounselor@gmail.com. I will notify you if your post is selected.

Thank you for your submission, in advance, and more importantly, THANK YOU FOR READING!

I hope the readers find previous posts and any information others are able to provide in my absence helpful! And I look forward to returning in 2017!!

Millions of Gmail Usernames & Passwords Leaked! How do you protect yourself?

This morning Freedom Hacker reported that 5 million gmail usernames and passwords had been dumped on reddit’s netsec section linking to the another website hosting the leaked gmail accounts. They caution against checking if your password is secure because it appears scams are already appearing or Reddit users are getting ready for the scams to come.
According to one security firm the data is old and likely sourced from multiple data breaches. “The security of our users is of paramount importance to us,” a Google representative said Wednesday via email. “We have no evidence that our systems have been compromised, but whenever we become aware that an account has been compromised, we take steps to help our users secure their accounts.”

It is highly recommended you change your email password regardless and turn on a form of two-factor authentication to heighten security and prevent any possible future attacks.

Here are some other tips to protect your accounts and private data:

  • Do no use the same password or variations of the same password for your accounts
  • Change your account passwords frequently.
  • Always check you bank accounts and other financial accounts fro fraudulent charges.
  • Review your credit report for fraud at least annually.
  • Have two-factor authentication whenever possible.
  • The longer the password is, the exponentially more difficult it becomes to crack.
  • To help remember the password, use it immediately. Then log in and out several times the first day.
  • Do not provide your password or other private data when solicited via email or phone, this could be a social engineering attempt. Most reputable companies will not ask for this information via email and financial institutions NEVER do. If they claim there is an issue with your account do not click on the link provided go to the company’s main website and access your account from there.
  • Report attacks and social engineering attempts to the company being impersonated.
  • NEVER give your password to anyone!

Please go and change your gmail password and if you have not changed your other passwords in a while use this as an opportunity to do so!

Stay safe & smart!

 

How Much of Your Data can Apple Hand to Law Enforcement?

We are all aware (or at least we should be) that our telecom providers are handing over our data to the police when necessary. Well have you ever wondered just how much and what it takes to get that data? iphone-privacy-2011-04-06-1302104043Apple posted their new guidelines describing what data the company can provide to law enforcement and the processes for requesting that data.

The document breaks it down into two basic types of data: information stored on Apple’s servers and information stored locally on iOS devices.  I have outlined the kinds of data and how they can be obtained in a chart below.

Essentially anything you’ve backed up to or stored on iCloud is available for Apple to provide to law enforcement, including connection logs and IP addresses you’ve used. Additionally a lot of the data associated with your Apple ID is available as well. Therefore, any information you’re providing Apple is available for them to pass along. This is something to consider when deciding if or what to back up on iCloud.  You may want to avoid backing up sensitive company data or private information on iCloud. Some information cannot be avoided, such as anything associated with your Apple ID.

Can they access data on my iOS device???

Yes. Apple can bypass security passcodes on our iOS devices to extract “certain categories of active data,” though it apparently cannot bypass that protection entirely. If provided with a valid search warrant, Apple can hand over SMS messages, pictures and videos, contacts, audio recordings, and your phone’s call history, but it can’t access e-mails, calendar entries, or information from third-party applications. Devices must be running iOS 4 or newer, must be “in good working order,” and must be provided directly to Apple’s headquarters along with an external storage drive twice the size of the iOS device’s internal storage.

Will I know if this is happening?

Maybe. The guidelines state that Apple will “notify its customers when their personal information is being sought in response to legal process except where providing notice is prohibited by the legal process itself.” Apple will also avoid notifying users if the company “believes that providing notice could create a risk of injury or death to an identifiable individual or group of individuals or in situations where the case relates to child endangerment,” though this is entirely up to Apple and not to the law enforcement agencies involved. These notification requirement will help prevent random and unfounded searches.

What is missing?

The policies and capabilities surrounding iCloud Keychain, iMessages and FaceTime calls are unclear and disputed. Apple claims iMessage & Facetime are encrypted but there is some speculation otherwise.

Is this unusual?

No, other tech companies have similar policies. For example, Google provides a similar “Transparency Report” outlining the types of data available to law enforcement. The notification policy is new and several other tech giants, including Facebook and Microsoft, have already indicated that they plan to expand their policies on notifying customers whose data has been requested by law enforcement

 

Where is the Data? Type of Data Means to Obtain Data Restrictions
Information stored on Apple Servers Data Associated with your Apple ID contact inormation obtainable with a subpoena or greater legal process
customer service records
transaction history both in store & online
iTunes gift card information
Data Associated with your iCloud Account connection logs & IP address used Any iCloud information that the user deletes cannot be accessed.
60 days of iCloud mail logs that “include records of incoming and outgoing communications such as time, date, sender e-mail addresses, and recipient e-mail addresses” e-mail logs require a court order or search warrant
any e-mail messages that the user has not deleted requires a search warrant
any other information that can be backed up to iCloud – As of this writing, this list includes contacts, calendars, browser bookmarks, Photo Stream photos, anything that uses the “documents and data” feature (which can include not just word processors but also photo and video apps, games, and data from other applications), and full device backups
Information stored locally on iOS devices SMS messages requires a search warrant – Devices must be running iOS 4 or newer, must be “in good working order,” and must be provided directly to Apple’s headquarters along with an external storage drive twice the size of the iOS device’s internal storage. Cannot access e-mails, calendar entries, or information from third-party applications
pictures and videos
contacts
audio recordings
phone’s call history

New gTLD Timelines

ICANN
New gTLD timeline

ICANN has released two new timelines for when we can expect the launch of the first new gTLDs (the part of the URL behind the “.” such as “.com” or “.mobi”).

The launch of these new gTLDs will have a lasting and significant effect on the way we use and operate the Internet. This fact is why new gTLDs have yet to launch. The industry is a buzz with the pros and cons of every aspect of this change. The confusion of consumers, protecting intellectual property, domain name approvals, potential monopolies, privacy, and other business concerns are on the forefront.  No interest group wants things to remain the same but with competing interests and priorities carving out new policy has been slower than anticipated.

I encourage consumers to remain aware of this development. This will develop the way we consume online information.   I will continue to write about the developments. Also visit some of my previous posts such as Will You Be Confused When the New gTLDs Launch?  Visit ICANN’s site on new gTLDs for developments.

What are you concerned about? Are you interested in hearing more about the effect this will have on businesses and families?

 

Who Runs the Internet?

I know a lot of you are confused or have questions about exactly how the internet is run.  ICANN has released a graphic that aims to provide a high-level view of how the internet is run. Quoting from the document:

No One Person, Company, Organization or Government Runs the Internet
The Internet itself is globally distributed computer network comprised of many voluntary interconnected autonomous networks. Similarly, its governance is conducted by a decentralized and international multi-stakeholder network of interconnected autonomous groups drawing from civil society, the private sector, governments, the academic and research communities, and national and international organizations. They work cooperatively from their respective roles to create shared policies and standards that maintain the Internet’s global interpretability for the public good.

Who Runs the Internet? Graphic designed to provide a high-level view from ICANN (Click to Enlarge)

Protecting the Mobile App Space

Mobile apps are the new frontier.  With every new terrain comes a lot of risks and eventually regulation.  About 8% of Android apps are vulnerable to attacks as a result of weak SSL implementations, according to a new computer security study. SSL/TLS are cryptographic protocols used to secure online communications. According to Information Week Security “Security researchers in Germany analyzed 13,500 free Android apps from Google Play and found that 1,074–about 8%–contain SSL/TLS code that could potentially make them vulnerable to what’s known as a Man-in-the-Middle (MITM) attack.”

Although not a new problem, attackers are increasingly using a simple method for finding flaws in websites and applications: They Google them. Using Google code search, hackers can identify crucial vulnerabilities in application code strings, providing the entry point they need to break through application security. In Information Week Security’s report, Using Google To Find Vulnerabilities In Your IT Environment, we outline methods for using search engines such as Google and Bing to identify vulnerabilities in your applications, systems and services–and to fix them before they can be exploited.

In light of these attacks, privacy and security are increasing concerns. In response to these issues California has implemented the California Online Privacy Protection Act — a.k.a. CalOPPA. Under this act, California is set to begin fining mobile app developers that release apps that lack a clear and easily accessible privacy policy. Attorney General Kamala D. Harris started notifying businesses this week that their apps did not have easily accessible privacy policies, as required by the state’s Online Privacy Protection Act. The warnings affect as many as 100 apps.

Violators will face fines of up to $2,500 for every non-compliant app that gets downloaded. Businesses that received the state’s privacy-warning letters this week included the airlines Delta and United Continental, as well as OpenTable, reported Bloomberg.

Earlier this year, Harris helped create an agreement among the seven leading mobile and social app platforms to improve privacy protections for those who use apps on their smartphones, tablets, and other electronic devices. According to her release, these companies – Amazon, Apple, Facebook, Google, Hewlett-Packard, Microsoft, and Research in Motion – agreed to privacy principles designed to bring the industry in line with California law requiring mobile apps that collect personal information to have a privacy policy.

The agreement allows consumers the opportunity to review an app’s privacy policy before they download the app rather than after, and offers consumers a consistent location for an app’s privacy policy on the application-download screen in the platform store.

“Smartphones are in my opinion the greatest threat to loss of intellectual property and concern about privacy,” said Darren Hayes, an assistant professor and expert in computer forensics at Pace University. “There are mobile apps that are masked as legitimate games which compromise other data on your phone. More aggressive privacy laws may mitigate some of the risk.”

A lot of apps would have to be updated to include the privacy notice. I hope 30 days is sufficient to make the necessary changes for affected applications.

Mobile security experts and vendors said the crackdown was good for the industry, because it would boost California consumers’ confidence. California is one of the most aggressive states in the nation on privacy protection.

This could be the catalyst necessary to make other states demand greater privacy protection. The problem is always in balancing protecting privacy with limiting speech. This is only the beginning….