The Security / Privacy Battle

SpyVsSpyEvery time there is some traumatic terrorism event like what just happened in Paris there is a renewed call by governments for better surveillance and security measures. And every time that happens, the advocates of privacy sound a loud warning. What I find most interesting about this back and forth between the two sides is that it’s not events or even public policies that are driving the battle between security and privacy, but technology.

Just during the last decade there has been a number of technologies that have assaulted our privacy – encryption, big data, cloud computing, and advertising spyware. And we are fast approaching new threats from drones and from Internet of Things sensors everywhere.

The real battle between security and privacy happens when we introduce new innovations that can invade our privacy followed by countermeasures against those new technologies. There are plenty of politicians on both sides of the privacy issue who think that creating new laws is the way to protect privacy. But there are no laws that are going to flexible enough to keep up with the new threats we are constantly seeing in the real world.

Consider the traditional privacy laws. There have been wire-tapping laws on the books for decades which are now completely obsolete. The FBI convinced the FCC a few decades ago to create a set of laws called CALEA that gives the FBI the right to subpoena ISPs and get the records of suspected law breakers. ISPs and telcos spend a lot of money to stay compliant with these rules and yet I can’t think of one of my clients that has actually gotten a CALEA request from the FBI. ISPs do often get requests from local law enforcement asking for calling records under older wire-tapping laws, but not a peep out of the CALEA folks.

And this is because those laws were obsolete before the ink was dry on them. The CALEA rules were written not long after we had migrated from dial-up to DSL and there was no such thing as the dark web and disposable cell phones and all of the other ways that serious criminals use to avoid law enforcement.

What typically happens with a new technology is that it gives one side – the police or the bad guys – a temporary advantage. But there is always a technological counterpunch as somebody on the other side figures out how to defeat and neutralize each new technological development.

Edward Snowden showed us that law enforcement sometimes is so desperate for an edge that they collect data illegally in violation of the basic rights granted to US citizens by the fourth amendment. But even that is only a temporary edge. There are now numerous groups developing strategies to counteract widespread government surveillance.

There have been numerous attempts to pass surveillance and security laws starting with the Patriot Act. But industry experts say that most of the laws that try to give the government more power are ineffective, again because technology moves a lot faster than legislative bodies.

So what we see is a cat and mouse game. The NSA spies on us and so companies like Apple develop encryption that makes it hard or impossible for the NSA to gather anything useful. And there are more and more web services that either automatically encrypt or which offer that as an option.

It seems that the privacy advocates are winning the long term fight, and this is because there are ways around almost any tool the government or big business can use to spy on people. I’ve read several articles recently that talk about how even in China people are finding ways to bypass the strict security of the Great Firewall of China. But the fight is a long way from over because there are always going to be tools that come out that can be used to spy on people and there will then be ways to defeat those measures. We are likely to see this battle for decades to come.

US and Europe at Odds over Privacy

Scales-Of-Justice-12987500-300x300A few weeks ago I wrote about the various battles currently raging that are going to determine the nature of the future Internet. None of these battles are larger than the battle between spying and surveillance, and citizens and countries that want to protect their citizens from being spied upon.

Recently, we’ve seen this battle manifest in several ways. First, countries like Russia and Thailand are headed down a path to create their own fire-walled Internet. Like the Chinese Great Firewall, these networks aim to retain control of all data originating within a country.

But even where the solution is not this dramatic we see the same battle. For instance, Facebook is currently embroiled in this fight in Europe. Facebook might have been singled out in this fight because they already have a bad reputation with European regulators. That reputation is probably deserved since Facebook makes most of their money from their use of customer data.

But this fight is different. The Advocate-General of the European Court of Justice (their equivalent of the Supreme Court) just ruled against Facebook in a ruling that could affect every US Internet company doing business in Europe. The ruling has to do with the ‘safe harbor’ arrangement that has been used as the basis for transferring European customer data back to US servers. The safe harbor rules come from trade rules negotiated between the US and the European Union in 2003. These rules explicitly allow what Facebook (and almost everybody else) is doing with customer data.

The Advocate-General has ruled that the EU was incorrect in negotiating the safe harbor rules. He says that they contradict some of the fundamental laws of the EU including the Charter of Fundamental Rights, the equivalent to our Constitution. He says the safe harbor rules violate the basic rights of citizens to privacy. He explicitly says that this is due to NSA spying, and that by letting Facebook and others take European data out of the country they are making it available to the NSA.

This ruling is still not cast in concrete since the Court of Justice still has to accept or reject the recommendations from the Advocate-General. However, they accept these recommendations most of the time. If this is upheld it is going to create a huge dilemma for the US. Either the NSA will have to back off from looking at data from the US companies, or else US companies won’t be able to bring that data out of Europe.

For companies like Facebook this could be fatal. There are some commercial web services that could be hosted in Europe to operate for Europeans. But social media like Facebook operate by sharing their data with everybody. It would be extremely odd on Facebook if an American couldn’t friend somebody from Europe or perhaps be unable to post pictures of their vacation while they were still in Europe. And this might put a real hitch in American companies like Google and Amazon doing business in Europe.

Such a final ruling would send US and EU negotiators back to the table, but in new negotiations safe harbor rules would no longer be an option. This ruling could bring about a fundamental change in the worldwide web. And this comes at a time when Facebook, of all companies, is talking about bringing the rest of the human race onto the web. But perhaps, as a consequence of NSA and surveillance by other companies, each country or region might end up with a local web, and the worldwide web will be a thing of the past.

AT&T and the NSA

NSAIt’s been revealed recently that AT&T has been the largest partner of the NSA in collecting data and spying on the Internet. A number of leaks came from the Edward Snowden data that points to AT&T and a lot of other evidence points to them as well.

It appears that AT&T has been a willing partner in surveillance activities since 1985, so this is not a new relationship, but one that has been ongoing for decades. It looks like AT&T is far larger than any of the other NSA partners.

The surveillance goes beyond just telephone records – something that started in a major way in the years after 9/11. All large phone companies have been required through the Patriot Act to submit phone records, and so naturally AT&T would comply just like the other big phone carriers.

But it appears that the NSA, with AT&T’s help, has been spying on Internet traffic for a very long time. AT&T certainly is a natural partner in this because they are one of the few companies that has always had a reason to be present at every major Internet hub in the country.

I have been a customer of AT&T’s for a long time. While their cellular service is significantly overpriced, it works in all of the places I have lived and traveled and I can’t recall ever having had a problem with them as a service provider.

But I wonder how much I should be bothered about this revelation. Part of me says that what AT&T did all these years was a good thing. Clearly the US security system must have a way to keep tabs on suspects in a world where terror is so prevalent. But today you have to wonder how much good all of this spying does. It seems like most of the ‘terrorist’ plots that have been uncovered in the US over the last decade have been misguided people who didn’t have the wherewithal to actually do any real harm. Actual terrorists are sophisticated enough to know that everything is being watched and certainly they have developed ways to avoid surveillance.

And then there is the realization that the NSA hasn’t just been watching the bad guys, but they have been spying on all of us. I don’t have anything in particular to hide, but I still don’t like the idea of the government watching me or the rest of us. And that is mostly because the government is not some nebulous force for good but is rather made up of regular people who are undoubtedly going to abuse the power this surveillance gives them. It’s inevitable that there will be abuses of power when regular people are given access to far more knowledge about people than they should have.

And so I’ve been considering if I should perhaps boycott AT&T as a quiet protest against what they have done and continue to do? But while they have been the largest partner in helping the government spy on us they are certainly not the only one. I have to imagine that the other large carriers all have some role in this as well. For instance, it’s clear in Snowden’s material that Verizon has been involved in this, just not to the extent of AT&T. In the carrier world our choices are limited and I doubt that any of the big carriers are totally clean in this. That would make a boycott somewhat hollow.

So I have really mixed feelings about this. I’ve read all of the science fiction stories that paint a picture of how surveillance eventually works to strangle any society. We have plenty of evidence of how this might look by looking back at the Soviet bloc or looking at places today like North Korea. It would be naïve to think that something like that couldn’t happen here. There would be an uprising in the US if the government tried to impose harsh rules on us in one big swoop, but if they just chip away at freedoms a little bit, day by day, we can eventually end up with a very restricted society. And surveillance is the number one tool that would allow the government to gain that kind of control. In some ways it feels like we have already started down that path.

To Encrypt or Not to Encrypt

SpyVsSpyWe are seeing a major policy tug-of-war about privacy on the Internet. On one side are law enforcement and national security agencies that want to be able to monitor everything that happens on the web. On the other side are those that value privacy the most. This is not a new debate and has been going on since the 90s.

Encryption has been around for a while, but it’s generally believed that agencies like the NSA have cracked most existing encryption schemes and are able to readily decipher communications between most parties on the web.

Recently, Michael D. Steinbach, assistant director of the FBI’s Counterterrorism Division, testified to Congress that the FBI has no problem with encryption as long as the government still has access to the underlying data. He thinks that encryption between people is a good thing to keep personal data from being intercepted by bad guys on the web, but he still thinks that there are law enforcement and national security concerns that are more important than individual privacy concerns. The real concern is that encryption will allow criminals and terrorists to go ‘dark’ and evade detection or monitoring.

But the revelation that the NSA is spying on everybody has really upset the technology community that run the Internet. The  vision of the Internet was to be a place for the free exchange of information and many technologists believe that widespread surveillance squelches that. And very few people like the idea that the government knows your every secret. And so we see companies that are working to find ways to make communications private from snooping—including from the government.

Apple is the largest company to take a stance and they have initiated end-to-end encryption on the iPhone. The way they have done this only the sender and receiver of a communication can unlock a given message and Apple is not maintaining any way to crack the encryption themselves. This means that Apple is unable to reveal what is inside customer communications even if served with a court order. I am guessing that one day this is going to be put to a legal test and I can picture laws being passed that stop companies like Apple from doing this. And I am sure Apple will fight back, so ultimately this might have to be determined by the Supreme Court.

But there are other groups working on a privacy solution that even laws might not be able to touch very easily. One such company is Ethereum. This is a crowd-funded group in Europe who is building upon the early work with bit coins to build a decentralized communications system where there is nobody in charge because there is no centralized network hub – there is no company like Apple at the core of such a network. In such a hubless network it’s much harder for the government, or even companies like Google and Facebook to spy on you.

This requires the establishment of peer-to-peer networks that is a very different way of structuring the web. Today the basic web structure is based upon software sitting at specific servers. Things are routed today because there is a massive database of DNS addresses that list where everything can be found.

But Ethereum is taking a totally different approach. They have built apps that find space on millions of customers’ computers and servers. Thus, they are located everywhere, and yet at no specific place. Ethereum is using this distributed network and building upon the block-chain technology that underlays bit coin trading. The block-chain technology is so decentralized and so secure that nobody but the sender and receiver can know what is inside a communications chain.

Ethereum isn’t really a company, but rather a collective of programmers that intend to disband once they have established the safer communication methods. And they are not the only ones doing this, just one of the more visible groups. This creates a huge dilemma for law enforcement. There is a huge amount of web traffic dedicated to nefarious purposes like drug trafficking and child pornography, without even considering terrorists groups. Governments have had some limited success in shutting down platforms like Silk Road, but the systems Ethereum and others are building don’t have a centralized hub or a place where the system can be stopped.

I have no doubt that the government will find ways to crack into these systems eventually, but for now it seems like the privacy advocates are one step ahead of them, much in the same way that hackers are one step ahead of the web security companies.

I don’t know how I feel about this. Certainly nobody benefits by enabling huge rings of criminals and terrorists. And yet I get angry thinking that the government is tracking everything I am doing online. I’ve read all of the sci-fi books that explore the terrible consequences of government abuse due to surveillance and it’s not pretty. I am sure that I am like most people in that I really have nothing to hide. But it still makes me very uneasy to think that we are all being watched all of the time.

Is the Internet Already Broken?

The InternetI’ve always been interested in the people who run the Internet behind the scenes. The process is known as Internet governance and it’s not the kind of topic that makes for many news articles, but the governance process has gotten us to the Internet we have today, which is very impressive. But there are changes in the governance coming that has some people worried.

Last year it was announced that the National Telecommunications and Information Administration (NTIA), a US government agency, was going to to relinquish its oversight of the global Internet naming authority ICANN (International Corporation for Assigned Names and Numbers). ICANN is the private nonprofit organization that oversees how domains are named and assigned, and until now the US has had formal oversight of the process.

Adding to this, there is a huge amount of concern worldwide about how the Internet is being used to spy on governments and people everywhere. Edward Snowden showed that the NTA is basically spying on everybody. Since then it’s been revealed that many other governments are doing the same sort of thing.

Last month one of my blogs had a poll that showed that people in the US don’t like being spied upon, but that as a whole we think it’s okay to spy on everybody else. As you can easily imagine, all of those other people don’t think that is a very comforting idea. And so we now have a number of countries looking for ways to somehow build a firewall around the data originating in their country.

As the NTIA is transitioning out of the governance of the Internet, there is a worldwide scramble to figure out what is going to replace it. The latest buzzword associated with this effort is ‘multi-stakeholder internet governance’, meaning the discussions are asking how the concerns of each country are to be heard in the process. There is a lot of talk going on about ruling by consensus. And this makes a lot of technology experts uneasy, an unease which can quickly be understood when looking to see how other multi-national consensus-based efforts at places like the UN actually function.

The general open concepts of the Internet as we know it today are based upon the strong views of the tech people who built the Internet that it ought to be open and free whenever possible. And so we ended up with this wonderful free-for-all that we call the web where ideas and content of all varieties are available to all. And those tech people are rightfully concerned of somehow handing the decisions off to bureaucrats who won’t care what works the best but who will bring other agendas into the governance process.

Governments around the globe differ extremely by what they want their citizens to see or not see on the web. Even a country that is as close to us culturally as England has some very different Internet policies and has built screens and firewalls that stop citizens from viewing pornography and a large list of other types of content. At the extreme end of that range are places like North Korea that doesn’t let the average citizen see the Internet at all.

And so many of the folks who have been governing the Internet behind the scenes are worrying if we have already broken the Internet as it was originally structured. This issue is not so readily apparent to Americans since we filter very little of the Internet here other than the effort that ISPs make to block malware generating sites.

But much of the rest of the world has already started down the path to wall themselves off from us us and this trend is building momentum. We probably will reach multinational consensus on the easy stuff – how to name web sites and how to route things. But one can legitimately ask if the Internet is already broken when there are already so many countries that block their citizens from using large chunks of what we Americans think of as the Internet.

Europe Attacking Our Tech Companies

european unionIt’s clear that the European Union is attacking American technology companies. Evidence is everywhere. Consider the following examples or recent crackdowns against US technology in Europe:

  • Last year stringent rules were imposed on Google and other search engines to allow people to remove negative things from searches – these rules are being called the “right to be forgotten”.
  • The European Union is getting ready to file a massive anti-trust case against Google for the way that it favors its own search engine over others. The estimates are that the fines they are seeking could be as high as $6 billion.
  • Last year the EU voted in favor of making Google divest into multiple companies.
  • Numerous countries in Europe have blocked services from Uber.
  • The EU is going after Apple’s fledgling music business saying that they have the market power to persuade labels to abandon ad-sponsored sites like Spotify.
  • A decade ago there were several major antitrust cases filed against Microsoft.

There are numerous reasons for the antipathy that Europe seems to have towards American companies. President Obama said in an interview last month that the negativity was largely driven by economic competition and that Europe wants to find a way to support its own burgeoning tech companies over the behemoth tech companies like Google, Facebook, and Microsoft. He thinks a lot of the complaints by the EU are due to lobbying by European tech companies. He said that “oftentimes what is portrayed as high-minded positions on issues sometimes is designed to carve out their (European) commercial interests.”

But the president also admitted that some of the reaction to American tech companies is in reaction to the European history of suppression of freedom by dictators. For example, Germany just spent decades merging with East Germany and their history of oppression from the Stasi, the secret police. This makes some of these countries very sensitive to the recent revelations of the extent of the spying by the NSA. This one revelation might eventually be the beginning of the end of the open Internet as numerous countries are now building countrywide firewalls to shield them from such spying. It’s natural that this mistrust carries over to companies like Google and Facebook, which clearly have a business model based upon profiling people.

Another reason for going after American companies is tax revenues. The American tech companies have become adroit at claiming revenues in jurisdictions where they pay little or no taxes. Of course, this means that they avoid claiming profits in European countries which have fairly high tax rates. (This also means they avoid paying taxes in the US as well).

Finally, there might be an even more fundamental reason for the apparent European distrust and dislike of American technology. In this article published by Business Insider UK there is a look at the fundamental differences between the way that Europeans and Americans view entrepreneurship, technology, and uncertainty avoidance. The article shows the results of a survey and study done by the European Commission looking at how citizens in various countries look at certain issues. I think there has been a natural assumption that since both places are democratic and share a lot of first world values that we naturally think the same about technology. But the study shows some major differences between Europe as a whole and the US. Interestingly, England is very similar to the US in attitudes and perhaps our Yankee ingenuity and willingness to take risks is really part of our British heritage.

Here are some of the findings of that study:

  • Over 90% of Americans think that individualism is more important than compliance with expected social values. In Europe only a little less than 60% of people value individuality first. And in some places like Russia and Denmark less than 30% valued individualism more than compliance with social expectations.
  • When asked to agree or disagree with the statement, “entrepreneurs exploit other people’s work”, only 28% of Americans agreed with that statement (and the American dream is largely to own your own business), while the results in Europe spanned from only 40% agreeing in France, to 50% in the Netherlands, and over 70% in parts of southern and eastern Europe.
  • The US has a much lower threshold of uncertainty avoidance (unwillingness to take a chance on new ideas and new technologies). In the US only a little over 40% of people view themselves as risk adverse while in Europe it’s over 70%.

This means that to some extent the European Union is representing the will of its people when they crack down on US technology firms, which are viewed negatively as entrepreneurial and high risk. These kind of cultural gaps are very hard to bridge and US companies might have problems in Europe for decades – if they’re even resolvable at all.

Can There Be a Safer Internet?

Supporters hold yellow umbrellas as Hong Kong student leaders arrive at the police headquarters in Hong KongI probably feel very much like most people in that the Internet is feeling less and less safe to use. Viruses have been around a long time, but once you learned to not open emails you didn’t recognize, that risk became somewhat minimal. But now you can get viruses just by opening a web site that has corrupted ads. I know this because I got three such viruses a few weeks ago.

But that’s not even the scary part since I can generally scrub viruses from my computer. There are far worse risks than viruses today. To start with, there are the people who are sending malware and then holding your computer hostage until you pay them (and who then, apparently, still don’t fix your machine).

And it appears that everybody is spying on us. Edward Snowden has shown us numerous ways that the NSA is watching us. I literally get dozens of new tracking cookies on my computer every day from commercial companies that want to track me somehow. And every large web company is apparently gathering data on us, including companies like Facebook and Google along with most of the apps we put onto our smartphones.

But since my work depends on using the Internet, and since it also has become one of my major sources of entertainment, I am not likely to abandon the Internet due to lack of safety. I do what I can to be safe, but I doubt it makes much difference. I scrub my machine every day from tracking cookies and I use browsers that supposedly don’t track me. But my guess is that those two things make almost no difference for protecting my computer or my privacy.

The biggest problem, aside from every web entity trying to build a profile on me, is that the entire web is based upon a model where everything we do winds up somewhere at end points that cannot be made safe. Everybody is touting encryption as a way to stay safer on the web, but every encrypted message end up at a machine somewhere that decrypts it, and it is the end computers and servers that are the weak points in the Internet. Your data is stored on servers that are out of your control, and your safety relies on the people running those servers to be safe. And we all know that hackers are breaking into servers every day, and it may even turn out that there are back door spying keys built directly into most server software.

There are experts who say that the lack of safety might kill the Internet. We are incredibly reliant on companies that we don’t know to keep our data safe – and we have seen that both hackers and nefarious insiders can compromise almost any company. If the hackers win the war then it will become too unsafe to buy anything over the web (or even give your credit card numbers to vendors in some other manner if they are going to keep the info on their servers).

But there are alternate models of the Internet that might offer solutions. One of these is known as a block chain. Block chains are a decentralized system of communication that lets end users communicate directly with each other without having to go through the normal centralized servers. The block chain technology is most well known as the basis of Bitcoin and other cryptocurrencies. There have been numerous articles and papers written about the wild swings in Bitcoin pricing, but that has to do with basic economics rather than the underlying technology that allows the transactions.

In a block chain network, each member of the network has a copy of the software that identifies them as part of a particular block chain. Before communication is allowed between any two members of a block chain the identity of each party must be verified by somebody else who is part of the chain. With such verification the communication is allowed. The process is slow compared to normal web transaction, perhaps 10,000 times slower than a normal text or email. But it is safe. The steps needed to operate a block chain are as follows:

  1. New transactions are broadcast to all nodes.
  2. Each node collects new transactions into a block.
  3. Each node works on finding a difficult proof-of-work for its block.
  4. When a node finds a proof-of-work, it broadcasts the block to all nodes.
  5. Nodes accept the block only if all transactions in it are valid.
  6. Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.

There are already some examples of block chains being used for communications other than financial ones. For example, the protesters in Hong Kong last year established a block chain so that they could communicate with each other without Chinese government oversight.

There are new companies that want to use block chains to bring safety into other types of communications. For example, Codius is using block chains to provide safe online legal transactions. This provides a way for parties to safely sign contracts without having to exchange paper. Ethereum is working on a block chain technology that could be used as the basis for any kind of communication. They think their platform could be used for things like private chats, private emails, and even safe web searches.

One can envision many other uses for using block chains to create safe communications among specified groups of users. That might be a corporation and its employees, all of the students in a given dorm, or just about any group that wants safe communications. Such a closed system would provide for secure and private communication within the block. It’s not a total solution, but it’s a start.

What is Quantum Computing?

cats-animals_00419529A week ago one of my blogs mentioned a new way to transmit the results of quantum computing. I’ve been following quantum computing for a few years and that announcement led me to take a fresh look at the latest in the quantum computing field.

We all have a basic understanding of how our regular computers work. From the smallest chip in a fitness wearable up to the fastest supercomputer, our computers are Turing machines that convert data into bits represented by either a 1 or a 0 and then process data linearly through algorithms. An algorithm can be something simple like adding a column of numbers on a spreadsheet or something complex like building a model to predict tomorrow’s weather.

Quantum computing takes advantage of a property found in subatomic particles. Physicists have found that some particles have a property called superposition, meaning that they operate simultaneously in more than one state, such as an electron that is at two different levels. Quantum computing mimics this subatomic world by creating what are called qubits which can exist as both a 1 and a 0 at the same time. This is significant because a single qubit can perform two calculations at once. More importantly, though, qubits working together act exponentially. Two qubits can perform four calculations at once, three can perform eight calculations and a thousand qubits can perform . . . a lot of calculations at the same time.

This is intriguing to computer scientists because there are a number of challenges that need more computing power than can be supplied by even the fastest Turing computers. This would include such things as building a model that will more accurately predict the weather and long-term climate change. Or it might involve building a model that accurately mimics the actions of the human brain in real time.

Quantum computers should also be useful when looking at natural processes that have some quantum mechanical characteristics. This would involve trying to predict complex chemical reactions when designing and testing new drugs, or designing nanoparticle processes that operate at an atomic level.

Quantum computers also should be good at processes that require trying huge numbers of guesses to find a solution when each guess has an equal chance of being correct. An example is cracking a password. A quantum computer can try all of the possible combinations quickly while a normal computer would toil away for hours plugging in one choice after another in a linear fashion.

Quantum computing is in its infancy with major breakthroughs coming only a few years ago. Scientists at Yale created the first qubit-based quantum computing processor in 2009. Since then there have been a few very basic quantum computers built that demonstrate the potential of the technology. For instance, in 2013 Google launched the Quantum Artificial Intelligence Lab, hosted by NASA’s Ames Research Center, using a 512 qubit computer built by D-Wave.

For the most part, the field is still exploring the basic building blocks needed to build larger quantum computers. There is a lot of research looking at the best materials to use to produce reliable quantum chips and the best techniques for both programming and deciphering the results of quantum computing.

There are numerous universities and companies around the world engaged in this basic research. Recently, Google hired John Martinis and his team from the University of California at Santa Barbara. He is considered one of the foremost experts in the field of quantum computing. Martinis is still associated with the UCSB but decided that joining Google gave him the best resources for his research.

The NSA is also working on quantum computers that will be able to crack any codes or encryption. Edward Snowden released documents that show that the agency has two different initiatives going to produce the ultimate code-breaking machine.

And there are others in the field. IBM, Microsoft, and Facebook all are doing computer research that includes quantum computing techniques. It’s possible that quantum computing is a dead end that won’t produce results that can’t be obtained by very fast Turing computers. But the theory and early prototypes show that there is a huge amount of potential for the new technology.

Quantum computers are unlikely to ever make it into common use and will probably be limited to industry, universities or the government. A quantum computer must be isolated from external influences and will have to operate in a shielded environment. This is due to what is called quantum decoherence, which means that that just ‘looking’ at a quantum component by some external influence can change its state, in the same manner of opening the box determines the state of Schrodinger’s cat. Quantum computing brings quantum physics into the macro world, which is both mystifying and wonderful.

A Few Shorts for Friday

TGIFI’ve accumulated a few topics that don’t merit a full blog, but which I thought were worth a mention:

NSA a Source of Malware. News came out last week as part of the Edward Snowden documents that the NSA creates malware and also hijacks existing malware for their own uses. I find it a bit scary that the government is creating malware. I have to assume they are creating really good malware, and once released onto the web it can end up anywhere. I am not going to feel any better if I find out that the malware on my computer came from Uncle Sam and not some malicious hacker.

The NSA is also using malware networks to launch their own attacks. The Snowden documents show that they are using operation DEFIANTWARRIOR to place their own malware next to existing malware on computers so that the NSA can launch attacks on sites without it being traced back to them. Attacks look like they came from whoever put out the original malware. This means the next time they attack North Korea they might be doing it from your PC.

US Helps Jamaican Broadband. On January 21 the U.S. Government signed an agreement with Jamaica to help them provide internet access everywhere. The plan is to use white space spectrum which is not in use in the country. This will result in an island-wide wireless Internet network. The U.S. will provide both technical support and some funding.

I have no problem with us doing this. I spent the last ten years living in the Caribbean and the region is largely poor and is falling behind the rest of the world in basic infrastructure and Internet connectivity. It’s going to take initiatives like this all over the world to get everybody connected to the Internet.

My problem is that we aren’t doing the same thing in our own country. The FCC is overseeing a program called CAF II that is going to upgrade a lot of rural U.S. areas to maybe 10 Mbps. By the FCC’s own definition passed last week, this isn’t even considered as broadband. Meanwhile we will help to bring whitespace radio broadband to a third world country that will probably deliver between 20 Mbps and 30 Mbps. The CAF II program is badly flawed in that it gives a priority to the giant telcos to make inadequate upgrades instead of offering that money first to providers who would use it to bring real broadband to rural areas.

FCC Penalties for Advanced Tel. Last week the FCC levied a fine of over $1.5 million on Advance Tel of Simi Valley California. The fine was for failure to make required payments to the Universal Service Fund, the Telecommunications Relay Service, the Local Number Portability administration and other federal regulatory fees. The FCC gave the carrier an opportunity to resolve what it owed, and ultimately levied the fines when no agreement could be reached.

This is a reminder to all of my clients that we are all still regulated. I talk to clients all of the time who look for ways around these regulations and fees, and this is a stark reminder that you should pay your taxes. Most of the fees that Advanced Tel didn’t pay are normally added to customer bills by most companies, and so their customers should have supplied the funds necessary to make the payments. These taxes seem like a hassle, but they are not a competitive disadvantage since every one of your competitors collects them too.

New Wireless 911 Rules. The FCC adopted new rules last week that require more accuracy from the wireless providers in pinpointing the location of a wireless caller to 911. The current data gathering for this process is done by triangulation from neighboring cell sites along with looking at GPS. But these methods work very poorly or not at all for calls originating indoors, particular calls made from large multi-tenant buildings and other large buildings. The FCC has given a deadline to the wireless carriers to propose and implement solutions that will provide greater accuracy and an indoor solution.

Verizon Halts FiOS Again. Verizon announced that it is done expanding FiOS, something it just picked back again a year ago. FiOS has been very successful and the company keeps adding customers where it has fiber. But Verizon has mostly built FiOS in suburbs and a few rich neighborhoods in cities. They have largely ignored the major cities and rural areas, including sizeable towns in rural areas. It will be interesting to see if Google or anybody else tries to step into those large market niches.

It’s also been rumored that Verizon is going to auction off up to $14 B of its assets including more landline customers as a way to raise the money to pay for the spectrum it purchased in the recent auction. At the rate they are ditching copper they will eventually be reduced to only owning the FiOS networks.

Privacy Bill of Rights

SpyVsSpyLike most people I am uncomfortable by the online invasions of my privacy. It seems like every day there are articles telling me how the NSA or some large corporation is monitoring me and profiling me. It seems like we only have two options these days – become a Luddite and stay off the Internet, or take part in the modern world and have companies gather information about us.

The whole world is wrestling with this issue and Europe is ahead of us in trying to place some constraints on the data gathering. The European Union is putting a lot of pressure on the US government to create standards of personal privacy.

A few years ago the White House endorsed a list of rights that are known as the Consumer Privacy Bill or Rights. At the time this came out companies like Google, Microsoft, Yahoo and AOL agreed to support the ideas. These rights include:

  • Individual Control: The right of individuals to exercise control over what personal data organizations collect from them and how they use it;
  • Transparency: The right to expect easily understandable information about privacy and security practices;
  • Focused Collection: The right to place reasonable limits on the personal data that organizations collect and retain;
  • Accountability: The right to have personal data handled by organizations with appropriate measures in place to assure they adhere to the Bill of Rights.

But these principles have never been codified into law and so we still have no U.S. Privacy Bill or Rights. John Kerry and John McCain tried to get this passed into law in 2011, and Jay Rockefeller proposed similar legislation in 2013.

The industry has created a mechanism which could be used to implement a “Do Not Track’ process. A standard was developed that would put ‘DNT’ into the HTTP header field to notify that a user had opted out of being tracked. And some browsers like Firefox, Chrome, Safari and Opera all support this protocol and have implemented the Do Not Track header.

People want to opt out. About 14% of Foxfire users have enabled the Do Not Track feature. However, without a law to mandate its use, there is no compulsion for businesses to recognize and honor the request to opt out, so for now opting out is an empty gesture and nobody is honoring it. I’ve had offers from software companies trying to sell me software t,hat will stop me from being tracked. They know that the vast majority of Americans want that ability. But such software is vaporware until Google and the other companies that track information about us will honor a Do Not Track process.

I don’t know if I’m more uncomfortable with big business or the government tracking me. Like most Americans I have done nothing that should make me nervous about having the government look over my shoulder. But I also fully understand that knowledge is power and it would be too easy for somebody unscrupulous in the government to misuse that data. Go back and re-read George Orwell’s ‘1984’ if you want a reminder of what can happen with government gone awry. Look today how China and other countries monitor and control what can be seen on the Internet. Even Britain, who we think is like us is trying to stop people from seeing pornography.

Recent revelations about the way that the NSA spies on us revealed that the government has been tracking us using the same cookies and other tools that big business is using. So when a company puts a cookie on your machine it is enabling you being tracked by everybody who knows how to read that cookie.

I am cynical and my gut tells me that even should this law pass that the big companies and the government are going to keep tracking us anyway. It’s just too tempting to do so, and they both believe the benefit outweighs the risk of being caught. It would certainly be disingenuous for the government to ever prosecute a business for engaging in spying on us if the government is doing the same thing.