Menu

Timesdelhi.com

February 22, 2019
Category archive

net neutrality

Judge orders net neutrality lawsuit to go ahead despite shutdown

in Delhi/Government/India/lawsuit/net neutrality/Politics by

This week the possibility emerged that the ongoing government shutdown could delay net neutrality’s day in court — but the court was not sympathetic to the FCC’s request that the lawsuit be put off. Oral arguments for this major challenge to the agency’s rollback of 2015’s internet regulations will go ahead as planned on February 1.

During a shutdown, federal employees — including government lawyers — must have specific authorization to continue working, since it’s illegal for them to do so without pay. In this case a judge on the case must effectively make that authorization.

The FCC is among the many agencies and organizations affected by the shutdown, and many employees are stuck at home. As such it requested a postponement of an upcoming court date at which it and several companies and advocacy groups are scheduled to argue over its rollback of net neutrality.

A counter-argument filed immediately by industry group INCOMPAS pointed out that during previous shutdowns, the court had not granted such requests and should stick to that precedent.

The judges of the D.C. Circuit Appeals Court appear to agree with the latter argument; the FCC’s motion was denied and arguments will go forward as planned on February 1.

This is definitely not good news for the FCC. While it no doubt has its ducks in a row as far as defending its net neutrality rollback and new rules in court (it has done so before and will again), it’s far from ideal that the case will take place after a prolonged absence of all the pertinent experts from their posts. Briefing the lawyers, updating arguments, responding to industry concerns — it’s not easy to do when all your staff is sitting at home watching Bandersnatch over and over.

The lawsuit against the FCC has lots of good points to make about the rules it has established and the process by which it approved those rules, so this is no mere formality or frivolous suit. And net neutrality champions are likely happy to hear that they may very well catch the agency flat-footed.

News Source = techcrunch.com

The most common forms of censorship the public doesn’t know about

in cloudflare/Column/Delhi/digital media/dns/encryption/Freedom of Speech/India/Internet/internet censorship/Internet Engineering Task Force/net neutrality/open Internet/Politics/privacy/rights/Technology by

Amid all the discussion today about online threats, from censorship to surveillance to cyberwar, we often spend more time on the symptoms than on the underlying chronic conditions. If we want to make people around the world safer from an oppressive, weaponized Internet, we need to get a bit nerdy and talk about Internet standards.

Most Internet censorship today is only possible because the Internet wasn’t designed to protect the privacy of your connections. It wasn’t private by design, so when censors came along, they pushed on an open door. Making Internet connections truly private and secure means updating the fundamental technical standards that govern the global internet.

Fortunately, the first step toward making global internet standards safer and more censorship-resistant is neither controversial nor particularly complicated. Put simply, we should make Internet protocols—the who, what, where of internet addresses—more private. Everyone from regulators to users has been asking for more privacy protections, and improving Internet standards is one foundational way of providing that.

Privacy makes selective censorship harder because censors no longer know the blow-by-blow details of what everyone is doing, so they can’t micromanage a person’s access to the Internet. Improving standards doesn’t take magic — just prototyping, debating, consensus-building, and implementing. The standards that govern the Internet are driven through organizations like the Internet Engineering Task Force.

Since 2015, technologists, facilitated by the IETF, have been considering proposals to enhance privacy for a key element of the Internet: the Domain Name System (DNS). It’s often described as the “address book of the Internet” and it was not designed to use encryption.

Unfortunately, every time you visit a website, your computer first consults the DNS system without any encryption, allowing censors and snoopers to know the name of every website you visit. A new standard is emerging to encrypt DNS lookups.

The standardization of encrypted DNS is just one way Internet standards could be improved. Another example can be seen at CloudFlare, one of the largest content delivery networks in the world. They recently announced support for an evolving standard — “encrypted SNI” — that would close another subtle privacy hole that often occurs when users visit websites hosted on cloud providers.

As a final example, the W3C (another Internet standards body) has been establishing a draft standard for Network Error Logging. This potentially helps address one of the trickiest challenges in tackling network interference: figuring out when interference is even happening. After all, if someone attempts to load a website but cannot access it, any number of things could have gone wrong, from a network glitch to network interference. Because no connection was ever established, the website owner may never even know that someone tried and failed to reach their site. Network Error Logging allows the user’s device to report a failed lookup to a neutral third party that is not blocked. Think of it as enabling ombudsmen when sites are blocked.

The standards we define for the Internet today will determine how the next generation of technologists and technology companies build the tools of the future.

If we don’t approach internet standards with a strong set of values that promote user privacy and freedom of expression, the standards will be set by people who do not share those values, and the overall integrity of the global open internet will inevitably suffer.

The internet may not have been initially designed to prevent censorship by protecting user privacy, but the protection of individual privacy ought to be the North Star guiding how we navigate the challenges of an evolving, global internet. If we’re serious about addressing those challenges, we need to start with improving standards.

News Source = techcrunch.com

The Internet Bill of Rights is just one piece of our moral obligations

in Column/Delhi/digital media/digital rights/Facebook/India/Internet/internet access/internet service providers/isp/net neutrality/new media/open Internet/Politics/smartphones/Technology/Tim-berners lee/United States/Virtual Reality by

Congressman Ro Khanna’s proposed Internet Bill of Rights pushes individual rights on the Internet forward in a positive manner. It provides guidelines for critical elements where the United States’ and the world’s current legislation is lacking, and it packages it in a way that speaks to all parties. The devil, as always, is in the details—and Congressman Khanna’s Internet Bill of Rights still leaves quite a bit to subjective interpretation.

But what should not be neglected is that we as individuals have not just rights but also moral obligations to this public good—the Internet. The web positively impacts our lives in a meaningful fashion, and we have a collective responsibility to nurture and keep it that way.

Speaking to the specific rights listed in the Bill, we can likely all agree that citizens should have control over information collected about them, and that we should not be discriminated against based on that personal data. We probably all concur that Internet Service Providers should not be permitted to block, throttle, or engage in paid prioritization that would negatively impact our ability to access the world’s information. And I’m sure we all want access to numerous affordable internet providers with clear and transparent pricing.

These are all elements included in Congressman Khanna’s proposal; all things that I wholeheartedly support.

As we’ve seen of late with Facebook, Google, and other large corporations, there is an absolute need to bring proper legislation into the digital age. Technological advancements have progressed far faster than regulatory changes, and drastic improvements are needed to protect users.

What we must understand, however, is that corporations, governments, and individuals all rely on the same Internet to prosper. Each group should have its own set of rights as well as responsibilities. And it’s those responsibilities that need more focus.

Take, for example, littering. There may be regulations in place that prevent people from discarding their trash by the side of the road. But regardless of these laws, there’s also a moral obligation we have to protect our environment and the world in which we live. For the most part, people abide by these obligations because it’s the right thing to do and because of social pressure to keep the place they live beautiful—not because they have a fear of being fined for littering.

We should approach the protection of the Internet in the same way.

We should hold individuals, corporations, and governments to a higher standard and delineate their responsibilities to the Internet. All three groups should accept and fulfill those responsibilities, not because we create laws and fines, but because it is in their best interests.

For individuals, the Internet has given them powers beyond their wildest dreams and it continues to connect us in amazing ways. For corporations, it has granted access to massively lucrative markets far and wide that would never have been accessible before. For governments, it has allowed them to provide better services to their citizens and has created never before seen levels of tax revenue from the creation of businesses both between and outside their physical borders.

Everyone — and I mean everyone — has gained (and will continue to gain) from protecting an open Internet, and we as a society need to recognize that and start imposing strong pressure against those who do not live up to their responsibilities.

We as people of the world should feel tremendously grateful to all the parties that contributed to the Internet we have today. If a short-sighted government decides it wants to restrict the Internet within its physical borders, this should not be permitted. It will not only hurt us, but it will hurt that very government by decreasing international trade and thus tax revenue, as well as decreasing the trust that the citizens of that country place in their government. Governments often act against their long-term interests in pursuit of short-term thinking, thus we have 2 billion people living in places with heavy restrictions on access to online information.

When an Internet Service Provider seeks full control over what content it provides over its part of the Internet, this, again, should not be allowed. It will, in the end, hurt that very Internet Service Provider’s revenue; a weaker, less diverse Internet will inevitably create less demand for the very service they are providing along with a loss of trust and loyalty from their customers.

Without the Internet, our world would come grinding to a halt. Any limitations on the open Internet will simply slow our progress and prosperity as a human race. And, poignantly, the perpetrators of those limitations stand to lose just as much as any of us.

We have a moral responsibility, then, to ensure the Internet remains aligned with its original purpose. Sure, none of us could have predicted the vast impact the World Wide Web would have back in 1989—probably not even Sir Tim Berners-Lee himself—but in a nutshell, it exists to connect people, WHEREVER they may be, to a wealth of online information, to other people, and to empower individuals to make their lives better.

This is only possible with an open and free Internet.

Over the next five years, billions of devices—such as our garage door openers, refrigerators, thermostats, and mattresses—will be connected to the web via the Internet of Things. Further, five billion users living in developing markets will join the Internet for the first time, moving from feature phones to smartphones. These two major shifts will create incredible opportunities for good, but also for exploiting our data—making us increasingly vulnerable as Internet users.

Now is the time to adequately provide Americans and people around the world with basic online protections, and it is encouraging to see people like Congressman Khanna advancing the conversation. We can only hope this Internet Bill of Rights remains bipartisan and real change occurs.

Regardless of the outcome, we must not neglect our moral obligations—whether individual Internet users, large corporations, or governments. We all shoulder a responsibility to maintain an open Internet. After all, it is perhaps the most significant and impactful creation in modern society.

News Source = techcrunch.com

California lawmakers are one step closer to bringing back Obama-era net neutrality protections

in Delhi/Government/India/net neutrality/Policy/Politics/TC by

California’s state Assembly voted 58-17 on Thursday to advance a bill, called S.B. 822, that would implement the strongest net neutrality provisions in the U.S.

The bill now heads back to the Senate for final approval. If a vote is not held by end of day tomorrow — the deadline for lawmakers to pass any legislation until 2019 — it won’t get the official green, or red, light until next year.

The bill, written by Democratic Senator Scott Wiener, would not only bring back Obama-era net neutrality rules ousted by the FCC in December, but go a step further, adding new protections for internet users. The bill prohibits internet service providers from blocking or throttling lawful content, apps, services or non-harmful devices. Plus, it bans paid prioritization, the practice of directly or indirectly favoring some traffic over other traffic in exchange for money, typically.

Here’s where it goes above and beyond the policy developed under the Obama administration: The bill also bans zero rating, which allows service providers to charge customers for data use on some websites but not on others. If you want to dive deeper into the nitty-gritty, take a look at the bill here.

The decision is a blow to Comcast and AT&T, for obvious reasons. They’ve been advocates for ending net neutrality and had lobbied aggressively against the bill. Net neutrality lobbying groups, on the other hand, are pleased with the results.

“No one wants their cable or phone company to control what they see and do on the internet,” said Evan Greer, deputy director of Fight for the Future, a nonprofit advocacy group for digital rights, in a statement. “California just took a huge step toward restoring protections that prevent companies like AT&T and Comcast from screwing us all over more than they already do.”

“This historic Assembly vote is a testament to the power of the internet. Big ISPs spent millions on campaign contributions, lobbyists and dark ads on social networks, but in the end, it was no match for the passion and dedication of net neutrality supporters using the internet to sound the alarm and mobilize.”

In December, the FCC voted to kill Obama-era net neutrality regulations developed in 2015 to keep the internet open and fair. The organization is led by Ajit Pai, a Republican appointed to the role by President Donald Trump.

The decision from California’s Assembly comes a day after Northern California congressional members asked that the FTC investigate Verizon’s throttling of the Santa Clara County Fire Department, which had reportedly exceeded their monthly allotment of 25 gigabytes when they were making calls and handling personnel issues amid fighting a massive wildfire.

News Source = techcrunch.com

Net neutrality activists, not hackers, crashed the FCC’s comment system

in Delhi/FCC/Government/India/john oliver/net neutrality/Politics/Security/TC by

An unprecedented flood of citizens concerned about net neutrality is what took down the FCC’s comment system last May, not a coordinated attack, a report from the agency’s Office of the Inspector General concluded. The report unambiguously describes the “voluminous viral traffic” resulting from John Oliver’s Last Week Tonight segment on the topic, along with some poor site design, as the cause of the system’s collapse.

Here’s the critical part:

The May 7-8, 2016 degradation of the FCC’s ECFS was not, as reported to the public and to Congress, the result of a DDoS attack. At best, the published reports were the result of a rush to judgment and the failure to conduct analyses needed to identify the true cause of the disruption to system availability. Rather than engaging in a concerted effort to understand better the systematic reasons for the incident, certain managers and staff at the Commission mischaracterized the event to the Office of the Chairman as resulting from a criminal act, rather than apparent shortcomings in the system.

Although FCC leadership preemptively responded to the report yesterday, the report itself was not published until today. The OIG sent it to TechCrunch this morning, and you can find the full document here.

The approximately 25 pages of analysis (and 75 more of related documents, some of which are already public) relate specifically to the “Event” of May 7-8 last year and its characterization by the office of the Chief Information Officer, at the time David Bray. The investigation was started on June 21, 2017. The subsequent handling of the event under public and Congressional inquiry is not included in the scope of this investigation.

As the report notes, Bray shortly after the event issued a press release describing the system’s failure as “multiple distributed denial-of-service attacks.” A variation on this was the line going forward, even well after Bray left in October 2017.

However, internal email conversations and analysis of the traffic logs reveal that this characterization of the event was severely mistaken.

Here it ought to be said that in the chaos of the moment and with incomplete time and information, an accurate diagnosis of a major systematic failure is generally going to be an educated guess at first — so we mustn’t judge Bray and his office too harshly for its mistake, at least in the immediate aftermath.

But what becomes clear from the OIG’s investigation is that the DDoS narrative first advanced by Bray is not backed up by the evidence. Their own analysis of the logs clearly shows that the spikes in traffic correlate directly with activity from John Oliver’s Last Week Tonight, which that evening and the following morning posted tweets and videos that garnered an immense amount of traffic and directed it at the FCC’s comment system.

Chart showing traffic spikes correlating with John Oliver (JO) related events.

“These spikes in traffic are singular rather than sustained, that is, the unique IP addresses that visited the FCC domain and ECFS did not do so over a sustained period of time, at regular intervals (as would be expected during a DDoS),” the report explains in the caption for the graph above.

“The traffic observed during the incident was a combination of “flash crowd” activity and increased traffic volume resulting from [redacted] site design issues,” reads the report. I’ve asked for more detail on these design issues and how they contributed to the system’s failure.

Interestingly, it appears some at the FCC were aware that Oliver was planning a segment on net neutrality for that time period, but no one thought to brace for it. According to a colleague interviewed for the report, “Bray was furious that he had not been informed about the John Oliver episode.”

Email excerpts from the time of the event, collected by the FCC’s OIG.

In fact, however, even confronted with the fact that Oliver’s segment was likely directly driving traffic, Bray suggested that “trolls” and 4chan were the more likely culprit.

We’re 99.9% confident this was external folks deliberately trying to tie-up the server to prevent others from commenting and/or create a spectacle.

Jon Oliver invited the “trolls” – to include 4Chan (which is a group affiliated with Anonymous and the hacking community).

His video triggered the trolls. Normal folks cannot manually file a comment in less than a millisecond over and over and over again, so this was definitely high traffic targeting ECFS to make it appear unresponsive to others.

All this, and the description put in the press release and some subsequent communications, is “not accurate,” as the OIG put it.

As a result, “we determined the FCC, relying on Bray’s explanation of the events, misrepresented facts and provided misleading responses to Congressional inquiries related to this incident.”

It’s worth noting that this has already been looked at by federal prosecutors:

Because of the possible criminal ramifications associated with false statements to Congress, FCC OIG formally referred this matter to the Fraud and Public Corruption Section of the United States Attorney’s Office for the District of Columbia…On June 7, 2018, after reviewing additional information and interviews, USAO-DC declined prosecution.”

In a way, as Chairman Ajit Pai wrote yesterday, this does somewhat exonerate his office for its year-long campaign of stalling, half-truths, and outright refusals to answer questions. If they took Bray’s characterization as gospel, they had to stick to that analysis. Furthermore, with an investigation ongoing, what they could and couldn’t say was likely limited at the request of the OIG.

But that’s only a partial pardon. In the year and change since the event there has been ample time for reflection and revisiting of the data. Bray left in October; why did the new CIO not use the occasion to take a fresh look at a report that was plainly doubted by many in the agency?

The CIO’s office, as the report notes, never actually issued a substantive report showing that its DDoS narrative was true. And shortly after the event, it was, as one staffer put it, “common knowledge” that the analysis was flawed. This knowledge was arrived at through “further research” after the fact — but then it turned out no “further research” was conducted.

What kind of operation is this? Why was FCC leadership not foaming at the mouth asking for better information? The Chairman was under fire from all sides — no one bought the story he was selling — why not walk over to the CIO’s office, now rid of its Obama administration–tainted head (Pai mentioned this association twice in his statement yesterday), and demand answers?

Pai denies that he or his office was aware of these shortcomings and opted not to rectify them because they were advantageous to his plan to reverse 2015’s net neutrality rules. But how could such a demonstrably shoddy and undocumented analysis persist for so long, under such close scrutiny? This wasn’t a minor technical glitch unworthy of leadership’s attention. It was national news.

The optics of a confusing and incomplete DDoS report aren’t good. But the report, if it was wrong, as everyone seemed to consider it even day-of, could always be disavowed and its author blamed on Obama.

What’s worse are the optics of a wave of public opposition to a controversial proposal, so strong that it literally took down the system created — and recently upgraded! — to handle that kind of feedback. This narrative, of a flood of pro-net-neutrality commenters so large that not only did it break the system, but many of their comments were arguably unable to be posted and (notionally) included in the FCC’s analysis — that, my friends, is a bad look.

Although this investigation has concluded, another by the Government Accountability Office is ongoing and may have a wider scope. If not, however, it seems unthinkable that the FCC and its current leadership can walk away from this unscathed. Ultimately this entire debacle took place under Ajit Pai’s watch, and his handling of it is at best dubious. Citizens and no doubt elected officials are almost certain to ask hard questions — and this time, the Chairman might actually have to answer them.

News Source = techcrunch.com

1 2 3 5
Go to Top