Posts Tagged ‘ Google ’

The Challenges of Coordinating Cybersecurity

Friday, November 12th, 2010
Matthew Dahl


Matt Dahl is a judicial clerk in Virginia and writes about national security law on his blog. The views expressed here are his own.

by Matthew Dahl

It goes without saying that National Security Agency and U.S. Cyber Command are playing a significant role in defending military and government computer networks.  It appears they’re now playing a role defending domestic U.S. civilian computer networks as well.  In past statements, General Keith Alexander – head of NSA and Cyber Command – said that the DoD entities would not be involved in the protection of domestic civilian networks because it is the purview of the Department of Homeland Security.  Despite those statements, a memorandum of agreement released on October 13 announced that the DoD and DHS would coordinate their cybersecurity efforts, collocating personnel.

While the NSA and Cyber Command both fall under the purview of the DoD, their missions are different.  The NSA is a hybrid civilian/military entity whose main function is to gather signals intelligence from foreign communications and provide information assurance to prevent foreign adversaries from accessing classified materials.  Cyber Command is a new, purely military entity that is responsible for providing the U.S. military with both offensive and defensive capabilities in cyberspace.

Because the NSA was at the center of the Bush administration’s domestic wiretapping scandal in the years just after 9/11, its involvement with protecting domestic computer networks makes privacy advocates uneasy. They’re worried that the NSA might use its new role to monitor U.S citizens. However, it’s worth noting that the NSA’s participation with U.S. domestic computer networks is not unprecedented.  In February, the NSA assisted Google in investigating an attack against the company in which it is believed that Chinese hackers stole large amounts of intellectual property as well as information about Chinese human rights activists.  More recently, the NSA was tasked with executing  “Perfect Citizen,” a program that gives NSA access to U.S. critical infrastructure networks in order to detect cyberspace threats. This means NSA would deploy sensors on many large privately owned networks.

Meanwhile, General Alexander stated in September that he did not believe Cyber Command should operate in the civilian sphere. However, that statement contradicts the memorandum of agreement, which specifically directs Cyber Command to locate personnel at a DHS facility to provide support and “operational synchronization.”  It also instructs Cyber Command to coordinate operational and mission planning with DHS and NSA.  Moreover, Cyber Command’s involvement with civilian networks was presaged by the June 2009 DoD memorandum announcing its formation which specifically states that part of its mission would be to protect civilian networks.

The question now is: how much of a role will DoD play? How much of a role should it play? In 2003, a presidential directive established DHS as the agency in charge of coordinating the overall effort of securing civilian networks.  The agency has since written a strategy and will to hire large numbers of cybersecurity professionals over the next few years, indicating the agency will maintain a large role in protecting civilian networks.

But critical cyber experience and technical expertise lies with the military, which would be foolish to ignore.   Furthermore, DHS wants to work with the military, admitting that it has at least contemplated leveraging NSA assets in its efforts to put together a comprehensive plan to protect critical cyberspace assets.  Even so, it’s not that straight forward: as the NSA wiretapping scandal shows, DoD’s involvement in civilian networks would stir civil liberties controversy.

Currently, no overarching cybersecurity strategy exists that clarifies agencies’ responsibilities.  Despite sweeping cybersecurity legislation being proposed in Congress – particularly by Senators Lieberman, Carper, and Collins – the White House must step in to clarify these roles.

photo credit: Patrick Hoesly

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in A Progressive Security Strategy, Daily Fix, Issues | 1 Comment »

Internet Wars: A Who’s Who Guide

Thursday, October 7th, 2010
Steve Norton


Steve Norton is communications director at the Information Technology and Innovation Foundation and a former journalist and speechwriter.

by Steve Norton

Back in the day, there were no protesters outside corporate headquarters in Silicon Valley, no one had a position on net neutrality because no one knew what is was, and technology journalists were breathlessly trying to keep pace with new technologies and companies instead of holding forth on civil rights and liberties or network engineering protocols.

But ten or 15 years in the life of the Internet is a long time.  The Internet is the transformative phenomenon of our time and its role in our lives raises serious questions about who the Internet “belongs” to, whether it is used for good or ill, what are its technological limits, and what role government has as arbiter of its future.  The debates on these and other questions has become passionate and shrill, generating more heat than light at times.  A person trying to follow the debate might need a field guide to sort through the wide array of groups and their philosophical or economic orientation.  Allow me to offer up this breakdown, the details of which are spelled out in “Who’s Who in Internet Politics: A Taxonomy of Information Technology Policy,” a new report from the Information Technology and Innovation Foundation.

In the report, ITIF lays out the following eight categories:

Cyber-Libertarians – Think of them as the original “netizens” and purists who believe the Internet should be governed solely  by its users that and “information wants to be free.”  Privacy and piracy will take care of themselves by the individuals who make up the organic and living Internet and not by government. Groups include the Free Software Foundation and the Electronic Frontier Foundation

Social Engineers – Mostly liberal, they see a lot of good in the Internet as an education and communications tool but they worry about the “digital divide,” privacy, net neutrality, and a concentration of power by both government and major corporations.  These issues could erode the Internet’s capacity to be a tool for good for all.  Among groups are the Benton Foundation, Center for Democracy and Technology, Center for Digital Democracy, Civil Rights Forum on Communication Policy, Consumer Project on Technology, Electronic Privacy Information Center, Free Press, Media Access Project, and Public Knowledge, and scholars such as Columbia’s Tim Wu, MIT Media Laboratory’s David Reed, academics at Harvard’s Berkman Center (among them Larry Lessig and Yochai Benkler).

Free Marketers – Unleash the entrepreneurs! This group views the digital revolution as the great third wave of economic innovation in human history and a dynamic and liberating force that the government should mostly keep out of it. Groups include the Cato Institute, the Mercatus Center, the Pacific Research Institute, the Phoenix Center, the Progress & Freedom Foundation, and the Technology Policy Institute.

Moderates – Unabashedly pro-IT, they see the Internet as this era’s driving force for both economic growth and social progress and they believe a light touch from government is useful in helping the Internet reach its potential.  “Do no harm” to limit to IT innovations but also “actively do good” is their mantra. Examples of moderates include the Center for Advanced Studies in Science and Technology Policy, the Center for Strategic and International Studies, ITIF, and the Stilwell Center.

Moral Conservatives – These groups see the Internet as an often smutty and dangerous place teeming with pornographers, gamblers, child molesters, terrorists that only government can keep at bay. They pushed for passage of the Communications Decency Act and Child Online Protection Act, Internet filtering in libraries, and worked to push legislation to ban online gambling.  Examples are groups like the Christian Coalition and Focus on the Family, and around the world with countries like Indonesia, Thailand, Saudi Arabia and other religiously conservative nations that seek to limit activity on the Internet.

Old Economy Regulators – This group believes the Internet should be regulated in the same way that government regulates everything else. Otherwise, you have chaos and inequities.  Examples of this group include law enforcement officials seeking to limit use of encryption and other innovative technologies, veterans of the telecom regulatory wars that preceded the breakup of Ma Bell, legal analysts working for social engineering think tanks, as well as government officials seeking to impose restrictive regulatory frameworks on broadband.

Tech Companies & Trade Associations – Software and communications giants, Internet start-ups, and the groups that represent them, these tech interests tend to believe that regulation can be both advantageous and detrimental, depending on their particular business model.  They also advocate policies that are good for the technology industry or the economy in general. Examples include IBM, AT&T, and Hewlett Packard, Cisco Systems and Microsoft, and recent phenomena in the market such as Google and Facebook, as well as trade associations like the Information Technology Industry Council and the Association for Competitive Technology. They delve into trade, tax, regulatory, and other public policy issues from a bottom-line perspective rather than a philosophical basis.

Bricks-and-Mortars – This group includes the companies, professional groups, and unions that use the Internet but also see it eroding the old-economy and face-to-face business transactions and they struggle to hold back the tide. These include both producers and distributors and middlemen (such as retailers, car dealers, wine wholesalers, pharmacies, optometrists, real estate agents, or unions representing workers in these industries). The long running battle over taxing Internet sales illustrates their struggle.

Of course, individual groups defy rigid characterization.  For example, Moral Conservatives might find themselves on the same side of an issue as Social Engineers.  Also, consensus is often elusive in trade associations as member companies often have complicated interrelationships or niches in the market.  However, whether you lean more toward advancing the interests of the individual or society as whole, see government regulation as generally useful or harmful, or are wary of the Internet’s influence or enthusiastic about it is useful to understanding where various groups stand.  You might need Venn diagrams to fully understand the Internet policy landscape when surveying issues such as piracy, net neutrality, intellectual property rights, and Internet sales taxes.  (An unusual pursuit, to be sure.)

One common theme in all these groups is that they almost certainly believe they are advocating sound policies and doing the right thing for individuals and for society – as incomprehensible as that might seem to those from an opposing organization.  In some cases, their passion for their beliefs makes for a good sound bite in a news story.  The societal destruction by a government that is scheming to implant chips in our heads is an easier story to sell than an explanation of how packets are sorted on broadband networks. And this is dangerous.

Internet and technology debate is being politicized and degraded.  And misguided and ill-informed debates lead to misguided and ill-informed policies. We have enough of people vehemently opposing bills they haven’t read or crafting policy from bumper stickers and making caricatures of opponents.   The Internet’s transformation is really just beginning so people in government, the media, and the public at large need to refine and update their understanding of the philosophical issues, the players, the economic realities, and societal issues as stake.  Wherever you come down on a range of tech policies – whether you carry placards outside of Facebook’s offices or decide to get an engineering degree to figure out net neutrality – it is essential to understand the political and policy landscape that didn’t exist just 20 years ago.  And now you have a map.

Photo credit: Stefan

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in A New Framework for Growth and Equity, Daily Fix, Issues | No Comments »

Is the Google-Verizon Proposal a Killer App in the Broadband Debate?

Tuesday, August 10th, 2010
Scott Thomasson


Scott Thomasson is the economic and domestic policy director for the Progressive Policy Institute. Follow @st_ppi

by Scott Thomasson

Google and Verizon have finally released the details of the policy proposal they have been negotiating for nearly a year now, and the news has generated enormous chatter around Washington and across the blogosphere, with bloggers panning it and watchdog groups warning of the end of the internet as we know it.

Obviously, advocacy groups on both sides are focused on the substance of the agreement. But I am more interested in what this means for the policy process, and how effective it will be in nudging Congress and the FCC to clarify the rules of the game for broadband internet service. What these two companies have provided is helpful: a concrete policy proposal that Congress and the FCC can consider, and that imposes a framework for targeted comments from the industry and watchdog groups.

In fact, given the weight of these two companies and the collapse last week of the FCC’s attempts at talks, the roll-out for this proposal may make it a “killer app” in the broadband debate (and not simply an internet killer, as some are calling it). Now that Google and Verizon have put a policy proposal on paper, it becomes the baseline that everyone else has to support or oppose to some degree, including FCC commissioners and members of Congress. Pressuring leaders to make decisions is an appropriate goal, and that’s what this proposal does.

As for the proposal itself, it should be judged as a work in progress. Many of the principles themselves are worthy goals: giving consumers freedom to choose content, applications, and devices; requiring more product transparency from service providers, and prohibiting paid fast lanes for internet traffic. The recommendation that the FCC have real teeth to enforce violations of the proposed rules on a case-by-case basis is a good one.

If the kind of self-regulation proposed for the broadband internet industry is going to be successful, there also needs to be enough competition in the market to empower consumers to punish service providers for violating the principles that Google and Verizon have laid out. That means that in addition to policing the market for bad apples, the FCC needs to be vigilant in monitoring the health and competitiveness of the market for broadband internet access. If there are enough companies offering similar services, and the FCC and watchdog groups hold companies publicly accountable for their behavior by informing consumers of violations, consumers can play a valuable role in policing the market by switching providers when they feel their content or services are being unfairly restricted.

Both CEOs acknowledge that “no two companies should be so presumptuous as to think they can solve this challenge alone,” and no one should see this as an end to the debate. Verizon and Google have given everyone involved a chance to speed up the process by narrowing the conversation to actual yes-or-no decision making. I commend these companies for at least trying to move the ball forward with a good-faith proposal.

Photo Credit:  Peter Huys’s Photostream

Tags: , , ,
Posted in Daily Fix, Fixing Our Broken Politics | No Comments »

Ooh, They Have the Internet on Computers Now

Thursday, March 25th, 2010
Mike Derham


Mike Derham is chair of PPI's Innovative Economy Project.

by Mike Derham

Tom Tauke, chief lobbyist at Verizon, spoke yesterday in a speech designed to take a fresh start on governance of the Internet. His comments got some coverage as challenging the Federal Communication Commission’s (FCC) role in regulating broadband communication. The FCC’s broadband powers may be decided in a court ruling expected this spring — following oral arguments in January — on a Comcast challenge to the FCC’s oversight of Internet service providers on constitutional grounds.

But it’s worth pointing out that many of the statutes covering internet communications are woefully out of date. The Computer Fraud and Abuse Act (CFAA), the main law against hackers, passed in 1984. The Electronic Communications Privacy Act (ECPA), the main law covering online privacy, was enacted in 1986. These laws were written when faxes were still cutting edge. While the behemoth PATRIOT Act included some fine-tuning of these laws, they still envision a last-millennium Internet. The CFAA treats hacking my desktop computer with the same penalties as hacking a Microsoft data center. ECPA requires Gmail to treat emails I have stored from six months ago — writing about the start of the baseball playoffs last season — differently from this month’s emails on spring training.

Tauke’s suggestion that the FCC should evolve into more of an enforcement body is worth discussing. But regardless of who oversees the Internet, getting new laws to bring it into the 21st century should be a top priority.

Tags: , , , , , , , , , , ,
Posted in A New Framework for Growth and Equity, Clean Energy and Modern Infrastructure, Daily Fix | 1 Comment »

Google vs. China

Wednesday, March 24th, 2010
Jim Arkedis


Jim Arkedis is the director of PPI's National Security Project.

by Jim Arkedis

If you need a pet story to follow over the next year, Google and China is it. The issues at hand — freedom, human rights, censorship, and the almighty dollar — define, in a microcosm, China’s internal struggle to shape a coherent, enduring image on the world stage. Can China have its cake and eat it too — censorship and repression on one hand, and Western companies that help foster economic growth on the other? The long-term fallout from this story could set precedent for decades to come.

Here’s a quick recap: Google, whose slogan is “Don’t Be Evil”,  January revealed that it — along with 22 other companies– was the victim of a cyberattack sponsored by Beijing. As part of China’s intrusion, the Google email accounts of prominent human rights activists were hacked. Here was the company’s conclusion at the time, from Google’s blog:

These attacks and the surveillance they have uncovered — combined with the attempts over the past year to further limit free speech on the web — have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

After some additional research, the hammer just dropped yesterday:

We also made clear that these attacks and the surveillance they uncovered — combined with attempts over the last year to further limit free speech on the web in China including the persistent blocking of websites such as Facebook, Twitter, YouTube, Google Docs and Blogger — had led us to conclude that we could no longer continue censoring our results on Google.cn.

So earlier today we stopped censoring our search services — Google Search, Google News, and Google Images — on Google.cn. Users visiting Google.cn are now being redirected to Google.com.hk, where we are offering uncensored search in simplified Chinese, specifically designed for users in mainland China and delivered via our servers in Hong Kong. Users in Hong Kong will continue to receive their existing uncensored, traditional Chinese service, also from Google.com.hk.

It is highly likely that Beijing will attempt to censor Google.com.hk, and their efforts will likely test the limits of what has become known as the Great Firewall of China. Unfortunately, I’m not enough of a tech-geek to know how feasible this is, but we’ll soon find out.

But the precedents that Google’s move sets will be far-reaching, and define American internet companies’ role in China for years. Will American corporations join Google, or attempt to replace it? Secretary of State Clinton spoke passionately that American businesses’ refusal “to support politically motivated censorship will become a trademark characteristic of American technology companies. It should be part of our national brand.” But is it too tempting for Yahoo.cn (which exists) and Bing.cn (which doesn’t… yet) to vacuum up the market share Google’s departure leaves hanging out there? And what about slightly more ambiguous cases, like Amazon.cn, which aren’t in the search engine business, but do exist and do provide Chinese with access to information?

And what would be necessary for Beijing to give way? Is there a conceivable scenario under which China might eventually permit unfettered searches of its internet content? And does this spat extend to companies beyond the information sector? Should it? Will the Obama adminstration bring pressure to bear on U.S. companies to, in turn, help pressure Beijing? Will non-information sector American companies abandon China in a mass protest against censorship? It is difficult to imagine any scenario where a major non-censored U.S. corporation forsakes its access to a market of 1.3 billion people, right? But Google’s decision is astounding and could create waves.

Photo credit: http://www.flickr.com/photos/shekharsahu/ / CC BY-NC-ND 2.0

Tags: , , , , , , , , , , , ,
Posted in A Progressive Security Strategy, Daily Fix | No Comments »

Why the Jobs Crisis Is Actually an Innovation Crisis

Tuesday, March 9th, 2010
Michael Mandel


Michael Mandel is the chief economic strategist at the Progressive Policy Institute and the founder of Visible Economy LLC, a New York-based news and education company.

by Michael Mandel

Forget for the moment the $15 billion jobs bill moving through Congress — even its supporters admit that it’s far too paltry to make even a tiny dent in the unemployment rolls. And ignore the economic commentators who tell you that the labor market is recovering just because job loss has slowed.

No, the U.S. is having a genuine long-term jobs crisis, one which stems from a deeper problem: The Great Innovation Machine of the American economy seems to have broken down. With a few notable exceptions (think Apple and Google), this has been a period when companies have found it remarkably hard to turn promising breakthrough innovations into commercial breakthrough products. The list of “big-idea” innovations that seem tantalizingly close to market, but not quite there, just keeps getting longer and longer. Some examples: After 20 years of research, no human gene therapy has yet been approved for sale by the Food and Drug Administration; electricity generated from solar cells is still far from price-competitive with electricity from coal or natural gas; and biotech has not yet fulfilled its promise of speeding the discovery of new drugs.

The jobs crisis, in my view, is the direct result of the innovation shortfall. Since the 1990s, both Democrats and Republicans have expected the “jobs of the future” to come from the innovative, technologically advanced industries. Computers, semiconductors, internet companies, pharma, biotech, communications: all seemed to have enormous potential to create new jobs. What’s more, innovation seemed to be the only way that the U.S. could compete against low-cost producers abroad.

Many regions designed their economic development strategies around attracting biotech and infotech jobs to replace the “old-line” factory positions that had fled overseas (do a Google search for ‘biotech initiative’ and see how many hits you get). The desire to bring in pharma jobs is the reason why New London tore down homes and businesses to make room for a Pfizer research facility in 2001.

But the sad truth is that the innovative sector of the economy hasn’t generated many jobs recently. Let’s be very specific here. From the bottom of the job market in 2003 to the so-called peak in 2007, technologically advanced industries such as semiconductors, communications equipment manufacturing, and telecommunications lost thousands of jobs. Across the same period, the industry that the Bureau of Labor Statistics calls “Internet publishing and broadcasting and web search portals” — a catch-all category that includes Google, Yahoo! and all the high-profile Internet firms — added only 6,000 jobs.

Life sciences didn’t do much better. From 2003-2007, employment in pharma was stagnant, and biotech added only 16,000 jobs. Indeed, Pfizer recently pulled out of New London, leaving behind a lot of hard feelings. (For more on the jobs shortfall in the innovative sector, see my blog at www.southmountaineconomics.com.)

Turning Innovation into Jobs

So what has happened here? A big part of the jobs crisis stems from a simple fact: Commercializing innovation has taken a lot longer than people expected. Across multiple areas, from biotech to alternative energy to advanced materials to the private uses of space, both large and small companies have faced fundamental scientific and engineering problems. The best example is the sequencing of the human genome, which was announced to great fanfare in 2003. But turning that initial breakthrough into commercial products has turned out to be far more complicated and difficult than many thought. (For more on the innovation shortfall, see my June 2009 cover story, “The Failed Promise of Innovation in the U.S.,” for BusinessWeek.)

In today’s global economy, innovation makes up the main comparative advantage for the U.S. If we are not generating jobs in the innovative industries, it’s no surprise that we have a jobs crisis.

Addressing the innovation shortfall has to be a cooperative project between business and government. How? Here are three low-cost ways to foster a better climate for innovation and jobs:

  • Elevate innovation to the top of the policy agenda. President Obama needs to publicly give higher priority to innovation. In the latest Economic Report of the President, innovation is relegated to the very end of the report, and does not even get a whole chapter to itself (the chapter is called “Fostering Productivity Growth through Innovation and Trade”).

    Why is a public emphasis on innovation important? Government is much better at stopping breakthrough products and services than creating them. New ideas, by definition, are threatening to the status quo. That’s why the president has to give a clear signal to the entire government bureaucracy that innovation is important.

    On the one hand, this shift in public priorities can be done right now, without any additional funding, so Obama wouldn’t have to fight Congress. On the other hand, Obama might have a big struggle to get support from his own economic advisors, some of whom don’t seem to place such high value on innovation.

  • Broaden out government funding for R&D beyond healthcare. To maximize the chances for innovation-related job growth, we want a broad and diverse program of federal support. However, in recent years, federal funding for R&D has increasingly focused on healthcare. Obama’s proposed FY 2011 budget continues that trend, with federal spending on health R&D projected to exceed spending on nonhealth civilian R&D by more than 30 percent. The result: Other areas of R&D are being starved for funds.
  • Improve measurement of the innovative sectors of the economy. Innovation is not as tangible as, say, a new building or a new truck. We are great at counting construction and vehicle production, but horrible at keeping track of innovative activities.

    And as management consultants say, you get what you measure. For example, we know virtually nothing on business spending on R&D in the U.S. during the downturn — a key piece of information for understanding where the economy is going. The good news is that the Bureau of Economic Analysis and the National Science Foundation have made some progress in this direction. However, a relatively small amount of money could accelerate the upgrading of the statistics, with a big impact on policy.

These proposals will not guarantee that the U.S. will suddenly experience a surge of innovation-related job growth. There’s nothing that anyone can do to ensure that commercially viable innovation will arrive on a particular schedule. But to raise the odds of good jobs in the future, we need to make innovation a priority today.

Download the PDF version.

Tags: , , , , , , , ,
Posted in A New Framework for Growth and Equity, Daily Fix, Policy Memo, Priority 2 | 6 Comments »

China and the Cyber Threat

Wednesday, February 17th, 2010
Jim Arkedis


Jim Arkedis is the director of PPI's National Security Project.

by Jim Arkedis

James Fallows of The Atlantic has an excellent piece on China and the cyber threat (as well as some other points on the Chinese military). A few excerpts about cybersecurity:

China has hundreds of millions of Internet users, mostly young. In any culture, this would mean a large hacker population; in China, where tight control and near chaos often coexist, it means an Internet with plenty of potential outlaws and with carefully directed government efforts, too. In a report for the U.S.-China Economic and Security Review Commission late last year, Northrop Grumman prepared a time line of electronic intrusions and disruptions coming from sites inside China since 1999. In most cases it was impossible to tell whether the activity was amateur or government-planned, the report said. But whatever their source, the disruptions were a problem. And in some instances, the “depth of resources” and the “extremely focused targeting of defense engineering data, US military operational information, and China-related policy information” suggested an effort that would be “difficult at best without some type of state-sponsorship.”

[...]

[Cyber authorities] stressed that Chinese organizations and individuals were a serious source of electronic threats—but far from the only one, or perhaps even the main one. You could take this as good news about U.S.-China relations, but it was usually meant as bad news about the problem as a whole.

[...]

This led to another, more surprising theme: that the main damage done to date through cyberwar has involved not theft of military secrets nor acts of electronic sabotage but rather business-versus-business spying. Some military secrets have indeed leaked out, the most consequential probably being those that would help the Chinese navy develop a modern submarine fleet. And many people said that if the United States someday ended up at war against China—or Russia, or some other country—then each side would certainly use electronic tools to attack the other’s military and perhaps its civilian infrastructure. But short of outright war, the main losses have come through economic espionage. “You could think of it as taking a shortcut on the ‘D’ of R&D,” research and development, one former government official said.

And Fallows adds one general extraordinarily striking cautionary note that has little to do with China, but that all policy makers should pay attention to:

[N]early everyone in the business believes that we are living in, yes, a pre-9/11 era when it comes to the security and resilience of electronic information systems. Something very big—bigger than the Google-China case—is likely to go wrong, they said, and once it does, everyone will ask how we could have been so complacent for so long. Electronic-commerce systems are already in a constant war against online fraud. [emphasis added]

The entire piece is worth your time, but those are the big highlights. From my perspective, I’ve seen first-hand how the Pentagon is well-aware of the threat and is devoting substantial assets to detect and disrupt the intrusions. I’m not just talking about the NSA’s new cyber command either — cyber is the hot, new frontier and that creates incentives for every agency under the sun to grab a few million smackers from the budget for working the issue. But where’s the line between effective cyber defense and too many agencies tripping over one another?

Tags: , , , , , , , ,
Posted in A Progressive Security Strategy, Clean Energy and Modern Infrastructure, Daily Fix | No Comments »

Why It’s Too Soon to Worry About Wireless Net Neutrality

Friday, February 5th, 2010
Tom Lee


Tom Lee is a project director for the Sunlight Foundation. The views expressed here are his own.

by Tom Lee

Last week’s Verizon/Google joint FCC filing on net neutrality contained a substantive idea that was worth discussing – a proposal for “Technical Advisory Groups.” But there’s an item that’s also worth discussing because of its incompleteness: net neutrality in the wireless space. Google and Verizon apparently consider it an important enough issue to include, even though they couldn’t agree on anything more specific than to encourage the FCC to “examine specific market and technical factors before applying any general oversight or specific rules to wireless broadband networks.”

But while the issue of wireless network neutrality is important, it’s the wrong one to fixate on at the moment. Wireless is, in fact, different from wired, and the issue of neutrality does not transplant as cleanly from one to the other. Neutrality opponents have, in general, greatly overstated the technical case against regulation. But in the wireless arena as it exists today, their dire warnings are far more plausible.

As with the points of agreement in the Verizon/Google brief, this comes down to the participants’ market positions. Verizon is the country’s most powerful wireless operator, while Google is at the center of the Open Handset Alliance, the organization behind the Android platform and the effort to diminish carrier control that it represents.

Getting a Handle on Wireless Net Neutrality

But what does network neutrality mean in the wireless context? As with the larger debate, people have varyingly expansive ideas about where to draw the line. A good place to start is Tim Wu’s 2007 Wireless Carterfone paper. Wu, at least, is quite specific about what network neutrality involves, basing his criteria off of then-FCC chairman Michael Powell’s “four network freedoms”: choice of applications, choice of devices, choice of content and service plan transparency.

As you might imagine, the wireless carriers don’t like some of these ideas — particularly the first two — saying that they’re technically unworkable. And though I’m hardly a cheerleader for America’s wireless carriers, in this instance, they do have a point. Roger Entner makes the case, pointing out that wireless cells are a shared resource with limited capacity. Wu anticipated this criticism:

The problem with this argument is that scarcity is an economic feature of not just wireless networks, but wireline networks as well. Both wireless and the local loop are last-mile networks of limited available bandwidth, and, in fact, the bandwidth available on a copper local loop is considerably less than on some of today’s wireless networks. For both products, it can be claimed that third parties cannot be trusted to make products that respect the shared needs of the network. In the Hush-a-Phone case, for example, AT&T claimed that third parties would bear “no responsibility for the quality of telephone service, but [be] primarily interested in exploiting their products.” Similarly, local carriers for years complained that modems abused the scarce resources of the phone network (by maintaining long connections). But as Judge Robert Bork argued in another context: “All economic goods are scarce… since scarcity is a universal fact, it can hardly explain regulation in one context and not another. The attempt to use a universal fact as a distinguishing principle necessarily leads to analytical confusion.”

But this is an oversimplification. There are spatial constraints on wireless operators that don’t apply to wired networks. Two cables running side-by-side will not typically interfere with one another; two cell towers operating on the same portion of spectrum and space will. And mobile data users are just that — mobile. A bad DSL modem or heavy Bittorrent user with a cable connection might impact the service of those on the same local loop, but the size of that loop can be controlled by the network operator, and the customers on it can be easily tracked and, if necessary, sanctioned. The number of users impacted by a malfunctioning wireless modem or handset-spewing packets is primarily a factor of population density.

And on cellular networks, tracking down network malefactors is harder and sure to be more expensive than the example cited by Wu. In the Hush-a-Phone case, a commercial entity existed that AT&T could sue. If the manufacturers of the Hush-a-Phone device were to lose such a lawsuit, they risked losing their capital investment. It was in their own interest to produce a device that worked well enough with the AT&T network to satisfy consumers and avoid the network operator’s wrath. The incentives for individuals to use wireless networks gently are much weaker: a canceled contract? A stern letter? This wasn’t enough to discourage those who participated in Operation Chokehold, a deliberate effort by iPhone users to cripple the AT&T network in protest of new bandwidth restrictions.

A More Pressing Wireless Issue

Of course, Chokehold proved to be something of a bust — unsurprising, perhaps, given that even its creator was urging people not to participate by the time the event actually rolled around. Still, the capacity of individuals to damage other wireless users’ service shouldn’t be ignored. I’m in no position to judge the legal merits of Judge Bork’s assertion that scarcity is an incoherent rationale for regulation, but surely it makes practical sense to demand that people stop watering their lawns during a drought. The FCC considered Operation Chokehold a real threat; anyone who’s tried to share wifi on a discount bus line with someone watching video — or just tried to use their iPhone during business hours in San Francisco or New York — intuitively understands how cramped the data portion of cellular networks currently is.

One obvious response is that the networks should be expanded. This is undeniably true: the nation’s demand for wireless data is sure to increase dramatically. The carriers must find fairer ways to charge for access, and begin paying more attention to infrastructure and less to marketing gimmicks. But it’s still the case that the operators must prioritize reliable voice service over data service; that spectrum is a scarce resource; and that there is a tension between expanding existing infrastructure and investing in coming generations of technology.

There’s reason for optimism. WiMAX promises to deliver a wireless network designed for data, and is close to widespread deployment. The transition to digital television also promises to deliver useful spectrum for wireless data (though much of it is currently being used to broadcast reruns of Magnum P.I. and redundant weather channels, thanks to an indefensible giveaway to incumbent broadcasters). Once new wireless networks and technologies remove the tight constraints currently facing mobile data users, protecting and enhancing users’ network freedoms should become a priority for the FCC. Until then, ensuring those networks’ viability must unfortunately remain their focus.

Tags: , , , ,
Posted in Clean Energy and Modern Infrastructure, Daily Fix | 2 Comments »

On Net Neutrality, Google and Verizon Find Common Ground

Tuesday, January 26th, 2010
Tom Lee


Tom Lee is a project director for the Sunlight Foundation. The views expressed here are his own.

by Tom Lee

It’s been about a week since the deadline for comments on the FCC’s notice of proposed rulemaking for net neutrality. Regulators are no doubt immersed in what promises to be an extremely long review process (in a somewhat unusual move, various advocacy organizations directed their supporters to submit comments directly — by at least one account, over 120,000 were submitted).

None of those comments attracted as much attention as the joint filing between Google and Verizon. An Internet service provider (ISP) and a content producer on the same side of this debate? It might not seem like a natural fit. It’s consequently tempting to look at the Google/Verizon proposal as an indication of what a possible net neutrality compromise could look like. But is it? And, just as important: would it be a good idea?

In truth, the partnership isn’t as unusual as one might think. Google and Verizon have collaborated on this issue before, publishing a joint blog post in advance of the FCC notice. It’s not entirely surprising: among the ISPs, Verizon’s current market position makes it uniquely amenable to the case being made by the content provider bloc. With DSL hitting technical limits and receding into a role as a budget broadband option, Verizon has undertaken a major infrastructure upgrade to FiOS — one that should leave them with a substantially higher-capacity network than the cable ISPs can offer. They’re also a new entrant to the digital-television marketplace. In short, Verizon is gunning for the Comcasts of the world, and doing so as a bit of an underdog. It has little reason to fight for a regulatory environment in which the network operators currently at the top of the heap can use their market power to entrench their positions.

So does the jointly submitted letter represent a good-faith common ground, free of the hyperbole and deliberate obfuscation that has characterized so much of this debate? Well, kind of. There’s a pleasant lack of “the FCC is about to accidentally break the internet!”-style fear-mongering. But there isn’t too much else on offer: some opening paeans to the Internet and consumer choice; an endorsement of transparency; a gentle reminder that neither party wants to be on the hook for enforcing intellectual property laws; and muted terror at the realization that the FCC is about to do… well, something.

From this flows the one really substantive idea in the letter: a proposal to create one or more “technical advisory groups” consisting of industry stakeholders, which would resolve neutrality-related disputes on a case-by-case basis, acting as a layer of mediation before the government became involved. Optimists will see this as an attempt to avoid the potential inefficiencies of regulation. Cynics will see it as a recipe for regulatory capture before the regulations are even written. And of course it’s not clear which stakeholders would have a say in these advisory groups. Would Joost? Or Sopcast users? It may be difficult to identify scrappy startups that deserve a seat at the table, particularly if they aren’t corporate entities.

More than anything, the letter serves as a reminder of how nebulous the net neutrality debate has become. What could the ISPs do to our society if they decided to press their advantage? It’s easy to let one’s imagination run wild and conjure net neutrality threats to virtually any cause or principle — hence the various framings of net neutrality as a fundamental economic/political/human rights/feminist issue.

But it’s worth keeping in mind that the only unambiguous violation of net neutrality that we’ve yet seen is Comcast’s decision to monkey with Bittorrent users’ reset packets — and, relatedly, some ISPs’ decision to throttle all encrypted traffic in an effort to fight Bittorrent (though this is still largely a Canadian phenomenon). That’s not to say that neutrality regulation isn’t worth pursuing. But whatever system is established should at least be able to deal with the one problematic case we’ve actually seen — and while the details could prove me wrong, the advisory group proposal doesn’t strike me as being up to the task. Verizon and Google’s common ground may indeed prove to be a useful preview of the FCC’s final vision of net neutrality, but it seems unlikely to be the whole picture.

Tags: , , , , , , ,
Posted in Clean Energy and Modern Infrastructure, Daily Fix | 2 Comments »

Secretary Clinton, Cyber Diplomacy, and Google

Thursday, January 21st, 2010
Jim Arkedis


Jim Arkedis is the director of PPI's National Security Project.

by Jim Arkedis

Echoing FDR in reference to cyber-repression in places like Vietnam, North Korea, Tunisia, and Uzbekistan, Secretary of State Hillary Clinton today outlined her vision of a world with five Internet freedoms: freedom of expression, freedom of worship, freedom to connect online everywhere, freedom from fear of cyber attacks, and freedom from want – the idea that information networks are a “great leveler” that can help lift people out of poverty.

Clinton’s speech clearly signals that fostering free access to the Internet can be a powerful tool that can help loosen the grip of the most repressive regimes. And to that end, she launched a new $15 million project for grassroots civic participation and new media capabilities in the Middle East and North Africa. Small, to be sure, but a worthy start.

But on the panel following Secretary Clinton’s speech, Rebecca MacKinnon of the Open Society Institute warned that though online access no doubt promotes openness, the Internet is not “freedom juice” that can be simply injected into a country and hope that all its oppressive tendencies vanish. That’s because places like China have done a devilish job of networking authoritarianism – a policy that toes a tight line by plugging into the global economy while blocking the receipt of global information. China is of course hardly alone – up to 40 countries (including some nominal democracies) now censor Internet content.

Finally, Clinton had a few words pointedly directed at private sector Internet companies, whom she encouraged to embrace the principals of openness as part of American companies stand for:

I hope that refusal to support politically motivated censorship will become a trademark characteristic of American technology companies. It should be part of our national brand. The private sector has a shared responsibility to help safeguard free expression … And when their business dealings threaten to undermine this freedom, they need to consider what’s right, not simply the prospect of quick profits.

Thus far, Google is the standard-bearer on this issue. The company’s slogan – Don’t Be Evil – has been invoked as it weighs whether to withdraw from China following allegedly government-sponsored cyber attacks on Google-housed email addresses of human rights activists. Since Google and its ilk in effect own the leverage of cyber-diplomacy, it makes sense that the State Department is cajoling them in this direction. I’d expect to see more Foggy Bottom conferences with various Silicon Valley CEO’s to drive home this point in the near future. That’s a good thing.

Finally, the business argument is worth examining. Contrary to the American market, Google isn’t quite as ubiquitous in China as it is stateside. That said, the WSJ grades Google.cn’s results (under censorship) as superior to its Chinese rival Baidu. The article concludes, “From a policy standpoint, the worst move China could make would be to force Baidu’s main competitor out of the country, leaving Baidu with no incentive to spend on R&D and improve its results.” But I’m not so sure — if China wants to stem the flow of information, why would they need a better search engine?

Tags: , , , , ,
Posted in A Progressive Security Strategy, Daily Fix | 2 Comments »