Ambiguity in cyberspace and the legality of hacking and manipulating sovereign nations; does it benefit the attacker, or the victim? We've all but survived the potential catastrophe of the 2016 election, and the Russian interference within it, but what does that mean for the future of cyber and psychological warfare throughout the world?
Last week, I put out a call to action to contact your Congressional Representative because of a bill that had passed, with little fanfare, the Senate aimed at removing Obama-era privacy protections for consumer privacy. While over 1,000 of you responded to this request, the measure unfortunately passed the House and the 100 pages of FCC regulations aimed at protecting user privacy is now no more.
While the Internet was outraged by a, now redacted, article posted by the Electronic Frontier Foundation (EFF), about a test program that users can opt-out of, Internet Service Providers (ISP) have not yet rapidly capitalized on the release of these regulations. In fact, the first people to capitalize on this loosening of regulations have been the people who most opposed their loosening in the first place! Self-proclaimed privacy advocate Adam McElhaney, has set up a viral GoFundMe page with the intent to crowdfund the money required to purchase the internet history of the Senators and Representatives who voted for these rollbacks.
This is dangerous.
In a quiet press release, lost among the battle to defeat the disastrous Affordable Care Act repeal U.S. Senator Jeff Flake (R-Ariz) introduced a bill to gut the regulatory power of the Federal Communication Commission (FCC). The joint resolution is extremely short, stating that the Senate "disapproves the rule submitted by the Federal Communications Commission relating to 'Protecting the Privacy of Customers of Broadband and Other Telecommunication Services,' and such rule shall have no force or effect."
Senator Flack, a huge recipient of the extremely conservative Club for Growth PAC, is more concerned with repealing everything Obama touched than he is in understanding the personal journey that privacy necessitates, or the implications a repeal of these rules would have on technology and the economy.
Arguments for and against the use of "Big Data" to tailor services and advertisements litter the blogosphere, but one thing is certain: Without this data, many of the tools society depends on would be inconceivable. However, these revolutionary tools aren't without consequences. In one prolific example, captured by Charles Duhigg in his book The Power of Habit, the national retailer Target predicts the pregnancy of, and sends relevant advertisements to, a teenage girl at such an early stage of her pregnancy that her family, friends, and boyfriend had not yet been informed of the new development. The situation caused such an uproar among privacy advocates and those against general 'creepiness' of the situation, that Target artificially diluted the accuracy of its algorithms in order to prevent alienating future customers.
While companies like Target grapple with the nuances of using this data, break through technologies have emerged that enable us to turn our unused rooms into mini-hostels, prevent food shortages in Philadelphia, and create insanely popular TV shows like Luke Cage. Unfortunately, these technologies face the same privacy concerns that Target once grappled with, and the privacy debate continues to evolve. This evolution must continuously be refined as society and technology advance, or the political, legal, and ethical frameworks it helped create will no longer provide much protection. Unfortunately, while this debate has evolved around the safety of consumers and the protection of data, there has been little discussion about the economic security of consumers and their data.
Just as countless technological innovations were made possible throughout human history by capitalizing on previously wasted byproducts, data must one day cease to be treated as happenstance, and be understood for the value it possesses. It's not enough for the government to protect the only physical safety of its citizens, it must enable its citizens to be educated and capable enough to fight for their economic security in light of a booming industry. It's only in doing so that consumers will be able to understand the true cost of their consumerism.
Apple is a distinctive company that has improved the lives of millions of Americans. But Tim Cook omitted critical facts about data encryption on 60 Minutes last night. He claimed that Apple does not comply with lawful subpoenas because it cannot. While it may be true that Apple doesn't have access to encrypted data, that's only because it designed its messaging service that way. As a society, we don't allow phone companies to design their systems to avoid lawful, court-ordered searches. If we apply a different legal standard to companies like Apple, Google, and Facebook, we can expect them to become the preferred messaging services of child pornographers, drug traffickers, and terrorists alike--which neither these companies nor law enforcement want. Our society needs to address this urgent challenge now before more lives are lost or shattered.
That was the recent statement by Tom Cotton (R-AR) in response to Tim Cook’s segment on 60 Minutes. As usual, Tom Cotton doesn’t really know what the hell he’s talking about, so let’s take a deeper look.
By now, it's pretty self-evident that I spend a lot of time blogging about issues that could have a direct, negative, impact on the Internet as we know it: SOPA (et al), PRISM, and the new Net Neutrality issues. To our credit, the collective will of the Internet has been heard to prevent, reform, or significantly alter all of these issues (PRISM is in progress) and Net Neutrality is no different.
Net Neutrality means that Internet service providers may not discriminate between different kinds of content and applications online. It guarantees a level playing field for all Web sites and Internet technologies; but all that could change.
There's been a lot discussion over the last few weeks after the Federal Communications Commission's "Net Neutrality" regulations were over turned and allegations of throttling for content heavy providers ensued. These allegations are a lot more complicated than they would first appear, and it's not as simple as "Verizon is throttling Netflix." In fact, the way that internet traffic is exchanged between multiple internet service providers (ISP), like Sprint and Verizon, is a bit complicated under a concept known as peering which is explained by the Electronic Frontier Foundation below:
Connections between web service providers, web sites, and ISPs depend on agreements to exchange Internet traffic with each other, or “peering” links. Operators of backbone and web services make peering agreements with ISPs about how to exchange Internet traffic so that data can be carried efficiently from one part of the Internet to another.
Two networks of comparable size will exchange traffic for free if each is sending roughly the same amount of traffic to the other. However, when the relationship is disproportionate, the network that sends significantly more traffic will often write a check to the receiving network to cover the costs. It's kind of like if everybody is going to a potluck dinner. If everybody brings the same amount of food that they eat, that's OK. But if one person habitually eats more than he brings, everybody else might ask that person to pay some money just to keep everything fair.
Peering agreements were traditionally handled at the ISP level (Comcast and Sprint, for example) where ISPs would agree what, if any, fiscal compensation was required to level the data transfer requirements, and typically these negotiations are transparent to the customer. However, as Cogent and Sprint users might remember from 2008, they can spiral out of control enough to cause traffic outages. Furthermore, ISPs have been known to withhold critical infrastructure upgrades to gain leverage in peering negotiations to the detriment of their consumers.
However, for all of the faults that we've seen as a result of peering, it has been overwhelmingly in our benefit. Take Africa and South America for example; these continents are notorious for ISPs competing with one another and refusing to peer. As a result, the internet connectivity in these regions is astonishingly poor (maps). So for all of the negative publicity that peering has gotten over the last month, it's worth remembering that it has ushered in a new era of high speed connectivity and globalization.
So what does this have to do with Netflix? The prolific Comcast and Netflix deal signifies a shift from ISP - ISP peering to ISP - Product peering agreements. Some pundits stipulate that this could signal a downward spiral of internet innovation as the ISP market increasingly collapses to a smaller number of superpowers where the peering burden is increasingly placed on the product owners. While this is absolutely a possibility, we still have a few more steps before internet innovation is harmed.
Most notable among these steps is to prevent anti-trust abuses of ISPs and to ensure that while barriers to entry remain high, they are not artificially fabricated by the oligarchy of ISP superpowers. Unfortunately, this can be a little tricky to navigate as ISPs and city governments have a history of shady courtship prior to installing new infrastructure. Similarly, as we've seen in politics at the federal level, lobbyists of superpowers can be difficult to ignore, making the free market more difficult to maintain.
So where does that leave your average consumer?
Potentially screwed. The free market only operates at equilibrium if everyone acts in their own self interests. If you are waiting for legislation to force companies to act in your self interest, you are going to be sorely disappointed. So if you find yourself giving your business to a company that isn't furthering your own interests (be it Wal-Mart, Verizon, or General Motors), change companies!
Foreign governments are in a state of panic and are looking to "balkanize" the internet, domestic judges are ruling the methods unconstitutional, and lawmakers are looking to turn off the utilities at NSA plants. However, many people (myself included) take some solace in the fact that we may not be under as much scrutiny as we might think. We like to assume that if we can't make sense of that much information, then no one can; and the more we know about analyzing data, the more often we jump to that logical fallacy.
I was among those. Having taken graduate courses in data analytics, I was operated and espoused the belief that the NSA can't possibly analyze all of the information that they're collecting through PRISM, CO-TRAVELER, and Landscaping; and while I was not wrong, it turns out that they don't actually have to. After a conversation with +Andreas Schou, I was introduced to Graph Theory; the methodology that scientists have been using to make sense of large amounts of relational data for years.
Graph Theory is the study of graphs, which are mathematical structures used to model the relationships between objects. These objects are connected by "edges" which map the objects based on observed or mathematically inferred relationships. Graph theory is primarily used in the study of discrete mathematics, but can also be used in computer science to represent networks of devices, data, or information flow; sociology to measure an actors' prestige (Six Degrees of Kevin Bacon); social network analysis; and analyzing associations within criminal organizations.
This associative analysis can help intelligence analysts determine the relationship between different objects (a credit card can be linked to a cell phone, which can be linked to a person who has a criminal record). The problem with PRISM (et al) is that the intelligence net that is cast is so large that information overload is a serious problem. How does the NSA, or any large data company (Google, Amazon, Facebook), handle these large data sets? As we know, any savvy criminal will have more than one phone and almost everyone has more than one e-mail address, credit card, or digital avatar. The sheer number of objects contained within a graph that attempts to map every transaction, phone call, and relationship will quickly become unmanageable.
Within graph theory, algorithms are relied on to handle and split the complex data into smaller, more manageable graphs. I'm not a data scientist, so I'm very fuzzy on the specifics of this, but large complex graphs can be split into smaller graphs through algorithmic computation. These smaller graphs isolate a section of objects that are known to be of interest to law enforcement agencies, and then this data can be analyzed. For example, if the Los Angeles Police Department picks up a known fugitive and determines that his phone number is 999-4442, then using graph theory the NSA could extract a subgraph of information relationships deemed most relevant to 999-4442; such as that fugitive's credit card, his burner phone, his favorite pizza parlor's phone number. Ideally, contained within this subgraph of information will be a link to another, unknown, criminal who may be participating in illegal activities.
Mr. Schou posits that through a combination of PRISM, CO-TRAVELER, and Landscaping information, the NSA can create a relational graph of virtually everyone in the world. The NSA's three degrees methodology for determining from whom they collect information is enough to guarantee that almost everyone is going to end up on the NSA's radar. Mr. Schou goes on to make the distinction that since the NSA is not actually collecting data against persons in their new metadata surveillance methods, but against phone numbers, credit card numbers, and virtual avatars, the surveillance net quickly reaches an exponential growth rate. For example, take a look at how this "three degree" methodology is explained with this slideshow:
Going back to our example involving the Los Angeles Police Department, the fugitive with the phone number of "999-4442" will enable the surveillance of 125,000 individuals; and this just looks at the data collection associated with PRISM. When you add in CO-TRAVELER and Landscaping methodologies, that Los Angeles fugitive is going to cast a pretty wide net. When you consider that some phone numbers are going to be related to significantly more than 50 individuals (have you ever called Microsoft's Tech Support?) then the exponential increase from this "three hops" rule is going to be infinite.
So who does this "Three Hops Rule" actually protect?
Back in March, I posted a detailed post about PICP/SOPA and Lamar following a massive outcry of netizens across the world. At first, it would have appeared that boycott lead by Google, Reddit, and Wikipedia was successful. However, the ruling party simply does not seem to want to give up. Don't worry though, we're not alone. Some other countries have similar laws on the table; among them are the obvious choices (Korea, Iran, etc). However, what may surprise you also The United Kingdom.
" The British government is about to unveil proposals to block the Internet for copyright enforcement purposes. The confirmation came in a Parliamentary debate yesterday on Intellectual Property, in which pro-copyright MPs had a little ‘chit-chat’ about the allegedly ‘anti-copyright’ government, and indicated their desire for the activation of the Digital Economy Act"