electronic frontier foundation

The Onion Router, Router

The Onion Router, Router

There's been a lot of publicity about a new router, called the anonabox, that promises to make all of your anonymous browsing dreams come true through an open-source software known as TOR. Given that I'm a lover of Kickstarter and an outspoken critic of a lot of voyeurism on the Internet in the post-Snowden world, a lot of my colleagues have approached me on what the hell TOR is, and whether or not this router is worth the pledge.

TOR, stands for The Onion Router, an open source software that has been keeping clandestine journalism safe for years. TOR is a vital tool to ensure the security and integrity of The Open Internet, and it is something that helps ensure journalistic integrity and the freedom of protest and speech. This is absolutely a cause worth supporting, and the anonabox promises to be a way to exchange money ($48) for the convenience of not having to download and tweak the open source TOR software onto each of your computers. However, as backlash against the project has already proven, the largest enemy is going to be unmet expectations.

Big Data and Privacy

Earlier this week, the President's Council of Advisors on Science and Technology (PCAST) released a seventy two page report on the intersection of Big Data and Privacy with an unoriginal title of:  Big Data And Privacy: A Technological Perspective.  It started by first establishing the groundwork for the traditional definition of privacy, as defined by Samuel Warren and Louis Brandeis in 1890.  These individuals stipulated that privacy infractions can occur in one of four ways:

  1. Intrusion upon seclusion.  If a person intentionally intrudes upon the solitude of another person (or their affairs), and the intrusion is seen as "highly offensive" then an invasion of privacy has occurred.
  2. Public disclosure of private facts.  If a person publishes private facts, even if true, about someone's life - an invasion of privacy has occurred.
  3. Defamation, or the publication of untrue facts, is an invasion of privacy.
  4. Removing personal control of an individual's name and/or likeness for commercial gain is an invasion of privacy.

These infractions basically come down to a removal of the control that an individual has over various aspects of their life (being left alone, selective disclosure, and reputation), and PCAST tends to agree as they state a couple of times throughout their report about the need for selective sharing and anonymity.  The report went on to address a few philosophical changes in our mindset about privacy that were needed in order to better enable the successful implementation of the five aforementioned recommendations:

 

  • We must first acknowledge that private communication interception is easier
  • We need to extend "Home as one's castle" to become "The Castle in the Clouds"
  • Inferred Private facts are just as stolen as real data
  • The misuse of data and loss of selective anonymity is the key issue.

 

The report goes on to state that the majority of the concern is with the harm done by the use of personal data and that the historic way of preventing misuse of personal data has been in controlling access; a measure that is no longer made possible in today's nebulous world of data ownership.

Personal data may never be, or have been, within one's possession.

From public cameras and sensors to other people using social media, we simply have no control over who collects data from whom; and we likely never will again.  Which raises the question of who owns the data and who controls it.

And while the Electronic Frontier Foundation would complain (again) that this failed to address metadata (in spite of it equating metadata to actual data in the first few pages), this report comes on the eve of a unanimous vote in the House to rein in the National Security Agency making this a big week for big data privacy advocates.



Peering and Net Neutrality

There's been a lot discussion over the last few weeks after the Federal Communications Commission's "Net Neutrality" regulations were over turned and allegations of throttling for content heavy providers ensued.  These allegations are a lot more complicated than they would first appear, and it's not as simple as "Verizon is throttling Netflix."  In fact, the way that internet traffic is exchanged between multiple internet service providers (ISP), like Sprint and Verizon, is a bit complicated under a concept known as peering which is explained by the Electronic Frontier Foundation below:

 

Connections between web service providers, web sites, and ISPs depend on agreements to exchange Internet traffic with each other, or “peering” links. Operators of backbone and web services make peering agreements with ISPs about how to exchange Internet traffic so that data can be carried efficiently from one part of the Internet to another.

 

Mitch Wagner explains how this works with a little less jargon:

 

Two networks of comparable size will exchange traffic for free if each is sending roughly the same amount of traffic to the other. However, when the relationship is disproportionate, the network that sends significantly more traffic will often write a check to the receiving network to cover the costs. It's kind of like if everybody is going to a potluck dinner. If everybody brings the same amount of food that they eat, that's OK. But if one person habitually eats more than he brings, everybody else might ask that person to pay some money just to keep everything fair.

 

Peering agreements were traditionally handled at the ISP level (Comcast and Sprint, for example) where ISPs would agree what, if any, fiscal compensation was required to level the data transfer requirements, and typically these negotiations are transparent to the customer.  However, as Cogent and Sprint users might remember from 2008, they can spiral out of control enough to cause traffic outages.  Furthermore, ISPs have been known to withhold critical infrastructure upgrades to gain leverage in peering negotiations to the detriment of their consumers.

  

However, for all of the faults that we've seen as a result of peering, it has been overwhelmingly in our benefit.  Take Africa and South America for example; these continents are notorious for ISPs competing with one another and refusing to peer. As a result, the internet connectivity in these regions is astonishingly poor (maps).  So for all of the negative publicity that peering has gotten over the last month, it's worth remembering that it has ushered in a new era of high speed connectivity and globalization.

 

So what does this have to do with Netflix?  The prolific Comcast and Netflix deal signifies a shift from ISP - ISP peering to ISP - Product peering agreements.  Some pundits stipulate that this could signal a downward spiral of internet innovation as the ISP market increasingly collapses to a smaller number of superpowers where the peering burden is increasingly placed on the product owners.  While this is absolutely a possibility, we still have a few more steps before internet innovation is harmed.

  

Most notable among these steps is to prevent anti-trust abuses of ISPs and to ensure that while barriers to entry remain high, they are not artificially fabricated by the oligarchy of ISP superpowers. Unfortunately, this can be a little tricky to navigate as ISPs and city governments have a history of shady courtship prior to installing new infrastructure.  Similarly, as we've seen in politics at the federal level, lobbyists of superpowers can be difficult to ignore, making the free market more difficult to maintain.

  

So where does that leave your average consumer?

  

Potentially screwed.  The free market only operates at equilibrium if everyone acts in their own self interests.  If you are waiting for legislation to force companies to act in your self interest, you are going to be sorely disappointed. So if you find yourself giving your business to a company that isn't furthering your own interests (be it Wal-Mart, Verizon, or General Motors), change companies!



Why It's Not About Privacy

Why It's Not About Privacy

I've faced some opposition recently based on my views that the Electronic Frontier Foundation did a disservice to their constituents by focusing so much of their efforts on privacy, rather than data ownership.  With that in mind, I pose two ethical scenarios to help illustrate my (and the Guardian's) point that solving the data ownership debate will solve far more than just the privacy debate.

Our laws are focused on data collection, but the existence of data is not the concern; it’s the usage and sharing of data.  In today’s interconnected world, individuals are no longer as concerned about what a given company knows about them, but how it’s used and with whom that information is shared.  These are issues that cannot be solved when we limit the scope of our conversation to privacy, but must be evaluated in the larger discussion of establishing ethical data ownership legislation.