Last week, Mike wrote about what seems an important shift in US government policy on encryption, as the White House finally recognizes that adding backdoors isn't a sensible option. That leaves a big question mark over what the UK will do, since David Cameron and intelligence officials have been hintingrepeatedly that they wanted to undermine encryption in some unspecified way. Just last week, the new head of MI5, the UK's domestic intelligence service, gave the first-ever live media interview by a senior British intelligence official. Asked about the alleged danger of parts of the Internet "going dark", he said:
"It requires the cooperation of the companies who run and provide services over the internet that we all use. It is in no one's interest that terrorists would be able to plot and communicate out of the reach of any authorities with the proper legal power."
That's from The Guardian, and another article there points out that the UK government's strategy of trying to get the big US online services to co-operate now looks in trouble:
If the White House does drop the battle [over backdoors] it will leave Britain with little option but to accept the widespread use of encryption. The UK's ability to directly lobby the big American technology firms is limited, and in a report leaked in June the former British diplomat Sir Nigel Sheinwald said that a new international treaty was the only way to get the co-operation of the companies. Without the support of the White House such a treaty seems unlikely.
Without the co-operation of the tech firms what the UK government can do when facing widespread encryption is limited. In June the Home Office confirmed that, for extreme cases, it was considering inserting "black box" probes into the transatlantic cables, to collect data leaving and entering the UK. But if the communications were encrypted on their way to the US, such collection would have little value.
Of course, a lot depends on the detailed policy adopted by the US government, and whether the US intelligence community manages to exploit any future terrorist attacks to get backdoors on the agenda again. But for the moment, it seems that David Cameron's anti-encryption saber-rattling will remain just that.
from the selling-out-the-people-for-the-good-of-the-people dept
Here in the US, the FBI really really really wants to be able to let itself in your backdoor if it feels the urge to paw through your personal communications. (Perhaps the FBI's lack of respect for encryption is due to its own unwillingness to encrypt its communications...) Congress isn't pushing this forward and the administration has indicated it won't back an encryption backdoor mandate. Over in Europe, a mixed bag of terrorism-related legislation is going the other way, pushing for "good guys only" holes in encryption, with any negative use by criminals and foreign governments apparently being the price that must be paid to secure whatever liberty still remains once the "securing" is completed.
The recognition of the need to protect privacy and increase the security of the Internet and associated information systems have resulted in the development of policies that favour the spread of encryption worldwide. The Information Technology Act 2000 provides for prescribing modes or methods for encryption (Section 84A) and for decryption (Section 69). Taking into account the need to protect information assets, international trends and concerns of national security, the cryptographic policy for domestic use supports the broad use of cryptography in ways that facilitates individual / businesses privacy, international economic competitiveness in all sectors including Government.
...before cutting the floor away entirely.
This policy is not applicable to sensitive departments / agencies of the government designated for performing sensitive and strategic roles. This policy is applicable to all Central and State Government Departments (including sensitive Departments / Agencies while performing non-strategic & non-operational role), all statutory organizations, executive bodies, business and commercial establishments, including public sector undertakings and academic institutions and all citizens (including Personnel of Government / Business performing non-official / personal functions).
The "policy" is mandated backdoors -- not for "sensitive" and "strategic" government agencies, but for everyone else, from other government agencies to "all citizens."
The suggested policy splits up the country's population in three groups, with businesses and citizens designated as "B" and "C." The government says, yes, use encryption for better privacy and security... but don't lock us out.
B / C groups (i.e. B2C, C2B Sectors) may use Encryption for storage and communication. Encryption algorithms and key sizes will be prescribed by the Government through Notification from time to time. On demand, the user shall reproduce the same Plain text and encrypted text pairs using the software / hardware used to produce the encrypted text from the given plain text. All information shall be stored by the concerned B / C entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country. In case of communication with foreign entity, the primary responsibility of providing readable plain-text along with the corresponding Encrypted information shall rest on entity (B or C) located in India.
And any ISP looking to provide service in India -- including those not actually located in India -- is expected to give the government access to encrypted transmissions.
Service Providers located within and outside India, using Encryption technology for providing any type of services in India must enter into an agreement with the Government for providing such services in India. Government will designate an appropriate agency for entering into such an agreement with the Service provider located within and outside India. The users of any group G,B or C taking such services from Service Providers . are also responsible to provide plain text when demanded.
On top of that, creators of encryption products would be required to register with the government and submit to a "security evaluation." Presumably, the evaluation will include discussion of where to best place backdoors and/or involve a handover of Golden Keys.
The proposal also suggests the government take a more active role in the development of "indigenous" encryption products. While not specifically detailed in the draft, one assumes any government-produced, pre-compromised encryption products will make their debut accompanied by mandates requiring use going forward, if not retroactively as well.
For what it's worth, the Indian government is accepting comments on the proposed policy until October 16th. Presumably, the draft will move forward despite any negative feedback, given the country's track record on internet freedom and human rights. Factor in the threat of terrorism, and there's very little chance the government won't find some way to push this through mostly unaltered.
We already wrote about the Obama administration considering its options on how to handle the whole "going dark" debate concerning backdooring encryption. The key point in all of that is that there is no chance in hell that backdoors will be mandated by law. The administration recgonizes that's a lost cause. However, within the Washington Post's article that revealed this, there was also a somewhat disturbing argument from the losing side of this battle. The intelligence community seems to be gleefully awaiting the next terrorist event, knowing that it can then reintroduce its push for backdoors:
Although “the legislative environment is very hostile today,” the intelligence community’s top lawyer, Robert S. Litt, said to colleagues in an August e-mail, which was obtained by The Post, “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”
There is value, he said, in “keeping our options open for such a situation.”
In other words, Litt admits that his side has lost this battle, but he doesn't want the administration to come out totally against legislation, because, you know, if there's an attack, then maybe the idiots in the public will finally accept the intelligence community shoving backdoors down their throat. After all, such a plan worked out pretty well with the PATRIOT Act, which took a bunch of bad and rejected ideas and rushed them into law. In fact, it's almost amazing that the law enforcement community didn't get backdooring encryption into the PATRIOT Act back in 2001 in the first place...
Either way, given this, it really looks like Litt is hoping for another attack to get through, just so he can better spy on people. Why are these people in positions of power again?
Last week, we noted that there was an effort underway to introduce an amendment for this week's Defense Appropriations bill in the House that would effectively limit some of the most nefarious aspects of the NSA's ability to spy on Americans via two different types of backdoors: (1) so-called "backdoor searches" on Americans' information collected under Section 702 of the FISA Amendments Act and (2) mandating tech companies build in backdoors to their technology for the NSA to go snooping. The Defense Appropriations bill is expected to hit the House floor sometime soon, under open rules, meaning that the amendment in question won't be blocked by the House Rules Committee, as happens on a variety of other bills.
The amendment has powerful bipartisan backing, sponsored by Reps. James Sensenbrenner, Thomas Massie and Zoe Lofgren, along with co-sponsors Reps. Conyers, Poe, Gabbard, Jordan, O’Rourke, Amash, and Holt. Having Sensenbrenner bring out this amendment is a big deal. This amendment would restore at least one aspect of the USA Freedom Act that was stripped out at the last minute under pressure from the White House. Sensenbrenner sponsoring this bill highlights that he's clearly not satisfied with how his own bill got twisted and watered down from the original, and he's still working to put back in some of the protections that were removed. Conyers is a powerful force on the other side of the aisle, whose support for the USA Freedom Act was seen by some as a signal that the bill was "okay" to vote on. Having both of them support this Amendment suggests that neither were really that satisfied with the bill and felt pressured into supporting it.
While this Amendment doesn't fix everything, it is an important chance for members of Congress to show that they really do support protecting Americans' privacy. But they need to know that. Please contact your Representative today to let them know you want them to support this amendment. The EFF and others have set up a website, ShutTheBackDoor.net, to help you contact your official. Please do so today.
While we've noted that the White House and the USTR have insisted that ACTA is not a treaty and does not require Congressional ratification (something that many, many observers believe is wrong), with the followup TPP agreement, there's no question that it's a broad agreement that will require Congressional approval. But, now we know how the USTR is hoping to streamline that process as much as possible, too.
AndyB points us to the news that Ron Kirk, the USTR, has directly asked Congress to provide the administration with "trade promotion authority," which more or less abdicates Congress's ability to substantially question or modify any international agreement. Trade promotion authority basically forces Congress to vote on any trade agreement put forth by the administration within a very short period of time (90 days) and denies them the ability to offer any amendments (i.e., to do their job). The "reasoning" behind this is to give the administration/USTR authority to negotiate with foreign countries, such that there aren't any questions in those countries of whether or not the US will actually agree to the deal, or if they'll try to change a deal once negotiated.
And, of course, the main reason for seeking this trade promotion authority... is to ram through the Trans Pacific Partnership (TPP) by the end of the year.
But, such a provision is basically Congress giving up its powers. There's a reason why Congress is supposed to ratify treaties: and it's to keep the executive branch from negotiating something horrible and having us be bound to it. It's crazy to think that Congress would just give up this important check and balance on the executive branch.
The panel was moderated by Andrew Keen, and included Gigi Sohn from Public Knowledge, Richard Bennett from ITIF, Larry Downes from Stanford and myself. With so many people, and not much time, I didn't get a chance to say much other than that this whole thing is a bit of a red herring, and that the real issue, that the FCC should be focused on, is making sure there's real competition in the broadband arena -- because if there were real competition, net neutrality wouldn't even be a discussion point (because, if any firm broke it, customers would go elsewhere quickly). However, the discussion itself is quite worthwhile, mainly for the viewpoints of the other three panelists.
While Gigi characterizes the panel as three against one, I don't think that's quite fair. I'm sympathetic to her argument on the importance of this. I think that maintaining a "neutral" internet, or one where end-to-end principles are maintained, is important. I just think that it can be done without the FCC stepping in, and that having the FCC make this move now could very well open the door to problematic decisions down the road. No matter how good the principles are that Genachowski wants to lay out (and I think they're pretty good), this opens the door to the FCC making much worse decisions in the future. And, in the meantime, we'll see all sorts of work by lobbyists and special interests to either neuter the rules or slip in enough exemptions to make the whole thing somewhat meaningless, and just another regulatory nightmare. Gigi's optimistic that this won't happen. I'm not convinced.
Meanwhile, if you want a preview of exactly what the legal arguments are that will be filed in response to this decision, well, watch the exchange between Larry and Gigi over whether or not the FCC can even do what it's proposing to do. I honestly don't know who is right -- and both make compelling cases for their arguments. In the end, a judge (or perhaps nine Supreme Court justices) will make the final call. Larry has laid out why he doesn't think the FCC can win in more detail -- and I'm sure we'll see more from Gigi as well.
Either way, the one thing that is certain is that this will be tied up in court for many years, and I stand by my assertion that for the next few years this is going to be pretty meaningless for consumers. I disagree with Richard Bennett that this will impact investment in networks -- and not because "investment ignores regulation" (a phrase he used which I've never heard anyone utter and which makes no sense to me), but because he's wrong that this creates any more uncertainty than there was before. There's been a discussion over net neutrality for more than half a decade and threats to move the ball back and forth all of these years. There's been plenty of uncertainty all along. The only reason that there would be a decline in investment in broadband is if the major providers get fat and happy and realize there's no competitive pressure for them to continue upgrading.
Also, while I agree with Richard that the internet tends to "regulate itself" to prevent anything really egregious from happening, he's being a bit disingenuous in suggesting that it's consumer advocates who came up with the idea that telcos would slow down or block certain websites. That came from former SBC/AT&T (and now GM) CEO Ed Whitacre, who blatantly said that was the plan. However he is right that AT&T's inability to follow through has mostly been due to loud public outcries against it.
Finally, to Gigi's point that this is necessary so that there's someone looking out for consumers and mandating transparency... I still have to go back to the point that those things are not the job of the FCC, but of the FTC, who already has the power to protect consumers and to respond to actions like what Comcast did with BitTorrent, in that Comcast was selling consumers one thing and providing them with something else.
Of course, with all of that out of the way concerning the debate... what about what the FCC is actually going to do. After the WSJ article came out, the FCC put out a statement claiming that its plan -- which will be "outlined" today -- would not, in fact, be the so-called "nuclear option" of reclassifiyng broadband as a telecommunications service, but a magical "third way":
"The Chairman will outline a "third way" approach between a weak Title I and a needlessly burdensome Title II approach," says the statement. "It would 1) apply to broadband transmission service only the small handful of Title II provisions that, prior to the Comcast decision, were widely believed to be within the Commission's purview, and 2) would have broad up-front forbearance and meaningful boundaries to guard against regulatory overreach."
As Broadband Reports notes, this is all way too ambiguous. What everyone is saying is that this will apply to internet access, but not to internet providers -- whatever that means. Ambiguity in this situation is not good, because (yet again) it introduces all sorts of wiggle room for lobbyists to move things around. But this has become the way things seem to work in the Genachowski FCC, with vague plans announced that try to thread the needle between various sides, without ever taking a very firm stand on anything, but making sure not to piss off anyone either. It's why the big broadband plan seems to have so few specifics. It's as if Genachowski is afraid to take a real stand on anything. Even reading the FCC description of this move has him trying to explain why this isn't really a big deal, saying that it simply seeks to confirm what people felt was true before the Comcast ruling.
We'll see what the final announcement is -- and this is definitely a case where the devil is going to be hiding deep in the details -- but either way, you can rest assured that legal briefs are being written as we speak (if they haven't been written already), and this is all going to be in court for a long, long time before any of it really matters. The video above started out with the question of "what is network neutrality," and for the next few years, it's basically going to be gridlock in the court system.
This should come as no surprise, given that the court indicated this a few months back, but it's now official that the FCC has no power to mandate net neutrality or to punish Comcast (even with a gentle wrist slap) for its traffic shaping practices. Lots of people seem upset by this, but they should not be. This is the right decision. The FCC was clearly going beyond its mandate, as it has no mandate to regulate the internet in this manner. In fact, what amazed us throughout this whole discussion was that it was the same groups that insisted the FCC had no mandate over the broadcast flag, that suddenly insisted it did have a mandate over net neutrality. You can't have it both ways (nor should you want to). Even if you believe net neutrality is important, allowing the FCC to overstep its defined boundaries is not the best way to deal with it. So for those of you upset by this ruling, look at it a little more closely, and be happy that the FCC has been held back from expanding its own mandate. Otherwise, the next time the FCC tried to do something like the broadcast flag or suddenly decided it could enforce "three strikes," you'd have little argument.
That doesn't mean that Comcast should get off free for its actions. It should still be punished -- but by the FTC, rather than the FCC -- for misleading its customers about what type of service they were getting, and what the limitations were on those services. As for the FCC, if it really wants a more neutral net, it should focus on making sure that there's real competition in the market, rather than just paying lip service to the idea in its broadband plan.
The truth -- as courts have recognized in both cases -- is that both appear to be situations where the FCC is overreaching its authority.
Still, it's not just the groups supporting the FCC on net neutrality that are taking inconsistent positions here. Remember how Comcast -- which this latest ruling supports -- has in the past used the argument that the FCC does have this mandate over them to try to avoid regulatory oversight in California. So neither side looks very good here. In fact, in a recent interview concerning the proposed Comcast/NBC merger, Comcast's spokesperson highlighted that people shouldn't be afraid of NBC getting preferential treatment because "existing law already prohibits any discrimination." What existing law? Uh, the same one Comcast just convinced the court doesn't exist. In other words, the law doesn't exist when Comcast doesn't like it, but if anyone says Comcast might violate neutrality, it insists the law suddenly does exist.
On the whole, it's a good thing that the court is making sure the FCC doesn't overstep its authority here -- though, there's a pretty good chance that the response is going to be a push in Congress to give the FCC this authority. And that's where things get sticky. Should the FCC have the right to regulate the internet? While the concept of net neutrality is important and it would be bad for it to go away, that's quite different than opening up the pandora's box of giving the FCC the right to enforce it. The risk of unintended (and dangerous) consequences is quite high.
Instead, the real focus should be on increasing competition in the broadband space so that users have a real choice and can ditch any provider who decides to ignore the principles behind net neutrality. Until that happens then we're going continue to have these battles over the symptoms of not enough competition.
Well, the terrestrial radio companies failed to stop the XM-Sirius merger from a happening with a rather ridiculous campaign against the merger, but that doesn't mean they can't continue to try to cause problems. The latest is that they've convinced Representative Ed Markey to introduce legislation requiring all satellite radio devices to include the ability to play HD Radio (terrestrial radio's attempt to provide a better quality product to compete with satellite). The FCC had just begun investigating whether or not such an HD Radio mandate made sense, but apparently Markey can't wait and is pushing to have the mandate pushed through as law before the FCC can study the issue. Is it worth mentioning that the NAB, the lobbying arm of the terrestrial radio stations (and the group that resorted to all sorts of questionable actions in trying to prevent the Sirius-XM merger), is one of Markey's biggest campaign contributors? Oh, and that XM CEO Mel Karmazin contributed to Markey's campaign back in 2001 (when Karmazin worked for Viacom), but apparently hasn't contributed more recently? Feel free to express your thoughts on the bill with this voting widget (if you're reading in RSS, click through to see it):
Ed Felten has a great post questioning various government regulations forcing "local" ownership, advisory committees and content for certain types of broadcast media. Felten points out that local content makes sense for local communities, but communities aren't just defined by locality anymore. In fact, he points out how such "local" broadcasting rules made it more difficult for him to keep in touch with his "local" community back in Princeton, New Jersey, when he spent a year on sabbatical in California. Due to those local restrictions, he couldn't get the local television stations from back in Princeton that he enjoyed.
But, perhaps an even bigger question (which Felten doesn't touch on) is why there need to be regulatory mandates for local content in the first place. As we were just pointing out, in the newspaper business, newspaper chains that have aggressively focused on producing local content have found that it's quite profitable while the newspapers that focus on more national news are struggling. In other words, the market itself seems to reward local content without any government mandate. So why is a government mandate necessary at all?