Karl Bode’s Techdirt Profile


About Karl Bode

Karl Bode is a freelance writer living in New York that has been babbling, jabbering and prattling about technology, politics and culture professionally for more than fifteen years. Follow me on Twitter @KarlBode


Posted on Techdirt - 21 April 2017 @ 10:39am

Self Driving Taxis Are Going To Be A Nightmare To Secure, Warns Ex-Uber Security Researcher

from the I'm-sorry-I-can't-do-that,-Dave dept

So over the last few years you probably remember seeing white hat hackers demonstrate how easily most modern smart cars can be hacked, often with frightening results. Cybersecurity researchers Charlie Miller and Chris Valasek have made consistent headlines in particular by highlighting how they were able to manipulate and disable a Jeep Cherokee running Fiat Chrysler's UConnect platform. Initially, the duo documented how they were able to control the vehicle's internal systems -- or kill it's engine entirely -- from an IP address up to 10 miles away.

But the two would go on to highlight how things were notably worse, pointing out last year that they'd also found a way to kill the vehicle's brakes, cause unexpected acceleration, or even direct the vehicle to perform sudden and extreme turns:

"Last year, they remotely hacked into the car and paralyzed it on highway I-64—while I was driving in traffic. They could even disable the car’s brakes at low speeds. By sending carefully crafted messages on the vehicle’s internal network known as a CAN bus, they’re now able to pull off even more dangerous, unprecedented tricks like causing unintended acceleration and slamming on the car’s brakes or turning the vehicle’s steering wheel at any speed."

Just the gift for intelligence or private sector ne'er-do-wells looking to cause mayhem -- or worse.

After Miller and Valasek's hacks made consistent headlines, the two were quietly hired by Uber to help the company secure its self-driving taxi service. Miller has since moved on to Chinese competitor Didi, and tells Wired he's much more free to speak about the perils of securing automated cars and taxis. What he's saying isn't what you'd call comforting:

"Autonomous vehicles are at the apex of all the terrible things that can go wrong,” says Miller, who spent years on the NSA’s Tailored Access Operations team of elite hackers before stints at Twitter and Uber. “Cars are already insecure, and you’re adding a bunch of sensors and computers that are controlling them… If a bad guy gets control of that, it’s going to be even worse."

The problems that Miller highlighted with the Jeep Cherokee are significantly worse when you're talking about a taxi that sees significantly more use each day. A taxi that, under current federal law, won't be able to block consumer access to the vehicle's OBD2 port (something consumers want the freedom to tinker with in their own vehicle, but perhaps not so much in a communal car):

"There’s going to be someone you don’t necessarily trust sitting in your car for an extended period of time,” says Miller. “The OBD2 port is something that’s pretty easy for a passenger to plug something into and then hop out, and then they have access to your vehicle’s sensitive network."

Miller notes that securing an automated vehicle isn't impossible, but it's going to require the use of "codesigning," restrictions built into the OBD2 port, better internal segmentation and authentication -- and basically a complete retooling of how self-driving vehicle security is implemented. But Miller notes that companies like Uber are bolting their computer systems onto already built vehicles, which complicates things. And the slow pace of finding and patching security vulnerabilities in vehicles poses an additional layer of problems.

The solution will also involve greater "open conversation and cooperation" among carmakers and developers, something Miller says was lacking at Uber, and hasn't exactly been the trademark of other automated vehicle vendors.

Right now, we continue to find the lack of security in our smart fridges and TVs kind of cute. But it's threats like those being exposed by Miller that have some security researchers like Bruce Schneier consistently predicting some massive problems on the horizon that may result in notable human casualties. And we're not helping the problem by letting companies monopolize repair, or consistently erode our privacy rights or our freedom to tinker.

19 Comments | Leave a Comment..

Posted on Techdirt - 20 April 2017 @ 6:27am

FCC Moves To Make Life Easier For Business Broadband Monopolies

from the do-not-pass-go,-do-not-collect-$200 dept

By now, most people understand that the residential broadband market simply isn't very competitive. They also understand that's in large part due to the lobbying and financial stranglehold many providers have over both state and federal lawmakers and regulators. But however uncompetitive the residential broadband market is, the business "special access market" (often called Business Data Services (BDS)) is notably worse. This important but overlooked segment of the telecom market connects schools, cell towers, ATMs, retailers, and countless others to the internet at large.

But consumer groups and smaller companies for years have complained that this segment suffers under an absurd amount of monopoly control, resulting in many companies and organizations paying sky-high rates for basic connectivity. According to the FCC's own data (pdf), in the lion's share of markets, 73% of the special access market is controlled by one provider (usually AT&T, CenturyLink or Verizon), 24% usually "enjoys" duopoly control, and only a tiny fraction of markets have more than two choices of BDS providers providing this key connectivity.

After ten years of industry bickering and lobbying, Tom Wheeler last year began seriously exploring changes to special access rules, including price caps on how much these monopolies and duopolies can charge smaller companies (and in wireless, smaller competitors). By and large the FCC avoids broadband price caps like the plague, and the effort to impose limits on the BDS market reflected just how incredibly uncompetitive the special access market had become. But the rules were never finalized, and new FCC boss Ajit Pai was quick to throw away the decade-long reform effort.

Instead, Pai has proposed deregulating this captive market even further, a massive win to the incumbent monopolies and duopolies that control it. In a blog post, the FCC boss was quick to insist that competition in this sector is actually growing, and his (read: AT&T and Verizon's) proposal will be sure to keep regulations in place in areas where it isn't:

"The extensive record compiled by the Commission’s excellent staff shows substantial and growing competition in many areas of the country, thanks to new market entrants like cable companies. Where this competition exists, we will relax unnecessary regulation, thereby creating greater incentives for the private sector to invest in next-generation networks. But where competition is still lacking, we’ll preserve regulations necessary to prevent anti-competitive price increases."

But, as with much of Pai's particular brand of FCC leadership, what the FCC boss says -- and what he does -- are often very different things. Ars Technica is quick to highlight that Pai's proposal has a rather unique definition of "competition." Namely, the proposal declares a market "competitive" if there's just one additional broadband provider anywhere in a half mile radius:

"Pai's definition of "sufficient competition" has drawn fire. The plan would treat an entire county as competitive "if 50 percent of the locations with BDS demand in that county are within a half mile of a location served by a competitive provider." A county would also be considered competitive if 75 percent of Census blocks in the county have a cable provider."

Pai is part of a segment of revolving door regulators and other industry allies that often comically deny any competition issues in the broadband space -- whatsoever. Their solution is consistently blind and blanket deregulation, laboring under the belief that less regulatory oversight -- combined with no real competition -- somehow magically forges telecom Utopia. And while deregulation certainly does aid competitive, innovative markets, blind deregulation of the telecom market time and time again only serves to make competition issues worse. Just ask a Comcast customer.

The FCC is poised to vote on the deregulation of the uncompetitive BDS market on April 20 (and likely already voted to approve this effort by the time you read this). Lawmakers like Senator Ed Markey and Rep. Ed Doyle had urged the FCC to delay the vote:

"In the BDS market, we need more protections for competitors and small businesses, not great market control by incumbents,” they wrote. “We are concerned that the proposed BDS Report and Order does not adequately promote competition or apply appropriate pricing protections where competition does not exist."

BDS being an important but wonky and under the radar market for consumers and the press -- Pai should be able to ram this vote through without much public scrutiny. As such, Pai's moves to gut rules governing the BDS market are set to join a growing chorus of other "accomplishments" we've seen so far under Pai, such as making it easier for prison monopolies to rip off inmates, the dismantling of efforts to improve cable box competition, the erosion of efforts to bring broadband to the poor, and his looming attempt to kill net neutrality. You'll notice one, consistent beneficiary to Pai's agenda -- and it sure as hell isn't you.

12 Comments | Leave a Comment..

Posted on Net Neutrality Special Edition - 19 April 2017 @ 6:18pm

Roku Hires DC Lobbyists For First Time To Fight For Net Neutrality

from the K-Street-showdown dept

With broadband privacy rules dead, ISP lobbyists and their loyal lawmakers have begun quickly shifting their attention to killing FCC oversight of broadband providers and net neutrality. We've pointed out how folks concerned about this shouldn't expect a lot of help from the likes of Facebook, Netflix and Google this go round. We've also noted how folks need to begin waking up to the false arguments being used to sell the pitch (namely that gutting net neutrality and FCC authority over ISPs will be fine because existing FTC rules will protect users, which simply isn't true).

Roku certainly appears to have gotten the message, with reports suggesting the company has hired DC lobbyists for the first time ahead of what's expected to be a May or June attack on net neutrality (either at the FCC, in Congress, or a combination of both):

"For Roku and others in the business, an end to the Obama-era protections could make it harder — or, in some cases, more expensive — to offer content or services to customers at top download speeds. That’s why Roku has hired a pair of Republican lobbyists through an outside government-affairs firm, according to a federal ethics reports filed this week, specifically to focus on net neutrality. It’s the first time the company has ever retained lobbyists in Washington, D.C."

Roku, like countless other companies, is considering a live TV streaming platform that would compete with services from the likes of AT&T, Verizon and Comcast. Via usage caps and zero rating, these providers have already been waging a not-so-subtle war on streaming competitors. The former FCC had just started doling out wrist slaps for this sort of anti-competitive behavior, though the current Ajit Pai-led FCC was quick to kill all inquiries into the tactic. As we've long-noted, this kind of behavior is only made possible by a lack of competition in the broadband space, something the current FCC is clearly not interested in fixing.

Roku has been on the receiving end of other anti-competitive behaviors by the likes of Comcast, designed to protect the cable industry's long-standing monopoly over cable TV hardware. While not technically a net neutrality violation, Comcast spent years refusing to implement the relatively-simple authentication needed to let Comcast broadband customers watch services like HBO Go on Roku, Playstation, or other devices. And while it has since backed off that behavior, it's now charging Roku users a completely arbitrary $7.95 fee just to use the Roku to watch Comcast TV services.

As we've long noted, these kinds of anti-competitive behaviors are just symptoms of the disease that is the lack of competition in the broadband market (which, contrary to some narratives, is far from "free," is deeply taxpayer subsidized, and doesn't magically fix itself with blind deregulation). With the current FCC making it abundantly clear it plans to ignore this lack of competition -- and strip away consumer protections in the space -- Roku should be worried. If you've spent any time watching the behavior of companies like Comcast as they grow larger and less accountable, you should be worried as well.

5 Comments | Leave a Comment..

Posted on Techdirt - 19 April 2017 @ 10:48am

Apple Takes Heat For Software Lock That Prevents iPhone 7 Home Button Replacement By Third-Party Vendors

from the right-to-repair dept

We've been discussing for some time how John Deere, Apple, Sony and Microsoft are among a laundry list of companies fighting against so-called "right to repair" bills. The bills, currently being pushed in a handful of different states, make it easier for consumers to repair their own products and find replacement parts and tools. The bills are an organic consumer response to the attempts of many of these companies to monopolize repair, driven in large part by John Deere's draconian lockdown on "unauthorized repairs" -- forcing tractor owners to pirate tractor firmware and maintenance tools just to repair products they thought they owned.

Apple's been notably vocal on this subject, recently trying to shut down a Nebraska right to repair bill by proclaiming that it would turn the state into a dangerous hacker playground. Of course, propped up by the DMCA's anti-circumvention rules, Apple has utilized a rotating crop of tools to try and protect this repair monopoly. Last year, for example, Apple caused a bit of a shitstorm due to "Error 53", part of an iOS update that bricked phones that had their screens replaced by third party repair vendors.

Having apparently learned no lessons from the backlash from that use of repair locks, Apple is once again taking heat for new software locks cooked into the iPhone 7, which prevent the device's home button from working after it has been replaced. Unless, that is, the replacement is performed by a certified Apple technician with the proper "re-calibration" software. The home button is used to unlock the phone, and to return the user to the home screen when pressed.

In previous iPhone versions (iPhone 5S, 6, and 6S) if you replaced the home button you lost the security function, but users could still login via pin -- and the button still worked to bring users "home." But with the iPhone 7, replacing the home button via third-party vendor results in the button not working at all -- unless you take the device to Apple's Genius bar. This is, independent repair shops claim, just part of Apple's overall strategy of monopolizing repair, hampering third-party repair vendors, and restricting consumer choice:

"In a video demonstrating the block, Michael Oberdick, owner of the independent iPhone repair shop iOutlet, swapped the front displays (and home buttons) of two iPhone 7 devices. When swapped, the phone displays an error message that says "The Home Button May Need Service." Its functionality is disabled and "Assistive Touch" automatically pops up on the device, creating an onscreen, software-based home button."

This is, Oberdick argues, little more than a vindictive, anti-consumer move on the part of Apple:

"Not supporting that menu function makes no sense," Justin Carroll, owner of FruitFixed, an independent iPhone repair shop, told me. "Just a sad and petulant move on their part that will directly affect consumers especially after their one year manufacturer warranty is up."...This may sound like an esoteric issue, and to some extent it is—screen replacements can still be done so long as the original home button is carefully removed and moved to the new screen. But software locks specifically designed to prevent repair are a monopolistic, anti-consumer move that attempts to "tie" an electronic to the manufacturer even after it's already been sold.

Whether coming from Apple, Sony, or Microsoft, opposition to "right to repair" bills usually focuses on the three (false) ideas: the bills will make users less safe, somehow "compromise" intellectual property, and open the door to cybersecurity theft. Apple will be sure to breathlessly insist that they're only making the iPhone 7's home button impossible to repair to protect consumer security, hoping you'll ignore the entire practice of such software locks simply allows the company to monopolize repair, drive up the cost of overall ownership for all of its customers, and make life harder for third-party repair vendors.

36 Comments | Leave a Comment..

Posted on Techdirt - 19 April 2017 @ 6:28am

Comcast Belatedly 'Introduces' Faster Broadband To City It Sued To Keep From Doing The Same Thing Years Ago. It Didn't Go Well

from the reap-what-you-sow dept

Back in 2008, Comcast sued the city of Chattanooga shortly after the city-owned utility (Electric Power Board, or EPB) announced plans to deliver the kind of cheap, ultra-fast broadband Comcast long refused to. After being saddled with legal expenses, EPB ultimately won that lawsuit, and in 2010 began offering ultra-fast fiber broadband. But it wasn't long before the community-owned broadband network ran into another obstacle: a Tennessee state protectionist law -- quite literally written by AT&T and Comcast -- that hamstrung the operation and prohibited it from expanding.

Fast forward nearly a decade, and EPB now offers symmetrical gigabit connections for around $70 a month -- at least to the parts of Chattanooga ISP lobbyists have allowed it to. A 2016 survey by Consumer Reports ranked EPB, outside of Google Fiber, as the only ISP with a truly positive consumer satisfaction rating among the 30 national ISPs ranked by the magazine. Chattanooga's Mayor, meanwhile, has cited EPB as a major contributor to the city's reinvention.

Facing this weird new phenomenon known as competition, Comcast this year finally broke down and brought its own gigabit offering (technically 1 Gbps down, 35 Mbps up) to the city. But Comcast being Comcast, it simply couldn't help but saddle the offering with a number of restrictions. Specifically, Comcast's offering the gigabit option to Chattanooga residents for $70 a month -- but only if they're willing to sign a three year contract. If users refuse -- the price of the service not only is jacked to $140 per month -- but you'll face usage caps and overage fees -- which are only avoidable if you sign the absurdly long contract.

Hoping to get Chattanooga residents excited about the new option when it finally arrived a few weeks ago, Comcast posted an announcement to Facebook "introducing" the city to gigabit broadband service. It didn't go well. The company began taking an absolutely ferocious beating from area locals tired of Comcast's high prices and legendarily-bad customer service:

Take note of the automated Comcast "support" representative that appears to believe they're "helping" without any understanding of the context of the concerns. The beating proceeds like this for an amazingly long time, consistently citing slow speeds, high prices and poor service:

You may notice a consistent theme or two brought up by Chattanooga locals. The beating was so severe it made the Chattanooga Times Free Press, via which Comcast tried to claim that the response to the company's quickly-backfiring ad campaign was a "misunderstanding":

Comcast says the ongoing backlash is the result of a misunderstanding. The cable giant says that it didn't mean to imply it was rolling out the city's first gigabit service. Rather, it was introducing Xfinity's first gigabit service for residential customers.

"Comcast's recent advertisement on Facebook was intended to remind customers in Chattanooga that our 1-gigabit internet service is now available in their area," said Alex Horwitz, vice president for public relations at Comcast. "The service is offered via cable modem technology, which makes Chattanooga one of the first markets in the nation to enjoy this new service."

There's no misunderstanding. Chattanooga locals understand all too well that Comcast has thrown millions at lawmakers on both the local and state level to try and stifle competition, then expected locals to be awed when the company belatedly introduced its own, inferior and restriction-laden product -- nearly a decade later. There's a reason that Tennessee remains one of the least connected states in the union (pdf), and it has absolutely everything to do with Comcast being an anti-competitive bully with a near-total stranglehold over the state legislature and politicians like Marsha Blackburn.

Tennessee isn't alone in spending the majority of its time bending over backwards to please the country's biggest broadband incumbents to its own, obvious detriment. And more restrictive state laws are being passed all the time. And instead of fixing this corruption on the state or federal level, we're now looking at axing consumer privacy protections and killing net neutrality. Because, you know, that's certain to deliver the kind of broadband Utopia Chattanooga and countless other U.S. markets have been begging for over the last decade.

50 Comments | Leave a Comment..

Posted on Techdirt - 18 April 2017 @ 11:48am

New 'Perceptual' Ad Blocking Tech Doesn't Win The Ad Blocking War, But It May Put Advertisers On Their Heels... Permanently

from the the-mole-finally-got-whacked dept

We've long documented how there's a growing array of websites that seem intent on shooting themselves in the foot when it comes to "defeating" ad blocking. Quite often that includes punishing customers for a website's own misdeeds, or using ham-fisted (and frankly often broken) systems that attempt to block the ad blockers. Of course, this tends to obfuscate why these users are using blockers in the first place, whether it's to keep ads from eating their broadband usage allotments, or simply as an attempt to protect themselves from "ads" that are often indistinguishable from malware.

The bottom line is that thanks to aggressive, poorly designed or downright hostile ads, many consumers quite justly now feel that ad blockers are an essential part of their privacy and security. Here at Techdirt, we long ago decided to let our visitors decide what their ad experience looks like, letting visitors disable ads entirely if that's they're preference (we just, of course, hope they'll try to support us in other ways). Elsewhere though, websites are engaged in what feels like a futile game of Whac-a-Mole that seems increasingly obvious (to some) won't be "winnable."

New developments on the ad block front seem to indicate this game of Whac-a-Mole may soon end up with the mole being -- well -- most decidedly whacked.

Princeton and Stanford researchers say they've developed a new method of blocking advertisements that detects ads the same way human beings do -- by simply looking at things like container sizes, graphical layout, and words like "Sponsored" (usually mandated by regulations or voluntary, cross-industry commitments). Computer scientist Arvind Narayanan and his colleagues have published a new paper (pdf) and proof-of-concept code for something they're calling a Perceptual Ad Blocker. Their paper describes the new technology as such:

"Perceptual ad blocking seeks to improve resilience against ad obfuscation and minimize manual effort needed to create ad blockers. We rely on the key insight that ads are legally required to be clearly recognizable by humans. To make the method robust, we deliberately ignore all signals invisible to humans, including URLs and markup. Instead we consider visual and behavioral information. For example, an ad may include the tex "Sponsored" or 'Close Ad" within its boundaries, either directly or when hovered over. We expect perceptual ad blocking to be less prone to an "arms race."

Over at Freedom to Tinker, Narayanan is quick to point out that this new technology isn't "undefeatable" (as some websites quickly suggested), but it does certainly tilt the ad block battlefield in favor of the end user. He notes that the technology was developed in response to Facebook's decision to integrate ads that look like regular posts in the user's news feed, something systems like AdBlock haven't been able to detect (some smaller blockers like uBlock Origin have been able to, but apparently have such a small market share they've yet to get Facebook's attention).

The other ad blocking obstacle that Narayanan's perceptual ad blocker addresses is the growing numbers of websites that believe they've "solved" the problem by blocking users that block ad blockers. In short, it does this by convincing the web browser to effectively lie to any script trying to determine ad blocker use:

"The second prong of an ad blocking strategy is to deal with websites that try to detect (and in turn block) ad blockers. To do this, we introduce the idea of stealth. The only way that a script on a web page can “see” what’s drawn on the screen is to ask the user’s browser to describe it. But ad blocking extensions can control the browser! Not perfectly, but well enough to get the browser to convincingly lie to the web page script about the very existence of the ad blocker. Our proof-of-concept stealthy ad blocker successfully blocked ads and hid its existence on all 50 websites we looked at that are known to deploy anti-adblocking scripts. Finally, we have also investigated ways to detect and block the ad blocking detection scripts themselves. We found that this is feasible but cumbersome; at any rate, it is unnecessary as long as stealthy ad blocking is successful.

The researchers have developed both a standard and Facebook specific Chrome extension that you can try yourself, and they have no problem with identifying these types of integrated ads:

The researchers have yet to enable the actual blocking component of their ad blockers to, they say, "avoid taking sides on the ethics of ad blocking."

Now you'd like to think that should perceptual ad blocking be as effective as they're claiming, websites and advertisers would be forced to do some soul-searching into why users are flocking to ad blockers in the first place. But most of us know many of these websites won't learn a damn thing in this scenario, and may engage in behavior that forces users to somehow interact with the ads if they want the page to load. Narayanan is quick to point out that this -- like ad block blockers already have -- could only drive users away from these websites even faster:

"If publishers are willing to intrude on users’ attention by making them interact with ads, it does seem unlikely that ad blockers can succeed. But that will also drive away many users, and it’s not clear how many publishers would be willing to make that trade off. Sponsored content / native advertising is again a topic where the law has something to say. These need to be identified clearly as sponsored (and for the most part they are). We’ve found that people aren’t good at noticing these disclosures, but browser extensions can be! Ad blockers could take on the role of prominently alerting readers when a link they’re about to click on is in fact sponsored content."

If perceptual ad blockers are half as successful as the researchers claim they can be, many sites and advertisers have two options. One is to finally take serious stock of why ad block use has skyrocketed (and their own culpability for it) and develop more consumer-centric and creative monetization and advertising efforts. The other is to cry more, double down on blaming visitors for their adaptation failures, design systems that break the internet and annoy site visitors even further, or try to use the law to hamstring the use of ad blockers (an uphill climb, and in some places potentially a two-way street).

If stopping ad blockers truly is a fool's errand (and these researchers strongly believe it is), there's really only one choice that makes any real sense.

43 Comments | Leave a Comment..

Posted on Techdirt - 18 April 2017 @ 6:27am

German Consumers Face $26,500 Fine If They Don't Destroy Poorly-Secured 'Smart' Doll

from the internet-of-broken-things dept

We've noted repeatedly how modern toys aren't immune to the security and privacy dysfunction the internet-of-broken-things has become famous for. A new WiFi-enabled Barbie, for example, has come under fire for trivial security that lets the toy be modified for use as a surveillance tool. We've also increasingly noted how the data these toys collect isn't secured particularly well either, as made evident by the Vtech incident, where hackers obtained the names, email addresses, passwords, and home addresses of 4,833,678 parents, and the first names, genders and birthdays of more than 200,000 kids.

Last fall a lawsuit was filed against Genesis Toys, maker of the My Friend Cayla doll and the i-Que Intelligent Robot. The lawsuit accuses the company of violating COPPA (the Childrens' Online Privacy Protection Act of 1998) by failing to adequately inform parents that their kids' conversations and personal data collected by the toys are being shipped off to servers and third-party companies for analysis. A report by the Norwegian Consumer Council (pdf) also found that a lot of the data being transmitted by these toys is done so via vanilla, unencrypted HTTP connections that could be subject to man-in-the-middle attacks.

In Germany, where surveillance fears run a little deeper for obvious reasons, regulators last February went so far as to urge German parents to destroy the My Friend Cayla doll, highlighting that hackers can use an unsecure bluetooth device embedded in the toy to listen to and to talk to the child playing with it. Since then, Germany's Federal Network Agency has clarified its position further. It's not only banning the sale, purchase, and ownership of the toy, but it's warning families that they face fines up to $26,500 if they don't comply with demands that the toy be destroyed:

"The agency has now laid out just how parents are to destroy the doll. Parents are asked to fill out a destruction certificate that must be signed by a waste-management company and sent back to the agency for proof. While the agency says it has no plans to take action against those who don’t destroy the doll, it certainly could. Under German telecommunication laws, those who don’t comply with Federal Network Agency directives could face a fine up to $26,500 and two years in prison.

How very...thorough. One mother, amusingly, felt bad destroying the doll -- so she came up with a novel solution:

"One mother tells the WSJ that she was surprised to have had the doll sitting in her daughter’s room for two years. She says she was hesitant to actually destroy the doll, so instead she donated it to the German Spy Museum Berlin."

Germany's decision is certainly unnecessarily excessive, but it's a step up from the outright apathy on many fronts to the problems raised by connecting everything to the internet without prioritizing security and privacy. Researchers continue to argue that the IOT is creating thousands of new attack vectors into every home and business on the planet every day. Given the rise in the use of IOT devices in record-setting DDoS attacks, it's only a matter of time before these devices contribute to an attack on essential infrastructure, potentially at the cost of human lives.

It's obviously not their intent, but these devices continue to function as advertisements for the "dumb" technologies of yesterday. At least until parents collectively realize that Barbie and Ken need a better firewall.

48 Comments | Leave a Comment..

Posted on Net Neutrality Special Edition - 14 April 2017 @ 6:23am

Don't Wait For Google, Netflix Or Facebook's Help If You Want To Save Net Neutrality

from the wake-up-and-smell-the-monopoly dept

So if you've not been paying attention, broadband ISPs (with help from new FCC boss Ajit Pai) are slowly but surely working to eliminate oversight of one of the least-competitive sectors in American industry. It began with Pai killing off a number of FCC efforts piecemeal, including plans to beef up cable box competition, investigate zero rating, and FCC attempts to stop prison telco monopolies from ripping off inmate families. From there, Congress used the Congressional Review Act to kill FCC privacy protections for broadband consumers. Next up: reversing the FCC's 2015 Title II reclassification and gutting net neutrality.

Between this, cable's growing monopoly over broadband (including the rise in usage caps), the sunsetting of Comcast NBC merger conditions and a looming wave of new megamergers and sector consolidation, you should begin to notice there's a bit of a perfect storm brewing on the horizon when it comes to broadband and media competition, anti-competitive behavior, and oversight -- one that's not going to be particularly enjoyable for broadband consumers, or the numerous companies that compete and/or do business with the likes of AT&T, Comcast and Verizon.

To that end, most of the internet industry's heaviest hitters -- including Reddit, Google, Amazon, and Netflix -- under the umbrella of the Internet Association (IA) -- met with the FCC this week to urge Ajit Pai to keep the existing net neutrality rules in place. At the meeting, IA CEO Michael Beckerman and General Counsel Abigail Slater argued that things are working well with the rules in place, and that the long-standing industry claim that net neutrality hurt broadband investment is a canard:

"IA continues its vigorous support of the FCC’s OI [Open Internet] Order, which is a vital component of the free and open Internet," Beckerman wrote in an ex parte filing that summarized the meeting. "The Internet industry is uniform in its belief that net neutrality preserves the consumer experience, competition, and innovation online. In other words, existing net neutrality rules should be enforced and kept intact. The OI Order is working well and has been upheld by a DC Circuit panel. Further, IA preliminary economic research suggests that the OI Order did not have a negative impact on broadband Internet access service (BIAS) investment."

Unfortunately, the plea is likely to fall on deaf ears. Pai has made it abundantly clear he doesn't think that broadband competition, rampant consolidation, or net neutrality are real problems -- whatsoever. In fact, when Pai has spoken on net neutrality, he's gone to rather comic lengths to try and claim that content companies like Netflix are the real villains, while downplaying any and all anti-competitive ISP behavior. At one point, Pai actually went so far as to claim that the fact that Netflix ran a CDN was proof positive that Netflix was the real threat to the internet.

The second major problem here is that while companies like Netflix, Google and Facebook are gently lobbying against the FCC's plan via the IA, independently they've been less active than ever in protecting net neutrality. Like Amazon and many other tech giants, Facebook has never really been particularly vocal on net neutrality -- and in places like India they've consistently undermined the entire concept. Google has, contrary to public perception, also been arguably absent from the conversation since around 2010 when it began getting into fixed (Google Fiber) and wireless (Android, Project Fi) services. And as Netflix has grown more powerful, it's been notably less vocal on the subject as well.

Yes, these companies may still remain quietly active behind the scenes, but if you're hoping they come to the rescue in the same vocal way they did in the early days of the net neutrality feud, it's likely you're going to be disappointed. And with potentially less corporate firepower backing up their flanks, net neutrality supporters are going to have a steeper uphill climb this go round.

That brings us to the third major problem we're facing: the onus to save net neutrality this time is going to fall largely on the shoulders of consumers, small companies, and the startup community. But many of them, bored after a decade of often hyperbolic debate, were happily under the impression that once we had net neutrality rules -- the fight was over. Many still don't understand that net neutrality is a fight that never really ends. Net neutrality (the symptom) certainly isn't getting better until you shore up broadband competition (the disease) -- and there's exactly zero indication that's happening anytime soon.

That's not to say net neutrality can't be saved as the fight heats up over the next few months. But unless heavy hitters like Netflix and Google ramp up their opposition, and smaller companies and consumers shake off their apathy and begin waking up to the stage play currently underway in Congress and at the FCC, we're going to enter a new "golden era" of Comcast, AT&T, and Verizon cross-industry dominance that will make the media and internet issues of the last decade seem arguably quaint.

27 Comments | Leave a Comment..

Posted on Techdirt - 13 April 2017 @ 10:48am

Tennessee Gives AT&T, Comcast Millions In New Taxpayer Subsidies, Yet Banned A City-Owned ISP From Expanding Broadband Without Taxpayer Aid

from the dysfunction-junction dept

If you want to understand what's wrong with the American broadband industry, you need look no further than Tennessee. The state is consistently ranked as one of the least connected, least competitive broadband markets in the country, thanks in large part to Comcast and AT&T's stranglehold over politicians like Marsha Blackburn. Lawmakers like Blackburn have let Comcast and AT&T lobbyists quite literally write protectionist state laws for the better part of a decade with an unwavering, singular focus: protecting incumbent revenues from competition and market evolution.

The negative impact of this pay-to-play legislature is non-negotiable. One state-run study last year ranked Tennessee 40th in terms of overall broadband investment and availability (pdf), and found that 13% of households (or 834,545 Tennesseans) lack access to any high-speed broadband internet service whatsoever. The study found that the vast majority of Tennessee residents still get internet access through slower services like DSL, wireless or dial-up connections, either because that's all that's available, or because they couldn't afford faster options.

Like twenty other states, Tennessee long ago passed a state law hamstringing towns and cities looking to improve regional broadband networks. As a result, popular municipal broadband providers like Chattanooga's utility-run ISP, EPB, have been banned from expanding its up to 10 Gbps offerings into any more markets. Attempts to repeal the law earlier this year went nowhere after mammoth pressure from incumbent ISP lobbyists. When that didn't work, one lawmaker tried to pass a compromise bill that would have allowed EPB to expand into just one neighboring county.

That proposal was shot down as well, one of the dissenting votes being that of Rep. Patsy Hazlewood, a former AT&T executive.

Tennessee residents have increasingly seen through Tennessee's unwavering fealty to some of the most despised brands in America. Some annoyed state residents have gone so far as to spend their own money to wire the state glacially, hilltop by hilltop. In a feeble attempt to try and placate those tired of expensive, slow broadband, Tennessee lawmakers recently passed HB 0529 or the "Broadband Accessibility Act of 2017." The centerpiece of the bill: throwing $45 million in additional subsidies at ISPs, the majority of which will be enjoyed by AT&T.

Motherboard correctly points out that the state banned EPB from expanding service to those same users without any cost to taxpayers, but was willing to throw additional subsidies at two giant companies with a mixed track record on putting government subsidies to work:

"To be clear: EPB wanted to build out its gigabit fiber network to many of these same communities using money it has on hand or private loans at no cost to taxpayers. It would then charge individual residents for internet service. Instead, Tennessee taxpayers will give $45 million in tax breaks and grants to giant companies just to get basic infrastructure built. They will then get the opportunity to pay these companies more money for worse internet than they would have gotten under EPB's proposal.

"Tennessee taxpayers may subsidize AT&T to build DSL service to Chattanooga's neighbors rather than letting [EPB] expand its fiber to neighbors at no cost to taxpayers," Christopher Mitchell, director of the Community Broadband Networks initiative at the Institute for Local Self-Reliance said. "Tennessee will literally be paying AT&T to provide a service 1000 times slower than what Chattanooga could provide without subsidies."

Given the repeated billions that have been thrown at incumbents that then consistently find ways to wiggle out of the obligations, resistence to the "throw subsidies at giant ISPs with a long, documented history of anti-competitive behavior and hope that does the trick this time" model is understandable. Especially in a state like Tennessee, where holding giant companies accountable for misdirection of telecom funds has never been a priority.

Fortunately, this new bill does make it legal now for electric cooperatives to provide broadband internet access to some areas -- a concession to outraged locals and a small sign of progress. That said, these co-ops will still find themselves hamstrung by Tennessee's other, existing, protectionist laws, which impose all manner of reporting and financing restrictions on anybody not named AT&T or Comcast. Popular companies like EPB -- ranked recently by Consumer Reports as one of the best rated ISPs in the country -- still can't offer service outside of its traditional electric utility footprint under Tennessee state law.

It's ironic, in that ISP lobbyists and loyal lawmakers usually try to justify their state bans on community broadband by pretending they were solely interested in protecting state residents from additional taxpayer spending. Yet this is all pretense to justify protecting large incumbent broadband duopolists from having to actually compete. One lawmaker that's actually trying to eliminate the state's restrictions on community broadband perhaps put it more succinctly:

"What we have right now is not the free market, it's regulations protecting giant corporations, which is the exact definition of crony capitalism."

And yet Tennessee's Marsha Blackburn has been consistently and generously rewarded for the kind of "crony capitalism" she's relentlessly advocated for on the state level. She recently was tagged to replace Greg Walden as the head of the House Energy and Commerce Committee's Subcommittee on Communications and Technology. Since that committee tackles most of the pressing internet-related issues, you can expect Tennessee's particular brand of AT&T and Comcast earlobe nibbling to manifest even more strongly on the federal level moving forward.

23 Comments | Leave a Comment..

Posted on Net Neutrality Special Edition - 13 April 2017 @ 6:27am

FTC Commissioner: If The FCC Kills Net Neutrality, Don't Expect Our Help

from the Comcast-gets-what-Comcast-wants dept

So we've been talking a lot about new FCC boss Ajit Pai and his plan to not only kill net neutrality, but eliminate FCC oversight of broadband providers almost entirely. Reports recently surfaced indicating Pai has been busy meeting with large ISPs behind closed doors to replace hard net neutrality rules with "voluntary commitments" from ISPs (insert laugh track). This won't cause any problems, Pai and ISP lobbyists have argued in perfect unison, because the FTC will rush in to protect broadband consumers -- and net neutrality -- in the wake of the FCC's dismantling.

We've already noted how this entire narrative is exquisitely-crafted bullshit.

The FTC doesn't have any real authority over broadband without Congress passing a new law, which ISP campaign contributions will ensure won't be happening. And thanks to some lovely tap dancing by AT&T lawyers (looking to help the company dodge accountability for lying about throttling), a recent court ruling declared that broadband ISPs are largely immune to FTC oversight courtesy of common carrier exemptions. Former FCC staffer Gigi Sohn drove that point home this week in a piece over at The Verge:

"...Because of a recent decision from a Federal Appeals Court in California, the FTC can’t prohibit the vast majority of ISPs from sharing or selling your personal information at all. That decision says that if a company provides a common carrier service, the FTC cannot enforce its laws against any of its services, even if they are non-common carrier services like video or online news. So ISPs that also provide mobile or fixed telephone service — which is pretty much all of them — would be completely exempt from FTC oversight.

If people understand nothing else they should understand this: the goal here is virtually no real oversight of one of the least competitive, and most anti-competitive industries in America. But it's going to be sold as an improvement and a move toward "more efficient" regulation in an attempt to make killing net neutrality and eliminating regulatory oversight of Comcast sound reasonable.

Former FCC boss and one-time dingo Tom Wheeler had already stated Pai's entire argument is a "fraud," pointing out that ISP lobbyists want all consumer issues simply "lost in a morass" over at the already over-extened FTC. Current FTC Commissioner Terrell McSweeny this week effectively told Ars Technica the same thing, stating the FTC really isn't positioned to provide oversight of the broadband sector:

"We are a very hard-working agency but we’re not a very big agency," McSweeny said. "The FTC doesn't have a lot of expertise in network engineering. We're not the FCC in that regard." The FTC receives "millions of consumer complaints every year" across all industries under its jurisdiction, and "we can’t act on every single complaint."

Not only is the FTC too over-extended to provide real oversight of the likes of Comcast, Verizon and AT&T -- but McSweeny reiterates that ISPs can simply use the recent court ruling on common carrier exemptions to dodge oversight completely:

"In order to make sure that this isn’t just a no-cops-on-the-beat plan, the FTC Act would actually have to be amended by Congress to eliminate the common carrier exemption," McSweeny said.

And what, do you think, is the over-under for a campaign-contribution-soaked Congress actually doing that? There's a reason ISPs are spending millions in lobbying to roll back the FCC's Title II reclassification and shift broadband oversight back to the FTC -- and it's not to help the collective American public's complexion. Repeatedly throughout the article McSweeny makes it abundantly clear Pai's entire plan for "voluntary" net neutrality commitments is a joke, and trusting in the FTC to aid consumers in the wake of the looming neutering of FCC authority is a fool's errand:

"Moving from a clear ex ante rule around the open Internet and requirements that maintain an open Internet, and moving to this ex post enforcement kind of world is going to strongly tilt everything in favor of the incumbents," McSweeny said. "It will be harder potentially for innovators and edge providers to make sure that they are being treated fairly and in a nondiscriminatory way."

This narrative that killing net neutrality and Title II is no big deal because the FTC will rush in to save the day is a misleading canard, but you're going to see it start showing up literally everywhere over the next few months as ISPs fire up their think tanks, consultants, and other policy sockpuppets to support the push in the media.

If you're playing along at home, make sure you note how these folks will go to comic lengths to avoid addressing the elephant in the room (a lack of broadband competition). Also be sure to note how they intentionally avoid using the phrase "net neutrality" to avoid public backlash, instead focusing on the argument that FTC oversight is the one, true path toward glorious telecom Utopia (ignoring everything we already pointed out above).

It's clear the public is bored stiff with the net neutrality debate after a decade of often hyperbolic claims. But if large ISPs and those paid to love them succeed in gutting net neutrality, privacy, and FCC oversight of broadband carriers -- consumers, startups, many hardware vendors, smaller ISPs and content companies alike are collectively in for a very real, very bad time in relatively short order.

48 Comments | Leave a Comment..

Posted on Techdirt - 11 April 2017 @ 9:39am

70% Support Letting Cities Build Their Own Broadband Networks, So Why Are We Still Passing State Laws Banning It?

from the state-government-for-sale dept

For years we've noted how more than twenty states have passed laws -- often quite literally written by ISP lobbyists -- that prevent towns and cities from building their own broadband networks (either alone, or with a private partner). Even in instances where, as is often the case, the incumbent broadband provider refuses to upgrade them. ISP lobbyists (and the lawmakers that love them) usually try to defend these protectionist laws by first demonizing municipal broadband as some kind of vile socialist cabal, then pretending new state laws are necessary to protect local communities from themselves.

In reality, municipal broadband is an organic, grassroots reaction to broadband market failure. And buying laws that restrict local communities' rights to decide local infrastructure matters for themselves is little more than regulatory capture. Like net neutrality and privacy rights, municipal broadband actually has broad, bipartisan support -- and most municipal broadband networks are built in Conservative markets with local voter support. But by framing the issue in a partisan way (government run amok!), ISP lobbyists have been able to sow dissent and stall progress that could challenge their status quo.

A new survey of 4,000 consumers by the Pew Research Project once again drives that point home, highlighting that 70% of Americans support letting towns and cities build their own broadband networks -- if they're not getting decent service by the regional incumbent:

"A substantial majority of the public (70%) believes local governments should be able to build their own broadband networks if existing services in the area are either too expensive or not good enough, according to the survey, conducted March 13-27. Just 27% of U.S. adults say these so-called municipal broadband networks should not be allowed. (A number of state laws currently prevent cities from building their own high-speed networks, and several U.S. senators recently introduced a bill that would ban these restrictions.)"

That said, partisan lines are far more stark when it comes to support for subsidizing broadband to low-income areas:

"At the same time, fewer than half of Americans (44%) think the government should provide subsidies to help lower-income Americans pay for high-speed internet at home. A larger share (54%) says high-speed home internet service is affordable enough that nearly every household should be able to buy service on its own."

Partisan battle lines are also quite notable when it comes to asking consumers if they think broadband is essential versus just kind of important (in part because if you admit broadband is "essential," then you need to do something about it -- and that might cost taxpayer dollars):

"Republicans and Democrats tend to agree that broadband is important, but Democrats are more likely to say it is essential: 58% of Democrats and Democratic leaners describe broadband in this way, compared with 38% of Republicans and Republican leaners. A similar split is evident by race and ethnicity, with blacks (55%) and Hispanics (61%) more likely than whites (45%) to say that high-speed access at home is essential."

That dissent is certainly understandable, given how easy it has been for companies like Verizon to nab billions in tax breaks and subsidies for jobs half-completed. There's also a laundry list of states like West Virginia, where regional incumbents received millions in well-intentioned subsidies -- only to turn around and waste that money on projects that helped virtually nobody. While some skepticism is warranted, there are countless instances where broadband subsidies did precisely what they were designed to do -- without much (if any) fanfare.

But again, it's interesting how municipal broadband tends to smash through these well-worn partisan grooves many of us dig into the earth. In large part because if there's one thing that we can all agree on -- it's that companies like Comcast and AT&T kind of suck, and dealing with their utterly abysmal customer support is a unifying, albeit miserable, experience. So then, too, is sticking it to these giant, lumbering, apathetic, and uncompetitive sector giants, and building a local, more accountable network operator where the money -- and employment -- actually remains in the local community.

The problem usually winds up being how to pay for it. Consumers may support the idea of municipal broadband and want to protect their right to vote for or against it, but many don't want to pay for it. That's why we're seeing more public/private partnerships between cities and companies like Google or Tucows/Ting. The problem, again: state laws bought by large ISPs often ban or hamstring public/private partnerships as well to help keep local competition at bay.

Despite the broad support for municipal broadband, states continue to sell state telecom law to the highest bidder. AT&T convinced Missouri to pass a law earlier this year expanding restrictions on municipal broadband -- after the telco failed to bury a restricting provision into a state traffic bill. Virginia tried to similarly expand its ban on municipal broadband, but lawmakers there were forced to retreat after they took a notable beating from the press and public.

As we've long noted, one surefire way to prevent towns and cities from getting into the broadband business is to provide cheaper, better service. But it has long been significantly easier to just buy a state lawmaker and protectionist law to protect the dysfunctional status quo. And like so many issues facing America, until we at least marginally address money's influence on politics -- and/or drive a higher turnout during state elections, little if any of this is going to change.

24 Comments | Leave a Comment..

Posted on Techdirt - 10 April 2017 @ 11:44am

Hackers Set Off Dallas' 156 Warning Sirens Dozens Of Times

from the not-everything-should-be-connected-to-the-internet dept

So we've talked repeatedly how the shoddy security in most "internet of things" devices has resulted in increasingly-vulnerable home networks, as consumers rush to connect not-so-smart fridges, TVs and tea kettles to the home network. But this failure extends well beyond the home, since these devices have also resulted in historically-large DDoS attacks as this hardware is compromised and integrated into existing botnets (often in just a matter of minutes after being connected to the internet).

Whether it's the ease in which a decidedly-clumsy ransomware attacker was able to shut down San Francisco's mass transit system, or the fact that many city-connected devices like speed cameras often feature paper mache security, you can start to see why some security experts are worried that there's a dumpster fire brewing that will, sooner rather than later, result in core infrastructure being compromised and, potentially, mass fatalities. If you ask security experts like Bruce Schneier, this isn't a matter of if -- it's a matter of when.

In what should probably be seen as yet another warning shot across the bow: slightly before midnight in Dallas last Friday a hacker compromised the city's emergency warning systems and managed to set off the city's 156 warning sirens more than a dozen times. Needlessly to say, the scale of of the warning, and the number of sirens, led many people in Dallas to believe that the city had somehow been physically attacked in the middle of the night:

Dallas officials were forced to shut the system down around 1:20 am on Saturday, and despite informing the public to ignore the false alarms, a city that had already been having 911 issues the last few months found its 911 systems inundated with a massive influx of calls from concerned citizens:

"Even as the city asked residents not to dial 911 to ask about the sirens, more than 4,400 calls were received from 11:30 p.m. to 3 a.m. — twice the average number made between 11 p.m. and 7 a.m., Syed said. The largest surge came from midnight to 12:15 as about 800 incoming calls caused wait times to jump to six minutes, far above the city's goal to answer 90 percent of calls within 10 seconds.

The city is, frankly, fortunate that this didn't result in more problems than it did. City officials say they've identified how the attacker compromised the system, but won't be revealing technical details for obvious reasons (Update: it looks like the attacker used a radio signal attack on city gear to repeatedly set off the sirens). Over at his Facebook page, Dallas Mayor Mike Rawlings was quick to highlight how the attack made it clear the city needs to spend significantly more money on its technology infrastructure:

"This is yet another serious example of the need for us to upgrade and better safeguard our city’s technology infrastructure. It’s a costly proposition, which is why every dollar of taxpayer money must be spent with critical needs such as this in mind. Making the necessary improvements is imperative for the safety of our citizens."

Of course while older, out-dated systems are certainly a problem, rushing to throw money at companies promising the "connected city of tomorrow in a box" isn't a panacea, either. While it likely had nothing to do with the recent hack, AT&T has been advertising Dallas as the centerpiece of its "IOT" ambitions for the last few years, just one of countless companies rushing into the space in pursuit of new revenue and quarterly growth. The problem, again, is that many of these smart city solutions are from many of the same vendors for which security and privacy were an afterthought in the residential market.

So yes, most cities are in desperate need of a technology and security upgrade, yet often lack the budgets to do so. You just hope that when these upgrades actually occur, they aren't sabotaged by the same superficial concern for privacy and security already plaguing the connected home market.

25 Comments | Leave a Comment..

Posted on Net Neutrality Special Edition - 10 April 2017 @ 9:37am

FCC Boss Wants 'Voluntary' ISP Net Neutrality Promises Instead Of Real Rules

from the Comcast-pinky-swear dept

Surprising nobody, FCC boss Ajit Pai has been privately meeting with large broadband providers, informing them he'll be taking an axe to net neutrality protections soon. What exactly this will look like isn't yet clear, especially given the massive support for the rules, and the fact that Pai can't just roll back net neutrality (and the FCC's Title II reclassification) without justifying it to the courts. But anonymous sources tell Reuters that Pai seemingly wants to replace real net neutrality protections with voluntary commitments from companies like AT&T, Verizon and Comcast:

Pai wants to overturn that reclassification, but wants internet providers to voluntarily agree to not obstruct or slow consumer access to web content, two officials said late Tuesday.

The officials briefed on the meeting said Pai suggested companies commit in writing to open internet principles and including them in their terms of service, which would make them binding.

It is unclear if regulators could legally compel internet providers to adopt open internet principles without existing net neutrality rules.

Asking growing, giant corporations with a generation of documented anti-competitive behavior under their belts to just behave is utterly adorable, and anyone who believes that's a winning strategy for consumers, startups and competitors in the Comcast era is either obtuse or being intentionally misleading.

Contrary to the bedtime stories that dollar-per-hollar ISP think tankers, lobbyists and consultants tell their children, gutting regulatory oversight of an uncompetitive market doesn't magically forge telecom Utopia. With neither competition nor functional regulatory oversight, the problems that plague the broadband industry (privacy violations, net neutrality infractions, high prices and usage caps, legendarily-bad customer service) only get worse, especially given the often absurd amount of telecom regulatory capture occurring on the state level.

And while Reuters is quick to strangely proclaim that such voluntary conditions would be "binding," most of us realize that the overlong privacy policies you sign when you buy broadband are designed almost entirely to legally protect the ISP, not you. These policies are flexibly and frequently updated and reconfigured all of the damn time to the benefit of the ISP and whatever new data collection effort they're up to this week. That these shifting, vague, ISP-written policies are the equivalent of the existing rules is a farce, as rightly pointed out by Nilay Patel over at The Verge:

"So what’s to stop Comcast from making this deal today, and then changing its terms a year from now? (It’s certainly not the presence of meaningful access competition in the marketplace!) How will the FTC track every single ISP’s terms of service language, the differences between them, and enforce any sort of consistent, reasonable policy?

Second, let’s say Pai manages to thread the needle and gets every ISP in the country to agree on the exact same open internet language in their terms of service, and further secures a commitment that the language will remain in their terms in perpetuity. Isn’t that functionally identical to... a law? Shouldn’t we just have... a law? And don’t we already have that law? What specifically is Pai trying to accomplish if he agrees that open internet principles are important?"

Let's be clear: Ajit Pai doesn't actually believe that net neutrality is important, whether that's manifest in principles, rules, or show tune. Pai doesn't believe net neutrality or a lack of competition are real problems. Nor does he believe in functional regulatory oversight of some of the largest and most anti-competitive companies in American industry. Pai, a former Verizon lawyer, believes in one thing: maximizing large ISP revenues at nearly any cost. Everything else is pretense (albeit a pretense many in the public, media and policy circles are exceptionally good at playing along with).

Pai, apparently blind to the perils of political overreach, could find himself in an untenable situation. One, reversing net neutrality will cause a policy and activist backlash that could make the SOPA uprising look like a game of grade-school patty cake. Especially given the extreme unpopularity of the recent privacy rule repeal. Two, to reverse the FCC's title II classification via FCC proceeding requires he show a court that things have changed substantially since last year's fairly overwhelming FCC appeals court victory. Since he won't be able to, expect some form of misdirection when the plan is finally revealed in either May or June.

It still seems very likely Pai may be planning to make a public stink about repealing the rules as part of a stage play. One where the FCC boss intentionally stirs the pot and plays the bad cop, and ISP-allies in Congress push a new bill pretending to save net neutrality as good cop via "compromise." And while such a bill would, like Thune's similar proposal in 2015, pay ample lip service to net neutrality (the Make American Broadband Great Again Act of 2017?), the end goal would still be to kill real rules and reduce large ISP regulatory oversight, consumer welfare and internet health be damned.

Anybody who has spent more than five minutes dealing with a large ISP should be well aware of the dangers this looming farce presents. On the plus side, since ISPs and Pai have repeatedly claimed that the net neutrality rules stifled broadband investment, Pai's decision to replace the rules with the policy equivalent of wet cardboard should at least net us all gigabit fiber connections in short order. Right? Right?

22 Comments | Leave a Comment..

Posted on Techdirt - 7 April 2017 @ 6:28am

Researcher: 90% Of 'Smart' TVs Can Be Compromised Remotely

from the internet-of-very-broken-things dept

So we've noted for some time how "smart" TVs, like most internet of things devices, have exposed countless users' privacy courtesy of some decidedly stupid privacy and security practices. Several times now smart TV manufacturers have been caught storing and transmitting personal user data unencrypted over the internet (including in some instances living room conversations). And in some instances, consumers are forced to eliminate useful features unless they agree to have their viewing and other data collected, stored and monetized via these incredible "advancements" in television technology.

As recent Wikileaks data revealed, the lack of security and privacy standards in this space has proven to be a field day for hackers and intelligence agencies alike.

And new data suggests that these televisions are even more susceptible to attack than previously thought. While the recent Samsung Smart TV vulnerabilities exposed by Wikileaks (aka Weeping Angel) required an in-person delivery of a malicious payload via USB drive, more distant, remote attacks are unsurprisingly also a problem. Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, recently revealed that around 90% of smart televisions are vulnerable to a remote attack using rogue DVB-T (Digital Video Broadcasting - Terrestrial) signals.

This attack leans heavily on Hybrid Broadcast Broadband TV (HbbTV), an industry standard supported by most cable companies and set top manufacturers that helps integrate classic broadcast, IPTV, and broadband delivery systems. Using $50-$150 DVB-T transmitter equipment, an attacker can use this standard to exploit smart dumb television sets on a pretty intimidating scale, argues Scheel:

"By design, any nearby TV will connect to the stronger signal. Since cable providers send their signals from tens or hundreds of miles away, attacks using rogue DVB-T signals could be mounted on nearby houses, a neighborhood, or small city. Furthermore, an attack could be carried out by mounting the DVB-T transmitter on a drone, targeting a specific room in a building, or flying over an entire city."

Scheel says he has developed two exploits that, when loaded in the TV's built-in browser, execute malicious code, and provide root access. Once compromised, these devices can be used for everything from DDoS attacks to surveillance. And because these devices are never really designed with consumer-friendly transparency in mind, users never have much of an understanding of what kind of traffic the television is sending and receiving, preventing them from noticing the device is compromised.

Scheel also notes that the uniformity of smart TV OS design (uniformly bad, notes a completely different researcher this week) and the lack of timely updates mean crafting exploits for multiple sets is relatively easy, and firmware updates can often take months or years to arrive. Oh, and did we mention these attacks are largely untraceable?:

"But the best feature of his attack, which makes his discovery extremely dangerous, is the fact that DVB-T, the transmission method for HbbTV commands, is a uni-directional signal, meaning data flows from the attacker to the victim only. This makes the attack traceable only if the attacker is caught transmitting the rogue HbbTV signal in real-time. According to Scheel, an attacker can activate his HbbTV transmitter for one minute, deliver the exploit, and then shut it off for good."

So yeah, that internet of broken things security we've spent the last few years mercilessly making fun of? It's significantly worse than anybody imagined.

33 Comments | Leave a Comment..

Posted on Techdirt - 6 April 2017 @ 6:30am

FCC Kills Charter Merger Condition That Would Have Forced ISPs To Compete

from the let's-ignore-the-obvious dept

While FCC boss Ajit Pai has repeatedly claimed his top priority while running the FCC is eliminating the digital divide, his behavior in just the first few months of his term has made that claim utterly and indisuptably laughable. It doesn't take a sociology degree to realize that Pai's recent decisions to protect prison phone monopolies, protect the cable box monopoly, undermine efforts to bring broadband to the poor and dismantle net neutrality solely help one particular constituency: the telecom sector's biggest, wealthiest, and most powerful providers.

And while repealing a previous FCC's policies isn't entirely new or unexpected (especially from somebody with Pai's extremely mono/duopoly friendly voting record), Pai has been pushing his purview even further. Last week the FCC boss announced that he'd even begun stripping away at the conditions attached to Charter's $79 billion acquisition of Time Warner Cable and Bright House Networks.

While the FCC has a history of relatively toothless merger conditions (often proposed by the companies themselves), Wheeler's FCC went a little further with Charter -- not only banning the company from imposing usage caps and overage fees for seven years, but requiring that Charter continue adhering to FCC net neutrality rules -- even if those rules are killed (something Pai has repeatedly promised to do). But the FCC also mandated that Charter Communications expand its broadband footprint to two million additional locations -- one million of which needed to be in areas already served by cable competitors.

Former FCC boss Tom Wheeler had argued that this "overbuild" condition would specifically impose added competition on those regions, "bringing innovation and new choices for consumers, and demonstrate the viability of one broadband provider overbuilding another." But small and large cable company lobbyists had spent months lobbying to have all of the conditions killed, going so far as to threaten to freeze broadband investment if the conditions weren't eliminated (you know you're in a non-competitive market when you labor under the illusion that you get to choose when to compete).

Quickly rushing to the aid of these companies before they faced the dreaded specter of additional competition, Pai's office announced that the agency would be retroactively killing the overbuild condition. This was, Pai insisted in an FCC statement, yet another shining example of the FCC boss's relentless dedication to helping "the public interest":

"My top priority is making sure that any American who wants high-speed Internet access is able to get it. Today, we take another step toward achieving that goal.

Last year, Charter Communications agreed to build broadband out to two million new customers as part of its merger with Time Warner Cable and Bright House Networks. Unfortunately, the FCC appended an “overbuild” condition to the order, requiring that half of those new locations be already served by another provider. Since these one million overbuilt deployments would be credited against the total, it would substantially reduce buildout to unserved areas. This is like telling two people you will buy them dinner, ordering two entrées, and then sending both to just one of your companions.

This condition was not and is not in the public interest, and it runs directly against the goal of promoting greater Internet access for all Americans.

So one, to believe Pai you'd have to ignore not only his entire voting record, but the fact that he just began dismantling an FCC program specifically designed to help bring broadband to the poor.

That said, people should also understand that large ISPs (and those that kneel in fealty to them) like to keep the focus on an ambiguous dedication to "closing the digital divide" because it ignores the real problem: high prices and limited competition. According to NTIA data, there are about 26 million households left in the U.S. that aren't connected to the internet. If you look closely at the breakdown of why these homes aren't connected, the top three reasons either involve these users not giving a damn about being connected, or not being able to afford connectivity due to cost:

Because these companies obviously don't want people focused on the lack of competition, you've perhaps noticed that Pai (and the large ISPs that adore him) avoid ever acknowledging that lack of competition -- and the resulting high prices -- are a problem. In fact, it's often comedic to watch how desperately many of these folks (including the lion's share of hired ISP policy mouthpieces and think tankers) try and avoid the subject. Instead, apparently, we get odd metaphors about dinner entrees that don't really make much coherent sense in context.

Of course, then, the overbuild condition was axed because it did the unspeakable: actually forced a handful of companies to compete. Granted this overall lack of competition is what lets these companies impose arbitrary and unnecessary usage caps and overage fees -- which are little more than glorified rate hikes. And cable lobbying groups like the NCTA have been lobbying the FCC to get rid of the conditions banning Charter caps as well (pdf).

All told, much like the man that appointed him, FCC boss Ajit Pai likes to try and obfuscate his almost mindless dedication to protecting large legacy companies with an utterly phoney dedication to the downtrodden. The Charter merger, approved under the Obama administration, was admittedly a bad deal that has already resulted in higher prices and even worse customer service for impacted customers. But eliminating these conditions only serves to make an already bad deal, even worse. And the pretense that it's being done out of a love of America's downtrodden only adds insult to injury.

20 Comments | Leave a Comment..

Posted on Techdirt - 5 April 2017 @ 11:46am

FCC, FTC Bosses Pen Misleading Editorial Falsely Claiming The Best Way To Protect Your Privacy Moving Forward... Is To Gut Net Neutrality

from the you're-not-helping dept

As they've long made clear, Trump, FCC boss Ajit Pai, and other net neutrality opponents have every intention of killing net neutrality rules. Of course, given the huge, bipartisan consumer popularity of net neutrality, these folks can't just come out and say they're doing that, lest they incur the wrath of internet users and activists. As such, they've begun laying the groundwork for a misleading argument that attempts to make gutting oversight of the uncompetitive broadband industry -- and killing net neutrality -- sound almost pleasant.

The latest example of this came via an op-ed this week in the Washington Post, jointly written by FCC boss Ajit Pai and FTC boss Maureen Ohlhausen, entitled "No, Republicans didn't just strip away your Internet privacy rights." Of course they did, and there's not any real debate that this is what happened, but this being the post-truth era -- countless individuals labor under the illusion that facts are somehow negotiable. Amusingly, the editorial can't even make it a full sentence without being misleading (read: lying):

"April Fools’ Day came early last week, as professional lobbyists lit a wildfire of misinformation about Congress’s action — signed into law Monday by President Trump — to nullify the Federal Communications Commission’s broadband privacy rules. So as the nation’s chief communications regulator and the nation’s chief privacy enforcer, we want to let the American people know what’s really going on and how we will ensure that consumers’ online privacy is protected."

Of course, 90% of the lobbying at play on this subject came via telecom industry giants like AT&T, Verizon and Comcast, who are spending millions of dollars to reduce oversight of one of the least competitive business segments in American industry. Even Google, one-time consumer-advocate, had lobbied in opposition to the rules (pdf). The mortal sin the rules committed was that they required that consumers opt in (the dirtiest word imaginable in advertising) to having their personal financial and browsing data collected and sold.

It's also worth reminding folks here that the lion's share of consumers, be they Democrat, Republican or Independent, supported the privacy protections and wanted Trump to veto what was seen, quite correctly and uniformly, as an embarrassing example of pay-to-play politics:

So yes, to begin, the only "misinformation" here is originating with Pai and Ohlhausen. The duo proceed to parrot large telecom companies in claiming that people are overreacting because ISPs don't really collect much data about them:

"Let’s set the record straight: First, despite hyperventilating headlines, Internet service providers have never planned to sell your individual browsing history to third parties. That’s simply not how online advertising works. And doing so would violate ISPs’ privacy promises.

Note the continued use of the phrase "individual" by ISPs and the policymakers kneeling in fealty to them. Yes, ISPs don't sell your "individual" browsing histories (yet), but they do collect wholesale clickstream data, DNS records, location data, redirected search entries and countless other metrics -- using a vast array of sophisticated deep packet inspection and other network gear. Some of this data is "anonymized" and sold and some isn't, but to suggest that ISP "privacy promises" (privacy policies written entirely to protect the ISP from legal liability) are some kind of magic protection for consumers is hysterically and patently false.

From there, the pair proceed to parrot the other key talking point ISPs have been pushing over the last year. Namely, that eliminating the FCC privacy rules isn't a big deal because the FTC will rush in to fill the oversight vacuum and protect consumer privacy:

"Second, Congress’s decision last week didn’t remove existing privacy protections; it simply cleared the way for us to work together to reinstate a rational and effective system for protecting consumer privacy. Both of us warned two years ago that the FCC’s party-line vote to strip the Federal Trade Commission of its jurisdiction over Internet broadband providers was a mistake that would weaken Americans’ online privacy."

That's again, patently false. The FCC stepped in only because ISPs were engaged in all manner of bad behavior and the FTC lacked the authority, motivation, or resources to do anything about it. This ranged from ISPs charging users hundreds of additional dollars a year to opt out of data collection, to covertly modifying user wireless packets to track users around the internet without telling anybody. The FCC's rules were specifically tailored to protect consumers from broadband providers that enjoy limited competition, and thereby limited repercussions for bad policy behaviors.

Those that want an open and healthy internet need to understand that this idea that the FTC provides effective oversight of broadband providers is patently false. ISPs aren't lobbying to shift broadband regulatory authority back from the FCC to the FTC because it's fun. They're spending millions of dollars in lobbying to ensure they see less regulatory oversight than ever before. That this return to FTC authority is some kind of panacea is a canard most recently debunked by former FCC boss Tom Wheeler in an interview with Susan Crawford:

"In the Trump administration, people are talking about stripping regulatory power from the FCC, and essentially taking the agency apart (including moving jurisdiction over internet access to the Federal Trade Commission [FTC]). “Modernizing” the FCC is the lingo being used. What’s your thought about that?

It’s a fraud. The FTC doesn’t have rule-making authority. They’ve got enforcement authority and their enforcement authority is whether or not something is unfair or deceptive. And the FTC has to worry about everything from computer chips to bleach labeling. Of course, carriers want [telecom issues] to get lost in that morass. This was the strategy all along.

So it doesn’t surprise me that the Trump transition team — who were with the American Enterprise Institute and basically longtime supporters of this concept — comes in and says, “Oh, we oughta do away with this.” It makes no sense to get rid of an expert agency and to throw these issues to an agency with no rule-making power that has to compete with everything else that’s going on in the economy, and can only deal with unfair or deceptive practices.

Make no mistake: the goal is, again, less oversight of one of the least competitive, and most anti-competitive companies in America. Pai and Ohlhausen, as revolving door regulators are wont to do, go to comic lengths to try and pretend the broadband industry isn't a competitive mess:

"Others argue that ISPs should be treated differently because consumers face a unique lack of choice and competition in the broadband marketplace. But that claim doesn’t hold up to scrutiny either. For example, according to one industry analysis, Google dominates desktop search with an estimated 81 percent market share (and 96 percent of the mobile search market), whereas Verizon, the largest mobile broadband provider, holds only an estimated 35 percent of its market."

That's some lovely, cherry picked bullshit.

Most consumers lack the choice of more than one fixed-line broadband provider, and the looming wave of mergers and acquisitions (supported by both Pai and Ohlhausen) are likely to reduce competition even further. Again, you can choose to not use Gmail, Google search or Facebook. Most people have only one or two broadband providers to choose from, both of which are happily engaged in non-price competition with little to no incentive to behave. This lack of competition -- and the government's unwillingness to address this for fear of stifling AT&T, Comcast, Charter and Verizon campaign contributions -- is what triggered the entire net neutrality and privacy fracas to begin with.

Of course, there's something else the pair intentionally and comically avoid talking about in their treatise. And that's the fact that to gut FCC authority over broadband and shovel it back to an already-overburdened FTC, regulators need to roll back the Title II reclassification of ISPs as common carriers -- and by proxy the nation's net neutrality rules. Pai and Ohlhausen don't even utter the phrase "net neutrality" in their missive, knowing all-too-well that they'd be laughed out of town if they didn't try to hide their real objective under a parade of half-truths and prattle.

But make no mistake, this pretense that we need to shift broadband regulatory oversight back to the FTC because it provides a more "consistent regulatory environment" is a transparently self-serving, telecom industry-concocted canard -- and the opening salvo in what will be the death of net neutrality protections if we don't start paying closer attention.

24 Comments | Leave a Comment..

Posted on Techdirt - 5 April 2017 @ 9:31am

Garage Door Opener Company Bricks Customer Hardware After Negative Review

from the you're-really-not-helping dept

So if there's one thing we've probably repeated more than others around here, it's the idea that in the IoT and copyright maximalist era, you no longer truly own the things you think you own. It doesn't matter whether we're talking about video game consoles, software, smart home hubs, ebooks, DVDs or routers -- in the always-connected, copyright mad, instantly-upgradeable firmware age, companies are often quick to remove some or all functionality at a whim, leaving you with little more than a receipt and a dream of dumb technology days gone by.

But we've also noted repeatedly that part of this new paradigm involves companies using this capability to punish customers for poor reviews. This is, it should go without saying, an idiotic policy that almost always invokes the Streisand effect and makes the "problem" of a negative review significantly worse than if the company in question had done nothing at all.

Case in point: internet-connected garage opener Garadget, which is taking heat this week for bricking a customer's 'smart' garage door opener after the customer in question left a negative review on Amazon. Earlier this month, a Garadget user posted to the company's message board, complaining about problems with the iPhone app that controls the garage door opener:

Just installed and attempting to register a door when the app started doing this. Have uninstalled and reinstalled iphone app, powered phone off/on - wondering what kind of piece of shit I just purchased here...

Not really uncommon in the internet of broken things era. The user then followed that up with a one star review over at Amazon making the same complaints:

Junk - DO NOT WASTE YOUR MONEY - iPhone app is a piece of junk, crashes constantly, start-up company that obviously has not performed proper quality assurance tests on their products.

At this point the company had several options. They could have ignored the complaints, or perhaps done something crazy like use the input to make a better product. Instead, Garadget boss Denis Grisak apparently thought it would be a good idea to inform the user on the company's message boards that his product would no longer be allowed to access the Garadget servers:

Martin, The abusive language here and in your negative Amazon review, submitted minutes after experiencing a technical difficulty, only demonstrates your poor impulse control. I'm happy to provide the technical support to the customers on my Saturday night but I'm not going to tolerate any tantrums.

At this time your only option is return Garadget to Amazon for refund. Your unit ID 2f0036... will be denied server connection.

Yes, nothing teaches somebody a lesson about impulse control quite like -- exhibiting extremely poor impulse control. Only after the entire fracas went viral via the internet of shit Twitter account and over at Hacker News did Grisak begin to realize the error of his ways, posting a follow up forum statement indicating he was fully aware that the Streisand effect was in full bloom:

Ok, calm down everybody. Save your pitchforks and torches for your elected representatives. This only lack the death treats[sic] now.

The firing of the customer was never about the Amazon review, just wanted to distance from the toxic individual ASAP. Admittedly not a slickest PR move on my part. Note taken.

A quote from a random guy.

PS: Anybody has Streisand's phone number?

That's really a halfhearted apology, especially considering the "toxic" user had what appeared to be entirely legitimate complaints about app functionality. Perhaps the idea that "there's no such thing as bad press" is actually true, but it's just as likely that Grisak's overreaction ensured that countless potential customers -- worried that the product they buy would be arbitrarily nuked -- may look elsewhere for their next garage door opener.

70 Comments | Leave a Comment..

Posted on Techdirt - 5 April 2017 @ 6:24am

Comcast Paid Civil Rights Groups To Support Killing Broadband Privacy Rules

from the with-friends-like-these... dept

For years, one of the greasier lobbying and PR tactics by the telecom industry has been the use of minority groups to parrot awful policy positions. Historically, such groups are happy to take financing from a company like Comcast, in exchange for repeating whatever talking point memos are thrust in their general direction, even if the policy being supported may dramatically hurt their constituents. This strategy has played a starring role in supporting anti-consumer mega-mergers, killing attempts to make the cable box market more competitive, and efforts to eliminate net neutrality.

The goal is to provide an artificial wave of "support" for bad policies, used to then justify bad policy votes. And despite this being something the press has highlighted for the better part of several decades, the practice continues to work wonders. Hell, pretending to serve minority communities while effectively undermining them with bad internet policy is part of the reason Comcast now calls top lobbyist David Cohen the company's Chief Diversity Officer (something the folks at Comcast hate when I point it out, by the way).

Last week, we noted how Congress voted to kill relatively modest but necessary FCC privacy protections. You'd be hard pressed to find a single, financially-objective group or person that supports such a move. Even Donald Trump's most obnoxious supporters were relatively disgusted by the vote. Yet The Intercept notes that groups like the League of United Latin American Citizens and the OCA (Asian Pacific American Advocates) breathlessly urged the FCC to kill the rules, arguing that snoopvertising and data collection would be a great boon to low income families:

"The League of United Latin American Citizens and OCA – Asian Pacific American Advocates, two self-described civil rights organizations, told the FCC that “many consumers, especially households with limited incomes, appreciate receiving relevant advertising that is keyed to their interests and provides them with discounts on the products and services they use."

Of course, folks like Senator Ted Cruz then used this entirely-farmed support to insist there were "strenuous objections from throughout the internet community" at the creation of the rules, which simply wasn't true. Most people understood that the rules were a direct response to some reckless and irresponsible privacy practices at major ISPs -- ranging from charging consumers more to keep their data private, or using customer credit data to provide even worse customer support than they usually do. Yes, what consumer (minority or otherwise) doesn't want to pay significantly more money for absolutely no coherent reason?

It took only a little bit of digging for The Intercept to highlight what the real motivation for this support of anti-consumer policies was:

"OCA has long relied on telecom industry cash. Verizon and Comcast are listed as business advisory council members to OCA, and provide funding along with “corporate guidance to the organization.” Last year, both companies sponsored the OCA annual gala.

AT&T, Comcast, Time Warner Cable, Charter Communications and Verizon serve as part of the LULAC “corporate alliance,” providing “advice and assistance” to the group. Comcast gave $240,000 to LULAC between 2004 and 2012.

When a reporter asks these groups why they're supporting internet policies that run in stark contrast to their constituents, you'll usually be met with either breathless indignance at the idea that these groups are being used as marionettes, or no comment whatsoever (which was the case in the Intercept's latest report). This kind of co-opting still somehow doesn't get much attention in the technology press or policy circles, so it continues to work wonders. And it will continue to work wonders as the administration shifts its gaze from gutting privacy protections to killing net neutrality.

29 Comments | Leave a Comment..

Posted on Techdirt - 4 April 2017 @ 6:23am

AT&T, Comcast & Verizon Pretend They Didn't Just Pay Congress To Sell You Out On Privacy

from the trust-is-more-than-just-a-five-letter-word dept

Large ISPs like AT&T, Verizon and Comcast spent a significant part of Friday trying to convince the press and public that they didn't just screw consumers over on privacy (if you've been napping: they did). With the vote on killing FCC broadband privacy protections barely in the books, ISP lobbyists and lawyers penned a number of editorials and blog posts breathlessly professing their tireless dedication to privacy, and insisting that worries about the rules' repeal are little more than "misinformation."

All of these posts, in lock step, tried to effectively make three key arguments: that the FTC will rush in to protect consumers in the wake of the FCC rules being repealed (not happening), ISPs don't really collect much data on you anyway (patently untrue), and that ISPs' lengthy, existing privacy policies and history of consumer respect mean consumers have nothing to worry about (feel free to pause here and laugh).

For more than a decade, large ISPs have used deep-packet inspection, search engine redirection and clickstream data collection to build detailed user profiles, and their longstanding refusal to candidly talk about many of these programs should make their actual dedication to user privacy abundantly clear. Yet over at Comcast, Deputy General Counsel & Chief Privacy Officer Gerard Lewis spent some time complaining that consumer privacy concerns are little more than "misleading talk" and "misinformation and inaccurate statements":

"There has been a lot of misleading talk about how the congressional action this week to overturn the regulatory overreach of the prior FCC will now permit us to sell sensitive customer data without customers’ knowledge or consent. This is just not true. In fact, we have committed not to share our customers’ sensitive information (such as banking, children’s, and health information), unless we first obtain their affirmative, opt-in consent."

So one, the "commitment" Comcast links to in this paragraph is little more than a cross-industry, toothless and voluntary self-regulatory regime that means just a fraction more than nothing at all. And while Comcast insists it doesn't sell its broadband customers' "individual web browsing history" (yet), they do still collect an ocean of other data for use in targeted ads, and there's really little stopping them from using your browsing history in this same way down the road -- it may not be "selling" your data, but it is using it to let advertisers target you. Comcast proceeds to say it's updating its privacy policy in the wake of the changes -- as if such an action (since these policies are drafted entirely to protect the ISP, not the consumer) means anything at all.

Like Comcast, Verizon's blog post on the subject amusingly acts as if the company's privacy policy actually protects you, not Verizon:

"Verizon is fully committed to the privacy of our customers. We value the trust our customers have in us so protecting the privacy of customer information is a core priority for us. Verizon’s privacy policy clearly lays out what we do and don’t do as well as the choices customers can make."

Feel better? That's the same company, we'll note, that was caught covertly modifying user data packets to track users around the internet regardless of any other data collected. That program was in place for two years before security researchers even noticed it existed. It took another six months of public shaming before the company even provided the option for consumers to opt out. Verizon's own recent history makes it clear its respect for consumer privacy is skin deep. And again, there's nothing really stopping Verizon from expanding this data collection and sales down the road, and burying it on page 117 of its privacy policy.

AT&T was a bit more verbose in a post over at the AT&T policy blog, where again it trots out this idea that existing FTC oversight is somehow good enough:

"The reality is that the FCC’s new broadband privacy rules had not yet even taken effect. And no one is saying there shouldn’t be any rules. Supporters of this action all agree that the rescinded FCC rules should be replaced by a return to the long-standing Federal Trade Commission approach. But in today’s overheated political dialogue, it is not surprising that some folks are ignoring the facts."

So again, the FTC doesn't really have much authority over broadband, and AT&T forgets to mention that its lawyers have found ways to wiggle around what little authority the agency does have via common carrier exemptions. And while AT&T insists that "no one is saying there shouldn't be any rules," its lobbyists are working tirelessly to accomplish precisely that by gutting both FTC and FCC oversight of the telecom sector. Not partially. Entirely. Title II, net neutrality, privacy -- AT&T wants it all gone. Its pretense to the contrary is laughable.

Like the other two providers, AT&T trots out this idea that the FCC's rules weren't fair because they didn't also apply to "edge" companies like Facebook or Google (which actually are more fully regulated by the FTC). That's a flimsy point also pushed by an AT&T and US Telecom Op/Ed over at Axios, where the lobbying group's CEO Jonathan Spalter tries to argue that consumers shouldn't worry about ISPs, because their data is also being hoovered up further down the supply chain:

"Your browser history is already being aggregated and sold to advertising networks—by virtually every site you visit on the internet. Consumers' browsing history is bought and sold across massive online advertising networks every day. This is the reason so many popular online destinations and services are "free." And, it's why the ads you see on your favorite sites—large and small—always seem so relevant to what you've recently been shopping for online. Of note, internet service providers are relative bit players in the $83 billion digital ad market, which made singling them out for heavier regulations so suspect."

Again, this quite intentionally ignores the fact that whereas you can choose to not use Facebook or Gmail, a lack of competition means you're stuck with your broadband provider. As such, arguing that "everybody else is busy collecting your data" isn't much of an argument, especially when "everybody else" is having their behaviors checked by competitive pressure to offer a better product. As well-respected security expert Bruce Schneier points out in a blog post, these companies desperately want you to ignore this one, central, undeniable truth:

"When markets work well, different companies compete on price and features, and society collectively rewards better products by purchasing them. This mechanism fails if there is no competition, or if rival companies choose not to compete on a particular feature. It fails when customers are unable to switch to competitors. And it fails when what companies do remains secret.

Unlike service providers like Google and Facebook, telecom companies are infrastructure that requires government involvement and regulation. The practical impossibility of consumers learning the extent of surveillance by their Internet service providers, combined with the difficulty of switching them, means that the decision about whether to be spied on should be with the consumer and not a telecom giant. That this new bill reverses that is both wrong and harmful."

This lack of competition didn't just magically happen. As in other sectors driven by legacy turf protectors, the same ISP lobbyists that just gutted the FCC's privacy rules have a long and proud history of dismantling competitive threats at every conceivable opportunity, then paying legislators to look the other way. That includes pushing for protectionist state laws preventing towns and cities from doing much of anything about it. It's not clear who these ISPs thought they were speaking to in these editorials, but it's certainly not to folks that have actually paid attention to their behavior over the last fifteen years.

The EFF, meanwhile, concisely calls these ISPs' sudden and breathless dedication to privacy nonsense:

"There is a lot to say about the nonsense they've produced here," said Ernesto Falcon, legislative counsel at EFF. "There is little reason to believe they will not start using personal data they've been legally barred from using and selling to bidders without our consent now. The law will soon be tilted in their favor to do it."

Gosh, who to believe? Actual experts on subjects like security or privacy, or one of the more dishonest and anti-competitive business sectors in American industry? All told, you can expect these ISPs to remain on their best behavior for a short while for appearances' sake (and because AT&T wants its Time Warner merger approved) -- but it's not going to be long before they rush to abuse the lack of oversight their campaign contributions just successfully created. Anybody believing otherwise simply hasn't been paying attention to the laundry list of idiotic ISP actions that drove the FCC to try and pass the now-dismantled rules in the first place.

41 Comments | Leave a Comment..

Posted on Techdirt - 30 March 2017 @ 10:45am

Trump's Internet Brigades Shocked To Realize The Government Just Sold Them Out On Privacy

from the by-winning-I-mean-losing dept

ISP lobbying and policy groups were, unsurprisingly, quick to mindlessly applaud this week's decision by Congress to kill consumer broadband privacy rules. Actual consumers, however, are far from pleased about Congress' decision to take campaign contributions in exchange for selling consumer privacy rights down river. With cable providers nabbing a growing broadband monopoly, ISPs increasingly merging with giant broadcasters, and neither competition nor regulatory oversight providing much of anything in the way of checks and balances, most people realize we're in for an...interesting ride over the next few years.

Amusingly, even many of Donald Trump's most fervent online supporters were shocked by Congress' and the Trump administration's giant middle finger to consumer privacy. Over at Breitbart, traditionally not a hotbed for nuanced understanding of often-complicated tech policy, commenters were quick to cry foul over the vote to kill the FCC's rules:

Of course many Trump supporters tried to heap the entirety of the blame in the lap of the GOP, ignoring the White House's wholesale support of the killing of the protections. But it was interesting to see several others actually seeing through the broadband industry's bullshit claim that the FTC will somehow come running to magically fill in the privacy enforcement gaps (it has no real authority over broadband, and ISPs can avoid oversight via common carrier exemptions anyway):

Meanwhile, over at The_Donald subreddit, users that traditionally spend their calories happily whining about "snowflakes" and "libtards" suddenly came to the realization that the broadband market isn't competitive, and with neither competitor nor functional regulatory oversight of these ever-expanding telecom giants, the average consumer ("cuck" or not) is going to get screwed by companies like AT&T and Comcast. Repeatedly:

Gosh, it's almost as if some regulations are actually necessary, and one has to intelligently debate the subtle, often-complicated nuance of each implementation! As we've noted the rules were created for a damn good reason. Namely that the lack of competition in the broadband sector had resulted in ISPs engaging in some incredibly idiotic behavior. ISPs in recent months have charged consumers more for privacy, given low income customers even worse customer service, or covertly modified user packets to track users around the internet and build entire profiles -- without telling a single god-damned customer this was happening.

Suddenly realizing their predicament, numerous Trump supporters urged the President to immediately veto the repeal of the rules, again ignoring the fact that Trump's administration has made it repeatedly clear the push to kill the rules had the administration's full-throated support:

Of course the sudden realization that government oversight of giant, anti-competitive corporations is sometimes necessary and even good for consumers has arrived a little late for most of us. It might have been nice if a few of these folks had heeded the warning about hollow populist rhetoric before our collective privacy rights were thrown in the toilet. With the gutting of net neutrality and Trump's likely approval of the massive AT&T Time Warner merger waiting in the wings, there's some additional hard lessons looming for Trump enthusiasts that actually care about tech policy.

That said, this is another reminder of how certain issues (most notably net neutrality and privacy) have been quite intentionally shoveled into idiotic partisan grooves -- despite broad, bipartisan consumer support for both concepts. There are those that benefit by having tech policy discourse mired in such callow debate, but it isn't you or I (oh hi, didn't see you standing there, Comcast). Seeing the world entirely as a game of partisan patty cake -- waged idiotically but enthusiastically in team-colored onesies -- remains an ongoing disservice to us all.

131 Comments | Leave a Comment..

More posts from Karl Bode >>