Karl Bode’s Techdirt Profile


About Karl Bode

Posted on Techdirt - 16 February 2018 @ 1:36pm

The U.S. Intel Community's Demonization of Huawei Remains Highly Hypocritical

from the do-as-we-say,-not-as-we-do dept

We've noted for some time how Chinese hardware vendor Huawei has been consistently accused of spying on American citizens without any substantive, public evidence. You might recall that these accusations flared up several years ago, resulting in numerous investigations that culminated in no hard evidence whatsoever to support the allegations. We're not talking about superficial inquiries, we're talking about eighteen months, in-depth reviews by people with every interest in exposing them. One anonymous insider put it this way in the wake of the last bout of hysteria surrounding the company:

"We knew certain parts of government really wanted” evidence of active spying, said one of the people, who requested anonymity. “We would have found it if it were there."

Never mind that almost all U.S. network gear is made in (or comprised of parts made in) China. Never mind that years of reports have shown the United States spies on almost everyone, constantly. Never mind that reports have emerged that a lot of the spy allegations often originate with Huawei competitor Cisco, which was simply concerned with the added competition. Huawei is a spy. We're sure of it. And covert network snooping is bad. When China does it.

Worries over Huawei bubbled up again recently when the U.S. government pressured both AT&T and Verizon to kill off plans to sell Huawei phones here in the States. It should be noted that Huawei phones are already available here, and the company has worked with several U.S. companies to gain a foothold in the U.S. market (like when it partnered with Google on the Nexus 6P). It should also probably be noted that in the modern era, you can't really differentiate between where a company like AT&T ends and the NSA begins, given the telco's extreme enthusiasm for spying on American citizens itself.

This week, hysteria concerning Huawei again reached a fevered pitch, as U.S. intelligence chiefs, testifying before Congress over Russian hacking and disinformation concerns, again proclaimed that Huawei was spying on American citizens and their products most assuredly should not be used:

"At the hearing, FBI Director Chris Wray testified, “We’re deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks." Purchasing Huawei or ZTE products, Wray added, “provides the capacity to maliciously modify or steal information. And it provides the capacity to conduct undetected espionage."

Which values would those be, exactly? Would it be the values, as leaked Edward Snowden docs revealed, that resulted in the NSA hacking into Huawei, stealing source code, then attempting to plant its own backdoors into Huawei products? Or perhaps it's the values inherent in working closely with companies like AT&T to hoover up every shred of data that touches the AT&T network and share it with the intelligence community? Perhaps it's the values inherent in trying to demonize encryption, by proxy weakening security for everyone?

News outlets, semi-oblivious to their own nationalism, quickly ignored the NSA's hypocrisy when it comes to worrying about values and regurgitated the intel chiefs' concerns. Few could also be bothered to note that numerous investigations have culminated in bupkis, the NSA has routinely and consistently been caught doing precisely what they accuse Huawei of, or that American companies tend to drum up hysteria on this front simply because they're afraid of competition (protectionism we routinely and justly accuse China of).

Focusing on Huawei also seems semi-myopic, given the fact that Chinese hardware can already be found in an absolute ocean of products available here in the States, many of which are made by U.S. hardware vendors. It also ignores the fact that if somebody really wants to hack us, all they need to do is spend five seconds hunting down one of a million poorly secured internet of broken things devices, which create millions of new easily-exploited attack vendors annually in businesses and residences nationwide.

None of this is to say it's impossible that Huawei has helped the Chinese government spy, much like our own companies here in the States. But if you're going to discuss this subject, you can't have an honest conversation without highlighting our own hypocrisy on this front, given it's abundantly clear that we're perfectly OK with unethical behavior, backdoors, and spying with negligible oversight and accountability -- provided the United States is the one doing it.

24 Comments | Leave a Comment..

Posted on Techdirt - 16 February 2018 @ 6:19am

FCC Boss Being Investigated By His Own Agency For Being Too Cozy With The Industry He Regulates

from the not-particularly-shocking dept

If you watched FCC boss Ajit Pai's rushed repeal of net neutrality there really shouldn't be any question about where Pai's loyalties lie, and it certainly isn't with smaller companies, healthy competition, transparency, openness, innovation, or American consumers. The agency head repeatedly lied about the justifications for the repeal, casually using fabricated data to justify what may just be the least popular policy decision in this history of modern technology. Pai's fealty to giant monopolies runs so deep, his agency now just directs reporters to lobbying talking points when they question the flimsy logic propping up the repeal.

So for those paying attention, it's probably not too surprising to see news that the FCC's own Inspector General is investigating the agency boss for being a bit too cozy with the giant companies he's supposed to be holding accountable:

"Last April, the chairman of the Federal Communications Commission, Ajit Pai, led the charge for his agency to approve rules allowing television broadcasters to greatly increase the number of stations they own. A few weeks later, Sinclair Broadcasting announced a blockbuster $3.9 billion deal to buy Tribune Media — a deal those new rules made possible.

By the end of the year, in a previously undisclosed move, the top internal watchdog for the F.C.C. opened an investigation into whether Mr. Pai and his aides had improperly pushed for the rule changes and whether they had timed them to benefit Sinclair, according to Representative Frank Pallone of New Jersey and two congressional aides."

Sinclair's $3.9 billion acquisition of Tribune Media has already faced broad, bipartisan opposition by those concerned that the merger will dramatically damage both competition and opinion diversity across countless markets nationwide. The Sinclair Tribune tie up would give Sinclair ownership of more than 230 local broadcast stations around the nation, allowing it to reach 72% of the public with "reporting" frequently lamented as grotesquely distorted on a good day.

Sinclair's latest merger couldn't occur without Pai's decision to gut numerous media consolidation rules over the last few months, including several decades old rules specifically designed to prevent any one company from unfairly dominating a media market and crushing local competition. Unsurprisingly, consumer groups were quick to seize on the news suggesting that the agency should suspend its review of the merger until the Inspector General inquiry is complete:

"Until the inspector general’s investigation is complete, Chairman Pai and any other FCC staff subject to this inquiry should recuse themselves from all dealings related to Sinclair’s proposed takeover of Tribune Media," Free Press Senior Counsel Jessica J. González said in a statement. "If the investigation finds that Pai or any other FCC staff did indeed let their own bias and favoritism shape decisions related to the deal, they must not be permitted to vote on this matter and they should be subject to other appropriate ethics-review processes."

Of course if you're familiar with Pai's work, you know that won't be happening, and in Pai's ideologically-blinded brain this will all be dismissed as the errant rantings of partisans. But again, opposition to this deal is fairly uniform across the spectrum. Conservatives don't like it because they realize Sinclair is going to squeeze smaller media outlets out of the equation unfairly. Liberals don't like it because they know Sinclair is going to fill the airwaves with more nonsense just as we're trying to get a hold on problems inherent in foreign influence, disinformation, and discourse quality.

Regardless, Pai's going to have a very busy few years. He's already facing several different inquiries into why his agency made up DDOS attacks and turned a blind eye to identity theft as part of an apparent attempt to downplay massive public opposition to his policies. He's also facing several law enforcement inquiries (one of which he's actively blocking) and numerous lawsuits into his agency's blatant disregard of the public interest. And while this particular inquiry may not conclude that Pai technically broke the law or violated agency rules, it's pretty hard to act confused about where Pai's loyalties truly lie.

27 Comments | Leave a Comment..

Posted on Techdirt - 15 February 2018 @ 10:44am

Cryptocurrency Mining Company Coinhive Shocked To Learn Its Product Is Being Abused

from the who-knew? dept

So if you haven't noticed, the entire cryptocurrency mining thing has become a bit of an absurd stage play over the last few months. From gamers being unable to buy graphics cards thanks to miners hoping to cash in on soaring valuations, to hackers using malware to covertly infect websites with cryptocurrency miners that use visitors' CPU cycles without their knowledge or consent. As an additional layer of intrigue, some websites have also begun using such miners as an alternative to traditional advertising, though several have already done so without apparently deeming it necessary to inform visitors.

At the heart of a lot of this drama is crypotcurreny mining software company Coinhive, whose software is popping up in both malware-based and above board efforts to cash in on the cryptocurrency mining craze. Coinhive specifically focuses on using site visitor CPU cycles to help mine Monero. The company's website insists that their product can help websites craft "an ad-free experience, in-game currency or whatever incentives you can come up with." The company says its project has already resulted in the mining of several million dollars worth of Monero (depending on what Monero's worth any given day).

The folks behind the company told Motherboard this week they were blindsided by the way their software has quickly been adopted by both non-transparent websites, and malware authors looking to make some additional money:

"We were quite overwhelmed by the extremely fast adoption,” a member of the Coinhive team told Motherboard in an email. “In hindsight, we were also quite naive in our assumptions on how the miner would be used. We thought most sites would use it openly, letting their users decide to run it for some goodies, as we did with our test implementation on pr0gramm.com before the launch. Which is not at all what happened in the first few days with Coinhive."

You developed a technology with the capability of covertly hijacking a user's CPU cycles to make additional money, sold it to an industry with longstanding problems with both transparency and self defeating practices during an era where everything but the kitchen sink is hackable, and you're honestly surprised it's being abused? While it's obvious the malware itself isn't Coinhive's fault, this seems like either a notable lack of foresight, or a dash of disingenuous denial.

One team member attempted to downplay the scope of the problem, hoping nobody would notice the new reports this week indicating that over 4,000 UK and U.S. websites have been compromised by malware that embeds the Coinhive software:

"'Cryptojacking’ will probably be here to stay for a while. At least until the rising difficulty in the Monero network (and others) makes it impracticable or Browser vendors somehow block CPU heavy websites,” the Coinhive team member said. They caveated that reports of malicious Coinhive use “have slowed down tremendously, as ‘hackers’ realize there's not much to gain with our service."

Yes, not much to gain outside of, well, making money off of countless IT and server admins who don't realize this is even a threat yet in hundreds of countries around the world. It's worth noting that some in the security community have accused Coinhive of being complicit because they take a 30% cut of all of the cryptocurrency mining that occurs with their product, regardless of whether it's via malware implementations:

As such there's little motivation on their end to thwart the trend of poorly implemented or downright hostile applications of the outfit's product, and it's not quite the kind of company journalism funding revolutions should probably be built upon. One anonymous Coinhive developer half-jokingly told Motherboard the company was doing websites a service by forcing them to be more aware of sloppy code or outdated server configurations:

"Food for thought; and we only mean this half serious: embedded miners in compromised websites are usually detected way sooner than other malicious browser scripts. Website owners recognize the breach and are finally forced to update their shitty WordPress installations."

Again, poor, non-transparent implementation of Coinhive's product by legitimate websites isn't necessarily Coinhive's fault. Nor is malware authors embedding Coinhive into their own, more malicious work. But Coinhive's lack of foresight and casual response to some fairly major issues--as well as the fact it's taking a cut of malware implementations--would seemingly open the door to other, similar companies which may be eager to elbow in on Coinhive's success with a bit more foresight and a dash more professionalism.

31 Comments | Leave a Comment..

Posted on Techdirt - 15 February 2018 @ 6:30am

Congress Pressures FCC Boss Over His Total Failure To Police Net Neutrality Comment Fraud

from the complete-non-transparency dept

By now it's pretty apparent that the FCC doesn't much want to talk about who was behind the numerous bogus comments that flooded the agency's net neutrality repeal proceeding. When I asked the FCC for help after someone lifted my identity to support repealing the rules, the FCC responded with the policy equivalent of a ¯\_(ツ)_/¯. Similarly, when New York Attorney General Eric Shneiderman approached the FCC looking for help identifying the culprit (9 requests over 5 months, he said in an open letter), the FCC blocked the investigation.

Most analysts believe the effort was a ham-fisted attempt to erode trust in the public comment proceeding in order to downplay massive public opposition to the FCC's plan (a tactic that has mysteriously plagued other government proceedings over the last year). The FCC could pretty quickly clear this all up by providing access to server logs and API key usage details to law enforcement. Its consistent refusal to do so quickly dismantles agency boss Ajit Pai's continued, breathless claims that he's a massive fan of transparency and would run a more transparent operation than his predecessor.

This week, members of the House Committee on Energy and Commerce sent a letter to Pai again asking him to explain (pdf) why the FCC ignored the public and sat on its hands as millions of bogus comments (some of them from dead people) piled up. Included in the questions were inquiries regarding how the FCC (which says it ignored comments "devoid of substance") determined what public comments were worth paying attention to, if any:

"How were comments determined to be “devoid of substance”? How were others determined to “bear substantively” on the issue? What were the training methods and guidelines for staff making these determinations? How many staff hours were dedicated to this?"

Pai was also asked why he doesn't think helping law enforcement get to the bottom of the scandal is a good idea:

"Why has the FCC failed to cooperate with the NY attorney general’s investigation into potential identity theft?"

And why didn't the agency implement any kind of screening process to help ferret out bulk, bogus comments (many of which were submitted by a bot in purely alphabetical order):

"Why did the FCC choose to not implement any kind of identity verification in its comment platform? The FCC says it excluded comments that used fake names, but how was it determined which these were? And if it is known which comments used fake names, why were these comments not removed from the docket?

Of course like previous inquiries, Pai isn't likely to respond -- at least not with any answers that provide real meaning. Since ISPs have been obnoxiously successful falsely framing net neutrality as a partisan issue, and the letter sent to Pai consists largely of Democrats, it will be relatively easy to dismiss the inquiry as little more than partisan gamesmanship. You'd just have to ignore the fact that an open, healthy internet free of domination by telecom monopolies benefits everyone, or the fact that polls routinely show net neutrality has broad, bipartisan support.

It's not hard for the FCC to identify who was behind the effort, and given the attack only benefits either the telecom industry or the folks in the Trump administration pushing the repeal, the short list of culprits is arguably tiny. But while Pai apparently has zero interest in helping find out who was behind the disinformation campaign, it's likely additional details will emerge courtesy of the countless lawsuits currently heading the FCC's general direction.

63 Comments | Leave a Comment..

Posted on Techdirt - 14 February 2018 @ 10:40am

Verizon Begins Locking Down Its Phones Again, Purportedly To 'Stop Theft'

from the fool-me-once dept

If you've been around a while, you probably know that Verizon has an adversarial relationship with openness and competition. The company's history is rife with attempts to stifle competing emerging technologies that challenged Verizon's own business interests, from its early attempts to block GPS and tethering apps so users would have to subscribe to inferior and expensive Verizon services, to its attempts to block competing mobile payment services to force users (again) onto Verizon's own, inferior products. And that's before you get to Verizon's attempts to kill net neutrality and keep the broadband industry uncompetitive.

In the earlier years, Verizon had a horrible tendency to lock down its devices to a crippling and comical degree. But with the rise of net neutrality, competition from carriers like T-Mobile, and open access conditions affixed to certain spectrum purchased by Verizon, the company slowly-but-surely loosened its iron grip on mobile devices. But let's be clear: the company had to be dragged, kicking and screaming, into the new, more open future we all currently enjoy, where (by and large) you can install whatever apps you like on your device, and attach most mainstream devices (with some caveats) to Verizon's network.

That's why more than a few eyebrows were raised after Verizon gave CNET the early exclusive news (apparently in the hopes that they'd frame it generously, which they did) that the company will soon be locking down its smartphones as part of a purported effort to "combat theft." Carriers have been justly criticized (and sued) for doing too little to prevent theft, in part because they profit on both sides of the equation -- both when a customer comes crying to Verizon to buy a new phone, and when the user with the stolen phone heads to Verizon to re-activate it on a new line.

On its surface, Verizon's plan doesn't seem to have much of an initial impact on traditional users, who'll still get to have their phone unlocked after an unspecified amount of time. The only initial problems that could arise involve users who buy a phone, then head overseas to insert a local SIM to get more reasonably-priced service. Those users may have to contact Verizon before that phone will work, something that may or may not be a pain in the ass in real-world practice.

But it's more the precedent of the move that has people familiar with Verizon's handiwork on this front a little nervous. Especially given Verizon's recent successes in not only killing net neutrality, but gutting most state and federal oversight of ISPs entirely (something many haven't keyed into yet). For one, locking down its devices technically violates the "Carterfone" open access rules affixed to the 700MHz spectrum used in Verizon's network. Verizon was quick to insist to CNET that this shift back toward locking down devices does not violate the "spirit of the agreement":

"The move marks a broad reversal of its policy to offer all of its phones unlocked -- part of a deal with the Federal Communications Commission requiring it to unlock phones as part of its acquisition of the "C block" of 700 megahertz spectrum, which powers its 4G LTE network. One section of the deal specifically prohibits Verizon from configuring handsets to prevent them from working on other networks.

Avi Greengart, an analyst at Global Data, said the policy change appears to contradict the existing rules.

Verizon, however, argues it's still following the intent of the rule.

"This change does not impact the spirit of that agreement as it is designed to deter theft by those who engage in identity theft or other fraud," said a spokeswoman for Verizon. "It is not inconsistent with our obligations under the C Block."

Oh, ok then. The problem is that Verizon doesn't have very much (read: any) credibility on this front, something other news outlets were notably more blunt about:

"Verizon has peddled CNET the story that this is about preventing handset theft and fraud. No facts or figures are provided to back up that assertion.

The simple fact is this: Verizon believes it can get away with SIM-locking its handsets again. This creates confusion for consumers. "Can I take my Verizon phone to another network?" Goes from being answered with a simple "Yes" to "Well, probably, but first you need to contact customer service, ask for us to do this, give us your phone's serial number, wait a week, and make sure this software update comes through."

Again, Verizon's pretty damn ambiguous about the hard specifics of this new plan, only stating the handset lock down will expand over time. Verizon (like many large telecom operators) has a long, proud history of hiding anti-competitive behavior behind faux-technical jargon and a breathless concern over the safety and security of the network. So locking down phones "for security reasons" is great cover for what could be ballooning efforts to make it harder for wireless consumers to switch to competitors. After all, who's going to stop them, net neutrality opponent, former Verizon employee, and current FCC boss Ajit Pai?

34 Comments | Leave a Comment..

Posted on Techdirt - 14 February 2018 @ 6:23am

Salon Offers To Remove Ads If Visitors Help Mine Cryptocurrency

from the just-renting dept

As we've been discussing, the rise of stealth cryptocurrency miners embedded on websites has become a notable problem. In some instances, websites are being hacked and embedded with stealth cryptocurrency miners that quickly gobble up visitors' CPU cycles without their knowledge. That's what happened to Showtime recently when two different domains were found to be utilizing the Coinhive miner to hijack visitor broswers without users being informed. Recent reports indicate that thousands of government websites have also been hijacked and repurposed in this fashion via malware.

But numerous websites are also now exploring such miners voluntarily as an alternative revenue stream. One major problem however: many aren't telling site visitors this is even happening. And since some implementations of such miners can hijack massive amounts of CPU processing power while sipping a non-insubstantial amount of electricity, that's a problem.

The Pirate Bay for example was forced to stop using visitor CPUs and browsers to mine Monero last fall after Reddit users complained the miner was slowing down their PCs and eating up 80% of their CPU cycles. The website stated that it was simply exploring new revenue streams to keep the website afloat:

"As you may have noticed we are testing a Monero javascript miner. This is only a test. We really want to get rid of all the ads. But we also need enough money to keep the site running."

This week Salon joined the fun, informing users that they'd be happy to suppress advertisements if site visitors are willing to help mine cryptocurrency:

Creative exploration of alternative revenue streams is obviously necessary, and there's numerous examples where site-driven cryptocurrency miners could be used to help bolster scientific research. Salon pretty clearly understands this decision is controversial, offering up an entire website explaining how making money from journalism is hard, and the company needed to explore some new, creative solutions in order to stay afloat:

"Salon is instructing your processor to run calculations. Think of it like borrowing your calculator for a few minutes to figure out the answer to math problems, then giving it back when you leave the site. We automatically detect your current processing usage and assign a portion of what you are not using to this process. Should you begin a process that requires more of your computer’s resources, we automatically reduce the amount we are using for calculations."

That said, security researchers have similarly warned that this is a very slippery slope, and for every website that's being transparent about the process and respectful of the possible impact on computer performance, there're countless others who quite obviously won't give much of a damn about either. These are, after all, the same websites that are now engaging in ham fisted and annoying ad blocker blocking, frequently oblivious to how their own obnoxious ad decisions drove the rise of ad blockers in the first place.

As Malwarebytes researchers recently noted, there's no limit of websites that are already pushing their luck on this front:

"The question at this point is: How far can publishers push the limits towards a really bad user experience? You may be surprised that for many, this is not really a problem at all and that double dipping is, in fact, a fairly common practice...publishers ought to be more transparent with their audience because no-one likes unannounced guests. Unfortunately, there will always be publishers that care very little about what kind of traffic they push, so long as it generates good revenues; for those, cryptominers are just an added income to their existing advertising portfolio."

If implemented with respect for the end user and transparency, such miners may not be a bad thing. But bad actors could very quickly create an environment where users feel they're being accosted by sites that don't respect either, resulting in another layer of cat and mouse gamesmanship between sites publishers and readers. So while there's certainly potential here, escalating an already adversarial relationship in the adblocker era isn't likely to excite readers, forge community, or save journalism anytime soon.

47 Comments | Leave a Comment..

Posted on Techdirt - 13 February 2018 @ 11:57am

More Than 4,000 Government Websites Infected With Covert Cryptocurrency Miner

from the whoops-a-daisy dept

The rise of cryptocurrency mining software like Coinhive has been a decidedly double-edged sword. While many websites have begun exploring cryptocurrency mining as a way to generate some additional revenue, several have run into problems if they fail to warn visitors that their CPU cycles are being co-opted in such a fashion. That has resulted in numerous websites like The Pirate Bay being forced to back away from the software after poor implementation (and zero transparency) resulted in frustrated users who say the software gobbled upwards of 85% of their available CPU processing power without their knowledge or consent.

But websites that don't inform users this mining is happening are just one part of an emerging problem. Hackers have also taken to using malware to embed the mining software into websites whose owners aren't aware that their sites have been hijacked to make somebody else an extra buck. Politifact was one of several websites that recently had to admit its website was compromised with cryptocurrency-mining malware without their knowledge. Showtime was also forced to acknowledge (barely) that websites on two different Showtime domains had been compromised and infected with Coinhive-embedded malware.

While Bloomberg this week proclaimed that governments should really get behind this whole cryptocurrency mining thing, the reality is that numerous governments already have -- just not in the way they might have intended. Security researcher Scott Helme this week discovered that more than 4,000 U.S. and UK government websites -- including the US court system website -- have been infected with cryptocurrency mining malware, a number that's sure to only balloon.

As Helme notes, attackers don't need to even attack each website individually, as they've found a way to compromise shared resources like Text Help, whose modified script files were then loaded by thousands of websites at a pop:

Fortunately this attack isn't particularly hard to neutralize, with a tiny modification to the share script being able to nip similar, future attacks in the bud. But Helme also notes that this entire kerfuffle could have been substantially worse:

Ultimately it seems like these kinds of attacks should be easy to avoid once site administrators and governments wise up to the rising threat. That said, reports by cybersecurity firm CrowdStrike have suggested things will get a little worse before they get better. Again though, the malware angle is just one conversation we need to be having. How sites can responsibly and transparently implement miners as an alternative revenue stream is going to be something we'll be talking about for a while, as Salon made evident this week as the first website to offer the option as an alternative to traditional advertising.

26 Comments | Leave a Comment..

Posted on Net Neutrality Special Edition - 13 February 2018 @ 6:22am

Verizon-Owned Tumblr Joins The Latest Effort To Restore Net Neutrality

from the fight-the-good-fight dept

Given Verizon's long-standing animosity to net neutrality (and openness and healthy competition in general), the company's acquisition of Tumblr created some understandable tension. Tumblr has been on the front lines of net neutrality support since around 2014 or so, with CEO David Karp stating in 2015 that the service wouldn't exist without net neutrality:

"(Undermining net neutrality) would congeal the Internet into something stagnant, something where new players wouldn’t be able to join the game without having the funds to do so. I’m proud to have been able to turn a little side project into an engine of creativity for so many people. I don’t want to be among the last people able to do that."

Karp resigned from the company last year, and numerous reports have indicated that while net neutrality advocacy remains strong among employees, the company itself has unsurprisingly lowered the volume of its support for net neutrality under new ownership by Verizon. That has resulted in a slow but steady departure of employees not thrilled to be under the "leadership" of one of the most anti-competitive (and occasionally comically delusional) companies on the tech policy front (former in-house counsel Ari Shahdadi being of particular note).

Despite Verizon's ownership the company's net neutrality advocacy doesn't appear to be dead just yet. This week, the company joined net neutrality advocates' "Operation: OneMoreVote" campaign. As we've noted, activists are trying to use the Congressional Review Act to reverse the FCC net neutrality repeal. Under the CRA, Congress can reverse a regulatory decision within 60 days of it hitting the Federal Register with a majority vote. The GOP and Trump administration used this exact trick to kill consumer broadband privacy protections early last year.

According to net neutrality advocacy group Fight for the Future, Tumblr will join Etsy, Reddit, Vimeo, Medium and other smaller companies in a February 27 effort to pressure lawmakers to support the effort in the Senate:

"50 Senators have already come out in support of the CRA, which would completely overturn the FCC’s December 14 decision and restore net neutrality protections. Several Senators have indicated that they are considering becoming the 51st vote we need to win, but they’re under huge pressure from telecom lobbyists. Only a massive burst of energy from the Internet will get them to move."

As noted previously, even if this effort passes the Senate it has an uphill climb in the House, where AT&T, Verizon and Comcast loyal politicians are in even greater supply. And even if the plan nabs the 218 House votes needed, it would still need to be signed by President Trump. And while activists believe Trump might bow to public pressure as part of his purported dedication to his special brand of "populism," that remains a bit of a pipe dream. That's not to suggest the effort is useless; it could go a long way toward forcing politicians to clearly document their disdain for the will of the public ahead of the looming midterms.

All of that said, it's good to see the remaining folks at Tumblr still fighting the good fight, despite the fact that they're now owned by a company with a historically-miserable track record on consumer privacy, state rights, competition, honesty, transparency and the quest for a relatively healthy and open internet.

14 Comments | Leave a Comment..

Posted on Techdirt - 12 February 2018 @ 11:58am

Consumer Reports: Your 'Smart' TV Remains A Privacy & Security Dumpster Fire

from the internet-of-very-broken-things dept

By now it has been pretty well established that the security and privacy of most "internet of things" devices is decidedly half-assed. Companies are so eager to cash in on the IOT craze, nobody wants to take responsibility for their decision to forget basic security and privacy standards. As a result, we've now got millions of new attack vectors being introduced daily, including easily-hacked "smart" kettles, door locks, refrigerators, power outlets, Barbie dolls, and more. Security experts have warned the check for this dysfunction is coming due, and it could be disastrous.

Smart televisions have long been part of this conversation, where security standards and privacy have also taken a back seat to blind gee whizzery. Numerous set vendors have already been caught hoovering up private conversations or transmitting private user data unencrypted to the cloud. One study last year surmised that around 90% of smart televisions can be hacked remotely, something intelligence agencies, private contractors and other hackers are clearly eager to take full advantage of.

Consumer Reports this week released a study suggesting that things aren't really improving. The outfit, which is working to expand inclusion of privacy and security in product reviews, studied numerous streaming devices and smart TVs from numerous vendors. What they found is more of the same: companies that don't clearly disclose what consumer data is being collected and sold, aren't adequately encrypting the data they collect, and still don't seem to care that their devices are filled with security holes leaving their customers open to attack.

The company was quick to highlight Roku's many smart TVs and streaming devices, and the company's failure to address an unsecured API vulnerability that could allow an attacker access to smart televisions operating on your home network. This is one of several problems that has been bouncing around since at least 2015, notes the report:

"The problem we found involved the application programming interface, or API, the program that lets developers make their own products work with the Roku platform. “Roku devices have a totally unsecured remote control API enabled by default,” says Eason Goodale, Disconnect’s lead engineer. “This means that even extremely unsophisticated hackers can take control of Rokus. It’s less of a locked door and more of a see-through curtain next to a neon ‘We’re open!’ sign."

To become a victim of a real-world attack, a TV user would need to be using a phone or laptop running on the same WiFi network as the television, and then visit a site or download a mobile app with malicious code. That could happen, for instance, if they were tricked into clicking on a link in a phishing email or if they visited a site containing an advertisement with the code embedded."

Roku was quick to issue a blog post stating that Consumer Reports had engaged in the "mischaracterization of a feature," and told its customers not to worry about it:

"Consumer Reports issued a report saying that Roku TVs and players are vulnerable to hacking. This is a mischaracterization of a feature. It is unfortunate that the feature was reported in this way. We want to assure our customers that there is no security risk.

Roku enables third-party developers to create remote control applications that consumers can use to control their Roku products. This is achieved through the use of an open interface that Roku designed and published. There is no security risk to our customers’ accounts or the Roku platform with the use of this API. In addition, consumers can turn off this feature on their Roku player or Roku TV by going to Settings>System>Advanced System Settings>External Control>Disabled."

Roku fails to mention that doing so disables the ability for consumers to control the device with Roku's own app, taking away valuable functionality from the end user (something Consumer Reports mentions in its write up). And Roku doesn't even address the other complaints in the report, including concerns that streaming hardware and TV companies aren't making data collection and third-party sales clear, aren't clearly showcasing their privacy policies, and often don't let users opt out of such collection without losing functionality (much like the broadband ISPs and numerous services and apps these devices are connected to).

Roku's response highlights the SOP approach (somebody else's problem) inherent in the IOT. As experts like Bruce Schneier have repeatedly noted, the tech industry is caught in a cycle of security dysfunction where nobody in the chain has any real motivation to actually fix the problem:

"The market can't fix this because neither the buyer nor the seller cares. Think of all the CCTV cameras and DVRs used in the attack against Brian Krebs. The owners of those devices don't care. Their devices were cheap to buy, they still work, and they don't even know Brian. The sellers of those devices don't care: they're now selling newer and better models, and the original buyers only cared about price and features. There is no market solution because the insecurity is what economists call an externality: it's an effect of the purchasing decision that affects other people. Think of it kind of like invisible pollution."

Schneier has repeatedly warned that we need cooperative engagement between governments, companies, experts and the public to craft over-arching standards and policies. The alternative isn't just a few hacks and embarrassing PR gaffes now and again. The influx of millions of poorly secured internet-connected devices (many of which are being automatically integrated into historically-nasty botnets) is a massive dumpster fire with the potential for genuine human casualties. It's easy to downplay these kinds of reports as just "a few minor problems with a television set," but that ignores the massive scope of the problem and the chain of security and privacy apathy that has created it.

39 Comments | Leave a Comment..

Posted on Techdirt - 12 February 2018 @ 6:27am

The Standalone Streaming Service HBO Didn't Want To Offer Now Has 5 Million Users

from the innovation-trumps-math dept

You might recall that just a few years ago, HBO had to be dragged kicking and screaming into the modern era. For years the company refused to offer a standalone streaming TV service, worried that it would jeopardize the company's cozy promotional relationship with existing cable providers (who often all but give away the channel in promotions). As recently as 2013 Time Warner CEO Jeff Bewkes was claiming that such an offering would make "no economic sense."

Why? Bewkes was worried that offering a standalone option would upset cable partners. At the time, those partners were already offering an HBO streaming app named HBO Go, but only if you signed up for traditional TV. This was art of the industry's walled garden "TV Everywhere" initiative, a misguided attempt at stopping cord cutters by only giving them innovative streaming services -- if they signed up for bloated, traditional television bundles. Bewkes was clearly worried at the time that being too damn innovative would upset industry executives and skew the company's balance sheets:

"And we would do it if we thought it was in our economic best interest. At this point we don’t think it makes sense. We don’t think the target market is sufficiently large to be attractive at this point. So what we’re doing, and we think this is working pretty well — we’re working with the [pay TV operators] to increase the penetration of HBO Go in a mutually beneficial way."

At the time we noted how HBO was letting fear trump innovation. The company was focusing so much on avoiding upsetting cable operators and worrying over the initial impact on the traditional cable TV cash cow, that it forgot that innovation often trumps the math. In reality, the math Bewkes was concerned about were performance and metrics built on a different, changing market that was on the way out. This kind of hesitation was initially great news for Netflix, whose CEO saw all of this coming long before HBO executives did:

"The goal," says Hastings, "is to become HBO faster than HBO can become us."

All the while, HBO and Time Warner's timidity and failure to listen to consumers resulted in many of its shows breaking piracy records. And while HBO couldn't be bothered to offer a legitimate standalone streaming alternative to piracy, it did spend a lot of time and money trying to derail these efforts, including "poisoning" seeded copies of HBO programs on BitTorrent and sending out oodles of nastygrams to ISPs. Other HBO executives, meanwhile, seemed to share the cable industry mindset that this whole cord cutting thing was just a temporary phenomenon that would blow over.

HBO finally did buckle to offering a standalone streaming service (dubbed HBO Now) in 2014. Just a few years later and the service has just breached 5 million subscribers. And oh, the numbers HBO was so worried about are looking solid too, with HBO Now generating $19 million in revenues for the two months it aired of Game of Thrones Season 7. In this case it all worked out well for HBO, but the company could have enjoyed a much healthier head start if it company executives hadn't let fear trump natural evolution.

31 Comments | Leave a Comment..

Posted on Techdirt - 9 February 2018 @ 6:27am

ESPN Still Isn't Quite Getting The Message Cord Cutters Are Sending

from the more-of-the-same dept

We've noted repeatedly how ESPN has personified the cable and broadcast industry's tone deafness to cord cutting and TV market evolution. The company not only spent years downplaying the trend as something only poor people do, it sued companies that attempted to offer consumers greater flexibility in how video content was consumed. ESPN execs clearly believed cord cutting was little more than a fad that would simply stop once Millennials started procreating, and ignored surveys showing how 56% of consumers would ditch ESPN in a heartbeat if it meant saving the $8 per month subscribers pay for the channel.

As the data began to indicate the cord cutting trend was very real, insiders say ESPN was busy doubling down on bloated sports licensing deals and SportsCenter set redesigns. By the time ESPN had lost 10 million viewers in just a few years, the company was busy pretending they saw cord cutting coming all the while. ESPN subsequently decided the only solution was to fire hundreds of longstanding sports journalists and support personnel, but not the executives like John Skipper (since resigned) whose myopia made ESPN's problems that much worse.

Fast forward to this week, when Disney CEO Bob Iger suggested that Disney and ESPN had finally seen the error of their ways, and would be launching a $5 per month streaming service sometime this year. Apparently, Iger and other ESPN/Disney brass have finally realized that paying some of the least-liked companies in America $130 per month for endless channels of crap has somehow lost its luster in the streaming video era:

"There are signs that young people are coming into multi-channel television. People that were once called or thought to be cord-nevers are starting to adopt less expensive over-the-top packages," Iger said.

Who knew? Did you know? I certainly didn't know. Bloomberg, meanwhile, informs us that the company's new service is "Iger's bet on the future":

"If anything it points to what the future of ESPN looks like,” Iger said on a conference with investors. “It will be this app and the experience that it provides."

But will it? There's every indication that ESPN's still only paying lip service to innovation. What consumers say they want is the ability to either avoid ESPN entirely, or buy ESPN the channel on a standalone basis. But it's important to point out that's not what ESPN is actually offering here. The new streaming service won't provide access to ESPN's existing channel lineup unless you have a traditional cable subscription. Without a traditional cable TV subscription, users of the app will be directed to other content they may or may not actually want:

"The over-the-top service will roll out sometime in the spring, in tandem with a redesign of Disney's ESPN app. The over-the-top feature will be one part of that app, allowing users to watch live programming that will not otherwise be available on any of its channels. "The third feature is a plus service, we're calling it ESPN Plus, that will include an array of live programming that is not available — live sports, live sports events — not available on current channels," Iger said in an exclusive interview on CNBC's "Closing Bell."

This is something ESPN already tried once with the launch of ESPN 360 (ultimately renamed just ESPN 3) years ago. That channel offered access to streaming sports content, but not any of the content anybody was actually interested in (unless you're really crazy for men's professional hopscotch). What users want is either the option to buy ESPN as a standalone channel, or to avoid ESPN entirely. What ESPN's offering is a streaming channel retread filled with content viewers probably didn't ask for. All, again, because ESPN is afraid of cannibalizing its traditional viewership numbers by trying something new.

Admittedly ESPN is stuck between a rock and a hard place with no real easy options. ESPN currently makes $7.21 for each cable TV subscriber, many of whom pay for ESPN begrudgingly. Many industry insiders also have told me over the years that ESPN's contracts with many cable providers state that should ESPN offer its own streaming services, cable providers will no longer be bound by restrictions forcing them to include ESPN in their core lineups, which will only accelerate the number of skinny bundle options being offered without ESPN.

In short, if ESPN offers a standalone version of ESPN, it only encourages customers to cut the cord and move to less expensive (and less profitable) alternatives. If ESPN doesn't give customers what they want, they'll cut the cord out of frustration. But if ESPN actually wants to be ready for the future, getting out ahead of the inevitable shift to streaming is the only real solution. Nobody said evolution would be painless or the traditional cable TV cash cow would live forever. ESPN has the option of getting out ahead of the trend, or playing from behind later on when the cord cutting trend shifts from a trickle to a torrent.

48 Comments | Leave a Comment..

Posted on Techdirt - 8 February 2018 @ 6:28am

FCC Refuses To Release FOIA Documents Pertaining To Its Stupid Verizon 'Collusion' Joke

from the transparency! dept

You might recall that right before the FCC voted to kill net neutrality at Verizon's behest, the agency thought it would be a hoot to joke about the agency's "collusion" with Verizon at a telecom industry gala. The lame joke was a tone-deaf attempt to mock very legitimate concerns that Pai, a former Verizon regulatory lawyer, is far too close to the industry he's supposed to be regulating. The FCC even went so far as to include a little video featuring Verizon executives, who chortled about their plans to install Pai as a "puppet" leader at the agency. Hilarious.

While the audience of policy wonks and lobbyists giggled, the whole thing was tone deaf and idiotic from stem to stern. Especially given the fact that Pai's policies have been nothing short of a Verizon wish list, whether that involves protecting Verizon's monopoly over business data services (BDS), or the efforts to undermine any attempts to hold Verizon accountable for repeated privacy violations. Much like the other lame video Pai circulated at the time to make light of consumer outrage, it only served to highlight how viciously out of touch this FCC is with the public it's supposed to be looking out for.

Gizmodo recently filed a FOIA request to obtain any communications between the FCC and Verizon regarding the creation of the video, arguing the records were well within the public interest given concerns over Pai's cozy relationship with the companies he's supposed to be holding accountable. But Gizmodo says the FCC refused the request under Exemption 5 of the FOIA (Deliberative Process Privilege). While the request revealed around a dozen pages of e-mails between the FCC and Verizon, the FCC refuses to release them, arguing they could harm the ability of the agency to do its job (read: kiss Verizon's ass):

"At its own discretion, the Federal Communications Commission has chosen to block the release of records related to a video produced last year in which FCC Chairman Ajit Pai and a Verizon executive joke about installing a “Verizon puppet” as head of the FCC. In a letter to Gizmodo last week, the agency said it was withholding the records from the public in order to prevent harm to the agency—an excuse experts say is a flagrant attempt to skirt federal transparency law.

Needless to say, FOIA experts don't believe a tone deaf joke qualifies for the exemption:

"To argue that this video amounts to the same kind of deliberative process that goes on behind the scenes in terms of an agency deciding an official policy on a topic, or what actions it’s going to take, is absurd,” Marshall said. “The deliberative process is frequently used to withhold embarrassing information or inconvenient information. I have no idea how a draft of a skit that was supposed to be funny would impair the FCC’s decision-making process on anything, except on, I guess, maybe future skits."

In short the FCC was cocky enough to think that mocking Verizon collusion concerns was somehow a good idea, yet now doesn't want anybody seeing its communications with Verizon executives. The agency pretty clearly is worried the e-mails could be embarrassing or potentially harm the agency's chances against the wall of lawsuits headed its direction for ignoring the public interest.

Remember that Ajit Pai has routinely crowed about how "transparent" his FCC would be. Yet just one year in, Pai's agency is already facing numerous lawsuits for refusing to disclose conversations with ISP lobbyists about the plan to kill net neutrality, refusing to disclose net neutrality complaints filed with the agency, refusing to be transparent about a DDoS attack the FCC apparently concocted to downplay the "John Oliver effect," and for ignoring FOIA requests related to its failure to police website comment fraud during the public comment period (they're also blocking a law enforcement investigation into that same issue).

In short, whatever Pai's private definitions of both "transparency" and "joke" are, you sure as hell won't find them in the dictionary.

39 Comments | Leave a Comment..

Posted on Techdirt - 7 February 2018 @ 12:00pm

New Jersey The Latest State To Protect Net Neutrality By Executive Order

from the Not-so-Comcastic dept

The Trump FCC is currently in the process of trying to eliminate all meaningful oversight of some of the least competitive companies in America. Not only are broadband providers and the Trump administration trying to gut FTC and FCC oversight of companies like Comcast, they're also trying to ban states from protecting net neutrality or broadband consumer privacy at ISP lobbyist behest. This is all based on the belief that letting Comcast run amok somehow magically forges telecom Utopia. It's the kind of thinking that created Comcast and the market's problems in the first place.

And while the Trump FCC is trying to ban states from protecting consumers in the wake of federal apathy (you know, states rights and all that), the individual states don't appear to be listening. Numerous states are pushing new legislation that effectively codifies the FCC's 2015 net neutrality rules on the state level, efforts that will be contested in the courts over the next few years. ISPs have been quick to complain about the threat of multiple, discordant and shitty state laws, ignoring the fact that they created this problem by lobbying to kill reasonable (and popular) federal protections.

Other states, like Montana and New York have gotten more creative, signing executive orders that ban ISPs from winning state contracts if they violate net neutrality. Montana Governor Steve Bullock went so far as to suggest that other states use his order as a template, something New Jersey appears to have taken him up on. The state this week issued its own executive order (pdf) protecting net neutrality, modifying the state procurement process to prohibit state contracts with ISPs that routinely engage in anti-competitive blocking, throttling, or paid prioritization.

In a press release, state leaders say the new rules will take effect in July:

"We may not agree with everything we see online, but that does not give us a justifiable reason to block the free, uninterrupted, and indiscriminate flow of information,” Governor Murphy said. “And, it certainly doesn’t give certain companies or individuals a right to pay their way to the front of the line. While New Jersey cannot unilaterally regulate net neutrality back into law or cement it as a state regulation, we can exercise our power as a consumer to make our preferences known."

Governor Murphy’s Executive Order will make New Jersey the third state –along with New York and Montana—to mandate that ISPs adhere to net neutrality rules or lose the ability to contract in state. The Executive Order will apply to all contracts between state entities and ISPs that are executed on or after July 1, 2018. The Attorney General’s Division of Consumer Affairs will work with the Division of Purchase and Property to carry out the Executive Order and monitor its enforcement.

One problem that could arise from these executive orders is the fact that ISPs can avoid violating the rules if they say they're simply engaging in "reasonable network management."

Defining what "reasonable" is has long been problematic in the net neutrality conversation, and ISP lobbyists have had a lot of luck weakening said definition after the fact to erode the importance of such protections. Hiding anti-competitive behavior behind "reasonable network management", artificial network congestion, or other faux technical justifications is a game ISPs have been playing for about as long as the net neutrality debate has existed, and since lawmakers often have no idea how any of this works it's often easy to mislead them.

Regulators and lawmakers also often like to talk tough on this subject, then avoid any meaningful enforcement down the road for fear of alienating deep-pocketed campaign contributors. So while it's great New Jersey, New York and Montana are doing something about federal regulatory capture, it's going to require an attentive press and public to ensure these state-level promises actually mean something.

The FCC has also stated it plans to take aim at these state executive orders as well state legislation, but it's going to be up to the courts to decide whether the agency's "pre-emption" efforts extend that far. The FCC has had its wrist slapped by the courts in the past for trying to stop states from passing protectionist state laws ("states rights" appears to have a ever-shifting meaning for many of these ISPs and politicians depending on what they're after).

The legal fight between the states and the FCC will be joining the countless looming billable hours as the FCC's unpopular decision gets bogged down in legal chaos for what's likely to be years to come. All so Comcast, AT&T, and Verizon can further abuse a lack of broadband competition for additional anti-competitive gain -- without the pesky threat of anybody actually doing anything about it.

28 Comments | Leave a Comment..

Posted on Net Neutrality Special Edition - 7 February 2018 @ 6:28am

FCC Report Falsely Claims Killing Net Neutrality Already Helping Broadband Competition

from the rose-colored-glasses dept

For years the FCC has been caught in a vicious cycle. Under the Communications Act, the FCC is required to issue annual reports on the state of U.S. broadband and competition, taking action if services aren't being deployed in a "reasonable and timely" basis. When under the grip of regulatory capture and revolving door regulators, these reports tends to be artificially rosy, downplaying or ignoring the lack of competition that should be obvious to anybody familiar with Comcast. These folks' denial of the sector's competition shortcomings often teeters toward the comical and is usually hard to miss.

When the agency has more independently-minded leadership (which admittedly doesn't happen often), the report tends to accurately show how the majority of consumers lack real options and quality broadband. That was the case under former FCC boss Tom Wheeler, whose agency not only raised the definition of broadband to 25 Mbps (which greatly angered the industry), but actually went out of its way to highlight the fact that two-thirds of American homes lack access to FCC-defined speeds of 25 Mbps from more than one ISP (aka a monopoly).

Unsurprisingly, the Trump FCC is now taking things back in the rose-colored glasses direction. The agency's latest Broadband Deployment Report (pdf) proudly declares that United States broadband is now, quite magically, being deployed in a "reasonable and timely basis." An accompanying press release (pdf) similarly tries to claim that things are only getting better, thanks in large part to Ajit Pai's historically-unpopular attack on net neutrality:

"The progress of broadband deployment slowed dramatically in the wake of the Federal Communications Commission’s 2015 Title II Order that regulated broadband Internet access service as a utility, according to the agency’s 2018 Broadband Deployment Report. However, steps taken last year have restored progress by removing barriers to infrastructure investment, promoting competition, and restoring the longstanding bipartisan light-touch regulatory framework for broadband that had been reversed by the Title II Order, the report says."

You may be surprised to learn that nothing in the Trump FCC's statement here is actually true. SEC filings, earnings reports, and numerous CEO statements easily disprove the claim that the FCC's 2015 rules hurt sector investment. Ajit Pai's FCC has repeatedly and comically claimed the contrary in the apparent belief that repetition forges reality (or at the very least fools the gullible). The only "evidence" the FCC provides to support its claim that killing net neutrality spurred investment is contained in these two sentences:

"For instance, several companies, including AT&T, Verizon, Frontier, and Alaska Communications either commenced or announced new deployments in 2017," the report concludes. "These new deployments are initial indicators that deployment is likely to accelerate again in part due to our recent efforts."

But industry watchers were quick to note that none of these deployments were actually new. In fact, all of them actually began under the leadership of former FCC boss Tom Wheeler, with several of them simply attached to merger conditions or requirements placed on subsidies. Like AT&T's spike in deployment, which was exclusively thanks to merger conditions affixed to its DirecTV acquisition:

"In August 2015, the Wheeler-led FCC awarded AT&T with $428 million in annual funding to bring 10Mbps Internet service to parts of rural America. AT&T was required to deploy broadband to 1.1 million rural homes and businesses over six years to meet its Connect America Fund commitment, and it had to complete the first 40 percent of those deployments by the end of 2017. Thus, the AT&T announcement in January 2018 was simply the fulfillment of a broadband deployment program set in course by the Wheeler FCC."

What's more, the data collected by the FCC is only accurate up until December 2016, when Ajit Pai didn't even take office until the following year. Needless to say, Pai's fellow Commissioners weren't particularly impressed by his rose-colored glasses in their statements of dissent (pdf):

"Critical progress reports should not rely on the 'hypothetical' when it comes to reaching a conclusion," Clyburn said. "Indeed, the deployments the majority loudly touts pale greatly in comparison to the deployments that occurred in the year after the adoption of the 2015 Open Internet Order. But if you are desperate to justify flawed policy, I think the straw-grasping conclusions contained in this report is for you."

Again, none of this is new, and we allow this dysfunction to perpetuate. For decades large ISPs have employed economists to massage data until it helps revolving door regulators deny the obvious: that limited competition results in high prices, slow speeds, and some of the worst customer service in any industry in America. Those revolving door regulators also cherry pick and manipulate data to this same effect, and routinely try and weaken the definition of broadband (by including abysmal satellite service or more expensive and capped wireless) to help deny the obvious.

After all, were FCC data to clearly illustrate how badly American broadband consumers are being screwed by regional monopolies, pay-to-play legislators, and revolving door regulators, somebody might just be forced into actually doing something about it.

67 Comments | Leave a Comment..

Posted on Techdirt - 6 February 2018 @ 6:14am

Trump's FCC Pats Itself On The Back For A Historically Stupid Year

from the mission-accomplished dept

If you've been playing along at home, Trump's FCC hasn't been particularly kind to consumers, competition, or the health of the internet. It has, however, been a massive boon to major ISPs terrified of disruption and competition, especially those looking to forge new media monopolies where they dominate both the conduit -- and the content -- coming to the home.

Under Pai, the FCC has gutted broadband programs for the poor, protected the cable industry's monopoly over the cable box from competition, made it easier for prison phone monopolies to rip off inmate families, dismantled generations old media consolidation rules simply to aid Sinclair Broadcasting's merger ambitions, killed meaningful broadband privacy protections, tried to weaken the standard definition of broadband (to help hide competition gaps) and weakened rules preventing business broadband and backhaul monopolies from abusing smaller competitors, hospitals, or schools.

And that's before you even get to Pai's attack on net neutrality, potentially one of the least popular tech policy decisions in the history of the modern internet. That entire calamity is a universe unto itself, with the FCC currently under investigation for turning a blind eye to identity theft and fraud during the open comment period, as well as for bizarrely making up a DDOS in a ham-fisted attempt to downplay the public's disdain for Pai's agenda. It will take many years and numerous lawsuits for the problems with Pai's rushed repeal of the rules to fully materialize.

With Pai's tenure seen as a shitshow in the wake of the net neutrality repeal, the FCC recently tried to undertake an image reclamation effort. That came in the form of a press release (pdf) lauding what the FCC calls a "year of action and accomplishment" in terms of "protecting consumers," "promoting investment," and "bridging the digital divide." You just know the FCC under Pai is doing a good job because, uh, graphics:

Amusingly, the lion's share of the agency's listed "accomplishments" were noncontroversial projects simply continued from the last FCC under Tom Wheeler. That includes efforts to open additional spectrum for wireless use, attempts to speed up cell tower placement, or ongoing efforts to reduce robocalls (the impacts of which aren't apparent). Many of the listed efforts are just the FCC doing its job, ranging from conducting an investigation into the recently botched Hawaii ballistic missile snafu, to "approving new wireless charging tech" that nobody thought should be blocked anyway.

Elsewhere, the agency's accomplishment list engages in willful omission. For example, while the FCC pats itself on the back for creating a "broadband deployment advisory council," it ignores the fact that said counsel is plagued by allegations of cronyism and dysfunction in the wake of recent resignations. The FCC similarly pats itself on the back for the agency's Puerto Rico hurricane response, despite the fact that locals there say the federal government and the FCC failed spectacularly in its response to the storm.

But it's the agency's claims of consumer protection that continue to deliver the best unintentional comedy. As you might expect, Pai's FCC continues to claim that killing net neutrality rules was a good thing because the rules devastated sector investment, a proven lie the agency simply can't stop repeating:

"Voted to restore the longstanding, bipartisan light-touch regulatory framework that fostered rapid Internet growth, openness, and freedom for nearly 20 years. This action reversed the FCC’s 2015 imposition of heavy-handed Title II utility-style government regulation on Internet providers that discouraged investment in next-generation networks.

Another "accomplishment" cited by the FCC is its decision to kill a net neutrality investigation into AT&T and Verizon's abuse of zero rating (exempting select content from usage caps if companies pay more). The previous FCC was just about to ding both companies for exempting their own content from usage caps, having noted how caps can be used as an anti-competitive weapon, driving up costs for consumers and competitors alike. Trump's FCC is not only proud to have killed that inquiry, but insists doing so helps the nation's poor:

"Free Consumer Data—Ended a 2016 investigation into wireless carriers’ free-data offerings. These free-data plans have proven to be popular among consumers, particularly low-income Americans, and have enhanced competition in the wireless marketplace."

The accomplishment list pays heavy lip service to the agency's efforts to "close the digital divide," a goal we've repeatedly noted is consistently undermined by other agency policies like killing net neutrality or the FCC's privacy rules (which could have prevented ISPs from charging you more for privacy). For example Pai's FCC is slowly dismantling Lifeline, a modest $10 per month telecom subsidy for poor people begun by Reagan and expanded under Bush Jr. The FCC is also working overtime to protect the sector from competition on both the business and residential sectors.

Over and over, the FCC's accomplishment list conflates cronyism with consumer welfare. For example, the FCC's self-congratulatory missive crows about the agency having:

"Adopted an order relieving unnecessary regulation in areas where business data services are delivered competitively in order to promote facilities-based investment."

What the FCC actually did is notably different. In reality, the FCC eliminated price caps for broadband data services (BDS), where AT&T and Verizon enjoy a monopoly over the bandwidth used to feed everything from ATMs to cell towers. Not only that, Pai's FCC weakened the definition of "competitive" in this sector to aid these monopolies, declaring a business served by "competitive broadband" if there's one ISP within a half mile. The end result? Higher prices than ever for the small businesses, schools, hospitals and others left without affordable connectivity options.

The FCC's accomplishment list routinely and repeatedly dresses up industry cronyism as progress and transparency. And it dresses up its complete disdain for objective data as a devotion to hard science. For example, the FCC praises itself for the creation of a new "Office of Economics and Analysis" it claims will help "restore the place of economic analysis at the FCC." But as we just got done noting this is the same FCC that just got done ignoring all objective science in its rush to repeal net neutrality, making Pai's purpoted dedication to objective economics laughable.

Fortunately for us, historians, not Ajit Pai, will have the final say on Ajit Pai's accomplishments. And if year one is anything to go by, cronyism, disinformation, a lack of transparency and hubris will be this agency's historical legacy.

45 Comments | Leave a Comment..

Posted on Techdirt - 2 February 2018 @ 6:26am

Verizon Folds To Government Pressure To Blacklist Huawei Without A Shred Of Public Evidence

from the blacklisted dept

Earlier this month, AT&T cancelled a smartphone sales agreement with Huawei just moments before it was to be unveiled at CES. Why? Several members of the Senate and House Intelligence Committees had crafted an unpublished memo claiming that Huawei was spying for the Chinese government, and pressured both the FCC and carriers to blacklist the company. AT&T, a stalwart partner in the United States' own surveillance apparatus was quick to comply, in part because it's attempting to get regulators to sign off on its $86 billion acquisition of media juggernaut Time Warner.

But Verizon has also now scrapped its own plans to sell the company's smartphones based on those same ambiguous concerns:

"Verizon Communications Inc. has dropped all plans to sell phones by Chinese manufacturer Huawei Technologies Co., including the new Mate 10 Pro, under pressure from the U.S. government, according to people familiar with the matter... Huawei devices still work on both companies’ networks, but direct sales would’ve allowed them to reach more consumers than they can through third parties."

The problem? There's no publicly-available evidence that Huawei is spying for the Chinese government after more than a decade of hunting for it. Similar breathless hysteria over Huawei's connection to the Chinese government surfaced in 2011, prompting numerous investigations into the claim. One 18-month investigation found absolutely no evidence that Huawei was spying on American citizens for the Chinese government. One source at the time explained the investigation this way when asked about it by Reuters:

"We knew certain parts of government really wanted” evidence of active spying, said one of the people, who requested anonymity. “We would have found it if it were there."

Again, while it's possible that Huawei helps the Chinese government spy, a decade of hunting has resulted in zero publicly-available evidence proving it. And the evidence that does exist tends to suggest that this is little more than the same kind of protectionism the United States frequently accuses China of. And much of the hysteria surrounding Huawei's role as a Chinese spy tends to originate with companies like Cisco which simply don't want the added competition, as this 2012 Washington Post Report observed:

"What happens is you get competitors who are able to gin up lawmakers who are already wound up about China," one source told the The Washington Post. "What they do is pull the string and see where the top spins."

It's apparently easy to get cash-compromised or just plain gullible lawmakers all hot and bothered on this subject. Ignored of course is the U.S. government's own bad behavior on this front, whether we're talking about using AT&T to hoover up every shred of data that touches its network in violation of the law, or the NSA's own attempts to hack into Huawei, steal source code, then embed backdoors into Huawei gear. Similarly ignored is the fact that Chinese hardware already exists in everything from U.S.-made network gear to poorly-secured internet of things devices, creating ample surveillance opportunities already.

Again, that's not to say that it's impossible Huawei aids the Chinese government, but despite a decade of breathless face-fanning there's been little to no hard evidence that justifies this kind of blackballing. And what evidence that does exist indicates that Cisco, AT&T, Verizon, the NSA, and most of the folks beating the drum to blacklist Huawei have less than zero credibility when it comes to determining who's trustworthy in the first place.

51 Comments | Leave a Comment..

Posted on Net Neutrality Special Edition - 1 February 2018 @ 3:45pm

California's Net Neutrality Law Takes Another Step Forward

from the welcome-to-the-backlash dept

In the wake of the FCC's repeal of federal net neutrality rules, countless states have rushed to create their own protections. Numerous states from Rhode Island to Washington State are considering new net neutrality legislation, while other states (like Wyoming and New York) are modifying state procurement policies to block net neutrality violating ISPs from securing state contracts. These states are proceeding with these efforts despite an FCC attempt to "pre-empt" (read: ban) states from stepping in and protecting consumers, something directly lobbied for by both Verizon and Comcast.

One of two California net neutrality laws, SB-460, passed 21-12 by the state Senate, and will now head to the state Assembly:

"Both bills are meant to give California officials rules to force Internet service companies to adhere to the principles of net neutrality to continue doing business within the state. Those principles broadly guarantee the makers of websites and apps equal access to Internet consumers without excess charges or special fees for faster service. The FCC threw out national net neutrality rules enacted in 2015 by the Obama administration, saying they were unnecessary."

Like other state efforts, the California bill mirrors the discarded FCC rules by prohibiting ISPs from engaging in paid prioritization and other anti-competitive behaviors while crafting sizable loopholes for the prioritization of medical services and "reasonable network management" practices. ISPs who violate these restrictions would be subject to financial punishment under California's existing consumer protection laws. The California law is a specific challenge to the FCC's attempt to hamstring state efforts to protect consumers, and should result in some interesting legal fireworks this year.

Ernesto Falcon at the EFF argues in a blog post that California's legislation is open to ISP legal assault, and the state ignored many of the EFF's recommended improvements that would shielf the proposed law from the FCC's pre-emption efforts. The EFF also notes that what the California law attempts to accomplish could be accomplished by executive order anyway:

"If SB 460’s approach to directly regulating ISPs is found to be invalid, ultimately all the legislation does is require state agencies to contract with ISPs that follow the 2015 Open Internet Order. While an important provision, it can already be required with a stroke of the pen tomorrow under a Governor’s Executive Order much in the same way as Montana and New York. And while the 2015 Open Internet Order was a good start, why not bring to bear all the resources a state has to secure such an important principle for Californians?"

Those court battles will join the numerous other lawsuits that have been filed against the FCC by consumer advocacy groups and companies like Mozilla, who argue the FCC ignored objective data and the will of the public in the rush to repeal the rules. California is also participating in a lawsuit against the FCC by 21 state Attorneys General, several of which are also investigating how the FCC turned a blind eye to comment fraud during the net neutrality open comment period by "somebody" trying to downplay massive public opposition to the effort.

As these state efforts accelerate, ISPs have begun to whine that it's unfair for them to have to adjust to numerous, discordant, state-level protection efforts, something they probably should have thought about before repealing arguably modest and very popular federal protections.

2 Comments | Leave a Comment..

Posted on Techdirt - 1 February 2018 @ 6:26am

Apple, Verizon Continue to Lobby Against The Right To Repair Your Own Devices

from the monopolizing-repair dept

A few years back, frustration at John Deere's draconian tractor DRM resulted in a grassroots tech movement. John Deere's decision to implement a lockdown on "unauthorized repairs" turned countless ordinary citizens into technology policy activists, after DRM and the company's EULA prohibited the lion-share of repair or modification of tractors customers thought they owned. These restrictions only worked to drive up costs for owners, who faced either paying significantly more money for "authorized" repair, or toying around with pirated firmware just to ensure the products they owned actually worked.

The John Deere fiasco resulted in the push for a new "right to repair" law in Nebraska. This push then quickly spread to multiple other states, driven in part by consumer repair monopolization efforts by other companies including Apple, Sony and Microsoft. Lobbyists for these companies quickly got to work trying to claim that by allowing consumers to repair products they own (or take them to third-party repair shops) they were endangering public safety. Apple went so far as to argue that if Nebraska passed such a law, it would become a dangerous "mecca for hackers" and other rabble rousers.

In the wake of Apple's recent iPhone battery PR kerfuffle (in which it claimed it throttled the performance of older iPhones to protect device integrity from dwindling battery performance), longer than normal repair waits have resulted in renewed interest in such laws. A new bill that would make it easier for consumers to repair their own electronics or utilize third-party repair shops is quickly winding its way through the Washington state legislature. That bill would not only protect the consumers' right to repair, but prevent the use of batteries that are difficult or impossible to replace:

"Starting in 2019, the bill would ban the sale of electronics that are designed “in such a way as to prevent reasonable diagnostic or repair functions by an independent repair provider. Preventing reasonable diagnostic or repair functions includes permanently affixing a battery in a manner that makes it difficult or impossible to remove."

Washington State Representative Jeff Morris says the bill was born directly from frustration by consumers and third-party repair shops in the wake of Apple's PR face-plant late last year:

"Morris told me this provision in the bill came out of a conversation with an independent repair shop owner in his district, who noted that many electronics now use glued-down batteries, which makes them difficult to repair and much harder to recycle, because batteries are flammable when shredded. There is currently no easy way for recyclers to remove the batteries from MacBook Pros at scale, for instance.

“With Apple phones in particular, they glue the battery in the case, so for me, that sounds like a purposeful attempt to make it so you couldn’t repair the phone,” Morris said. “It helps accelerate the path of those devices to the waste stream. So we’re trying to keep the philosophy our state is behind, which is recycle, repair, reuse."

Needless to say, Apple is furiously lobbying to kill Washington State's new law. As are fourteen other lobbying organizations representing hardware companies. Verizon's also lobbying against the bill (via the CTIA and the Telecommunications Industry Association), obviously concerned such a law would hurt the company's phone repair and insurance business it runs with Asurian. Unfortunately for Verizon and Apple, with 12 states introducing such bills last year and 17 such laws already proposed so far this year, this isn't an issue that's going away anytime soon.

93 Comments | Leave a Comment..

Posted on Techdirt - 31 January 2018 @ 6:06am

The Same FCC That Ignored Science To Kill Net Neutrality Has Created An 'Office Of Economics & Analysis'

from the fake-science-is-the-best-science dept

You'll recall that the FCC ignored the public, the people who built the internet, and all objective data as it rushed to repeal net neutrality at Verizon, Comcast and AT&T's behest. Things got so absurd during the proceeding, the FCC at one point was directing reporters who had questions regarding the FCC's shaky justifications to telecom industry lobbyists, who were more than happy to molest data until it "proved" FCC assertions on this front (most notably the false claim that net neutrality killed sector investment):

"During a conference call FCC officials held with reporters last week, I asked about this discrepancy between Pai's assertion that investment is declining and what the actual data shows. The officials dismissed my question, saying I had my facts wrong. But they didn't offer any data that would prove Pai's argument.

Reached later, an FCC representative pointed to the USTelecom data (posted above) that Pai previously referenced. The representative declined to make the chairman or anyone else on his staff available for an interview."

With that as a backdrop, it's rather amusing to see the FCC this week hyping the creation of a new "Office of Economics and Analytics." This office, the FCC declares, will be focused on helping to ensure "that economic analysis is deeply and consistently incorporated" into the FCC's regular operations:

"The Federal Communications Commission today voted to create an FCC Office of Economics and Analytics. This new unit will help ensure that economic analysis is deeply and consistently incorporated as part of the agency’s regular operations. The Office of Economics and Analytics will use existing staff resources by bringing into one office FCC economists, attorneys, and data professionals who work on economic analysis, data policy and management, and research."

FCC staffers were quick to highlight the office's creation as a major paradigm shift and a return to "big picture policy thinking":

In an ideal world, this would be something to applaud the FCC for, since it has a long, proud history of using industry-provided data to justify federal apathy to the limited competition inherent in the broken telecom market. Real-world data has always inherently frightened incumbent ISPs like Comcast, since it shows how a lack of competition in countless markets is the primary reason American broadband suffers from high prices, historically awful customer service, and net neutrality violations (which themselves are just another symptom of limited competition).

The former FCC under agency head Tom Wheeler had actually taken some uncharacteristically-concrete steps on that front, including redefining broadband more realistically at 25 Mbps downstream, 3 Mbps upstream (something ISPs and their loyal lawmakers whined incessantly over). The FCC had also been working hard on basing policy decisions based on real world data provided by consumer routers with custom firmware, instead of its long-standing history of blindly taking ISPs' word at the speeds they deliver consumers.

But Ajit Pai and Trump's FCC is an entirely different animal.

Ajit Pai's agency has shown time and time again that its interest in "objective data" consists of blindly parroting "research" by ISP economists, hired specifically to molest the numbers until they justify the agency's frontal assault on consumer protections and meaningful sector oversight. Pai himself has similarly parroted all manner of falsehoods as he rushed to axe net neutrality, from claims that net neutrality emboldens dictators in Iran and North Korea, to the claim the U.S.' modest neutrality rules utterly devastated sector investment (disproven by SEC filings, earnings reports, and countless CEO statements).

So yeah, ideally you'd hope this office is used to make sure genuine, objective data is used to fuel agency decisions. But based on the last year's worth of behavior by Pai, it seems much more likely that the office will simply be used to industrialize the act of using telecom lobbying data to justify federal apathy to the lack of competition in the U.S. broadband market. Perhaps we can start a Techdirt pool on which outcome is the most likely?

20 Comments | Leave a Comment..

Posted on Techdirt - 30 January 2018 @ 6:22am

FCC 'Broadband Advisory Panel' Faces Accusations Of Cronyism

from the protect-the-status-quo! dept

Last year we noted how the FCC had been hyping the creation of a new "Broadband Deployment Advisory Panel" purportedly tasked with coming up with solutions to the nation's broadband problem. Unfortunately, reports just as quickly began to circulate that this panel was little more than a who's who of entrenched telecom operators with a vested interest in protecting the status quo. What's more, the panel featured few representatives from the countless towns and cities that have been forced to build their own broadband networks in the wake of telecom sector dysfunction.

One report showed how 28 of the 30 representatives on the panel had some direct financial ties to the telecom sector, though many attempted to obfuscate this connection via their work for industry-funded think tanks.

You'll recall that FCC boss Ajit Pai consistently insists he's breathlessly dedicated to closing the digital divide, despite the fact his policies (like killing net neutrality or protecting business broadband monopolies) will indisputably make the problem worse. Regardless, Pai has spent the last few weeks insisting in speeches like this one (pdf) that his advisory council is the centerpiece of his efforts to close the digital divide:

"...the BDAC’s work is critical to my top policy priority as FCC Chairman—closing the digital divide. I’ve long said that every American who wants to participate in the digital economy should be able to do so. That’s why at my first open meeting as FCC Chairman, I announced the establishment of the BDAC. And since last March, you’ve been hard at work developing recommendations to the FCC about strategies to promote better, faster, and cheaper broadband. Indeed, you’ve been working so hard that it’s going to take you two days, rather than the one typical for advisory committee meetings, to review and finalize many of these recommendations.

And while Pai insists that this council is doing yeoman's work in solving all of the industry's issues, that's not how non-incumbent-industry panel members see it. In fact, San Jose Mayor Sam Liccardo last week resigned from the panel claiming in his resignation letter (pdf) that the panel exists almost exclusively to help prop up the interests of incumbent ISPs (if you've watched the whole net neutrality thing, this surely comes as no surprise):

"It has become abundantly clear that despite the good intentions of several participants, the industry-heavy makeup of BDAC will simply relegate the body to being a vehicle for advancing the interests of the telecommunications industry over those of the public. The apparent goal is to create a set of rules that will provide industry with easy access to publicly-funded infrastructure at taxpayersubsidized rates, without any obligation to provide broadband access to underserved residents."

As we've noted repeatedly, numerous towns and cities are building their own networks after more than a decade of limited competition has resulted in over-priced, under-performing broadband in countless markets nationwide. Often the only option available to these folks if they want quality connectivity in the Comcast era is to either build their own networks, or strike public/private partnerships with the likes of Google Fiber. But we've also noted for years how ISPs have passed protectionist laws in more than 20 states banning towns and cities from doing so, with the full support of the Trump FCC.

Liccardo, one of the only municipal representatives on the panel (quite by intent) goes on to note how the agency has yet to put forth one meaningful solution to truly help bridge the digital divide:

"The chairs of the working groups on which I participated have been very cordial, and collaborative in tone, and I am grateful for that. However, after nine months of deliberation, negotiation, and discussion, we’ve made no progress toward a single proposal that will actually further the goal of equitable broadband deployment. Although we’ve adopted principles that pay lip service to that objective, not a single one of the draft recommendations attempts to meaningfully identify any new or significant resources to promote digital inclusion."

If you truly want to fix the nation's broken broadband (whether high prices, privacy abuses or net neutrality violations), you need to embrace creative new ways to drive more competition to the market. But since entrenched incumbent providers don't want the associated reduction in revenues, the best alternative is the illusion of productivity. And nothing helps foster that illusion more than paying empty lip service to closing the digital divide on one hand, while actively working to keep everything as broken and dysfunctional as possible with the other.

44 Comments | Leave a Comment..

More posts from Karl Bode >>