Karl Bode’s Techdirt Profile

kbode

About Karl Bode




Posted on Net Neutrality Special Edition - 15 June 2018 @ 9:43am

Charter Spectrum Claims The Death Of Net Neutrality Will Magically Provide Better, Faster Broadband

from the nobody-believes-you dept

Large ISPs like Comcast, Charter, Verizon and AT&T this week uniformly proclaimed that the death of net neutrality is going to be a really wonderful thing for American consumers. Charter Spectrum, for example, took to the company's policy blog to insist that the neutering of historically popular consumer protections on this front will somehow result in everybody getting better broadband. The ISP's argument, as it has throughout this entire little dog and pony show, focused on the repeatedly debunked claim that the FCC's pretty modest net neutrality rules demolished telecom industry investment:

"Without the regulatory overhang of these rules however, businesses like ours will have the certainty they need to make infrastructure investments over the long-term, helping more people get online and enabling even faster broadband. This includes bringing high speed broadband to more hard to serve areas, including rural communities."

Which is something you might be inclined to actually believe if Charter's own executives weren't on record publicly stating that the rules had absolutely no meaningful impact on Charter's bottom line:

"Title II, it didn't really hurt us; it hasn't hurt us," Charter CEO Tom Rutledge said at an investor event in December 2016, according to a report by advocacy group Free Press. Publicly traded companies like Charter are required to give investors accurate financial information, including a description of risk factors involved in investing in the company."

In fact, dozens of industry CEOs have publicly admitted to investors and media outlets that the whole "net neutrality hurt broadband investment" is completely baseless, something proven by anybody willing to spend five minutes with industry SEC filings and earnings reports. And while industry-hired economists tried to cherry pick very specific windows of investment to try and claim the exact opposite, the data here is pretty clear. In fact, an analysis by consumer groups (pdf) found that Charter's overall CAPEX actually went up in the wake of the FCC's 2015 net neutrality rule creation:

"Charter’s capital investments went up 15 percent after the FCC’s Open Internet vote (when we include the pre-merger investments made by Charter, Time Warner Cable and Bright House Networks). And not only are Charter’s investments up, they’re 12 percent higher than the estimates Charter gave to investors prior to closing that merger.

This being post-truth America however, facts don't appear to carry quite the same weight as they used to, and it's abundantly clear that some of the least-liked companies in America are confident in their belief that repetition forges reality. Apparently, said companies hope that if they repeat this nonsense often enough, people won't notice the government sold them, and the health of the internet, down river without a second thought (and in some instances, that's pretty clearly working).

Granted Charter then gets to the real point of the company's blog post; to push for a new net neutrality law the company knows that in this political climate, they'll be the ones writing:

""Charter’s commitment to our customers is our top priority. We urge Congress to pass new legislation that preserves an open internet and ensures a regulatory framework made for the 21st century, so we can continue to improve and invest in our networks and provide more people access to a fast, reliable, and open internet."

We've noted how ISPs are worried about losing the looming court case over net neutrality, as well as the dozens of states that are now imposing state-level net neutrality protections. As such, the hope is that they can push forth a loophole-filled net neutrality law in name only; one with so many loopholes as to effectively be useless, but which will pre-empt any tougher state or federal rules (including the restoration of the FCC's 2015 rules). It's a gambit that's not really working, in large part because these companies have obliterated any last vestiges of public trust they may have had with this latest lobbying assault.

17 Comments | Leave a Comment..

Posted on Techdirt - 14 June 2018 @ 6:26am

Following AT&T's Lead, Comcast Makes A $65 Billion Bid For Fox

from the merge-ALL-The-things! dept

Encouraged by AT&T's massive merger victory this week, Comcast has made its own $65 billion acquisition offer for a large chunk of 21st Century Fox. According to the Comcast announcement, the company's all cash $65 billion dollar offer is a notable step up from Disney's own $52.4 billion all-stock package, setting up a showdown between two companies that have had a contentious relationship since Comcast's 2004 failed hostile takeover attempt of Disney.

The deal includes the FX Channel, numerous regional sports networks, and a minority stake in European cable TV giant Sky, which would all be tacked on to the NBC Universal assets Comcast acquired back in 2011. Fox will however retain Fox News, Fox Sports, and Fox broadcasting, which will all remain under the existing Fox brand. In its statement, Comcast rolled out the usual claptrap about how the combination would be lovely for all involved:

"We have long admired what the Murdoch family has built at Twenty-First Century Fox. After our meetings last year, we came away convinced that the 21CF businesses to be sold are highly complementary to ours, and that our company would be the right strategic home for them."

Comcast had previously hinted that it was waiting to see the outcome of AT&T's own merger battle with the DOJ before making its own bid for Fox. Comcast and many analysts believe that the comically broad nature of AT&T's court victory (based on a pinhole narrow reading of the markets by U.S. District Court Judge Richard Leon, who clearly has never heard of things like zero rating or net neutrality), means the precedent set will likely result in a DOJ that's more hesitant to intervene in potentially problematic merger moving forward.

That's especially true of vertical integration mergers, where modern U.S. antitrust law tends to be ill-equipped to handle some of the more complex new media anti-competitive concerns that pop up. Combined with the death of ISP privacy rules and the neutering of net neutrality, we're creating a brave new landscape where there's very little to stop giants like Comcast and AT&T from using their last mile monopolies--combined with massive ownership of content needed to compete with these giants--as anti-competitive bludgeons against consumers and competitors alike.

For example, there's now nothing of note preventing AT&T and Comcast from exempting its own content (like HBO or a regional sports game) from arbitrary and unnecessary usage caps, while penalizing those who use a competitor's service (Netflix, or the next Netflix). Similarly, there's nothing stopping Comcast or Verizon from arbitrarily throttling competitors at interconnection points, driving up the cost for competitors to access their broadband subscribers. There's an ocean of creative ways to hamstring competitors the government is now largely helpless to effectively police, and as the AT&T court win shows, the ISP claim that this isn't a problem because antitrust will save us all clearly isn't a valid argument.

With the FCC making it very clear it's a glorified rubber stamp, that leaves the DOJ as the only real wild card in terms of whether any meaningful conditions get applied to this deal. Granted if you followed the NBC Universal merger, you'll recall that Comcast has a pretty terrible history of ignoring merger conditions when it suits it, and regulators from both parties tend to do little more than grumble when the company tap dances around imposed restrictions (though that was a major reason why Obama-era regulators blocked Comcast's 2014 attempted acquisition of Time Warner Cable (not to be confused with Time Warner)).

Obviously there's still plenty of folks that see zero problems with massive broadband monopolies gobbling up countless media empires while paying millions of dollars to neuter state and federal oversight. And their theory that these kinds of deals are no problem because the market self-regulates (ignoring there is no free market competition in broadband to organically hold them accountable) will soon have a perfect opportunity to put their theories to the test.

23 Comments | Leave a Comment..

Posted on Techdirt - 13 June 2018 @ 6:17am

Senators Wyden and Schatz Wants To Know Why The FCC Made Up A DDOS Attack

from the makin'-stuff-up dept

So we've been noting how (thanks to FOIA requests) the FCC has been caught completely making up a DDOS attack in a bizarre, ham-fisted attempt to downplay public opposition to their net neutrality repeal. In short, agency e-mails confirm agency staffers routinely fed false claims to gullible reporters that the FCC website outages caused by John Oliver's coverage of the repeal were the result of a malicious attack, then used those false claims to further prop up the bogus narrative. The goal was apparently to try and downplay massive public backlash to what Americans overwhelmingly believe to be shitty, corruption-fueled policy.

Not too surprisingly, the FCC has gone radio silent in response to press inquiries on this from numerous press outlets. For such a normally chatty agency, that suggests that FCC lawyers are well aware that this entire fracas could prove to be legally problematic, given the repeated false DDOS claims to the reporters, press, and public (pdf). Most of the e-mails provided so far via FOIA requests are heavily redacted, suggesting there's likely much more to this story that's going to emerge over time.

Meanwhile, Senators Brian Schatz and Ron Wyden this week pressed the issue, sending the FCC a letter demanding more insight into the DDOS attack that never was. In the letter, the duo ask for any and all FCC evidence on the phantom attack, and the results of any internal FCC investigations that may have occurred so far:

"On May 9, 2017, we sent you a letter regarding alleged cyberattacks on the Federal Communication Commission's Electronic Comment Filing System during that month. There was also an ECFS issue involving the net neutrality proceeding in 2014. In our letter we asked that you keep Congress fully briefed as to your investigation.

Beyond your initial internal analyses that you reference in your June 15, 2017, response, have any subsequent FCC or third-party (e.g., vendor, contractor, or government agency) analyses or investigations verified that a cyberattack on ECFS occurred in 2017 and, if so, that the attack is best classified as a DDoS attack? If not, why was no investigation conducted? Please provide any and all reports, findings, and other relevant details of any such investigations."

Of course from reading the news, the Senators already know the FCC appears to have zero hard evidence that the attack occurred, and previous claims that internal "analysis" had confirmed the attacks were false. Democrats have been hoping to use the repeal of net neutrality to their advantage during the midterms, and the fact evidence proves the FCC lied during their justifications for the move is likely to be politically problematic for the "freedom restorin'" FCC.

Meanwhile, the nonpartisan GAO is currently investigating both this scandal and the identity theft and fraud that occurred during the net neutrality repeal. There's likely several more layers to this story, some of which are likely to be revealed during the net neutrality court challenges that should take flight sometime in the next few weeks.

45 Comments | Leave a Comment..

Posted on Techdirt - 12 June 2018 @ 3:09pm

AT&T Defeats DOJ In Merger Fight, Opening The Door To Some Major Competitive Headaches

from the what-could-possibly-go-wrong dept

AT&T has defeated the DOJ in a court battle over whether or not the company will be allowed to acquire Time Warner for $86 billion.

In a ruling (pdf), U.S. District Court Judge Richard Leon stated that the government failed to make its case that the merger would harm AT&T's competitors, most of which are now trying to keep pace in the streaming video space. Consumer advocates have routinely warned that AT&T will use its greater leverage to make must-have content (like Time Warner owned CNN or HBO) significantly more costly for companies hoping to compete with AT&T's own TV services, including its newish streaming video effort, DirecTV Now.

That a company with a thirty-year history of anti-competitive behavior will likely use this greater leverage to behave badly shouldn't have been a particularly hard case to make, suggesting that DOJ lawyers may have flubbed key components of its case. The DOJ sued to thwart the deal last November, and while the agency claimed it was to protect consumers, the incongruity with other Trump administration consumer policies (like, well, everything) have fueled speculation that Trump's disdain for Time Warner owned CNN, or his close relationship with Rupert Murdoch may have colored the DOJ's decision to sue.

It's an indisputable and massive win for AT&T, and the DOJ's first antitrust court loss since 2004. Leon didn't just kill the lawsuit, he didn't offer any conditions to mitigate potential anti-competitive problems, and largely urged the DOJ not to appeal. AT&T, as you might expect, was thrilled with the court's failure to block its latest megamerger:

"We are pleased that, after conducting a full and fair trial on the merits, the Court has categorically rejected the government’s lawsuit to block our merger with Time Warner. We thank the Court for its thorough and timely examination of the evidence, and we compliment our colleagues at the Department of Justice on their dedicated representation of the government. We look forward to closing the merger on or before June 20 so we can begin to give consumers video entertainment that is more affordable, mobile, and innovative."

Anybody that has witnessed AT&T's versions of "affordable" and "innovative" likely isn't to buy that claim. This is, after all, a company that thought it would be a good idea to charge consumers more money just to protect their own privacy. It's also the same company that has been repeatedly dinged by government for either ripping off its own customers, or turning a blind eye while all manner of others did. Not surprisingly, more consumer-oriented folks like former FCC staffer and consumer advocate Gigi Sohn had a decidedly different take on AT&T's court win:

"Big media conglomerates are the winners and consumers are the losers with Judge Leon’s decision. Merging AT&T, one of the largest cable, satellite and mobile broadband companies with Time Warner will lead to higher prices, fewer choices and perhaps more importantly, fewer voices. Coupled with the demise of the 2015 net neutrality rules yesterday, AT&T will be free to favor Time Warner content over its cable and its fixed and mobile broadband networks."

Numerous companies were waiting on the AT&T decision before pursuing their own, previously-unthinkable merger ambitions. Comcast, for example, has stated the company was holding off on making its $60 billion offer for Fox's remaining assets until it saw the outcome of the case. Sprint and T-Mobile are also considering a merger that's likely to reduce competition in wireless and kill tends of thousands of sector jobs.

It's not just the AT&T merger that's problematic. The wave of major consolidation this loss will trigger, combined with the death of net neutrality protections opens the door to an absolute ocean of bad behavior by companies that have already clearly documented they'll stop at nothing to keep real competition at bay. And while the rise of streaming competitors crafting original content may mitigate some of this, you'd have to be pretty naive to think AT&T's stranglehold over broadband and media, combined with Trump era regulatory capture ends particularly well for the consumers and small businesses caught in its wake.

18 Comments | Leave a Comment..

Posted on Techdirt - 12 June 2018 @ 6:38am

Oddly The Trump FCC Doesn't Much Want To Talk About Why It Made Up A DDOS Attack

from the radio-silent dept

We've discussed for a while how the FCC appears to have completely made up a DDOS attack in a bizarre effort to downplay the "John Oliver effect." You'll recall that both times the HBO Comedian did a bit on net neutrality (here's the first and the second), the resulting consumer outrage crashed the FCC website. And while the FCC tried to repeatedly conflate genuine consumer outrage with a malicious attack, they just as routinely failed to provide any hard evidence supporting their allegations, resulting in growing skepticism over whether the FCC was telling the truth.

Last week, e-mails obtained via FOIA request revealed that yes, FCC staffers routinely misled journalists in order to prop up this flimsy narrative, apparently in the belief they could conflate consumer outrage with criminal activity. The motive? It was likely for the same reason the FCC refused to do anything about the identity theft and bogus comments we witnessed during the repeal's open comment period: they wanted to try and downplay the massive, bipartisan public opposition to what the lion's share of Americans thought was an idiotic, corruption-fueled repeal of popular consumer protections.

Understandably with so much going on, the story floated semi-quietly under the cacophony of other national outrages. But the FCC's response to the story has proven to be somewhat comical all the same.

One of the FCC staffers accused of making false statements about the DDOS attack was recently departed FCC IT chief David Bray. Original reports stated that Bray and other staffers had been feeding this flimsy DDOS narrative to gullible reporters for years, then pointing to these inaccurate stories as "proof" the nonexistent attack occurred. Under fire in the wake of last week's report, Bray first doubled down on his claims, adding that the 2014 "attack" hadn't been publicized because former FCC boss Tom Wheeler covered it up. But Wheeler himself subsequently stated in a report late last week that this was unequivocally false:

"When I was in the greenroom waiting to come in here, I got an email from David Bray, who said 'I never said that you told us not to talk about this and to cover up,' which was the term that got used. Which of course is logical, because as the Gizmodo article that you referenced pointed out, A) FCC officials who were there at the time said it didn’t happen, [and] B) the independent IT contractors that were hired said it didn’t happen. So if it didn’t happen it’s hard to have a cover up for something that didn’t happen."

Since this story was first published, the Trump FCC (which you'll recall bragged it would be super transparent) has gone radio silent about the story. Multiple requests for comment from numerous news outlets have been ignored since the story broke:

"The FCC has gone dark on this issue. It is refusing to answer questions from reporters. It is even refusing to go on the record to say it stands by its own story about a malicious cyberattack causing its system to crash for a second time last year....(FCC media relations contact Brian Hart) did not respond to multiple follow ups. In fact, his office has not responded to related inquiries for the past eight days. And not just from Gizmodo; it did not respond to Newsweek nor Ars Technica either. When somehow reached by Nextgov, it declined to say anything at all.

It's understandable the FCC doesn't want to chat about why it's withholding data and repeatedly making false statements (pdf) to the press and public, especially given the GAO is currently investigating this whole kerfuffle. Between this and the identity theft and comment fraud during the net neutrality repeal's public comment period, one gets the aching suspicion there's a few additional layers to this story that have yet to be unearthed. Both issues may also make an appearance during legal efforts to get popular net neutrality rules restored.

31 Comments | Leave a Comment..

Posted on Net Neutrality Special Edition - 11 June 2018 @ 1:37pm

Net Neutrality Rules Die Today, But The Backlash Is Just Getting Started

from the ill-communication dept

As you probably already knew, federal net neutrality rules finally die today after the FCC's unpopular repeal vote last December. And as you might expect, FCC boss Ajit Pai is making the rounds doing what he's done throughout this entire process: bullshitting the public about what his historically unpopular (and misleadingly-named) "Restoring Internet Freedom" order actually does. Over in a CNET editorial for example, Pai goes so far as to proclaim that gutting these extremely popular open internet protections will somehow make everything much, much, better:

"I support a free and open internet. The internet should be an open platform where you are free to go where you want, and say and do what you want, without having to ask anyone's permission. And under the Federal Communications Commission's Restoring Internet Freedom Order, which takes effect Monday, the internet will be just such an open platform. Our framework will protect consumers and promote better, faster internet access and more competition."

If you've spent any time reading Techdirt, we probably don't need to repeat why none of this is actually true. The entire piece is a "greatest hits" of Pai's misleading claims to date, including his insistence that the FTC will be better able to police ISP abuses (false), small ISPs were unfairly burdened by the rules (the FCC's own data disputes this), gutting net neutrality somehow will force ISPs to be more transparent (false), and that the repeal will result in faster and cheaper broadband service (complete nonsense).

Moving forward, the ISP lobbyist narrative du jour is going to shift to claims that because the internet didn't immediately grind to a halt after June 11, that the repeal must have been a wonderful idea. That was already something Pai and friends were claiming weeks ago despite the fact the rules hadn't even been repealed yet. And it's a claim you're going to see repeated ad nauseum over the weeks and months to come by the telecom industry's vast army of hired academics, think tankers, consultants, and other policy mouthpieces.

But despite the cocksure behavior by Pai and pals, the repeal remains on pretty shaky footing. ISPs know that, which is why they will likely try to be on their best behavior for the foreseeable future to avoid adding any fuel to the fire. After all, the repeal was based almost entirely on bogus data, was plagued with an endless array of scandals (from the FCC making up DDOS attacks to dead people's names being hijacked to support the repeal), and the overwhelming public opposition to it makes the SOPA/PIPA backlash look like a toddler tantrum.

As such, the looming lawsuits against the FCC have a fairly decent chance of success. Those suits will likely focus on the fact that under the Administrative Procedures Act, the FCC can't just arbitrarily reverse policy without highlighting that the market changed dramatically enough to warrant it (which is why you'll often see the FCC falsely claiming that net neutrality devastated sector investment). With any luck, this could result in a judge overturning the repeal for being "arbitrary and capricious" (never were those words more true than here).

Meanwhile on the state level, more than half the states in the union are now pursuing some flavor of their own net neutrality protections, whether that's via executive order (like in Montana), or new net neutrality state law (as in Oregon, Washington, and California). And while ISPs successfully lobbied the FCC to include language in the repeal "pre-empting" (read: banning) states from protecting consumers in this fashion, the FCC's legal authority to tell states what to do on this subject is resting on some pretty sketchy legal assumptions.

And while these federal and state legal battles play out, the political backlash to this giant middle finger tech policy already isn't likely to be subtle. Net neutrality has massive bipartisan support, and the lion's share of the public sees this decision as what it is: a giant middle finger to free speech, healthy competition, and american consumers and small businesses. Our collective disdain for Comcast frequently bridges partisan divides, and while broadband traditionally hasn't been an issue that sees much traction at the polls, it's hard to think there won't be some political price to pay for being on the wrong side of history here.

AT&T, Verizon and Comcast executives know they've pushed their luck with this repeal. That's why ISP lobbyists have been pushing a bogus, loophole filled net neutrality law. A law with one real purpose: to pre-empt tougher state or federal rules, or the restoration of the 2015 rules. But because playing kissy face with Comcast is likely to be politically toxic ahead of the looming midterms, support for this head fake has been unsurprisingly hard to come by. As such, passing new rules down the road remains a very real possibility, especially with a dramatic shake up in the House or Senate.

So while many are understandably frustrated today, the elimination of the FCC's 2015 rules shouldn't be seen the end of net neutrality, or the end of the road. It's more like another chapter in a story that has neither a beginning nor an end. Net neutrality isn't something that simply "ends" with the creation or elimination of government guidelines. Net neutrality violations are only a symptom of a lack of competition in broadband and decades of regulatory capture. Were we to finally wake up to this problem and stand up to these anti-competitive duopolists, we wouldn't need net neutrality rules in the first place.

26 Comments | Leave a Comment..

Posted on Techdirt - 11 June 2018 @ 6:16am

Yet Another Study Shows The Internet Of Things Is A Privacy And Security Dumpster Fire

from the the-dumber-the-better dept

Day in and day out, it's becoming increasingly clear that the smart home revolution simply isn't all that smart.

Security analysts like Bruce Schneier have been sounding the alarm bells for years now about the lax to nonexistent security and privacy standards inherent in the internet of broken things space. From refrigerators that leak your Gmail credentials to Barbie dolls that can be easily hacked to spy on kids, it's increasingly clear that dumber technology is often the smarter solution. Not only do many of these devices actually make us less secure, their lack of real security has resulted in their use in historically large DDoS attacks.

Study after study shows it's a problem that's not really getting better. For example, despite a decade of reports about the lack of real security and privacy standards in smart TVs, Consumer Reports recently found that most smart TVs remain impressively open to attack and abuse. And a new study out of the UK by Which? studied 19 different smart gadgets and found a "staggering level of corporate surveillance of your home" by devices that routinely hoovered up consumer data, then funneled it out to dozens of partner companies -- often without clear consumer permission:

"Many apps ask for your exact location when they don’t actually need it for the product or service to work. Far too often, specific information is requested about you when the justification seems arguable at best. Then there’s the galaxy of other companies busily working in the background of your smart gadgets. During our testing we saw more than 20 other operators involved behind the scenes, including marketing companies. When we used a smart TV for just 15 minutes, it connected with a staggering 700 distinct addresses on the internet.

You'll recall that a few years ago, the revelation that there was now a search engine specifically built to provide easy access to poorly secured webcams resulted in all manner of consternation about the problem of default usernames and passwords and devices with paper-mache-grade security. But despite flimsy webcam security being such a hot topic for years, many vendors still haven't gotten the message:

"We’re also concerned over how companies secure your data. In a separate test together with other consumer organisations, we found a flaw in this wireless security camera’s app (provided by a company called Sricam), which meant that we could access more than 200,000 passwords and device IDs for other ieGeek cameras. We could then see live video feeds of other users, and talk to those users via the camera’s microphone (which we didn’t do). ieGeek/Sricam fixed this flaw in late March 2018, but we’ve subsequently found and disclosed other critical vulnerabilities with the camera and app."

Security analysts like Bruce Schneier have clearly illustrated why there's no incentive to fix these problems:

"The market can't fix this because neither the buyer nor the seller cares. The owners of the webcams and DVRs used in the denial-of-service attacks don't care. Their devices were cheap to buy, they still work, and they don't know any of the victims of the attacks. The sellers of those devices don't care: They're now selling newer and better models, and the original buyers only cared about price and features. There is no market solution, because the insecurity is what economists call an externality: It's an effect of the purchasing decision that affects other people. Think of it kind of like invisible pollution."

The reality is we're collectively more interested in making money and obsessing over the latest gadget than addressing the problem. And while there's some very good ongoing efforts to create some basic security and privacy standards in the IOT space, the prevailing attitude among IOT users and vendors alike that this is all somebody else's problem. Folks like Schneier have been warning for a while that it's likely going to take a mass casualty event (caused by hacked infrastructure) to finally motivate some changes in the internet of broken things space.

30 Comments | Leave a Comment..

Posted on Techdirt - 8 June 2018 @ 6:39am

Global Russian-Linked Router Malware Even Worse Than Originally Stated

from the Putin-gonna-Putin dept

Late last month, the FBI announced that hackers working for the Russian government had managed to infect roughly 500,000 routers in 54 countries with a particularly-nasty piece of malware known as VPN Filter. The malware, which infected routers from vendors like Linksys, MikroTik, Netgear, TP-Link, and certain network-attached storage devices from companies like QNAP, gave attackers the ability to track a victim's internet usage, launch attacks on other networks, and permanently destroy the devices upon command.

A subsequent Cisco advisory about the malware noted that the infection rate steadily increased since it was first observed sometime in 2016:

"Both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries...The behavior of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols."

A subsequent report by The Daily Beast noted that the FBI had managed to seize a key domain being used to manage the massive botnet of infected devices. The report also managed to obtain an FBI affidavit highlighting that the hacking group behind the malware was none other than Sofacy, aka Fancy Bear, Sednit, and Pawn Storm -- the same Russian-government linked group believed to be behind the 2016 hack of the Democratic National Committee (unless you're one of those folks still clinging to the flimsy narrative that the DNC hacked itself, a claim recent Guccifer 2.0 revelations utterly deflated).

As is usually the case with these kinds of security issues, new data from Cisco indicates that the malware has since evolved into something even more nasty than the original variant:

"Initially when we saw this we thought it was primarily made for offensive capabilities like routing attacks around the Internet,” Craig Williams, a senior technology leader and global outreach manager at Talos, told Ars. “But it appears [attackers] have completely evolved past that, and now not only does it allow them to do that, but they can manipulate everything going through the compromised device. They can modify your bank account balance so that it looks normal while at the same time they’re siphoning off money and potentially PGP keys and things like that. They can manipulate everything going in and out of the device."

The new, updated Cisco analysis is well worth a read for those that are interested, and notes that in addition to being more powerful than originally stated, the malware is also targeting a far larger volume of hardware vendors than originally believed, including gear from ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. The vulnerabilities being exploited that allow VPN Filter to be installed vary from device to device, as do the steps needed to identify whether a router is infected and how to purge it of the malware.

Originally, the FBI issued a statement indicating that owners of potentially-impacted devices simply needed to reboot their routers to thwart the infection, thanks to the FBI's seizure of the controlling ToKnowAll.com domain.

But it's now clear that rebooting alone only temporarily disrupted the botnet, and doesn't purge the infection. The interesting bit: it's incredibly difficult for ordinary end users to even know if their router is infected, meaning that to be safe, users may need to wipe their routers completely and restore them to factory defaults. After that, the standard caveats usually apply: make sure to update your router to the latest firmware, disable remote administration functionality, and make sure you change any default username and password combinations the device may have shipped with.

17 Comments | Leave a Comment..

Posted on Techdirt - 7 June 2018 @ 12:08pm

Latest Privacy Fracas Drops Facebook In The Middle Of Anti-Huawei Hysteria

from the evidence-optional dept

Facebook is under fire yet again for potentially being far too casual in its treatment of private consumer data.

Earlier this week, the New York Times issued a report noting that Facebook had struck deals with more than 60 different hardware vendors since at least 2010, providing them with "vast amounts" of private user data. According to the report, these partnerships allowed some devices to retrieve personal information even from users’ friends who believed they had barred any sharing with third party vendors, potentially violating a 2011 FTC consent decree that banned such sharing without obtaining express customer permission.

To be clear, the partnerships are notably different from the deals struck with companies like Cambridge Analytica, which we now know routinely let app makers hoover up private data under false pretenses, then use that data for other purposes (like oh, riling up partisans ahead of an election). And Facebook was quick to issue a blog post trying to downplay the scope of the revelations:

"This is very different from the public APIs used by third-party developers, like Aleksandr Kogan. These third-party developers were not allowed to offer versions of Facebook to people and, instead, used the Facebook information people shared with them to build completely new experiences."

And while that's all well and good, the problem for Facebook is that nobody trusts that they routinely policed whether this data was being abused. And while the data was all stored locally on user devices, privacy experts were quick to point out that this could still wind up being a problem:

"You might think that Facebook or the device manufacturer is trustworthy,” said Serge Egelman, a privacy researcher at the University of California, Berkeley, who studies the security of mobile apps. “But the problem is that as more and more data is collected on the device — and if it can be accessed by apps on the device — it creates serious privacy and security risks."

These are all legitimate questions that Facebook will need to answer in the wake of the Cambridge scandal.

That said, this story was initially reported on Sunday without too much attention. But things took a turn with additional reports by both the Washington Post and New York Times indicating that some of these partner companies included Chinese gear makers like Huawei.

"The agreements, which date to at least 2010, gave private access to some user data to Huawei, a telecommunications equipment company that has been flagged by American intelligence officials as a national security threat, as well as to Lenovo, Oppo and TCL. The four partnerships remain in effect, but Facebook officials said in an interview that the company would wind down the Huawei deal by the end of the week."

Given that the Trump administration is currently trying to blacklist companies like Huawei amidst allegations of being proxies for the Chinese government, the story's overall tone quickly shifted to one of mass hyperventilation:

The problem: as we've noted a few times now, the allegations that employee-owned Huawei routinely spies on American consumers for the Chinese government isn't backed up by any publicly-available evidence, something both the Post and Times oddly don't mention.

An 18 month investigation by the White House found no evidence of such spying, and companies like Cisco have been caught routinely fanning such fears among gullible lawmakers in the hopes of thwarting overseas competitors. That hysteria has been notably escalated in recent years thanks to U.S. networking vendors being afraid to compete with cheaper Chinese gear as they jockey for 5G deployment contracts with wireless carriers worldwide.

While it's certainly possible Huawei spies on the U.S., there's just not much evidence for it. And you'd also have to ignore the U.S.' epic hypocrisy on that particular subject. You know, like the time Snowden docs revealed that the NSA was caught hacking into Huawei, stealing the company's source code, and attempting to install backdoors in Huawei gear so they could spy on countries that were avoiding the use of U.S. networking gear. You know, the exact thing we're accusing Huawei of. Except with supporting evidence.

Again, it's certainly plausible that Huawei might spy on U.S. citizens. But you'd think somebody could reveal some public evidence of this nefarious behavior before the Trump FCC pondered blacklisting them, a move that's opposed by NSA bosom buddies AT&T and Verizon. The reality is that the entire Huawei fracas is driven more by protectionism than national security, largely because, as one DC insider told the Washington Post back in 2012, it's extremely easy for U.S. networking makers like Cisco to get gullible lawmakers all hot and bothered on the subject:

"“What happens is you get competitors who are able to gin up lawmakers who are already wound up about China,” said one Hill staffer who was not authorized to speak publicly about the matter. “What they do is pull the string and see where the top spins.”

But some experts say these concerns are exaggerated. These experts note that much of Cisco’s own technology is manufactured in China."

That's not to say Facebook still doesn't need to answer some questions about whether all of these partnerships have been unwound, and how it ensured that the data stored on these vendors' devices wasn't abused in any fashion. That said, the focus should remain on the 60 companies in total that Facebook struck these deals with, without getting too hung up on the CHINA CHINA CHINA aspect of the story. Lax treatment of private data is the norm, not the exception (especially in the telecom sector), and getting too hung up on Huawei alone tends to miss the forrest for the trees.

12 Comments | Leave a Comment..

Posted on Techdirt - 6 June 2018 @ 5:39am

AT&T Ends Quest To Erode FTC Authority Over Broadband Providers

from the zero-accountability dept

As we've noted for a while, the ISP attack on net neutrality is only one small part of a broader gambit to eliminate all federal and state oversight of telecom monopolies. Not only did the "Restoring Internet Freedom" net neutrality repeal kill net neutrality, it neutered the FCC's ability to adequately police some of the most anti-competitive companies in America. At the same time, language embedded in the repeal also attempts to neuter state authority over ISPs, something some cable companies are already using to try and wiggle out of lawsuits over substandard service and slow speeds.

All the while, ISPs and their policy BFFs have tried to argue that this massive neutering of state and FCC authority over ISPs was no big deal because the FTC would rush in and save the day, ignoring the fact that the FTC's authority over broadband providers is already shaky. The agency can't make rules as conditions warrant (like the FCC), and can only act against ISPs if a behavior is clearly shown to be "unfair and deceptive," something not easy to do in the net neutrality realm where anti-competitive behavior is often dressed up as "reasonable network management."

As ISPs and their allies told anyone who'd listen the FTC was perfectly suited to police ISPs, they routinely "forgot" to mention that AT&T has spent the last few years in court trying to dismantle any remaining FTC authority over ISPs completely as it tried to tap dance around an FTC lawsuit for lying to consumers about the company's throttling practices. Ironically, AT&T lawyers had been trying to argue that the same common carrier rules AT&T has fought tooth and nail against on the net neutrality front exempt it from FTC oversight.

AT&T's legal gambit began when the FTC sued AT&T back in 2014 for lying to customers about the company's throttling practices. But lately those efforts haven't been going so well, with several lower court rulings hampering AT&T's quest for zero government accountability. And while AT&T had hinted that it would pursue the case all the way to the Supreme Court, last week the company quietly announced that it wouldn't be chasing this particular dream any longer:

"AT&T has given up its years-long quest to cripple the Federal Trade Commission's authority to regulate broadband providers. Just weeks ago, AT&T said it intended to appeal its loss in the case to the US Supreme Court before a deadline of May 29. But today, AT&T informed court officials that it has decided not to file a petition to the Supreme Court and did not ask for a deadline extension."

In addition to having trouble with lower court rulings, AT&T's trying to secure regulatory approval for the company's $86 billion merger with Time Warner. But AT&T's decision to back off its quest also likely reflects efforts to reach a settlement with the FTC over its throttling practices, and the company's surely eager to put the four year old case behind it with what (based on other actions by this administration) is likely to be a light wrist slap of a settlement.

On the positive side, this means the FTC can at least make some effort to protect net neutrality when the FCC's rules officially expire on June 11. That said, even with its authority intact there's frankly not much the FTC can do to punish ISPs that violate net neutrality provided said ISPs are just a little bit clever about how they go about it. Meanwhile, ISPs like AT&T are still threatening to "aggressively" sue any states that try to protect consumers in the wake of the Trump-induced federal apathy toward bad behavior by giant broadband monopolies.

8 Comments | Leave a Comment..

Posted on Techdirt - 5 June 2018 @ 10:45am

E-Mails Show FCC Made Up DDOS Attack To Downplay The 'John Oliver Effect'

from the disinformation-nation dept

You might remember that when HBO comedian John Oliver originally tackled net neutrality on his show in 2014, the FCC website crashed under the load of concerned consumers eager to support the creation of net neutrality rules. When Oliver revisited the topic last May to discuss Trump FCC boss Ajit Pai's myopic plan to kill those same rules, the FCC website crashed under the load a second time. That's not a particular shock; the FCC's website has long been seen as an outdated relic from the wayback times of Netscape, hit counters, and awful MIDI music.

But then something weird happened. In the midst of all the media attention Oliver was receiving for his segment, the FCC issued a statement (pdf) by former FCC Chief Information Officer David Bray, claiming that comprehensive FCC "analysis" indicated that it was a malicious DDoS attack, not angry net neutrality supporters, that brought the agency's website to its knees:

"Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC."

But the FCC's claims were seen as suspect by numerous security experts, who say the crash showed none of the usual telltale signs of an actual DDOS. And reports subsequently emerged indicating that the "analysis" the FCC supposedly conducted never actually occurred. When media outlets began noticing that something fishy was going on, the Trump FCC issued a punchy statement accusing the media of being "completely irresponsible." No evidence was ever provided to journalists or lawmakers that pressured the agency for hard data proving the claims.

Fast forward to this week, and new internal FCC e-mails obtained via FOIA request show that yes, the FCC did routinely try to mislead the public and the press with repeated claims of DDOS attacks that never actually happened:

"The FCC has been unwilling or unable to produce any evidence an attack occurred—not to the reporters who’ve requested and even sued over it, and not to U.S. lawmakers who’ve demanded to see it. Instead, the agency conducted a quiet campaign to bolster its cyberattack story with the aid of friendly and easily duped reporters, chiefly by spreading word of an earlier cyberattack that its own security staff say never happened."

The story is worth a read, and highlights how former FCC CIO David Bray and FCC media relations head Mark Wigfield repeatedly fed false information about the nonexistent attack to reporters, then used those (incorrect) stories to further prop up their flimsy claims about the DDOS:

"Bray is not the only FCC official last year to push dubious accounts to reporters. Mark Wigfield, the FCC’s deputy director of media relations, told Politico: “there were similar DDoS attacks back in 2014 right after the Jon Oliver [sic] episode.” According to emails between Bray and FedScoop, the FCC’s Office of Media Relations likewise fed cooked-up details about an unverified cyberattack to the Wall Street Journal.

The Journal apparently swallowed the FCC’s revised history of the incident, reporting that the agency “also revealed that the 2014 show had been followed by DDoS attacks too,” as if it were a fact that had been concealed for several years. After it was published, the Journal’s article, authored by tech reporter John McKinnon, was forwarded by Bray to reporters at other outlets and portrayed as a factual telling of events. Bray also emailed the story to several private citizens who had contacted the FCC with questions and concerns about the comment system’s issues."

The story isn't going to get much mainstream traction thanks to numerous other instances of cultural idiocy we're all currently soaking in, but it's fairly amazing all the same. In short, the FCC appears to have completely concocted a fake DDOS attack in a ham-fisted effort to try and downplay the massive public opposition to its extremely-unpopular policies.

Of course that's pretty standard behavior for an agency that also blocked a law enforcement inquiry into fraud during the public comment period, likely also an effort to downplay massive public opposition to the repeal. It's also pretty standard behavior from a Trump administration that enjoys using bullshit to distract from the fact that countless policies (like repealing net neutrality) run in stark, violent contrast to the admin's "populist" election message.

This isn't likely to be the end of this story, and more details are likely to surface in the looming lawsuits against the FCC attempting to restore net neutrality.

102 Comments | Leave a Comment..

Posted on Techdirt - 5 June 2018 @ 6:24am

Google Fiber Broadband Hype Replaced By Delays And Frustration

from the in-limbo dept

When Google Fiber first arrived back in 2010, it was lauded as a game changer for the broadband industry. Google Fiber would, we were told, revolutionize the industry by taking Silicon Valley money and using it to disrupt the viciously uncompetitive and anti-competitive telecom sector. Initially things worked out well; cities tripped over themselves offering all manner of perks to the company in the hopes of breaking free from the broadband duopoly logjam. And in some areas where Google Fiber was deployed, prices certainly dropped thanks to Google Fiber market pressure.

But that was then, and this is now.

In late 2016 Alphabet made it clear that the company had grown bored with the high costs and slow pace of deploying fiber. The project has burned through several CEOs in just a year, laid off numerous employees, and the company ultimately announced it was considering a pivot to cheaper wireless technology. The problem: Google's still conducting numerous tests in various spectrum bands (including millimeter wave), but doesn't actually know what this replacement tech looks like yet. Meanwhile, the cities once promised a broadband revolution are seeing that hope replaced with annoyance and frustration.

While the company stated it would be putting any new builds on hold, it insisted that existing projects that were underway wouldn't be impacted. That hasn't proven to be the case, with users in initial launch markets like Kansas City saying their installations had been cancelled with no real explanation after years of waiting. That same song is also playing out in markets like Atlanta, where hope and excitement have shifted to something decidedly... different:

"It’s been more than three years since the Google Fiber frenzy took hold of the Atlanta area. From Alpharetta to Avondale Estates, Sandy Springs to Smyrna, folks fed up with chronically unreliable internet connections, abysmal customer service and expensive monthly bills lapped up Google Fiber’s promise....Google has released little public information about the Atlanta rollout delays, and company officials declined WABE’s multiple requests for an interview on the status of the project and other specifics.

Noting a trend yet? You'll notice the same complaints in Austin, one of Google Fiber's more robust builds, where locals point out that progress appears to have stopped for many users who say the technology was installed, but progress just magically ceased:

"Construction is complete. Equipment is installed. But a year later, a south Austin neighborhood says they're still waiting on Google Fiber to actually work...Today, some residents say they can't get a straight answer on what's taking so long to access the high-speed internet...

Susan Speyer says when she was signing up for Google Fiber, she was told she'd have service in, "Just a few weeks to max three months." And as the months passed, cable and internet bills with other providers, they say, have gone up. Neighbor Sherry Lowry adding, "It's doubled since all of this started with Google."

To be fair, Google's PR folks can't offer answers of what comes next because Google itself doesn't know what the wireless technology that will supplant fiber will look like. But even Google's wireless promises have been decidedly shaky. After acquiring urban wireless provider Webpass two years ago, some of that company's coverage markets have actually shrunk, with the provider simply pulling out of cities like Boston without much explanation. And many of the executives that were part of that acquisition have "suddenly" departed for unspecified reasons.

At this point it's certainly possible that once Google Fiber is done with its multi-year, numerous wireless tests it settles on a cheaper (but still expensive and time consuming) alternative to fiber. But as the company's newfound apathy and steady retreat from net neutrality advocacy makes clear, this isn't the same company Alphabet/Google was when this experiment started, and it remains entirely possible the entire project is scuttled or sold off as Google itself inevitably shifts from innovation and disruption to turf protection (especially with ISPs like Comcast and AT&T pushing harder into advertising).

Meanwhile, the broadband sector is actually getting less competitive than ever as the nation's telcos give up on upgrading aging DSL lines, leaving the nation's cable providers with greater regional monopolies than ever before. The fact that nobody wants to upgrade this nation's already mediocre broadband infrastructure (because it's not profitable enough, quickly enough for Wall Street) is a major reason more and more towns and cities are simply building their own broadband networks -- assuming states haven't banned them from doing so at large ISP behest.

Based on what we're seeing lately, those hoping that Google still has the money, resources and willpower to shake the broadband sector out of its monopoly dysfunction probably shouldn't hold their breath.

30 Comments | Leave a Comment..

Posted on Techdirt - 4 June 2018 @ 12:06pm

California's Tough New Net Neutrality Law Takes Another Step Forward

from the you-made-this dept

In the wake of the Trump FCC's attack on net neutrality last December (which formally takes effect on June 11), more than half the states in the country are now exploring their own net neutrality rules. Some states (like Oregon and Washington) have passed state laws, while others (like New York and Montana) have embraced new executive orders that limit ISP ability to strike state contracts if they violate net neutrality. All told, it's not exactly the outcome AT&T, Verizon, and Comcast lobbyists were hoping for, and it's a pretty solid indication they really didn't think this entire thing through particularly well.

But at the moment, most eyes rest on California, where one of the tougher new state-level replacement laws just took a major step forward.

Senator Scott Wiener’s SB 822 would prevent ISPs in California from engaging in blocking, throttling, or paid prioritization. The EFF has called the bill the "gold standard" for state-level net neutrality law. The proposal actually goes a bit further than the FCC rules it's intended to replace, in part because it more tightly polices things like zero rating and usage caps, which have long been used anti-competitively by incumbent ISPs as a way to make life more difficult for companies trying to elbow in on traditional TV revenues.

Despite a major push by industry lobbyists, SB 822 last week was approved 23-12 by the California Senate and will now head to the state Assembly (sometime before the end of this month). If it passes there, it will be on to the desk of Governor Jerry Brown for signing.

California's law will be one to watch. Comcast, AT&T and Verizon successfully lobbied the Trump FCC to include language in their net neutrality repeal attempting to ban states from protecting broadband consumers, language companies like Charter are already using to try and tap dance out of lawsuits for substandard service. But the FCC's authority here is shaky, and some legal experts (like Stanford Professor Barbara van Schewick) have argued that when the FCC rolled back its Title II authority over ISPs, it also dismantled its right to tell these states what to do:

"The bill is on firm legal ground.

While the FCC’s 2017 Order explicitly bans states from adopting their own net neutrality laws, that preemption is invalid. According to case law, an agency that does not have the power to regulate does not have the power to preempt. That means the FCC can only prevent the states from adopting net neutrality protections if the FCC has authority to adopt net neutrality protections itself.

But by re-classifying ISPs as information services under Title I of the Communications Act and re-interpreting Section 706 of the Telecommunications Act as a mission statement rather than an independent grant of authority, the FCC has deliberately removed all of its sources of authority that would allow it to adopt net neutrality protections. The FCC’s Order is explicit on this point. Since the FCC’s 2017 Order removed the agency’s authority to adopt net neutrality protections, it doesn’t have authority to prevent the states from doing so, either."

ISPs have promised to "aggressively sue" any states that try to pass rules protecting net neutrality or broadband consumer privacy. And while this will only disgust the majority of Americans even more, the combination of limited competition and rubber stamp regulators like Ajit Pai means there's not much in the way of punishment for the tech policy equivalent of giving a giant middle finger to the nation's consumers, small businesses, and healthy competition.

6 Comments | Leave a Comment..

Posted on Techdirt - 4 June 2018 @ 6:30am

Thanks To No Competition, Broadband Satisfaction Scores Plummet

from the this-is-why-we-can't-have-nice-things dept

For years now we've documented the shitshow that is broadband industry customer satisfaction. That shitshow is generally thanks to a continued lack of real competition in the space, which lets these companies not only mindlessly raise rates like it's going out of style, but it gives companies like Comcast the leeway to experiment with terrible, anti-competitive practices like arbitrary and punitive usage caps and overage fees. And that's of course before you get to the clown car that passes for customer service at many of these companies, which routinely makes headlines for all the wrong reasons.

Year after year we witness a rotating crop of bizarre stories highlighting how terribly these entrenched monopolies treat their subscribers. And each year industry executives insist that they've learned the error of their ways and have dedicated themselves and their budgets to fixing the "consumer experience."

Except because these companies all but own state and federal lawmakers-- and see virtually no competition in their markets (especially at higher speeds)--things never actually get better. Case in point: the American Customer Satisfaction Index has released their latest analysis of customer satisfaction with the broadband industry. And what they found isn't pretty. In short, every single major ISP but one saw a decline in customer satisfaction over the last year:

Note that these scores are worse than every other industry the ACSI tracks, including the airline, insurance, and banking sectors. And these scores are even well below consumer satisfaction with many government agencies, including the IRS.

Comcast in fact is the only company to see no change whatsoever (though its TV services saw a 1 point decline), which is still notable given its 2014 promise that the hiring of a customer experience VP and other well-hyped improvements were going to "revolutionize" the way Comcast consumers were treated. Other companies like Charter (Spectrum) are in absolute free fall, dropping 8% year over year thanks to the poor service, rate hikes and empty promises in the wake of the company's bungled $89 billion acquisition of Time Warner Cable and Bright House Networks.

And while things like gigabit broadband get a lot of media hype, we've noted that the lack of competition driving this problem is only getting worse. Numerous telcos have all but given up on residential broadband to shift their focus toward video advertising and enterprise services. And as they refuse to upgrade millions of DSL subscribers they don't actually want, cable companies like Comcast and Charter are securing a greater monopoly over broadband than ever before.

Some like to claim new wireless technologies (like 5G) will emerge to magically provide competition to these providers. But while 5G wireless will provide faster, lower-latency and more resillient networks, it won't fix the business data service monopoly that drives high prices and many of the competition issues in the wireless sector. Nor will it address the industry's plan to keep putting ma bell back together via an endless array of competition-reducing megamergers. And however promising 5G is, it's not a substitute for uncapped, fixed broadband -- especially in more rural areas and less affluent cities.

While cable secures a growing monopoly over fixed-line broadband, monopoly ISPs (with the Trump administration's help) are gutting all FTC, FCC and state oversight over their regional monopolistic fiefdoms. All while regulators like Ajit Pai whisper sweet nothings about how eliminating popular consumer protections like net neutrality will magically improve sector investment and competition. Surely this all works out well for the consumer, right?

37 Comments | Leave a Comment..

Posted on Techdirt - 1 June 2018 @ 6:43am

FCC Wants Ebay, Amazon To Crack Down On Kodi-Based Pirate TV Boxes

from the control,-not-copyright dept

For years now, tinkerers everywhere have built custom-made PCs that use the open-source Kodi platform. Highly flexible and customizable, this hardware can often work notably better than the locked-down TV hardware (especially traditional cable boxes) that are the norm. But the hardware can also be used to streamline access to copyright content. And in more recent years, outfits like Dragonbox or SetTV have taken things further by selling users tailor-made hardware that provides easy access to live copyrighted content.

Not too surprisingly, video producers and broadcasters haven't much liked this. And in recent months, Amazon and Netflix have joined forces with Hollywood to try and sue many of these operations out of existence. Last week they got a little help from FCC Commissioner Mike O'Rielly, who fired off a letter to both Amazon and Ebay demanding they do more to combat the listing of these devices on their respective websites. O'Rielly was quick to acknowledge that the FCC's authority over copyright is negligible, so he focused instead on these companies' unauthorized use of the FCC logo:

"Disturbingly, some rogue set‐top box manufacturers and distributors are exploiting the FCC's trusted logo by fraudulently placing it on devices that have not been approved via the Commission's equipment authorization process. Specifically, nine set-top box distributors were referred to the FCC in October for enabling the unlawful streaming of copyrighted material, seven of which displayed the FCC logo, although there was no record of such compliance. Many of these sellers are attempting to distribute their non-compliant products through online marketplaces such as yours. Although outside the jurisdiction of the Commission, it is equally troubling that many of these devices are being used to illegally stream copyrighted content, exacerbating the theft of billions of dollars in American innovation and creativity.

And that's all well and good. Companies like DragonBox are dressing up piracy as a legitimate service while illegally using the FCC logo. Both Amazon and Ebay responded to O'Rielly noting they already have numerous systems in place to prohibit the sale of such devices, and were open to working with the FCC to police future sales.

That said, O'Rielly fails to mention that he's historically supported policies at the FCC that make this whole problem worse than it needs to be.

Again, Kodi itself is perfectly legal. And even in the case of more ethically-dubious services, users are flocking to them because they find traditional video services and hardware to be locked down, inflexible, and expensive. Much of that has to do with obnoxious DRM that more often than not makes the viewing experience annoying as hell. And a lot of it has to do with the cable industry's monopoly control over the cable box, which prevents the entire ecosystem from being as open and competitive as it should be.

And O'Rielly himself played a pretty major role in that.

Last year, O'Rielly helped the cable & broadcast industry crush a plan to bring much-needed openness and competition to the cable box. That plan, developed under the Wheeler FCC, would have let consumers access all cable TV content entirely via app, eliminating the traditional cable box and opening up competition on the streaming hardware front. But thanks to an absolutely massive disinformation effort by the cable industry, the plan was killed. Among other things, the cable sector tried to claim that added TV hardware competition would have stifled innovation, encouraged piracy, and even harmed minorities.

None of it was true, but it was repeated ad nauseum in countless editorials nationwide that failed to disclose the authors' ties to the cable sector. The industry even managed to get the Copyright Office to join the fun by claiming that this added competition would somehow violate copyright.

It was another perfect example of how the definition of copyright is routinely abused, and these issues often have to do more with control than copyright. And while it's great that O'Rielly decided to lend a hand here, it might be cool if he realized how his own anti-innovation policies at Trump's FCC have helped make this problem of his immeasurably worse. If traditional video markets were cheaper, more open, customizable and flexible, these kinds of alternatives wouldn't be nearly as popular in the first place because consumers would already be getting what they're looking for.

59 Comments | Leave a Comment..

Posted on Techdirt - 31 May 2018 @ 12:12pm

Another Report Highlights How Wireless SS7 Flaw Is Putting Everyone's Privacy At Risk

from the we'll-get-around-to-it dept

Last year, hackers and security researchers highlighted long-standing vulnerabilities in Signaling System 7 (SS7, or Common Channel Signalling System 7 in the US), a series of protocols first built in 1975 to help connect phone carriers around the world. While the problem isn't new, a 2016 60 minutes report brought wider attention to the fact that the flaw can allow a hacker to track user location, dodge encryption, and even record private conversations. All while the intrusion looks like like ordinary carrier to carrier chatter among a sea of other, "privileged peering relationships."

Telecom lobbyists have routinely tried to downplay the flaw after carriers have failed to do enough to stop hackers from exploiting it. In Canada for example, the CBC recently noted how Bell and Rogers weren't even willing to talk about the flaw after the news outlet published an investigation showing how, using only the number of his mobile phone, it was possible to intercept the calls and movements of Quebec NDP MP Matthew Dubé.

Again the flaw isn't new; a group of German hackers revealed the vulnerability in 2008 and again in 2014. It's believed that the intelligence community has known about the vulnerability even earlier, and the hackers note that only modest headway has been made since German hacker Karsten Nohl first demonstrated it. But the flaw has gained renewed attention in recent weeks after Senator Ron Wyden sent a letter to the FCC (pdf) complaining that the agency isn't doing enough (read: anything) to address it:

"One year ago I urged you to address serious cybersecurity vulnerabilities in U.S. telephone networks. To date, your Federal Communications Commission has done nothing but sit on its hands, leaving every American with a mobile phone at risk."

Apparently, shoring up national security wasn't as big of a priority as gutting net neutrality or eliminating consumer privacy protections at Comcast and AT&T's behest. Wireless carriers have been downplaying the flaw, in part because of the cost of fixing it. But they also worry it will be used to justify more meaningful privacy protections here in the States. When the DHS published a 125 page report (pdf) detailing the scope of the problem, lobbyists for the industry called the problem "theoretical," and the report "unhelpful," calling the report's advocacy for regulatory and legislative solutions "alarming."

And while carriers have implemented some security standards to address the SS7 probem, at its core SS7 lacks a mechanism to ensure that carriers sending data requests are who they claim to be. And while some of the firewall solutions carriers have adopted can protect some of their own consumers, these fixes don't extend to users who may be roaming on their networks. By and large, a large chunk of the problem is that these companies don't want to spend the necessary time and money to engineer a real solution, especially if their intelligence partners are benefiting from it.

In a follow up report over at the Washington Post, the paper notes how the flaw at this point is far from theoretical, and is routinely exploited en masse by numerous intelligence agencies (including the United States):

"Wyden said the risks posed by SS7 surveillance go beyond privacy to affect national security. American, Chinese, Israeli and Russian intelligence agencies are the most active users of SS7 surveillance, experts say, and private-sector vendors have put systems within the reach of dozens of other governments worldwide. Sophisticated criminals and private providers of business intelligence also use the surveillance technology.

Other experts said SS7 surveillance techniques are widely used worldwide, especially in less developed regions where cellular networks are less sophisticated and may not have any protection against tracking and interception. But the experts agreed that Americans are significant targets, especially of rival governments eager to collect intelligence in the United States and other nations where Americans use their cellphones.

And again, that's a particular problem for a country whose President thinks basic phone security is too much of a hassle. For a country that's currently spending an ocean of calories trying to blacklist Chinese network vendors under breathless claims of national security, you'd think a massive problem with global privacy and security implications would get a little more attention.

7 Comments | Leave a Comment..

Posted on Techdirt - 31 May 2018 @ 3:23am

FCC Claims Perfectly-Timed Regulatory Handout To Sinclair Is Just Quirky Happenstance

from the total-coincidink dept

The FCC remains under heavy fire for its mindless assault on popular net neutrality protections. But the agency has also been facing widespread, bipartisan criticism for the FCC's decision to gut decades-old media consolidation rules -- specifically to help Sinclair Broadcast Group cement its $3.9 billion acquisition of Tribune.

Like net neutrality, media consolidation rules traditionally enjoy bipartisan support because they protect local opinion diversity and speech, preventing one company from dominating smaller competitors. The Washington Post recently offered a piece highlighting the very real, negative impact mindless M&A mania in the broadcast sector has had on the quality and diversity of local news, which in many towns is now little more than an echo chamber of substandard drivel:

"The TV news has a familiar feel to it here in west-central Pennsylvania. News stories broadcast on WJAC, the NBC affiliate in town, have appeared on nearby station WATM, the ABC affiliate. And many of those stories are broadcast on WWCP, the Fox station here, as well. Not just the same topics — identical stories, reported by the same reporter or anchor, and repeated, almost verbatim at times, by the other stations."

The Sinclair merger will give the company ownership of more than 230 local broadcast stations, reaching 73% of the public. Given Sinclair's history of reporting that's factually-dubious on a good day, those concerns are looming larger than ever as the recent viral Deadspin video made abundantly clear:

As Sinclair moved to gain regulatory approval for its latest deal, the FCC quickly moved to block any and all regulatory obstacles. Like eliminating a "main studio rule" requiring that a broadcaster actually have a physical local presence in a city it operates in to help ensure a vested interest in local issues. And when the Sinclair merger began to bump up against a longstanding media rule preventing any one local broadcaster from reaching more than 39% of households, the FCC quickly restored a discarded regulatory loophole known as the UHF discount, letting Sinclair falsely under-state its real household reach to slink in under the cap.

The FCC's regulatory attack on media ownership rules to aid Sinclair was so blatant, it resulted in the FCC inspector general launching an investigation into whether FCC boss Ajit Pai corruptly coordinated the assault with Sinclair executives. There's really no doubt among Pai's fellow Commissioners like Jessica Rosenworcel, who made her thoughts on the matter perfectly clear recently:

"Every element of our media policy is custom-built for the business plan of Sinclair Broadcasting,” says Rosenworcel. “That is stunning, it is striking, and it looks like something’s wrong. And I’m not the only one to think that. We’re burning down the values of media policy in this agency in order to service this company."

Amusingly, FCC Commissioner Mike O'Rielly (fresh off of a recent Hatch Act violation) recently tried to fire back with a blog post claiming that nearly a dozen perfectly-timed initiatives that help Sinclair were all entirely coincidental, and were simply part of the FCC's attempt to eliminate "outdated regulations":

"Any benefit to Sinclair was residual and non-intentional. At the same time, the entire debate misses the bigger picture that I witnessed firsthand in Arizona this week: that the changing marketplace is causing tremendous challenges to legacy broadcasters forced to abide by outdated and irrelevant ownership limitations and Commission rules. My priority has been to remove these outdated burdens imposed by the Commission that no longer serve the public interest or make sense, so that broadcasters are able to survive and thrive in the current competitive landscape. "

Like net neutrality, FCC evidence of the "burden" these longstanding rules create for broadcasters is utterly absent. And the only thing the 39% ownership cap was a burden to was Sinclair and its merger. That the elimination of this rule might also help a few lumbering giants grow impossibly larger isn't really much of a defense, and critics find the timing just too perfect for O'Rielly's claims to be even remotely believable:

“Everything that Sinclair needed to get done seemed to happen exactly when they needed it to get done,” David Goldman, chief counsel for communications issues for the House Energy & Commerce Committee told Motherboard in a phone interview...

"O'Rielly can say this is all just part of the current majority’s plan to deregulate everything under the sun, without regard for who benefits the most, but that's missing the point,” argeed Matt Wood, Policy Director for Free Press, one of the organizations fighting the merger. "Sinclair couldn't even contemplate its massive takeover of Tribune without this relief, which the Commission has been exceptionally eager to grant from day one of Pai's Chairmanship,” Wood said.

Pai's office is rushing ahead undaunted, last week opening the merger back up to public comment in the hopes of nudging things along. The FCC is rushing, in part, because of the fact that consumer groups are challenging the restoration of the UHF Discount in court, arguing that there was no other reason to restore the obscure and unnecessary loophole aside from helping Sinclair. Again, the FCC's decision to barrel forth before the court case is settled didn't sit well with Rosenworcel:

Does it? We'll see. Should consumer advocates win that suit, Sinclair's merger (at least as written) will be DOA, and the FCC will be left trying to find other "entirely coincidental" ways to try and rubber stamp the broadcasting giant's M&A ambitions.

24 Comments | Leave a Comment..

Posted on Techdirt - 30 May 2018 @ 6:16am

ESPN Analysts Routinely Told Execs Not To Worry About Cord Cutting

from the nothing-to-see-here dept

ESPN has long personified the cable and broadcast industry's tone deafness to cord cutting and TV market evolution. The company not only spent years downplaying the trend as something only poor people do, it sued companies that attempted to offer consumers greater flexibility in how video content was consumed. ESPN execs clearly believed cord cutting was little more than a fad that would simply stop once Millennials started procreating, and ignored surveys showing how 56% of consumers would ditch ESPN in a heartbeat if it meant saving the $8 per month subscribers pay for the channel.

As the data began to indicate the cord cutting trend was very real, insiders say ESPN was caught flat footed by the trend. Instead of adapting for the streaming era, the company spent years doubling down on bloated sports licensing deals and SportsCenter set redesigns.

These decisions ultimately came back to haunt the "worldwide leader in sports," resulting in ESPN losing 16 million subscribers over seven years (and an estimated 17,000 defecting viewers per day). As the accountability hammer began to fall, ESPN execs tried to pretend they saw this coming all along. ESPN subsequently decided the only solution was to fire hundreds of longstanding sports journalists and support personnel, but not the executives like John Skipper (since resigned) whose myopia made ESPN's problems that much worse.

This week, the Wall Street Journal offered up a report on the arguably stupid debate over whether ESPN's programming is partisan. In it was buried this little nugget indicating that the analysts ESPN paid to help prepare it for the future routinely told company leadership that cord cutting was a nothingburger that would never become a widespread issue. Even as late as 2014, when the stats were becoming very clear, analysts were telling execs they had nothing to worry about

"ESPN’s research department presented data arguing cord-cutting was unlikely to become widespread, according to attendees.

"They were flat-earthers," said one former ESPN executive.

At the same time, ESPN was spending aggressively. The company agreed to triple the fees it would pay the NBA, which it believes is growing in popularity. On the talent side, Mr. Skipper closely managed negotiations, desiring to beat back rivals like Fox Sports 1 and NBC Sports. Agents, former ESPN executives and hosts said that led him to overpay for several on-air personalities.

You'd hope that ESPN kept its receipts. Amusingly, executives could have simply read Techdirt for free and been better informed.

The irony is that ESPN hasn't fully gotten the message the cord cutting revolution is sending: give your customers what they want. While many don't watch sports at all, those that do and cut the cord simply want a standalone version of ESPN streamed for a monthly fee. And while ESPN recently unveiled a new streaming service it claims finally delivers this, we've noted how that's not actually true. ESPN's still so worried about cannibalizing the traditional cozy cable TV cash cow you still can't get a standalone ESPN streaming service without subscribing to traditional cable.

The thing many cable execs don't want to admit is this: rising programming costs and surging competition and choice means TV isn't going to be as profitable as it used to be. Companies can either cling tightly to outdated models in a misguided attempt to prevent inevitable evolution until it's too late, or they can get out ahead of the phenomenon now. There's still a large number of cable and broadcast executives under the false impression that there's a choice in the matter.

15 Comments | Leave a Comment..

Posted on Techdirt - 29 May 2018 @ 11:58am

Shockingly, Streaming Providers Are Dominating Cable At Customer Satisfaction

from the innovation-nation dept

It's really no secret that traditional cable and broadband providers have some of the worst customer satisfaction of any companies in America. Comcast and Charter (Spectrum) in particular can usually be found stumbling around in last place in most satisfaction and support rankings. That's been particularly true of the American Customer Satisfaction Index, which routinely shows cable and broadband providers rank consistently worse than nearly any other company in any industry in America. In fact, these companies even tend to be ranked worse than Americans' experiences with government agencies like the IRS.

And despite seemingly bi-annual promises by these companies that customer service is their top priority (remember when Comcast promised a new "Customer Experience VP" would fix everything?), it's actually getting worse.

According to the latest ACSI report, high prices, bloated cable bundles, and terrible customer service continue to leave customers angry and frustrated:

"Customer satisfaction with subscription television service falls 3.1 percent to an ACSI score of 62, an 11-year low as the industry faces a seismic shift of subscribers defecting to lower-cost online video streaming services. In response, many cable and telecom companies are offering new Internet TV streaming in addition to legacy pay TV, but cord cutting continues."

While some cable companies have finally realized the error of their ways and begun offering less expensive, more flexible streaming alternatives (Dish's SlingTV and AT&T's DirecTV Now), by and large the mindset of the cable industry remains focused on doubling down on a lot of the dumb ideas (predominately aggressive price hikes) that brought them to this point in the first place.

For example Charter Communications, which has been pummeling consumers with price hikes in the wake of its $89 billion merger with Time Warner Cable and Bright House Networks, took a particularly steep tumble during these latest satisfaction ratings for traditional cable providers:

The same story is playing out with broadband ISP satisfaction ratings, where limited competition often results in high prices as well:

It's worth noting that this year was the first year the index ranked streaming video alternatives, and (shockingly) the companies that are now offering lower prices, more flexible and innovative services, and better customer service are doing significantly better than traditional cable. Netflix, Sony PlayStation Vue, and Twitch all saw scores of 78, and the lowest rated streaming provider (Crackle at 68) was still rated better than nearly all traditional TV providers:

And while cord cutting is expected to break records this year, that's not to say that cable providers can't turn things around. Industry executives simply have to stop pretending that the traditional TV cash cow will live forever, and begin to compete by offering cheaper, more flexible options with better customer support. The bottom line many cable executives can't acknowledge is: competition simply means TV isn't going to be as profitable as it used to be, and they're going to have to actually try now. You can either get out ahead of this phenomenon now through adaptation, or continue doubling down on the same bad ideas that resulted in record cable TV customer defections in the first place.

29 Comments | Leave a Comment..

Posted on Techdirt - 29 May 2018 @ 6:01am

Charter Claims NY Lawsuit Over Crappy Broadband Speeds Just An Evil, Netflix 'Cabal'

from the everybody's-to-blame-but-me dept

Early last year, Charter Spectrum was sued by New York State for selling broadband speeds the company knew it couldn't deliver. According to the original complaint (pdf), Charter routinely advertised broadband speeds executives knew weren't attainable -- while simultaneously refusing to upgrade their network to handle added consumer demand (a problem that only got worse in the wake of its merger with Time Warner Cable and Bright House Networks).

Buried in the suit were all manner of interesting allegations, including claims that Charter executives discussed via e-mail how they hoped to manipulate congestion to drive up costs for companies like Netflix (you'll recall this was part of the whole interconnection slowdowns Netflix and companies like Level3 complained about a few years ago). The suit also highlights how Charter gamed the results of a program the FCC has traditionally used to measure real-world broadband speeds using custom-firmware embedded routers in consumer volunteer homes.

Charter has since been trying to tap dance out of the suit by flinging pretty much every legal argument against the wall to see what sticks. Most recently, the company tried to claim that the FCC's recent net neutrality repeal contains language banning states from trying to protect consumers. And while that was certainly the hope of Ajit Pai's FCC, legal experts have argued that the agency's claims don't hold water. More specifically, when the FCC rolled back its Title II authority over ISPs, it also ironically dismantled its legal authority to tell states what to do.

Amusingly, Charter has now shifted its argument to the claim that the entire lawsuiit is somehow part of an unholy cabal orchestrated by Google and Netflix. You might recall that ISPs (and Ajit Pai) have long tried to claim that the entrenched telecom monopolies are innocent daisies, and that net neutrality is simply a conspiracy concocted by Google and Netflix to ruin AT&T, Verizon, Comcast and Charter's livlihood. This narrative has been routinely driven by ISP policy folks despite the fact net neutrality is very much a bipartisan, grassroots consumer welfare issue.

New York State brought in Tim Wu, the Columbia Law Professor who coined the term "net neutrality," to consult on the case. And because Wu had at points talked to both Google and Netflix (who were concerned that Charter was abusing its last-mile monopoly to drive up costs), Charter hopes to use this "unclean hands defense" to try and scuttle the lawsuit by claiming it was a vast conspiracy against Charter:

"Charter's unclean-hands defense is that Plaintiff actively conspired with private parties through Tim Wu (a leading critic of ISP business practices) to investigate and sue Time Warner Cable Inc.," he wrote. "Thus, Plaintiff delegated what should have been an objective law enforcement investigation to third parties whose pecuniary and political interests are adverse to TWC's, and who had preconceived notions of how and why to penalize TWC."

The letter then goes on to talk about documents produced by the other side that allegedly show how Wu and third parties "manufacture[d] fraud claims" and how his "co-conspirators boasted of having orchestrated Mr. Wu's work."

The names of the individuals who allegedly were in cahoots with Wu include Google's Meredith Whittaker, who in a 2015 email to a colleague, discussed having gotten off the phone with Wu about the NY AG consumer protection complaint and how it would frame interconnection as a consumer harm issue."

Of course since interconnection was a consumer harm issue that's not really substantive or damaging. Charter, a company that routinely uses its own funded think tanks to pollute public discourse and erode accountability is also upset that Wu happened to (gasp) talk to a think tank partially funded by Google:

"Charter is taking the notion of a "cabal" seriously, also pointing to communications with several individuals at the New America Foundation, a Washington, D.C.-based think tank."

Ironically, both Google and Netflix's interest in standing up for consumers on this subject has waned proportionally with their growing power over the years. Still, Netflix and Google had every right to be concerned about what Charter and other ISPs were up to, since they were effectively trying to use their last-mile broadband monopoly to unfairly jack up costs for consumers, content creators, and transit operators alike. That Wu corresponded with companies with legitimate anti-competitive concerns over what broadband monopolies are up to isn't likely to scuttle the case and has the faint whiff of desperation.

Charter's other legal efforts to derail the case haven't gone well so far, and it's unclear whether this latest gambit will work. But it's abundantly clear that Charter is particularly worried about the ramifications of this case, given they appear to have been caught on e-mail routinely lying to the public and regulators. As we've been noting, uncompetitive monopolies like Charter are working together to demolish FTC, FCC, and state authority over their businesses, and they're using every trick in the book to do so.

45 Comments | Leave a Comment..

More posts from Karl Bode >>