Karl Bode’s Techdirt Profile

kbode

About Karl Bode




Posted on Techdirt - 18 October 2017 @ 10:44am

Big ISPs Lobby To Kill Attempts At More Accurate Broadband Mapping

from the it's-not-a-problem-if-you-can't-see-it dept

For years, the FCC's "Form 477" data collection program has required that ISPs provide data on where they provide broadband service. Said data then helps determine the pace of broadband deployment and level of competition in key markets, informing FCC policy and broadband subsidy application. Unfortunately, this data collection process relies heavily on census block data, which doesn't always clarify which specific addresses in these large segments can actually get service. This has proven handy for ISPs looking to obfuscate their refusal to upgrade broadband networks in many areas.

This inaccurate data collection is a major reason for the Kafka-esque experience many new homeonwers have when they're told their new home will have broadband service, only to discover it doesn't. Last August, the then-Tom-Wheeler-run FCC issued a notice of proposed rulemaking (pdf), seeking public input on changing the Form 477 program so it tracked individual addresses, providing a far more accurate picture of U.S. broadband deployment. At the time, the FCC admitted that it historically hasn't done a good job ensuring this data matches reality, aka the "consumer experience":

The Commission to date has not systematically examined the precise underlying methodologies that are used by service providers in generating their data nor has it investigated whether actual consumer experience has diverged substantially from the Form 477 filings. Moreover, providers’ minimum advertised or expected speeds have, to date, been treated as confidential, limiting the ability of policymakers and consumers to compare offerings among service providers from this data collection.

In other words, the FCC was acknowledging that our broadband maps aren't very accurate, and the FCC hasn't done a very good job holding ISPs accountable for dubious availability data or flawed methodology.

Not too surprisingly, large ISPs have come out swinging against the previous FCC's attempts to improve things. In a filing with the FCC (pdf), Verizon tried to argue that more accurate data collection would be an undue burden on the company:

The Commission should reject any proposals that would require fixed broadband providers to report deployment data below the census-block level. Such proposals would impose enormous costs on fixed broadband providers without providing any real benefit to the Commission or the public.

Verizon fails to document the "enormity" of having to do a modestly better job telling the FCC where it provides broadband, or the fact that a painful lack of competition in the sector -- and the inability to determine how extensive the problem is -- helps pad duopolist revenues. Similarly, the NCTA -- the cable industry's biggest lobbying group -- cites ambiguous additional costs in opposing the improved mapping in its own filing (pdf):

...the Commission must ensure that the costs of any new broadband data collection requirements do not outweigh the benefits. With respect to the Form 477, the Commission should avoid collecting data that is so detailed or voluminous that it is expensive for providers to produce, difficult for the Commission to process, or unhelpful to the public.

Of course it's not really the added costs that are worrying these providers. Better mapping means a more accurate picture of where these industry giants have refused to provide service or upgrade last-generation connections. That would be of considerable concern to Verizon, which has been under fire for years for taking taxpayer subsidies in exchange for fiber that never gets delivered, and for outright refusing to upgrade or repair millions of aging DSL lines it clearly no longer wants to service. Less accurate census-block data also makes it easier to obfuscate the overall lack of competition in the U.S. broadband industry.

Given the current FCC's tendency to rubber stamp every whim of incumbent broadband providers, it seems more than likely that Ajit Pai and friends will scuttle this improved mapping effort proposed by the previous FCC. If you have a better understanding of the scope of a problem, you might then ponder actually doing something about it -- and we certainly wouldn't want that.

18 Comments | Leave a Comment..

Posted on Techdirt - 18 October 2017 @ 6:36am

AT&T Spent Hundreds Of Billions On Mergers And All It Got Was A Big Pile Of Cord Cutters

from the synergies,-yo dept

Over the last few years AT&T and Verizon have been desperately trying to pivot from stodgy, protectionist old telcos -- to sexy new Millennial media juggernauts. And while this pivot attempt has been notably expensive, the net result has been somewhat underwhelming. Verizon, for example, spent billions to gobble up AOL and Yahoo, but its lack of savvy in the space has so far culminated in a privacy scandal, a major hacking scandal, a quickly shuttered website where reporters couldn't write about controversial subjects, and a fairly shitty Millennial streaming service even Verizon's own media partners have called a "dud."

AT&T's efforts have been notably more expensive, but just as underwhelming. The company first decided to shell out $70 billion for a satellite TV provider (DirecTV) on the eve of the cord cutting revolution. And the company's putting the finishing touches on shelling out another $89 billion for Time Warner in a quest to gain broader media and advertising relevance. That was paired with the launch of a new streaming service, DirecTV Now, which the company hoped would help it beat back the tide of cord cutting.

But things aren't really working out quite like AT&T planned. The company's stock took a beating last week after it acknowledged it would be facing a 390,000 reduction in pay TV subscribers this quarter. AT&T, in an 8K filing with the SEC, tried to partially blame hurricanes for the mass exodus occurring at the company:

"The video net losses were driven by heightened competition in traditional pay TV markets and over-the-top services, hurricanes and our stricter credit standards. The decline of traditional video subscribers negatively impacts our Entertainment Group revenues and margins, resulting in an adjusted consolidated operating income margin that will be essentially flat versus the year-ago third quarter."

Unmentioned is that AT&T also lost 351,000 pay TV subscribers the quarter before, as the company gets hit harder by cord cutting than most pay TV providers. One of the real reasons for these departures? While AT&T was willing to spend hundreds of billions on megamergers, it has spent the better part of the last decade (especially in places where poor people live) neglecting necessary network upgrades. As a result, in countless markets Verizon & AT&T users on last-generation DSL lines are switching to cable providers for faster broadband, and bundling cable TV service that's priced cheaper than broadband alone.

In short AT&T neglected its core business in order to daydream about matching Google or Facebook's ad revenues, but (so far) lacks the core competency to jump the gap from telecom to Silicon Valley-esque Millennial marketing. Both AT&T and Verizon have spent so many years operating as government-pampered protected duopolies, they believed they could pivot on a dime, ignoring that years of regulatory capture left them with only a few key skills: charging too much for too little, lobbying to thwart competition and bullshit.

To its credit, AT&T was at least willing to take a risk and launch DirecTV Now, a streaming alternative. And while the company did manage to add 300,000 streaming customers on the quarter, those users pay a fraction of what traditional cable TV customers do - and AT&T still saw a net loss of 90,000 pay TV users. Still, most other incumbent pay TV providers have responded to the cord cutting threat by raising cable TV rates (ingenious!) or by pretending to keep pace via the launch of streaming alternatives that are intentionally designed to be underwhelming, lest they cannibalize more lucrative legacy customers.

One of the core problems here is that Wall Street isn't satisfied with ISPs simply doing a good job and making a reasonable profit. The relentless, myopic need for quarterly improvements has companies like AT&T and Verizon trying to use megamergers and vertical integration to magically elbow their way into markets it's unclear they lack the competency for. And only after mindlessly cheering these deals do some Wall Street analysts realize some of these arrangements don't even make coherent business sense given the current market climate:

"Though the company partly blamed recent hurricanes for these trends, MoffettNathanson analyst Craig Moffett notes that weather was only the third of four reasons that AT&T listed. “Heightened competition in traditional pay TV markets and over-the-top services” came first. In other words: cord cutting. “It is becoming increasingly clear that the wheels are falling off of satellite TV,” he writes, meaning that Dish Network might announce similar results."

In an ideal world, AT&T would realize its core competencies (building and maintaining wireless and fixed-line networks) should take priority. That $70 billion spent on buying a doomed satellite TV company could have gone a long way in shoring up broadband service that in many regions still doesn't even meet the FCC's base 25 Mbps definition. But in the world we live in that's simply not sexy enough for Wall Street, and the need to grow simply for growth's sake will likely result in AT&T making even more expensive deals of dubious net benefit down the line. Next up: Waffle House?

72 Comments | Leave a Comment..

Posted on Net Neutrality Special Edition - 17 October 2017 @ 6:11am

GAO Will Investigate The FCC's Dubious DDoS Attack Claims

from the somethin'-fishy-goin'-on dept

You might recall that when HBO comedian John Oliver originally tackled net neutrality on his show in 2014, the FCC website crashed under the load of concerned consumers eager to support the creation of net neutrality rules. When Oliver revisited the topic last May to discuss FCC boss Ajit Pai's myopic plan to kill those same rules, the FCC website crashed under the load a second time. That's not particularly surprising; the FCC's website has long been seen as an outdated relic from the wayback times of Netscape hit counters and awful MIDI music.

But then something weird happened. In the midst of all the media attention Oliver was receiving for his segment, the FCC issued a statement (pdf) by former FCC Chief Information Officer David Bray, claiming that comprehensive FCC "analysis" indicated that it was a malicious DDoS attack, not angry net neutrality supporters, that brought the agency's website to its knees:

"Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC."

But security researchers who studied that claim found none of the usual indicators that would normally precede such an attack. And subsequent news outlet FOIA requests wound up showing that not only does there appear to have never been any such attack, there was no "analysis" conducted or documented. When media outlets began noticing that something fishy was going on, the FCC issued a punchy statement accusing the media of being "completely irresponsible," while claiming it had plenty of data proving its attack claims (its FOIA responses to journalists state the complete opposite) -- it just didn't want to show its hand.

Most FCC watchers think there's two options here. One, the FCC was incompetent and misread John Oliver viewers as a DDoS attack, then tried to cover up said incompetence. Or the FCC knew it wasn't a DDoS attack, but constructed the narrative to try and downplay media coverage of the plan's unpopularity, then tried to cover that up. The former is certainly in character, but the latter would go hand in hand with the agency's apathy toward whoever has been spamming the FCC's website with fraudulent "support" for what is fairly uniformly seen as shitty policy and a mindless hand out to big telecom.

Heeding calls for something vaguely resembling an answer, the General Accounting Office (GAO) has agreed to launch an investigation into what actually happened at the FCC:

"A spokesman for the Government Accountability Office (GAO) confirmed it has accepted a request from two Democratic lawmakers to probe the distributed denial of service (DDoS) attack that the FCC said disrupted its electronic comment filing system in May. The spokesman said that the probe, which was first reported by Politico, is “now in the queue, but the work won’t get underway for several months."

While this story will likely get buried by more pressing news, this inquiry could be notably important in regards to the FCC's attempts to scuttle net neutrality. If the GAO inquiry finds that the FCC was inept or engaged in a cover up, that could raise all manner of procedural questions over whether the FCC was serving the public interest and following established agency protocol. Combined with the agency's obvious apathy to the fact that some group is engaged in fraud to generate bogus support for killing net neutrality, whatever the GAO finds could provide some very interesting fodder for the lawsuits to come.

15 Comments | Leave a Comment..

Posted on Techdirt - 13 October 2017 @ 7:39pm

Google Fiber Gives Up On Traditional TV, And Won't Be The Last Company To Do So

from the adapt-or-perish dept

While Google Fiber was initially hailed as the be-all-end-all of broadband disruption, the bloom has come off the rose in recent months. Last fall, Google executives began to have doubts about the high cost and slow pace of the project, resulting in a not-yet cooked pivot to wireless and the departure of two CEOs in less than a year. Company PR reps seem unable to answer basic questions about cancelled installations and the unsteady direction of the project, which has also faced more than a few obstacles erected by incumbent ISPs unhappy about the added competition.

But Google Fiber has another problem: the slow but steady death of traditional television.

We've noted for some time how smaller cable companies are considering getting out of the pay TV business, since they lack the size and leverage to get the same rates enjoyed by sector behemoths like Comcast NBC Universal. Ultimately, you'll see many of these smaller cable companies shift their focus entirely to broadband, while nudging users toward over the top streaming services. As a smaller pay TV provider, Google is no exception, announcing last week that the company would be removing pay TV service from its service bundles moving forward:

"...We’re trying something new in our next two Fiber cities. When we begin serving customers in Louisville and San Antonio, we’ll focus on providing superfast Internet - and the endless content possibilities that creates - without the traditional TV add on. If you’ve been reading the business news lately, you know that more and more people are moving away from traditional methods of viewing television content. Customers today want to control what, where, when, and how they get content. They want to do it their way, and we want to help them.

That's a nice way of saying users weren't buying what Google Fiber was selling. The company doesn't reveal subscriber numbers, but while analysts have estimated Google Fiber's broadband subscriber count at somewhere between 500,000 and 1 million, the company's total pay TV subscriber count has long been relatively pathetic, with just 100,000 pay TV customers since the project's 2012 launch. Moving forward, Google Fiber makes it clear the company will stop fighting the current and nudge users to streaming alternatives instead:

Whether it’s through YouTube TV, Hulu, Netflix, or more specific targeted services -- there are so many ways to watch what you want, when you want it. And Google Fiber’s superfast Internet allows customers to make the most of all these streaming choices by providing the bandwidth to use multiple devices and apps at the same time.

What this means for Google Fiber's existing pay TV customers isn't clear, but it seems likely they'll ultimately lose service and be shoved toward discounted subscriptions for YouTube TV, Google's new live streaming video platform. But Google Fiber won't be the last pay TV provider to give up on traditional TV. We're entering a new era of mindless merger mania where we're intent on ignoring lessons of the past, making it increasingly difficult for smaller companies to gain a foothold in markets dominated by the likes of Comcast NBC Universal, or soon -- AT&T Time Warner.

And while Google Fiber hopes to have better luck focusing on broadband and streaming video, that's not an easy path either. These same TV sector giants (AT&T, Comcast) also have a growing stranglehold over streaming video licensing as well as the telecom market. And with the government gutting net neutrality and other protections beneficial to consumers and small businesses, getting a leg up in the broadband sector will soon be even more difficult than ever -- especially for those that lack Alphabet/Google's political power and healthy cash reserves.

56 Comments | Leave a Comment..

Posted on Techdirt - 13 October 2017 @ 6:27am

DOJ Staffers: The T-Mobile Sprint Merger Will Reduce Competition And Should Be Blocked

from the merge-ALL-the-things dept

We've already noted how, despite some empty promises by Sprint and Japanese-owner Softbank, the company's (second) attempted merger with T-Mobile will be a notable job killer. How bad will the damage be? At least one analyst predicts the total number of jobs lost could be more than the total number of people Sprint currently employs (around 28,000). Other analysts estimate the deal could kill something closer to 20,000 jobs, and even the most optimistic tallies put the job damage at somewhere closer to 10,000 lost positions -- most of them either in retail (as duplicate stores are closed) or among redundant management positions.

The reduction in major wireless competitors from four to three will also have an obvious, detrimental impact on competition in the space, reducing price competition in the sector and potentially putting an end to the recent, welcome return of unlimited data plans. Just ask career staffers at the Justice Department, who this week leaked word that many of them would be advising agency bosses to block the deal unless their goal is less competition in the space:

"When Sprint and T-Mobile bring their expected merger plans to the U.S. Department of Justice for antitrust review, the career staff who do the bulk of the probe into whether the deal will hurt customers will likely recommend that it be stopped, three people familiar with their thinking told Reuters...The Justice Department's main concern is how the deal would affect competition in the U.S. mobile sector. Antitrust staff will want to let T-Mobile continue as it has done, aggressively wooing customers away from market leaders Verizon Communications and AT&T, the people said.

Of course whether DOJ and FCC leaders listen to this advice is another question entirely. Trump's "populist" rhetoric on the campaign trail suggested a tough antitrust President who'd block mega-mergers that harm the public interest and market health, but his decision to approve AT&T's mammoth Time Warner merger suggests those promises were relatively hollow. And as you may have noted Trump's FCC boss Ajit Pai is a rubber stamp for giant telecom operators; a commissioner that has yet to stand up to industry on any major subject of note during his five-year tenure.

As such, this is being seen as the first real chance for the administration to put its money where its mouth is, and the same Reuters report above notes that analysts are decidedly split on whether that will actually happen:

"An informal poll of seven antitrust experts contacted by Reuters found them split between predicting that the deal would be stopped and saying they did not know if it would be allowed. A tiny fraction of deals are blocked. As influential as the career staff is, the final decision will lie with Trump's antitrust enforcer at the Justice Department, Makan Delrahim, and the Federal Communications Commission."

There's an ongoing mantra in the telecom space that blind deregulation is some kind of panacea, and that by stripping away all government oversight (including antitrust enforcement) of the broken and uncompetitive sector, connectivity and competition will magically sprout from the sidewalks. But history and real-world data consistently undermines that theory. Regulators' decision to block AT&T's attempted acquisition of T-Mobile -- and Sprint's first attempted merger with T-Mobile -- caused in a notable spike in competition thanks to a resurgent T-Mobile, resulting in unlimited data plans, better international roaming rates, the end of punitive long-term contracts, and more.

Again, Sprint has any number of potential suitors or partners that could help the company better compete (Altice, Comcast, Charter, Dish) without reducing overall competition in the sector. Crushing T-Mobile's motivation to disrupt the market by eliminating a major competitor is a notably bad idea, no matter what the industry-funded sales pitches over the next few weeks will try to suggest.

16 Comments | Leave a Comment..

Posted on Techdirt - 12 October 2017 @ 1:25pm

Accenture The Latest To Leave Sensitive Customer Data Sitting Unprotected In The Amazon Cloud

from the please-stop-doing-that dept

What is it exactly that makes not storing sensitive customer data unprotected on an Amazon server so difficult for some people to understand?

Verizon recently made headlines after one of its customer service vendors left the personal data of around 6 million consumers just sitting on an Amazon server without adequate password protection. A GOP data analytics firm was also recently soundly ridiculed after it left the personal data of around 198 million adults (read: almost everybody) similarly just sitting on an Amazon server without protection. Time Warner Cable (4 million impacted users) and an auto-tracking firm named SVR Tracking (540,000 users) also did the same thing.

Now Accenture (who you would think would have the expertise to know better) has decided to join the fun. Reports this week indicate that the company left hundreds of gigabytes of sensitive customer information...you guessed it...sitting open to anyone on the internet in an unsecured Amazon server. That includes 40,000 passwords sitting in one backup database that were stored in plaintext:

"Technology and cloud giant Accenture has confirmed it inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys that could have inflicted considerable damage on the company and its customers. The servers, hosted on Amazon's S3 storage service, contained hundreds of gigabytes of data for the company's enterprise cloud offering, which the company claims provides support to the majority of the Fortune 100.

As is usually the case, the scope and damage of these kinds of screw ups are generally under-reported, as the exponential impact of the exposed data becomes clear. For example in this case, much of the data included passwords and encryption keys that will likely prove helpful in hacking not only Accenture, but other companies' systems:

"One of the other servers contained a folder that stored keys and certificates that could be used to decrypt traffic between Accenture and its customers as it traveled across the internet. Vickery said he also found credentials that appear to relate to Accenture's access to Google's Cloud Platform and Microsoft's Azure, which could give an attacker further access to the company's cloud assets, as well as virtual private network keys, which could have allowed an attacker to access Accenture's internal corporate network."

When news outlets originally reached out to Accenture, the company insisted that "none of our client's information was involved and there was no risk to any of our clients," insisting that the company's "multi-layered security model" worked as intended. Security researchers have subsequently proven that simply wasn't the case, resulting in Accenture issuing an updated statement saying they're investigating the issue more deeply.

All told, it's unclear how many times this exact same story needs to play out before companies stop leaving data sitting unprotected in an Amazon bucket, but it's abundantly clear we have at least a few more trips around this merry-go-round of dysfunction before the lesson sinks in.

10 Comments | Leave a Comment..

Posted on Techdirt - 12 October 2017 @ 6:27am

Groups Battle Trump FCC's Claim That One ISP In A Market Means There's Effective Competition

from the the-fix-is-in dept

While the lack of competition in residential broadband gets plenty of well-deserved attention, the business broadband market in the United States may be even worse. Just one of three companies (Verizon, AT&T, or CenturyLink) dominate what's dubbed the business data services (BDS) market, which connects everything from cellular towers to ATMs to the broader internet. According to the FCC's own data (pdf), 73% of the special access market is controlled by one ISP, 24% of markets usually "enjoy" duopoly control, and only a tiny fraction of markets have more than two choices of BDS providers.

This essential monopoly or duopoly allows these companies to overcharge numerous retailers and organizations for connectivity, and the regulatory capture in the telecom market means countless politicians work tirelessly to keep things that way. Case in point: back in April Trump's FCC announced it would not only be scrapping previous plans to try and make this market more competitive, but would be fiddling with data to try and distort the very definition of "competition." Under the FCC's new plan, countless markets will now be deemed "competitive" if businesses have access to just one broadband provider:

"Pai's definition of "sufficient competition" has drawn fire. The plan would treat an entire county as competitive "if 50 percent of the locations with BDS demand in that county are within a half mile of a location served by a competitive provider." A county would also be considered competitive if 75 percent of Census blocks in the county have a cable provider."

Distorting data and lowering the bar to ankle height to "solve" a lack of competition is part and parcel for Ajit Pai's FCC, which is also trying to weaken the definition of competition in the residential sector as well. Again, if you distort the data to make it look like the market is functioning perfectly, it's easier to justify your complete and total apathy to what -- if you've spent any time with Comcast -- is pretty clearly a broken market.

Needless to say, consumer advocates and the smaller companies harmed by these policies aren't particularly pleased with the FCC's recent decisions. They've been trying for the better part of a decade to fix the lack of competition in the special access and BDS markets, and were just on the cusp of making progress when the FCC dramatically changed course post-election. According to research by the Consumer Federation of America (CFA), roughly half of the $40 billion in revenue made in this market is courtesy of a lack of competition and monopoly over-charging of smaller businesses.

As a result, Public Knowledge and the Consumer Federation of America have filed an amicus curiae brief (pdf) urging the US Court of Appeals for the Eighth Circuit to vacate the FCC's BDS order. The filing argues that the FCC's actions here run in stark contrast to both FCC precedent and, you know, reality:

"The Court should vacate and remand the Order. The Order is arbitrary and capricious. The Commission departed from its past precedents without explanation or justification, and reached a conclusion that is contrary to the record in the Business Data Services docket. Further, the Order concludes, contrary to the record and established antitrust analysis, that duopoly markets are sufficiently competitive to discipline market power and prices, and that potential competition can effectively check market power, even by monopoly service providers."

Of course there's a reason giant ISPs like Comcast and AT&T employ an army of economists eager to distort, stretch, and otherwise mutilate data until it justifies policy that protects them from real competition. In fact, the groups at one point indicate that Ajit Pai's FCC tried to use concrete to justify its latest effort:

"The order cites studies analyzing three-firm and four-firm markets, but fails to explain how its analysis is relevant to the one-firm and two-firm markets the commission embraces as sufficiently competitive, Curiously, the Commission relies on a study involving ready-mix concrete for the proposition that the addition of competitors beyond a second has diminishing returns..."

There's numerous other slights of hand the FCC used to justify its total apathy to the broken BDS market, including claiming that wireless competition from fifth-generation (5G) networks will make everything magically work out -- while ignoring that just two companies (AT&T and Verizon) hold the vast majority of the spectrum needed to compete in that space. Granted if you've watched as the FCC abuses logic to justify dismantling everything from net neutrality to privacy protections, it's all par for the course for an agency that prioritizes incumbent revenues over consumers, competition, or the health of the market itself.

27 Comments | Leave a Comment..

Posted on Techdirt - 11 October 2017 @ 6:21am

Analysts Predict Sprint, T-Mobile Merger Will Be A Massive Job Killer

from the synergies,-yo dept

For much of the year, Sprint has been trying to butter up the Trump administration to gain approval for a merger with T-Mobile. Sprint's previous attempts at such a merger were blocked by regulators, who correctly noted that reducing wireless competitors from four to three would raise rates and reduce carrier incentive to improve and compete. But with the Trump administration spearheading a new wave of mindless merger mania in the telecom space, Sprint is poised to try again, and is expected to formally announce its latest attempt to acquire T-Mobile in just a matter of weeks.

Of course like any good merger, that will involve countless think tankers, lobbyists, consultants, fauxcademics and other policy voices willfully ignoring M&A history, insisting that the deal will magically spur competition, save puppies, cure cancer, and result in countless thousands of new jobs. But many respected sector analysts are busy noting that the job is expected to be a mammoth job killer. How much of a job killer? One analyst predicts the merged company could result in more net job losses than the total number of employees Sprint currently has:

"Together, the companies reported employing 78,000 in their most recent disclosures. Sprint, based in suburban Kansas City, accounts for 28,000 of those, and T-Mobile for 50,000. Merging the companies, said a report by Jonathan Chaplin of New Street Research, could eliminate “approximately 30,000 American jobs” — which is more than Sprint employs.

Craig Moffett, another major Wall Street analysts, has previously predicted the net job losses could possibly be somewhere closer to around 20,000:

"Last August, (Moffett) put pen to paper and found reason to expect 20,000 job cuts from a merger. Moffett’s report showed most of those would be retail workers. Sprint and T-Mobile each want more retail outlets, but a combined company wouldn’t need as many stores as both have currently. It would make business sense to close stores near each other.

“We conservatively estimate that a total of 3,000 of Sprint and T-Mobile’s branded stores (or branded-equivalent stores) would eventually close,” Moffett’s report said.

Each of those, he said, would mean the loss of five full time jobs, or 15,000 jobs in total. A merger also would threaten “overhead” jobs, the kind concentrated in headquarters such as Sprint’s and T-Mobile’s in the Seattle area.

Of course that will be the precise opposite of the claims you'll start seeing over the next few weeks as the lobbying sales pitch for the megamerger heats up with the help of an often unskeptical media. Ignored will be the fact that the government's decision to block AT&T from acquiring T-Mobile helped foster some real competition in the space, resulting in the return of simpler, unlimited data plans. Also ignored will be the fact that the remaining three companies -- T-Mobile, Verizon and AT&T, will have less incentive than ever to engage in real price competition, potentially resulting in unlimited data being killed off again.

Most of these sales pitches will attempt to paint a picture where Sprint was going to collapse anyway, despite a deep-pocketed owner in Japan's Softbank -- and an improving balance sheet. But there are countless M&A options for the company that don't involve reducing competition in the space, including an acquisition by Charter and Comcast (who want to bundle wireless with cable and broadband service) or French-owned Altice, which has been gobbling up U.S. cable companies and has expressed its own interest in jumping into the wireless space.

Despite the obvious job losses and competition reduction, few expect the Trump administration to block the deal, since approving it will let the President, as is his tendency, proudly convince his loyal base he helped create jobs that technically don't exist. Sprint and its Japanese owner Softbank already paved the road for this bullshit parade earlier this year, when it let Trump falsely claim credit for thousands of Softbank jobs that technically may never arrive, and were announced long before Trump was even elected anyway.

In very 2017 fashion, expect none of this to matter once the merger sales pitch begins in earnest over the next several weeks.

59 Comments | Leave a Comment..

Posted on Techdirt - 10 October 2017 @ 6:30am

Cyberstalking Case Highlights How VPN Provider Claims About Not Keeping Logs Are Often False

from the privacy-panacea dept

When the Trump administration recently decided to gut consumer privacy protections for broadband, many folks understandably rushed to VPNs for some additional privacy and protection. And indeed, many ISPs justified their lobbying assault on the rules by stating that users didn't need privacy protections, since they could simply use a VPN to fully protect their online activity. But we've noted repeatedly that VPNs are not some kind of panacea, and in many instances you're simply shifting the potential for abuse from your ISP -- to a VPN provider that may not actually offer the privacy it claims.

Latest case in point: like many companies, a VPN provider by the name of PureVPN has been advertising for years on its website that it keeps no logs of user behavior:

"PureVPN operates a self-managed VPN network that currently stands at 750+ Servers in 141 Countries. But is this enough to ensure complete security? That's why PureVPN has launched advanced features to add proactive, preventive and complete security. There are no third-parties involved and NO logs of your activities."

But when the Department of Justice announced last Friday it had arrested a Massachusetts man by the name of Ryan Lin for stalking, one key component of the case involved using PureVPN logs to track his online activities. According to the DOJ complaint (pdf), the man in question engaged in a “multi-faceted campaign of computer hacking and cyberstalking”:

"It is alleged that Lin engaged in an extensive, multi-faceted campaign of computer hacking and cyberstalking that began in April 2016 and continued until the date of his arrest, against a 24-year-old female victim, her family, friends and institutions associated with her. Lin, the victim’s former roommate, allegedly hacked into the victim’s online accounts and devices, stealing private photographs, personally identifiable information, and private diary entries that contained highly sensitive details about her medical, psychological and sexual history. It is alleged that Lin then distributed the victim’s private photographs and diary entries to hundreds of others. "

Lin had apparently used Tor, PureVPN, and other tools to try and obscure his online footprints. In this instance, authorities seemed to already have enough brick and mortar evidence against Lin to build a case, but data from the logs Pure VPN supposedly doesn't collect helped contribute to the case against him:

"An affidavit submitted by Special Agent Jeffrey Williams in support of the criminal complaint against Lin provides most of the answers....“Artifacts indicated that PureVPN, a VPN service that was used repeatedly in the cyberstalking scheme, was installed on the computer,” the affidavit reads. From here the Special Agent’s report reveals that the FBI received cooperation from Hong Kong-based PureVPN.

“Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time,” the agent’s affidavit reads.

It should go without saying that Lin's alleged behavior is abhorrent. That said, the case serves as an example of how the promises most VPNs make about not keeping logs can't really be trusted, something the company's users would have noticed if they'd dug a little deeper into the VPNs privacy policy, which details how the Hong Kong company does store IP addresses as well as connection duration, time and date. Ironically, Lin had taken to Twitter not that long ago to acknowledge that VPN promises on this front often aren't worth all that much:

"There is no such thing as a VPN that doesn’t keep logs,” Lin said. “If they can limit your connections or track bandwidth usage, they keep logs.”

Few will shed a tear over a stalker not heeding his own privacy and security advice. But as VPNs are also used by political dissidents, reporters, and millions of security-conscious individuals, it's worth remembering that the technology isn't the magic fairy privacy dust it's often portrayed as in media reports. And VPNs are not, as ISP lobbyists have claimed, a panacea for the slow but steady erosion of online privacy protections by companies looking to collect and sell every shred of personal data that's not nailed down.

40 Comments | Leave a Comment..

Posted on Techdirt - 6 October 2017 @ 6:27am

Anybody Claiming Net Neutrality Rules Killed Broadband Investment Is Lying To You

from the chicken-little-for-hire dept

In 2015 the FCC passed some fairly basic net neutrality rules designed to keep broadband duopolies from abusing a lack of broadband competition to hamstring internet competitors. Despite the endless pearl clutching from ISP lobbyists and allies, the rules were relatively modest, falling well short of the more comprehensive rules we've seen passed in places like Canada, Japan, and India. Still, ISPs have spent every day since trying to claim that the rules somehow utterly devastated broadband sector investment, despite the fact that independent economists and journalists have repeatedly proven that to be a lie.

That lie, of course, has been the cornerstone of Trump FCC head Ajit Pai's assault on net neutrality rules and the court sanctioned Title II classification being used to support them. Pai has repeatedly tried to claim that sector investment is at at all time low due to the FCC's fairly tepid net neutrality protections. But again, multi-billion-dollar spectrum purchases, billion-dollar gigabit fiber deployments, and the hundreds of billions being tossed around on megamergers all say otherwise.

The latest case in point: a new report by Deutsche Bank Markets Research highlights how the same ISPs that claim broadband investment is in the tank are spending hundreds of billions of dollars on the fiber needed to fuel fifth-generation wireless (5G) and smart city IoT technologies. AT&T and Verizon, usually the first companies you'll see whining about how net neutrality ruined Christmas, are at the front of the pack:

“Telecoms have become much more public signaling their intent to increase fiber investment, with AT&T and Verizon leading the spending ramp,” said Deutsche Bank Markets Research..."After establishing its “One Fiber” initiative, Verizon signed two key fiber supply deals: it will spend $1 billion with Corning to buy 1.5 million miles of fiber over three years and a $300 million deal with Prysmian to buy 1 million miles of fiber over 3 years. AT&T is being no less aggressive....What’s driving the ongoing fiber expansion plans is the ongoing mission to have converged networks that simultaneously support FTTH and 5G wireless services.

Verizon and AT&T's investment is paralleled by France's Altice, which has been gobbling up US cable companies and plans to upgrade their entire footprint to fiber to the home over the next few years (clearly net neutrality rules simply terrified them). Comcast, another big pusher of the investment apocalypse narrative, is also tripping over itself to spend millions on additional fiber and DOCSIS 3.1 upgrades. All told, the bank estimates that this investment explosion should reach $175 billion over the next decade as these companies position themselves for the wireless smart cities of tomorrow. And it's only accelerating:

"Deutsche Bank said in order achieve these goals, its “proprietary top-down fiber model suggests spending on fiber to the home will total ~$175B over the next decade (an additional $25-30B will likely go towards 5G).” Verizon and AT&T are clearly leading this charge with plans to either build out and augment existing fiber routes by building their own facilities, renting, or purchasing regional assets. “Telecom/cable companies are increasingly talking about the convergence of fiber to the home and the 5G rollout as one large investment cycle that will likely ramp further in 2018,” Deutsche Bank said.

That is, if you're playing along at home, not a fucking slowdown, and anybody that continues to push this flimsy narrative is either lying to you, or has been duped by years of lobbyist nonsense. Of course industry executives have been quietly admitting the net neutrality induced investment apocalypse has been bullshit all along, but with their other hand they've been paying an army of economists, astroturfers, think tankers, fauxcademics and other policy voices to claim otherwise -- all in the hopes of gutting what's already tepid regulatory oversight of one the least competitive industries in America.

20 Comments | Leave a Comment..

Posted on Techdirt - 5 October 2017 @ 3:40pm

Sex Toys Are Just As Poorly-Secured As The Rest Of The Internet of Broken Things

from the masturbatory-metadata dept

At this point we've pretty well documented how the "internet of things" is a privacy and security dumpster fire. Whether it's tea kettles that expose your WiFi credentials or smart fridges that leak your Gmail password, companies were so busy trying to make a buck by embedding network chipsets into everything, they couldn't be bothered to adhere to even the most modest security and privacy guidelines. As a result, billions upon billions of devices are now being connected to the internet with little to no meaningful security and a total disregard to user privacy -- posing a potentially fatal threat to us all.

Unsurprisingly, the sex toy division of the internet of broken things is no exception to this rule. One "smart dildo" manufacturer was recently forced to shell out $3.75 million after it was caught collecting, err, "usage habits" of the company's customers. According to the lawsuit, Standard Innovation's We-Vibe vibrator collected sensitive data about customer usage, including "selected vibration settings," the device's battery life, and even the vibrator's "temperature." At no point did the company apparently think it was a good idea to clearly inform users of this data collection.

But security is also lacking elsewhere in the world of internet-connected sex toys. Alex Lomas of Pentest Partners recently took a look at the security in many internet-connected sex toys, and walked away arguably unimpressed. Using a Bluetooth "dongle" and antenna, Lomas drove around Berlin looking for openly accessible sex toys (he calls it "screwdriving," in a riff off of wardriving). He subsequently found it's relatively trivial to discover and hijack everything from vibrators to smart butt plugs -- thanks to the way Bluetooth Low Energy (BLE) connectivity works:

"The only protection you have is that BLE devices will generally only pair with one device at a time, but range is limited and if the user walks out of range of their smartphone or the phone battery dies, the adult toy will become available for others to connect to without any authentication. I should say at this point that this is purely passive reconnaissance based on the BLE advertisements the device sends out – attempting to connect to the device and actually control it without consent is not something I or you should do. But now one could drive the Hush’s motor to full speed, and as long as the attacker remains connected over BLE and not the victim, there is no way they can stop the vibrations."

Lomas found that hearing aids that also use the BLE standard are similarly vulnerable, letting an attacker easily disrupt functionality of the devices. He proceeds to note that this could all be prevented via any number of improvements to these devices, including usage of a unique PIN, the need for local physical interaction (like a button push) to connect, or lowering the Bluetooth signal strength.

But as we've noted previously, a big part of the security and privacy apathy coming from router and IOT device makers is due to the fact that nobody in these supply chains has the financial incentive to try very hard (if at all), so most will be off hyping the next iteration of their magical, intelligent butt plug -- instead of shoring up the problems with the last generation.

36 Comments | Leave a Comment..

Posted on Techdirt - 5 October 2017 @ 6:41am

Wall Street Predicts Apathetic Regulators And Limited Competition Will Let Comcast Double Broadband Prices

from the who-needs-competition-anyway dept

Wall Street predicts that cable giants like Comcast will soon be cashing in on the one-two punch of rubber stamp regulators and an ongoing lack of competition in the broadband space. Under the Obama administration, regulators turned a blind eye to the fact that cable giants like Comcast were taking advantage of a lack of competition to impose arbitrary and unnecessary usage caps and overage fees. Under the Trump administration that apathy has ballooned ten fold, with the looming assault on net neutrality only green lighting Comcast's ability to use those fees to raise rates and hamstring streaming competitors.

Wall Street analysts obviously adore this new paradigm of regulatory apathy to the sector's competition woes, and predict cable providers are about to enter a very lucrative period of profit taking. Said enthusiasm is usually masked by the use of rhetoric that obfuscates the real consumer and market harms such cheer leading assists. For example, a research note sent to investors this week by New Street Research analyst Jonathan Chaplin indicates that competitive "headwinds" will soon waver, allowing Comcast to double the amount it currently charges for broadband:

"We have argued that broadband is underpriced, given that pricing has barely increased over the past decade while broadband utility has exploded,” New Street said. “Our analysis suggested a ‘utility-adjusted’ ARPU target of ~$90. Comcast recently increased standalone broadband to $90 (including modem), paving the way for faster ARPU growth as the mix shifts in favor of broadband-only households. Charter will likely follow, once they are through the integration of Time Warner Cable.”

New Street added that “broadband pricing could double from current levels.”

How exciting. Of course while Chaplin tries to argue that broadband pricing has "barely increased" over the last decade, it's important to understand he's talking about the advertised price. Comcast has provided a master class in the tactic of using hidden, sneaky, and/or entirely bogus fees to covertly jack up the cost of service post sale, something both Comcast and Charter are facing numerous lawsuits for. Then there's Comcast usage caps and overage fees -- which is Comcast's charming way of abusing limited competition to raise rates -- while pretending that isn't actually happening.

That brings us to the other major portion of Chaplin's note, which goes on to predict that Comcast should be fairly well insulated from cord cutting. How? Thanks, in part, to Comcast's growing monopoly over broadband and the higher prices that allows:

"The traditional pay-TV market saw the worst loss of subs on record this quarter,” the investor note said. “We don’t expect this trend to change anytime soon; however, we think cable should be somewhat insulated because: 1) they should take share in a declining market, helped by the pull-through effect from growing share in broadband; 2) we don’t think cable makes much money in pay-TV. In fact, the [free cash flow] lost from subs dropping pay-TV is generally recovered through higher HSD pricing.”

As we've noted previously, Comcast is somewhat insulated from cord cutting because of a lack of competition in the broadband space. In countless markets nationwide, telcos have simply refused to upgrade aging DSL lines at any scale. These telcos have effectively ceded control of the residential broadband market to local cable competitors as they focus on other ventures (largely either expanding further into business broadband or clumsily slinging video ads to Millennials in a quest to be the next Facebook or Google). As a result, we're quietly and slowly seeing bigger cable broadband monopolies than ever in many markets.

As these frustrated DSL users flee to cable just to get current-generation speeds (which is happening faster than ever), they're signing up for broadband and TV bundles that are notably cheaper than TV alone. That doesn't mean these users necessarily wanted cable TV (in many instances the cable box sits dusty in a closet), but they're still paying all the same. Meanwhile, usage caps and overage fees help protect cable TV revenues by making it more expensive than ever to flock to streaming video competitors, and with the looming death of net neutrality, these companies can also exempt their own streaming services while penalizing competitors.

This is, again, something we've built thanks in large part to the bipartisan apathy toward actually doing anything to fix the broadband market. Because actually doing so would upset deep-pocketed campaign contributors, we're apparently content in paying empty lip service to things like "bridging the digital divide," while despised industry giants like Comcast cash in on our collective Congressional and regulatory dysfunction. Enjoy your higher Comcast bill, everyone.

51 Comments | Leave a Comment..

Posted on Techdirt - 4 October 2017 @ 10:43am

Broadband Lobbyists Gush Over Re-Appointment Of Trump's FCC Boss

from the we-just-love-consumers-so-very,-very-much dept

If you've been paying attention, you may have noticed that Trump-appointed FCC boss Ajit Pai is viciously unpopular. There are dozens of reasons for this, ranging from his assault on net neutrality and broadband privacy rules, to his efforts to protect cable's set top box monopoly while fiddling with data measurement to downplay a lack of competition in the space. Pai's the type to gut broadband funding programs for the poor while professing to be a stalwart champion of bridging the digital divide -- a man whose self-professed dedication to transparency is notably absent in his policy making.

This week, Pai was up for re-confirmation for a new five year term at the FCC. Consumer groups tried desperately to convince lawmakers to block his re-confirmation. It was a well-intentioned but arguably-futile exercise, since even if Pai was blocked, he simply would have been replaced by some other industry rubber stamp (most likely either current FCC Commissioner Mike O'Rielly, or Brendon Carr). Still the historically contentious 52 to 41 vote got notably closer than most people expected, with many politicians quick to highlight Pai's more-than-cozy relationship with giant cable operators:

Not too surprisingly, major ISP lobbying and policy organizations were quick to trip over themselves in gushing about Pai's re-appointment, using rhetoric so detached from reality as to border on high art. Comcast's top lobbyist David Cohen (Comcast apparently hates it when you call him what he is) proudly proclaimed that Pai's re-appointment was a major boon to consumers:

We commend the Senate’s decision today to reconfirm Ajit Pai as FCC chairman. Throughout his over five years at the FCC as a commissioner and during his nine-month tenure as chairman, Ajit Pai has favored deregulatory policies aimed at encouraging innovation, investment, job creation and economic growth – all in an effort to best serve consumers.

Yes, nothing "serves consumers" like gutting rules protecting them from Comcast's growing monopoly over broadband, allowing the cable giant to impose punitive usage caps and overage fees, saddling consumers with added costs while making competition harder for competing streaming providers. Or perhaps Cohen was referring to the way Pai crushed the FCC's attempted dismantling of cable's hardware monopoly over the cable box, thanks to a massive disinformation effort involving claims that cable box competition would hurt minorities, destroy copyright, confuse consumers, and rip the very Earth off of its axis.

Former FCC boss turned top cable industry lobbyist Michael Powell was similarly thrilled by Pai's re-appointment:

During his tenure at the FCC, Chairman Pai has consistently demonstrated a thoughtful approach to policymaking that promotes consumer welfare through marketplace competition and innovation. We share Chairman Pai’s vision for policies aimed at spurring continued investment and expanding opportunity for all Americans, and we look forward to working with him and all members of the commission in pursuing policies that protect consumers and promote the continued growth of new networks and services.

Right, nothing quite promotes the "continued growth of new services" like gutting popular net neutrality protections, which prevent smaller companies from being crushed by industry duopolists like Comcast and AT&T. And what helps foster "new networks" quite like killing rules that protect smaller competitors from Verizon and AT&T's total market domination of the special access, tower backhaul and business data services (BDS) markets, which will indisputably jack up prices for consumers and small businesses alike?

Not to be outdone, FCC Commissioner -- turned Comcast lobbyist -- turned top lobbyist for the wireless industry Meredith Attwell Baker, lavished praise on Pai for his dedication to "investment-spurring" policies:

On behalf of CTIA and the wireless industry, we congratulate Chairman Ajit Pai on his reconfirmation to the Federal Communications Commission. Chairman Pai’s continued leadership and expertise is essential as we transition to next-generation 5G wireless networks. He understands the need for smart policies to spur investment, innovation and growth and the importance of America continuing to lead the world in wireless.

As you all surely know, making it significantly more expensive for smaller businesses to survive and compete with industry giants is the very definition of "spurring innovation and growth." You also must know by now that Pai's tendency to completely ignore the broadband sector's blatantly obvious competition problems is the very first step toward a brave new tomorrow.

Unfortunately, because ISP lobbyists have convinced too many of us that maintaining a healthy internet and vibrant competition is somehow a "partisan issue," criticism of Pai's backward-ass policies will continue to be thrown under the media coverage bus. As a result, the next few months we'll get to enjoy the final killing blow against net neutrality, the rubber stamping of a competition-killing Sprint T-Mobile merger, and higher broadband prices than ever as bloated broadband and media empires cash in on Pai's regulatory apathy. Are you excited yet?

32 Comments | Leave a Comment..

Posted on Techdirt - 4 October 2017 @ 6:20am

'Six Strikes' May Be Dead, But ISPs Keep Threatening To Disconnect Accused Pirates Anyway

from the undead-whac-a-mole dept

Earlier this year, the entertainment and telecom industries' "six strikes" anti-piracy initiative died a quiet death after years of hype from the RIAA and MPAA about how it would revolutionize copyright enforcement (it didn't). The program involved ISPs using a rotating crop of "escalation measures" to temporarily block, throttle or otherwise harass accused pirates until they acknowledged receipt of laughably one-sided copyright educational materials. Offenders, accused entirely based on IP address as proof of guilt, were allowed to try and contest these accusations -- if they paid a $35 fee.

Needless to say, data suggests the Copyright Alert System didn't do much if anything to stop piracy, since most would-be pirates simply obscured their internet behavior using proxies and VPNs. Meanwhile, the supposed "education" the program provided American consumers accomplished little more than driving up broadband costs as ISPs passed on the cost of participation in the farce to the end user.

But while six strikes is technically dead, that's not apparently stopping participating ISPs like Verizon, Comcast and Time Warner Cable (now Charter Spectrum) from continuing to threaten to disconnect users from the internet based on often-flimsy IP address evidence. Users of these ISPs say they continue to receive threats from their ISP that they'll be kicked off of the internet if they don't stop being naughty:

"So, over the weekend my internet got interrupted by my ISP (internet service provider) stating that someone on my network has violated some copyright laws. I had to complete a survey and they brought back the internet to me,” one subscriber wrote a few weeks ago. He added that his (unnamed) ISP advised him that seven warnings would get his account disconnected.

Another user, who named his ISP as Comcast, reported receiving a notice after downloading a game using BitTorrent. He was warned that the alleged infringement “may result in the suspension or termination of your Service account” but what remains unclear is how many warnings people can receive before this happens.

To be clear ISPs don't actually kick people off of the internet, as nearly everybody (outside of the RIAA and MPAA) has acknowledged that severing access to a necessary utility is a draconian over-reaction to downloading the Led Zeppelin discography. Under the six strikes initiative, nothing actually happened to users after reaching the sixth strike, the hope being you could scare people into compliance (it doesn't work). The only way to ensure compliance would be to craft an organization tasked with tracking individual users as they float between ISPs, an approach France found to be an untenable disaster.

Nothing still happens to users who give a middle finger to these warnings, but that apparently doesn't stop ISPs like Verizon from temporarily suspending user accounts, requiring they call up the droll old telco sexy new Millennial-focused advertising powerhouse to get reconnected to the internet:

"So lately I’ve been getting more and more annoyed with pirating because I get blasted with a webpage telling me my internet is disconnected and that I need to delete the file to reconnect, with the latest one having me actually call Verizon to reconnect,” a subscriber to the service reported earlier this month."

Of course many of these ISPs are just going through the motions because of the Cox versus BMG case, in which a notably-distorted interpretation of the DMCA by Judge Liam O'Grady now puts ISP safe harbor protections at risk -- if they don't participate in this useless and costly game of make believe. Most ISP executives I've spoken to make it clear that the broadband industry is cooperating begrudgingly to protect themselves from liability, and are all well aware of the futility and ineffectiveness of these systems, the cost of which are now rolled into your already bloated broadband bill.

So while six strikes may formally be dead, the animated corpse of the misguided concept lives on, with ISPs that don't even believe in what they're doing pretending that this costly and annoying system of threats and scolding actually has any substantive purpose. That, apparently, will have to make do until the MPAA and RIAA (and the myriad of lawmakers and dollar per holler consultants paid to love them) can concoct an even worse idea.

16 Comments | Leave a Comment..

Posted on Techdirt - 3 October 2017 @ 1:32pm

Trump's FCC Boss Blasts Apple For Refusing To 'Turn On' FM iPhone Chipsets That Don't Actually Exist

from the yeah,-whoops dept

If you've seen current FCC Ajit Pai's name in print so far this year, it's probably for any number of his extremely anti-consumer, telecom industry friendly positions. Like his attempts to kill net neutrality, his support of gutting consumer broadband privacy protections, his efforts to protect the cable industry's cable box monopoly from competition, efforts to dramatically reduce media consolidation rules, his defense of prison phone monopoly price gouging, or the way he's making it harder for Americans to get affordable broadband.

To obfuscate this arguably-lopsided agenda, Pai has been busy trying to portray himself as somebody notably other than the revolving door regulator he actually is.

For example, Pai has repeatedly insisted that he's a heroic advocate for closing the digital divide, even while simultaneously weakening broadband deployment standards and eroding all oversight of historically-despised mono/duopolists like Comcast. Similarly, Pai spent many of his first months in office insisting he'd be breathlessly dedicated to transparency, yet the FCC boss has already been sued for refusing to document his communications with incumbent ISPs regarding net neutrality, or to provide hard data on why his agency appears to have hallucinated a DDoS attack.

Last week, Pai trotted out yet another effort to try and portray himself as an unwavering ally to consumers. In a missive posted to the FCC website (pdf), Pai lambasted Apple for refusing to turn on the FM radio chipsets embedded in iPhones, something he was quick to proclaim was a major affront to the safety and security of the nation's wireless subscribers:

"Apple is the one major phone manufacturer that has resisted doing so. But I hope the company will reconsider its position, given the devastation wrought by Hurricanes Harvey, Irma, and Maria. That’s why I am asking Apple to activate the FM chips that are in its iPhones. It is time for Apple to step up to the plate and put the safety of the American people first. As the Sun Sentinel of South Florida put it, ‘Do the right thing, Mr. Cook. Flip the switch. Lives depend on it.’”

And while that may look like Pai was busy trying to do a good thing, Apple was forced to issue a public statement pointing out that the chipsets Pai wants turned on -- don't actually exist:

"Apple cares deeply about the safety of our users, especially during times of crisis and that’s why we have engineered modern safety solutions into our products. Users can dial emergency services and access Medical ID card information directly from the Lock Screen, and we enable government emergency notifications, ranging from Weather Advisories to AMBER alerts. iPhone 7 and iPhone 8 models do not have FM radio chips in them nor do they have antennas designed to support FM signals, so it is not possible to enable FM reception in these products."

And while some older iPhone models do have such chipsets, they don't have the embedded antennas necessary to effectively utilize them. In many instances, the FM functionality is just part of an overall "system on a chip" (SOC) that technically contains the functionality, but isn't actually capable of being turned on. Pai appears to have drawn his information from this similarly incorrect Florida news report, something ten minutes of research could have clarified. From some additional commentary from Apple evangelist John Gruber:

"I’ve dug around, and what I’ve been told is that there is an FM radio chip in older iPhones, but it’s not connected, and there’s no antenna designed for FM radio. The chip is just part of a commodity component part, and Apple only connected the parts of the chip that the iPhones were designed to use. No iPhone was ever designed to be an FM radio, and there is no “switch” that can be “flipped” — nor software update that could be issued — that could turn them into one. It’s a complete technical misconception.

What’s absurd is that the FCC commissioner would take his understanding of the iPhone’s technical capabilities from a newspaper editorial rather than from Apple’s own FCC regulatory filings, which I’m pretty sure would show that they’re not capable of acting as FM radios.

If that's the level of Pai's fact-checking before accusing Apple of harming the safety of the "American people," it leaves you wondering just how much homework Pai has done before deciding to "take a weedwhacker" (his words) to essential consumer protections on the telecom front.

34 Comments | Leave a Comment..

Posted on Net Neutrality Special Edition - 3 October 2017 @ 6:22am

Hoping The Third Time's The Charm, ISPs Urge Supreme Court To Kill Net Neutrality

from the one-more-time-around dept

We've noted how large ISPs like Comcast, AT&T and Verizon are covering all their bases in their endless quest to kill popular (some would say necessary) net neutrality protections. They've successfully lobbied FCC boss Ajit Pai to vote to kill the existing rules later this year, despite the massive public opposition to that plan. But they're also lobbying Congress to draft a new net neutrality law they publicly insist will solve everything, while privately hoping you're too stupid to realize will be entirely written by their lawyers and lobbyists -- ensuring it has so many loopholes as to be effectively useless.

In case those first two options don't work, large ISPs are also -- for the third time in as many years -- looking for the Supreme Court's help. ISPs lost their first attempt to overturn the Title II net neutrality order last year when the US Court of Appeals for the District of Columbia shot down their complaints (which included insisting that net neutrality rules violated their First Amendment rights). ISPs lost again earlier this year when the courts shot down their en banc appeal.

Hoping the third time's the charm, lobbyists for Comcast, AT&T and other ISPs have lobbied the Supreme Court to overturn the rules, hoping to kill net neutrality protections both today and for the foreseeable future. Like previous complaints, AT&T's petition to the court (pdf) trots out a parade of theoretical horribles, doubling down on numerous, previously debunked industry claims (like these modest net neutrality rules somehow utterly devastated sector investment, a claim repeatedly debunked by countless journalists and objective economists).

AT&T's petition is a greatest hits of its previous, false claims, including the claim that zero rating (imposing usage caps then letting a company's own content bypass those caps while still penalizing competitors) is somehow "pro consumer":

"It is clear, however, that such open-ended Title II regulation confers expansive authority on the FCC to regulate virtually anything a broadband ISP does and enables any individual or company to file a complaint alleging that any broadband innovation is in some sense “unfair” or “unreasonable.” Pet. App. 696a-700a (¶ 455). The FCC has said, for example, that it could forbid a broadband provider to “zero-rat[e]” certain content (i.e., exempt it from monthly data allowances) on the theory that doing so is “unfair” to other content providers, id. at 343a-49a (¶¶ 151-153), even though zero-rating is equivalent to bundled discounts and is thus strongly pro-consumer."

As we've noted here quite frequently, that's all bullshit. AT&T, like other ISPs, has abused the lack of competition in the broadband space by imposing arbitrary and unnecessary usage caps. From there, ISPs like Comcast and AT&T have exempted their own services from these caps while penalizing competitors. Even then, the FCC didn't explicitly ban this practice (as is the case in Chile, the Netherlands, India, Canada and elsewhere), instead stating they'd only act on a "case by case basis." The FCC was just preparing to declare some of this behavior anti-competitive when Ajit Pai and Donald Trump arrived on the scene.

The nation's mega ISPs all petitioned the Court to declare that the FCC exceeded its statutory authority by reclassifying broadband as a common carrier service. If the Supreme Court obliges, that would prevent any future FCC Commissioners from revisiting the issue, leaving the whole net neutrality issue up to a cash-compromised and utterly dysfunctional Congress to solve (good luck with that). Of course the Supreme Court may decide Pai's planned assault on the rules makes hearing the case duplicative, dashing ISP dreams of ISP lawyers hoping to kill even the faintest specter of meaningful net neutrality rules, permanently.

Since AT&T lawyers are also busy in court trying to undermine the FTC's oversight of broadband providers as well (or in fact any company with even a modest "common carrier" component), the goal here is pretty straight forward: gutting all meaningful government oversight of one of the least competitive industries in America. Should this multi-pronged, bullshit-laden effort prove successful, the laundry list of problems we've had with companies like Comcast are going to seem arguably quaint in a few years.

24 Comments | Leave a Comment..

Posted on Techdirt - 2 October 2017 @ 1:23pm

Auto Location Tracking Company Leaves Customer Data Exposed Online

from the stop-doing-that dept

What is it about companies (or their contractors) leaving consumer data publicly exposed on an Amazon cloud server? Verizon recently made headlines after one of its customer service vendors left the personal data of around 6 million consumers just sitting on an Amazon server without adequate password protection. A GOP data analytics firm was also recently soundly ridiculed after it left the personal data of around 198 million citizens (read: most of you) similarly just sitting on an Amazon server without protection. Time Warner Cable also recently left 4 million user records sitting in an openly-accessible Amazon bucket.

This sort of incompetence shows no sign of slowing down. Not to be outdone, The Kromtech Security Center recently found over half a million records belonging to SVR Tracking, a company that helps track your car's location for its “vehicle recovery" service, left sitting online without adequate security. You guessed it: the company apparently also thought it would be a good idea to leave this data sitting on an Amazon server openly accessible via the internet:

"Kromtech discovered SVR’s data in a publicly accessible Amazon S3 bucket. It contained information on roughly 540,000 SVR accounts, including email addresses and passwords, as well as some license plates and vehicle identification numbers (VIN). There were half a million records overall, Kromtech said, “but in some cases credentials were given for a record with several vehicles associated with it.”

In this case, Kromtech notes that SVR tracking did at least store the data using a cryptographic hash function (SHA-1), albeit one that’s 20 years old and with easily-exploitable weaknesses. And while there certainly have been much larger security breaches in recent months, this one is notable for its high creep factor. SVR advertises that its technology provides “continuous vehicle tracking, every two minutes when moving” and a “four hour heartbeat when stopped.” That means that a hacker that had gained access to the login data would be able to track everywhere a customer's car has been in the past 120 days.

In addition to SVR account information, the exposed data also included documents and images related to vehicle maintenance records, as well as contract details with the roughly 400 or so dealerships that have business relationships with SVR. Fortunately SVR secured the data two days after Kromtech notified them of it, but refuses to clarify the scope of the breach to either Kromtech or the press. Kromtech notes that the data exposed could be significantly larger than initial reports indicate:

"The overall number of devices could be much larger given the fact that many of the resellers or clients had large numbers of devices for tracking. In the age where crime and technology go hand in hand, imagine the potential danger if cyber criminals could find out where a car is by logging in with the credentials that were publicly available online and steal that car?”

Of course this new trend of just leaving customer data sitting openly on the Amazon cloud is running hand in hand with the abysmal security already inherent in embedded car infotainment and navigation systems, problems we might want to more seriously contemplate before we automate the entire country's transportation and delivery systems.

15 Comments | Leave a Comment..

Posted on Techdirt - 29 September 2017 @ 6:38am

Showtime Won't Explain Why Its Website Was Hijacking User Browsers To Covertly Mine Cryptocurrency

from the whoops-a-daisy dept

Showtime's websites recently began covertly hijacking user browsers to mine cryptocurrency, and neither Showtime nor its parent company CBS appear interested in explaining how or why it happened. The code in question -- a bit of JavaScript dubbed Coinhive, was embedded in two different Showtime domains: Showtime.com and Showtimeanytime.com. When a visitor visited these domains, their browser was hijacked and their computer was forced to help mine Monero, a new privacy-centric alternative to bitcoin currently valued at around $92 each.

The mining software was first noticed by a Twitter user who discovered the Coinhive miner buried early on in the source code:

Users weren't alerted that this was happening, and visitors reportedly found the mining software utilized up to 80% of a visiting user's CPU cycles. Such miners can also notably drain battery life for visitors on mobile devices. And as of this writing, Showtime has been completely unwilling to confirm that this occurred, much less explain how the code appeared. The company has refused to respond to numerous requests for comment from a myriad of websites, Techdirt included. The code appeared in the evening of September 23, and had disappeared by the next Monday morning.

It seems relatively unlikely that executives or developers at Showtime thought it would be a good idea to hijack the browsers of potential customers to mine cryptocurrency, leading many to believe that Showtime's servers were likely hacked by somebody looking to covertly make a little extra money:

"The JavaScript, which appeared on the sites at the start of the weekend and vanished by Monday, sits between HTML comment tags that appear to be an insert from web analytics biz New Relic. Again, it is unlikely that an analytics company would deliberately stash coin-mining scripts onto its customers' pages, so the code must have come from another source – or was injected by miscreants who had compromised Showtime's systems."

That said, it's not impossible that Showtime was running an experiment. Cryptocurrency miners have been making headlines in recent weeks after The Pirate Bay was caught also covertly using Coinhive to hijack visitor browsers to make extra bank. Coinhive only just launched September 14, advertising itself as a creative alternative to the traditional advertising model. But after users over at the Pirate Bay subreddit discovered the practice and began to complain, the website was forced to pull the software from its code and issued a relatively flimsy mea culpa:

"As you may have noticed we are testing a Monero javascript miner. This is only a test. We really want to get rid of all the ads. But we also need enough money to keep the site running."

Except covertly hijacking a browser with glorified malware obviously isn't a great way of "keeping a site running," especially if websites running to embrace Coinhive refuse to let users opt out -- much less inform them this is even happening. Not surprisingly, the recent rise in such stealth cryptocurrency miners has resulted in Adblock Plus moving to help block such hijacks. Malwarebytes analyst Jérôme Segura warns in a blog post that some websites appear unsurprisingly intent on "pushing the limits towards a really bad user experience":

"Gaming and video sites typically are more resource intensive, so it seems to make little sense to run a miner at the same time without having a noted impact. Having said that, many people who consume copyrighted content are perhaps less likely to complain about an under par user experience. The question at this point is: How far can publishers push the limits towards a really bad user experience? You may be surprised that for many, this is not really a problem at all and that double dipping is, in fact, a fairly common practice."

Again, there are creative alternatives to advertising, and then there's just being an asshole. Hijacking a visitor's browser, CPU and electricity to mine cryptocurrency without informing them -- or letting them opt out -- sits firmly in the latter category.

42 Comments | Leave a Comment..

Posted on Techdirt - 28 September 2017 @ 10:44am

As Broadband Usage Caps Expand, Nobody Is Checking Whether Usage Meters Are Reliable

from the what-could-possibly-go-wrong dept

Despite the hype surrounding Google Fiber and gigabit connections, vast swaths of the U.S. broadband industry are actually becoming less competitive than ever. As large telcos like Windstream, Frontier, CenturyLink, and Verizon refuse to upgrade aging DSL lines at any scale, they're effectively giving cable providers a growing monopoly over broadband in countless markets. And these companies are quickly rushing to take advantage of this dwindling competition by imposing entirely arbitrary, confusing and unnecessary usage caps and overage fees in these captive markets.

The benefits of these pricey limitations are two fold: they allow cable providers to not only jack up the price of service, but they're an incredible weapon against the looming threat of streaming video competition. Caps and overage fees make using streaming alternatives notably more expensive, helping to protect legacy TV revenues. But cable operators are also exempting their own streaming services from these caps (as Comcast did with the launch of its own, new streaming platform this week), while still penalizing competitors. This kind of behavior is just one of several reasons why net neutrality rules are kind of important.

Oddly though, you'd be hard pressed to find politicians or regulators from either party that give much of a damn that this massive distortion of the level internet playing field is occurring. Which is why, unlike in other sectors, nobody anywhere is verifying whether ISP usage meters are accurate. As a result, there have been countless instances where users say they've been billed for bandwidth despite their modem being off or the power being out. And numerous studies have indicated ISPs routinely abuse this lack of oversight by overcharging for service.

Comcast has, of course, been at the forefront of imposing these usage limitations and overage fees. And unsurprisingly, consumers pretty consistently state that the cable giant -- already world renowned for historically-abysmal customer service -- isn't tracking usage or billing these customers accurately. Users who were billed for usage while away on vacation have had no real ability to challenge Comcast's meter readings. And Ars Technica documented another user this week who says he battled with Comcast for months over errant meter readings before cancelling fixed-line broadband service entirely:

"At one point, Weaver says he left town for three days and had left his wireless router unplugged, though the modem itself was plugged in. After his trip, Comcast's meter showed that he "used 500GB in three days of not even being home and not having a Wi-Fi network running," Weaver said. He then tried disconnecting the modem for three days and found that Comcast's meter finally stopped counting data usage, he said.

"I have been told no less than eight times that I can rest easy if I would just buy the $50 unlimited data plan," he said. "This whole thing reeks of scam."

In short it goes something like this: lobby to keep the broadband industry uncompetitive, use that lack of competition to impose arbitrary and unnecessary limits that hinder competitors, then charge users $50 more per month if they want to enjoy the same, unlimited connection they used to enjoy. It is a scam, but again, you'd be hard pressed to find absolutely anybody in government that gives much of a damn, despite the ploy's negative impact on competition and the health of the internet. What a wonderful time to dismantle some of the only rules we have protecting consumers from this kind of behavior, don't you think?

75 Comments | Leave a Comment..

Posted on Techdirt - 28 September 2017 @ 6:43am

As 'Star Trek: Discovery' Shows, The Streaming Exclusivity Wars Risk Driving Users Back To Piracy

from the full-circle dept

On one hand, the growing number of streaming services has been a boon for users looking for a less expensive, more flexible alternative to the bloated cable bundle. On the flip side, as a growing number of streaming services emerge and broadcasters begin launching their own services to bypass the middleman (Amazon, Apple, Netflix), we're seeing a rush toward more and more exclusive content deals. Forcing the consumer to hunt and peck through an ocean of ever-shifting licensing windows is already confusing, but siloing content across numerous, cumulatively-pricey services also risks driving consumers back to piracy.

Case in point: CBS recently launched its own streaming platform: CBS All Access. The service, which costs $6/month with ads and $10/month without, provides access to CBS' full roster of shows, but saw fairly tepid growth initially. But CBS recently announced that the new Trek series, "Star Trek: Discovery" will be exclusively available early to members of the service moving forward. This move did, rather unsurprisingly, result in a single day sign up record for the service, at least according to CBS:

"Tonight’s premiere of Star Trek: Discovery on CBS All Access drove a record number of single day signups at CBS’ digital streaming subscription service. No specific numbers were reported, but the network claims today’s stats outstrip the previous record spurred by the 2017 Grammy Awards in February."

And while that's all well and good for CBS, many consumers already subscribe to numerous streaming platforms, and may find shelling out another $6 to $10 a month just to catch one show a poor value proposition. As a result, fairly non-surprisingly, the new Trek series wound up being heavily pirated on BitTorrent networks (and that was with the first two episodes being aired on broadcast before the real exclusivity period kicks in):

"While the premiere of Discovery was broadcast on CBS' free over-the-air network, later episodes in the first season will be offered exclusively on CBS' streaming video service. CBS hopes this will help the network build CBS All Access into a top-tier streaming service. But there's a risk that it will simply encourage more people to pirate CBS' flagship show—especially since some users who signed up for the service have been reporting reliability problems on social media."

Over time, CBS may feel it makes sense to pull all of its content and programs off of widely available existing services and central repositories, locking them behind their own exclusivity paywall. That's effectively what Disney just announced; the company will be pulling all of its content from Netflix so it can offer Pixar, Star Wars and other popular titles exclusively through its own platform. Comcast NBC Universal similarly decided to pull all NBC content from Netflix to house it exclusively on Comcast owned Hulu. Begun, the streaming exclusivity wars have.

Many executives will proudly believe that this kind of direct to consumer offering only makes sense. And for outfits like ESPN that were blindsided by cord cutting the logic makes sense to some degree. But in forcing consumers to sign up to too many disparate services (at $6 to $20 each) just to get the content they're looking for, there's a real risk that millions of consumers will once again find piracy the simpler, less expensive option. A shame after the better part of a decade it took to drive users to these alternative, "legitimate" options.

Many broadcast executives are the type to subsequently learn few if any any lessons from this likely spike in piracy, and will likely lament how they "gave consumers what they wanted and they still pirated content anyway." To be clear the rise in streaming alternatives is a good thing, but the same hard lessons being learned by the legacy cable sector still apply here: users are looking for simplicity and value, and by forcing users to sign up to more than a dozen fractured services just to get the content they want, the industry risks providing neither.

155 Comments | Leave a Comment..

More posts from Karl Bode >>