the tindog coffeehouse

Back in April, Senators Jay Rockefeller and Olympia Snowe introduced two bills, 773 and 778, which would’ve essentially given the President the unilateral ability to shut down any services on the Internet — even those from the private sector — in the case of a “cybersecurity emergency”.  But the bills didn’t stop there.  They would’ve also given the Commerce Department “access to all relevant data concerning [critical] networks without regard to any provision of law, regulation, rule, or policy restricting such access.”

As Wired points out, S-773 has been revised significantly since then, removing much of the controversial language and replacing it with more sensible (albeit general) guidelines for dealing with with cyber attacks on the U.S.:

(2) [I]n the event of an immediate threat to strategic national interests involving compromised Federal Government or United States critical infrastructure information system or network—
(A) [the President] may declare a cybersecurity emergency; and
(B) may, if the President finds it necessary for the national defense and security, and in coordination with relevant industry sectors, direct the national response to the cyber threat and the timely restoration of the affected critical infrastructure information system or network;
(3) shall, in coordination with various critical infrastructure industry sectors, develop detailed cyber emergency response and restoration plans for each critical infrastructure industry sector;

(Full text of the bill here.)

Further, the revised bill seems to negate S-778, which called for the creation of an Office of the National Cybersecurity Advisor.  Instead, S-773 calls for a Cybersecurity Advisory Panel, which would be comprised of “representatives of industry, academic, non-profit organizations, interest groups and advocacy organizations, and State and local governments who are qualified to provide advice and information on cybersecurity research, development, demonstrations, education, personnel, technology transfer, commercial application, or societal and civil liberty concerns”.

All in all, it’s a vast improvement over the original bill.  It gives the President the ability to quickly respond to critical threats to the nation’s information infrastructure, and in emergencies such as those of 9/11 and Hurricane Katrina, such a response is absolutely vital.  And when you consider how vulnerable we are to a targeted cyber attack, it’s obvious we must be prepared to deal with those crises.

That said, the bill is certainly not ideal.  First, it still gives the White House authority over private-sector networks and information systems in the event of an emergency without specifically limiting that authority.  In other words, the definition of what constitutes a “cybersecurity emergency” is still at the sole discretion of the White House, opening the door to potential abuse.  And as I pointed out in April, President Obama has proven time and again that he is more than willing to seize control of private corporations if given the chance.

Second, the inclusion of “interest groups” on the Advisory Panel should raise an immediate red flag.  Think ACORN, the ACLU, RIAA lobbyists, and other groups.  How much influence groups like that would have is unclear, but do we really want to find out?

The revision of S-773 has definitely eased some concerns, but there is still more room for improvement.

Previously:
Bill would give government unrestricted control over the Internet

Two Senate bills, 773 and 778, introduced by Democratic Senator Jay Rockefeller and Republican Olympia Snowe would, if passed, give the federal government virtually unrestricted control over the Internet, including private-sector Internet services, applications, and services.

The Cybersecurity Act of 2009 (PDF) gives the president the ability to “declare a cybersecurity emergency” and shut down or limit Internet traffic in any “critical” information network “in the interest of national security.” The bill does not define a critical information network or a cybersecurity emergency. That definition would be left to the president.

The bill does not only add to the power of the president. It also grants the Secretary of Commerce “access to all relevant data concerning [critical] networks without regard to any provision of law, regulation, rule, or policy restricting such access.” This means he or she can monitor or access any data on private or public networks without regard to privacy laws. …

Jennifer Granick, civil liberties director at the Electronic Frontier Foundation, says that granting such power to the Commerce secretary could actually cause networks to be less safe. When one person can access all information on a network, “it makes it more vulnerable to intruders,” Granick says. “You’ve basically established a path for the bad guys to skip down.”

The bill’s scope, she says, is “contrary to what the Constitution promises us.”

I’m all in favor of increasing cybersecurity but clearly not at this cost.  The Obama administration already has proved it has no qualms about removing executives from private sector companies, despite having absolutely no constitutional authority to do so.  If this bill were to pass as-is, what’s to stop the White House from seizing control of AT&T, Verizon, and other ISPs and dictating what information is allowed and not allowed to pass over their networks?  As it stands now, nothing.

And you thought the Bush-era NSA wiretapping was bad.

Previously:
Privacy and free speech in an online world
‘Great Firewall’ coming to Australia. Is the U.S. next?
Stimulus bill includes medical databases for ‘biosurveillance’

Buried within the bowels of the massive $838,000,000,000 “stimulus” bill being pushed through Congress right now is a mandate for the establishment of computerized medical records, records which would include a person’s entire medical history from birth to death and which could be accessed by, well, no one knows for sure.

Billions will be handed to companies creating these databases. Billions will be handed to universities to incorporate patient databases “into the initial and ongoing training of health professionals.” There’s a mention of future “smart card functionality.” …

The databases will, “at a minimum,” include information on every American’s race and ethnicity. They will be used for “biosurveillance and public health” and “medical and clinical research,” both of which raise privacy questions. They will become part of a “nationwide system for the electronic use and exchange of health information.”

Plus, the federal government will use its vast purchasing power–think Medicare and Medicaid–to compel adoption of e-records that meet government “standards and implementation specifications.” …

The bill punishes physicians who are not “meaningful users” of a government-certified e-record database, and specifies certain procedures and information exchanges that will “satisfy” the requirement.

Starting in 2015, government reimbursements to physicians who are not participating in the federal e-record effort will begin to decline.

I’m sorry, did I miss something?  Has no one brought this up until now?  Because this seems like it’s kind of a big deal to me.  The federal government wants every American’s entire medical history to be shared in massive databases for “biosurveillance” and “medical and clinical research,” and no one is just a little uncomfortable with that?

Who can legally access these databases?  Certainly the federal government, probably the state government, along with any doctors and hospitals.  What about insurance companies?  What about your employer or potential employer?  Will credit agencies eventually want access to it to decide how much of a credit risk you are?

No one knows.

What about terrorists?  What if someone wanting to attack America was able to infiltrate these databases, destroy data or cripple the system?  How much damage would that cause?  What about hackers who figure out how to add, delete, or modify patient records?  That could easily put people’s lives in danger.  And of course, it greatly increases the danger of identity theft.

Then there’s the obvious privacy question.  Doctors and hospitals won’t be able to opt-out of the system without incurring severe penalties from the government.  But what about individuals?  Is this a voluntary opt-in option for patients or must we choose to opt-out?  Or can we opt-out?

I hate to sound alarmist, but I just don’t have any confidence in the federal government to implement something like this in a way that puts American citizens’ interests first.  Of course, one could make the valid argument they shouldn’t be implementing it at all.

But then again, we did vote for “change,” didn’t we?

Previously:
The ‘savior-based economy’

Facebook is rolling out its Facebook Connect program, partnering with sites such as Digg, Hulu, and StumbleUpon to give Facebook users an easier way to log into those sites.  Now, instead of having a Facebook logon, Digg logon, Hulu logon, etc., you can simply use your Facebook information to log in.

The service is similar to the OpenID standard, but with one big caveat: anything you do on the partner sites can and will be tracked by Facebook and can even be published to your news feed.

And that’s a good thing?  According to some tech blogs, yes.

From Wired:

Such a system is sure to be welcomed by the web’s most social users, many of whom are sick of having to create a unique profile on every site where they want to participate. With Facebook Connect, you carry one set of keys that unlocks dozens of doors, and the stuff you do out there on the web gets fed back into the place you call home.

And from CNET (a partner in the service):

Users just want easy access to sites they like, and they want to trust that the sites they use won’t steal their identity or use it in ways that are damaging to them.

That’s why it’s good to offer users more than one way to access a Web service. It’s great if users can get into CNET services the old-fashioned way, with a CNET ID and password. But if we make it easy for Facebook users to come inside, that’s great, too. How about OpenID? Sure, why not?

So it’s all about convenience for the user?  Hardly.  As CNET goes on to concede:

The downside, of course, is that we no longer “own” these users. If Facebook wants to turn off CNET, they can do it. Facebook also now gets monetizable information about the Facebook-registered CNET users. Not necessarily what the users do on CNET, but what they do elsewhere–valuable behavior data. The convenience of using Facebook log-ins has a price for both CNET and users: Facebook knows a lot more about you now.

Again, I’m not sure if that’s such a good thing.  I would rather have multiple user names and passwords than know that Facebook is recording everything I do.

Besides, I thought that was Google’s job.

It’s not just the Chinese government imposing nationwide Internet filtering.  Australia is getting it, too.

Under the current plan, Internet content filters will be mandatory for all Australians.  They get to choose, however, between two different levels.  The default plan blocks all content that may be objectionable to children, but consumers can opt-out, choosing a more watered-down blacklist which allows pornography but still blocks other “illegal content” (potentially including “euthanasia, drugs and protest”).

(Never mind that the filtering system probably won’t be very effective or that the deep-packet inspection required at the ISP level will cripple Internet speeds.  And of course, all costs associated with the filtering will be passed on to consumers.)

As ridiculous as this is, however, I can’t help but to wonder if this same sort of nonsense is inevitable here in the U.S.  Surely not, right?

Well, think about it:

1. Some American ISPs, such as Comcast, are already filtering Internet traffic.
2. The PRO-IP act signed into law this past weekend creates a “copyright czar” that reports directly to the President and greatly increases the penalties for committing copyright infringement.  (For example, illegally downloading a 10-song album now constitutes 10 separate illegal acts instead of just one.)
3. Australians have endured Draconian broadband usage caps for years, which are now finding their way into America.

Taking all these factors into consideration, is it too much of a stretch to foresee the same mandatory nationwide filtering being put into place here?

Now don’t get me wrong.  I’m not promoting pornography or other objectionable content.  I just happen to disagree with the government deciding what’s objectionable and what isn’t.

Update: Looks like that day is already here:

One of the protocols at the core of the Internet, DNS, serves two functions: To distribute huge lists of URLs and their addresses out across the Net, and to turn URLs (”gigaom.com”) into addresses (72.233.2.54). That makes it an ideal tool for limiting the sites people can visit, because it can distribute large lists of banned sites to servers, and then refuse to resolve blocked sites when surfers ask for their addresses.

Nominum, a maker of DNS and DHCP technology for big carriers like Comcast, Verizon, and Deutsche Telecom, has launched new software to do just this. “Carriers may face mandates to not resolve to porn, spyware and so on. This is the first stage of removal for these sites,” said Paul Mockapetris, who created DNS in 1983 and is now the company’s chairman and chief scientist.

In other words, the next time you try to visit a banned site, you’ll simply get an “Address Not Found” error. You’ll also be taking the first step toward a day when your government, your ISP, and even your community will decide what it’s OK for you to visit.

The mainstream press is finally starting to catch on to the broadband caps issue.

It’s about time.

The phone company, Frontier Communications Corp., is one of several Internet service providers that are moving to curb the growth of traffic on their networks, or at least make the subscribers who download the most pay more. This could have consequences not just for consumers — who would have to learn to watch how much data their Internet use entails — but also for companies that hope to make the Internet a conduit for movies and other content that comes in huge files.

Meanwhile, ISPs such as AT&T, Verizon, and Comcast are starting to get behind the push for P4P as a way to reduce the load on their networks while speeding up traffic.  (Overview of P4P here.)  That’s good news.

Previously:
Metered broadband: an experiment
Bandwidth experiment, day 2: throttled?
Metered broadband vs. cloud computing

I’m only at the end of the 2nd day of my month-long metered bandwidth experiment, and I’ve already exceeded the 5 GB usage cap being imposed by New York ISP Frontier Communications (not my ISP, thankfully).

What pushed me over the limit?  Well, on Friday I remotely connected to my computer for maybe about 30 minutes.  I also downloaded audio podcasts using Juice, video podcasts using Miro, and did some general browsing.  Today I downloaded some YouTube videos, downloaded a few trial programs, and uploaded the YouTube FLV videos to Media-Convert.com to convert them to a different format.

Combined, those activities over two days amounted to a total of 8 GB of total usage.  And keep in mind that’s only activity from my computer, not including Christy’s or the girls’ computers or any other Internet-connected device we may have (such as the Wii).

Here are the reports so far (click to enlarge):

The totals really surprised me, but my biggest surprise came around 8:30 this morning.  Overnight I had downloaded a rather large (1.76 GB) documentary via the “Yes, We’re Open” channel on Miro.  The documentary (completely free) was downloaded using the bittorrent protocol (an example of a perfectly legal use of bittorrent).  Everything was fine and dandy until about 8:30am, when our Internet connection suddenly slowed to a crawl.  A speed test on Bandwidth.com showed our download speed to be almost exactly 512 kbps while our upload speed was still the normal 800 kbps or so.  (Normal upload speed is around 5 Mbps, 10 times the speed of what I was seeing.)  After about an hour our Internet speed returned to normal.

Had AT&T throttled our Internet connection as punishment for downloading over bittorrent?  I have no idea.  I’m sure if asked, they would deny it.

By the way, the documentary, ironically, was The Corporation, a Canadian film about the rise of big business and corporate America.  Coincidence?

Om Malik has taken issue with ISPs (and the FCC) over the emerging trend of metered broadband Internet access.  Currently, most cable Internet and DSL accounts allow for unlimited usage, but ISPs such as AT&T and Comcast are hoping to place a monthly usage limit in the plans, gouging charging customers for any overages (similar to most cell phone plans).

He states:

While 5 GB [the limit imposed by New York ISP Frontier] looks pretty sizable – Comcast claims that their average broadband subscriber only uses 2 GB per month – in reality, it’s nothing. It’s essentially two movies in HD. Once you go over the limit, the meter ticks over faster than a San Francisco taxicab. That would limit the amount of Internet a consumer can use on a daily basis, thereby limiting the amount of time people spend on Facebook, MySpace, Microsoft, Google, Yahoo or any one of numerous services.

The situation would be no different than the early days of dial-up, when the pain of dialing up prevented us from being always on the network. When broadband came along, things changed, for usage of services like Google skyrocketed, Skype came along and YouTube became part of our lives.

One of the problems with metered Internet access, as Malik touches on, is that most consumers have no idea how many bytes they push and pull across the Internet tubes in any given month.  Is 5 GB a lot?  Doesn’t sound like it.  Heck, I don’t even know what I use.

So I’ve decided to run a little experiment.

For the month of August, I’m going to run DU Meter on my home computer to measure how much bandwidth I consume.

I don’t download torrents or movies and don’t download all that much music, but I do use streaming audio and video fairly frequently.  I also remotely connect to my computer on a regular occasion.  So on a 1 to 10 scale, with 10 being a very high usage (downloading torrents, HD movies, etc.), I would probably rate myself around a 6.5 or 7; high but not excessive.

Of course, there are other computers on my home network, so this won’t give me a grand total for my account.  But it should be a good barometer for overall usage.

I’ll report the results at the end of the month.

Yes, I know I’m getting a little preachy here, but hear me out.

There were a couple of related stories that were published recently that I think are important to mention. One was an AP story about free speech on the Internet and how companies such as Yahoo and Google sometimes impose arbitrary limitations on that freedom. The other was a story on Ars Technica about the recent amendment to the Foreign Intelligence Surveillance Act, an amendment that not only grants telcos immunity for aiding in government wiretapping, but also gives the federal government much broader eavesdropping powers, allowing them to wiretap at will with almost no judicial oversight.

We’re at a point in history where our desire for certain freedoms and civil liberties and our use of the Internet for the exponential flood of information are often at odds with one another.  We want to be freely connected to the world, yet even online, there are limits to those freedoms.

The question is, with regards to the Internet, what should our expectations be concerning privacy and free speech in a society that is permanently online? Are we entitled to post anything we want carte blanche on Flickr or WordPress, and if not, where is the line drawn?  And who makes that decision?  (As the AP story points out, it’s not always clear.)

AT&T removing anti-Bush comments from a webcast of a Pearl Jam concert, Comcast throttling the bandwidth of Bittorrent users for fear of copyright infringement, Verizon blocking access to almost 100,000 USENET groups because 88 of them were found to contain child pornography.  At what point does responsible corporate management become nanny-state censorship?

Missouri mom Lori Drew was recently indicted in California for creating a fake MySpace profile.  The reason she was indicted wasn’t because she created the profile, however; it was because the taunting of her daughter’s 13-year-old neighbor via that profile led the young girl to commit suicide.  The indictment, some argue, sets a dangerous precedent because it could make violating the terms of service of any website a felony.  Further, in response to the girl’s death, the Missouri legislature set out to specifically outlaw online bullying.  While the girl’s suicide is certainly tragic, are these actions reasonable responses or are we overreacting to what is essentially an isolated incident?

Our personal freedoms are not limitless, with or without the Internet.  But I believe that it’s a slippery slope when we begin to give our freedom away to others without reservation, hoping they’ll do the right thing.  Surely when it comes to Internet technology, there must be a balance between unrestricted autonomy and Big Brother regulation.

A new poorly-worded Texas law now (possibly) requires computer repair shops to obtain a private investigator’s license in order to do their jobs (a process that requires either a criminal justice degree or a 3-year apprenticeship under a licensed P.I.).

Depending on how the law in interpreted, anyone in Texas who performs any kind of data analysis in the course of fixing a computer must have a P.I. license or face a $4000 fine, a year in jail, and a $10,000 civil penalty.  Simple hardware repairs, such as swapping out memory or a power supply, would not require a license, but anyone who has done any kind of computer repair work knows that such repairs are only a small part of the job.

Others say that’s not what the bill means at all:

But Driver said the bill was intended to protect consumers from privacy invasion and that the problems for computer technicians have been exaggerated. Driver said the only cases in which computer technicians would need a license would be when they are asked to investigate and analyze private data — for example, examining a computer to determine whether the user had committed any illegal activities.

To me, it sounds like they’re just trying to protect consumers from the Geek Squad.  In that case, more power to ‘em!

TXU is rolling out a new thermostat that can be programmed by the owner over the Internet. Sounds good, right? I mean, say you’re traveling and forgot to raise the AC before you left. Click-click-click, you’re done. Oh, but wait, there’s a catch!  TXU can adjust the thermostat, too, meaning they can arbitrarily decide to turn off your AC to save themselves money.  Um, what?

As if that wasn’t bad enough, your new $3000 Jura F90 coffeemaker, which comes with a handy Internet Connection Kit, can be apparently be hacked to unleash what BoingBoing refers to as a “denial-of-coffee attack”.

As one BoingBoing commenter put it, “For that price you can fly to Paris and sit in an actual cafe and drink 500 cups of coffee served to you by a variety of cute waiters while people-watching and reading a good book.”

Or you could just stay home and soak in the air conditioning.

In recognition of the 50th anniversary of the creation of ARPA (the Advanced Research Projects Agency), the Department of Defense agency that would give birth to what is now the Internet, Vanity Fair has attempted to compile an “oral history” of the Internet, from ARPA to today.

So how’d they do?

Al Gore aside, they did pretty well, at least at a high level, interviewing pioneers such as Paul Baran (the inventor of packet-switching), Vint Cerf (the inventor of the TCP and IP protocols), Bob Metcalfe (the inventor of Ethernet), Marc Andreessen (Netscape), Jeff Bezos (Amazon), Jerry Yang (Yahoo), Larry Page (Google), and Jimmy Wales (Wikipedia).

It’s mind-blowing to think that something so basic as a computer network wasn’t always so obvious, and how technology that we use every day and take for granted could very easily have never existed but for a few brilliant minds.

However, while quite lengthy, the article certainly isn’t a comprehensive history. There are a lot of things not covered in the article, some of which seem to be rather glaring omissions (for example, no mention of Cisco at all).

Some other missing pieces:

• Xerox PARC
• CompuServe and Prodigy
• Other protocols: Gopher, Telnet, FTP, Wi-Fi, Wimax, Bluetooth, IPv6, AppleTalk, Frame Relay
• IIS and Apache
• HTML, XML, Perl, PHP, Java, ASP, Ajax, Flash, Photoshop
• The breakup of AT&T in 1984
• The reshaping of the Baby Bells into the major telecoms of today (AT&T, Verizon, Sprint, Qwest)
• The role pornography played in driving consumer Internet usage early on (whitehouse.com)
• Canter & Siegal (a law firm which posted the first commercial mass advertising online [on Usenet] in April 1994)
• Intel and AMD
• HP, Compaq, DEC, IBM, Dell, Gateway, Sony
• ICANN
• Instant Messaging and SMS
• P2P (Napster) and Bittorrent (The Pirate Bay)
• RSS and Podcasting
• Other browsers: Firefox, Safari, Opera, Flock
• “Irrational exuberance” (Alan Greenspan, explaining the dot-com bubble)
• “It’s a series of tubes” (Senator Ted Stevens, describing the Internet)
• Peapod and Webvan
• Mark Cuban (Broadcast.com)
• Wardriving
• Digg, del.icio.us, Reddit, Newsvine, Last.fm, Pandora
• Tech blogs and reporting: TechCrunch (Mike Arrington), Ars Technica, The Register, Slashdot, BoingBoing (Cory Doctorow), Rocketboom (Andrew Baron), Robert Scoble
• TechTV, CNET, and ZDNet (Leo Laporte, John C. Dvorak, Patrick Norton, Tom Merritt, Chris Pirillo)

And what about the dark side of the Internet?

• Privacy and security risks (phishing, identity theft, government wiretapping, adware/spyware)
• ISP packet-shaping and bandwidth-throttling
• Copyright infringement paranoia (DMCA, DRM, RIAA lawsuits, Allofmp3.com)

What else is missing?