Brian Fung
How a common law enforcement tool could be abused to spy on you illegally
Privacy advocates are warning that the legal gray area in a key court case may make it easier for the government to spy on Americans illegally.
By using what's called a pen trap order -- a type of judicially approved surveillance mechanism that's only supposed to capture metadata about electronic communications -- it appears that the government has the theoretical ability to capture the content of those communications as well. The case involves Lavabit, the secure e-mail service used by National Security Agency leaker Edward Snowden.
Broadly, the case is about whether the government can force an Internet company like Lavabit to hand over its encryption keys. In a ruling, a federal appeals court sided with law enforcement. But a closer look at just how the government can obtain the keys has civil liberties scholars very worried. If the government can use an order that's restricted to metadata to obtain keys it could then use to decrypt content, then a nefarious actor could gain access to content without jumping through the judicial hoops necessary for demanding content.
The insanely fast Wi-Fi router you’ll probably never need
The average American household connects to the Internet at a rate of 10 megabits per second. Not bad, but also not fantastic -- by way of comparison, a single HD Netflix stream takes up 5.8 Mbps of bandwidth.
Now with that as our baseline, consider the speeds of the country's fastest Internet connections today: 1 Gbps, or a gigabit per second. That's equivalent to 1,000 Mbps, or roughly 100 times faster than the national average.
But if you thought that was fast, wait until you hear about a new Wi-Fi router, from Quantenna, that's coming in 2015. It's capable of 10 Gbps -- 10 gigabits per second. That's a thousand times the rate of the average American broadband connection. It's mindboggling. You could theoretically stream 1,724 Netflix movies, all in HD, all at the same time and not see any lag.
But since the average household Web connection is still lagging at 10 Mbps, it'll be hard for most people to take advantage of the 10-gig router right away. They simply don't consume enough data to need the giant pipes provided by this new technology.
Heartbleed is about to get worse, and it will slow the Internet to a crawl
The Heartbleed bug has put many consumers' user names and passwords at risk. Undetected for two years, the bug quietly undermined the basic security of the Internet.
But on top of all that, security researchers have now confirmed that Heartbleed could have been used by hackers to steal sensitive data needed to set up fake Web sites posing as legitimate ones. Analysts say criminals could use Heartbleed to impersonate as many as 500,000 sites across the Web. Those sites have yet to replace the security certificates responsible for verifying their identity to Web browsers.
But even after the sites do update their security certificates, Web browsers may still be unable to tell the difference between a fake site and the real one. Consumers could easily fall victim to online fraud if they go to one of the fake sites. It gets worse. The expected flood of certificate revocations is likely to seriously degrade the speed of the Internet, primarily because the global system for tracking certificate revocations is not equipped to handle such a massive change.
No joke, this company wants to be hacked with Heartbleed
Most of us have spent the last few days trying not to fall victim to the Heartbleed bug -- changing passwords, checking routers, making sure we're protected, and so on. But one company is actively inviting hackers to try to steal a secret key from a server that contains the vulnerability.
How can this possibly be a good idea?
Well, if the challenge works, it could help security researchers better understand Heartbleed and the danger it represents. Cloudflare, the Internet infrastructure company behind the hacking challenge, says that if somebody can prove that stealing that security key is possible, it would have tremendous implications for the Web's smooth performance.
So the company set up a dummy server with the Heartbleed vulnerability and is encouraging people to use it to break in.
The company's own tests suggest it's really hard to steal a certificate and impersonate someone. But it's impossible to be 100 percent sure; you can never really prove that something won't happen. So throwing more manpower at the problem will help tell us just how hard it is to steal a key. Cloudflare is now tracking "thousands" of people plugging away at the challenge. So far, nobody's solved it. Let's hope it stays that way.
The question isn’t whether the Comcast merger is bad for consumers. It’s whether the alternative is better.
[Commentary] Comcast Xfinity customers in 14 states and DC are about to get a bump in Internet speeds. The company is more than doubling its mid-tier Xfinity Internet Blast tier to 105 Mbps, and customers using its 105 Mbps tier will be increased to 150 Mbps, at no extra charge.
Comcast's executive vice president David Cohen promises that there's more to come if regulators approve the company's proposed merger with Time Warner Cable. Testifying before the Senate, Cohen vowed to bring "more investments, faster speeds," and expand Comcast's program for low-income broadband subscribers to current Time Warner Cable subscribers.
But pressed by lawmakers about the changes, Cohen also said that many of the benefits would be implemented for Comcast customers either way -- they'd just be accelerated if the merger went through. That introduces a trade-off.
All the other questions about customer service and consumer protection aside, one of the biggest questions to be raised by the Senate hearing is whether lawmakers should use a carrot or a stick to press Comcast to roll out these benefits. The carrot -- allowing the merger with Time Warner Cable -- would allow Comcast to turn on its expanded scale. The big stick: denying the merger Comcast seeks and putting it at greater risk from competitors who would like nothing more than to knock the cable company out of its top position in broadband, video and potentially telephony?
The backlash to the Comcast merger is now bipartisan
Ever since Comcast unveiled its plan to take over the nation's second biggest cable company, liberals have been pretty upset about the idea. Among the most vocal is Sen Al Franken (D-MN), who argued recently in blunt messages to federal regulators that "the Internet belongs to the people, not huge corporations." Recently, dozens of left-leaning organizations, such as Moveon.org and SumofUs, sent a letter to the Justice Department and the Federal Communications Commission expressing their displeasure.
Conservatives, by contrast, have mostly kept mum or praised the looming merger. But that may be starting to change as Republicans detect a political opportunity in the proposal -- not to mention some burgeoning problems with the merger itself.
The result is bipartisan objection to a buyout that critics say would be harmful to competition. Republican and conservative groups see the merger as a chance to score points against the Obama Administration, which has close ties with top Comcast executives Brian Roberts and David Cohen. The right-leaning Washington Free Beacon published a 1,200-word column excoriating Comcast's political contributions to Democratic politicians. That was soon followed by columns on Breitbart.com and a number of other outlets.
What House lawmakers still don’t get about control of the Internet
America is the reason why everyone thinks the Internet is awesome and, more important, it's why Russia and China haven't already taken over the Web and foisted their draconian rules on the rest of us.
That's apparently what some members of the House believe, at any rate. Republican lawmakers grilled officials about a recent proposal that would end the Commerce Department's business relationship with the Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit charged with administering the Internet's system of names and numbers. This system syncs Web domains to IP addresses and makes sure that when you type in Google's address, you actually land there. Maintaining this system has technically been the US government's job.
But for more than a decade, it has contracted with ICANN to do the work. This contractual relationship is what people are talking about when they refer to the United States' "control" of the Internet. It also helps that ICANN's international headquarters are in California.
Now the Obama Administration may let that contract lapse, replacing it with a multistakeholder body composed of corporations, states, advocacy groups and other potential members. It's not yet clear what that body will look like, but this idea already has some members of Congress worried. They're concerned it means the United States is giving up its influence over the Web -- even though that critique has already been debunked.
The power over the Internet that some in Congress think the United States has to beat back authoritarian regimes doesn't actually reside in the United States at all. But that reality is being obscured by a myth: that the United States, having played a pivotal role in the Internet's creation, has a magical power to thwart speech-stifling regimes.
How a deal with Comcast could force Apple to cede tight control over its products
Apple is said to be seeking a dedicated fast-lane for its streaming product over Comcast's broadband pipes.
The "managed service" would separate programming bound for Apple's box from other Internet traffic going to the same home, enhancing the viewer experience. Apple's negotiating hard for this special carve-out, and with good reason. It'd be a major blow to the company if it launched a streaming TV service that stuttered and lagged because of congestion problems.
By demanding its own lane, Apple could ensure video quality wouldn't be affected by the same problems that befell Netflix customers before Netflix signed its own partnership with Comcast to improve streaming speeds. To make any streaming TV product work, Apple needs the cooperation of broadband providers.
That's a market Apple has neither the scale nor the expertise to enter on its own, which makes its streaming TV product dependent on a third party in a way few, if any, Apple products have been before. For the first time in a long time, Apple is putting some of its fate in the hands of another company.
Why do governments keep banning social media when it never works out for them?
[Commentary] You'd think world leaders would know better. Shut down the Internet (or some services that it hosts), and the users will come after you.
But, faced with allegations of corruption, Turkish Prime Minister Recep Tayyip Erdogan went ahead and banned Twitter anyway. Now Turks are pushing back. Twitter is facilitating the uproar by offering advice on how to evade the ban with text messaging. Other users have turned to virtual private networks (VPNs) to circumvent the blockage.
How do these leaders keep making the same mistakes? Don't they learn?
It shouldn't surprise us that these leaders have more in common than just an affinity for dropping the hammer on the Web. Many are also isolated, says Steven Cook, a Middle East scholar at the Council on Foreign Relations who met with Erdogan.
If the Internet creates filter bubbles that keep us from having to grapple with dissonant views, the filter that afflicts censor-happy regimes like Turkey's is arguably even worse. If Erdogan is convinced that he's the victim, and sees enemies everywhere, shutting down their ability to associate might seem like a perfectly rational move -- at least in the moment. It's an age-old move out of the dictators' playbook: Control the flow of information, and you control the people.
The FCC and Rural Call Completion
The Federal Communications Commission is requiring phone companies with more than 100,000 domestic subscribers to submit aggregated reports on calls that customers make to rural areas. It's part of an effort to crack down on a problem known as "rural call completion," in which calls to remote parts of the country get dropped or never make it through. By requiring phone companies to submit those reports on rural call completion, the FCC thinks it has a shot at curbing what Sen Patrick Leahy (D-VT) has called an "unacceptable problem." Yet to a casual observer, the FCC's request could be easily mistaken for another, more insidious form of privacy intrusion. At its most basic level, the components are all there: A worthy goal everyone can get behind; corporate retention of user data; quiet, confidential reports to the government. But there are subtle differences between the NSA's systematic surveillance program and what the FCC is trying to accomplish. For one thing, the retention period is a lot shorter: Phone companies are obligated to retain the individual call records for six months before discarding them. What's more, the FCC doesn't have access to the individual call records, while the NSA has a giant database that it could query virtually anytime. Here's what the FCC sees in the reports it gets quarterly from phone companies: The number of attempted calls to rural phone providers per month; the number of those calls that were answered; and the number of calls that failed to complete.