Washington Post

Privacy advocates are warning that the legal gray area in a key court case may make it easier for the government to spy on Americans illegally.

By using what's called a pen trap order -- a type of judicially approved surveillance mechanism that's only supposed to capture metadata about electronic communications -- it appears that the government has the theoretical ability to capture the content of those communications as well. The case involves Lavabit, the secure e-mail service used by National Security Agency leaker Edward Snowden.

Broadly, the case is about whether the government can force an Internet company like Lavabit to hand over its encryption keys. In a ruling, a federal appeals court sided with law enforcement. But a closer look at just how the government can obtain the keys has civil liberties scholars very worried. If the government can use an order that's restricted to metadata to obtain keys it could then use to decrypt content, then a nefarious actor could gain access to content without jumping through the judicial hoops necessary for demanding content.

China has unfurled a vigorous new campaign to clean up the Internet, to purge it of everything from pornography to “rumors” that might undermine Communist Party rule, a crusade that critics say is a renewed attempt to silence grass-roots voices and stifle dissent.

Censorship of the media and Internet is routine in China, but the new campaign appears to represent a significant tightening of the screws, a bid to bend the Web to the will and values of the Communist Party -- to ensure, in the words of blogger Zhang Jialong, that “party organs, and not the Chinese grass roots, have the loudest voice on the country’s Internet.”

The drive, to “sweep out porn, strike at rumors,” will run from mid-April until November, the party’s news portal Seeking Truth declared that part of the stiffer controls on freedom of expression and the Internet that have been imposed since President Xi Jinping took power in 2013.

With buzz building about Google's newest project, the build-it-yourself smartphone known as "Project Ara," it's worth noting that some company observers are concerned about what Google's side projects are doing to its profit margins.

The tech giant is set to report earnings for the first quarter of 2014, and while analysts expect that it will post solid revenue, a growing number of voices are asking whether the company is spending its money wisely.

Google is, primarily, a search and advertising company. But it's clearly happy to invest in a variety of other projects that aim to tackle big problems and new challenges. These, in turn, offer Google new ways to make money -- something that's particularly important as the average cost of an online ad drops, and Web users shift more heavily to mobile devices, where the ads aren't as lucrative.

The average American household connects to the Internet at a rate of 10 megabits per second. Not bad, but also not fantastic -- by way of comparison, a single HD Netflix stream takes up 5.8 Mbps of bandwidth.

Now with that as our baseline, consider the speeds of the country's fastest Internet connections today: 1 Gbps, or a gigabit per second. That's equivalent to 1,000 Mbps, or roughly 100 times faster than the national average.

But if you thought that was fast, wait until you hear about a new Wi-Fi router, from Quantenna, that's coming in 2015. It's capable of 10 Gbps -- 10 gigabits per second. That's a thousand times the rate of the average American broadband connection. It's mindboggling. You could theoretically stream 1,724 Netflix movies, all in HD, all at the same time and not see any lag.

But since the average household Web connection is still lagging at 10 Mbps, it'll be hard for most people to take advantage of the 10-gig router right away. They simply don't consume enough data to need the giant pipes provided by this new technology.

The Heartbleed bug has put many consumers' user names and passwords at risk. Undetected for two years, the bug quietly undermined the basic security of the Internet.

But on top of all that, security researchers have now confirmed that Heartbleed could have been used by hackers to steal sensitive data needed to set up fake Web sites posing as legitimate ones. Analysts say criminals could use Heartbleed to impersonate as many as 500,000 sites across the Web. Those sites have yet to replace the security certificates responsible for verifying their identity to Web browsers.

But even after the sites do update their security certificates, Web browsers may still be unable to tell the difference between a fake site and the real one. Consumers could easily fall victim to online fraud if they go to one of the fake sites. It gets worse. The expected flood of certificate revocations is likely to seriously degrade the speed of the Internet, primarily because the global system for tracking certificate revocations is not equipped to handle such a massive change.

[Commentary] Tens of millions of Americans have been affected by the theft of their personal information in the digital age. Then, it was discovered that a bug had crept into OpenSSL that could allow intruders to read encrypted data contained in memory, such as passwords or credit cards. The bug has been called “Heartbleed” and could allow attackers to eavesdrop on communications, steal data and even impersonate users and Web services. We’re tempted to say this ought to be a wake-up call, but we have already had so many wake-up calls.

To put it bluntly: As a country and as a society, we have come to depend on a vast, interconnected system; if one small part fails, the impact is widespread. As noted in a forthcoming Atlantic Council report, the Internet was created to be based on trust, not security. Yet we continue to discover that it is vulnerable to theft, intrusion and disruption on an appalling scale. We are living in an age of growing danger but reacting with complacency.

The Administration unveiled a useful initiative, promising that sharing cyberthreat information among companies would not bring on antitrust liability. But this, and President Barack Obama’s other measures, including his voluntary cybersecurity framework, represent only what is doable given a continued lack of a consensus in Congress and a failure in the private sector to take all threats more seriously. They are timid measures in the face of an epic heartburn that will be costly for us all.

Most of us have spent the last few days trying not to fall victim to the Heartbleed bug -- changing passwords, checking routers, making sure we're protected, and so on. But one company is actively inviting hackers to try to steal a secret key from a server that contains the vulnerability.

How can this possibly be a good idea?

Well, if the challenge works, it could help security researchers better understand Heartbleed and the danger it represents. Cloudflare, the Internet infrastructure company behind the hacking challenge, says that if somebody can prove that stealing that security key is possible, it would have tremendous implications for the Web's smooth performance.

So the company set up a dummy server with the Heartbleed vulnerability and is encouraging people to use it to break in.

The company's own tests suggest it's really hard to steal a certificate and impersonate someone. But it's impossible to be 100 percent sure; you can never really prove that something won't happen. So throwing more manpower at the problem will help tell us just how hard it is to steal a key. Cloudflare is now tracking "thousands" of people plugging away at the challenge. So far, nobody's solved it. Let's hope it stays that way.

For the first time, advertisers spent more on online ads than broadcast television in the US, according to a new report prepared by PricewaterhouseCoopers for the Interactive Advertising Bureau. Online advertising as a whole brought in a record breaking $42.7 billion in 2013, a 17 percent increase over 2012, compared to the $40.1 billion spent broadcast television.

That's certainly a significant milestone, and it's meant to be the eye-catching part of a press release.

But the details of the report show a much more complicated rivalry between online and broadcast, and tell us more about why tech companies are so eager to get onto television. Television is where the money is. And for good reason: It's where the attention is. According to data from Nielsen published in February, Americans watched 185 hours of television in December of 2013 -- up six hours from December 2012. That was nearly seven times as long as people spent online at their computers, and more than five times as much as they spent using mobile devices like smart phones.

With that sort of consumer interest, it's no wonder big tech companies like Google, Amazon, Microsoft, and Yahoo are trying increase their presence on most Americans' living room display. Online video has been expanding too -- for instance, Disney recently announced a half billion deal to buy the YouTube-based Maker Studio.

For federal regulators, words really matter. An adjective too bold, a verb misconjugated or a particle dropped can ripple across the business world and send stock markets into chaos. That’s why leaders of government agencies so rarely speak in public -- and generally do so with great care. Not Tom Wheeler, the dauntless and plain-spoken chairman of the Federal Communications Commission, who has displayed a rare joy for gab.

“I’m not sitting here sucking eggs,” Chairman Wheeler said at his first public meeting in November, a warning shot of what was to come. “I’m looking seriously at these issues.”

Such candor has defied early assumptions about President Barack Obama’s FCC pick as a lame duck. The 68-year-old has eagerly grasped a national megaphone on the defining -- and the utterly arcane -- telecommunications policy issues of the day.

In coming months, he faces the biggest test of his promise to put consumers first, deciding whether to approve the merger of two of corporate America’s least-popular companies: cable titans Comcast and Time Warner Cable. It will be hard to please all sides with bigger and more controversial decisions ahead:

• He will make the call on Comcast’s $45 billion bid for Time Warner Cable, a deal that would create the first national cable company and a broadband Internet titan with 40 percent of the market share.
• His net neutrality proposal rankled consumer advocates, who say it could allow the richest Web companies to buy better access to users.
• He will launch the biggest sale of television airwaves in years, an auction that could dramatically shrink local broadcasting and determine the dominant providers of mobile services for years to come.

His folksy idioms and direct Midwestern sensibility have won many friends in Congress, the FCC and at the top levels of corporate America. And Chairman Wheeler is unapologetic about the decades he spent leading the National Cable & Telecommunications Association and the CTIA wireless group and then as a venture capitalist with telecom, Internet and broadcast industry investments. Indeed, as he sees it, his lobbying skills are key to his management of the FCC -- a notion that might make others cringe. “This is a job that I’ve been training for my entire professional life,” Chairman Wheeler said.

A major flaw in widely used encryption software has highlighted one of the enduring -- and terrifying -- realities of the Internet: It is inherently chaotic, built by multitudes and continuously tweaked, with nobody in charge of it all.

The Heartbleed bug was a product of the online world’s makeshift nature. While users see the logos of big, multibillion-dollar companies when they shop, bank and communicate over the Internet, nearly all of those companies rely on free software -- often built and maintained by volunteers -- to help make those services secure.

Heartbleed, security experts say, was lodged in a section of code that had been approved two years ago by a developer that helps maintain OpenSSL, a piece of free software created in the mid-1990s and still used by companies and government agencies almost everywhere. While the extent of the damage caused by the bug may never be known, the possibilities for data theft are enormous.

At the very least, many companies and government agencies will have to replace their encryption keys, and millions of users will have to create new passwords on sites where they are accustomed to seeing the small lock icon that symbolizes online encryption.