Here’s an entertaining and timely video from the Sunlight Foundation.
Have a transparent Hallowe’en everybody!
Keeping politicians' hands off the Net & everything else related to technology
PFF summer fellow Eric Beach and I have been working on what we hope is a comprehensive taxonomy of all the threats to online security and privacy. In our continuing Privacy Solutions Series, we have discussed and will continue to discuss specific threats in more detail and offer tools and methods you can use to protect yourself.
The taxonomy is located here.
The taxonomy of 21 different threats is organized as a table that indicates the “threat vector” and goal(s) of attackers using each threat. Following the table is a glossary defining each threat and providing links to more information.Threats can come from websites, intermediaries such as an ISP, or from users themselves (e.g. using an easy-to-guess password). The goals range from simply monitoring which (or what type of) websites you access to executing malicious code on your computer.
Please share any comments, criticisms, or suggestions as to other threats or self-help privacy/security management tools that should be added by posting a comment below.
I have always regarded standard-setting organizations as serious players who take care to keep slightly boring the work of establishing uniformity in products and protocols. But a press release from the American National Standards Institute (ANSI) may cause me to reassess.
“IDSP Issues Report Calling for National Identity Verification Standard” is the release, and it’s bristling with error and malformed policy assertions. IDSP is the “Identity Theft Prevention and Identity Management Standards Panel,” an ANSI subgroup.
Take this doozy:
[T]he Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) and the REAL ID Act of 2005 require verification of identity prior to the issuance of birth certificates and driver’s licenses / ID cards, respectively. However, the IRTPA regulations have not yet been released even in draft form and the REAL ID regulations do not provide practical guidance on how to corroborate a claim of identity under different circumstances.
Folks, REAL ID repealed the identity security provisions in the Intelligence Reform and Terrorism Prevention Act. (It’s a good bet that regulations for a repealed law aren’t going to move out of draft form for a very long time, eh?) And REAL ID does not require verification of identity prior to issuance of birth certificates. What could that even mean?! “Hey you—little baby—let me see some ID before I issue you your birth certificate.”
The release repeats the tired mantra that 9/11 terrorists got U.S. identity documents—“some by fraud.” The 9/11 Commission dedicated three-quarters of a page to its identity recommendations—out of 400 substantive pages—and neither the commission nor anyone since has shown how denying people U.S. identity documents would prevent terrorism.
Are there needs for identity standards? Of course. And there are a lot of projects in a lot of places working on that. If an organization doesn’t know the law, and doesn’t know how the subject matter it’s dealing with functions in society, I don’t know how it could possibly be relied on to set appropriate standards.
ANSI should take a look at this subgroup and see if its work is actually competent. Judging by this press release, it’s not.
I was stunned last week when I saw many prominent tech VCs and CEOs from Silicon Valley sign letters endorsing the FCC’s move towards Net Neutrality, since, if the rule making goes ahead, it will mean regulating the Internet. I happen to know a bunch of these folks, so I decided to call them to see if they really were endorsing regulations for the Net or if something else was going on. Something else was going on. Because the term “Net neutrality” is notoriously difficult to define, and is often put in terms of “free and open,” some people signed the letters without realizing it could lead to new regulations for the Information superhighway (these are busy people who spend more time running their companies than following the ins and outs of the FCC). That said, unsurprisingly, there was a lot of suspicion regarding the phone and cable companies. After many conversations, here is a potential solution that could put an end to Net neutrality games and ensure a bright future for the Net.
The upshot for those of you who don’t want to follow the link:
“If the tech industry and the major ISPs want to avoid government regulation and keep the Internet thriving, they need to come up with a way to solve the disclosure problem on their own in the marketplace.
Verizon has already started taking steps toward a more constructive stance by co-signing a letter with Google supporting an open Internet. Now it is time for all companies involved to take it to the next level. If that happens, U.S. innovators will be much safer from the claims of militant rent-seeking activists and regulators who want to get their hands on the Net.
The creation of TRUSTe helped the tech industry mobilize and avoid heavy-handed privacy regulations like those that befell Europe. Now it is time for ISPs to support an independent, private body to monitor neutrality issues. Such a move would deflate the pro-regulation lobby and allay the concerns of the industry that is driving U.S. growth.”
It’s a quiet, rainy evening at home for me tonight, and I chanced to watch a segment from the Daily Show with Jon Stewart dealing with ‘net neutrality regulation.
The segment’s title, typical of the show’s tenor these days, was, Duh, It’s So Obvious That the Administration is Right Again. Anyone Who Doesn’t Think So Is Just So Dumb. I Can’t Even Believe It.
Watching it, I noticed that a clip they used to show “krazy konservative TV people being obviously stupid” was the beginning of a segment I appeared in on Fox! See it, the first of the two clips, here. (“Well, Senator John McCain wants the government to keep its hands off the Innnterrnet.”)
But did they find some blundering overreach in my commentary? Somewhere in which I went a step too far, opening a flank to comedic ruin? No. The Daily Show people, having reviewed my segment, turned to mocking Phil Kerpen from Americans for Prosperity instead.
The obvious conclusion? What I said was too sensible to be lampooned—a tacit admission by Daily Show producers that I was right. Net neutrality regulation really is a transfer of power from consumers to Washington bureaucrats. Jon Stewart practically says so. Watch me again, getting it right, as confirmed by Jon Stewart.
Interesting lunchtime forum taking place this coming Monday, Nov. 2nd about “Media, Kids, and The First Amendment.” It’s being co-hosted by Georgetown Law Center and Common Sense Media. Here’s the event description:
The rapidly changing world of digital media – including TV, videogames, the Internet and mobile devices – creates many opportunities for children, but also presents potential dangers, from cyber-bullying to exposure to inappropriate content. The Supreme Court has remanded FCC v. Fox Television back to the Third Circuit for further consideration. The Senate recently held a hearing on the Children’s Television Act in the digital age. Is new legislation or regulation imminent?
Location is the Gewirz Student Center, 120 F Street, NW, 12th Floor. Start time = 12:00 Noon.
It’s an open event but those interested should RSVP via email to: firstname.lastname@example.org and indicate that they are replying for the Nov 2nd event. I have already told my friends at Common Sense Media I will be there to cause some trouble! (and get a free lunch, of course).
Well, I don’t often get a chance to sing the praises of Hillary Clinton, so let me take the opportunity to loudly applaud her stand on religious defamation policies, which are becoming a growing international concern. According to The Washington Post, while unveiling the State Department’s 2009 Report on International Religious Freedom:
Secretary of State Hillary Rodham Clinton criticized on Monday an attempt by Islamic countries to prohibit defamation of religions, saying such policies would restrict free speech. … While unnamed in Clinton’s speech, the Organization of the Islamic Conference, a group of 56 Islamic nations, has been pushing hard for the U.N. Human Rights Council to adopt resolutions that broadly bar the defamation of religion. The effort has raised concerns that such resolutions could be used to justify crackdowns on free speech in Muslim countries.
Here’s specifically what Secretary Clinton had to say:
some claim that the best way to protect the freedom of religion is to implement so-called anti-defamation policies that would restrict freedom of expression and the freedom of religion. I strongly disagree. The United States will always seek to counter negative stereotypes of individuals based on their religion and will stand against discrimination and persecution. But an individual’s ability to practice his or her religion has no bearing on others’ freedom of speech. The protection of speech about religion is particularly important since persons of different faiths will inevitably hold divergent views on religious questions. These differences should be met with tolerance, not with the suppression of discourse.
Quite right. Thank you, Secretary Clinton, for this bold stand. Freedom of religious worship and expression — including the criticism of religion — is essential. Now, can we talk about your old positions on video game regulation?!
WAR IS PEACE
FREEDOM IS SLAVERY
IGNORANCE IS STRENGTH
So declared the Party in George Orwell’s classic novel 1984. The corruption of language with a constant theme of Orwell’s work, most notably his 1946 essay “Politics and the English Language.” So Orwell would not have been surprised to see the term “Internet Freedom” captured by those who advocate an increased role for government (i.e., Big Brother) online. Nor would Orwell had been surprised to see these advocates claim Orwell for themselves, insisting that opponents of government regulation are the ones corrupting language. There is perhaps no better example of this than MSNBC’s Rachel Maddow’s comments in an interview with Boing Boing’s Xeni Jardin about the divisive issue of “Net Neutrality” regulations:
Rachel Maddow [dripping with sarcasm]: Sen. McCain’s bill, as you mentioned, is actually called the “Internet Freedom Act of 2009,” and he’s deriding the government effort to keep telecoms from walling off the Internet as “government intrusion” and “trying to regulate the Internet.” What that means is that he’s picked better branding, he’s picked better names. It doesn’t really relate the facts of what he’s doing. I’m wondering if it’s too late for a rebranding of the other side here. We need to get better about talking about this, because the language seems sort of corrupt at this point.
What makes Maddow’s comments so stunning is not her view that corporate America, rather than government, is the real enemy of freedom. That view is simply part of the long-regnant political orthodoxy. No, what’s stunning is that she actually thinks that her side is losing the “war of words” just because Sen. McCain had the gall to use the term “Internet Freedom” as a rallying-cry for the outdated, bourgeois notion that “freedom” means the absence of coercion by the one entity that can enforce its commands at the point of a gun and call it “justice”: that coldest of all cold monsters, the State. That’s precisely what “liberalism” used to be about until people like Rachel appropriated that word and words like “liberty” and “freedom” as slogans for control. Xeni Jardin picks up where Rachel left off by appropriating the concept of rights, too:
Xeni Jardin: the Internet really is a basic right, it’s a necessity,such a fundamental way for communicating and accessing information now. Telecoms shouldn’t be able to throttle, to block, to slow down our access to something that might not be in their corporate interests.
This is pure, unadulterated cyber-socialism: Rights become not the sacred defense of the individual, but a positive assertion of entitlement to a vaguely defined principle of access: by guaranteeing this access through ever-expanding “neutrality regulation”, government gains unlimited control over the Internet itself.
As Adam Thierer and I have warned, that way lies madness: Inviting the government to regulate online content and services in the name of “neutrality” (or “privacy” or any of the many “glittering generalities” ending in “-y” Orwell would have denounced) would be the death of real Internet Freedom, which requires a strict “Separation of Web and State.” Continue reading →