Yesterday at an event on Capitol Hill, I had the opportunity to formally release a paper I co-wrote with my colleague Steve DelBianco called “Hardening the Security Stack.” The “stack” is a common sense concept, but one that seems to get lost in the rhetoric about Internet security.
The idea is that there is no monolithic thing called “Internet security,” nor any monolithic entity that can single-handedly provide it. Internet security relies an interdependent network of tools, technologies and behaviors; and succeeds or fails based on the efforts of a wide range of stakeholders, from infrastructure providers at the core of the Internet, to end users at the edge. Those stakeholders make up the security “stack.”
There is no silver bullet. It sounds simple enough, but when policymakers and members of the high-tech community get it in their heads that one tool — or one stakeholder group — has the silver bullet to solve all of our Internet security woes, it can lead to some unfortunate outcomes. The latest example of this has been the recent furor over DNS Security Extensions or “DNSSEC.” Continue reading →
As if the financial crisis and government bailout isn’t already a bit fishy to some taxpayers, now it’s the subject of a social engineering phishing exploit. The Federal Trade Commission issued a warning that
Phishers (pronounced “fishers’) may send attention-getting emails that look like they’re coming from the financial institution that recently acquired your bank, savings and loan, or mortgage. Their intent is to collect or capture your personal information, like your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. Their messages may ask you to “update,” “validate,” or “confirm” your account information.
October is Cyber Security Awareness Month and in celebration NetChoice will hold a lunch event at the Russell Senate Building on Thursday, Oct. 16 from Noon – 1:30pm. Panelists include:
- Ken Silva, Chief Technology Officer, VeriSign
- Michael Kaiser, Executive Director, National Cyber Security Alliance
- Steve DelBianco, Executive Director, NetChoice
If interested, let me know and come on by.
For years there’s been talk of broadband over power lines as an alternative way to deliver Internet into the home. Today I heard about an interesting concept–using broadband to complement the delivery of energy into homes. I’ll call it power over broadband lines (PBL).
Today the Technology Policy Institute hosted an interesting conference on Energy public policy issues. Kathryn Brown of Verizon discussed the idea of a “smart grid” and the way that broadband and ICT can help add to the smarts. Energy meters in the home could tap into the ‘Net to help users monitor and evaluate their energy use. Energy companies could also use broadband communication networks to better monitor distribution and be alerted to problems on the energy grid.
Maybe, just maybe, the power of the Internet can come help rescue an energy industry that faces many technical, regulatory and environmental challenges.
For the past day and a half, the Harvard Berkman Center for Internet & Society hosted a public meeting of the Internet Safety Technical Task Force. Discussions focused mostly on what technical solutions exist for addressing the perceived lack of online safety on social networking websites. But overall there’s still a need to connect the most important dot—do proposed solutions actually make children safer?
Being at Harvard Law School I was reminded of the movie the Paper Chase, where Professor Charles Kingsfield wielded the Socratic Method to better train his students for the rigors of law practice. In this spirit, I think there are three main questions that the task force must fully address when it issues its report later this year:
1. What are the perceived Internet safety problems? This should be a broad inquiry into all the safety-related issues (harassment, bullying, inappropriate content and contact, etc.) and not just limited to social networking websites. Also, there should be an attempt to define those problems that are unique to the Internet and others where root causes are offline problems.
2. What are the possible technical solutions to these problems? It’s important to recognize that some of the problems will NOT primarily be technology fixes (such as education in school classrooms) and even age verification would rely on offline information.
3. Do the solutions offered in #2 to the problems in #1 actually do anything to make children safer? It’s not whether the technology works that’s the salient inquiry. It’s whether the technology works to make children safer.
There were 16 or so companies that presented technology solutions based on age verification, identity verification, filtering/auditing, text analysis, and certificates/authentication tools. Some were better than others, and while most addressed questions one and two above, they were silent about number three.
Over the past week there’s been a lot of Google blogging (here, here, here…) on TLF, so now it’s my turn. And I’ll defer to the post of my colleague Mark Blafkin on the ACT blog, provocatively titled Why is Google Pointing that Gun at its Foot?
Here’s a snippet:
Google has not yet learned that when you’re under antitrust scrutiny, EVERYTHING YOU DO is going to be analyzed through that lens. Every move your company makes will communicate something to the regulators, partners, customers, and competitors that are now watching you more closely. The last thing you want to do is give regulators more ammunition. At times, this may require changing decision making processes throughout the company, even in seemingly unrelated aspects of business.
ACT was engaged in the Microsoft antitrust case. Google can learn a lot from Microsoft’s battle, and by the way governments characterized what’s “anti-competitive.”
You can read McCain’s Technology plan here. Among other things he’s for “open and fair” trade and preserving the FCC’s 4 freedoms, but will not be in favor of a prescriptive, legislative approach to net neutrality. Overall it’s a mix of pretty good policies, albeit that one on muni broadband.
- Good: John McCain Opposes Higher Taxes On Wireless Services. John McCain has opposed new state and local discriminatory taxes and fees on wireless services, which are relied upon by over 250 million Americans. Taxes account for over 20 percent of many mobile phone users’ bills.
- Good: John McCain Has Been A Long And Ardent Supporter Of Fair And Open World Trade. Trade greatly benefits America and the American worker. The best protection for American workers is to ensure that they have access to the world’s customers, 95 percent of whom live outside the United States. This access is particularly important for workers in the information technology sector.
- Bad: John McCain believes that people acting through their local governments should be able to invest in their own future by building out infrastructure to provide high-speed Internet services. For this reason, Senator McCain introduced the “Community Broadband Bill,” which would allow local governments to offer such services, particularly when private industry fails to do so.
Tim has already analyzed the decision of the Federal Circuit in Jacobsen v. Katzer, but I’d go even further than he did and say that it could broadly impact the media and software industries. Because violating a condition to copyright can avail a plaintiff to seek greater damages than breach of contract, look for copyright owners to limit the scope of a license to use or redistribute a song or a software program by making them “conditions” of the copyright license and not contractual “covenants.”
The case is good for copyright owners that use open source licenses. But the rationale of the decision is not limited to only open source. And who relies on copyright the most? RIAA and MPAA. It’s only a decision of an interlocutory appeal, but copyright holders everywhere will be reviewing their licenses after this one. My fellow tech transactional attorney friends could be busy, as what’s good for the goose is good for the gander.
In 1998, the Internet was “green” with an influx of venture capital money. A decade later, green on the ‘Net is rapidly being identified with benefits to the environment. Due to high gas prices, there are a number of reports documenting increased use of the Internet for teleconferencing and telecommuting. I used these two as examples of activities we shouldn’t discourage when arguing in favor of extending the Internet access tax moratorium.
Now there’s a new tax on the horizon – digital downloads. Today’s CNET news article describes how states have recently passed laws taxing downloaded content from the Internet, and quotes my colleague Steve DelBianco: “A digital download is the greenest way to buy music, movies, and software, since it requires no driving to the store, no delivery vans, and no plastics or packaging.”
Indeed, Telefonica, Spain’s largest telecom provider, has a report that discusses the climate benefits of ICT. It’s based on another report published in 2003 from Digital Europe, a project funded by the European Union. The findings:
Resource comparative (minerals, fossil fuels, etc) used to access 56 minutes of music:
Physical retail: 1.56 Kg [3.4 lb]
Online Shopping: 1.31 Kg [2.9 lb]
Digital distribution (without subsequent burning): 0.60Kg [1.3 lb]
Digital distribution (burning on to a CD): 0.67 Kg [1.5 lb]
So download and be green, despite that tax regulators are green with envy about collecting taxes from digital downloads.
“Don’t Believe the Hype” — Chuck D, Public Enemy
De Tocqueville is famous for discussing the American way of enlightened self-interest, in which there are mixed elements of private and public goods involved. But when it comes to self-interested lobbying by the tech industry, it’s the words of an American rapper, not a French rapporteur, that I’d like to discuss.
“Innovation!” – “openness” – “jobs” – “choice.” There’s a lot of buzzword hype thrown out by IT companies. Policymakers hear these buzzwords all the time, which are usually connected to how certain regulatory polices can benefit the public interest the most.
So, what does it all mean? Well, a recently released paper of mine tells you absolutely nothing about which IT polices are better than others. That’s right, nada. Zilch. Zippo.
Instead, the paper — Understanding the IT Lobby: An Insider’s Guide — is an explanatory of business models in the Information Technology industry, and the public policies that can help or harm companies over their competitors. It’s not a Scott McClellan tell-all – rather it connects the dots between public policy rhetoric and licensing, service, and ad-based business models.
The gist: the pursuit of one public policy can disadvantage not just one company, but an entire business model. Continue reading →
Tickets, Baby, Tickets: that was the mantra of the ticket broker and reselling crowd at the Ticket Summit last week in Las Vegas. I was there to present on the legal and public policy issues of ticket reselling (with a focus on Internet sales).
The resale market for tickets is a great example of how markets work, because with event tickets it’s truly a case where supply and demand reigns supreme. But still, government regulation and the primary market have a large influence on how the resale secondary market operates.
I discussed three major influences — price caps, taxes and venue control.
Price caps–the amount you’re allowed to resell your ticket over face value — are on their way out, as legislators pretty much understand the economics of supply/demand.
Taxes are a different story, and are on the way in. A North Carolina bill (SB 1407) is the wave of the future I think – as states deregulate, they’ll think they need tax sales over face value. But general income tax laws still apply, so states and cities shouldn’t think they need a special tax (in North Carolina they call it a 3% “privilege tax”) just for tickets.
Venue control is also a growing force, and I discussed the legislative, licensing and technological ways venues can assert control over how a ticket is resold: Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.