When Strong Encryption Isn’t Enough to Protect Our Privacy

When Strong Encryption Isn’t Enough to Protect Our Privacy
By Bill Blunden
Feb 26 2015

“None of the claims of what comsec works is to be taken saltless: Tor, OTR, ZTRP are lures.” —Cryptome [3], Dec. 30, 2014

In the aftermath of Edward Snowden’s disclosures, the American public has been deluged with talking points that advocate strong encryption as a universal solution for protecting our privacy. Unfortunately the perception of strong encryption as a panacea is flawed. In this report I’ll explain why strong encryption isn’t enough and then present some operational guidelines which can be used to enhance your online privacy. Nothing worthwhile is easy. Especially sidestepping the Internet’s global Eye of Providence.

Anyone who reads through privacy recommendations published by the Intercept [4] or the Freedom of the Press Foundation [5] will encounter the same basic lecture. In a nutshell they advise users to rely on open source encryption software, run it from a CD-bootable copy of the TAILS operating system, and route their Internet traffic through the TOR anonymity network.

This canned formula now has a degree of official support from, of all places, the White House. A few days ago during an interview with Re/Code, President Obama assured [6] listeners that “there’s no scenario in which we don’t want really strong encryption.” It’s interesting to note how this is in stark contrast to public admonishments [7] by FBI director James Comey this past October for key escrow encryption, which is anything but strong.

So it would appear that POTUS is now towing a line advocated by none other than whistler-blower Snowden who asserted [8] that “properly implemented strong crypto systems are one of the few things that you can rely on.”

Only there’s a problem with this narrative and its promise of salvation: When your threat profile entails a funded outfit like the NSA, cyber security is largely a placebo.

Down To the Metal

A report [9] released by Moscow-based anti-virus vendor Kaspersky Lab proves that, despite the self-congratulatory public relations messaging of Google or Apple, strong encryption might not be the trendy cure-all it’s cracked up to be. The NSA has poured vast resources into hacking hardware platforms across the board, creating firmware modifications [10] that allow[11] U.S. spies to “capture a machine’s encryption password, store it in ‘an invisible area inside the computer’s hard drive’ and unscramble a machine’s contents.”

On a side note, Kaspersky Lab is one of two companies authorized [12] by Russian security service to provide anti-virus technology to the Russian government. The company’s founder, Eugene Kaspersky, a former [13] Soviet intelligence officer himself, has links to the Russian Federal Security Service, or FSB. So it makes sense that the one company with the audacity and skill to publicly showcase a global espionage program by the NSA would also be a company aligned with a countervailing power center outside of the United States.

Anyway, when it comes to bare-metal skullduggery there are plenty [14] of proof-of-concept [15] examples available in the public domain. But these experiments are nothing compared to the slick production-level malware deployed by NSA spies. When the Pentagon aims for information dominance[16] it doesn’t screw around. Hence blind trust in encryption software is exposed as a sort of magical thinking.

Some people would argue that the NSA’s hardware hacks aren’t a big deal because they’re used selectively for targeted intrusions. One problem with this stance is that spy gear has a habit of filtering down into the underworld because spies and crooks are kindred spirits who often work together. Another problem is that the NSA is actively working to industrialize [17] attacks so that they can be pulled off on a mass scale against large swathes [18] of users. The recent discovery of pre-installed malware [19] on Lenovo PCs should offer an unsettling hint [20] of where spies and their front companies are taking things.

Face it, an intelligence agency that makes off [21] with the encryption keys from a large multinational company that manufactures billions of SIM cards each year is an agency that’s doing much more than just small-scale targeted hardware attacks. They want to “collect it all.”


“Iraqi Assault to Retake Mosul from Islamic State Is Planned for Spring” —New York Timesheadline, Feb. 20, 2015

Given the sorry state of software engineering and the sheer scope of clandestine subversion programs, if spies want to root your machine they’ll probably find a way. The Internet is akin to a vast swamp in the Deep South. Users wade through a hostile murky environment surrounded by alligators prowling silently just below the surface.

And don’t think that tools like Tor [22] will protect you. The FBI has demonstrated repeatedly that it can unmask [23] Tor users with exploits. The FBI’s collection of cyber scalps includes [24] a high-ranking cyber security director who probably thought his game was tight. The litany of Tor’s failures have led security researchers to conclude [25] that, “Tor makes you stick out as much as a transgender Mongolian in the desert.”

Hence when going toe-to-toe with spies from the NSA’s Office of Tailored Access Operations [26] or, heaven forbid, its more daunting CIA brethren [27]in the Special Collection Service [28], operational security (OPSEC) becomes essential. This isn’t cynical “privacy nihilism” but rather clear-headed contingency planning. Once the NSA owns a computer the only things that stands between the user and spies is OPSEC. It takes groundwork, patience and (most of all) discipline. Even the professionals get this wrong. And when they do the results can be disastrous.

For a graphic illustration of this contemplate the case of Ross Ulbricht, the creator of Silk Road. The celebrated Tor anonymity network did very little [29]to stop the feds from getting a bead on him. To make matters worse you’d think Ulbricht would know better [30] to work with his back to the room so the feds could sneak up on him before he could log off, leaving his encrypted laptop in a decidedly vulnerable state.

It didn’t help that the Silk Road’s servers were configured to auto-login certain client machines and that Ulbricht’s laptop just happened to be connected to the Silk Road servers as a full administrator. Ditto that for Bitcoin wallets on the aforementioned laptop which allowed law enforcement agents to trace [31]over $13 million in Bitcoins to Ulbricht. 


Re: Thoughts On Today’s FCC Net Neutrality Ruling

Note:  This comment comes from reader Brett Glass.  DLH]

Date: February 27, 2015 at 00:06:27 EST
To: “Dewayne Hendricks” <dewayne@warpspeed.com>
From: Brett Glass <brett@lariat.net>
Subject: Re: Thoughts On Today’s FCC Net Neutrality Ruling | Internet Society

Dewayne, and everyone on the list:

This discussion reminds me of the very first science fiction book I read as a child (which inspired me to read more sci-fi and ultimately become an engineer): “A Wrinkle in Time” by Madeleine L’Engle. At the climax of the book, the (female) protagonist — facing a monstrous, brain-like entity that forces humans into complete conformity — shouts, “Like and equal are not the same thing at all!”

Truer words were never spoken. To treat USERS of the Internet — the ones who matter — fairly, we must treat bits differently and perhaps “unfairly” (if, just for the sake of discussion, we anthropomorphize them).

That’s why the very first Internet routers — the PDP-11-based systems affectionately known as “Fuzzballs” — had code in them to prioritize interactive protocols such as Telnet over non-interactive ones such as FTP. Since this is a somewhat technical mailing list, it hopefully is not too geeky to post the actual code (in PDP-11 macro assembly language):

; Precedence and weight assignment policies
; r1 = buffer pointer (preserve r0)
; Note: Precedence is established by a sixteen-bit field. The high-order eight
; bits are copied from the TOS field in the IP datagram. The low-order eight
; bits are set at one for tcp/telnet and zero otherwise. Weight is established
; by a sixteen-bit field, which is set at the number of octets in the datagram
; rounded up to the next 64-octet boundary.
WOLFF:  MOV     R0,-(SP)        ;save
MOV     PH.OFS(R1),R0   ;compute total length
ADD     PH.LNG(R1),R0
ADD     #77,R0          ;round up to 64-octet boundary
BIC     #77,R0
MOV     R0,PH.WGT(R1)
CLRB    PH.PRC(R1)      ;set precedence field
CMPB    IH.PRO(R1),#P.TCP ;is this tcp-telnet
BNE     2$              ;branch if no
MOV     R1,R0
ADD     PH.OFS(R1),R0
CMP     (R0)+,#S.TEL
BEQ     1$              ;branch if yes
CMP     (R0)+,#S.TEL
BNE     2$              ;branch if no
1$:     INC     PH.PRC(R1)      ;yes. bump precedence
2$:     MOV     (SP)+,R0        ;evas
RTS     PC

As one can see from the code, the router took into account the priority desired by the user (encoded in the header of the packet), the size of the packet, and whether the session was a Telnet session, and created a priority word that other parts of the code could use to determine how packets were dequeued in the event of congestion. The result: users would be less likely to suffer maddening delays while typing, while downloaders would barely notice the difference in the speeds of long file downloads because the prioritized Telnet packets were short. (The subroutine bears the name of Stephen Wolff, one of the “fathers” of the Internet, who worked on ARPANET, NSFNet, and more recently Internet2 — a special, government-funded Internet “fast lane” for academic institutions. He is also, among other things, a recipient of the Internet Society’s Postel Award.)

This was, and is, a good engineering solution. But we can’t — and shouldn’t — expect politically appointed bureaucrats ever to understand it. Nor should we expect corporations not to exert political pressure (as Google and Netflix did, when they goaded the White House to push for the regulations) to have their own packets prioritized.

The best we, as engineers, can do is ask that the regulators keep their hands off the Net unless there is an actual problem to solve — and it is one that can be solved via a political, rather than engineering, solution. The current so-called “network neutrality” regulations are not in any way “neutral.” They’re a “solution” that doesn’t work to a “problem” that doesn’t exist. And what’s more, they are illegal according to the plain language of Title II itself! (See 47 USC 230 for that language.) Let’s hope that the courts overturn them quickly and that engineers are allowed to optimize networks so as to provide the best user experience without government interference.

–Brett Glass

Thoughts On Today’s FCC Net Neutrality Ruling
By Sally Wentworth
Feb 26 2015

A different cluetrain

[Note:  This item comes from friend David Rosenthal.  DLH]

A different cluetrain 
By Charlie Stross 
Feb 25 2015 
<http://www.antipope.org/charlie/blog-static/2015/02/a-different-cluetrain.html <http://www.antipope.org/charlie/blog-static/2015/02/a-different-cluetrain.html>>

Right now, I’m chewing over the final edits on a rather political book. And I think, as it’s a near future setting, I should jot down some axioms about politics …

• We’re living in an era of increasing automation. And it’s trivially clear that the adoption of automation privileges capital over labour (because capital can be substituted for labour, and the profit from its deployment thereby accrues to capital rather than being shared evenly across society).

• A side-effect of the rise of capital is the financialization of everything—capital flows towards profit centres and if there aren’t enough of them profits accrue to whoever can invent some more (even if the products or the items they’re guaranteed against are essentially imaginary: futures, derivatives, CDOs, student loans).

• Since the collapse of the USSR and the rise of post-Tiananmen China it has become glaringly obvious that capitalism does not require democracy. Or even benefit from it. Capitalism as a system may well work best in the absence of democracy.

• The iron law of bureaucracy states that for all organizations, most of their activity will be devoted to the perpetuation of the organization, not to the pursuit of its ostensible objective. (This emerges organically from the needs of the organization’s employees.)

• Governments are organizations.

• We observe the increasing militarization of police forces and the priviliging of intelligence agencies all around the world. And in the media, a permanent drumbeat of fear, doubt and paranoia directed at “terrorists” (a paper tiger threat that kills fewer than 0.1% of the number who die in road traffic accidents).

• Money can buy you cooperation from people in government, even when it’s not supposed to.

• The internet disintermediates supply chains.

• Political legitimacy in a democracy is a finite resource, so supplies are constrained.

• The purpose of democracy is to provide a formal mechanism for transfer of power without violence, when the faction in power has lost legitimacy.

• Our mechanisms for democratic power transfer date to the 18th century. They are inherently slower to respond to change than the internet and our contemporary news media.

• A side-effect of (7) is the financialization of government services (2).

• Security services are obeying the iron law of bureaucracy (4) when they metastasize, citing terrorism (6) as a justification for their expansion.

• The expansion of the security state is seen as desirable by the government not because of the terrorist threat (which is largely manufactured) but because of (11): the legitimacy of government (9) is becoming increasingly hard to assert in the context of (2), (12) is broadly unpopular with the electorate, but (3) means that the interests of the public (labour) are ignored by states increasingly dominated by capital (because of (1)) unless there’s a threat of civil disorder. So states are tooling up for large-scale civil unrest.

• The term “failed state” carries a freight of implicit baggage: failed at what, exactly? The unspoken implication is, “failed to conform to the requirements of global capital” (not democracy—see (3)) by failing to adequately facilitate (2).

• I submit that a real failed state is one that does not serve the best interests of its citizens (insofar as those best interests do not lead to direct conflict with other states).

• In future, inter-state pressure may be brought to bear on states that fail to meet the criteria in (15) even when they are not failed states by the standard of point (16). See also: Greece.


The everyday terror we all live with

The everyday terror we all live with 
By digby
Feb 16 2015

I realize that terrorism is scary and I certainly hope that the US doesn’t suffer any more attacks from Islamic extremists any time soon.

But this is the kind of thing that really scares the hell out of me and it’s all too common in America:
After giving her 15-year-old daughter a driving lesson in the parking lot of a Las Vegas middle school last Thursday night, Tammy Meyers nearly hit another car on their drive home. That car apparently followed them home, police say, where one passenger opened fire, hitting Meyers in the head. Meyers, 44, died at University Medical Center Saturday after her family took her off life support.

According to the Las Vegas Review-Journal, after avoiding the wreck with the other vehicle, Meyers pulled over, and got into an argument with the three people reportedly in the second car; one apparently threatened her.

The car allegedly followed the Meyers’ home, and after the mother and daughter pulled in front of their house, opened fire. Tammy’s husband, Robert, told the Associated Press that after hearing gunshots, the couple’s adult son ran out of the house with a handgun, firing several shots. ABC News reports the daughter had run inside before the shooting started.

We live in a shooting gallery in this country. The bullet of a random armed asshole angry about a fender bender is far more likely to kill us than a terrorist:


Why Does the FBI Have To Manufacture Its Own Plots If Terrorism and ISIS Are Such Grave Threats?

[Note:  This item comes from friend David Rosenthal.  DLH]

Feb 26 2015

The FBI and major media outlets yesterday trumpeted the agency’s latest counterterrorism triumph: the arrest of three Brooklyn men, ages 19 to 30, on charges of conspiring to travel to Syria to fight for ISIS (photo of joint FBI/NYPD press conference, above). As my colleague Murtaza Hussain ably documents, “it appears that none of the three men was in any condition to travel or support the Islamic State, without help from the FBI informant.” One of the frightening terrorist villains told the FBI informant that, beyond having no money, he had encountered a significant problem in following through on the FBI’s plot: his mom had taken away his passport. Noting the bizarre and unhinged ranting of one of the suspects, Hussain noted on Twitter that this case “sounds like another victory for the FBI over the mentally ill.”

In this regard, this latest arrest appears to be quite similar to the overwhelming majority of terrorism arrests the FBI has proudly touted over the last decade. As my colleague Andrew Fishman and I wrote last month— after the FBI manipulated a 20-year-old loner who lived with his parents into allegedly agreeing to join an FBI-created plot to attack the Capitol — these cases follow a very clear pattern:

The known facts from this latest case seem to fit well within a now-familiar FBI pattern whereby the agency does not disrupt planned domestic terror attacks but rather creates them, then publicly praises itself for stopping its own plots.

First, they target a Muslim: not due to any evidence of intent or capability to engage in terrorism, but rather for the “radical” political views he expresses. In most cases, the Muslim targeted by the FBI is a very young (late teens, early 20s), adrift, unemployed loner who has shown no signs of mastering basic life functions, let alone carrying out a serious terror attack, and has no known involvement with actual terrorist groups.

They then find another Muslim who is highly motivated to help disrupt a “terror plot”: either because they’re being paid substantial sums of money by the FBI or because (as appears to be the case here) they are charged with some unrelated crime and are desperate to please the FBI in exchange for leniency (or both). The FBI then gives the informant a detailed attack plan, and sometimes even the money and other instruments to carry it out, and the informant then shares all of that with the target. Typically, the informant also induces, lures, cajoles, and persuades the target to agree to carry out the FBI-designed plot. In some instances where the target refuses to go along, they have their informant offer huge cash inducements to the impoverished target.

Once they finally get the target to agree, the FBI swoops in at the last minute, arrests the target, issues a press release praising themselves for disrupting a dangerous attack (which it conceived of, funded, and recruited the operatives for), and the DOJ and federal judges send their target to prison for years or even decades (where they are kept in special GITMO-like units). Subservient U.S. courts uphold the charges by applying such a broad and permissive interpretation of “entrapment” that it could almost never be successfully invoked.

Once again, we should all pause for a moment to thank the brave men and women of the FBI for saving us from their own terror plots.


Thoughts On Today’s FCC Net Neutrality Ruling

Thoughts On Today’s FCC Net Neutrality Ruling
By Sally Wentworth
Feb 26 2015

Today the eyes of many people around the world have been focused on Washington, DC, as the U.S. Federal Communications Committee (FCC) held an Open Meeting where they voted on a Report and Order around “Protecting and Promoting the Open Internet”. More commonly known as the ruling on “Network Neutrality”, the vote today represents what is a potentially major shift in the longstanding policy of the United States with regard to regulation of Internet services.

The Internet Society has always supported the fundamental values of a global, open Internet grounded in transparency, access and choice. We believe that openness should be the guiding principle that continues to enable the success and growth of the Internet. The goals of the U.S. Federal Communication Commission’s (FCC) Open Internet Order – providing U.S. consumers with meaningful transparency, addressing concerns over blocking and discrimination, clarifying the role of reasonable network management, and enabling the permissionless innovation that has led to the success of the Internet today – are all really important.

However, if we look at this in light of a range of proposals around the world that aim to apply policies designed for telecommunications networks and services to the Internet, we consider it possible that such an approach could result in the opposite consequences. We realize that there are unique legislative and procedural challenges in the U.S., but we are concerned with the FCC’s decision to base new rules for the modern Internet on decades-old telephone regulations designed for a very different technological era.

Regulatory approaches that could affect the sustainability of the global, open Internet need to take into account the technical reality of how networks are operated and managed. Allowing the necessary technological flexibility to keep pace with rapid innovation is integral to ensuring the continued growth and success of the Internet. We believe we need to be careful that this flexibility is not undermined by the use of a regulatory framework designed to govern the old telecommunications system.

The explosive innovation that has occurred over the last two decades has allowed for communities across the world to participate in and benefit from connectivity, both socially and economically. Promoting Internet access and availability is integral to the success of our digital future, and global public policies should continue to be guided by the fundamentals that have contributed to the Internet’s growth. We believe a regulatory paradigm ill-suited for the current and future Internet ecosystem could have severe implications on this continued success.

As a global organization, we recognize that the FCC’s decision today applies only to the United States, but we also realize that other nations may look to the FCC’s ruling as a model for their own regulations. For that reason it’s critical to us that regulations of this nature be compatible with the principles that have led to the innovation and opportunity that are the hallmarks of today’s global Internet.

We know that these are complex issues and that working to maintain the benefits of an open Internet presents us all with an ongoing challenge. We look forward to reviewing the full text of the FCC’s Order once it’s released.

FCC votes for net neutrality, a ban on paid fast lanes, and Title II

FCC votes for net neutrality, a ban on paid fast lanes, and Title II
Internet providers are now common carriers, and they’re ready to sue.
By Jon Brodkin
Feb 26 2015

The Federal Communications Commission today voted to enforce net neutrality rules that prevent Internet providers—including cellular carriers—from blocking or throttling traffic or giving priority to Web services in exchange for payment.

The most controversial part of the FCC’s decision reclassifies fixed and mobile broadband as a telecommunications service, with providers to be regulated as common carriers under Title II of the Communications Act. This decision brings Internet service under the same type of regulatory regime faced by wireline telephone service and mobile voice, though the FCC is forbearing from stricter utility-style rules that it could also apply under Title II.

The decision comes after a year of intense public interest, with the FCC receiving four million public comments from companies, trade associations, advocacy groups, and individuals. President Obama weighed in as well, asking the FCC to adopt the rules using Title II as the legal underpinning. The vote was 3-2, with Democrats voting in favor and Republicans against.

Chairman Tom Wheeler said that broadband providers have the technical ability and financial incentive to impose restrictions on the Internet. Wheeler said further:

The Internet is the most powerful and pervasive platform on the planet. It is simply too important to be left without rules and without a referee on the field. Think about it. The Internet has replaced the functions of the telephone and the post office. The Internet has redefined commerce, and as the outpouring from four million Americans has demonstrated, the Internet is the ultimate vehicle for free expression. The Internet is simply too important to allow broadband providers to be the ones making the rules.

This proposal has been described by one opponent as “a secret plan to regulate the Internet.” Nonsense. This is no more a plan to regulate the Internet than the First Amendment is a plan to regulate free speech. They both stand for the same concepts: openness, expression, and an absence of gate keepers telling people what they can do, where they can go, and what they can think.

Wheeler also said putting rules in place will give network operators the certainty they need to keep investing.

Commissioner Mignon Clyburn, the longest-tenured commissioner and someone who supported Title II five years ago, said the net neutrality order does not address only theoretical harms.

“This is more than a theoretical exercise,” she said. “Providers here in the United States have, in fact, blocked applications on mobile devices, which not only hampers free expression, it also restricts innovation by allowing companies, not the consumer, to pick winners and losers.”

Clyburn convinced Chairman Tom Wheeler to remove language that she believed was problematic.

“We worked closely with the chairman’s office to strike an appropriate balance and, yes, it is true that significant changes were made at my office’s request, including the elimination of the sender side classification, but I firmly believe that these edits have strengthened this item,” she said.

Clyburn, Google, and consumer advocacy groups told Wheeler that language classifying a business relationship between ISPs and Web services as a common carrier service could give ISPs grounds to charge online content providers for access to their networks. This language was apparently removed, but service that ISPs offer to home and business Internet users was still reclassified as a common carrier service. FCC officials believe this classification alone gives them power to enforce net neutrality rules and oversee network interconnection disputes that affect consumers.

Internet service providers such as Comcast, AT&T, and Verizon lobbied heavily against the Title II decision and could sue to overturn the rules. But Wheeler believes Title II puts the FCC on stronger legal ground. The FCC previously passed net neutrality rules in 2010, relying on some of its weaker authority, but the rules were largely overturned after a Verizon lawsuit.

By winning that case, Verizon inadvertently opened itself and all other Internet providers up to even stricter rules. The new rules go beyond the net neutrality rules passed in 2010. And this time around, the FCC is applying the rules equally to fixed and mobile broadband, whereas its 2010 rules went easier on Verizon’s wireless subsidiary and other cellular companies.

The core net neutrality provisions are bans on blocking and throttling traffic, a ban on paid prioritization, and a requirement to disclose network management practices. Broadband providers will not be allowed to block or degrade access to legal content, applications, services, and non-harmful devices or favor some traffic over others in exchange for payment. There are exceptions for “reasonable network management” and certain data services that don’t use the “public Internet.” Those include heart monitoring services and the Voice over Internet Protocol services offered by home Internet providers.

The reasonable network management exception applies to blocking and throttling but not paid prioritization.


Surveillance-based manipulation: How Facebook or Google could tilt elections

Surveillance-based manipulation: How Facebook or Google could tilt elections
From Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.
By Bruce Schneier
Feb 26 2015

Bruce Schneier is a cryptographer and security expert who has been blogging on those topics since 2004. He is the author of numerous books, including Carry On and Liars and Outliers. The following is an excerpt from his latest book, Data and Goliath: The Hidden Battles to Collect your Data and Control Your World. Copyright © 2015 by Bruce Schneier. With permission of the publisher, W. W. Norton & Company, Inc. All rights reserved.

Someone who knows things about us has some measure of control over us, and someone who knows everything about us has a lot of control over us. Surveillance facilitates control.

Manipulation doesn’t have to involve overt advertising. It can be product placement that makes sure you see pictures that have a certain brand of car in the background. Or just increasing how often you see those cars. This is, essentially, the business model of search engines. In their early days, there was talk about how an advertiser could pay for better placement in search results. After public outcry and subsequent guidance from the FTC, search engines visually differentiated between “natural” results by algorithm, and paid results. So now you get paid search results in Google framed in yellow, and paid search results in Bing framed in pale blue. This worked for a while, but recently the trend has shifted back. Google is now accepting money to insert particular URLs into search results, and not just in the separate advertising areas. We don’t know how extensive this is, but the FTC is again taking an interest.

When you’re scrolling through your Facebook feed, you don’t see every post by every friend; what you see has been selected by an automatic algorithm that’s not made public. But someone can pay to increase the likelihood that their friends or fans will see their posts. Corporations paying for placement is a big part of how Facebook makes its money. Similarly, a lot of those links to additional articles at the bottom of news pages are paid placements.

The potential for manipulation here is enormous. Here’s one example. During the 2012 election, Facebook users had the opportunity to post an “I Voted” icon, much like the real stickers many of us get at polling places after voting. There is a documented bandwagon effect with respect to voting; you are more likely to vote if you believe your friends are voting, too. This manipulation had the effect of increasing voter turnout 0.4% nationwide. So far, so good. But now imagine if Facebook manipulated the visibility of the “I Voted” icon based on either party affiliation or some decent proxy of it: ZIP code of residence, blogs linked to, URLs liked, and so on. It didn’t, but if it did, it would have had the effect of increasing voter turnout in one direction. It would be hard to detect, and it wouldn’t even be illegal. Facebook could easily tilt a close election by selectively manipulating what posts its users see. Google might do something similar with its search results.

A truly sinister social networking platform could manipulate public opinion even more effectively. By amplifying the voices of people it agrees with, and dampening those of people it disagrees with, it could profoundly distort public discourse. China does this with its 50 Cent Party: people hired by the government to post comments on social networking sites supporting, and challenge comments opposing, party positions. Samsung has done much the same thing.

Many companies manipulate what you see based on your user profile: Google search, Yahoo News, even online newspapers like the New York Times. This is a big deal. The first listing in a Google search result gets a third of the clicks, and if you’re not on the first page, you might as well not exist. The result is that the Internet you see is increasingly tailored to what your profile indicates your interests are. This leads to a phenomenon that political activist Eli Pariser has called the “filter bubble”: an Internet optimized to your preferences, where you never have to encounter an opinion you don’t agree with. You might think that’s not too bad, but on a large scale it’s harmful. We don’t want to live in a society where everybody only ever reads things that reinforce their existing opinions, where we never have spontaneous encounters that enliven, confound, confront, and teach us.


FCC overturns state laws that protect ISPs from local competition

FCC overturns state laws that protect ISPs from local competition
Municipal broadband networks could expand because of FCC’s controversial vote.
By Jon Brodkin
Feb 26 2015

The Federal Communications Commission today voted to preempt state laws in North Carolina and Tennessee that prevent municipal broadband providers from expanding outside their territories.

The action is a year in the making. FCC Chairman Tom Wheeler announced in February 2014 his intention to override state laws designed to protect private cable companies and telcos from public sector competition. Wheeler took his cue from the federal appeals court ruling that overturned net neutrality rules; tucked away in that decision was one judge’s opinion that the FCC has the authority to preempt “state laws that prohibit municipalities from creating their own broadband infrastructure to compete against private companies.”

Nineteen states have such laws, often passed at the behest of private Internet service providers that didn’t want to face competition. Communities in two of the states asked the FCC to take action. The City of Wilson, North Carolina and the Electric Power Board (EPB) of Chattanooga, Tennessee filed the petitions that led to today’s FCC action. Each offers broadband service to residents and received requests for service from people in nearby towns, but they alleged that state laws made it difficult or impossible for them to expand.

“You can’t say you’re for broadband and then turn around and endorse limits on who can offer it,” Wheeler said today. “You can’t say, ‘I want to follow the explicit instructions of Congress to remove barriers to infrastructure investment,’ but endorse barriers on infrastructure investment. You can’t say you’re for competition but deny local elected officials the right to offer competitive choices.”

States have given municipalities the authority to offer broadband but made it difficult with tons of bureaucratic requirements, he said. “The bottom line is some states have created thickets of red tape designed to limit competition,” he said. Local residents and businesses are the ones suffering the consequences, he argued, pointing to members of the two communities in the audience.

Some businesses are forced to move to other towns for lack of better broadband, he said. Wheeler described one person who pays $316 a month “for a collage of services that includes two mobile hotspots,” while living less than a mile from a gigabit network. One woman in the FCC’s audience has to drive her son 12 miles to a church where he can access Internet service fast enough to do schoolwork, he said. These people are “condemned to second-rate broadband.”

Both EPB and Wilson have advanced networks but are surrounded by communities that lack advanced service, FCC wireline competition official Gregory Kwan told commissioners.

“EPB is an island of competitive high speed broadband service surrounded by areas for the most part with single or no provider of advanced broadband,” he said. “Wilson’s network… is a similar situation, an island of competition surrounded by a sea of little to no options for world class competitive broadband services.”

“Our focus is really about wanting to serve our neighbors who have little or no access to broadband,” EPB communications VP Danna Bailey told Ars yesterday. “We’re hoping that the FCC votes in favor of our petition, but we’ll have to understand any ramifications of anticipated legal challenges before we move forward.”

The vote was followed by applause from the crowd.

Democrats say yea, Republicans nay

The vote was split 3-2 along party lines, with Wheeler joined by fellow Democrats Mignon Clyburn and Jessica Rosenworcel.

“There are provisions that limit service by municipalities to specific areas but not others even if the local governmental entity has a pre-existing telecommunications network in that region,” Clyburn said in today’s meeting. “And just what has been the result? Certain communities have the capacity to achieve limitless outcomes, while others a few yards from town are stuck in a digital desert deprived of the means to close persistent opportunity gaps.”

Rosenworcel likened municipal Internet service to “broadband barn raising.”


Why I’m Saying Goodbye to Apple, Google and Microsoft

Why I’m Saying Goodbye to Apple, Google and Microsoft
I’m putting more trust in communities than corporations
By Dan Gillmor
Feb 25 2015

When I became a technology columnist in the mid-1990s, the public Internet was just beginning its first big surge. Back then, I advised my readers to avoid the semi-political, even religious battles that advocates of this or that technology platform seemed to enjoy. Appreciate technology, I urged, for what it is — a tool — and use what works best.

So why am I typing this on a laptop running GNU/Linux, the free software operating system, not an Apple or Windows machine? And why are my phones and tablets running a privacy-enhanced offshoot of Android called Cyanogenmod, not Apple’s iOS or standard Android?

Because, first of all, I can get my work done fine. I can play games. I can surf endlessly. The platform alternatives have reached a stage where they’re capable of handling just about everything I need.

More important, I’ve moved to these alternative platforms because I’ve changed my mind about the politics of technology. I now believe it’s essential to embed my instincts and values, to a greater and greater extent, in the technology I use.

Those values start with a basic notion: We are losing control over the tools that once promised equal opportunity in speech and innovation—and this has to stop.

Control is moving back to the center, where powerful companies and governments are creating choke points. They are using those choke points to destroy our privacy, limit our freedom of expression, and lock down culture and commerce. Too often, we give them our permission—trading liberty for convenience—but a lot of this is being done without our knowledge, much less permission.

The tools I use now are, to the extent possible, based on community values, not corporate ones.

I’m not acting on some paranoid fantasies here. I’m emulating, in the tech sphere, some of the principles that have led so many people to adopt “slow food” or vegetarian lifestyles, or to minimize their carbon footprint, or to do business only with socially responsible companies.

Nor do I intend to preach. But if I can persuade even a few of you to join me, even in some small ways, I’ll be thrilled.

I’m the first to recognize, meanwhile, that I’m still a long way from achieving true tech liberty. Maybe it’s impossible, or close to it, in the near and medium terms. But this is a journey—a continuing journey—worth taking. And if enough of us embark on it, we can make a difference.

Part of my conversion stems from an abiding distaste for corporate and government control-freakery. If we believe in liberty, we have to realize that we take risks to be more free. If we believe in competition, we sometimes have to intervene as a society to ensure that it’s fair.

One way we try to ensure fair competition is enforcement of laws designed to promote it, notably antitrust rules that seek to prevent dominant companies from abusing their dominance. A classic example emerged in the 1990s: Microsoft, a company that had outsmarted and/or outsleazed IBM and everyone else in its rise to pure dominance in the operating system and office “productivity” software markets.