Tuesday, May 23, 2006

David Siegel, Global Crossing: telco blog pioneer

Martin Geddes has interviewed my co-worker Dave Siegel, and the results are up at his blog, Telepocalypse.

Botnet interview on the Security Catalyst podcast

I did an interview over the weekend with Michael Santarcangelo of the Security Catalyst about botnets. Part I of that interview is available now as a podcast (you can subscribe via Yahoo or iTunes).

UPDATE: Part two is here.

Bush administration on NSA suit: Courts have no right to address the issue

Ed Brayton points out a paragraph from an AP story that says:
The Bush administration has urged a judge to dismiss a similar case, saying it threatens to divulge state secrets and jeopardize national security. The government argued in briefs that the courts cannot decide the constitutionality of the president's asserted wartime powers to eavesdrop on Americans without warrants.
As Ed observes,
If the courts cannot decide the constitutionality of such programs, then we might as well not have a constitution or courts at all.

Monday, May 22, 2006

Net Neutrality and Fair Use

Larry Lessig has posted an interesting blog article comparing net neutrality to fair use, and asking whether there's a problem in consistency on the part of those who favor one but not the other. As someone who more strongly supports laws recognizing fair use than regulated net neutrality, I agree with the reasons given by several of the posters (including Kevin Farnham, Jeremy, Cory Doctorow, three blind mice, and poptones). It seems that some of the better reasons to question creating a regulatory regime for net neutrality are present in these comments--I'm pleasantly surprised to see that the comments appear to be dominated by net neutrality skeptics.

Some of the highlights:

* Fair use is a limitation on rights pertaining to intellectual property, while net neutrality is a limitation on rights pertaining to physical property--Lessig's own excellent book Free Culture points out that intellectual or creative property is different from physical property in significant ways.
* The burden of proof on a fair use claim is on the person claiming fair use, not the copyright owner; in net neutrality the burden is on the property owner.
* Fair use is really a limitation on a government regulation (copyright), while net neutrality is a regulation that's a limit on business models, contracts, and technology.
* Net neutrality advocates have not been clear about what they would require and prohibit, how violations will be detected/measured, and what the enforcement mechanisms will be. (I don't trust Congress to tell network engineers how to do their jobs.)

Sunday, May 21, 2006

Dirty Politician: William Jefferson

Rep. William Jefferson (D-LA)'s Washington office was raided last night, and the FBI has disclosed portions of recorded conversations last year between Jefferson and an informant. The informant had paid Jefferson $100,000 in $100 bills (caught on videotape by the FBI) to be delivered to an official in Nigeria. In a telephone conversation on August 1 which the FBI has partially disclosed, Jefferson and the informant spoke to each other in code about the bribe money, which was recovered from Jefferson's freezer during a police search on August 3. In that conversation, the informant asked about the status of "the package." Jefferson replied that "I gave him the African art that you gave me and he was very pleased."

Jefferson apparently had the objective of getting work in Africa for a communications company, and getting his children a cut of that deal.

Via Talking Points Memo.

Friday, May 19, 2006

Yglesias on McCurry

Matthew Yglesias, covering for Joshua Micah Marshall at Talking Points Memo, writes of Mike McCurry's battle with bloggers over net neutrality:

People disagreed with McCurry about the net neutrality issue because people disagree about issues. People got so mad at him precisely because of this kind of patronizing attitude. He was peddling flimsy arguments as if it never occurred to him that the blogosphere is full of people who know a lot about the internet and could handle a grown-up argument (see a non-flimsy, though ultimately unpersuasive, anti-neutrality piece if you're interested).

One of the most neglected aspects of the blogosphere, in my opinion, is that precisely because it's (mostly) composed of people who aren't professional journalists, it's composed of people who are professional doers of something else and know a great deal about what it is they "really" do. Consequently, the overall network of blogs contains a great deal of embedded knowledge. The consensus that emerges from that process can, of course, be mistaken but even though the most prominent people expressing that consensus may not be experts in the subject at hand (the most prominent bloggers tend to be generalists), the consensus will almost always be grounded in some kind of well-informed opinions. If you want to push back on that, in other words, you'd better know what you're talking about and not treat your audience like a pack of mewling children.

While I agree that McCurry was occasionally patronizing in what he posted, at least he hasn't gotten his facts as wrong as Matt Stoller at MyDD, Adam Green at the Huffington Post, the "Save the Internet" Coalition, or Art Brodsky at Talking Points Memo. These guys don't know the difference between net neutrality and common carriage, don't understand who or what common carriage applies to, don't understand how or why network service providers interconnect, don't understand the utility and current uses by providers of QoS, don't understand the unintended negative consequences of bills like HR 5417, and have a naive faith that the FCC will act only as a force for freedom and goodness.

The fact is that most of the material being posted by bloggers in favor of net neutrality regulation is by people who are not experts in how the Internet works--while there are certainly advocates of net neutrality among those who operate Internet networks (and I myself am supportive, with qualifications, of the four principles in the FCC policy statement), my perception is that most of them favor keeping government out of it as much as possible and agree with the additional six principles advocated by McCurry's organization, "Hands Off the Internet."

Bad unintended consequences of HR 5417

(I should preface this by saying that I am not a lawyer, only a relatively well-informed layman who has demonstrated the ability to win lawsuits against telemarketers without using an attorney.)

Some network neutrality advocates are promoting James Sensenbrenner and John Conyers' HR 5417 as a step in the right direction for putting network neutrality into law. But HR 5417 is a badly written bill with some serious negative implications. (There are a bunch of other network neutrality bills in the works, which I haven't yet examined.)

First, it turns all NSPs and ISPs into "broadband network providers" even if they don't provide any residential consumer services. All that matters is whether you provide two-way Internet at speeds of 200 kbps or greater.

Second, it prohibits preventing anyone from sending or receiving traffic that is legal. This means ISPs cannot have acceptable use policies against spammers that go beyond what is required by the federal CAN-SPAM law except in states which have stricter laws, and they have to sell service to known spammers who comply with CAN-SPAM, and you can't kick adware companies off your network until and unless the specific abusive actions they are taking are made illegal.

Third, it says that if you provide a custom service like IP Video or VOIP interconnection at a higher class of service, you must allow your customers to connect to that "type" of service to any other provider of IP Video or VOIP, regardless of location, whether those providers are customers of yours or not. But if you don't provide those services over the Internet, who is supposed to bear the costs of interconnection to providers who aren't customers?

Fourth, it prohibits all restrictions on what devices users can connect to the network except on grounds of physical harm or degrading the service of others. But what if you offer a specialized service that only supports some vendors' equipment, and has to have a particular configuration to function properly? This seems to say that you have to let customers configure unsupported or incorrectly configured equipment to the network.

This bill is a nice example of bad unintended consequences.

(Also see Richard Bennett's Original Blog.)

Misinformation from "Save the Internet"

The little cartoon movie from "Hands Off the Internet" (an organization funded by member organizations that include major telcos and equipment vendors) has led to a response from "Save the Internet" (advocates of net neutrality funded by MoveOn.org and others).

"Save the Internet" claims that the cartoon is "a clever piece of industry propaganda that is riddled with half-truths and outright lies." It then quotes a few passages from the cartoon and offers responses. Unfortunately, it is "Save the Internet"'s response that contains misinformation, and it fails to point out any alleged lies.

In what follows, I'll quote directly from the "Save the Internet" response (including the quotes from the "Hands Off" cartoon they are responding to) and then respond to each point.
The big telecom companies say: "Is the Internet in Danger? Does the Internet need saving? It keeps getting faster. We keep getting more choices."

The truth: Right now AT&T and others want to take away your choices and control what you can do and watch online. They're on their best behavior while trying to convince Congress to hand over the Internet. But if their high-priced lobbyists get their way in Washington, the Internet as we know it will be gone. Network Neutrality has always curbed the control of the network owners, invited competition and encouraged innovators. It's what made it possible for entrepreneurs and creative thinkers to prosper online. None of the big ideas that made the Internet the innovative engine it is today came from the cable or telephone companies.

Notice that there's no evidence supplied to support the claim that "AT&T and others want to take away your choices and control what you can do and watch online." What the telcos want to do is build new last-mile consumer services by installing a new fiber-to-the-home infrastructure, over which they can offer services in addition to and distinct from the public Internet, just as they currently offer voice telephony as a service separate and distinct from the public Internet. Specifically, they want to offer digital television services and potentially new services which they control, following the model of the cable industry. The telcos' real desire is to compete with the cable industry and be regulated in much the same way. They further want to be able to charge content providers to be able to provide services over this new fiber, because they know that consumer fees alone are not sufficient to recover their costs in rolling out this new infrastructure. (BTW, my opinion is that just as the cable companies lost leverage over content providers as a result of competition from direct broadcast satellite, telcos will lose or fail to gain leverage over content providers using new services over fiber-to-the-home, as a result of competition from wireless broadband providers, as well as from cable companies.)
The big telecom companies say: "Building the next generation of the Internet is going to take a lot of work and cost a lot of money. And some big corporations can't wait to use it.... They're going to make billions. But they don't want to pay anything. Instead they want to stick consumers with the whole bill."

The truth: Nobody is getting a free ride on the Internet. Any Web site or service you use on the Internet has already paid these providers to reach you -- just like you pay to send e-mail and download files. In fact, total expenses from major content and service providers to expand network capacity totaled about $10 billion last year. But the cable and phone companies want even more -- forcing content providers to pay protection money to get a spot in the fast lane. Who do you think will pay that bill? You will … big time. The costs will be passed directly to consumers. If Net Neutrality is so bad for consumers, why do ALL the major consumer groups support it and ALL the major phone companies oppose it? Who do you trust more to defend your Internet rights? Without meaningful protections of Net Neutrality, there will be less choice on the Internet and higher prices, at a time we're already falling far behind the rest of the world.

It's true that content providers are paying Internet providers today to reach the "eyeball customers" of the telcos and cable companies. But they are reaching them over today's best-effort Internet, not over the new infrastructure they want to build out. Now, here there is a real issue, but it's one that advocates of net neutrality have tended to obscure rather than illuminate, and that is that today, telcos are required to allow other Internet providers to provide service over their last-mile consumer broadband (DSL) circuits, and the courts recently ruled that this will no longer be required, putting the telcos on the same footing as the cable companies, which have never been required to share their networks. The difference between the two is that the telcos were given free rights-of-way to build their networks, were given monopoly status for local telephony status, and received huge tax breaks and subsidies in the form of universal service fees collected from long distance providers; this form of public funding justified the common carriage requirements that made them allow their networks to be used by other players that compete with them. The cable companies, by contrast, got none of these benefits and have to pay a portion of their revenues to local municipalities as part of their franchise agreement in an area. The cable model actually seems to be a better model and to be more competitive, though I think both are far from ideal. In any case, the empirical evidence is that the more competition there is for broadband Internet services, the lower the costs to consumers and the more innovation we see.

The big telecom companies say: "These corporations are asking Congress to create volumes of new regulations to control how content is delivered over the Internet. Should politicians and bureaucrats replace network administrators? It will be the first major government regulation of the Internet and it will fundamentally change how the Internet works. These big corporations and the SavetheInternet campaign want the government to take control of the Internet."

The truth: There's nothing new about Net Neutrality. It has been a fundamental part of the Internet since its inception. As a tenet of communications policy, it goes back some 70 years. Only last year did the Supreme Court uphold a bad decision by the Federal Communications Commission to do away with the rules that forced cable and phone companies to open up their networks to competitors. Those rules protected Internet freedom by ensuring lots of competition (think of all the choices you've had for long distance service or dial-up Web access). In fact, these rules still protect the Internet under a temporary FCC ruling. All a Net Neutrality law would do is maintain the even playing field we've always enjoyed -- by preventing big cable and telephone corporations from taking over as gatekeepers.

Now here's where "Save the Internet" goes completely off the rails. Net Neutrality has not been "part of the Internet since its inception" nor does it go back 70 years. This is a confusion about common carriage requirements on telco's networks vs. Internet services. When other DSL services use telco last-mile circuits to reach their customers, they are providing their own Internet services, not the telcos. They aren't using the telco's Internet networks at all. ISPs have never been classified as "common carriers" or required to connect anyone to their networks. Rather, they've been classified as information services or enhanced services, and exempted from common carriage requirements. Internet interconnection is governed by peering arrangements which are arranged either privately between two ISPs or network service providers, or by connecting to a public peering point and governed by the rules of the organization managing that peering point (itself a private, not government, organization).

The sentence about the Supreme Court upholding a bad FCC decision "to do away with the rules that forced cable and phone companies to open up their networks to competitors" is just mistaken in its inclusion of cable companies. Cable companies have never been required to open up their networks to competitors.

(UPDATE May 21, 2006: Timothy Karr of Save the Internet says that the "goes back some 70 years" remark does not refer to common carriage, but he hasn't yet told me what it is referring to. I'll update this entry when he does.)
The big telecom companies say: "The net neutrality issue is a fundamental question about who should control the Internet: The people or the government? And it's a fight about who's going to pay: multi-billion dollar corporations or you?"

The truth: Who should control the Internet? Now that's a good question. But the real choice we face is whether we're going to keep the good government policy that has protected Internet freedom, created a truly free market in content and services, and encouraged free speech to flourish online -- or let predatory companies like AT&T and Comcast rewrite our telecommunications law and place their chokehold on online content and services. For the entire history of the Internet, Web sites and online ideas have succeeded or failed on their own merit based on decisions now made collectively by millions of users. Getting rid of Net Neutrality will hand these decisions over to a cartel of broadband barons. Do we really want Ma Bell and the Cable Guy picking the next generation of winners and losers on the Internet?

This repeats the false claim that net neutrality has been a government policy in force all along, when in fact what "Save the Internet" is advocating is the introduction of new laws which give the FCC the power to regulate the Internet. What "Save the Internet" fails to recognize is that the telcos are an extremely powerful lobbying force in Washington, D.C., and that giving the FCC this power will not change that. Further, the FCC is run by commissioners who want to do more to regulate content for "indecency," and, if given the power to regulate the Internet, that would likely not be far behind. If they have the power to say that ISPs must allow service to X, they're probably also going to have the power to say that ISPs must not allow service to Y. But those are decisions that should be left in the hands of the ISPs, in a competitive environment where the consumer has the power to switch ISPs.

"Save the Internet" tends to avoid spelling out specifically what they are asking for, which is the biggest problem with "net neutrality" advocates. The term seems to mean different things to different people, and a lot of people interpret it to mean prohibition on certain kinds of contractual arrangements and services between providers of network services and their customers that are already common and extremely useful today (e.g., paying for different classes of service).

If you want a better understanding of the issues in the "net neutrality" debate, I can't recommend a better source than the Stifel/Nicolaus analysis, "Value Chain Tug of War" (PDF). Read it, and whichever position you argue for will be better served.

(UPDATE May 20, 2006: Here's a much better commentary on the "Hands Off" cartoon from a net neutrality advocate, Harold Feld, though he also gets some facts wrong. For example, he says that at the time of "Computer Proceedings I" (1971) AT&T was "the only telephone company." It was by far the major player and had attempted earlier to acquire the rest, but this was put to a stop in 1913 via anti-trust action when it tried to acquire Western Union. It was required to allow the remaining independent local telco players to interconnect. These included Rochester Telephone in NY (which was my employer when it was called Frontier). In 1971 AT&T had 100 million subscribers and the independents had 25 million.)

Thursday, May 18, 2006

Late 1990s NSA program

The Baltimore Sun has reported on a shelved 1990s NSA program to collect and analyze phone records which had the following features:
*Used more sophisticated methods of sorting through massive phone and e-mail data to identify suspect communications.

* Identified U.S. phone numbers and other communications data and encrypted them to ensure caller privacy.

* Employed an automated auditing system to monitor how analysts handled the information, in order to prevent misuse and improve efficiency.

* Analyzed the data to identify relationships between callers and chronicle their contacts. Only when evidence of a potential threat had been developed would analysts be able to request decryption of the records.

Perhaps this program was brought back after 9/11? If such records were maintained with phone number and caller information encrypted until needed, and decrypted only with appropriate legal authorization, would that enable Verizon and BellSouth to truthfully deny having supplied the records to the NSA? I don't think so, unless the system was in the possession of the phone companies and didn't release data to the NSA until legal authorization was obtained. But would such a system be objectionable? So long as the controls genuinely prevented abuse and legal authorizations were really obtained for each use, I don't think it would be. (Via Talking Points Memo.)

BTW, in a New York Times story in which Verizon denied turning over records to the NSA (which BellSouth has also denied), Tony Rutkowski of Verisign is quoted suggesting that the NSA may have collected long-distance phone records rather than local calls. The article notes that Verizon's denial seems to leave the door open to the possibility that MCI, which Verizon recently acquired, had turned over data. Verisign, it should be noted, has been attempting to develop a business where it acts as a third-party manager for subpoenas and wiretapping for phone companies. While the telcos have strongly attempted to block attempts by the government to expand its wiretapping capabilities into the VOIP and Internet arenas (in part on the grounds that the CALEA statutes do not cover them, and also because the infrastructure expense is placed entirely on the telcos), Verisign has supported the government's efforts, as these filed comments with the FCC make clear (red means support for expanded government wiretapping capability, blue means opposition).

You'll note that Verisign is uniformly supportive of the government, and of the three telcos that have come under fire for giving data to the NSA, two are uniformly opposed (BellSouth and SBC (now AT&T)) and one is partly opposed and partly supportive (Verizon). I'm happy to note that my employer, Global Crossing, is not only on record as opposed, but filed comments which addressed more of the issues than most of the other filers.

(UPDATE May 19, 2006: Apparently the 1990s program was called ThinThread.)

Wednesday, May 17, 2006

Cory Maye's new attorneys file legal brief

Radley Balko at The Agitator is on top of it:
If you’ve read anything at all about this case, I’d urge you to take a look at the brief. I realize that a brief’s legal effectiveness is a very different thing than its general pursuasiveness, particularly briefs filed in almost perfunctory post-trial motions like this one. Since I’m not really qualified to comment on its legal merits, I’ll keep my comments limited to its general pursuasiveness.

To that end, it’s devastating. The difference between the top-notch legal representation Cory Maye has now and the minimal representation he had at trial is striking (and frightening, given the stakes). I can’t see anyone reading this thing through and still believing that Maye is the slightest bit guilty, much less that he should be executed. At worst, you could perhaps make the case that Maye acted recklessly, and might have been tried for manslaughter. I wouldn’t agree. But I probably wouln’t be making trips to Mississippi to investigate, or blathering endlessly on my blog, either. Of course, I still think the guy should not only be released from prison, but compensated.
The brief, from Bob Evans, Orin Kerr, and attorneys at D.C. firm Covington and Burling, is here (PDF). There's also a forensics review here (Word doc), and a review of the autopsy report of Officer Jones here (PDF).

I've had the pleasure of meeting and briefly working with some Covington and Burling attorneys in the past (though none of the ones who worked on this brief), and found them to be incredibly bright and professional people. They also won a multimillion-dollar lawsuit against Fax.com, which makes them good guys in my book.