Saturday, July 01, 2006

Karl Pflock dies

Karl Pflock, the author of Roswell: Inconvenient Facts and the Will to Believe and co-author with Jim Moseley of Shockingly Close to the Truth, died at age 63 on June 5. Pflock had been a contributing editor to Moseley's Saucer Smear, but had stopped contributing regularly after being diagnosed with ALS (also known as Lou Gehrig's Disease). Pflock was an entertaining writer and a fair-minded skeptic (he was a believer in UFOs, but his book on Roswell is the best skeptical treatment of the topic). The June 30, 2006 issue of Saucer Smear contains an obituary of Pflock by Jim Moseley.

NY Times and SWIFT

Ed Brayton calls out both the NY Times and those accusing the Times of treason for reporting that the U.S. government is data mining in financial data from SWIFT. He points out that the Times is criticizing the U.S. government for doing what the Times itself editorialized in favor of the government doing, and also points out that it hasn't really revealed anything of significance that the Bush administration hadn't already publicly said it was doing. Further, the only actually new thing reported--that the government is accessing large amounts of data with broad subpoenas, rather than specific transactions--was also reported by the Wall Street Journal, but without it being hit with the same criticisms as the Times.

This is a significant outbreak of inconsistency.

Back from Boston


Kat and I are back from a short trip to Boston, a mix of business and pleasure. I participated in a panel discussion Wednesday at the Silicon Valley Bank in Newton on carrier IP security and met with a customer on Thursday, but most of the rest of the time was available for sightseeing. The photos are from the Museum of Science and the Charlestown Navy Yard (where the U.S.S. Constitution is docked), respectively. We walked the Freedom Trail, saw numerous art cows, and spent some time with friends. We came back before the big Boston Pops concert/fireworks show on the Charles River, but we did get to see the fully-loaded fireworks barge being pushed into place.

Tuesday, June 27, 2006

Arizona Senators on the Flag Desecration Amendment

Both John McCain and Jon Kyl voted in favor of the desecration of the Constitution, but it failed by just one vote.

We have an opportunity this year to get rid of Kyl. We should take it.

(Arizona's Representatives voted much more honorably.)

Sunday, June 25, 2006

Arizona Representatives on the Flag Desecration Amendment

Last week, the U.S. House of Representatives voted in favor of House Joint Resolution 10 to amend the U.S. Constitution to limit the scope of the First Amendment by banning the desecration of the flag. The resolution passed, 286-130, with 18 not voting. The voting went more-or-less along party lines, with Republicans going 209-12-10, Democrats 77-117-8, and Independents 0-1-0. The Senate has yet to vote on it.

To their credit, three of Arizona's Republican Representatives showed a willingness to buck the party line, accounting for a quarter of the Republicans who opposed the measure. Their votes went as follows:

In favor: Franks (R), Hayworth (R), Renzi (R)
Opposed: Flake (R), Grijalva (D), Kolbe (R), Pastor (D), Shadegg (R).

In a recent post at Dispatches from the Culture Wars, Ed Brayton quoted from and commented on an essay from Jonathan Alter:
I inherited my one litmus test from my father, Jim Alter, who flew 33 harrowing missions over Nazi Germany during World War II. My father is not just a veteran who by all odds should not have survived. He is a true patriot. His litmus test is the proposal to amend the Constitution to ban flag burning, which will come up for a vote next week in the U.S. Senate. For dad--and me--any member of Congress who supports amending the Bill of Rights for the first time in the history of this country for a nonproblem like flag burning is showing serious disrespect for our Constitution and for the values for which brave Americans gave their lives. Such disrespect is a much more serious threat than the random idiots who once every decade or so try (often unsuccessfully) to burn a flag.

I'll go even further than that. Hell, I'll go a lot further than that. If you're the kind of person who supports a ban on flag burning, that fact alone is enough to brand you, in my view, as either a demagogue or someone weak-minded enough to be led by demagogues who play on your most shallow and childish emotional responses. Like the flag itself, the flag burning amendment is purely symbolic. And anyone who would throw away free speech rights for symbolic achievement has no business being in any political office in this country.

I second Brayton's sentiment. Let's get rid of Arizona's demogagues, Franks, Hayworth, and Renzi.

Thursday, June 22, 2006

Help me help dogs and cats

Jim and I have been volunteering with RESCUE (Reducing Euthanasia at Shelters through Commitment and Underlying Education) since January 2002. Two of our dogs, Otto and Fred, came from RESCUE. We believe it is a worthy cause and I am asking for you help. I am participating in the Fourth Annual Bowl-A-Rama which raises money for animal organizations in Arizona. I am on Team Tango, representing RESCUE.

All pledges raised by RESCUE will go directly to their mission of providing a second chance at life for dogs and cats who, through no fault of their own, are spending their final days at Maricopa County Animal Care and Control. Thes money goes toward medical treatment, boarding, etc. while the animals are in RESCUE's care. The passion that began RESCUE has resulted in a volunteer-driven non-profit corporation with over 300 dedicated volunteers who have helped care for and place over 8,000 wonderful cats and dogs.

If you can spare $10, $20 or more, please go to http://bowl.azrescue.org and make a pledge to Team Tango.

A version of net neutrality I can endorse

In an attempt to offer something constructive, here's a version of network neutrality--let's call it Lippard Network Neutrality--that seems to me to be reasonable, providing me with what I want as a consumer of Internet services and what I would want if I were managing security for the provider of those services:

1. Nondiscrimination

Companies that provide facilities-based wireline broadband (i.e., those who own the last-mile wires) to residences must provide unrestricted Internet access to their customers who wish to purchase Internet access, allowing the use of any Internet service or application that does not violate any laws or cause degradation or disruption to the service or other customers. The provider may engage in filtering for consumer-grade service in order to prevent the spread of malware and the sending of spam, including (for example) SMTP filtering or redirection to the provider's mail services, but must allow the purchase of business-grade service under which customers may operate their own mail servers. The provider retains the right to suspend service or quarantine users that send spam, become compromised with malware, or engage in illegal activity or activity that disrupts the service.

2. Unbundling

Providers must unbundle Internet access from other services sold over the same connection, so that a customer may use the entire capacity of the circuit for Internet access.

These two requirements would give me what I want as a customer, as well as give the provider the ability to recover their costs, provide services that use QoS, provide additional filtering to protect their network and the rest of their customer base from malware, and so on. I think it's quite reasonable for a basic consumer Internet service to do port 25 filtering, force the use of the provider's mail servers, and to do network-based filtering of malware--but I would like the ability to pay extra for completely unfiltered Internet service and take steps to protect myself. And in fact, that's what I'm currently paying Cox for today--I pay for business-grade service to my home in order to run my own servers here, though I could put those servers into a colo facility and get the same effect, which is what I would do if Cox decided to discontinue offering business-class service to residences. Because that option exists, it would not be necessary to mandate that providers must provide business class service as I described above, but I'd still want to be able to ensure that I could access my remotely hosted services from home.

How this differs from what many network neutrality advocates are arguing for:

1. I don't prohibit QoS or tiering, as that is a genuinely useful network feature where I expect to see future innovation of services that depend on it.
2. The nondiscrimination provision is written to allow some kind of less-than-full-Internet walled garden service at low cost--so long as customers can still purchase real Internet service. (I think such a service would be under competitive pressure to allow access to the full Internet, for the same reason AOL ended up allowing full Internet access--otherwise the service wouldn't attract enough users to be a successful product offering.)
3. I don't prohibit differential pricing for different services and classes of service.
4. I don't set any restrictions on contractual arrangements (apart from these two restrictions), including interconnection agreements or who pays. I think that should be left to private negotiation and competition.
5. I don't extend these requirements to other types of Internet providers such as backbone providers or those providing business services, as those are areas with plenty of competition.
6. I don't extend these requirements to wireless providers, because I think that with sensible market-based allocation of spectrum, there could be plenty of independent competition with much less capital expenditure than for wireline deployment.

I could possibly be persuaded that there is a place for common carriage requirements, especially for access circuits to businesses, which is where the last-mile providers could really engage in anti-competitive behavior against backbone providers that don't own a lot of last-mile wires (e.g., Level 3, Global Crossing, Sprint), now that the major telco last-mile providers have each merged with a major backbone provider themselves (Qwest/U.S. West, AT&T/SBC/BellSouth, Verizon/MCI). This requirement currently exists in the law for telcos, and unlike the common carriage requirement for DSL, is not planned to go away next year.

I would not put the above into the purview of the FCC, at least not with their current dispute resolution procedures which favor the telcos. Paul Kouroupas at Global Crossing (also my employer) has been arguing for "baseball-style" or final arbitration dispute resolution, where each side submits their best and final offer to an arbitrator, who chooses the best. This provides incentive for each side to try to reach the best agreement up front, as well as a process that can proceed quickly, without any government involvement or expense. This suggestion is the second point of Global Crossing's proposed REFORM legislative agenda. (Unbundling and common carriage of bottlenecks such as last-mile access circuits are the sixth point.)

Comments, criticisms? I should add that I believe what I've spelled out above is pretty close to what I've heard is in Sen. Stevens' telecom reform bill, though I haven't read it and I suspect he applies the nondiscrimination and unbundling requirements more widely than to residential broadband.

Extending CALEA to VoIP: a bad idea

The Information Technology Association of America (ITAA) has issued a report on “Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP” (21-page PDF) by Steven Bellovin, Matt Blaze, Ernest Brickell, Clinton Brooks, Vinton Cerf, Whitfield Diffie, Susan Landau, Jon Peterson, and John Treichler. This report comes at a time when the FCC and courts have already ruled that VoIP and facilities-based broadband providers must provide lawful interception capabilities under CALEA for VoIP services that are “interconnected” with the publicly-switched telephone network (PSTN).

The report effectively argues that in order to extend CALEA compliance to VoIP, “it is necessary either to eliminate the flexibility that Internet communications allow—thus making VoIP essentially a copy of the PSTN—or else introduce serious security risks to domestic VoIP implementations. The former would have significant negative effects on U.S. ability to innovate, while the latter is simply dangerous.”

The report gives a good basic explanation of VoIP (which comes in a variety of possible flavors), an explanation of pre-CALEA wiretapping and current CALEA wiretapping (including cellular telephone wiretapping and roving wiretaps), and then describes the similarities and differences between the Internet and the PSTN.

It then describes the issues of security raised by applying CALEA to VoIP and the risks to innovation created by applying CALEA to VoIP.

Two of the key problems for applying CALEA to VoIP are:

  • VoIP mobility. A VoIP phone can be plugged in anywhere on the Internet, for non-facilities-based VoIP providers like Vonage. The network that connects the VoIP phone to the Internet—which is the one in a position to intercept the call data--need not be the network of the VoIP provider, or have any relationship with the VoIP provider.
  • VoIP identity agility. A VoIP user can have multiple VoIP providers and easily switch between them from moment to moment. The owner of the Internet access network is not in a position to know who a VoIP user is purchasing VoIP services from. They are in a position to be able to intercept and detect what VoIP providers the user connects to directly, but not if the VoIP user is using encrypted traffic through proxies.

Further problems are caused by the fact that the communications between two VoIP phones is peer-to-peer, and the routing of a call at the IP layer can change in mid-call. Because of the former issue, the call contents may not traverse the VoIP provider's network, and thus it will not be in a position to intercept (unless it behaves like the PSTN, forcing the call contents to also come through its network, using SIP proxies/RTP relays). In order to truly be able to intercept all VoIP calls using VoIP as it is designed, there would have to be cooperation between the VoIP user’s access provider of the moment (which could be any Internet provider—a WiFi hotspot, a friend’s ISP, a hotel’s Internet connection) and the VoIP provider being used—but law enforcement may not be in a position to know either of these. The kind of cooperation required would have to be very rapid, with interception equipment and systems already in place and able to eavesdrop wherever the voice traffic may flow, upon appropriate request. This would require extensive coordination across every VoIP and Internet provider in the United States of a sort that doesn’t exist today. It would require extremely careful design and implementation to avoid creating vulnerabilities that would allow this incredibly complex infrastructure to be exploited by unauthorized users--but with so many parties involved, I think that's a pipe dream. This incident with cellular telephony in Greece shows what can already happen today with unauthorized parties exploiting CALEA technology.

And the FCC has ordered that it be in place by May 14, 2007. There’s no way that’s remotely possible--note that the FCC gave ordinary wireline telephone companies over a decade to implement CALEA in the PSTN, and it has been an extremely difficult and expensive process. At best, by the deadline facilities-based VoIP providers will be able to provide interception for call traffic that goes across their own networks, and apparently be forced to do that for all traffic (or else there would be a way to distinguish calls being rerouted for interception from all other calls). And if that's the only kind of VoIP that is permitted, VoIP innovation is stifled.

One company that has been pushing hard for these extensions of CALEA is Verisign. They have been doing so because they want to act as the one-stop-shop for U.S. law enforcement, setting up their own infrastructure to interconnect with all Internet and VoIP providers to provide everything from subpoena handling to wiretapping services under contract to the providers. This would effectively hand off wiretapping capability to a third party, working on behalf of the government, over which the individual providers would have little oversight.

For more on CALEA, see the Electronic Frontier Foundation's CALEA website. For more on the history and politics of wiretapping, see Whitfield Diffie and Susan Landau's excellent book, Privacy on the Line: The Politics of Wiretapping and Encryption.

UPDATE July 7, 2006: I've updated the above text in light of Charles' comment, to make it more accurate about interception by forcing VoIP calls to route through the VoIP provider's network.

How to cause charitable organizations to depart your state

Two Michigan legislators have proposed a bill requiring all foundations operating in the state of Michigan to give at least 50% of their giving in any three-year period to charities based in Michigan.

This is an example of a ridiculously short-sighted piece of legislation that will have an unintended consequence precisely the opposite of its intended purpose--it will cause foundations to move out of Michigan and discourage new ones from being created there. This bill is directed specifically at the Ford Foundation, which does seem to have some real issues, but this misguided cure is worse than the disease.

Hat tip to Trent Stamp of Charity Navigator, who calls it "about the silliest thing I've ever heard."

67 national academies of science support evolution

The Interacademy Panel on International Issues has issued a statement in support of the scientific evidence for evolution (PDF), urging the teaching of the facts and evidence. The statement is endorsed by 67 national academies of science and the executive board of the International Council for Science.

The statement says that:
We agree that the following evidence-based facts about the origins and evolution of the Earth and of life on this planet have been established by numerous observations and independently derived experimental results from a multitude of scientific disciplines. Even if there are still many open questions about the precise details of evolutionary change, scientific evidence has never contradicted these results:

1. In a universe that has evolved towards its present configuration for some 11 to 15 billion years, our Earth formed approximately 4.5 billion years ago.

2. Since its formation, the Earth - its geology and its environments - has changed under the effect of numerous physical and chemical forces and continues to do so.

3. Life appeared on Earth at least 2.5 billion years ago. The evolution, soon after, of photosynthetic organisms enabled, from at least 2 billion years ago, the slow transformation of the atmosphere to one containing substantial quantities of oxygen. In addition to the release of the oxygen we breathe, the process of photosynthesis is the ultimate source of fixed energy and food upon which human life on the planet depends.

4. Since its first appearance on Earth, life has taken many forms, all of which continue to evolve, in ways which paleontology and the modern biological and biochemical sciences are describing and independently confirming with increasing precision. Commonalities in the structure of the genetic code of all organisms living today, including humans, clearly indicate their common primordial origin.
It goes on to give a statement about the nature of science.

For those who would like to see some of the supporting evidence for each of these four statements, I highly recommend the TalkOrigins website. For the fourth statement in particular, I recommend Douglas Theobald's article at the TalkOrigins site, "29+ Evidences for Macroevolution: The Scientific Case for Common Descent."

(Hat tip to Pharyngula)