Technology

News.com has a nice article about how Global Crossing (my employer) has criticized the extension of CALEA wiretapping rules to VoIP and broadband: Paul Kouroupas, vice president of regulatory affairs for Global Crossing, strongly criticized the Federal Communications Commission’s broadening of a 1994 law–originally intended to cover telephone providers–as disproportionately costly, complex, and riddled with privacy concerns. His company is one of the world’s largest Internet backbone providers. “Our customers are large Fortune 500 companies–not too many of those companies are conducting drug deals or terrorist activities out of Merrill Lynch’s offices or using their phones in that way,” Kouroupas said at an event here sponsored by the DC Bar Association. “By and large we don’t get wiretap requests, yet we’re faced with the costs to come into compliance,” which he estimated at $1 million. ...

Ann Coulter’s column last week was titled “Historic victory for Diebold!" She claims that “For the first time in four election cycles, Democrats are not attacking the Diebold Corp. the day after the election, accusing it of rigging its voting machines. I guess Diebold has finally been vindicated." Just because the election wasn’t clearly rigged doesn’t mean that Diebold has been remotely vindicated, and the 2006 election continued to produce evidence that Diebold e-voting machines should not be used. As Brad Friedman points out at the Huffington Post, there were major problems with electronic voting machines in Denver, as well as problems opening the polls on time in Pennsylvania, South Carolina, Ohio, Georgia, North Carolina, Indiana, and Ohio. Problems with early voting using electronic voting machines occurred in Florida, Arkansas, Missouri, Ohio, Tennessee, Virginia, Texas, and California. The Electronic Frontier Foundation received about 17,000 complaints by 8 p.m. on election day; Common Cause received 14,000 by 4 p.m. John Gideon of VotersUnite.org put together a searchable database of reported election problems. Bruce Schneier also gives a recap of electronic voting machine problems at his blog, with Florida’s 13th District presenting the biggest issues, where 18,000 votes apparently disappeared in a race where a difference of 386 votes decided the outcome (described in a separate post). The outcome of the election doesn’t change any of the existing data about the problems with Diebold voting machines. As usual, Coulter gets it all wrong. When it comes to voting, she should worry more about her own problems than comment on a controversy where she’s clearly completely ignorant.

The Center for Public Integrity has set up a “Media Tracker” based on FCC data by zip code which allows you to see how well-connected your zip code is. For each zip code, it will list the number of broadband providers and the number of owners of various media resources in your area (newspapers, radio and television stations. My zip code comes up as “well connected” with 18 broadband providers (a few more than the ones I identified in my survey of Phoenix-area broadband providers).

You can watch it at Google Video. Everyone should be aware of the issues raised in this documentary.

I received an email from the ACLU yesterday, informing me that they’ve jumped in on the net neutrality debate. Unfortunately, they badly misrepresent the facts: FREE THE NET: WHY YOU SHOULD CARE ABOUT NET NEUTRALITY The keys to the Internet have always been safely in public hands - until last year, when the FCC suddenly repealed longstanding Internet principles of “neutrality” and non-discrimination.The ACLU is going to make the erroneous claim that I’ve debunked repeatedly on my blog (see the Net Neutrality Index)–that the common carriage requirements on telcos constitute “net neutrality.” They will ignore the fact that cable companies–the main providers of consumer broadband Internet access in the U.S.–have never been common carriers and have never been bound by these requirements. With the blessing of the Supreme Court, a handful of profit-driven telecoms and cable companies now could effectively shut down the 21st Century marketplace of ideas by screening Internet e-mail traffic, blocking what they deem to be undesirable content, or pricing users out of the marketplace. The ACLU is going to argue that we need to create a new bureaucratic regulatory apparatus, giving sweeping new powers to the FCC to interfere with freedom of Internet providers to enter into voluntary contracts with each other and manage their own networks, and specifically prohibiting differential pricing on tiered levels of service and the ability for providers to enter into arrangements with content providers to subsidize consumer bandwidth. Historically, Net Neutrality protections filled the free speech gap. Since those protections were removed last year, nothing prevents network providers from discriminating against Internet users and application and service providers in terms of content, quality of access, and choice of equipment.This is doubly false–the common carriage requirements applied only to the last-mile consumer network connections, not to the ability of ISPs to filter; and it is false that “nothing prevents” ISPs from taking actions which would cause them to lose customers. If you’re like many people using the Internet, you don’t think about whether your Internet Service Provider is intentionally slowing down or speeding up your access to Yahoo! versus Google. Without Net Neutrality, your ISP could do just that. Imagine if your phone company was allowed to own restaurants and then provided good service and clear signals to customers who called Dominos and static and frequent busy signals for those calling Pizza Hut. It sounds outrageous, but it would be entirely possible if the telephone system wasn’t regulated under the “common carrier” framework. The telecoms and cable companies that provide Internet network services, including AT&T, BellSouth, Comcast, Qwest, Sprint, Time-Warner/AOL, and Verizon, have spent over $100 million lobbying Congress and the FCC to eliminate established Net Neutrality protections.Remember, cable companies have never been common carriers, yet this hasn’t been a problem. Why create new regulations and give more power to a government agency that has a history of not only working on behalf of the big incumbents (rather than promoting competition, which is what is needed) but of engaging in actions designed to cause discrimination against certain forms of content through censorship? It makes no sense. The assault on Internet freedom will only get worse. The FCC imposed Net Neutrality protections in merger agreements for certain network providers such as SBC/AT&T and Verizon/MCI, but those protections expire in 2007. And in July 2006, the FCC declined to include any Net Neutrality protections in Comcast and Time-Warner’s acquisition of Adelphia Cable. The pattern of the FCC opposing Net Neutrality is expected to continue, as network providers continue to consolidate into an even smaller pool of Internet gatekeepers. Without the vigorous non-discrimination principles in place before 2005, a few corporate conglomerates will control everything that you can say or do on the Internet. Net Neutrality is needed, and it is needed now.The above argument is a mish-mash of fear-mongering about things that haven’t been an issue, misrepresentation of what regulations have been in place, wild unsubstantiated claims (“a few corporate conglomerates will control everything that you can say or do on the Internet”?), and a failure to look at the actual substantive issues in the network neutrality debate. Their website contains further misinformation: ...

Security researcher Chris Soghoian, a graduate student at Indiana University’s School for Informatics and an intern at Google, set up a website that functions as a boarding pass generator for Northwest Airlines. The site contained a form that allowed you to fill in name, flight number, destination, and all of the other information on a boarding pass, and would display a boarding pass that would be indistinguishable from the real thing at the TSA security checkpoints. He pointed out that the identity check at the TSA checkpoint amounts to nothing more than a comparison between the name on a picture ID and the name on a boarding pass, and that this provides no security whatsoever. I’m not sure what threat this check is even supposed to be trying to mitigate. At best, it is an attempt to piggy-back on the check against the no-fly list (which is itself a complete joke) that is performed by the airlines when you purchase a ticket, but clearly that fails as his boarding pass generator is one of several ways to create a boarding pass in a name other than your own–including modifying the displayed text generated by any airline’s online site or even purchasing a ticket in any name you choose. The latter was displayed vividly by a couple of guys who purchased tickets in the names of “Al Kyder” and “Terry Wrist” (link includes video). In my opinion, the only actual purpose served by checking for a valid boarding pass at the TSA checkpoint is to reduce the number of people passing through the checkpoint in order to most efficiently make use of security resources. It does not otherwise have any effect on security; it provides no deterrent to an attacker. It is not effective in screening out those with malicious intent, and it is not even effective in verifying identity. Congressman Ed Markey (D-MA) has called for Chris Soghoian to be arrested. He was visited and interrogated by the FBI, then went to stay at his parents’ house. Friday night, the FBI broke their way into his apartment, seized his computers, and generally trashed his place. Lesson: Point out U.S. security weaknesses, and you will be punished. Those responsible for the weaknesses and idiocy of U.S. “security theater,” however, will not be held accountable. This is one of the rare times when Michelle Malkin actually says something correct. Other coverage: Jim Harper, author of the excellent book Identity Crisis, at the Technology Liberation Front and at Cato@Liberty (this post does a good job of pointing out the problems with the TSA identity check). Bruce Schneier, at his blog. And there’s some rather good coverage in multiple posts at BoingBoing. The problem that Soghoian pointed out was previously described in February 2005 on Slate.com by Andy Bowers, and in 2003 by Bruce Schneier in his Crypt-o-Gram newsletter. So yes, Kip Hawley is still an idiot. UPDATE (November 2, 2006): Bruce Schneier has written a detailed description of the flaw in the security design of the TSA identity check, and makes the same point that even if the flaw is corrected it doesn’t add any real security because it’s just a check of the no-fly list.

Steve Kroft of 60 Minutes has obtained a copy of the no-fly list being used for airline passenger screening. The list includes people who are not a threat (like Evo Morales, president of Bolivia, Saddam Hussein, and 14 of the 19 dead 9/11 hijackers). It includes numerous common names that are useless for screening purposes–Gary Smith, John Williams, and Robert Johnson are on the list. Kroft spoke with 12 Robert Johnsons, and all of them said they are detained almost every time they try to fly. Worse yet, it doesn’t include the names of some of the most dangerous living terrorists: The 11 British suspects recently charged with plotting to blow up airliners with liquid explosives were not on it, despite the fact they were under surveillance for more than a year. The name of David Belfor who now goes by Dahud Sala Hudine, is not on the list, even though he assassinated someone in Washington, D.C., for former Iranian leader Ayatollah Khomeini. This is because the accuracy of the list meant to uphold security takes a back seat to overarching security needs: it could get into the wrong hands. “The government doesn’t want that information outside the government,” says Cathy Berrick, director of Homeland Security investigations for the General Accounting Office.I’d say that particular name is well known outside of the government now, Ms. Berrick. The TSA has allegedly been trying to fix the list for three years, spending $144 million to do so, but there is “nothing tangible yet." This is staggering incompetence. Kip Hawley is still an idiot. UPDATE (October 5, 2006): I second Tim Lee’s recommendation of Jim Harper’s commentary on what’s wrong with watch lists.

Ryan Bird wrote “Kip Hawley is an idiot” on his clear plastic bag of toiletries that he was carrying through a TSA security checkpoint at Milwaukee’s General Mitchell International Airport. Kip Hawley is the head of the Transportation Security Administration. Bird writes: At the MKE “E” checkpoint I placed my laptop in one bin, and my shoes, cell phone and quart bag in a second bin. The TSA guy who was pushing bags and bins into the X-ray machine took a good hard look, and then as the bag when though the X-ray I think he told the X-ray operator to call for a bag check/explosive swab on my roller bag to slow me down. He went strait to the TSA Supervisor on duty and boy did he come marching over to the checkpoint with fire in his eyes! He grabbed the baggie as it came out of the X-ray and asked if it was mine. After responding yes, he pointed at my comment and demanded to know “What is this supposed to mean?” “It could me a lot of things, it happens to be an opinion on mine.” “You can’t write things like this” he said, “You mean my First Amendment right to freedom of speech doesn’t apply here?” “Out there (pointing pass the id checkers) not while in here (pointing down) was his response." At this point I chuckled, just looking at him wondering if he just realized how foolish that comment was, but I think my laugh pushed him over the edge as he got really angry at this point. A Milwaukee County Sheriffs deputy was summoned - I would have left at this point, but he had my quart bag with my toothpaste and hair gel. When the deputy got over the TSA supervisor showed him the bag and told him what had happened to that point. After he had finished I started to remind him he had left out his statement that my First Amendment rights didn’t apply “here” but was cut off by the deputy who demanding my ID. I asked if I was under arrest, and his response was “Right now you are not under arrest, you are being detained.” I produced my passport and he walked off with it and called in my name to see if I had any outstanding warrants, etc. The TSA supervisor picked up the phone about 20 feet away and called someone? At this point two more officers were near by and I struck up a conversation with the female officer who was making sure I kept put. I explained to her who Kip Hawley was, why I though he was an idiot, and my surprise that the TSA Supervisor felt my First Amendment rights didn’t’ apply at the TSA checkpoint. She didn’t say much. After he was assured I didn’t have any warrants out the first office came back and I had my first chance to really speak, I explained that I was just expressing my opinion and my writing should be protected my by First Amendment rights. When he didn’t respond, I then repeated that the TSA Supervisor stated my First Amendment rights didn’t apply at the TSA check point and I asked if he (the deputy) agreed that was the case. He responded by saying “You can’t yell fire in a crowed theater, there are limits to your rights. At this point I chucked again. I asked how this was even remotely like shouting “Fire” in a crowd, and his answer was “Perhaps your comments made them feel threatened." At about this point the TSA Supervisor finished up his phone call, and summoned the officer back over. They talked for about 2 minutes, and then both came back over. The officer pulled out his pad and asked for my address and I asked why he needed it. “For the report I have to file since I was summoned here” I started to give it, when I noticed the TSA Supervisor was writing it down as well, so I stopped and asked why he needed it. He said he needed to file an incident report too, and I took the opportunity to ask what the resolution of the incident was, did I do anything wrong? Are you going to ask the officer to arrest me? He said no, I was free to go, but he was going to confiscate my bag. I asked “If I did nothing wrong, why would you take my bag” He pointed to a posted sign that said something about reusing plastic bags (the MKE TSA was providing quart sized zipper bags to pax today) I let him know that I had brought my bag from home and would not be letting him take it. He then asked for permission of photograph it, which I agreed too. While he walked away to get the camera I finished giving my address to the deputy, and he told my “You’re free to go” Total time, about 25 minutes.Hat tip to Tim Lee at the Technology Liberation Front. CNN’s given coverage to the story. Also see kiphawleyisanidiot.com. ...

The TRUSTe program is supposed to certify that a website has a reasonable privacy policy. But Ben Edelman has cross-referenced TRUSTe certifications with SiteAdvisor ratings, and found that sites with TRUSTe certifications are twice as likely as those without to be listed as “untrustworthy” in SiteAdvisor’s database–meaning that they send out spam, distribute spyware, etc. Edelman calls out four particularly notorious sites that have or have had TRUSTe certification: Direct-Revenue.com, Funwebproducts.com, Maxmoolah.com, and Webhancer.com. All four are heavily involved with spyware. Direct Revenue and Maxmoolah have had their TRUSTe certifications revoked, but should never have been certified in the first place if TRUSTe was doing the validation they should have been doing. TRUSTe has long been criticized by anti-spammers for giving certifications to organizations that don’t deserve them. Ryan Singel has raised similar questions about TRUSTe’s reliability. ...

Ed Felten points out that Diebold voting machines use a standard, commonly used key that is used for things like hotel minibars, office furniture, jukeboxes, and electronic equipment. UPDATE (January 23, 2007): Diebold helpfully displays a photograph of the key on their website–which is sufficient to make a duplicate that works.