October 2, 2022

Archives for April 2015

The Error of Fast Tracking the Trans-Pacific Partnership Agreement

National media reported yesterday that a Congressional agreement has been reached on so-called “fast track” authority for the Trans-Pacific Partnership Agreement (TPP). This international agreement, having been negotiated under extreme secrecy by 12 countries including the United States, Australia, Canada, Japan, Malaysia and Singapore, is supposed to be an “ambitious, next-generation, Asia-Pacific trade agreement that reflects U.S. economic priorities and values.” Indeed, if it comes into effect, it will be the largest such agreement in history, covering some 800 million people. Unfortunately, its chances of meeting that laudable goal have been severely diminished by the aforementioned secrecy.

In theory, “fast track” authority should allow the President to more thoroughly and forcefully negotiate trade agreements with other governments by streamlining the domestic political process. By eliminating much of Congress’s review and amendment process that could force the TPP negotiators back to the table, “trade promotion authority” allows for complex international trade agreements to receive a swift and decisive Congressional sign-off. However, because the TPP has been negotiated largely in secret, with only a precious few outside the government (almost exclusively representing the entertainment and pharmaceutical industries) privy to its text, fast track will have the effect of eliminating the last possibility for anyone outside the above select few to change the contours of the agreement. That’s a significant concern, as the TPP (based upon leaks) covers issues ranging from access to medicine to liability for linking to allegedly copyright-infringing content on the Internet. Democracy deserves better.

To be sure, even without fast track, the chances of realistically being able to change the TPP once it hits Congress would be slim. Requiring negotiators to go back to the table after the TPP text is agreed upon in international negotiations is a significant undertaking that would be discouraged. But with fast track in place, the chances of offering any meaningful amendments to the final text are near zero. As a result, the moment that TPP’s negotiators announce that they have a final text will also be the effective end of the opportunity for small businesses, labor, civil society groups, and even the general public to impact the provisions of the agreement. Their only play will be to oppose TPP outright (which, in fairness, some may do regardless of how TPP was negotiated).

The very secrecy around TPP could be its undoing, as it was with the failed Anti-Counterfeiting Trade Agreement. Therefore, it is well past the time that the negotiators should make the text public. If it isn’t released, and soon, “fast track” could become a fast track to failure of this multi-year negotiating process – which, depending on the terms of the agreement, could be the right result.

Bitcoin is a game within a game

In this series on Bitcoin and game theory, I’ve argued that Bitcoin’s stability is fundamentally a game-theoretic proposition and shown how we’ve had blind spots for years in our theoretical understanding of mining strategy. In this post, I’ll get to the question of the discrepancy between theory and practice. As I pointed out, even though there are many theoretical weaknesses in Bitcoin’s consensus mechanism, none of these ever appear to have been exploited. [Read more…]

Decertifying the worst voting machine in the US

On Apr 14 2015, the Virginia State Board of Elections immediately decertified use of the AVS WinVote touchscreen Direct Recording Electronic (DRE) voting machine. This seems pretty minor, but it received a tremendous amount of pushback from some local election officials. In this post, I’ll explain how we got to that point, and what the problems were.

As one of my colleagues taught me, BLUF – Bottom Line Up Front. If an election was held using the AVS WinVote, and it wasn’t hacked, it was only because no one tried. The vulnerabilities were so severe, and so trivial to exploit, that anyone with even a modicum of training could have succeeded. They didn’t need to be in the polling place – within a few hundred feet (e.g., in the parking lot) is easy, and within a half mile with a rudimentary antenna built using a Pringles can. Further, there are no logs or other records that would indicate if such a thing ever happened, so if an election was hacked any time in the past, we will never know.
[Read more…]

Scan This or Scan Me? User Privacy & Barcode-Scanning Applications

[Please welcome guest bloggers Eric Smith and Nina Kollars. Eric Smith serves as the Chief Information Security Officer (CISO) for a higher ed consortium with membership consisting of Bucknell University, Franklin & Marshall College and Susquehanna University. Nina Kollars is assistant professor of government at Franklin & Marshall college, where her scholarship examines the ways in which individual user creativity affects the development of technology and practices.]

QR (Quick Response) codes—the two-dimensional barcodes designed by the Denso Wave company in 1994—were originally intended to track and inventory millions of parts on assembly lines. Since then, these nearly ubiquitous black and white squares have been applied to an ever-broader range of uses including business cards, patient-tracking systems, and mobile coupon clipping. In order to make use of these codes, the vast majority of consumers utilize smart phone technologies in order to convert the codes into usable information. However, neither Apple’s iOS nor Google’s Android operating systems include a robust native capability to scan and decode printed barcodes. As a result, users of these devices must download third-party applications that will do this work for them.

Research Question and Findings:

Our research question was straightforward: are there privacy and security risks associated with this emerging QR app ecosystem? In an attempt to answer this, we installed and analyzed over twenty of the most popular QR code applications. Our findings suggest that a majority of the most popular QR code readers found in the Apple App and Google Play marketplaces are not passive systems of information routing, but instead capture and transmit additional data about the device and the user back to the application developer. (For full details see our paper.)

Our findings reveal that many smartphone barcode scanning applications represent a significant threat to the privacy and, potentially, security of their users. On both platforms studied, the most popular QR code scanning apps, according to search result rankings were shown to transmit the contents of all scanned QR codes, as well as GPS location data, to a third-party server.
[Read more…]

Where is Internet Congestion Occurring?

In my post last week, I explained how Netflix traffic was experiencing congestion along end-to-end paths to broadband Internet subscribers, and how the resulting congestion was slowing down traffic to many Internet destinations. Although Netflix and Comcast ultimately mitigated this particular congestion episode by connecting directly to one another in a contractual arrangement known as paid peering, several mysteries about the congestion in this episode and other congestion episodes that persist. In the congestion episodes between Netflix and Comcast in 2014, perhaps the biggest question concerns where the congestion was actually taking place. There are several theories about where congestion was occurring; one or more of them are likely the case. I’ll dissect these cases in a bit more detail, and then talk more generally about some of the difficulties with locating congestion in today’s Internet, and why there’s still work for us to do to shed more light on these mysteries.
[Read more…]