August 24, 2016

Archives for January 2014


ECHR Fast-tracks Court Case on PRISM and TEMPORA (and VERYANGRYBIRDS?)

So. The NSA and GCHQ piggyback on Angry Birds to spy on its 1.7 billion users. potential terrorists. Not only that, but everything on smartphones can be compromised: “if its on the phone, we can get it”. Will it ever stop? A few days ago, the European Court of Human Rights (‘ECHR’) made the unique move to fast-track a case on the legality of mass surveillance practices by the GCHQ. A judgement is now expected in months, rather than years – in time to have a huge impact on the global debate on mass surveillance. Time for some analysis. [Read more…]


It matters what the NSA does

It seems axiomatic that if we want to have an informed conversation about the legality, ethics, and policy implications of the NSA’s actions, it is useful to know what the NSA is doing. Yet a vocal subset of NSA defenders seem to be taking the contrary position, that information about the agency’s activities serves no public purpose.

Consider Tuesday’s Washington Post op-ed by Mark Thiessen. He argues that information about the NSA’s activities is just “espionage porn:”

As President Obama prepared to address the nation on surveillance, the New York Times revealed that the National Security Agency (NSA) has developed the capability to access computers that are not connected to the Internet. According to the Times, based on classified documents obtained from Edward Snowden, the NSA uses “a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into . . . computers” or in some cases “a briefcase-size relay station that intelligence agencies can set up miles away from the target.”

Evidence of another NSA plot to spy on Americans? Not at all. The Times reports, “There is no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States.” And the NSA confirmed that the “N.S.A.’s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets.”

In other words, this (no longer) secret program poses precisely zero threat to American civil liberties.

So what is the redeeming social value of the Times’ story? What “abuse” is being revealed? Why is this something the public needs to know?

The answers are: None. None. And it isn’t.

Thiessen seems unaware that the Times was not the first to report on this capability—a German publication, Spiegel, had already published much more detailed information including the so-called “Spy Mall Catalog” detailing specific NSA “implant” technologies used for these attacks.

And of course it has been known for a long time that, even without any secretly implanted antennas, computers disconnected from the network can radiate information over a considerable distance. There are entire book chapters devoted to this, and the NSA itself has released non-classified articles about it.

Our adversaries surely knew all of this, even if DC pundits did not.

But even if this information was previously unknown, it would still have implications for the public debate. As Steve Vladeck argues, the NSA debate is not just about the legality of the agency’s actions, but also about whether they are good public policy—which surely depends at least in part on how they affect people internationally, especially our allies.

Of course, there might be a good argument in a specific case that publication of certain facts would cause national security harm that outweighs the benefit to public debate. Sanger and the Times have said that they will withhold facts if they believe this is the case. But Thiessen’s argument is not just that there is more weight on the national security side of the scale—he is arguing that there is nothing at all on the public debate side. “None.”

There is another subtext in the “espionage porn” argument that bears discussion: the label tends to get thrown at information that is technical in nature. The DC debate, which is dominated by lawyers, has no trouble accepting the relevance of every last detail of the statutory history of Section 215 or the wording of opinions in U.S. v. Jones. Yet somehow the facts about what the NSA is actually doing are seen as peripheral, if those facts involve technology.

Technical facts are not “porn.” They are more like an MRI—information about the patient’s body, yes, but information you need to get if you care about the patient’s health.


NSA call data analysis: inside or outside government?

Last week the President suggested that the NSA’s database of phone call data be stored outside the government, and he asked his Administration to study how this could be done. Today I’d like to start unpacking the options.
[Read more…]


Can Washington re-architect the NSA phone data program?

In the President’s NSA reform speech last week, he called for a study of how to re-architect the NSA’s phone call data program, to change where the data is stored. This raises a bunch of interesting computer science questions, which I’m planning to explore in a series of posts here.
[Read more…]


Is There a Future for Net Neutrality after Verizon v. FCC?

In a decision that was widely predicted by those who have been following the case, the Court of Appeals for the D.C. Circuit has invalidated the FCC’s Open Internet Rules (so-called net neutrality regulations), which imposed non-discrimination and anti-blocking requirements on broadband Internet access providers. The rules were challenged by Verizon as soon as they were enacted in 2010. The court held that, given the FCC’s past (and never reversed or modified) regulatory choice to classify broadband providers under the Telecommunications Act of 1996 as “information services” rather than “telecommunications services,” it cannot now impose on them common carrier obligations that apply under the statute only to services classified as telecommunications. Verizon argued in the case that the Open Internet Rules were not common carrier regulations, but the court didn’t buy it.
[Read more…]


The Internet “Access Trap” in Developing Countries

Three of five people in the world  still do not have access to the Internet.  From the perspective of standard economic models, this is puzzling. The supply of international connectivity has expanded dramatically since 2009, when several submarine fiber cables came online connecting even the poorest countries in Africa to the global Internet. Also, with only a few exceptions, nearly every developing country now has some form of competitive market for broadband services.

Despite this, few of these countries are close to achieving the UN Broadband Commission’s goal of entry-level broadband services priced at less than 5 percent of average monthly income. The Affordability Report, released last month by the Alliance for Affordable Internet Internet (A4AI), a consortium of private companies and public sector organizations dedicated to bringing Internet costs down through policy change, found that in at least 46 countries “the cost of entry-level broadband services exceeds 40 percent of monthly income for people living under $2/day, and in many countries exceeds 80 percent or even 100 percent of monthly income” (I co-authored the Affordability Report with Sonia Jorge).

                                                                           source: A4AI Affordability Report

One of the most interesting findings in the report is that at the global level, the majority of people for whom broadband is unaffordable live not in the poorest countries, but in larger (lower) middle-income countries with high income inequality, such as China, India and Brazil. We found that many of these countries serve high-end broadband customers in urban areas quite well.  However, poorer communities in urban and rural areas remain underserved because of seemingly weak demand, giving network operators limited incentive to invest in these markets. These mechanisms reinforce one another, creating an “access trap” by further limiting demand and discouraging new market entrants.

A4AI’s Policy & Regulatory Best Practices are the start of a consensus about how countries escape this access trap, but coordinating multiple efforts towards a beneficial public outcome remains a challenge. For example, policy makers can drive demand by making broadband relevant to people living in poor communities. Perhaps the best way to achieve this is to update the governance of critical public services, such as health, education and water, for the mobile broadband era.  Cloud-based solutions such as Form Hub can help teams more effectively deliver clean water and health services working across massive geographical areas. As public services drive people to adopt mobile broadband, the private sector will likely develop and offer services to meet the needs of new users, including poorer communities.

Further, policy makers can take steps to lower the cost, and thus the  risk, of investing in under-served communities.  Google’s Project Link is providing an open access fiber-optic network around Kampala, Uganda, to help Internet service providers reach end users with faster speeds at lower prices.  Policy makers can play a similar role by  building the Internet into other basic infrastructure. For example, fiber ducts can be built into roads, easing negotiations with local authorities for advanced services such as fiber to the home. Many developing countries also have extensive under-utilized spectrum, which can lead to much faster, much cheaper mobile broadband in rural communities.

We still have much to learn about which policies are most effective at which stages of a country’s Internet infrastructure development.  However, we know the stakes couldn’t be higher. McKinsey recently found that the Internet could contribute $300 billion to Africa’s economy by 2025.  The A4AI Affordability Report makes it clear that many countries still have a long way to go to realize these social and economic gains, but that governments can make decisions now to ensure a broadband-enabled future comes much more quickly.



Signing Mass Surveillance Declarations and Petitions: Should Academics Take a Stance?

Quite often, especially since the Snowden revelations began, tech policy academics will be approached by NGO’s and colleagues to sign petitions ‘to end mass surveillance’. It’s not always easy to decide whether you want to sign. If you’re an academic, you might want to consider co-signing one initiative launched today. [Read more…]