October 13, 2015


Christopher Yoo on Comcast and Competition: When Antitrust Lawyers Do the Math


Christopher Yoo gave his talk, and I encourage you to watch it. As you can see from the rather extensive comment thread below, Yoo does not think that my critiques are fair, and he is more than a little bit upset that I trolled him. Nevertheless, upon review of the debate, I believe that you will find that the TL;DR is:

  • He admits that his “well established” means of quantifying broadband competition are anything but.
  • When I ask him to verify basic assertions that he made in answering my critique (eg: Netflix has historically paid ISPs for “carriage”), he dodges and claims that I don’t understand the industry.
  • He thinks that ISPs are incapable of traffic shaping that they were already doing six years ago.
  • He admits that ISP discrimination, which has recently helped ISPs to negotiate “paid peering” (a.k.a. reversing the transit relationship), does in fact destroy the “bill-and-keep” model that has historically been de facto for broadband service, and that this discrimination leads to a terminating access problem.
  • He claims that, nevertheless, last-mile market power does not exist when “networks at the core of the network engage in settlement-free peering.” I’m not sure why.
  • He avoids answering my basic critique of his legal interpretation of Time Warner v. FCC, 240 F.3d 1126, which is key to his “viability” standard.
  • He appears to feel that the government should make regulatory decisions based on what feels equitable or at least some economist’s definition of welfare-maximization (presumably a leading-edge neo-schumpeterian n-sided-market economist).
  • He accuses me of not reading his scholarship, even after I quote from it liberally, and equates ex-post enforcement of antitrust principles to “regulatory intervention” (I suppose we could have a semantic debate about this one, but the chasm between concrete rules and his notion of antitrust is great.)
  • He’s upset that I keep mentioning his own public disclosures of corporate funding. My view is that if you are a decent academic, the degree to which corporate support is relevant is indirectly proportional to the merit of your scholarship. This calculation is an exercise left to the reader.

Today at 12:30, Christopher Yoo will give a live-streamed talk at CITP entitled “The Open Internet in the Aftermath of Verizon v. FCC: What Comes Next?” Yoo will talk about the Verizon v. FCC ruling that overturned the FCC’s network neutrality rules, and place them in the context of the proposed merger between Comcast and Time Warner. Yesterday, unnamed sources within the FCC gave a possible answer to Yoo’s question: a “fast lane” for sites and services that pay for preferential access to Comcast’s customers. The FCC is reportedly considering new rules that would permit broadband Internet providers to discriminate against specific content as long as they don’t do so in an “anticompetitive manner.” The FCC will then be left to decide what makes for anticompetitive behavior — a domain typically left to antitrust law.
[Read more…]


Mesh Networks Won’t Fix Internet Security

There’s no doubt that the quality of tech reporting in major newspapers has improved in recent years. It’s rare these days to see a story in, say, the New York Times whose fundamental technical premise is wrong. Still, it does happen occasionally—as it did yesterday.

Yesterday’s Times ran a story gushing about mesh networks as an antidote to Internet surveillance. There’s only one problem: mesh networks don’t do much to protect you from surveillance. They’re useful, but not for that purpose.
[Read more…]


Eternal vigilance is a solvable technology problem: A proposal for streamlined privacy alerts

Consider three recent news articles about online privacy:

  • Google+ added a new feature that shows view counts on everything you post, including your photos. It’s enabled by default, but if you don’t want to be part of the popularity contest, there’s a setting to turn it off.

  • There is a new privacy tool called XPrivacy for Android that protects you from apps that are hungry for your personal information (it does this by by feeding them fake data).

  • A new study reveals that several education technology providers have intrusive privacy policies. Students and parents might want to take this into account in making choices about online education services.

These are just a few examples of the dozens of articles that come out every month informing privacy-conscious users that they need to change some setting, install a tool, or otherwise take some action to protect their privacy. In particular, companies often release new features with permissive defaults and an opt-out setting. It seems that online privacy requires eternal vigilance.

Eternal vigilance is hard. Even as a privacy researcher I often miss privacy news that affects me; for the majority of people who don’t have as much time to devote to online privacy, the burden is just too much. But before concluding that the situation is hopeless, let’s ask if there’s a technological solution.

[Read more…]


Bitcoin hacks and thefts: The underlying reason

Emin Gün Sirer has a fascinating post about how the use of NoSQL caused technical failures that led to the demise of Bitcoin exchanges Flexcoin and Poloniex. But these are only the latest in a long line of hacks of exchanges, other services, and individuals; a wide variety of bugs have been implicated. This suggests that there’s some underlying reason why Bitcoiners keep building systems that get exploited. In this post I’ll examine why.

[Read more…]


Heartbleed and passwords: don’t panic

The Heartbleed bug has captured public attention this week like few security vulnerabilities before it. This is a good thing, as indeed this is a catastrophic flaw. Many people have focused on its impact on passwords with headlines like “Security Flaw Exposes Millions Of Passwords” and “Change these passwords right now.” Heartbleed certainly could have been used to steal millions of passwords. However, while Heartbleed gives the security community plenty of new problems to worry about, it doesn’t introduce any problems for passwords that haven’t existed for a long time and I’d discourage widespread panic about passwords. [Read more…]

Heartsick about Heartbleed

Ed Felten provides good advice on this blog about what to do in the wake of Heartbleed, and I’ve read some good technical discussions of the technical problem (see this for a particularly understandable explanation).

Update Apr 11: To understand what Heartbleed is all about, see XKCD. Best. Explanation. Ever.

In this brief posting, I want to look at a different angle – what’s the scope of the vulnerability? [Read more…]


How to protect yourself from Heartbleed

The Heartbleed vulnerability is one of the worst Internet security problems we have seen. I’ll be writing more about what we can learn from Heartbleed and the response to it.

For now, here is a quick checklist of what you can do to protect yourself.
[Read more…]


Cookies that give you away: The surveillance implications of web tracking

[Today we have another announcement of an exciting new research paper. Undergraduate Dillon Reisman, for his senior thesis, applied our web measurement platform to study some timely questions. -Arvind Narayanan]

Over the past three months we’ve learnt that NSA uses third-party tracking cookies for surveillance (1, 2). These cookies, provided by a third-party advertising or analytics network (e.g. doubleclick.com, scorecardresearch.com), are ubiquitous on the web, and tag users’ browsers with unique pseudonymous IDs. In a new paper, we study just how big a privacy problem this is. We quantify what an observer can learn about a user’s web traffic by purely passively eavesdropping on the network, and arrive at surprising answers.
[Read more…]


Historic E.U. Net Neutrality Win Shows Maturing Digital Rights Advocacy

After a 5-year long campaign by European and U.S. digital rights NGOs, today the European Parliament turned a dubious Commission proposal on its head to safeguard the principle of net neutrality. It’s a historic win, and all over the news. It also shows how digital rights advocacy is maturing. [Read more…]


Secure protocols for accountable warrant execution

Last week the press reported that the White House will seek to redesign the NSA’s mass phone call data program, so that data will be held by the phone companies and accessed by the NSA, subject to a new warrant requirement. The Foreign Intelligence Surveillance Court will issue the warrants.

Today Josh Kroll and I, with colleagues at Stanford University, released a draft paper on how to use cryptography to implement warrants to data in a secure, private, and accountable way.
[Read more…]