May 21, 2018

FCC Open Internet Advisory Committee Progress

Earlier this year, I wrote about the launch of the Open Internet Advisory Committee (OIAC). The committee’s mandate is to, “track and evaluate the effect of the FCC’s Open Internet rules, and to provide any recommendations it deems appropriate to the FCC regarding policies and practices related to preserving the open Internet.” I’m chairing the group looking at the unique issues in Mobile Broadband networks. Our group just issued its first report, a case study about AT&T’s handling of Apple’s FaceTime application:

AT&T/FaceTime Case Study
Mobile Broadband Working Group, Open Internet Advisory Committee, Federal Communications Commission

I spoke about the progress of our working group, and about the open Internet issues facing mobile broadband networks more generally, here at Princeton as part of CITP’s luncheon series on December 13th: “Open Internet Challenges in Mobile Broadband Networks”. See the video below:

How the Nokia Browser Decrypts SSL Traffic: A "Man in the Client"

Over the past couple of days there has been some press coverage over security researcher Guarang Pandya’s report that the browser on his Nokia phone was sending all of his traffic to Nokia proxy servers, including his HTTPS traffic. The disturbing part of his report was evidence that Nokia is not just proxying, but actually decrypting the HTTPS traffic. Nokia replied with a statement (in the comments section of Pandya’s blog post, and to several news outlets):

We take the privacy and security of our consumers and their data very seriously. The compression that occurs within the Nokia Xpress Browser means that users can get faster web browsing and more value out of their data plans. Importantly, the proxy servers do not store the content of web pages visited by our users or any information they enter into them. When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users’ content, it is done in a secure manner.

Nokia has implemented appropriate organizational and technical measures to prevent access to private information. Claims that we would access complete unencrypted information are inaccurate.

We aim to be completely transparent on privacy practices. As part of our policy of continuous improvement we will review the information provided in the mobile client in case this can be improved.

You can find out more about Nokia’s privacy practices at http://www.nokia.com/privacy.

So, it turns out that Pandya was correct: Nokia is decrypting SSL traffic in their proxy servers. This is not disclosed in their privacy policy, and the somewhat vague assurance of things being done “in a secure manner” is not entirely comforting. Beyond that, the statement gave some other interesting clues. One clue was that this is a feature of the Nokia Xpress Browser, an app that is available for the popular Nokia Lumia phones that run Windows Phone 8. These phones are available from the major US carriers, whereas Pandya’s phone (the Asha) is mostly sold abroad. So I tracked down a Lumia phone, installed Nokia Xpress, and did my own investigation. Results after the jump.

[Read more…]

Can you Hear me Now? In 2012, Some Political Pollsters Still Can’t

Recently, I received a call from Gallup on our landline home phone, seeking to speak with my wife, presumably for a political poll. Because she was not at home at the time, Gallup’s representative told me he would call back later. To our knowledge that follow-up call never came. Gallup’s representative never asked me for my wife’s cell phone number, e-mail address, or any way to reach her beyond calling our home phone number again. Why not?

Apparently, some political polling efforts fail to recognize the variety of ways in which Americans communicate today. On his election season must-read blog FiveThirtyEight, Nate Silver wrote a post last month entitled “Obama’s Lead Looks Stronger in Polls That Include Cellphones.” Specifically, Mr. Silver observed that polls that use live interviewers and include cell phones show stronger results for President Obama than polls that use automated dialing methods or exclude cellphones. According to Mr. Silver, roughly one-third of American households are excluded by polls that call landlines only.
[Read more…]