Here’s a useful analogy for thinking about net neutrality:
On today’s Internet, sending and receiving data has already been paid for and what the ISPs that are resisting net neutrality are calling for is the ability to charge content providers a second time for access to their customers. An apt analogy would be the phone company attempting to take a percentage of any transaction that was done over the phone. The calling party has already paid for the phone call, the receiving party has either paid for the phone call (metered services or cell phone) or has paid for unlimited inbound calling through a subscription. However, the phone company sees that there is money being made by others transacting
business over their phone lines and decides they deserve a cut.
Network neutrality is about control
Monday, June 26 2006 @ 10:34 am EDT
If telcos want to provide their own value added services, as they have long
done, that’s one thing.
If they want to charge somebody else for providing value added services
on top of the telco’s carriage, that’s another thing entirely.
Gaige also addresses consumer control, content delivery networks,
differential utlization, and why net neutrality is a regulatory issue;
well worth a read.
Interesting bit of political framing here:
Put another way, if net neutrality passes, the AT&Ts of the world will
be forced to pay for all of their equipment upgrades themselves and
could not subsidize that effort by imposing premium fees for premium
services. If net neutrality fails, they will be able to recoup more of
those costs than they can now from the likes of Google Inc., Microsoft
Corp. and other major users of the World Wide Web.
At its heart, then, the battle is commercial — over who pays how much
for improvements to the Internet that we all use and sometimes love.
No Neutral Ground in This Internet Battle
By Jeffrey H. Birnbaum
Monday, June 26, 2006; Page D01
I’d be more willing to believe that if the various incumbent carriers
or their predecessors hadn’t already been promising us fast broadband
for everyone for many years now,
and if Japan and Korea hadn’t already managed it without this kind of finagle.
Have I mentioned I wrote a book?
John Quarterman’s book
Risk Management Solutions for Sarbanes-Oxley Section 404 IT Compliance
is unique, as far as I know, as a very timely analysis on technical issues
and their impact on risk management. The combined forces of technology,
increased integration, business reliance on networks and systems, and
the market/legal/regulatory forces set the context for this book.
All About Early 21st Century Risk
22 June 2006
Gunnar mentions much of the content, and a useful context point:
Brian Krebs has an interesting post about the Leaves worm of 2001,
which masqueraded as a Microsoft update and used the legion of zombies
thus recruited to run up click counts on ads, thus generating revenue
for its perpetrator.
A perpetrator who has never been identified.
Which leads to Krebs most interesting point:
Still, I have to wonder whether the case didn’t sour the FBI on
investigating these types of crimes, given the resources they piled into
an ultimately futile effort. Today, there are hundreds of guys around
the world making money just like Mr. Leaves — with far more victim
computers at their disposal — except that many of them operate out of
countries which have far less cozy legal and diplomatic relations with
the United States.
Lessons Learned from the ‘Leaves’ Worm?
Brian Krebs on Computer Security, 22 June 2006
We need to find ways to get law enforcement evidence that is not so costly
yet is more enforceable.
Two American sheiks have formed a Muslim seminary:
Sheik Hamza Yusuf, in a groomed goatee and sports jacket, looked more
like a hip white college professor than a Middle Eastern sheik. Imam
Zaid Shakir, a lanky African-American in a long brown tunic, looked as
if he would fit in just fine on the streets of Damascus.
U.S. Muslim Clerics Seek a Modern Middle Ground
By LAURIE GOODSTEIN,
New York Times,
Published: June 18, 2006
The story goes on about how the two each understand both Islam and U.S.
Judging by the examples, they also understand both Islamic and Christian
Mr. Yusuf told the audience in Houston to beware of "fanatics" who pluck
Islamic scripture out of context and say, "We’re going to tell you what
God says on every single issue."
"That’s not Islam," Mr. Yusuf said. "That’s psychopathy."
According to a recent opinion survey by the International
Telecommunication Union (ITU), the biggest online fear is of stolen
These concerns over privacy were reflected in users’ fears while
surfing, with theft of personal information the most commonly cited
concern by over one quarter of respondents. Another quarter feared viruses
and worms. Nearly one fifth were worried about spyware, while scams and
fraud ranked slightly lower (13 per cent). Only 8 per cent found spam
something to be afraid of, rather than just a nuisance (Figure 1, left
chart), perhaps reflecting a grudging acceptance of spam or improvements
Promoting Global Cybersecurity
ITU announces results of global survey and launches cybersecurity gateway on World Telecommunication Day 2006
ITU Press Release,
Geneva, 17 May 2006
Such fears cause 64% of respondants to avoid some online activities out of fear.
Cringely harps on something I’ve been saying for a while, too:
The Internet television story, even as written here in columns going back
as far as the late 1990s, pushed the idea of enabling the aggregation
of widely-dispersed viewing audiences, allowing programming to thrive
that might not be successful on any local station, much less on the
national network. A good example is NerdTV, which wouldn’t attract
enough viewers on most PBS stations to even generate a rating, yet when
offered as an Internet download, drawing from a global population, makes
some pretty good numbers. But there is no concept called “local”
in this aggregation model, so stations tend to feel threatened by it;
if the network can reach local viewers directly, what need is there for
a local station?
But it doesn’t have to be that way, because the supposed strengths of centralization aren’t really strengths at all when viewed in terms of the much more imposing issue of bandwidth costs, where all the advantages are local.
Could the Key to Successful Internet Television Be…PBS?
By Robert X. Cringely,
June 8, 2006
What about the opposite of NerdTV?
OK, here’s something I don’t do often: praise Microsoft.
Strider HoneyMonkey is a Microsoft Research project to detect and analyze Web sites hosting malicious code. The intent is to help stop attacks that use Web servers to exploit unpatched browser vulnerabilities and install malware on the PCs of unsuspecting users. Such attacks have become one of the most vexing issues confronting Internet security experts. Strider HoneyMonkey is a project of the Cybersecurity and Systems Management group in Microsoft Research.
Strider HoneyMonkey Exploit Detection, Microsoft Research
Instead of waiting around for attacks to happen, this project emulates
average users in web browsing, and catches spyware and attacks that
occur as a result.
Sort of a proactive honeypot.
This goes beyond traditional Internet security, which normally builds forts and waits for the enemy to attack.
This project sends out multiple scouts to entice the enemy to attack ambushes.
This is real intelligence, and moves into risk management.
PS: Thanks, Chez, for the pointer.
Why bother with traditional social engineering, when you can let a USB drive do it for you?
It was really amusing to watch the reaction of the employees who found a USB drive. You know they plugged them into their computers the minute they got to their desks.
I immediately called my guy that wrote the Trojan and asked if anything was received at his end. Slowly but surely info was being mailed back to him.
Social Engineering, the USB Way,
Steve Stasiukonis, darkreading, 7 June 2006
So much for the traditional network perimeter.
PS: Thanks, Johnny.
The FCC has required extension of CALEA to VoIP.
An all-star cast of Internet security and protocol people beg to differ:
In order to extend authorized interception much beyond the easy
it is necessary either to eliminate the flexibility that Internet
communications allow, or else introduce serious security risks to
VoIP implementations. The former would have significant negative
on U.S. ability to innovate, while the latter is simply dangerous. The
current FBI and FCC direction on CALEA applied to VoIP carries great
Security Implications of Applying the
Communications Assistance for Law Enforcement Act to Voice over IP,
by Steve Bellovin, Matt Blaze, Ernie Brickell, Clint Brooks, Vint Cerf,
Whit Diffie, Susan Landau, Jon Peterson, John Treichler.
Which is more valuable?
A free, extensible, and relatively secure Internet,
or one controled by a state?