The Problem with Legislating

Jeff Pulver in passing sums up the problem with legislating:
We thought it would be sufficient for Jonathan Askin to cover the House Judiciary Committee Markup, given the fact that Staci Pies was going to testify at the Senate Hearing on behalf of the VON Coalition. Well, yesterday afternoon, the VON Coalition was removed from inclusion on the panel. So, the Senate was left with no one expressing the views of the Internet communications industry and the effects that the Senate Bill might have on the emerging industry.

My Worlds Collide on Capitol Hill Today, Jeff Pulver, The Jeff Pulver Blog, 25 May 2006

Legislatures almost by definition can’t be experts on every subject they legislate on. So instead they depend heavily on lobbyists. And sometimes they deliberately exclude parties who are trying to represent important points of view.

Legislators also listen to constituents. If enough constituents say net neutrality is sacrosanct, maybe Congress will get net religion. If your business wants a level playing field that isn’t skewed towards a handful of big telcos, you may want to speak up.

-jsq

Open Source Disaster Recovery

If you can’t count on governments, first responders, telcos, or even the Red Cross to keep communications going during a natural disaster, who ya gonna call? Open source decentralized emergent organizations, apparently:
Volunteers eager to help disaster victims have begun to draw on open source models of organization to mobilize and coordinate vast resources from around the world. This paper investigates two such groundbreaking efforts, involving responses to Hurricane Katrina and to the South East Asian tsunami. The study sheds light on how these organizations evolve so rapidly, how leaders emerge and confront challenges, and how interactions with traditional, more hierarchical disaster recovery efforts unfold. Lessons from these early efforts show how they can be improved, and also point to the need for more research on networked non–state actors that are playing increasingly prominent roles.

Open source disaster recovery: Case studies of networked collaboration, by Calvert Jones and Sarai Mitnick, First Monday, volume 11, number 5 (May 2006),

Decentralized, cooperative, global reach: all the things the Internet was built on. Rapid, flexible, usable response. That sounds like good risk management to me.

-jsq

EFF v. AT&T

EFF is making some progress in their lawsuit against AT&T for handing over logs to NSA for wiretapping:

AT&T has set up a secret, secure room for the NSA in at least one of the company’s facilities — a room into which AT&T has been diverting its customers’ emails and other Internet communications in bulk — according to evidence in key documents partially unsealed today in the Electronic Frontier Foundation’s (EFF’s) class-action lawsuit against the telecom giant.

"Now the public can see firsthand the testimony of Mark Klein, a former AT&T employee who was brave enough to step forward and provide evidence of the company’s illegal collaboration with the NSA," said EFF Staff Attorney Kevin Bankston. "Today we have released some of the evidence supporting our allegation that AT&T has given the NSA direct access to its fiber-optic network, such that the NSA can read the email of anyone and everyone it chooses — all without a warrant or any court supervision, and in clear violation of the law."

The Klein declaration and EFF’s motion for a preliminary injunction against AT&T’s ongoing illegal surveillance were filed under seal last month. But last week, U.S. District Judge Vaughn Walker instructed AT&T to work with EFF to narrowly redact the documents and make them available to the public.

Key Portions of Critical Documents Unsealed in AT&T Surveillance Case Technician Describes Secret NSA Room at AT&T Facility, Rebecca Jeschke, EFF, May 25, 2006

For some reason I thought "we" were better than "them" because we had the rule of law. And that without the rule of law it’s hard to have contracts and capitalism, so this sort of law breaking could be considered a risk to business.

-jsq

PS: Seen on  Fergie’s Tech Blog.

8.9% Identity Loss

Adam Shostack adds up the latest threat government has provided for us:

8.9% of Americans are at increased risk for ID theft due to that fellow at the veterans administration. Wow. Sure, the 13% at risk for account take-over from Cardsystems was bad, but that was just credit cards. This is about the databases that control our lives. This is horrendous. Maybe we’ll get some better laws about credit freezes out of it.

8.9%, Adam Shostack, Emergent Chaos, 26 May 2006.

This is a pretty good illustration of why depending on social security numbers for authentication is a bad idea. It’s also a pretty good example of why government can be the biggest security threat: it has greater scale and resources than most other entities. And a pretty good example of how the most rudimentary security would have provided sufficient resilience to prevent such a theft. Simple prevention measures are often the best risk management.

-jsq

K-12 Social Networking

In a previous post, I mentioned that government sometimes seems the biggest security threat. This is partly because government often doesn’t the consequences of what it does. Here’s an interesting example of unintended consequences: the No Child Left Behind Act producing incentive for K-12 social network sites.
The exchange of information among the key K–12 decisionmakers — parents, teachers, principals, superintendents, and elected school officials — is a huge challenge today. Quality information and communications are becoming more valuable as options increase for parents and accountability increases for teachers, schools, districts, and states. The Internet gives people access to nearly infinite content and information, but with all the additional information and choices, there are more decisions to make for Web browsers and users. Logistical help is needed for reaching people who can be reference points and explanation givers. Being Internet savvy alone will not suffice. The convergence of NCLB realities with the Internet’s ever expanding capabilities offers a window of opportunity to build a social network website service that is suited for K–12.

K–12 encounters the Internet, by Paul DiPerna First Monday, volume 11, number 5 (May 2006),

Many K-12 schools already have floating technical advisors, usually one of their own teachers who is technically savvy who goes around and advises the others. This article seems to be proposing to take the next step of interconnecting such people and information across school systems.

-jsq

Good Intentions Still Need Monitoring

Sometimes it does seem that governments can be the biggest security threat:
The bill aims to speed up the process by which redundant laws are changed and allows them to be amended on ministers’ orders, without parliamentary scrutiny.

The Commons Regulatory Reform Committee said it was “the most constitutionally significant bill” for some years.

“[The bill] provides ministers with a wide and general power that could be used to repeal amend or replace almost any primary legislation”
Andrew Miller MP

It is pressing for the power to monitor all laws amended by ministers, so it can veto any it decides need further parliamentary intervention.

The committee also wants certain laws protected from the changes.

Red tape law ‘must not be abused’ BBC, 6 February 2006

In the U.S. we supposedly have such protections, written into the Constitution and its amendments. Continue reading

Economics of Net Neutrality

Here’s an article about a report that purports to provide economic analysis of economic benefits if net neutrality is not enforced in the United States:
The debate over the long-term effects of eliminating net neutrality is distinctly emotional. On the one hand, supporters of net neutrality argue that abandoning neutrality would mean the end of the free Internet society. They argue that large broadband access providers in conjunction with a few powerful content providers could use commercial and technological power to dictate the portfolio of content that end users – including consumers and businesses – could access on the Internet, how suppliers could do business over the Internet, and how much they pay for access.

On the other hand, those opposed to making net neutrality part of telecom law counter that the levels of investment required to deploy infrastructure that can cope with bandwidth-hungry applications can be supported only if operators are able to charge for delivery of those services. They also contend that any law enshrining net neutrality would be inappropriate, as government cannot predict how the economy might evolve, and that any restrictive law could have unintended consequences (as in stifling broadband development of broadband applications).

Net Neutrality Dollars and Sense Simon Sherrington | Analyst, Light Reading, 1 May 2006

OK, I’m always suspicious of any “analysis” that tars one side as being “emotional” while characterizing the other side as rationally “figuring”. Continue reading

Their Capers’ Public Fields

I always say that one thing I learned from writing books is that no matter how you write something, somebody will find a different way to interpret it. Spire Security Viewpoint read my Their Capers’ Social Fields as a plea to keep social security numbers more confidential. I wrote it using social security numbers as an example of how any widely used identity key won’t ever be kept confidential, so using such a common key is a bad idea.

Anyway, SSV has an interesting comment:

We need to turn this argument on its head and make all SSNs public record. Then, we can work towards a real solution that can protect the individual.
Yes, good idea. If SSNs were public, it would be so obvious that they’re horrible keys to use for security that maybe organizations would stop doing so.

-jsq