Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

October 11 2011

02mydafsoup-01

[...]

The government's request included the email addresses of people Mr. Appelbaum corresponded with the past two years, but not the full emails.

Both Google and Sonic pressed for the right to inform Mr. Appelbaum of the secret court orders, according to people familiar with the investigation. Google declined to comment. Mr. Appelbaum, 28 years old, hasn't been charged with wrongdoing.

The court clashes in the WikiLeaks case provide a rare public window into the growing debate over a federal law that lets the government secretly obtain information from people's email and cellphones without a search warrant. Several court decisions have questioned whether the law, the Electronic Communications Privacy Act, violates the U.S. Constitution's Fourth Amendment protections against unreasonable searches and seizures.

[...]
Court Order Seeks Email Data of WikiLeaks Volunteer Jacob Appelbaum - WSJ.com
Reposted bywikileakskrekklydschidarksideofthemoon

January 09 2011

Daten auf dem Silbertablett

Der Umstand, dass Twitter kürzlich Nutzerdaten – vor dem Hintergrund von Ermittlungen gegen Wikileaks-Chef Assenge – an die US-Regierung herausgegeben hat, wird gerade intensiv diskutiert. Es scheint hierbei offenbar die Ansicht vorzuherrschen, derartiges sei in Deutschland nicht oder nur erschwert möglich.

Dass das ein Irrglaube ist, legt der Kollege Vetter in seinem Blog anschaulich dar. Diese Einschätzung entspricht auch meiner Erfahrung. Seit vielen Jahren liefern Provider und Portalbetreiber den Ermittlungsbehörden oftmals ohne großen Widerstand alle möglichen Daten auf Anfrage hin. Das Spektrum reicht von Bestandsdaten bis hin zu konkreten Kommunikationsinhalten. Oft genug werden hierbei durch die Behörden auch die gesetzlichen Vorgaben nicht beachtet. In vielen Fällen genügt faktisch ein Fax einer Polizeidienststelle oder KPI mit einer “Auskunftsanfrage” und die Behörden bekommen die gewünschten Daten auf dem Silbertablett. Eine gewisse Erschwernis dieser zum Teil rechtswidrigen Praxis ist nun dadurch eingetreten, dass viele Provider und Portalbetreiber IP-Adressen nicht mehr oder nur nur noch sieben Tage speichern und danach keine Auskunft mehr erteilen können, weil die gewünschten Daten nicht mehr vorhanden sind. Der Grund hierfür ist übrigens nicht der Wegfall der Vorratsdatenspeicherung, sondern der Druck der von den Datenschutzbehörden ausgeht. Ein Umstand, der auch in der aktuellen Diskussion über die Vorratsdatenspeicherung zu wenig beachtet wird. Die (politische) Diskussion müsste eigentlich konkret das Spannungsverhältnis von Datenschutz und staatlichem Sicherheitsinteresse beleuchten. Diese Diskussion scheint aber politisch nicht erwünscht zu sein.

Ich habe vor einiger Zeit mal einen ISP vertreten, der eine formlose Anfrage des Bundeskriminalamts auf dem Tisch hatte, zu einer IP-Adresse die “Bestandsdaten” eines Kunden zu liefern. Der Provider hat die Herausgabe verweigert und gab dem BKA die Rückmeldung, dass man mit der ermittelnden Staatsanwaltschaft im Rahmen der gesetzlichen Vorgaben natürlich kooperieren würde, aber für eine Beantwortung dieser formlosen Anfrage keine rechtliche Verpflichtung erkennen könne. Der Provider hat von dem Vorgang nie wieder etwas gehört, weder das BKA noch eine Staatsanwaltschaft ist je wieder bei dem ISP vorstellig geworden.

Die meisten Anbieter sind allerdings nicht so widerspenstig, sondern kooperieren bereitwillig mit den Behörden. Zum Teil weil man glaubt, dazu stets verpflichtet zu sein, teils deshalb, weil man keinen Ärger mit der Staatsgewalt haben möchte.

Auch richterliche Beschlüsse über die Beschlagnahme von Kommunikationsinhalten gibt es in Deutschland sehr häufig und oftmals auch sehr zügig. Die Bedeutung des Richtervorbehalts wird insgesamt stark überschätzt.

August 11 2010

What I get and don't get about the Google/Verizon proposal

Nobody knew for a long time what Google and Verizon were cooking up on
the network neutrality front, and after the release of their brief,
two-page roadmap (posted href="http://www.scribd.com/doc/35599242/Verizon-Google-Legislative-Framework-Proposal">On
Scribd as a PDF, among other places) nobody still knows. All the
usual Internet observers have had their say, and in general the
assessment is negative.

My first reaction was to ignore the whole thing, mainly because the
language of the agreement didn't match any Internet activity I could
recognize. Some of the false notes struck:

  • The Consumer Protections section keeps using the term "lawful" as if
    there was a regulatory regime on the Internet. Not even the people
    regularly accused of trying to extend government control over the
    Internet (ICANN, WSIS, and the ITU) believe they can define what's
    lawful and make people stick to it.

    If I can send and receive only lawful content, who do Google and
    Verizon think can stop me from exchanging child pornography or
    instructions to blow up buildings? What, in turn, distinguishes lawful
    applications and services from unlawful ones (outside of Saudi Arabia
    and the United Arab Emirates)?

    Deduction: This passage represents no meaningful or enforceable rules,
    but is thrown in to make regulators feel there's a policy where in
    fact there is none.

  • The Transparency section strews around nice, general statements no one
    could complain about--don't we all want our services to tell us what
    they're doing?--but the admonitions are too general to interpret or
    apply.

    For instance, Apple is adamant about its right to determine what apps
    are available to iPhone and iPad buyers. Is that transparency?
    Apparently not, because every Apple developer gnaws his fingernails
    waiting to hear whether and when his app will be accepted into the App
    Store. But I don't see language in the Google/Verizon transparency
    section that covers the App Store at all. They might well say it's not
    networking issue.

    Fine, let's turn to networking. The carriers maintain that they need
    flexibility and a certain degree of secrecy to combat abuses such as
    spam; see for instance my blog href="http://www.oreillynet.com/onlamp/blog/2008/04/consider_the_economics_in_netw.html">Consider
    the economics in network neutrality. Squaring this complex
    issue--which is covered by the Google/Verizon in the next item on
    Network Management--with transparency is a dilemma.

    Deduction: we can all say we're transparent and feel good, but life is
    too complex for authorities to be totally transparent about what
    they're transparent about.

  • The worst passage in my view is the one in the Regulatory Authority
    section assigning authority to the FCC for "broadband." That
    ill-defined term, used far too much in Washington, tends to appear in
    the context of universal service. One can regulate broadband by such
    things as providing incentives to build more networks, but the
    Regulatory Authority section sidesteps the more basic questions of who
    gets to regulate the building, interconnecting, and routing through
    networks.

    Deduction: Google and Verizon put this in to encourage the government
    to continue pouring money into the current telcos and cable companies
    so they can build more high-speed networks, but its effect on
    regulation is nil.

Not too inspiring on first impression, but because so many other
people raised such a brouhaha over the Google/Verizon announcement, I
decided to think about it a bit more. And I actually ended up feeling
good about one aspect. The proposal is really a big concession to the
network neutrality advocates. I had been feeling sour about proposals
for network neutrality because, as nice as they sound in the abstract,
the devil is in the details. Network management for spam and other
attacks provides one example.

But the Google/Verizon announcement explicitly denounces
discrimination and mandates adherence to Internet standards. (Of
course, some Internet standards govern discrimination.) It seems to me
that, after this announcement, no network provider can weep and wring
its hands and claim that it would be unable to do business on a
non-discriminatory basis. And network neutrality advocates can cite
this document for support.

But as others have pointed out, the concession granted in the
"Non-Discrimination Requirement" section is ripped away by the
"Additional Online Services" section to "traffic prioritization." This
makes it clear that the "services" offered in that section reach deep
into the network infrastructure where they can conflict directly with
public Internet service. Unless someone acknowledges the contradiction
between the two sections and resolves it in a logical manner, this
document becomes effectively unusable.

What about the other pesky little exemption in the proposal--wireless
networks? Certainly, a lot of computing is moving to mobile devices.
But wireless networks really are special. Not only are they hampered
by real limits on traffic--the networks being shared and having
limited spectrum--but users have limited tolerance for unwanted
content and for fidgeting around with their devices. They don't want
to perform sophisticated control over transmission over content; they
need someone to do it for them.

Anyway, fiber is always going to provide higher bandwidth than
wireless spectrum. So I don't believe wireless will become
dominant. It will be a extremely valuable companion to us as we walk
through the day, saving data about ourselves and getting information
about our environment, but plenty of serious work will go on over the
open Internet.

So in short, I disdain the Google/Verizon agreement from an editor's
point of view but don't mind it as a user. In general, I have nothing
against parties in a dispute (here, the telephone companies who want
to shape traffic and the Internet sites who don't want them to)
conducting talks to break down rigid policy positions and arrive at
compromises. The Google/Verizon talks are fraught with implications,
of course, because Google is a wireless provider and Verizon
distributes lots of phones with Google's software and services. So I
take the announcement as just one stake in the ground along a large
frontier. I don't see the proposal being adopted in any regulatory
context--it's too vague and limited--but it's interesting for what it
says about Google and Verizon.

April 06 2010

DC Circuit court rules in Comcast case, leaves the FCC a job to do

Today's ruling in Comcast v. FCC will certainly change the
terms of debate over network neutrality, but the win for Comcast is
not as far-reaching as headlines make it appear. The DC Circuit court
didn't say, "You folks at the Federal Communications Commission have
no right to tell any Internet provider what to do without
Congressional approval." It said, rather, "You folks at the FCC didn't
make good arguments to prove that your rights extend to stopping
Comcast's particular behavior."

I am not a lawyer, but to say what happens next will take less of a
lawyer than a fortune-teller. I wouldn't presume to say whether the
FCC can fight Comcast again over the BitTorrent issue. But the court
left it open for the FCC to try other actions to enforce rules on
Internet operators. Ultimately, I think the FCC should take a hint
from the court and stop trying to regulate the actions of telephone
and cable companies at the IP layer. The hint is to regulate them at
the level where the FCC has more authority--on the physical level,
where telephone companies are regulated as common carriers and cable
companies have requirements to the public as well.




The court noted (on pages 30 through 34 of href="http://pacer.cadc.uscourts.gov/common/opinions/201004/08-1291-1238302.pdf">its
order) that the FCC missed out on the chance to make certain
arguments that the court might have looked on more favorably.
Personally and amateurly, I think those arguments would be weak
anyway. For instance, the FCC has the right to regulate activities
that affect rates. VoIP can affect phone rates and video downloads
over the Internet can affect cable charges for movies. So the FCC
could try to find an excuse to regulate the Internet. But I wouldn't
be the one to make that excuse.

The really significant message to the FCC comes on pages 30 and 32.
The court claims that any previous court rulings that give power to
the FCC to regulate the Internet (notably the famous Brand X decision)
are based on its historical right to regulate common carriers (e.g.,
telephone companies) and broadcasters. Practically speaking, this
gives the FCC a mandate to keep regulating the things that
matter--with an eye to creating a space for a better Internet and
high-speed digital networking (broadband).

Finding the right layer

Comcast v. FCC combines all the elements of a regulatory
thriller. First, the stakes are high: we're talking about who
controls the information that comes into our homes. Second, Comcast
wasn't being subtle in handling BitTorrent; its manipulations were
done with a conscious bias, carried out apparently arbitrarily (rather
than being based on corporate policy, it seems that a network
administrator made and implemented a personal decision), and were kept
secret until customers uncovered the behavior. If you had asked for a
case where an Internet provider said, "We can do anything the hell we
want regardless of any political, social, technical, moral, or
financial consequences," you'd choose something like Comcast's
impedance of BitTorrent.

And the court did not endorse that point of view. Contrary to many
headlines, the court affirmed that the FCC has the right to
regulate the Internet. Furthermore, the court acknowledged that
Congress gave the FCC the right to promote networking. But the FCC
must also observe limits.

The court went (cursorily in some cases) over the FCC's options for
regulating Comcast's behavior, and determined either that there was no
precedent for it or (I'm glossing over lots of technicalities here)
that the FCC had not properly entered those options into the case.

The FCC should still take steps to promote the spread of high-speed
networking, and to ensure that it is affordable by growing numbers of
people. But it must do so by regulating the lines, not what travels
over those lines.

As advocates for greater competition have been pointing out for
several years, the FCC fell down on that public obligation. Many trace
the lapse to the chairmanship of Bush appointee Michael Powell. And
it's true that he chose to try to get the big telephone and cable
companies to compete with each other (a duopoly situation) instead of
opening more of a space for small Internet providers. I cover this
choice in a 2004
article
. But it's not fair to say Powell had no interest in
competition, nor is it historically accurate to say this was a major
change in direction for the FCC.

From the beginning, when the 1996 telecom act told the FCC to promote
competition, implementation was flawed. The FCC chose 14 points in the
telephone network where companies had to allow interconnection (so
competitors could come on the network). But it missed at least one
crucial point. The independent Internet providers were already losing
the battle before Powell took over the reins at the FCC.

And the notion of letting two or three big companies duke it out
(mistrusting start-ups to make a difference) is embedded in the 1996
act itself.

Is it too late to make a change? We must hope not. Today's court
ruling should be a wake-up call; it's time to get back to regulating
things that the FCC actually can influence.

Comcast's traffic shaping did not change the networking industry. Nor
did it affect the availability of high-speed networks. It was a clumsy
reaction by a beleaguered company to a phenomenon it didn't really
understand. Historically, it will prove an oddity, and so will the
spat that network advocates started, catching the FCC in its snares.

The difficulty software layers add

The term "Internet" is used far too loosely. If you apply it to all
seven layers of the ISO networking model, it covers common carrier
lines regulated by the FCC (as well as cable lines, which are subject
to less regulation--but still some). But the FCC has historically
called the Internet a "service" that is separate from those lines.

Software blurs and perhaps even erases such neat distinctions. Comcast
does not have to rewire its network or shut down switches to control
it. All they have to do is configure a firewall. That's why stunts
like holding back BitTorrent traffic become networking issues and draw
interest from the FCC. But it also cautions against trying to regulate
what Comcast does, because it's hard to know when to stop. That's what
opponents of network neutrality say, and you can hear it in the court
ruling.

The fuzzy boundaries between software regulation and real-world
activities bedevils other areas of policy as well. Because
sophisticated real-world processing moves from mechanical devices into
software, it encourages inventors to patent software innovations, a
dilemma I explore in href="http://radar.oreilly.com/archives/2007/09/three_vantage_p.html">another
article. And in the 1990s, courts argued over whether encryption
was a process or a form of expression--and decided it was a form of
expression.

Should the FCC wait for Congress to tell it what to do? I don't think
so. The DC Circuit court blocked one path, but it didn't tell the FCC
to turn back. It has a job to do, and it just has to find the right
tool for the job.

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl