Prof. Susan Crawford has been breaking and following some monumentally important stories recently. Her latest regards one of my favorite federal agencies, the FCC, and the huge power grab it is considering exercising with regard to the internet. This is no joke, the FCC is considering regulating everything that uses the IP protocol (Nethead/Bellhead -- Noticing DHS). If you think this is just about the big telecoms, you're wrong:
"[National Security/Emergency Preparedness] NS/EP considerations provide a compelling rationale for applying a certain amount of regulation to IP-enabled services. The purpose of such regulation would be to ensure the prioritized availability of certain communication services to Federal, state, and local officials and first responders in times of emergency or national crisis."Crawford is quoting from the Department of Homeland Security filing in the IP-related services proceeding (In the Matter of FCC Review of Regulatory Requirements for IP-Enabled Services: Comments of the Department of Homeland Security [PDF] The fun part of this document is that it won't let you copy/paste).
How much regulation is necessary?
"In the event of crisis, NS/EP national leadership must receive end-to-end priority treatment over other users. . . . NS/EP traffic must be identified with its own class of service -- above and beyond "best effort."This, of course, would mean the end of end-to-end as IP providers would have to check packets to see if they were specially marked by the government (which would require all sorts of checks so that we could be sure the packets hadn't been spoofed and what not). Basically, we would have to build into the internet a smart network. Once you've done that, all sorts of other regulations become possible.
As Crawford notes, all of this would be done in the name of national security. You're not against national security, are you?
On Saturday, Andrew Grumet announced the release of RssReader 0.4d (RssReader 0.4d). In Andrew's words, "RssReader is TiVo-resident software that displays the contents of an RSS feed on your television." Of course, who the heck really wants to read RSS feeds on television? Sounds like one of those dotcom-era WebTV-like monstrosities. Instead, Andrew notes that "More interestingly, RssReader can schedule recordings from syndication feeds containing RSSTV extensions. This means you can subscribe your TiVo to a community-evolved ToDo list, such as the feed generated by Program My TiVo!" Absolutely, and something I think has amazing potential (RSS for TV, Music).
However, I also think that there is not only a desire for at least some RssReader functionality on television, but important reasons to make it happen. Indeed, perhaps a grant from Homeland Security to Grumet would be in order.
Imagine an RSS feed that would scroll at the bottom of your television display while you watched any other channel, a news ticker if you will. It would be just like the scrolling feeds on the news and financial networks, but would be overlayed on top of whatever you are currently watching. Most importantly, the content would come from an RSS feed.
Emergency Broadcatching System
When I lived on the East Coast, the television was a major source for breaking emergency local news such as school closings, traffic conditions and weather alerts. Turn on the local morning news after a snow storm and there would be a scroll of the business and school closings and delays. Major accidents on I-95 would initiate traffic tickers and you would also see listings of various counties under blizzard alert or where snow emergencies had been declared.
There are a couple of problems with this system. First, you have to be watching a live, local station. What about those gentle souls who like to start their morning with a relaxing gardening show on Home and Garden TV while they sip a nice cup of herbal tea? Thanks to TiVo, what about those early-risers who want to watch David Letterman's top ten from the night before in the morning just before heading to the home office?
Second, these scrolls are not necessarily the most efficient way of getting information to the audience. The alphabetical listings of businesses and schools seem to get longer and longer every year. Currently, you have to wait like 10 minutes for the darn thing to scroll through the entire listing in New Haven (and Yale never closes anyway). And you know something? I couldn't have cared less about the storm alerts in Windham County; I was in New Haven County, darn it.
Seriously, wouldn't it make a lot more sense to have an RSS feed for such emergency announcements? I want my employer or my school district to let me know when I should come in late or not come at all, and I want to know whether or not I'm watching a live, local news show. As TiVo (and broadcatching) become more popular it becomes less and less likely that people will be watching live broadcasts or the major networks. If you are the state or county government and need to let everyone know that there is a snow emergency or get other information out to citizens, who have dozens or hundreds of television channels to choose from, you can't simply hope that your citizens are watching the local ABC, CBS, NBC, PBS or FOX affiliate. Heck, if for some reason the television broadcast is out (terrorists attack transmitters, for example), you might still be able to get information to people through their televisions.
Cable companies could probably do something like this at government request, but not everyone wants to be constantly bombarded with this information on all channels. Okay, I know my school is closed today and now I just want to watch Spongebob Squarepants in peace. I'm not sure what capability satellite companies would have to do this on non-local channels. In any case, people may want information from sources other than the government and I doubt cable or satellite companies will run tickers for them.
People should be able to subscribe to particular feeds for their specific needs and you should be able to turn feeds on and off. There should also probably be a flag that would could be set to permit interruptions (automatically making the feed visible on the screen) and allow you to turn the feed off after you've got the information (only to reappear if there is an update, for example).
Other RSS Applications
Of course, once this system is in place, there would likely be a number of businesses that could be created to take advantage of such scrolls. Obvious applications include stock tickers and sports scores. Why not keep up with the stocks you follow while watching The Simpsons instead of CNNfn? Watch your favorite basketball game and keep closer tabs on the other teams you are interested in, rather than all the other scores and other sports the station's tickers usually have. News junkies can have news tickers running even while watching other entertainment.
Personalization would be great. Who wouldn't want to wake up in the morning with a personalized ticker that would include local weather and local traffic? In Southern California, wouldn't it be great if you could subscribe to the 5 Freeway/Orange County feed, or the 605 & 10 Freeways Los Angeles County feeds? Watch a national news show, but get a local news ticker? News could be even more specific. For us Copyfight junkies, why not Michael Geist's Internet Law News as an RSS feed you could read while watching Good Morning America? Sure, there wouldn't be a lot of content that could be sent in such a format, but it would alert you to stories you should probably check out later (or sooner, as the case may be).
If your feed is good enough, you might be able to get a minimum of advertising into the feed, or draw people to your website. I think the first news companies that jump on making this happen will make quite the splash. How embarrasing would it be for NBC News to know that that those watching the Today Show are getting a CNN news and weather RSS feed scrolling at the bottom of their screen?
Making RSSTV, RSS + BitTorrent and Broadcatching Real
Of course, once such a system is built out, it would be very natural and easy to add RSSTV ability to the mix. Once you can subscribe to an RSS news ticker feed, how much more difficult would it be to subscribe to "channel" feeds that tell your TiVo to record particular programs?
After that, the next obvious step is RSS + BitTorrent broadcatching. Heck, Homeland Security might want to have such a capability built into a "Emergency Broadcatching System." For example, it might be necessary to quickly disseminate multimedia that the local TiVo stores and records whether or not the television is receiving (or television stations are broadcasting). You never know when such a capability might come in handy.
Of course, once you have broadcatching built into every TiVo, ReplayTV and whatever it is that the Dish Network uses, whole new possibilities open up...
LawMeme briefly summarizes and collects a number of articles on several law enforcement agencies' (FBI, DOJ and DEA) recent petition to the FCC to expand government wiretap capability (FBI seek to expand the system-formerly-known-as-Carnivore).
C|Net News reports that the petition "aims to give police ready access to any form of Internet-based communications" (FBI adds to wiretap wish list):
Legal experts said the 85-page filing includes language that could be interpreted as forcing companies to build back doors into everything from instant messaging and voice over Internet Protocol (VoIP) programs to Microsoft's Xbox Live game service. The introduction of new services that did not support a back door for police would be outlawed, and companies would be given 15 months to make sure that existing services comply.
That's just wonderful. And I suppose only the US government will have access to these backdoors?
The Washington Post (reg. req.) talks to one of the leading experts on wiretapping, CDT's James X. Dempsey (Easier Internet Wiretaps Sought):
But privacy and technology experts said the proposal is overly broad and raises serious privacy and business concerns. James X. Dempsey, executive director of the Center for Democracy & Technology, a public interest group, said the FBI is attempting to dictate how the Internet should be engineered to permit whatever level of surveillance law enforcement deems necessary.
"The breadth of what they are asking for is a little breathtaking," Dempsey said. "The question is, how deeply should the government be able to control the design of the Internet? . . . If you want to bring the economy to a halt, put the FBI in charge of deploying new Internet and communications services."
Dempsey is right. The amount of intervention in technology development necessary for the FBI and DOJ to accomplish what they want with regard to wiretapping is enormous. The costs will be both direct (money out of consumer's pockets) and indirect (loss of innovation). However, that is only half the picture. Unfortunately for the FBI, the costs to defeat the wiretapping are relatively small and will continue to decrease. We have here an asymmetric situation that will only grow more asymmetric as time goes on.
The problem is with the underlying architecture of the internet. Advances in technology along with the end-to-end/layers principle mean that it will always be cheaper to add encryption to the edges of the network than to increase the amount of surveillance at the center of the network. How much does it cost to write an encrypted VoIP app? Not much. How much does it cost to build the surveillance mechanism and conduct the surveillance across all possible ISPs? A heck of a lot more.
Ok. Now that the first encrypted VoIP app is compromised ... how much will it cost to build another encrypted layer on top of the first one? How much will it cost to conduct surveillance on this new layer? Hmmmm, if this progression continues, as we add additional layers of encryption and surveillance, the costs will increasingly diverge. Not a game you can win ultimately. In fact, it doesn't make much sense to even start. The FBI should be happy with what they've got.
Nor should we forget how darn cheap computing is getting. I wish my first computer had the power of a Treo 600. How hard is it to write voice encryption software for Treos and all the follow-on smart phones? How hard will be to add additional layers to the communications stack especially given all the various options for communication being made available through ubiquitous grid-network wireless?
If I were the FBI, I wouldn't waste my time on a battle I ultimately couldn't win and instead would concentrate my efforts on the place where I could still achieve my goals - the ends. You want to know what someone is up to online? I would recommend, for example, key loggers, "real" spyware, and social engineering. It ain't gonna be easy, but you have a chance of winning in the long term. The sooner you quit a race you can't win, the faster you can enter a race where you have a chance.
Bonus FBI Inanity: Sunday, March 14th was the 54th birthday of the FBI's "Top Ten Most Wanted Fugitive List." What better way to celebrate than with a humorous quiz? For example,
5. What Bible-carrying female impersonator was captured in 1964 while working as "Bobo the Clown" with a traveling carnival?
ANSWER: Leslie Douglas Ashley. And for extra credit, Isaie Aldy Beausoleil [apparently another man] was arrested in 1953 dressed as a woman...acting v-e-r-y suspiciously in a Chicago ladies' restroom.
7. Who was arrested in Japan, extradited to the U.S., and in Honolulu presented FBI Agents--in all seriousness--with [sic] a Monopoly "Get Out of Jail Free" card?
ANSWER: James Robert Ringrose, arrested in 1967.
And this one is really a laugh riot, har-d-har-har:
4. What Top Ten terrorist who was apprehended in 1995 said at his trial in New York City, "I am a terrorist, and I am proud of it"?
ANSWER: Ramzi Ahmed Yousef, who masterminded the 1993 World Trade Center bombing in New York and planned the bombing of an American airplane in the Far East, an act that was prevented. Judge Kevin Thomas Duffy of Manhattan's Federal District Court called him "an apostle of evil [who] wanted to kill for the thrill of killing human beings."
Bonus FBI Inanity 2: A Strengthened Partnership to Protect Children: Name that Sexual Predator! - That's the real name for the page - no foolin'. Frankly, I am somewhat disturbed when law enforcement agencies turn child abuse into a game.
UPDATE
Brother Dana has some observations here: Following The Chinese Way
According to his blog, until this past Monday, Michael Hanscom was a temporary employee in Microsoft's Copy/Print shop, reporting to a Xerox supervisor. Michael worked there until he was fired for a security violation for a blog post (Of blogging and unemployment). The original blog post that resulted in the firing contains a photo of a number of Power Mac G5s being unloaded from a truck at the receiving dock on the Microsoft facility in Redmond (Even Microsoft wants G5s).
I've only had the chance to read one side of the story (and I doubt MS Security will comment), but it seems to me that Microsoft has overreacted (though it is within their rights to fire). Couldn't this have been handled with a discussion and some more training about security issues? Is the employee manual so clear on security issues? I'm also sort of curious as to how this came to Microsoft's attention. Do they monitor employee's private websites?
What this does show, however, is that companies probably should add an "acceptable blogging policy" regarding company-related posts to their employee manuals.
via Metafilter
The Detroit News has a story on special infrared transmitters that can can broadcast a signal to receivers on traffic lights, turning the light from red to green (Gadget may wreak traffic havoc). The purpose of the devices is to ease the way for emergency vehicles. However, now civilian knock offs are being sold, allowing the average citizen to clear their own traffic path. The traffic headaches this can cause will be enormous, not to mention the problems it will cause for emergency vehicles. The consumer devices themselves are probably legal to sell currently.
Educated Guesswork notes how easily this could have been prevented with some simple cryptography (Remote traffic light control).
Ed Felten notes how poor engineering practices might result in poor law: banning transmitters and thus creating a black market (Remote Controls for Traffic Lights).
Tim Oren has an interesting post on his Due Diligence blog concerning the intersection of security and business concerns in the design of systems (What's Your Threat Business Model?). He uses SSL as an example of how business models and security models can interact in odd ways.
