The 9th Circuit just issued a ruling on a question I'm sure has been at the back of the minds of everyone from outside the police state who fly into LAX to attend ICANN meetings.
We must decide whether customs officers at Los Angeles International Airport may examine the electronic contents of a passenger's laptop computer without reasonable suspicion.
Where in the following code fragment, does the possibility of a violation of US law lie, and what is the law possibly violated?
...
<option value="IR">
Iran (string in farsi, deleted because the perl/mysql interface is braindead)
</option>
<option value="IQ"
>
Iraq (string in arabic, delted because ... )
</option>
...
The end-to-end list is experiencing a sudden discussion, one brought about by the lack of discussion. What is preventing innovation? Restarted, where does wicked abuse of incumbent monopoly power lie? In the network, where those evil ISPs make HuffPo load slower, if at all, than CNN and Fox? In the middle-boxen, where track-the-employee and every-last-eyeball value-add "deep inspection" measures every mouse nibble? Or in the end host systems, where a benign "Major Company" wisely controls a network stack (and the memory protection model we all know and love as the home of virii, spam, n'bots)?
Now all the people who answered (a), its the wicked ISPs and would the FCC or Congress please pass a rule or a bill or something, can't read the following without also knowing the outcome of the research suggested is "no impact".
In the US and Europe at least, one Major Company that controls a network stack has been judged thoroughly and beyond appeal by the courts to have a legal monopoly, with the strong assertion that makes by definition about consequent market power. That *legal* position cannot be disputed.It would take a stronger argument than a mere vague handwave by a computer scientist toward the word "competing interests" to convince most economists and lawyers that when such a company keeps its network drivers protected, proprietary, and engages in agreements with hardware vendors to "certify" their drivers and hardware, the playing field for competition enables easy implementation of anything in that dominant network stack.
Of course, computer scientists are welcome to their political opinions and dissent. But in science, dissent requires testable proof.
Thus, I propose that the next PlanetLab scale experiment on new system architectures be carried out, not with Linux, but with Windows Vista. And without any prior agreement with Microsoft that gives the researchers licenses and access to code and internal interface privileges that students in, say, Ecuador don't have.
Based on that test, we can ascertain whether the monopoly in legal fact has an impact on research freedom.
When does the claim by privileged elites for an additional franchise to operate a namespace in the DNS root prevail over the claim of unprivileged non-elites?
This is a question that shouldn't have arisen, as the legislative body (and in the ICANN reform context we're now talking about the Generic Name Supporting Organization (GNSO) as a "legislative body", at least within ICANN), in the results of it's working group on the subject, determined that where a community applied for a string, that if there was one or more communities applying for the same string, the breath and depth of "community support" for each competing application would be objectively determined.
Somehow that comparative evaluation criteria where [warning: example use of "Cherokee"] "two factions claiming to be the Cherokee Community" (for large values of "Cherokee") both apply for .cherokee, who cannot accommodate compromise, say Ross Swimmer's community of vigorously uncolored "Cherokees" -- bleached water subsequently carried by Wilma Mankiller and Chad Smith, vs the United Colors of Beneton community of "Cherokees", has become this:
Comparative Evaluation Criteria : Assessing "added value" of a TLD
- Categorizes a broad and lasting field of human, institutional, or social endeavor or activity
- Represents an endeavor or activity that has importance across multiple geographic regions
- Has lasting value
- Enhances diversity of the namespace
- Enriches broad global communities
- Meets needs that cannot reasonably be met in existing TLDs
- Enhances competition in registration services
So now we know that whatever the relative merits are of Chad's angry mob versus everyone else who's comfortable with accommodation around color and culture within a Cherokee Nation that isn't a racial farce, that if Verisign or NeuStar or Afilias or Google or ... claim they will (someday) realize the superior benefits made possible by their superior civilization capitalization and technology, that .cherokee (or whatever else should be expropriated, for the greater good, etc.) is their's to enjoy.
Oddly enough, I wasn't the only one to point out to "staff" that they'd gone off reservation.
For over a year I and a bunch of IETFers argued the issues on the Raven List, and the result was RFC 2804 IETF Policy on Wiretapping. In a nutshell, after we tried to clear our heads of everything we believed about Anglo-American jurisprudence since Charles I was shortened by a head, we tried to come to grips with wiretap as a functional requirement in the architecture of the net.
From my perspective, as an OS geek, it amounted to a requirement that the allocators for threads, memory and scheduling set up not one flow-forwarding collection of resources, but a replication resource, the tap. Fair enough, an interesting problem, a kind of malloc() that had a (let's be sophisticated) lazily evaluted copy-on-write semantics to a second execution context ... so the data plane is done. But the control plane must perform both flow set-up, and independently, that is, from independent from call set-up (viewing the target packet train within a potentially larger set of packet trains as a "call"), there is the call intercept.
The control plane requirement is for a means to over-ride any access control mechanism associated with any access restriction placed by the control plane, and priority over, and therefore more fundamental resource allocation primitives than those contained in the data-path for flow set-up, forwarding and tear-down. If that last bit wasn't obvious (it wasn't to us, initially), think of trying to get a fully loaded box to start a tap on an existing flow. To succeed some resources have to be recovered from existing flows. Starting a tap has to slow down some calls, and just to make it more fun, the call to be tapped can't be in the set of calls to experience resource starvation, least the tap be detectable directly from the tapped flow.
Oh. And that over-ride-all-protections and starve-the-innocents control and data plane capabilities have to be protected from misuse, because the Mob shouldn't be able to just hire CMU grads and conduct surveillance operations on the FBI ... or worse scenarios.
So politely, we opined in our collective judgment that "legal intercept" was unsound engineering.
Abstract
The Internet Engineering Task Force (IETF) has been asked to take a
position on the inclusion into IETF standards-track documents of
functionality designed to facilitate wiretapping.This memo explains what the IETF thinks the question means, why its
answer is "no", and what that answer means.
So the statement by John Brennan link is not just a political problem for those he successfully advises (Senator Barrak Obama), but is a technical problem for anyone with policy oversight over the National Telecommunications and Information Administration, within the Department of Commerce.
There is this great debate over whether or not the telecom companies should in fact be given immunity for their agreement to provide support and cooperate with the government after 9/11. I do believe strongly that they should be granted that immunity, because they were told to do so by the appropriate authorities that were operating in a legal context, and so I think that's important. And I know people are concerned about that, but I do believe that's the right thing to do. I do believe the Senate version of the FISA bill addresses the issues appropriately.
The image is from Orgone Lab, which looks like they'd be happy to sell my mom this blanket. I'd prefer something in a woodpecker with acorns.
This is a two page overview of the NORTH AMERICAN INDIGENOUS (.NAI) proposal for a cultural and linguistic top-level domain in the current (ca 2008/9) ICANN new gTLD rounds. The original proposal for a NORTH AMERICAN ABORIGINAL (.NAA) to ICANN was drafted in 1999.
Background
This proposal is the continuation of the original North American Aboriginal (.NAA) proposal1 for a "sponsored generic" top-level domain operated by a consortium formed by the original proposants -- the Nevada Indian Environmental Coalition, the Treaty 7 Tribal Council, the National Indian Telecommunications Institute, the Intertribal Council on Utility Policy, and the Western Abenaki of Maine, as a shared registry on a cost-recovery, tribal infrastructure development basis, with a core policy that registry data is a public resource, subject to tribal and other privacy limitations, held in trust for the indigenous public.
In the intervening decade the personnel, interests, and abilities of authors of the .NAA have changed, as have the consensus policies of ICANN.
Introduction
There are well in excess of 1,500 indigenous cultural and linguistic entities in North America. These range from the largest, the Navajo and the Cherokee, numbering in the hundreds of thousands of enrolled members (viewed as indigenous legal entities) and culturally and/or linguistically affiliated educational, cultural and linguistic institutions, groups, clans, extended non-clan kinship networks, and individual persons, to groups consisting of a very limited number of culture and language practitioners, to groups engaged in cultural and linguistic recovery, and even peoples adopting an existant related culture and language as their plan for cultural and linguistic survival.
In addition to these general purpose legal, cultural and linguistic entities, there are tens of thousands of individuals creating works of indigenous scholarship, teaching in and administering indigenous primary, secondary, and post-secondary academic institutions, creating works of classical and contemporary music, fine arts and crafts, the culinary arts, clothing, teaching indigenous languages and managing indigenous cultural and linguistic materials.
In addition to these contemporaneous sources of cultural and linguistic activity there are hundreds of thousands of archived documents, recordings, and objects, in holdings of various kinds, in the Americas, in Europe, Asia, and the Pacific, and hundreds, if not thousands, of archivists and archives.
Finally, consistent with our original purpose of creating a means for Indigenous Intellectual Property, also known as Traditional Knowledge, to become incorporated within the evolving quasi-legal ICANN system, and thereby protecting and advancing the interests of Indigenous peoples, implicit in our express choice in 1999 of the Mataatua Declaration, and our long history of work between Indigenous people in the Americas and the Pacific, the proposal includes "light the path" provisioning of indigenous resources for follow-on efforts in subsequent rounds of ICANN's evolving new gTLD process.
Why Generic?
The earliest effort to obtain any form of an indigenous namespace was the attempt by the late Dr. John Mohawk (Sotsisowah) to convince the late Jon Postel to create and delegate a namespace. This effort was doomed by Dr. Postel's choice to use ISO 3166, commonly called "country codes" (though many of its entries, then and now, are non-countries), to manage the task of making changes to the (pre-DNS) host tables. The next effort was a proposal by Mr. Eric Brunner-Williams to Dr. Postel to use X.121, which contains "continental codes", to allow non-national entry into the DNS root, prior to the establishment of ICANN, or ICANN's "new TLD" process of 1999-2001. The proposal died with Dr. Postel as the problem of determining the form and controlling authority of "the new entity", initially the International Ad Hoc Committee (IAHC) and eventually the Internet Corporation for Assigned Names and Numbers (ICANN), became controlling.
With the possibilities of an pre-generic alternative to a ccTLD exhausted, the focus of our effort became the ICANN gTLD, and we contributed to ICANN's Working Group C, authoring the "sponsored gTLD" model subsequently used by the proposals for .aero, .coop, and .museum in 2001/2002.
There are significant advantages to the "generic" TLD which are overlooked by applicants fixated on obtaining ccTLDs. These are:
The offset is the application cost, and the ongoing presumption that Verisign's for-profit business model, copied by Afilias and NeuStar, serves all uses of all namespaces.
Education
Educational institutions, from child-care to Haskell Indian Nations University, the entire gamut of pre-primary, secondary, and post-secondary academic institutions, will use the namespace for their institutional names, their teaching faculty and non-teaching staff, their students and alumni. Implicit in the use of a namespace is literacy, both in the languages of the dominant culture, and in the languages of the students, whether an indigenous language is their first or subsequent language, and our fundamental goal is to preserve and increase indigenous textual literacy, using ASCII, extended ASCII, Inuktitut syllabics, and Cherokee syllabics.
Cultural
Cultural institutions, museums, galleries, ateliers, individual artists, and cultural objects will also use the namespace.
Linguistic
Language standardization committees, preservation projects, writers and oral traditionists (story tellers), and works within the written and oral traditions will also use the namespace.
Non-Indigenous Use
Indigenous people and their cultures and languages co-exist with settled immigrant people and their cultures and languages. Indigenous schools purchase textbooks from specialist educational publishers. Indigenous museums and galleries purchase insurance policies. Much of Indigenous economic activity has consumer or producer dependencies with settled immigrant economic activities. Where the locus of non-indigenous use of the namespace is to maintain and develop the cultural and linguistic interests of an indigenous community, or their economic interests, that use will be encouraged.
Technical
During the first five years of operations, the provisioning side will be carried out using the CORE registry fabric in Europe and the publication side will be carried out using the DNS and WHOIS constellation of WAMPUMPEAG (Western Abenaki of Maine), supplemented by additional DNS constellations, e.g., ISC, PCH, etc. During the second five years of operations, both provisioning and publication will be carried out from facilities within North America.
1 A Position Paper on some new gTLDs
Your comments are sought. You know who you are.
Are any of Wampum's readers also readers of Khmer or Tibetan?
Effective October, the price for names ending in .com will be $6.86, and for names ending in .net the price will be $4.23.
That doesn't include any additional fee to ICANN, nor the registrar mark-up, or mark-down where overcharging for hosting packages provide the offset.
Reading S.2661 is depressing. Here's the worst crud from the "Findings". I put a call into Olympia Snowe's Porland office this morning.
(2) Phishing e-mails are becoming more sophisticated by having malicious spyware attachments that once opened covertly record the keystrokes and passwords of computer users, or install malware software.
Keystroke logging software developed by the Federal Bureau of Investigation is pervasively deployed, and is "not detected" by commercial anti-virus software. As we mentioned in RFC 2048, building wiretap into the network, at the physical forwarding elements or application layer filtering, which is what anti-virus software is, creates an exploitable mechanism for uniformed, and non-uniformed criminals.
(6) The United States is consistently 1 of the top 3 countries that host the most phishing websites. In November 2007, the United States hosted approximately 24 percent of phishing websites.
This is a baffling factoid. There are 150m second-level entries in the global namespace, 70m are in .com, 10m are in .net, so half the global namespace is published by VGRS and easily half of the A records published by VGRS' resolve to ipv4 addresses in blocks allocated by ARIN, so one could just as well have written "Verisign" as "United States", and then relied upon existing contract, rather than ignoring existing contract, involving the DoC, the NTIA, ICANN and VGRS.
(7) A form of phishing known as `Spear Phishing' targets companies and government agencies to gain unauthorized access to their computer systems in order to steal financial information, trade secrets, or even top secret military information.
The final example of masquerading as a trustworthy entity, using socially engineered payloads against specific targets, to acquire valuable information, usually usernames, passwords and credit card details, but here "top secret military information" is reasonable, if you believe that DISNET is connected to MILNET and MILNET to "the Internet", and that each connection is a policy-free (non-filtering) gateway.
When I ran SRI's largest internal (and external) network, I'd one of the seven MILNET to ARPANET mail gateways in my shop. Neither MILNET nor ARPANET (modernly "the Internet") were classified networks. In the basement was a SCIF, on DISNET. I once "broke" the ARPANET by adding subnets for a Usenix meeting. That got me a same-day call from the ARPANET NOC at BBN. If I'd connected my DISNET node to either my MILNET IMP (modernly, router) or my ARPANET IMPs (ditto), I'd probably still be inside Leavenworth.
Whoever wrote the final cherry on that slice of pie was either plain ignorant or interestingly dishonest.
I've probably tossed them by now, but back when I hosted Barry's Amptoons his URL earned several multi-hundred node DDOS attacks, and I was always amused to find military assets, pwned of course, in the logfile of each attack. Calling their owners was always good for a laugh.
(9) Phishing operators utilize deceptive domain names for their schemes. They routinely register domain names that mimic the addresses of well-known online merchants, and then set up websites that can fool consumers into releasing personal and financial information.
This mixes two issues, to the loss of sense of both. The appearance of a domain name in the payload of some phish isn't the same thing as the actual domain name. This is why, when you look at a phish payload you often find that Sears or Bank of America appear to be operating out of Russia, the Ukraine, and China. The problem is "HTML-enabled" email. It makes pretty, and it makes hiding all kinds of neat toys, from web beacons that disclose every reading of a payload by an "HTML-enabled mail reader", to the bones of every phish.
The other issue is what is really at play in S2661. Trademark. This is more overtly discovered in the 12th Finding:
(12) Deceptive domain names, and the abuses for which they are used, threaten the integrity of domain name system. Businesses, small and large, rely upon the integrity of the domain name registration to ensure that their brands aren't misrepresented. The World Intellectual Property Organization reported in April 2007, that the number of Internet domain name cybersquatting disputes increased 25 percent in 2006.
Remember, you got here because the Peoples Liberation Army or someone is spear fishing in the third deck of E-ring, the SCIF that houses the secure-side of the office of the SecDef, the senior staffers of the OSD, and all the happy campers awaiting the return of Donald Rumsfeld. Where you're about to go to prevent this critical disclosure of "top secret military information" is ... a bunch of Intellectual Property lawyers in Geneva (I'm actually going there next week, not just to Geneva, but to the World Intellectual Property Organization) and a more accurate WHOIS database.
That's sure to foil the PLA, the KGB, and reverse Global Warming too.
I'll cover other parts of this gem in the near future. I operate an ICANN Accredited Registrar, one with its operational facilities in Portland and Bangor. The pointy end of S.2661 is aimed at Registrars, apparently because we either control the PLA, the KGB, and the melting point of ice, or because Markmonitor is using Olympia Snowe's office for marketing.
Markmonitor is big on phish. They're the registrar of record for verizon.com. Some of us registrars would like them to take down that domain as we know there is criminal conduct going on there. Phishing on a continental scale.
I'm upgrading the wampumpeag servers to the RELGENG_7 tag, which is the fancy I-build-it-myself way of saying "Yippee! Freebsd 7 went GA last week!
Here's the FreeBSD 7.0 RELEASE Announcement.
The remaining new disks are going into the remaining servers next week, more joy and handsprings.
The Constitutional Court in Karlsruhe is going to allow Magic Lantern for a very small number of anti-terrorism investigations.
The Austrian government is looking at the possibility of allowing remote keystroke logging as well, but as the writers at le Monde point out, its in the United States where the use of similar technical mechanisms is most common.
If you're wondering why undetectable remote keystroke logging hasn't turned up a single 101st Fighting Keyboarder banging out "kill some domestic enemies" screeds or a single AutoAdmit stalker of female law students, so am I.
Today Olympia Snowe, Bill Nelson, the most conservative Democrat in the Senate, and Ted Stevens, the guy who made "intertubes" famous, introduced a bill "aimed at ending the deceptive practice known as phishing".
The dumb way to proceed is to attach some liability to the actual practice of phishing, from the banal stuff like putting "looks similar" characters in a domain name, like the famous crylic "a", so that urls that look like "paypal.com" go to someplace novel, where credit cards are harvested, to the slightly less banal stuff like putting html glop into "html enhanced email" and urls that look like "paypal.com" also go to someplace novel, where credit cards are also harvested, and lots more variations on the theme of misdirection.
The better way to proceed is to reduce the time each phish pitch can work from the weeks-to-days, which is the present operational art, to minutes, which is both technically possible, and administratively possible. In fact, it is something I've been working towards for several years (phish is only a recent use of domain names and network addresses for black-hat fun and profit), and encouraging the institutional framework that can cause such a reduction in the time-to-live for crap that drops into your inbox or otherwise arrives at your mouse's nibbly nose via one of a number of behavior profiling applications (aren't ads kwel?) would be wicked useful.
The interesting challenges are things like double-fast-flux, where the name servers for the urls used by the thousands of attack assets for "where the money goes" are rotated across many name servers and many, many more hosts and ... all wicked quick. We can effectively engage that too, and with relatively thick fingered and clumsy policy tools, as simple as putting a fee on name server changes, a fee as small as a penny, in addition to the smarter bits we use to measure it.
Registrars sell domain names. Registries publish domain names. We operate on a time-scale of seconds to minutes, and we can, if ICANN (our regulator, your incorporated-in-California 501(c)(3) successor-in-interests to DARPA, ARPA, the NSF and the Department of Commerce) assists us, do to the use of domain names for spam, phish and lots of other applications of idle hands and criminal minds, what the simple application of a 20 cent fee did to the domain tasting sub-industry (another industrial strength scam, on trademarks and typos generally, all fueled by Google Ads (aren't ads kwel?).
My point here is the same point I made over a decade ago to the then Chief Scientist at the NSA, geeks beat heat. He took my point, which is why there is a Computer Emergency Response Team, to ask us what to do when something really awkward happens. Phish isn't really awkward, its just a big heap of small robberies.
We know (a) that what was unorganized crime using computers, aka "cyber-crime", is now organized. In fact, there is a market for attack assets, just like there is a market for AK-47s and RGPs. We know (b) that gaming the system can be fixed. We know (c) that very, very few computer scientists want to work with or for John Ashcroft or Alberto Gonzales or Michael Mukasey, and that the "other side of the shop" went non-linear under Donald Rumsfeld et seq., and everything under DNI Mike McConnell is "complicated" by pervasive wiretap, about which we have spoken authoritatively in RFC 2804 IETF Policy on Wiretapping.
But it takes non-dumb on the public policy side of the table. That was the most attractive bit about the idea of Larry Lessig running for the seat vacated by Tom Lantos' death. Someone in the lower body who actually has clue, not about real estate or used cars or banks or big law, but about the anomaly we call the net.
I can't help but think of the anti-internet-gaming bill introduced by the GOP member from the IA 2nd. Null content but lots of happy applause. Punished credit card companies for doing what credit card companies weren't doing anyway. Bag of hammers dumb.
Here's the lnk to Olympia's technology staffer's latest PR gimmik.
Step one on the path to a 1U in a rack "away".
Every once in a while a mailing list I subscribe to explodes. In the past 24 hours the NANOG list exploded over the YouTube in Pakistan event.
Here's the most accessible technical presentation I'm aware of yet, Martin Brown's Pakistan hijacks YouTube at the Renesys blog.
Highly recommended.
Lest We Remember: Cold Boot Attacks on Encryption Keys
A simple technique for looking for memory leaks is applied to the problem of determining memory persistence, with the novel assistance of a sharp thermal gradient. Not as photogenic as the liquid oxygen meets oxidants experiments (how to put a backyard barbie into low neighborhood orbit), but there are some pictures.
Enjoy. Something to keep in mind when entering or exiting a "cryptographically challenged jurisdiction" with a laptop at the approach of a White Shirt armed with ... only a can of compressed air.
Eventually MB's work on the larger cloud of corruption within the DOJ, the DOI, the MMS, and of course, the BIA, will reach the point where more interesting things are possible than just a braziltelecom user's midnight download of 3,815 entries out of wampum's vault -- not the usual spider indexing.
So I'm interested in the Gag Order that Jeffery White ordered on the 15th in the US District Court for Northern California. h/t Avedon.
You might think that "law" that results in ICANN accredited domain name registrars, a California LLC in particular, getting a TRO to take down a website that hosts leaked memos, memos like the ones that come our way, from somewhere, or "heavily redacted", come from FOIA filings by CREW and others, would be of interest to the civil libertarians of the ICANN policy domain.
One of the more amusing things that happened at the New Delhi ICANN meeting was when Robin Gross made the following utterance:
>>ROBIN GROSS: I just wanted to second what Adrian said and also take issue with the choice of this venue. I'm considerably concerned about an organization that calls itself "inclusive and bottom-up" et cetera, et cetera that would select a venue and all the surrounding venues where less than 1% of the world's population can even afford to be in the room. That's unexcusable. That's unconscionable.
We were in India, a country with 11 official scripts and 22 official languages, next to Pakistan with some of the same, and some different, ditto for Iran and Afghanistan, and looking in the other direction, Bengaladesh, Burma, Cambodia, Laos, ... and we were there to work on getting more than ASCII [a-zA-Z][0-9] and "-" into the DNS, what we call LDH for lettersdigitshyphen, and Robin was going non-linear -- "That's unexcusable. That's unconscionable." -- because the Taj Palace room rate, like all the five-stars in the diplomatic enclave of New Delhi (construction going on like Beijing '08 for the '10 Commonwealth Games) is around $500/night. Delhi is full of family hotels, we booked a floor at a room rate of $50/night.
The previous night I'd the pleasure of words with Ms. Gross, who is certain that "free speech" requires that the names of all Indian tribes, like "Cherokee" or "Lakota" be free for unlicensed commercial users like auto companies. She never got beyond the phrase "free speech", and "first come, first served".
So not only are kwel words about exotic people and their culture the property of the first person with $6.20 each, but Asians don't need scripts to allow languages to allow meaningful words as domain names more than they need cheaper room rates in five-star hotels (which tossed in the meeting rooms and the meals as well).
At least her term expires this year. Compared to Norbert Klein, also a Non-Commercial User Constituency rep, who single-handedly brought the Internet to Cambodia, she's the protagonist from "Legally Blond", but without fashion sense or common sense.
But the take away is that to the North American representative to the policy making body for generic top-level domains isn't interested in illegal wiretap in North America, or suppression of websites in North America that host documents that governments and corporations want suppressed, by courts of law in North America, she just wants "Lakota" to be free to the first buyer with six dollars and change, for large values of "Lakota".
She'd her moment of clarity. I understand that Michelle Obama just had one too. She's ashamed of her neighbors.
Those of you looking for extra-jurisdictional hosting, in Canada or Mexico, the European Union, Switzerland, Norway, Iceland, ... leave a note in comments. I'm moving Wampum, and I'll be happy to share what I already know about hosting service providers and colo (self-hosting) providers.
Keep in mind what extra-jurisdictional hosting does mean -- your colo or hosting provider won't receive a covert warrentless "national security letter", your provider won't receive a federal, or state subpoena, and your provider's network provider(s) won't have a black tap and back-haul to an undisclosed location for real-time "sampling".
There will still be illegal intercept, but it will occur only in the US, were writers and readers are unable to use networks except those in which illegal intercept has been accomplished by force majeure.
I've been hosting Wampum, the Koufax Awards, and intermittently, some other blogs, along with the Draft Gore 2008 site, and some other campaigns (with actual candidates!!!) on the Wampumpeag servers for several years -- a mix of Movable Type, Wordpress, Mediawiki, Drupal, ...
Another area to consider as a change in how we write and read is whether we use public encryption to re-assert a right of personal and political privacy.
The phone at San Diego County's Sweetwater Campground worked fine until yesterday. Then it was administratively failed. This afternoon a contractor came out and removed the equipment. We chatted briefly, as he loaded the last of the structure into his truck.
The end of an era. I suppose they'll keep their jail contracts, there's wicked good money in overcharging a population that has to go LD to family and friends, not to mention members of the defense bar, or courts' clerks, for case management.
A relative called today, someone who'd been senior staff on Dodd's Iowa campaign, apropos of nothing in particular.
I've mentioned this paper before. Its only 10 pages of pdf, and accessible for non-specialists.
A fourth submarine cable in the middle east was damaged Sunday between Haloul, Qatar and Das, United Arab Emirates.
This is in addition to the damage affecting the FLAG, SAE-ME-WE4, FALCON cables.
For those who's first issue is whether or not Iran is the target of a network partition, that is, of some physical plane "information operation", possibly from reading something at Slashdot, or at the Internet Traffic Report, the answer is "No".
This Thursday I leave for New Delhi. I'll be there for a week. About 20% of Iran's network capacity has been lost, which is a lot, but nothing like the loss for other areas formerly served by the severed cables, India lost 50%, Egypt 80%, or the total partition (100% loss) that occurred to Pakistan last year.
Resourcs: Todd Underwood's Renesys Blog, the SLAC E2E project, the NANOG list traffic, and far off friends.
In keeping with the "Blogroll Amnesty Day" theme, this data will self-distruct and probably cause irreparable harm to computers and domestic animals if linked to by amnesiacs.
Enjoy!
Mediterranean Cable Break, Mediterranean Cable Break, part II, and Mediterranean Cable Break, part III.
Effects of Fibre Outage through Mediterranean at the Internet End-to-End Performance Monitoring Project at SLAC.
Steve Bellovan, Matt Blaze, Whitfield Diffie, Susan Landau, Peter Neuman and Jennifer Rexford have a 10 page paper in the IEEE journal Security and Privacy entitled Risking Communications Security: Potential Hazards of the Protect America Act.
I've put a copy up here. Its 10pages.
You all have 15 days to read this and get it onto the A list blogs, which may pick it up on their own anyway. Its a page a day. You can fax a page a day to your choice of Senators.
I'm going to send a copy to Tom Allen, who could beat Susan Collins this fall.
We know now that the Metropolitian Area Exchanges which Verizon operates -- MAE West in San Jose, MAE East in New York, and the rest -- WDC, Miami, Dallas, Chicago, Los Angeles -- have gigataps with black backhaul to ... somewhere. Yesterday Peter Scharr issued a ruling for the member states of the European Union, that ip addresses are personal data.
So what is the legal status of the wiretaps in Verizon's MAEs in Frankfurt and Paris?
Are US nationals protected by EU member state data protection law, by the Treaty of the European Union, when in the territorial jurisdiction of an EU member state? While I'm in Paris next June for the ICANN meeting, using a local ISP to Jabber or Skype or Gizmo to someone in Berlin, say, the Data Protection Commissioner for Berlin, on errors and errata in, or updates to, the P3P specification on the Protection of Personal Privacy since the W3C shutdown the Privacy and P3P project in 2002, on the off chance that I'd like to co-author an update to our last work item -- P3P1.1, which was more or less killed by the governmental data mining rush in personally identifying data that followed 9/11, or contribute to W3C Policy Languages Interest Group, in particular, the meta-language for the provisioning of data protection policy between cooperating data protecting entities, will the United States have the cooperation of French, and/or German authorities, to copy all of my data that transits the Verizon operated MAEs in Europe, as they have in the Verizon operated MAEs in the United States?
There were times when data going from my set of ARPA IMPs (modernly routers) in Menlo Park to the ARPA IMPs in UCLA would not go down the PacTel trunk from SF to LA, instead they'd be routed, with perceptible delay in those 56Kb days, to the ARPA IMPs in Salt Lake, and then to WDC, and then to UCLA. With terrestrial (trans-oceanic) fiber, backhaul from Paris to Halifax to CONUS where the tap may now be (illegally applied), and than backhaul back to Paris, would be much more difficult for the endpoint to detect... unless the traceroute data shows that the packets disapear from the obvious route, and return to it with an increment in the hop count, which is easy enough to forge...
Unless Dodd wins the filibuster, its bedtime for Bonzo for data protection and data or voice personal privacy, and both data and voice for political change tend toward comic. Make some Senatorial aide pick up a phone and chat about the difference between legal, and illegal intercept. Tell them that you'd like a law that will allow you to wiretap your political opponents...
During the work of writing the W3C's P3P spec we considered whether an ipv4 address, an end-point identifier, was personally identifying information. We agreed that a complete ipv4 address -- a dotted quad -- numbers of the form 36.26.36.dd (to pun on Avedon Carol's Bra-of-the-Week standard) was "PII", but disagreed as to how much of the dotted-quad to delete so that the remainder would no longer be personally identifying information.
TheP3P Spec Working Group adopted Martin Presler-Marshall's (IBM) definition -- "a partialip element represents an IP version 4 address (only - not a version 6 address) which has had at least the last 7 bits of information removed."
My position was that 7 bits was insufficient, and we needed to limit the bits collected to 16 out of the 32, to avoid off-line and on-line data collection correlation from transforming a partialip element into a unique personal identifier. I won't argue with people who think that because they are behind a commercial or residential NAT or in a (not very dynamic over time, and wicked static for days and weeks on end) ISP managed DHCP block, they are "anonymous". They're wrong. But the Working Group went with the 7bit mask.
Today Peter Scharr issued a ruling for the member states of the European Union, that ip addresses are personal data. Google/DoubleClick differs of course, which is amusing when you consider that DoubleClick's core business model was, and is, deterministic, not statistical, behavioral profiling. Its the difference between knowing that 36.26.36.dd statistically appears to be a person-with-breasts, and knowing that the person is named Jane Doe, and having access to her credit-card transaction history, including her shopping at Bras of the World, and every other bit of linked data Equifax et alia sell.
For background see European Commission > Justice and Home affairs > ... > Data Protection page.
Of course, none of this applies in the US, where everyone is wiretapped. Don't forget you could have supported Chris Dodd in Iowa, and you can still support Chris Dodd on the coming FISA replay.
On an Ops list we're discussing a surprising civil case in North Dakota. In what follows "zone transfer" means "copy".
A operates a Unsolicited Bulk Email (UBE) business (you may use "spammer" if you like), and organic to the business of ... spamming ... operates one or more Domain Name System (DNS) servers, one of which is authoritative for a domain and the associated zone which A uses to originate streams of UBE.B (You may use "anti-spam vigilantee" if you like) requests a zone transfer for the associated zone from a DNS server under the control of A. The DNS server under the control of A is configured to allow zone transfers unconditionally. This is the default configuration of this particular DNS server.
A then sues B for a privacy cause of action.
There's a lot of nuances that are discussed by, what amounts to the experts on the subject, and its not my intent to recite, or discuss the merits, of each.
What I remind wampum's readers is that there really still is very little "law of the internet", and lawlessness begins, like the rot in fish, at the head. I don't mean ICANN, I mean FISA and the employees of the United States who assert their conduct is not criminal because they conduct it, but that arbitrary conduct by others is criminal because they assert that it is so.
That's why Chris Dodd's position on FISA is a matter of life, or civil death, to everyone who uses a can tied to a string that may or may not be tied to one or more other cans. The rotten Cappo del Pesce crowd are doing whatever the hell they want with all the string, weaving nooses for any they think would look better walking in the air.
In December, 2000, the assignee did not have direct access to the data and so "discovered" (there is prior art) a method that infers the data sought. Enjoy reading link.
Of course, all those personal information forms social networks and on-line retailers vacuum up tend to geo-locate the allocations of every dynamically assigned address block ISP use to provision wireless and wireline access points.
Jonah's been vomiting during the night and so we're up with not a lot to do but read USPTO filings.
In the small matter of the proposed acquisition of Hellman & Friedman Capital Partners V, LP, (Click Holding Company) By Google Inc., File No. 071 0170, only one FTC Commissioner offered a dissent. Here's a link to Commissioner Pamela Jones Harbour's dissent (13pp .pdf)
Having been the point person for statistical targeting at the W3C's P3P Spec WG, I think the majority blew it, at least on the privacy issue.
If the EU approves the acquisition we'll block Google's address blocks and ban its spiders, as we currently do for DoubleClick's address blocks and spiders.
Why anyone on the left hand side of the dial bothers to (a) blog about the noxious national security mania and (b) run Google Ads is just one of those little inconsistencies "benefit" brings to any calculus of motive and belief.
Time to look at the alternative search engines.
MAE West (San Jose) is known to be tapped, and the documentation suggests that the other MAE sites, Washington D.C., New York, Miami, Dallas, Chicago, San Jose, and Los Angeles areas are tapped as well.
This is wicked bad. The MAEs in Paris and Frankfurt may be tapped as well, in violation of German and French law, as well as US law. Its all data. All of it. What little is left is simply no matter at all.
Via testimony of an AT&T network engineer cited in support of the motion by Chris Dodd and Russ Feingold.
Update: Reid pulled the FISA bill until after the New Year.
Chris Dodd is leaving Iowa to go to Washington City to filibuster the NSA/GOP version of the FISA bill.
I suggest viewing the demo on Glimerglass's Government and Signals Monitoring & Analysis web page. At the point where multicast is mentioned is where the technical mechanism for intercept (wiretap) is casually referenced.
If the NSA/GOP bill becomes law we will move Wampum to Switzerland. Not because of what has happened, but because of what will happen.
Update: Clinton and Obama will not join Dodd. Feingold and Kennedy will join Dodd.
Name Fax Voice
Feingold (202) 224-2725 (202) 224-5323
Dodd (202) 224-1083 (202) 224-2823
Obama (202) 228-4260 (202) 224-2854
Sanders (202) 228-0776 (202) 224-5141
Menendez (202) 228-2197 (202) 224-4744
Biden (202) 224-0139 (202) 224-5042
Brown (202) 228-6321 (202) 224-2315
Harkin (202) 224-9369 (202) 224-3254
Cardin (202) 224-1651 (202) 224-4524
Clinton (202) 228-0282 (202) 224-4451
Akaka (202) 224-2126 (202) 224-6361
Webb (202) 228-6363 (202) 224-4024
Kennedy (202) 224-2417 (202) 224-4543
Boxer (415) 956-6701 (202) 224-3553
Call'em. If the aid says (like Bernie's) that s/he is a co-sponsor, tell the aid that that is necessary, but not sufficient. Their boss must get on the floor with Dodd, Feingold and Kennedy.
Nii Quaynor, who I have the privilege of friendship, was just awarded the Postel Award, named after Jon Postel, who I also had the privilege of friendship, at last week's IETF in Vancouver.
I was thinking about Nii when responding to a motion to prevent ICANN funding the travel and per diem costs of persons elected to the Generic Domain Names Supporting Organization (GNSO) Council, that as corrupt as it is, we shouldn't make it economically impossible for the best among us to sit with the worst, and the merely mediocre, to make public policy in a regime privatized by Bill Clinton and Ira Magaziner.
So a few minutes after responding to the motion in the public Registrar's mailing list I just happened to look over at icann.org and was wicked pleased and surprised to see this -- link.
Unless you have an interest in submarine cables you probably wouldn't know that a major trans-Pacific segment, operated by Souther Cross Cable, makes landfall in Hillsboro, Oregon. SCC's VP of Ops has confirmed that hurricane-strength storms and flooding have wiped out the carrier's Oregon cable route and halved its bandwidth between Australian and the US.
We've seen much of the net unreachable due to flapping BGP sessions causing route dampening on a lot of address space in Australia, so if Oz is unreachable where ever you are, this is probably why.
I spent a portion of my early afternoon explaining that it takes the Folgers seats (price point < $10/mo) plus the Latté seats (price point > $40/mo), that's narrow-band plus broad-band to the caffine impaired and/or tea drinking demographic, to make user-centered (and therefore possibly "progressive") policy proposals to States Legislatures for data networks. It was a recitation (with a wicked temporal offset) from what I wrote at Larry Lessig's blog the day after Howard Dean wrote off the urban and rural demographics in his quest for activist mindshare in the primary phase of the last cycle. Reruns.
I spent another portion of my early afternoon explaining that, in Maine at least, if you want to form an effective coalition to keep Verizon from ripping off (a) the State, and (b) the subscribers, and (c) the CWA, and (d) the independent telcos and finally (e) the Maine ISPs that form the Maine ISP Association, that it is wicked useful to talk to (d) and (e), especially (e), rather than say, just stylish advocacy groups and the CWA (most of who's employees in Maine work for Verizion or its rip-off successor in the Northern New England wire-line market).
Translated from the geek, it means page bloat sucks, the digital divide is real, and if you can't get little-r-republicans (half of whom are business owning Dems) on the theory of competition vs monopoly, then you loose, with or without an extra helping of Progressive Vangardism.
How were your hours between lunch and tea?
The FCC has the authority to regulate cable if and only if (a) 70 percent of all U.S. households are able to subscribe to a cable service with at least 36 channels and if (b) 70 percent of those households subscribe to such service. The first threshold was crossed years ago, and the FCC is now informed by an independent audit that the second threshold was crossed this year. In the trade this is "the 70/70 provision".
It is reasonable to question if the study that made finding (b) is correct, and even Commissioner Jonathan Adelstein, a Democrat who favors unbundling (or how we stop paying Rupert Murdoch for Fox when all we wanted was culture or sports or ... ) and the positions of record of Consumers Union, has doubts. Of course, Commissioners Robert McDowell and Deborah Taylor Tate, both Republican appointees, doubt the validity of the study which if accepted, would trigger the 70/70 provision and put cable within the jurisdictional reach of the FCC.
The cable industry (Comcast, TimeWarner, Fox) response is that DirecTV, Dish, ... and Verizon and AT&T have just enough market share to prevent the 70/70 provision from being triggered.
The Senate Commerce Committee's Jim DeMint (R-S.C.), John E. Sununu (R-N.H.), Kay Bailey Hutchison (R-Tex.) and Gordon Smith (R-Ore.), wrote a nice piece of fiction, words to the effect that innovation would be stifled if ... let me know what "innovation" you've seen and been benefited by (so no citing rotating visuals that actually hurt your eyes, blinking cursor kind of eye candy). John Boehner and 23 other House Republicans wrote another bit of corporate lobby cover.
Meanwhile, something interesting is happening at the ITU-D which I'll write about soon, and something else is happening, also interesting, in the French internet market, which I'll also write about soon. As for us in the USofA, the FCC vote on whether 70/70 has been triggered was delayed, so Fox won the day.
The 30th meeting of ICANN is being held this week at the Hilton Hotel at Los Angeles International Airport, and today UNITE HIRE! Local 11 is picketing this particular Hilton property -- the Hilton LAX -- for unfair labor practices. I spoke with Kristin Winn, one of the organizers, before crossing the picket line, and I was surprised to learn that ICANN's president had already agreed not to continue to use the Hilton LAX for future meetings until the labor dispute is resolved. Basically, hotel workers are more likely (48%) to be injured than the average for the service sector, and injuries have gone