Monday, May 11, 2015

Net Neutrality: How Does Internet.org Factor In?

The internet has undoubtedly done some amazing things. It has made information easily accessible, and facilitated communication with people all over the world. It has changed the way we work, completely transforming some jobs and sectors. Everyone accesses and uses the internet in different ways. But it has also caused new problems and new challenges. Who controls the internet? Our instinct is to say no one, but that isn’t true. In some countries (like China), the internet is censored, meaning certain websites and searches don’t come up. With the release of the Snowden documents we learned that the U.S. collects vast amounts of data and this is largely possible because the majority of internet traffic travels through the United States. After all, they are the ones who invented it and who built the framework. Other countries, like Brazil and Germany, have set to work trying to build new servers and systems that don’t travel through the U.S. How should governments develop policy and deal with issues that previously didn’t exist? Cyber security has become a necessity with the rise of hacking for political and financial gain. The same way businesses are improved by the internet, so too are gangs, drug cartels, terrorists, etc.

One of the largest issues is that of net neutrality. Net neutrality is the idea that all internet traffic should be treated the same, regardless of the users, content, site, application, platform, etc. This means that internet service providers (Comcast, Verizon, Bell, etc.) shouldn’t restrict internet speeds to influence consumers in the choices they are making. This was an issue around Netflix, with certain providers slowing service in the hopes of getting customers to use alternative media channels. Netflix then shot itself in the foot by deciding to make a deal with Comcast and pay them to ensure a more direct route through Comcast’s network. This set a dangerous precedent that should have been avoided at all costs, something Netflix realized afterwards. It’s hard to push net neutrality when you’re willing to pay companies who don’t comply. 

All of this news around Netflix had people paying attention to net neutrality (after all you don’t mess with people and their binge watching!), so that when Comcast announced that they wanted to merge with Time Warner Cable, a lot of people were paying attention. And they didn't like what they were hearing. In 2011, the FCC approved the merger of Comcast and NBC Universal, raising serious questions about conflicts of interest between the two. The landscape has changed drastically since then, with more people aware of the potential problems arising from a giant media conglomerate. In the end, the $45.2 billion deal didn’t go through, after facing enormous public opposition. We face similar issues in Canada where the companies that provide the services, also create the content. For example, you pay Bell for cable and internet, but it also owns numerous channels, such as TSN and CTV.

The most recent company to come under fire for circumventing net neutrality is Facebook. You may have already seen the ads for internet.org, which is an initiative started by Mark Zuckerberg to bring internet to people all over the world. In theory, it sounds great, but it has already become characterized as ‘Facebooknet’ by some. Facebook, in partnership with several phone companies (Microsoft and Samsung among them), allows free access to a small number of websites, largely by partnering with local service providers. However there are several flaws: all traffic is routed through Facebook’s servers (making it the gatekeeper of all the information), it opens users to massive security vulnerabilities (by not allowing participating sites to use two of the most commonly used security protocols that protect users from online attacks), and it’s program lacks any transparency (it isn’t sharing details on its partnership models with telecom operator partners, policies regarding user data, etc.). If that didn’t sound unnerving enough, the following survey should drive home the point. When surveyed, 65% of Nigerians, 61% of Indonesians and 58% of Indians agree with the statement that “Facebook is the internet”, compared with only 5% in the U.S. There were also large numbers of people who said they used Facebook, but also said that they did not use the internet. Clearly in developing countries, Facebook has become synonymous with (or replacing) the word internet.

So while Facebook may try to spin this as an altruistic mission, there is no doubt that they are benefiting greatly from this initiative. The more people online, the more information they have to sell to other companies. Many have pegged this as an internet race between internet.org and Google’s Project Loon, which is trying to provide internet access to the world by building a wireless network using high-altitude balloons. While Facebook certainly seems to be leading the way, they have faced increasing criticism as of late. In April, several of their Indian partners quit, claiming Facebook was violating net neutrality and had a huge conflict of interest. Zuckerberg responded by stating that internet.org and net neutrality could co-exist and that internet.org will not differentiate between services, a claim that was contested by many response articles. In May, the internet.org platform was announced, allowing participation by any developers that met specific guidelines (likely a response to all the criticism).

I think the most interesting aspect of all of these stories, is the amount of pushback companies have received and the amount of change that people have caused by raising their voices. Clearly the majority of people perceive having a neutral internet space as a right and are willing to fight for it. This will continue to be a huge issue in the future, with governments struggling to keep up with the rapid pace of change and legislate an online space that doesn’t follow any national borders. The internet will continue to revolutionize the way we live, and it seems imperative that control of it remains in the hands of the people rather than governments or corporations. 

Tuesday, February 17, 2015

Digital Vulnerabilities: Dawn of the Cyber-Industrial Complex?

It feels like lately all the tech news is negative. We’re hearing a lot about the dangers of technology – I think perhaps the bubble is starting to burst and everyone is starting to realize just how seriously technology is changing our lives. We’re starting to reach a point where we can’t go back. Or maybe we reached that point a long time ago.

The headlines for the past couple of months have often been filled with stories of large corporations being hacked. To name a few: Target, Home Depot, Google Mail, Yahoo! Mail, Michaels, eBay, Evernote, Apple iCloud, JP Morgan Chase, and of course, Sony. Usernames, credit card information, addresses, and more have all been stolen. The director of the FBI said “There are two kinds of big companies in the United States. There are those who’ve been hacked…and those who don’t know they’ve been hacked.” Considering many of us essentially have our entire lives online, that’s a pretty scary thought. The most recent hack(s) was done on around 100 banks, in various countries, with an estimated $1 billion stolen. It was only discovered because money started coming out of an ATM in Ukraine with no one there to claim it. Imagine if they hadn’t messed up, how long this would have continued for?

Geographical distribution of targets according to C2 data (image by Kaspersky Lab)In the debate about governments spying on their people for ‘national security’, I’ve put myself firmly on the side of privacy. I believe that a citizen’s right to privacy over rides any security issues, especially when it’s been determined that the mass collection of data has not helped to stop any terrorist attacks. The irony is that it has been shown that the NSA’s surveillance has actually weakened most internet systems because they opened backdoors, especially into the tech companies involved in PRISM (Google, Facebook, Apple, Skype, Yahoo!). While the government spying on its own people is a disturbing thought, even more disturbing is the idea of other governments or organizations spying on people and stealing their information and money. 

For the average person, like myself, I find it hard to get nervous about this sometimes. Why would anyone want to hack me? What’s the worst that happens? They use one of my credit cards – well hey, my limit isn’t that high. They email all my contacts something terrible – unfortunate, but easily explained. They steal my identity - okay, well that could prove problematic but still resolvable. Invade my privacy in various ways (log your keystrokes, see what you’re watching, watch you through your webcam, etc) – all awkward and unfortunate but hey, I don’t do anything I wouldn’t do if other people were around. I think the problem comes when the hacking is done by a group with a truly malicious intent, on a large scale. Now we know these systems are vulnerable, what happens if someone hacks in and steals top secret data from the government? What if they shut down the power to a large area? What if they render all hacked computers useless? The problem stems from our immense dependence on technology. How many businesses would struggle to function without their technology? How many companies would cease to exist without technology? You want one idea of what could happen - go watch Live Free or Die Hard.

Now they’re saying that almost all cars with wireless technologies are able to be hacked. For now that means someone can hack your GPS and find out all the places you’ve been. They can potentially hack your mobile communications, meaning who you’re calling/texting. What happens when we transition to smart cars? Imagine someone hacks into your car and controls it. Not good. It looks like the ‘military-industrial complex’ bubble might be soon ending, and a new ‘cyber-industrial complex’ may be dawning. The companies that will benefit the most will be those focused on cyber-security, which means companies like Symantec, Intel, Cisco Systems, Fortinet, Palo Alto Networks, etc.

The U.S. government recently announced plans to set up a national Cyber Threat Intelligence Integration Center. Its goal will be to integrate data from all government agencies AND the private sector, and to distribute it appropriately. I find this particularly interesting because they are relying on the help of the private sector, which I believe will be very reluctant indeed. After the whole PRISM revelation, it was easy to see that the public does not appreciate companies sharing their information with the government, without their awareness. Companies do not help their image by working with the government. Adding another layer to this is the report that the NSA knew in advance about the attack on Sony but didn’t do anything because its job is to protect national security, not the private sector. What incentive do these companies have to help? It will take a huge incentive (i.e. throwing tax payer dollars their way) or legislation forcing their cooperation.

What can the average person do? I think the biggest thing we can do is push the companies we like and trust to spend their money on protecting our information. Realistically, consumers speak with their wallets. Going one step further, I would say be wary of being completely dependent on technology. Make sure you still know how to function without your smartphone. Have a face to face conversation with a real person – just to make sure you still know how. We will have to wait and see what happens.