While I am the first one to complain when a particular download is slow, a call is dropped, or an application is not available for a particular device, I don’t think to run to the government to step in and “fix it.” I run to the source, my service provider and curse at their customer service representative. If the Federal Communications Commission (“FCC”) has its way, they will be able to not only intervene, they will force service providers to give each customer or data the same treatment. Tossing aside policy, technology and other concerns, the FCC proposals strike out based on free speech principals guaranteed by the First Amendment of the U.S. Constitution.
On Monday, Julius Genachowski, head of the FCC, proposed broad new net neutrality regulations formally entering the FCC into the fight - determining which punches, blows and kicks are required to flow over internet service providers (“ISPs”). A copy of his speech can be found here. In his speech, Genachowski broadened the four FCC net neutrality pillars of network openness originally proposed in 2005 to include two additional ones - expanding the regulations to include mobile broadband providers. In the name of providing full internet access to all, the FCC will force ISPs to provide all content and services - aka, speech - equally over their networks. The FCC proposals are still in the discussion phase, but Genachowski’s outlined plan places net neutrality in direct conflict with the First Amendment to the U.S. Constitution.
On the surface “Net Neutrality” sounds good, right? The name just rolls off the tongue - who could possibly object to free and unhampered internet access for all. Problem is, the term has been tossed around for so long that the politicians, advocates and opponents have morphed it into whatever fits their argument of the day. The current general concept of network neutrality between applications, data, and traffic was first popularized in 2003 by Tim Wu, a professor at Columbia Law School. In 2005, the FCC issued its internet policy statement outlining their four basic pillars regarding broadband network neutrality. Since then, Congress has introduced numerous pieces of legislation aimed at these issues but to no avail. Each piece of legislation has died either on the floor of the respective chamber or in committee. A comparison of various proposed bills, public speeches, and even blog articles on this subject show too many “definitions” of “Net Neutrality” to keep up. To loosely quote Inigo Montoya from the Princess Bride, I do not think that word means what you think it means. As the technology of the internet has evolved, old predictions of no “bottlenecks” for the information superhighway have been proven wrong. Cheaper and never before imagined means of internet access have cropped up since the initial 2003 net neutrality debates. Who would have thought that we would stream movies and live television over our mobile phones (using the providers networks for such access).
While the exact nature of net neutrality might be hard to pin down, the language in the First Amendment is plain, the government shall not make any law abridging freedom of speech. No footnote, asterisk, or caveats. ISPs provide “speech” and thus have First Amendment rights. Granted, the speech of an ISP is different than that of an individual, but courts have determined that these rights do exist. Just as the government cannot pass a law preventing speech, compelling speech is also prohibited. A newspaper cannot be forced to carry editorials that contain objectionable content. The Supreme Court has only waded into internet/free speech issues on a few limited cases, never establishing a clear standard for First Amendment review (for detailed discussions - see Moran Yemini’s law review article on Network Neutrality as well as Randolph J. May’s 2007 journal article “Net Neutrality Mandates: Neutering the First Amendment in the Digital Age”). The Court has generally differentiated First Amendment free speech rights between a telecommunications service (think of telephone company monopolies that do not exercise editorial or other control over the content crossing their telephone lines) and an information service provider. In Brand X Internet Services v. FCC, 345 F.3d 1120, a cable modem provider was considered an information service provider. Information service providers do not have to allow their competitors to offer services over their lines. Similarly, DSL providers are considered information service providers and not telecommunication service providers.Should this standard be applied to ISPs, then the FCC proposal is in conflict with prior case law. Granted, cable modem providers have traveled a long way to get to the services offered via ISPs of today and the courts have yet to catch up.
Bandwidth is not unlimited, period. An ISP provider should not be compelled to provide content under pre-determined government requirements if providing that content causes harm to their overall systems. Shining example: AT&T 3G network popularity. Requiring (aka “compelling”) AT&T to offer all applications over their 3G network will cause the network to crash - think of trying to make a call via AT&T 3G networks while at Caesar’s casino during the BlackHat conference in Las Vegas, NV this past August. The 3G network system could not handle the call and data volume during BlackHat with constant dropped calls or other connectivity issues....and that is before the system is required to handle larger applications. Under Genachowski’s general proposals, AT&T would have to offer all applications, sacrificing service to all for the sake of a few. If AT&T determined additional 3G traffic was not in their customers best interest, then the First Amendment bars the FCC from compelling AT&T to carry these iPhone applications. AT&T is not the only mobile carrier, customers have the option to choose another carrier or a different type of mobile phone. The customer’s ultimate access to the internet (or in this case, an application) has not been barred, the customer just has to make a choice of which mobile carrier or ISP to use based on their needs.
As the debate begins on the new regulations and related proposals, the question remains: will the FCC be knocked down by the First Amendment? Until the final FCC policy takes shape, placing exact odds on the fight are premature. Legal geeks will be looking to the First Amendment as a potential knockout blow for the latest FCC proposed net neutrality regulations. Given prior case law, the First Amendment protections have the home court advantage and should beat their FCC net neutrality crosstown rivals.
Legal-E: My Views From the Bar
I am a lawyer, just not yours - My posts are intended to present issues from my point of view and are not intended to be advice, legal or otherwise.
Thursday, September 24, 2009
Monday, September 21, 2009
Red flags at the doctor's office
It seems that the rampant, misguided identity theft prevention efforts have finally reached the doctor's office. I recently went in to the doctor I've seen a dozen times and was surprised to hear they now required my driver's license to verify my identity. After disillusioning myself that they would know who I was after all this time, I surrendered my license and watched them scan it. The receptionist apologized and said she didn't really know why they were doing this now. She guessed it was probably "a HIPAA thing."
Since this sounded like a total guess, I looked into it. Sure enough, it's not. The FTC has passed down the Red Flags Rule mandating several requirements health care organizations must now do to "fight identity theft." The basic gist is the office must verify the patient is the same person that is on file. While scanning the driver's license is NOT specifically required, it is a common way many offices are interpreting the requirements.
So if it's not explicitly required, can you opt out of this protection? Reports are mixed, and it isn't simple. Security expert Jennifer Jabbusch tweeted her experiences recently and finally convinced the office that she would not agree to a scan of her license on file. Other people have reported doctors refusing them services. Sherri Davidoff wrote a great post at http://philosecurity.org exploring the problems this mandate will give to people that don't drive, the elderly, and children.
So why is the FTC so misguided? A chat with my doctor about their security strategy tells me everything. They are using out of the box Vista anti-virus and no wireless network. It was a short conversation. Can we expect more from private health care offices? What security measures would be sufficient to protect the drivers license images? It is apparent that the FTC has pushed more responsibility on the private practice than they are willing or able to be responsible for. Instead they have sweetened the pot by creating a very attractive target of driver's license info tied to medical info. By storing this information, they may prevent some identity theft in the office, but they are actually encouraging identity theft in other places.
Friday, September 11, 2009
TwiGUARD tracked the HowToHack incident
I have updated the TwiGUARD analysts log with a followup on the HowToHack incident. You can find it here.
We cover the accounts that were spreading the malware links, how long the incidnet went on for, the number of possible tweets, and some information about the malware. Check it out!
We cover the accounts that were spreading the malware links, how long the incidnet went on for, the number of possible tweets, and some information about the malware. Check it out!
Tuesday, September 08, 2009
Tweet Theft Spam
I’ve been playing around with tracking spam and malware on Twitter, a project we call TwiGUARD, and have been learning new things.
Last night I was testing my TwiGUARD analysis tool and it marked a user as spam, but when I manually checked the profile, it looked legitimate. The user had some timely quotes and seemed to be a real person. Sure, it’s a real person who likes to retweet offers for free money, but who am I to judge?
Then a lightbulb went off in my head. I copied the non-spam looking posts into the Twitter search engine and found a young lady in Iowa had tweeted the exact quote an hour before. The spambot had simply stolen her tweet and copied it in order to appear as a legitimate person.
I found many other spambots who did the same thing. They simply track the top 10 “Tending Topics”, find people who replied to those topics, then steal other tweets those people have made.
Anyway, I feel like a parent who has been surpassed by his kid. I was fooled by the spambot, but my tool wasn’t.
Below are two screen shots of tweet theft I found while writing this post. It comes from parsing "#wheniwaslittle I", which is current the #1 “trending topic”. The first screen shot is the spammer (You can tell by the pleas to watch her dirty videos) followed up by a screen shot of the lass who made the original comment.
This is the spam!
This is the orginal comment.
Last night I was testing my TwiGUARD analysis tool and it marked a user as spam, but when I manually checked the profile, it looked legitimate. The user had some timely quotes and seemed to be a real person. Sure, it’s a real person who likes to retweet offers for free money, but who am I to judge?
Then a lightbulb went off in my head. I copied the non-spam looking posts into the Twitter search engine and found a young lady in Iowa had tweeted the exact quote an hour before. The spambot had simply stolen her tweet and copied it in order to appear as a legitimate person.
I found many other spambots who did the same thing. They simply track the top 10 “Tending Topics”, find people who replied to those topics, then steal other tweets those people have made.
Anyway, I feel like a parent who has been surpassed by his kid. I was fooled by the spambot, but my tool wasn’t.
Below are two screen shots of tweet theft I found while writing this post. It comes from parsing "#wheniwaslittle I", which is current the #1 “trending topic”. The first screen shot is the spammer (You can tell by the pleas to watch her dirty videos) followed up by a screen shot of the lass who made the original comment.
This is the spam!
This is the orginal comment.
Subscribe to:
Comments (Atom)