Cryptowars continued: Harvard paper gives us a state of the net (and it’s not all good)

Cybercrime In November, I opined that a nuanced approach was needed when addressing encryption. I wrote that there are different forms of cryptographic protection, and that each side on this issue needs to consult and not confront one another. Last month, Harvard University’s Berkman Center for Internet and Security released a white paper that attempts to address many of the issues I and others raised. Entitled, Don’t Panic: Making Progress on the “Going Dark” Debate, the the paper points out that governments have many avenues to access unencrypted information. They also have access to so-called “metadata”, and they claim that because of this, the Internet hasn’t really gone dark.

They’re right. For now.

Many of the points the authors made addressed the state of the Internet as they saw it in January of 2016. That is- Google has had difficulty encrypting platforms, Apple has backup recovery keys that governments can subpoena, and the security of the Internet of Things is nothing short of a crying shame, that governments can take advantage of. All three of those points may well change over time. Apple could easily move to a system (if they have not already done so) where recovery keys themselves are encrypted in information that only the owner of a device has, be that a password or one of those questions like, “What was your first pet?” If Apple can accomplish such a feat, the only matter that would hold Google up is lining up those that actually sell their devices to support whatever system they put in place.

Even metadata is likely to dry up. Efforts such as the IETF’s DPRIVE working group attempt to keep private queries your computer makes to convert domain names like ofcourseimright.com to IP addresses that the network understands. At the same time, those who really want to hide are able to do so through ToR networks.

Even the security of Things on the Internet is likely to improve over time, albeit slowly. That will require a concerted effort between Thing manufacturers, network vendors, service providers, and users.

And so the question: do policy makers need to actually do anything today to insure access to law enforcement officials? My answer is a firm not yet. That’s very good news because it gives us time to have the dialog necessary to deal with the many facets of this issue. However, all sides still have come to terms with each other.

Happy Birthday, IETF

There’s a small group that hosts meetings three times per year, and works mostly via email that you’ve probably not heard of. They’re called the Internet Engineering Task Force or IETF. The women and men who participate in the IETF create standards by which computers communicate with one another. You’re reading this note thanks to several of those standards. They are collected in documents known as Requests for Comments or RFCs that are available for anyone to read. In fact, you can write your own if you want.

The IETF became important to me at a time when we were just learning how to manage congestion (more demand than there is bandwidth). It stayed important when we needed more efficient routing protocols. Through internationalization efforts at the IETF, the Internet grew from a U.S. government network to a worldwide network of networks that supports people speaking just about any language.

Last week marked the IETF’s 30th birthday. To the thousands of people who have participated over those thirty years, especially to those who aren’t with us today, I want to say this: Thank you. Thank you to those who have worked to make TCP/IP-based networking suitable for the way we live, work, and play. Thanks to the people who have done their level best to see that our protocols are safe and secure. Thanks to those who shared their innovations, so that the best ideas are available for all to use. Thanks to those who devoted their lives to handling all the administrative aspects of the organization.

So now you know who the IETF is. You too can participate, as can anyone. For more information, just go to www.ietf.org and join the party and celebrate with us this anniversary, and the ones in the future.

U.N. renews IGF and World Summit for the Information Society

For those who haven’t been following the party, the United Nations has had an effort for the last decade called the World Summit on the Information Society (WSIS). This ongoing activity was up for renewal this year. While the Internet technology provides us so much, many we face many challenges. They include access to the technology, security, and human rights. WSIS addresses itself to these challenges. The UNGA decided to continue this effort for another 10 years. As part of this renewal process, the mandate of the Internet Governance Forum (IGF) was extended for another 10 years as well. At the same time, the UNGA is taking a conservative approach toward government involvement by not trying to supplant the enormous efforts of those who do the work today.

As a community, we could have done a lot worse. ISOC president Kathy Brown and her team, Ambassador Daniel Sepulveda, Marian Gordon, Chip Sharp, Chris Fair, Dominique Lazanski, Avri Doria, Bill Drake, Chris Buckridge, George Sadowsky Veni Markovski, Vint Cerf, Robert Pepper, and many others who were in the room are to be congratulated for their hard work, not only in the room, but beyond. I personally am very impressed with ISOC’s outreach effort in region, and how that has impacted these sorts of discussions.

Within the industry we need to recognize that women are the exception to the rule at the edge of the technology development cycle. I want much better for my daughter. Also, as we head toward over 50 billion devices being connected, the Internet of Things must be secured. The architecture needs lots more work to do that. Today many endpoint devices do not have well bound names, even. At the same time, the quality of code needs to improve, which is a particular challenge in many places. Human rights is another area on which we are only just scratching the surface. And yes, we must continue to struggle engage all stakeholders, including governments. The IGF itself really needs work. It needs funding, and we need to find a way to meet the challenge set by the UNGA in terms of identifying positive outcomes.

Yes, we all truly have a lot to do, and yet these challenges present many opportunities for innovation at many levels. I’m excited to be working in this space now.

Why I don’t Eat Beef

Those of you who know me well know that I don’t serve beef at home and do my best to avoid it on the road. I don’t normally talk about why; most people assume it’s for religious reasons, because I also avoid pork. But it’s not for religious reasons, nor is it for health reasons. It’s for the environment.

Back in 1999 the Union of Concerned Scientists came out with a book entitled The Consumer’s Guide to Effective Environmental Choices. This was based on a report that was roughly entitled, “Paper or Plastic: Who Cares?” The number 1 thing that UCS said that one could do for the environment was to drive less and buy an efficient car. The number 2 thing one could do was to eat less meat, and most specifically beef. Well now CNN has an article about just this. Borrowing a graph:

Carbon footprint of beef

In that article, the author calculates that eating 1.27 lb of beef has the same carbon footprint as a 70 mile drive in a car that gets 21 mpg. In other words, that number goes up with a more efficient vehicle. He argues that to help arrest the rate of global warming we need to eat less meat.

Even back in 1996, when the first UCS report came out, the one thing I could do for the environment was eat less beef. (I’ve since curtailed my driving, and Christine and I have reduced to 1 vehicle.) The bad news is that lamb is probably just about as bad (wah!) and I will probably reduce but not eliminate my lamb consumption.

The above graph only looks at carbon footprint, and probably not all of it. 1 lb of beef requires about 1,800 gallons of water. When I lived in California, this number seemed unsustainably large, even while we were being hit with El Niño after El Niño. In addition, cattle also cause grazing damage, although it may be possible to mitigate those effects.

Pigs are a different matter. I stopped eating pork products when several Colorado counties became awash in pig effluvia. It wasn’t scientific, but I figured I could do my part by simply reducing demand for the animal.

I’ve refrained from writing this sort of article. This was a personal choice I made, and I really didn’t push it on anyone. I’m doing so now – just this once – for my daughter, so that she and her generation have just a little less damage from our generation to repair.

Holiday Shoppers: Don’t Get Phished!

Don’t get phished this holiday season. Here are some common sense reminders.

As we enter the holiday season, if you order online, fraudsters will be targeting you. Many people will be easy marks, where their computers will become infected with viruses, and they will be victims of identity theft. Big online vendors such as eBay and Amazon represent big targets, but others will be targets as well. Phishers will be sending out loads of poisonous messages, just hoping that a few people will mistakenly click on links to malware-laden web sites. While big mail providers like Google and Yahoo! work hard to filter out such garbage, it’s unavoidable that some of dangerous emails will get through. Preventing such thefts while shopping online can be tricky because fraudulent and legitimate messages look nearly identical. Fraudsters may know something about you, such as your name, your mother tongue, the region in which you live, and the names of some of your friends. A competent fraudster will use the logos and have the same look and feel of a legitimate online vendor.

Some of my techie friends are probably snickering, saying “That couldn’t happen to me.” It probably already has.

Here are a few common sense suggestions to keep you from becoming a victim:

Here’s the obvious one: if you didn’t order something from a vendor, be highly suspicious of the email, especially with messages that claim to have order information or coupon offers.
If you have ordered something, beware any message with a subject that is vague, such as “your order”. A legitimate online vendor will somehow identify the order, either with an order number or with the name of the product you have ordered. This may appear in the subject line or in the body of the message.
No legitimate online vendor sends zip files in email. Don’t open them. The same largely holds for most other attachments. If they can’t provide you necessary information in the body of the message, it’s probably not legitimate.
Most online vendors provide you a means to log into their service to track orders. If you are at all in doubt about whether a message is legitimate, without clicking on a link in the message, visit their web site, and log in to track the order. If you need help, contact the vendor’s customer service.
While banks may email you alerts of some form, it is still always better to go to their web sites without clicking on links in the messages.
Unless you gave it to them directly shippers such as Federal Express do not have your email address. No decent online vendor will share your email address with a shipper.

What happens if you do click on something you shouldn’t have? There is no easy answer. Unless you are using antivirus, you have to assume the worst. This means that it’s important to maintain good backups. That way you can reinstall from scratch. Sounds painful? Then don’t carelessly click on email links.

Want some more advice on staying safe? Check out StaySafeOnline.org.