Information Security Index

This post is an index to posts at The Lippard Blog on the subject of information security. This is probably not a complete list; I've tended to exclude posts labeled "security" that don't specifically touch on information security and may have over-excluded.

"Richard Bejtlich reviews Extreme Exploits" (August 16, 2005) Link to Richard Bejtlich review of Extreme Exploits, a book I was the technical editor on.

"Sony's DRM--not much different from criminal hacking" (November 2, 2005) Summary and link to Mark Russinovich's exposure of the Sony rootkit DRM.

"Defending Against Botnets" (November 3, 2005) Link to my presentation on this subject at Arizona State University.

"Sony DRM class action lawsuits" (November 10, 2005) Comment on the Sony rootkit class action lawsuits.

"Another Botnet Talk" (December 11, 2005) Comment on my December botnet talk for Phoenix InfraGard, with links to past botnet presentations.

"Major flaw in Diebold voting machines" (December 23, 2005) A flaw that allows preloading votes on a memory card for Diebold voting machines in an undetectible way.

"The Windows Meta File (WMF) exploit" (January 3, 2006) Description of an at-the-time unresolved Windows vulnerability.

"New Internet consumer protection tool--SiteAdvisor.com" (January 25, 2006) Report on SiteAdvisor.com tool (now a McAfee product).

"Pushing Spyware through Search" (January 28, 2006) Ben Edelman's work on how Google is connected to spyware by accepting paid advertising from companies that distribute it.

"Database error causes unbalanced budget" (February 17, 2006) How a house in Indiana was incorrectly valued at $400 million due to a single-keystroke error, leading to wrongly increased budgets and distribution of funds on the expectation of property tax revenue.

"The Security Catalyst podcast" (February 18, 2006) Announcement of Michael Santarcangelo's security podcast.

"Controversial hacker publishes cover story in Skeptical Inquirer" (February 19, 2006) Critique of Carolyn Meinel's article about information warfare.

"Even more serious Diebold voting machine flaws" (May 14, 2006) Hurst report on new major flaws found in Diebold voting machines.

"Botnet interview on the Security Catalyst podcast" (May 23, 2006) Link to part I of my interview on botnets with Michael Santarcangelo.

"Part II of Botnets Interview" (June 4, 2006) Link to part II of my botnets interview.

"'Banner farms' and spyware" (June 12, 2006) Ben Edelman's exposure of Hula Direct's "banner farms" used to deliver ads via spyware.

"When private property becomes the commons" (June 12, 2006) Consumer PCs as Internet "commons," economics and information security.

"Network security panel in Boston area" (June 12, 2006) Announcement of a public speaking gig.

"Identity Crisis: How Identification is Overused and Misunderstood" (July 6, 2006) Quotation from Tim Lee review of book by Jim Harper with this title.

"9th Circuit approves random warrantless searches and seizures of laptops" (July 28, 2006) Bad decision granting border police the right to perform full forensic examination of the hard drives of laptops carried by people wanting to cross the U.S. border.

"Is it worth shutting down botnet controllers?" (August 18, 2006) A response to remarks by Gadi Evron and Paul Vixie that it is no longer worth shutting down botnet controllers.

"The ineffectiveness of TRUSTe" (September 29, 2006) A larger proportion of sites with TRUSTe certification are marked as untrustworthy in SiteAdvisor's database than of those that don't have TRUSTe certification.

"The U.S. no-fly list is a joke" (October 5, 2006) The no-fly list has major flaws, listing people who aren't a threat and not listing people who are--and presuming that terrorists will be identifiable by their names.

"How planespotting uncovered CIA torture flights" (October 20, 2006) How an unusual hobby allowed for traffic analysis to uncover CIA torture flights.

"Point out the obvious, get raided by the FBI" (October 29, 2006) Chris Soghoian gets raided by the FBI after putting up a web page that allows generation of Northwest Airlines boarding passes.

"Electronic voting machines in Florida having problems in early voting" (October 31, 2006) A report on voting machines registering votes for the wrong candidate due to touch screen calibration issues.

"The Two Faces of Diebold" (November 5, 2006) The difference between the public and private versions of SAIC's report on Diebold voting machine vulnerabilities.

"FBI eavesdropping via cell phones and OnStar" (December 4, 2006) Reports of vulnerabilities in newer cell phones that allow them to be used as listening devices even when powered off.

"Time to Stop Using Microsoft Word" (December 7, 2006) New unpatched malicious code execution vulnerability in most versions of Word.

"Staffer for Congressman tries to hire hacker to change grades" (December 22, 2006) Todd Shriber's failed attempt to retroactively improve his college career.

"My bank is on the ball" (January 6, 2007) My bank prevents theft of my money.

"Skeptical information and security information links" (January 23, 2007) Promotion of my security links and skeptical links sites.

"Schoolteacher convicted on bogus charges due to malware" (February 4, 2007) Connecticut teacher Julie Amero successfully prosecuted for showing porn to kids, when in fact it was the result of malware on a machine the school district refused to pay for antivirus software on.

"McCain proposes an unfunded mandate for ISPs" (February 7, 2007) McCain sponsors a bill to force ISPs to scan all traffic for and report child porn images they find.

"Warner Music: We'd rather go out of business than give customers what they want" (February 9, 2007) Warner Music says no way to DRM-free music.

"The economics of information security" (February 13, 2007) Ross Anderson and Tyler Moore paper on the economics of infosec.

"How IPv6 is already creating security problems" (February 19, 2007) Apple AirPort allows bypass of firewall rules via IPv6.

"Windows, Mac, and BSD Security" (March 8, 2007) Amusing video parody comparing the OSes.

"Bob Hagen on botnet evolution" (March 9, 2007) My former colleague on trends in botnets.

"The rsync.net warrant canary" (March 25, 2007) How rsync.net will communicate whether it receives a National Security Letter without breaking the law.

"FBI focus on counterterrorism leads to increase in unprosecuted fraud and identity theft" (April 11, 2007) The law of unintended consequences strikes again.

"Banning the distribution of AACS keys is futile" (May 3, 2007) You can't stop the communication of a 128-bit number as though it's proprietary.

"CALEA compliance day" (May 14, 2007) Commemoration of the day that VoIP providers have to be CALEA-compliant.

"Spying on the homefront" (May 14, 2007) PBS Frontline on FBI misuse of National Security Letters and NSA eavesdropping.

"The bots of summer" (June 6, 2007) Report on some media coverage of my botnet interview with the Security Catalyst from 2006.

"Microsoft's new Turing Test" (June 12, 2007) It's not often I get to combine animal rescue and information security topics, but this is one--using animal pictures to authenticate.

"Operation Bot Roast" (June 14, 2007) FBI prosecution of some botnet people.

"Google thinks I'm malware" (July 13, 2007) Google stops returning results to me in some cases because my behavior looks like malware activity.

"Asking printer manufacturers to stop spying results in Secret Service visit?" (July 14, 2007) MIT Media Lab project to get people to complain to printer manufacturers about their secret coding of serial numbers, which got one person a visit from the USSS.

"A marketplace for software vulnerabilities" (July 29, 2007) WabiSabiLabi's abortive attempt to create a market for the sale and purchase of vulnerability information.

"Another Sony rootkit" (September 5, 2007) F-Secure finds another Sony product that installs a rootkit--the Sony MicroVault USM-F memory stick (now off the market).

"Anti-P2P company suffers major security breach" (September 16, 2007) Media Defender gets hacked.

"Microsoft updates Windows XP and Vista without user permission or notification" (September 17, 2007) Nine executables get pushed to everybody even if Windows update is turned off--except for corporate SMS users.

"Lessons for information security from Multics" (September 19, 2007) Paul Karger and Roger Schell's paper on Multics gets attention from Bruce Schneier.

"Hacker finds vulnerability in Adobe Reader" (September 24, 2007) The era of attacks on applications rather than OS's gets a boost.

"Break-in at CI Host colo facility" (November 4, 2007) The role of physical security for websites.

"Spammers and criminals for Ron Paul" (November 6, 2007) Botnets used to send spam promoting Ron Paul.

"Macintosh security lags behind Windows and BSD" (November 8, 2007) Rundown on new Mac security features, some of which are negative in effect.

"Multics source code released" (November 13, 2007) Multics becomes open source.

"Untraceable looks unwatchable" (December 18, 2007) A post that generated a huge amount of response, about the Diane Lane movie that flopped at the box office, before it came out.

"Notorious major spammer indicted" (January 3, 2008) Alan Ralsky may actually get what he deserves.

"Boeing 787 potentially vulnerable to passenger software-based hijacking" (January 8, 2008) Passenger Internet access for the Boeing 787 is physically connected to the network for communication and navigation.

"'Anonymous' launches 'war' against Scientology" (January 22, 2008) Denial of service attacks and other pranks against Scientology.

"Tinfoil hat brigade generates fear about Infragard" (February 8, 2008) Response to Matt Rothschild's article in The Progressive claiming that InfraGard members have the right to "shoot to kill" when martial law is declared.

"FBI responds to 'shoot to kill' claims about InfraGard" (February 15, 2008) Commentary and link to the FBI's response to Rothschild.

"Malware in digital photo frames" (February 17, 2008) Viruses in unusual digital storage locations.

"Canada busts 17 in botnet ring" (February 21, 2008) News about law enforcement action against criminals in Canada.

"More InfraGard FUD and misinformation" (February 23, 2008) Response to Gary Barnett's InfraGard article at the Future of Freedom Foundation website.

"New Mexico InfraGard conference" (February 24, 2008) Summary of the New Mexico InfraGard's "Dollar-Gard 2008" conference.

"Pakistan takes out YouTube, gets taken out in return" (February 25, 2008) Yesterday's events of political and/or religious censorship gone awry in Pakistan.

"Jeremy Jaynes loses appeal on spamming case" (March 1, 2008) The Virginia Supreme Court upholds Virginia's anti-spam law.

"Software awards scam" (March 25, 2008) Many software download sites give out bogus awards.

"Scammers scamming scammers" (April 7, 2008) Marco Cova looks at what some phishing kits really do.

"Bad military botnet proposal" (May 13, 2008) A response to Col. Charles Williamson's proposal to build a military botnet.

"MediaDefender launches denial of service attack against Revision3" (May 29, 2008) Anti-P2P piracy firm crosses the line and attacks a legitimate company.

"San Francisco's city network held hostage" (July 19, 2008) Some actual facts behind the hyped charges against the city's network administrator.

"Did Diebold tamper with Georgia's 2002 elections?" (July 20, 2008) Some troubling information about Diebold's last-minute patching on Georgia election machines.

"Expert tells China visitors to encrypt data as U.S. announces policy of laptop seizure" (August 1, 2008) Concerns about privacy in both China and the U.S.

"Military botnets article" (August 28, 2008) Peter Buxbaum's article on "Battling Botnets" in Military Information Technology magazine.

"Virginia Supreme Court strikes down anti-spam law" (September 12, 2008) Julian Jaynes goes free as Virginia's anti-spam law goes away.

"Sarah Palin's Yahoo account hacked" (September 17, 2008) Palin's Yahoo account is hacked, and the contents published.

"TSA airport security is a waste of time and money" (October 18, 2008) Link to Jeffrey Goldberg's article in The Atlantic.

"Behind the scenes during the election process" (November 6, 2008) Both major party presidential nominees suffered computer compromises.

"White House may be forced to recover 'lost' emails" (November 14, 2008) Lawsuit may require recovery from backups.

"Criminal activity by air marshals" (November 14, 2008) Multiple cases.

"PATRIOT Act NSL gag order unconstitutional" (December 19, 2008) Recipients of National Security Letters now can't be gagged without court order.

"The U.S. Nazi dirty bomb plot" (March 15, 2009) A little-covered story about a real terrorist plot.

"The Cybersecurity Act of 2009" (April 4, 2009) It's not as bad as it appears.

"Tracking cyberspies through the web wilderness" (May 12, 2009) How University of Toronto researchers have tracked online spying activity.

"Bad military botnet proposal still being pushed" (June 26, 2009) Col. Williamson's proposal to build an offensive U.S. military botnet is still being promoted by him.

"DHS still a mess, five years on" (July 16, 2009) Center for Public Integrity review of DHS.

"How Twitter got compromised" (July 23, 2009) TechCrunch gives the anatomy of the attack on Twitter.

Net Neutrality Index

This post serves as an index to the net neutrality posts on The Lippard Blog. I'll update this post with any future posts on the subject.

"Net Neutrality" (February 12, 2006) Critique of Bill Thompson's argument for net neutrality.

"Geddes on net neutrality" (February 14, 2006) Comment on and link to good Martin Geddes blog post on net neutrality.

"Commoncause.org: Spamming for 'net neutrality'" (March 9, 2006) How Common Cause deluged Mark Cuban with spam after depicting him with devil horns for not backing net neutrality.

"Talking Points Memo gets it completely wrong on COPE Act" (April 22, 2006) Critique of Josh Marshall and Art Brodsky's bogus claim that the bill transfers control of the Internet to the telcos (who have a much smaller percentage of consumer Internet customers in the U.S. than the cable companies).

"Misinformation in defense of net neutrality" (May 7, 2006) Critique of Adam Green and Matt Stoller who repeat the common misconception that common carriage requirements have applied to the Internet, which is the basis of their calling Mike McCurry a liar.

"Net Neutrality and Last-Mile Connectivity: An Analogy" (May 8, 2006) An analogy about net neutrality and last-mile connectivity in terms of taxicabs, in an attempt to elucidate some of the major points and misconceptions.

"Net Neutrality and the Pace of Innovation" (May 17, 2006) A look at the pace of innovation in the Bell System under monopoly in light of calls for nationalization of "the Internet backbone" (as though there is one such thing) by net neutrality advocates.

"Misinformation from 'Save the Internet'" (May 19, 2006) A critique of "Save the Internet"'s critique of the "Hands Off the Internet" flash animation cartoon, which seems to repeat the common confusion that common carriage requirements have applied to the Internet.

"Bad unintended consequences of HR 5417" (May 19, 2006) A criticism of the Sensenbrenner net neutrality bill.

"Yglesias on McCurry" (May 19, 2006) Critique of Matthew Yglesias on net neutrality guest blogging at Talking Points Memo.

"Net Neutrality and Fair Use" (May 22, 2006) Disagreement with Larry Lessig about an analogy between net neutrality and fair use. (I tend to agree with Lessig on intellectual property issues, at least about the dangers of ever-extending copyright terms, lack of registration requirements, and DRM.)

"Hillary Clinton and Net Neutrality" (May 23, 2006) The hypocrisy of Hillary Clinton's support of net neutrality on the grounds of protecting free speech (as pointed out by Adam Thierer).

"Consumer broadband last-mile competition in the Phoenix metropolitan area" (May 24, 2006) A summary of actual broadband options in the Phoenix area, listing eight separate providers.

"Net Neutrality expands to absurdity" (May 24, 2006) Critique of net neutrality advocate Jim Durbin, who thinks corporate web filters are a violation (which presumably he thinks should be made illegal). Also comment on Glenn Harlan Reynolds on pirate WiFi in the enterprise.

"Newmark vs. McCurry on net neutrality" (May 24, 2006) Comment on Craig Newmark's debate with Mike McCurry in the Wall Street Journal, in which Newmark is mightily confused about the technical facts.

"Dave Siegel on QoS and net neutrality" (May 26, 2006) Link to Dave Siegel blog post that summarizes how QoS is used in Global Crossing's network, and to a presentation by Xiao Xipeng on the same topic.

"Save the Internet: Fighting astroturf with astroturf" (May 26, 2006) How "Save the Internet" has generated astroturfed letters-to-the-editor while condemning astroturf from the telcos. I condemn both.

"More on last-mile options in Phoenix" (May 27, 2006) A response to criticisms of my list Phoenix-area broadband options from Douglas Ross.

"The Abstract Factory on net neutrality" (May 31, 2006) A link to a good commentary on net neutrality and astroturfing telco shills.

"Kevin Drum gets it wrong on net neutrality and common carriage" (June 1, 2006) Kevin Drum repeats the common misconception that common carriage requirements have applied to the Internet.

"Worst net neutrality analogy ever?" (June 1, 2006) A critique of Susan Crawford's horrible sidewalk analogy.

"George Ou explains QoS to Russell Shaw" (June 10, 2006) In a ZDnet debate, George Ou gives a good simple explanation of QoS to someone who wants to regulate something he doesn't understand.

"Martin Geddes on net neutrality, federalism, and U.S. vs. EU" (June 12, 2006) Link to a nice piece on Geddes' Telepocalypse blog where he provides links to his past positions on network neutrality and compares the U.S. to EU, and their respective regulatory regimes to networks.

"Verizon's Thomas Tauke on net neutrality" (June 12, 2006) Quote from and link to a Declan McCullagh interview with Thomas Tauke of Verizon about net neutrality.

"Bennett on Free Press net neutrality 'facts'" (June 12, 2006) Richard Bennett shows that the Free Press's network neutrality facts are mostly fiction, argues against the anti-QoS provision of Snowe-Dorgan and Markey in a note to Sen. Boxer, comments on tomorrow's Senate hearing, and on Matt Stoller's acting as a spokesman for admitted ignorance.

"'Hands Off the Internet' writes about me, then thinks better of it" (June 15, 2006) A post from the HOTI blog about me, recovered from Google cache. (Most of the content is actually excerpted from my own blog, with a bit of HOTI commentary.)

"The New Republic supports net neutrality, based on error" (June 15, 2006) The editors of The New Republic join the crowds of net neutrality supporters who incorrectly think that common carriage requirements have applied to ISPs and the Internet.

"Douglas Ross's Network Neutrality Index" (June 16, 2006) A link to an index of blog posts by an advocate of net neutrality regulation.

"Demonization of adversaries is wrong, Matt Stoller" (June 16, 2006) A criticism of part of Matt Stoller's presentation at YearlyKos.

"Andrew Kantor changes his mind on net neutrality" (June 16, 2006) The USA Today technology columnist no longer supports net neutrality regulations.

"Matt Stoller lies about site blocking" (June 18, 2006) Matt Stoller falsely attributes a problem between Craigslist.org and Cox's PC firewall software to the kind of discriminatory site blocking he thinks net neutrality regulations are needed to prevent--after already being informed of the real cause.

"Update on Cox blocking of Craigslist" (June 20, 2006) Update on who's said what, and a bit more detail on the underlying problem in which I disagree with placing blame on Craigslist.

"Content providers and ISPs: who really has the stronger hand?" (June 21, 2006) A look at a case of "reverse network neutrality" involving ESPN360 blocking access to ISPs.

"The future of connectivity options" (June 22, 2006) Telco 2.0 looks at a variety of business models for different types of connectivity and projections for how they will change in significance over the next decade. It would be a bad idea to impose regulations which stifle innovation by prohibiting some business models.

"Matt Stoller refuses to come clean" (June 22, 2006) Matt Stoller, caught in falsehood, tries to avoid responsibility for his statements and instead accuses others of being "lying liars."

"A version of network neutrality I can endorse" (June 22, 2006) I attempt to put forth a minimal, non-FCC-regulated version of "Lippard Network Neutrality" that I think is reasonable, and explain how it differs from what many network neutrality advocates are supporting.

"Craigslist no longer uses TCP window size of 0" (July 14, 2006) Update on the Craigslist/Cox issue.

"VoIP quality degradation shows need for prioritization" (July 27, 2006) Brix Networks study shows quality of VoIP calls has declined over the last 18 months due to competition for network resources.

"ACLU incompetence and misinformation on net neutrality" (November 3, 2006) The ACLU comes out in support of network neutrality, making many of the same erroneous arguments which have been debunked here before, such as confusing common carriage with IP-layer nondiscrimination.

"Netroots and telecom" (July 19, 2008) Discussion about the description of the Netroots Nation "Big Telecom" panel and an Art Brodsky column about it.

"New Markey/Eshoo net neutrality bill" (August 3, 2009) Brief comments on the Internet Freedom Preservation Act of 2009.

42 innocent people killed by police paramilitary raids

Radley Balko at The Agitator reports on some examples of innocent people murdered by police (and for some reason they almost never get prosecuted), along with his current research tally:

The tally thus far from my research: 42 innocent people killed in paramilitary raids. 57 if you include police officers. Another 20 were nonviolent offenders (recreational pot smokers, gamblers, etc.) shot and killed either by accident or because they mistook raiding police for criminal intruders and were killed when they attempted to defend themselves, their homes, and/or their families.

Conditions of income mobility

Two studies reported in The Economist (pay content) show that income mobility--the ability for children to be more economically successful than their parents--is much greater in Scandanavian countries and the UK than it is in the United States:

The authors rank countries on a scale from one to zero, with one meaning no mobility at all (ie, a child's income is identical to its parents') and zero meaning perfect mobility (ie, a child's income bears no relation to its parents'). The Nordic countries score around 0.2 for sons, Britain scores 0.36, and America 0.54 (meaning that a son's earnings are more closely related to his father's in America). These figures are roughly in line with the conclusions of other studies, though they have the advantage of using standardised data, thereby minimising problems of definition that usually bedevil cross-country comparisons.

The biggest finding of the studies is not, however, about overall social mobility, but about mobility at the bottom. This is the most distinctive feature of Nordic societies, and it is also perhaps the most significant difference with America. Around three-quarters of sons born into the poorest fifth of the population in Nordic countries in the late 1950s had moved out of that category by the time they were in their early 40s. In contrast, only just over half of American men born at the bottom later moved up. This is another respect in which Britain is more like the Nordics than like America: some 70% of its poorest sons escaped from poverty within a generation.

The Nordic countries are distinctive in one further way: the sons born at the bottom (into the poorest fifth) earn roughly the same as those born a rung above them (the second-poorest fifth). In other words, Nordic countries have almost completely snapped the link between the earnings of parents and children at and near the bottom. That is not at all true of America.

The effect is attributed to two things--welfare programs and education. If the consequences of U.S. policies include not only growing income inequality but declining income mobility, the latter undermines a standard argument for the former, and provides a motivation for changing policies.

(The studies are “Non-linearities in Inter-generational Earnings Mobility” (Royal Economics Society, London) and “American Exceptionalism in a New Light” (Institute for the Study of Labour, Bonn). Both are by Bernt Bratsberg, Knut Roed, Oddbjorn Raaum, Robin Naylor, Markus Jantti, Tor Eriksson, Eva Osterbacka and Anders Bjorklund. The Economist also criticized the U.S. for declining income mobility in 2005, in an article that is available in full without a subscription.)

Valerie Pachulski and Gabi Plumlee's 2004 GOP contributions

How is it that a 1999 high school graduate, "GOP Babe Val," who recently worked as an administrative assistant for Arizona Right-to-Life had over $10,000 to donate [SEE CORRECTION BELOW] to the Nevada Republican Party between July and November 2004 (also see here) while working as a volunteer for Bush-Cheney '04 Inc. of Las Vegas?

In a May 31 Arizona Republic website feature of restaurant reviews from readers, Pachulski is the contributor and mentions that she has "moved to D.C."

Another Arizona donor of over $9000 to the Nevada Republican Party in 2004 [SEE CORRECTION BELOW], Gabi Plumlee, works for the Republican National Committee in D.C.

UPDATE July 8, 2006: As pointed out in the comments by "Kellen Rose", the Center for Public Integrity website I linked to for "over $10,000 to donate" has things exactly backwards--this isn't a record of donations (though CPI has extensive databases of donations to politicians and political campaigns), but a record of expenditures by the Nevada GOP to out-of-state entities. That is, Pachulski and Plumlee were on the GOP payroll, not making contributions. I failed to see what was staring me in the face on that website.

Accordingly, I apologize to Ms. Pachulski and Ms. Plumlee for my inaccurate statements and the suggestion that there was something unusual going on here. I'll leave this post as a historical record of my error and the correction. It was a stupid mistake.

UPDATE (September 24, 2007): Valerie Pachulski points out that she was not an administrative assistant at Arizona Right to Life, but the Director of Events.

Skeptics Society conference

I've returned from the Skeptics Society conference on "The Environmental Wars," and there wasn't much warring between speakers, though there were some debates among audience members between sessions. The most controversial speaker was John Stossel, who was the only person to proclaim himself a global warming skeptic (and did so without having witnessed any of the day's presentations, which made it abundantly clear that (a) there is global warming and (b) it is caused by human activity). Michael Crichton managed to avoid the global warming subject in his talk, though in the Q&A he agreed that (a) there is no debate that the globe is warming (contrary to the position in State of Fear that it's an artifact of city "heat islands"), (b) there is no debate that CO2 has increased as a result of human activity, and (c) there's no debate about the greenhouse effect.

I'll comment more later on at least some of the talks, but for now I'll refer you to conference presenter Jonathan Adler's live-blogged descriptions of the talks and Chris Mooney's summary of his initial debate presentation.

UPDATE June 7, 2006: Also check out desmogblog's coverage of the conference.

UPDATE (July 18, 2009): Looks like my only further comment was on Jonathan Adler's talk on federal environmental regulation, though I did post this on the JREF Forums on June 30, 2008:

I very much enjoyed the Skeptics Society "Environmental Wars" conference. I thought it was a good mix of long-term history on climate change (Prothero), current scientific evidence on climate change (Schneider), what to do about it from an economic perspective (Arnold), what doesn't work from a regulatory perspective (Adler), what wild and crazy mitigation techniques might be available and what they'll cost (Benford), and a little debate on politicization of science (Mooney vs. Bailey), and a couple of climate change skeptics who didn't really address any of the science presented during the conference (Crichton and Stossel). It was also a chance to see one of Paul MacCready's last public appearances before he died.

Michael Crichton and John Stossel were no Mike Reiss (Simpsons writer who gave a hilarious talk in 2005), but I still thought they provided entertainment.

Part II of Botnets Interview

Part II of my interview on Michael Santarcangelo's Security Catalyst podcast is now available.

(Part I is here.)

Kevin Drum gets it wrong on net neutrality and common carriage

Kevin Drum writes:

The 1996 Telecommunications Act defined two different types of service, information services (IS) and telecommunications services (TS), and cable companies were originally classified as IS and telephone companies as TS.

Right so far, except that Internet service is classified as an information service, not a telecommunications service. Keep that in mind as you read his next two sentences:

Although both cable companies and telcos provide local internet access, the backbone of the internet is carried exclusively by telcos, which were regulated as common carriers under the tighter TS rules. The common carrier rules effectively enforced the principles of net neutrality on the internet backbone.

This is just wrong. Common carriage rules require telcos to allow third parties to connect to their telephony networks or to use their networks for private line connections between two points. Common carriage does not require interconnection to anybody's Internet network. There is not and there has never been a legal requirement that any Internet service provider or backbone allow all comers to connect to their Internet services--and thank goodness, because that means ISPs and NSPs can deny services to spammers or other entities that don't agree to their terms of service/acceptable use policies. ISPs qua ISPs and NSPs qua NSPs are not common carriers!

While there are Internet backbone links that use telco networks, these were typically the networks of long-distance telcos (AT&T, Sprint, MCI) or next-generation fiber telcos (Qwest, Global Crossing, Level 3) rather than the last-mile telcos (such as the Regional Bell Operating Companies). Now AT&T, MCI, and Qwest have been acquired by or acquired last-mile telcos (SBC, Verizon, and U.S. West, respectively), but the last-mile telcos subject to common carriage didn't build the backbones.

Why do net neutrality advocates continue to get this wrong, even after being corrected repeatedly?

UPDATE: BTW, I should note that Harold Feld (who has commented here) has specifically agreed that he'd like to impose common carriage requirements on broadband providers (meaning that last-mile telcos and cable companies would have to allow others to provide services over their access networks, so you could buy Earthlink, AOL, Yahoo, or Panix Internet service from your local cable company or telco--the situation would be like it used to be with DSL providers and local telcos). I'm not sure what other elements he would advocate--whether he'd apply similar requirements to wireless providers (requiring them to let anybody be a mobile virtual network operator), ban QoS, ban anything less than full Internet service over any medium, count non-residential services as broadband, etc. (And Harold, if you read this, I'm still waiting to hear responses from you here (on your own blog) and here (on mine, about HR 5417).)

By contrast, Timothy Karr at Save the Internet has explicitly denied that he's equating net neutrality and common carriage, but hasn't said what he does mean. (And Tim, you haven't responded to my final comment here on your own blog, either.)

UPDATE June 11, 2006: Tim Lee rightly questions Drum on this point as well, asking whether Internet backbones have really been under such regulations, which leads to some further information about peering agreements. I've pointed him to this post from last November about peering (see in particular the linked Geoff Huston paper).

"The Environmental Wars" Skeptics Society conference

Einzige and I will both be at the Skeptics Society conference in Pasadena tomorrow and Saturday and would welcome greetings from any blog readers, assuming the intersection of our readership and the conference attendees is non-null. At least I'll be able to say hello to Chris Mooney, whose blog I read regularly...

Worst net neutrality analogy ever?

From Susan Crawford:

Think of the pipes and wires that you use to go online as a sidewalk. The question is whether the sidewalk should get a cut of the value of the conversations that you have as you walk along. The traditional telephone model has been that the telephone company doesn't get paid more if you have a particularly meaningful call -- they're just providing a neutral pipe.

If you're going to use a sidewalk as an analogy for a communications pipeline, then the users of the sidewalk need to stand for the communications traffic. Then the question becomes, should users of different types have to pay different rates for the use of the sidewalk to those who build and maintain it (not to the sidewalk itself!). Further, the sidewalk has to keep being made bigger to support all the traffic being carried, and some of the users are in a bigger hurry and are likely to collide with those who aren't, and some of the latter are holding big gatherings between their residences, like a block party in the neighborhoods. Should those guys get to do that for free, or at the same cost as their neighbors who aren't interested in a block party?

UPDATE: I had issued a trackback ping to Susan Crawford's blog post which was accepted, but apparently she decided to delete it. That's rather ironic--she supports net neutrality, but blocks critical trackbacks to her blog. I guess her support of net neutrality isn't based on any principle of fairness or free speech.

UPDATE (June 8, 2006): Susan Crawford responded to a query about this, and attributed the deletion to automatic anti-spam defenses, and invited me to re-issue a trackback, which I will shortly do. I retract the last two sentences of the above update, and apologize to her for my erroneous inference.

UPDATE (March 13, 2008): Actually, I never regained the ability to issue trackbacks or even to reference this blog's URL in comments posted on Susan Crawford's Blogware blog, so all of my comments there refer to my discord.org website instead. She moved her blog in late 2007, but I've not commented or issued any trackbacks to the new one.