Category Archives: Google

ICANN Soon to be ICANT? Obama Gives Away Internet Control

Posted on by

   

ICANN, the International Community, and Internet Governance

Because cyberspace and the Internet transcend national boundaries, and because the successful

functioning of the DNS relies on participating entities worldwide, ICANN is by definition an

international organization. Both the ICANN Board of Directors and the various constituency

groups who influence and shape ICANN policy decisions are composed of members from all over

the world. Additionally, ICANN’s Governmental Advisory Committee (GAC), which is

composed of government representatives of nations worldwide, provides advice to the ICANN

Board on public policy matters and issues of government concern. Although the ICANN Board is

required to consider GAC advice and recommendations, it is not obligated to follow those

recommendations.

Many in the international community, including foreign governments, have argued that it is

inappropriate for the U.S. government to maintain its legacy authority over ICANN and the DNS,

and have suggested that management of the DNS should be accountable to a higher

intergovernmental body. The United Nations, at the December 2003 World Summit on the

Information Society (WSIS), debated and agreed to study the issue of how to achieve greater

international involvement in the governance of the Internet and the domain name system in

particular. The study was conducted by the U.N.’s Working Group on Internet Governance

(WGIG). On July 14, 2005, the WGIG released its report, stating that no single government

should have a preeminent role in relation to international Internet governance. The report called

for further internationalization of Internet governance, and proposed the creation of a new global

forum for Internet stakeholders. Four possible models were put forth, including two involving the

creation of new Internet governance bodies linked to the U.N. Under three of the four models,

ICANN would either be supplanted or made accountable to a higher intergovernmental body. The

report’s conclusions were scheduled to be considered during the second phase of the WSIS held

in Tunis in November 2005. U.S. officials stated their opposition to transferring control and

administration of the domain name system from ICANN to any international body. Similarly, the

109th Congress expressed its support for maintaining U.S. control over ICANN (H.Con.Res. 268

and S.Res. 323).39

The European Union (EU) initially supported the U.S. position. However, during September 2005

preparatory meetings, the EU seemingly shifted its support towards an approach which favored an

enhanced international role in governing the Internet. Read more here from FAS.

President Barack Obama’s drive to hand off control of Internet domains to a foreign multi-national operation will give some very unpleasant regimes equal say over the future of online speech and commerce.

Breitbart: In fact, they are likely to have much more influence than America, because they will collectively push hard for a more tightly controlled Internet, and they are known for aggressively using political and economic pressure to get what they want.

Here’s a look at some of the regimes that will begin shaping the future of the Internet in just a few days, if President Obama gets his way.

China

China wrote the book on authoritarian control of online speech. The legendary “Great Firewall of China” prevents citizens of the communist state from accessing global content the Politburo disapproves of. Chinese technology companies are required by law to provide the regime with backdoor access to just about everything.

The Chinese government outright banned online news reporting in July, granting the government even tighter control over the spread of information. Websites are only permitted to post news from official government sources. Chinese online news wasn’t exactly a bastion of freedom before that, of course, but at least the government censors had to track down news stories they disliked and demand the site administrators take them down.

Related reading: Dangerous Transfer: The President’s ICANN Internet Problem

Unsurprisingly, the Chinese Communists aren’t big fans of independent news analysis or blogging, either. Bloggers who criticize the government are liable to be charged with “inciting subversion,”even when the writer in question is a Nobel Peace Prize winner.

Chinese citizens know better than to get cheeky on social media accounts, as well. Before online news websites were totally banned, they were forbidden from reporting news gathered from social media, without government approval. Spreading anything the government decides is “fake news” is a crime.

In a report labeling China one of the worst countries for Internet freedom in the world, Freedom House noted they’ve already been playing games with Internet registration and security verification:

The China Internet Network Information Center was found to be issuing false digital security certificates for a number of websites, including Google, exposing the sites’ users to “man in the middle” attacks.

The government strengthened its real-name registration laws for blogs, instant-messaging services, discussion forums, and comment sections of websites.

A key feature of China’s online censorship is that frightened citizens are not entirely certain what the rules are. Huge ministries work tirelessly to pump out content regulations and punish infractions. Not all of the rules are actually written down. As Foreign Policy explained:

Before posting, a Chinese web user is likely to consider basic questions about how likely a post is to travel, whether it runs counter to government priorities, and whether it calls for action or is likely to engender it. Those answers help determine whether a post can be published without incident — as it is somewhere around 84 percent or 87 percent of the time — or is instead likely to lead to a spectrum of negative consequences varying from censorship, to the deletion of a user’s account, to his or her detention, even arrest and conviction.

This was accompanied by a flowchart demonstrating “what gets you censored on the Chinese Internet.” It is not a simple flowchart.

Beijing is not even slightly self-conscious about its authoritarian control of the Internet. On the contrary, their censorship policies are trumpeted as “Internet sovereignty,” and they aggressively believe the entire world should follow their model, as the Washington Post reported in a May 2016 article entitled “China’s Scary Lesson to the World: Censoring the Internet Works.”

China already has a quarter of the planet’s Internet users locked up behind the Great Firewall. How can anyone doubt they won’t use the opportunity Obama is giving them, to pursue their openly stated desire to lock down the rest of the world?

Russia

Russia and China are already working together for a more heavily-censored Internet. Foreign Policy reported one of Russia’s main goals at an April forum was to “harness Chinese expertise in Internet management to gain further control over Russia’s internet, including foreign sites accessible there.”

Russia’s “top cop,” Alexander Bastrykin, explicitly stated Russia needs to stop “playing false democracy” and abandon “pseudo-liberal values” by following China’s lead on Internet censorship, instead of emulating the U.S. example. Like China’s censors, Russian authoritarians think “Internet freedom” is just coded language for the West imposing “cultural hegemony” on the rest of the world.

Just think what Russia and China will be able to do about troublesome foreign websites, once Obama surrenders American control of Internet domains!

Russian President Vladimir Putin has “chipped away at Internet freedom in Russia since he returned to the Kremlin in 2012,” as International Business Times put it in a 2014 article.

One of Putin’s new laws requires bloggers with over 3,000 readers to register with the government, providing their names and home addresses. As with China, Russia punishes online writers for “spreading false information,” and once the charge is leveled, it’s basically guilty-until-proven-innocent. For example, one of the “crimes” that can get a blogger prosecuted in Russia is alleging the corruption of a public official, without ironclad proof.

Human-rights group Agora estimates that Russian Internet censorship grew by 900% in 2015 alone, including both court orders and edicts from government agencies that don’t require court approval. Censorship was expected to intensify even further throughout 2016. Penalties include prison time, even for the crime of liking or sharing banned content on social media.

Putin, incidentally, has described the entire Internet as a CIA plot designed to subvert regimes like his. There will be quite a few people involved in the new multi-national Internet control agency who think purging the Web of American influence is a top priority.

The Russian government has prevailed upon Internet Service Providers to block opposition websites during times of political unrest, in addition to thousands of bans ostensibly issued for security, crime-fighting, and anti-pornography purposes.

Many governments follow the lead of Russia and China in asserting the right to shut down “extremist” or “subversive” websites. In the United States, we worry about law enforcement abusing its authority while battling outright terrorism online, arguing that privacy and freedom of speech must always be measured against security, no matter how dire the threat. In Russia, a rough majority of the population has no problem with the notion of censoring the Internet in the name of political stability, and will countenance absolutely draconian controls against perceived national security threats. This is a distressingly common view in other nations as well: stability justifies censorship and monitoring, not just physical security.

Turkey

Turkey’s crackdown on the Internet was alarming even before the aborted July coup attempt against authoritarian President Recep Tayyip Erdogan.

Turkey has banned social media sites, including temporary bans against even giants like Facebook and YouTube, for political reasons. Turkish dissidents are accustomed to such bans coming down on the eve of elections. The Turkish telecom authority can impose such bans without a court order, or a warning to offending websites.

Turkey is often seen as the world leader in blocking Twitter accounts, in addition to occasionally shutting the social media service down completely, and has over a 100,000 websites blacklisted. Criticizing the government online can result in anything from lost employment to criminal charges. And if you think social-media harassment from loyal supporters of the government in power can get pretty bad in the U.S., Turks sometimes discover that hassles from pro-regime trolls online are followed by visits from the police.

Turkish law infamously makes it a crime to insult the president, a law Erdogan has already attempted to impose beyond Turkey’s borders. One offender found himself hauled into court for creating a viral meme – the sort of thing manufactured by the thousands every hour in America – that noted Erdogan bore a certain resemblance to Gollum from Lord of the Rings. The judge in his case ordered expert testimony on whether Gollum was evil to conclusively determine whether the meme was an illegal insult to the president.

The Turkish example introduces another idea common to far too many of the countries Obama wants to give equal say over the future of the Internet: intimidation is a valid purpose for law enforcement. Many of Turkey’s censorship laws are understood to be mechanisms for intimidating dissidents, raising the cost of free speech enough to make people watch their words very carefully. “Think twice before you Tweet” might be good advice for some users, but regimes like Erdogan’s seek to impose that philosophy on everyone. This runs strongly contrary to the American understanding of the Internet as a powerful instrument that lowers the cost of speech to near-zero, the biggest quantum leap for free expression in human history. Zero-cost speech is seen as a big problem by many of the governments that will now place strong hands upon the global Internet rudder.

Turkey is very worried about “back doors” that allow citizens to circumvent official censorship, a concern they will likely bring to Internet control, along with like-minded authoritarian regimes. These governments will make the case that a free and open Internet is a direct threat to their “sovereign right” to control what their citizens read. As long as any part of the Internet remains completely free, no sector can be completely controlled.

Saudi Arabia

The Saudis aren’t too far behind China in the Internet rankings by Freedom House. Dissident online activity can bring jail sentences, plus the occasional public flogging.

This is particularly lamentable because Saudi Arabia is keenly interested in modernization, and sees the Internet as a valuable economic resource, along with a thriving social media presence. Freedom House notes the Internet “remains the least repressive space for expression in the country,” but “it is by no means free.”

“While the state focuses on combatting violent extremism and disrupting terrorist networks, it has clamped down on nonviolent liberal activists and human rights defenders with the same zeal, branding them a threat to the national order and prosecuting them in special terrorism tribunals,” Freedom House notes.

USA Today noted that as of 2014, Saudi Arabia had about 400,000 websites blocked, “including any that discuss political, social or religious topics incompatible with the Islamic beliefs of the monarchy.”

At one point the blacklist included the Huffington Post, which was banned for having the temerity to run an article suggesting the Saudi system might “implode” because of oil dependency and political repression. The best response to criticism that your government is too repressive is a blacklist!

The Saudis have a penchant for blocking messaging apps and voice-over-IP services, like Skype and Facetime. App blocking got so bad that Saudi users have been known to ask, “What’s the point of having the Internet?”

While some Saudis grumble about censorship, many others are active, enthusiastic participants in enforcement, filing hundreds of requests each day to have websites blocked. Religious figures supply many of these requests, and the government defends much of its censorship as the defense of Islamic values.

As with other censorious regimes, the Saudi monarchy worries about citizens using web services beyond its control to evade censorship, a concern that will surely be expressed loudly once America surrenders its command of Internet domains.

For the record, the Saudis’ rivals in Iran are heavy Internet censors too, with Stratfor listing them as one of the countries seeking Chinese assistance for “solutions on how best to monitor the Iranian population.”

North Korea

You can’t make a list of authoritarian nightmares without including the psychotic regime in Pyongyang, the most secretive government in the world.

North Korea is so repressive the BBC justly puts the word “Internet” in scare quotes, to describe the online environment. It doesn’t really interconnect with anything, except government propaganda and surveillance. Computers in the lone Internet cafe in Pyongyang actually boot up to a customized Linux operating system called “Red Star,” instead of Windows or Mac OS. The calendar software in Red Star measures the date from the birth of Communist founder Kim Il-sung, rather than the birth of Christ.

The “Internet” itself is a closed system called Kwangmyong, and citizens can only access it through a single state-run provider, with the exception of a few dozen privileged families that can punch into the real Internet.

Kwangmyong is often compared to the closed “intranet” system in a corporate office, with perhaps 5,000 websites available at most. Unsurprisingly, the content is mostly State-monitored messaging and State-supplied media. Contributors to these online services have reportedly been sent to re-education camps for typos. The North Koreans are so worried about outside contamination of their closed network that they banned wi-fi hotspots at foreign embassies, having noticed information-starved North Korean citizens clustering within range of those beautiful, uncensored wireless networks.

This doesn’t stop South Koreans from attempting cultural penetration of their squalid neighbor’s dismal little online network. Lately they’ve been doing it by loading banned information onto cheap memory sticks, tying them to balloons, and floating them across the border.

Sure, North Korea is the ultimate totalitarian nightmare, and since they have less than two thousand IP addresses registered in the entire country, the outlaw regime won’t be a big influence on Obama’s multi-national Internet authority, right?

Not so fast. As North Korea expert Scott Thomas Bruce told the BBC, authoritarian governments who are “looking at what is happening in the Middle East” see North Korea as a model to be emulated.

“They’re saying rather than let in Facebook, and rather than let in Twitter, what if the government created a Facebook that we could monitor and control?” Bruce explained.

Also, North Korea has expressed some interest in using the Internet as a tool for economic development, which means there would be more penetration of the actual global network into their society. They’ll be very interested in censoring and controlling that access, and they’ll need a lot more registered domains and IP addresses… the very resource Obama wants America to surrender control over.

Bottom line: contrary to left-wing cant, there is such a thing as American exceptionalism – areas in which the United States is demonstrably superior to every other nation, a leader to which the entire world should look for examples. Sadly, our society is losing its fervor for free expression, and growing more comfortable with suppressing “unacceptable” speech, but we’re still far better than anyone else in this regard.

The rest of the world, taken in total, is very interested in suppressing various forms of expression, for reasons ranging from security to political stability and religion. Those governments will never be comfortable, so long as parts of the Internet remain outside of their control. They have censorship demands they consider very reasonable, and absolutely vital. The website you are reading right now violates every single one of them, on a regular basis.

There may come a day we can safely remand control of Internet domains to an international body, but that day is most certainly not October 1, 2016.

FBI Releases Hillary Server Investigation Documents

Posted on by

Signed on January 22, of 2009, Hillary declared by signature her compliance to classified material.

Hillary Non Disclosure This is the actual document with her signature.

FBI Releases Documents in Hillary Clinton E-Mail Investigation

Today the FBI is releasing a summary of former Secretary of State Hillary Clinton’s July 2, 2016 interview with the FBI concerning allegations that classified information was improperly stored or transmitted on a personal e-mail server she used during her tenure. We also are releasing a factual summary of the FBI’s investigation into this matter. We are making these materials available to the public in the interest of transparency and in response to numerous Freedom of Information Act (FOIA) requests. Appropriate redactions have been made for classified information or other material exempt from disclosure under FOIA.

FBI Background Investigation Hillary servers

FBI 302 Report on Hillary Interview

As a note, the FBI 302 report is shorter and frankly it tells us that Hillary told the FBI she cant remember sh*t. Hillary left all judgment to handling government material and security classifications to ‘her’ State Department professionals. The real background investigation report defines the best part of the whole scandal, it is 47 pages and quite chilling. Oh…there were several servers and 13 mobile devices. Her covert intelligence aide Sidney Blumenthal did receive at least 24 email exchanges with classified material. Redactions abound and avoiding FOIA was the underlying objective.

The Russians Hacked the NSA? Ah…What?

Posted on by

This is bad bad bad….and panic has struck Washington DC ….payment is to be in Bitcoins…

Graphics of files below courtesy of Arstechnica.

    

More here in further detail.

*****

Most outside experts who examined the posts, by a group calling itself the “Shadow Brokers,” said they contained what appeared to be genuine samples of the code — though somewhat outdated — used in the production of the NSA’s custom-built malware. Most of the code was designed to break through network firewalls and get inside the computer systems of competitors like Russia, China and Iran. That, in turn, allows the NSA to place “implants” in the system, which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack.  More here.

NSA and the No Good, Very Bad Monday

LawFare: Monday was a tough day for those in the business of computer espionage. Russia, still using the alias Guccifer2.0, dumped even more DNC documents. And on Twitter, Mikko Hypponen noted an announcement on Github that had gone overlooked for two days, a group is hosting an auction for code from the “Equation Group,” which is more commonly known as the NSA. The auctioneer’s pitch is simple, brutal, and to the point:

How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.

This release included two encrypted files, and the password to one was provided as proof while the other remains encrypted. The attackers claim that they will provide the password to the second file to the winner of a Bitcoin auction.

The public auction part is nonsense. Despite prevailing misconceptions on cryptocurrency, Bitcoin’s innate traceability means that no one could really expect to launder even $1M out of a high profile Bitcoin wallet like this one without risking detection, let alone the $500M being requested for a full public release. The auction is the equivalent of a criminal asking to be paid in new, marked, sequential bills. Because the actors here are certainly not amateurs, the auction is presumably a bit of “Doctor Evil” theater—the only bids will be $20 investments from Twitter jokesters.

But the proof itself appears to be very real. The proof file is 134 MB of data compressed, expanding out to a 301 MB archive. This archive appears to contain a large fraction of the NSA’s implant framework for firewalls, including what appears to be several versions of different implants, server side utility scripts, and eight apparent exploits for a variety of targets.

The exploits themselves appear to target Fortinet, Cisco, Shaanxi Networkcloud Information Technology (sxnc.com.cn) Firewalls, and similar network security systems. I will leave it to others to analyze the reliability, versions supported, and other details. But nothing I’ve found in either the exploits or elsewhere is newer than 2013.

Because of the sheer volume and quality, it is overwhelmingly likely that this data is authentic. And it does not appear to be information taken from compromised targets. Instead, the exploits, binaries with help strings, server configuration scripts, 5 separate versions of one implant framework, and all sort of other features indicate that this is analyst-side code—the kind that probably never leaves the NSA.

It is also unlikely that this data is from the Snowden cache. Those documents focused on PowerPoint slides and shared data, not detailed exploits. Besides NSA, the only plausible candidate for ownership is GCHQ—and the implications of stealing Top Secret data from GCHQ and modifying it to frame the NSA would themselves be startling.

All this is to say that there is relatively high confidence that these files contain genuine NSA material.

From an operational standpoint, this is not a catastrophic leak. Nothing here reveals some special “NSA magic.” Instead, this is evidence of good craftsmanship in a widely modular framework designed for ease of use. The immediate consequence is probably a lot of hours of work down the drain.

But the big picture is a far scarier one. Somebody managed to steal 301 MB of data from a TS//SCI system at some point between 2013 and today. Possibly, even probably, it occurred in 2013. But the theft also could have occurred yesterday with a simple utility run to scrub all newer documents. Relying on the file timestamps—which are easy to modify—the most likely date of acquisition was June 11, 2013 (see Update, however). That is two weeks after Snowden fled to Hong Kong and six days after the first Guardian publication. That would make sense, since in the immediate response to the leaks, as the NSA furiously ran down possible sources, it may have accidentally or deliberately eliminated this adversary’s access.

As with other recent cyber conflicts, the  espionage aspect is troubling but not entirely new. It’s very, very bad that someone was able to go rummaging through a TS//SCI system—or even an unclassified Internet staging system where the NSA operator unwisely uploaded all this data—and to steal 300 MB of data. But whoever stole this data now wants the world to know—and that has much graver implications. The list of suspects is short: Russia or China. And in the context of the recent conflict between the US and Russia over election interference, safe money is on the former.

Right now, I’d imagine that the folks at NSA are having rather unpleasant conversations about what the other encrypted file might contain, and what other secrets this attacker may have gained access to. Even if they were aware of the attack that resulted in this leak, there’s no way of knowing what is in the other archive. Is there evidence of another non-Snowden insider who went silent three years ago? Was a TS//SCI system remotely compromised? Was there some kind of massive screw-up at an agency which prides itself on world class OPSEC? Some combination of the three?

And—most chillingly—what else might be released before this war of leaks is over?

 

Update:  Thanks to @botherder for pointing out that a couple files have a newer date:  One file has a date of June 17th, 2013; another has a date of July 5th, 2013; three setup strips are dated September 4th, 2013; and two have dates of October 18th 2013.  One of those files (which I’m currently investigating) is the database of allocated Ethernet MAC addresses, which may be able to identify a later minimum date of compromise.  If the latter date of October 18th, 2013 is correct, this is even more worrysome, as this suggests that the compromise happened four months after the initial Snowden revelations—a period of time when the NSA’s systems should have been the most secure.

Update 2: Looking at the dates again, it now does seem somewhat likely that this was data copied on June 11th, 2013 with a few updates with a compromise after October 18th.  This does make it more likely that this was taken from a set of files deliberately moved onto a system on the Internet used for attacking others.  To my mind, this is actually an even scarier possibility than the NSA internal system compromise: This scenario would have the NSA, after the Snowden revelations, practicing some incredibly awful operational security.  Why should the NSA include five different versions of the same implant on a system used to attack other systems on the Internet?  Let alone implants which still have all the debugging strings, internal function names, and absolutely no obfuscation?

Update 3: Kaspersky confirms that the particular use of RC6 matches the unique design present in other Equation Group malcode.  XORcat apparently confirmed that the Cisco exploit works and, due to the versions it can attack, was a zero day at the time.  This exploit would generally work to take over a firewall from the inside of a target network since it did require limited access that is almost always blocked from the outside.

*****

In part from the WashingtonPost:

A cache of hacking tools with code names such as Epicbanana, Buzzdirection and Egregiousblunder appeared mysteriously online over the weekend, setting the security world abuzz with speculation over whether the material was legitimate.

The file appeared to be real, according to former NSA personnel who worked in the agency’s hacking division, known as Tailored Access Operations (TAO).

“Without a doubt, they’re the keys to the kingdom,” said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”

Said a second former TAO hacker who saw the file: “From what I saw, there was no doubt in my mind that it was legitimate.”

“Faking this information would be monumentally difficult, there is just such a sheer volume of meaningful stuff,” Nicholas Weaver, a computer security researcher at the University of California at Berkeley, said in an interview. “Much of this code should never leave the NSA.”

The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox.

At the same time, other spy services, like Russia’s, are doing the same thing to the United States.

It is not unprecedented for a TAO operator to accidentally upload a large file of tools to a redirector, one of the former employees said. “What’s unprecedented is to not realize you made a mistake,” he said. “You would recognize, ‘Oops, I uploaded that set’ and delete it.”

Critics of the NSA have suspected that the agency, when it discovers a software vulnerability, frequently does not disclose it, thereby putting at risk the cybersecurity of anyone using that product. The file disclosure shows why it’s important to tell software-makers when flaws are detected, rather than keeping them secret, one of the former agency employees said, because now the information is public, available for anyone to employ to hack widely used Internet infrastructure. Read the full article here.

The Authority of the Internet is Turned Over in 2 Months

Posted on by

This is surrender of the one place in the world where there is some freedom, the internet. The transfer date is September 30, 2016. Is this a big deal? Yes…..China and Russia don’t have a 1st amendment and it appears only one senator is waging the war to stop the transfer, Ted Cruz.

“From the very first days of the internet, the American government has maintained domain names and ensured equal access to everyone with no censorship whatsoever,” Cruz says in the video. “Obama wants to give that power away.”

That move poses a “great threat” to national security, Cruz said. Starting on the transfer date of Sept. 30, ICANN control could allow foreign governments to prohibit speech that they don’t agree with, he added.

Cruz has added an amendment to the Senate’s Highway Bill that would require an up-or-down vote on the administration’s plan to give ICANN control over names and numbers. And Cruz’s Protecting Internet Freedom Act, proposed with Republican Rep. Sean Duffy (Wis.), would prevent the transfer of authority to the global group. More from The Blaze.

*****

Twenty-five advocacy groups and some individuals have told leaders in the Senate and the House of Representatives that key issues about the transition are “not expected to be fully resolved until summer 2017.”

“Without robust safeguards, Internet governance could fall under the sway of governments hostile to freedoms protected by the First Amendment,” wrote the groups, which include TechFreedom, Heritage Action for America and Taxpayers Protection Alliance. “Ominously, governments will gain a formal voting role in ICANN for the first time when the new bylaws are implemented.” Read more here from PCWorld.

America to hand off Internet in under two months

WashingtonExaminer: The Department of Commerce is set to hand off the final vestiges of American control over the Internet to international authorities in less than two months, officials have confirmed.

The department will finalize the transition effective October 1, Assistant Secretary Lawrence Strickling wrote on Tuesday, barring what he called “any significant impediment.”

The move means the Internet Assigned Numbers Authority, which is responsible for interpreting numerical addresses on the Web to a readable language, will move from U.S. control to the Internet Corporation for Assigned Names and Numbers, a multistakeholder body that includes countries like China and Russia.

Critics of the move, most prominently Texas Republican Sen. Ted Cruz, have pointed out the agency could be used by totalitarian governments to shut down the Web around the globe, either in whole or in part.

Opponents similarly made the case that Congress has passed legislation to prohibit the federal government from using tax dollars to allow the transition, and pointed out that the feds are constitutionally prohibited from transferring federal property without approval from Congress. A coalition of 25 advocacy groups like Americans for Tax Reform, the Competitive Enterprise Institute, and Heritage Action sent a letter to Congress making those points last week.

While those issues could, in theory, lead to a legal challenge being filed in the days following the transfer, the administration has expressed a desire to finish it before the president leaves office, a position that Strickling reiterated.

“This multistakeholder model is the key reason why the Internet has grown and thrived as a dynamic platform for innovation, economic growth and free expression,” Strickling wrote. “We appreciate the hard work and dedication of all the stakeholders involved in this effort and look forward to their continuing engagement.”

What you Need to Know About IDI and Why

Posted on by

This Company Has Built a Profile on Every American Adult

Every move you make. Every click you take. Every game you play. Every place you stay. They’ll be watching you.

Bloomberg: Forget telephoto lenses and fake mustaches: The most important tools for America’s 35,000 private investigators are database subscription services. For more than a decade, professional snoops have been able to search troves of public and nonpublic records—known addresses, DMV records, photographs of a person’s car—and condense them into comprehensive reports costing as little as $10. Now they can combine that information with the kinds of things marketers know about you, such as which politicians you donate to, what you spend on groceries, and whether it’s weird that you ate in last night, to create a portrait of your life and predict your behavior.

IDI, a year-old company in the so-called data-fusion business, is the first to centralize and weaponize all that information for its customers. The Boca Raton, Fla., company’s database service, idiCORE, combines public records with purchasing, demographic, and behavioral data. Chief Executive Officer Derek Dubner says the system isn’t waiting for requests from clients—it’s already built a profile on every American adult, including young people who wouldn’t be swept up in conventional databases, which only index transactions. “We have data on that 21-year-old who’s living at home with mom and dad,” he says.

Dubner declined to provide a demo of idiCORE or furnish the company’s report on me. But he says these personal profiles include all known addresses, phone numbers, and e-mail addresses; every piece of property ever bought or sold, plus related mortgages; past and present vehicles owned; criminal citations, from speeding tickets on up; voter registration; hunting permits; and names and phone numbers of neighbors. The reports also include photos of cars taken by private companies using automated license plate readers—billions of snapshots tagged with GPS coordinates and time stamps to help PIs surveil people or bust alibis.

IDI also runs two coupon websites, allamericansavings.com and samplesandsavings.com, that collect purchasing and behavioral data. When I signed up for the latter, I was asked for my e-mail address, birthday, and home address, information that could easily link me with my idiCORE profile. The site also asked if I suffered from arthritis, asthma, diabetes, or depression, ostensibly to help tailor its discounts.

Users and industry analysts say the addition of purchasing and behavioral data to conventional data fusion outmatches rival systems in terms of capabilities—and creepiness. “The cloud never forgets, and imperfect pictures of you composed from your data profile are carefully filled in over time,” says Roger Kay, president of Endpoint Technologies Associates, a consulting firm. “We’re like bugs in amber, completely trapped in the web of our own data.”

When logging in to IDI and similar databases, a PI must select a permissible use for a search under U.S. privacy laws. The Federal Trade Commission oversees the industry, but PI companies are largely expected to police themselves, because a midsize outfit may run thousands of searches a month.

Dubner says most Americans have little to fear. As examples, he cites idiCORE uses such as locating a missing person and nabbing a fraud or terrorism suspect.

IDI, like much of the data-fusion industry, traces its lineage to Hank Asher, a former cocaine smuggler and self-taught programmer who began fusing sets of public data from state and federal governments in the early 1990s. After Sept. 11, law enforcement’s interest in commercial databases grew, and more money and data began raining down, says Julia Angwin, a reporter who wrote about the industry in her 2014 book, Dragnet Nation.

Asher died suddenly in 2013, leaving behind his company, the Last One (TLO), which credit bureau TransUnion bought in bankruptcy for $154 million. Asher’s disciples, including Dubner, left TLO and eventually teamed up with Michael Brauser, a former business partner of Asher’s, and billionaire health-care investor Phillip Frost. In May 2015, after a flurry of purchases and mergers, the group rebranded its database venture as IDI.

Besides pitching its databases to big-name PIs (Kroll, Control Risks), law firms, debt collectors, and government agencies, IDI says it’s also targeting consumer marketers. The 200-employee company had revenue of about $40 million in its most recent quarter and says 2,800 users signed up for idiCORE in the first month after its May release. It declined to provide more recent figures. The company’s data sets are growing, too. In December, Frost helped underwrite IDI’s $100 million acquisition of marketing profiler Fluent, which says it has 120 million profiles of U.S. consumers. In June, IDI bought ad platform Q Interactive for a reported $21 million in stock.

IDI may need Frost’s deep pockets for a while. The PI industry’s three favorite databases are owned by TransUnion and media giants Reed Elsevier and Thomson Reuters. “There’s no shortage,” says Chuck McLaughlin, chairman of the board of the World Association of Detectives, which has about 1,000 members. “The longer you’re in business, the more data you have, the better results.” He uses TLO and Tracers Information Specialists.

Steve Rambam, a PI who hosts Nowhere to Hide on the Investigation Discovery channel, says marketing data remains a niche monitoring tool compared with social media, but its power can be unparalleled. “You may not know what you do on a regular basis, but I know,” Rambam says. “I know it’s Thursday, you haven’t eaten Chinese food in two weeks, and I know you’re due.”

Wait…there is another problem you don’t know about.

Comcast Lobbies To Charge Customers More To Protect Their Online Privacy
Internet providers are still hashing out issues with the FCC. In particular, Comcast is currently defend its “pay-for-privacy” model to the FCC [PDF]. Comcast has even contended that  “the FCC has no authority to prohibit or limit these types of programs.”

So what exactly is the “pay-for-privacy” system? Essentially, companies like Comcast offers discounts to customers in exchange for allowing ISP’s to use their data. Comcast then floods these customers with various behaviorally-targeted ads. Customers who prefer privacy over pricing are charged a premium.

image: http://hothardware.com/ContentImages/NewsItem/38236/content/small_comcast_office.jpg

comcast office

Several weeks ago a number of lawmakers urged the FCC to ban the “pay-for-privacy” system. They argued that this pricing pyramid is particularly harmful to elderly customers who do not necessarily understand how ISP’s work and low-income customers who cannot afford to pay the privacy premium. Members of Congress noted that Comcast’s policies are “counter to our nation’s core principle that all Americans have a fundamental right to privacy.”

Comcast argued that the “pay-for-privacy” model actually benefits elderly and low-income customers. They insisted that its “prohibition would harm consumers by, among other things, depriving them of lower-priced offerings.” They noted that this system is commonly used throughout the United States economy.

image: http://hothardware.com/ContentImages/NewsItem/38236/content/small_fcc.jpg

fcc

Comcast also argued that its ensures “through contractual provisions that vendors who handle customer-related data have strong measures in place to protect that customer-related data, and that the vendors are prohibited from using that data for any purposes other than as directed by Comcast.”

The company concurs that opt-in agreements should be required when dealing with sensitive information. This kind of information would include financial, health, and children’s information, Social Security numbers, and precise geo-location information. All other information, however, would be subject to opt-out or, in most instances, “implied” consent.  The FCC is currently considering privacy rules that would require broadband providers to obtain consumers’ opt-in consent regardless of whether the information was sensitive or not. Hat tip to HotHardware