Saturday, May 13, 2006

The End of the SSN

It seems that Congress is getting a little antsy about identity theft. They know that things have gone too far when people are selling SSNs for fun and profit. They know that the use of the SSN has gone too far when people can discriminate against you because you refuse to reveal your number. But when a treasure trove of identity information is found on a server on the internet, you know that Congress wants to cover their behind.

So they're writing legislation. It appears they now want to limit the sale and use of the SSN. How nice. Oh, wait. They also want to make it illegal for people to refuse to do business with you if you refuse to reveal your SSN. But only in certain cases. Still, it's a start.

Everyone has a number. And even though that number is required as a matter of survival in this country, it's required to be disclosed in so many places that often, it lands on public documents. On the Internet.

Now it looks like they are so bold as to stash huge stores of identity information on FTP sites. You may be familiiar with websites, but long before there was the web protocol, http (Hyper Text Transport Protocol), there was FTP (File Transfer Protocol). It appears that Webroot has found a hoard of stolen identities ready for sale. Where did all this come from?

It came from an army of zombie computers compromised to the point of being useless. And it came from careless users and programmers. First the programmers. It is well documented that Windows is running on 90% of the world's PCs. It is also well documented that Microsoft has long preferred to program for convenience over security. And now they're paying for it. And so are we.

The other half is users. Most users, without really being properly informed, are running as administrators on their machines. "Administrators?" There are essentially two classes of users in Windows (and linux): admins and users. Admins run the show. They can make any changes they desire to the computer. Users can't do squat. They can only create, manage, and modify documents. But they can only dream about installing software on your computer.

When you run as an admin and surf the web, malware (viruses, trojans, adware, spyware, etc.) can install itself on your computer without telling you. You may be prompted to click okay to install software, but it is unlikely you will get any warning. Then once it's installed, it's difficult if not impossible to remove the buggers.

Now if you run as regular user, and you run into something trying to install itself on your computer, you will be prompted to do so with administrators privileges. If you don't have this power, the virus, trojan, whatever, can't install itself on your computer and you get a warning that something is happening. In order to do so, privilege escalation has to occur. That means that the virus has to elevate its privileges from user to administrator. On most systems, remote privilege escalation is difficult if not impossible.

The point of this article is that sure, identity theft is a real threat to your well being, and yes, programmers need to do a better job of protecting your computer. Like Microsoft programmers. But what really needs to be done is better education of the people who use the computers in the first place. And if people do not actively seek out this information, in the end, they have to take responsibility for their own brains. Siimply legislating the problem away is not enough.

Scott Dunn

Tuesday, May 09, 2006

Net Neutrality

Net Neutrality. That's the current buzzword these days. Most people are hardly aware of such a concept, though they hear it in the news. Internet Service Providers claim that companies like Google, Vonage, Microsoft and Yahoo are getting a free ride unless the ISPs can charge customers of those same companies, more money for their services.

What sort of services?, you might ask. Video, voice and streaming music communications. To take an example, lets look at voice. With voice communications, internet phone companies like Skype, Vonage, and Yahoo (yes, Yahoo offers voice service), help their customers setup and use voice communications over the internet. Users will purchase their own headset which plugs into a USB port, and then they run software that records the voice, breaks it up into little packets, and sends those packets to the recipient over the internet, encrypted and secure.

For many people this has been working well. Until now.

The link above is to a story about how the Vonage service was working great until Comcast got in the way and decided that their service was going to run better than any competitor's service running over their wire. See, Comcast has the ability identify the source and type of traffic going over their wires. They can selectively throttle the service for other competitors. Of course, they're going to deny it because they can. But the link above is just one point of proof.

Why is Comcast doing this? They believe they can make more money by charging for tiered services. Ladies and Gentlemen, tiered service is already here. Ever heard of a T1? T3? Oc-3 or OC-192? Those are fat pipes - really fat pipes - for data. Large internet companies have to buy this kind of bandwidth to provide access to their web servers.

They are not cheap, either. Sure, we all gripe about how we pay $30-50 per month for our broadband connection. Now the cable/phone companies want more. But only if you use a competing service for video or voice. You see, if you use *their* service, it will work better. You won't notice any delays or dropouts because the cable/phone companies can ensure more reliable service since it's their own network.

But the one thing that cable/phone companies aren't telling you is that they are common carriers. A common carrier is like a taxi. A taxi cannot refuse service to just anyone. Now if the customer is waving a gun in your face, then sure, you can drive away. But if he's peaceful and willing and able to pay the toll, then he gets a ride. No questions asked except "Where to, bub?".

So the next time you hear the cable companies bleat about how Google is getting a free ride, consider that Google is *already* paying for high speed internet access. The ISPs are trying to get you to pay more for it. Again.

So lets have a look at it another way. We pay a monthly bill. We only use our connection for a small part of the day. The ISP is overselling their service because they know that most of us have day jobs just so we can pay the bill. If everyone got on at the same time, we'd feel it. But most times, only a fraction of the subscribers are online. That is just one way they're making their money. Banks do this, too, but that is another story for another day.

If cable/phone companies have their way, they will balkanize the internet. That means that the internet will break up and fragment. No more easy access to the information you really want, unless you are willing to pay more than you already do.

You know how Congress regulations interstate commerce? They prohibit sales taxes between states to ensure free trade among the states. Congress needs to step in and do the same thing with net neutrality. Net Neutrality will help to prevent the fragmentation and balkanization of the internet. It will also prevent the IPS from using the perfect excuse for censorship: bandwidth use.

The ISP behavior towards net neutrality has prompted Google to start buying their own infrastructure. This is more evidence that the net is going to be fragmented unless a firm policy regarding net neutrality is adopted. Fortunately, there is competition afoot for the cable and phone companies. Ethernet over Power lines is the next big thing. People will be able to get their internet connection through a power outlet. The work is still ongoing, but it's only a matter of time before we see it everywhere.

And then there is wireless. WiMax is due to come out strong in 2007-2008. There are municipal networks popping up all over the country with the help of Google and Earthlink.

So the phone companies want stomp on net neutrality? The cable companies want Skype to run a little slower then their own, branded service? Welcome to the perfect excuse for municipal networks. Any city will be able to claim that the municipal networks became neccessary for the betterment of the general public because the dominant ISPs wouldn't play nice with others. We have roads, don't we? Just imagine what would happen if the cable companies owned the roads. *shudder*!!!

So get on the horn and write your CongressCritter. Send them an email so that they know you are personally affected, and that you have money to back up your words. Not that you will make a donation, but that you will vote with your pocketbook.

Whew. Sure glad I got that off of my chest. See you next time.

Scott Dunn