net.wars

The cheeky ways people find to circumvent the status quo are always fascinating. The case of American Broadcasting Companies v. Aereo, which reached the US Supreme Court this week, is a perfect example.

Aereo is a wacky scheme that probably could only happen under the specific conditions prevailing in American broadcasting. As CNN has a helpful video explaining the service, but the gist isn't too difficult. The stations and networks that have spectrum to do so - CBS, NBC, ABC, PBS, Fox, local independents - put out their broadcasts free-to-air and anyone with an antenna inside their broadcast range can pick them up. But if you pick up and retransmit the signal, as cable companies do, to a large number of subscribers, then under the 1976 Copyright Act it's a public performance and you must pay the broadcasters retransmission fees. Aereo's service is based on a loophole: the company assigns to each subscriber a tiny antenna which remains dark until or unless the subscriber turns on his television and chooses a channel. At that point, the antenna is tuned to that channel and receives the broadcast, relaying it over the Internet to just that subscriber. Granted, Aereo has a giant antenna from which the tiny ones get their signal, but the company's lawyers believe that intermediate step makes all the difference.

At $8 a month, the service's appeal is clear. The math is easy: cable TV is increasingly expensive and standard packages saddle most consumers with a vast wasteland of advertising spread out over channels they rarely watch. The shows they really do want to see are better enjoyed via streaming in one form or another: from the broadcaster itself (way fewer ads) or a while later via Hulu, Netflix, Amazon, another service, or even purchased DVDs. So you can see why this is a service to upset everybody except the consumers who use it.

Aereo's legal argument is based on the 2008 Cartoon Network, LP v. CSC Holdings case (often referred to as "Cablevision"), in which Second Circuit Appeals Court ruled that the cable company could store programs subscribers saved on their servers rather than a home-based VCR or PVR. The similarity Aereo is betting on is that in both cases users are in control of what's saved, and in both cases users have their own personal copy (or antenna).

As a strategy, though, the structure of Aereo's serves reminds me much more of that turn-of-the-millennium casualty of copyright lawsuits, MP3.com. MP3.com asked you to prove you owned a CD by inserting it in your computer's drive. Thereafter, it allowed you to stream MP3s of that CD from the ripped collection it stored on its servers. Like Aereo, MP3.com argued that it was only providing access to something you already had the right to use. The resulting lawsuits bankrupted MP3.com, but 14 years later another company created a very similar service, which so far has been accepted without demur: Amazon.com. The most likely is that Aereo will suffer a similar fate; reports of this week's hearing suggest that the Supreme Court is trying to find a way to rule against Aereo while avoiding damage to the cloud computing industry. Dan Gillmor has a wonderful rant pointing out the public benefits that could accrue from freeing up spectrum if the broadcasters actually made good on their threat to pull their terrestrial broadcasts (ha!) if Aereo were to win.

It's at this point that the other big story of the week - the FCC's announcement that it will allow "fast-lane" discriminatory pricing - shows the size of the precipice upon which we're standing. Gillmor has another great rant about the FCC's announcement; FCC head Tom Wheeler has denied that the new rules will end network neutrality; Tim Wu seems clear that Wheeler is wrong.

In the next six months, the shape of the Internet as we know it could change entirely. The companies that will make deals like those the FCC seems to envision fall into three groups: media, telecoms, and cable. All three of those are industries dominated by a few large players - oligopolies - with a long history of protectionism. This is the much more serious side of the Comcast-Time Warner Cable merger, which until now was largely disparaged for its likely impact on consumers. In a discriminatory, "fast-lane" Internet, however, the bigger impact will be the merged company's market power in deal-making. Companies like Netflix, Hulu, Google (YouTube), and Amazon (Live) are Comcast's competitors in terms of providing access to television content, but will have to rely on it to deliver their Internet traffic. And that's without considering the difficulties of the next new idea to hit the Internet, which until now could have relied on having its traffic treated equally with everyone else's.

Aereo, as already noted, is a business model that's unlikely to be repeated elsewhere. Cord cutters are not limited to the US, but freely accessible alternatives, such as the UK's Freeview and Freesat, are entrenched. The battles over the bandwidth needed for video streaming and over who controls the mass audience will happen everywhere. If the US gets it wrong...will that create an opportunity for the rest of the world to do better?

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

Posted by Wendy M. Grossman at 7:10 PM | Permalink | Comments (0) | TrackBacks (0)

"The center has instructed me to instruct you to bug the ARPAnet."

"The ARPAnet? The scientist [abducted in a previous episode] mentioned that. What is it?"

"It's an advanced processing system that has to do with computers."

And so begins Season 2, Episode 7 of The Americans, a Cold War spy series set in early 1980s Washington, DC, where the Russians were Russians, the Americans were scary, and big hair and shoulder pads lurked on the near horizon.

The series follows deep undercover Russian spies Phillip (Matthew Rhys) and Elizabeth (Keri Russell), who live and work as an unremarkable middle-class American couple. You know: KGB-ordered marriage, two kids, suburban house, jobs at their own travel agency. The kids suspect nothing, probably the least believable thing in the show: on-the-edge-of-adolescence Paige (Holly Taylor) and Henry (Keidrich Sellati) have apparently never poked around the garage or looked out the window after a nightmare to see a parent sneaking out in a terrible wig. But then: Stan Beeman (Noah Emmerich), the FBI agent who moved in across the street at the beginning of season one, doesn't suspect them either (yet).

A Russian friend who moved to the US when she was ten loves this show. For one thing, the Russians really speak (subtitled) Russian. For another, as morally impaired as the Russian spies are the Americans are no better. The show's creator, Joseph Weisberg, is a former CIA officer; this show's spying feels much more "real" than the increasingly ridiculous but more highly acclaimed Homeland.

So: to bug the ARPAnet. Phillip's handler doesn't know what the bug will do - "Technology's not my strong suit." But if he plugs this computerish gizmo into "the thing" it will copy information across for about 30 seconds, and then he should detach it and...well, something will tell the Russians what's this technology they've heard the Americans have.

Phillip starts by posing as a journalist and visiting Thane Rosenbloom (Geoffrey Cantor), a computer science professor who tells him, "I work on advanced packet-switching data systems, a single communications link that collects information into datagrams and then transmits them onto an attached network, sort of like a handshake that introduces distant computers to each other in virtual space."

Phillip is lost, as well he might be.

Rosenbloom proceeds with an analogy to a post office service that accepts a postcard in Japanese and translates it into a universal post office language. It can be anywhere. "It's like God." Cut to God's image: a PDP-10.

Soon we're looking at Rosenbloom's proudest acquisition, an Interface Message Processor. "It is, in a manner of speaking, the interstate highway system through which all of information flows." The IMP "is like a universal translator, keeping information moving with no snafus, no tie-ups, on an endless ribbon of virtual highway."

"Going where?"

"To the future."

Phillip thinks this all sounds like science fiction, but that night he miraculously knows to plug the "bug" into something like a parallel port and the mission is completed. It's fine as long as you don't think too hard. How did the Russians know what kind of plug to expect? If they don't know anything about the ARPAnet, how do they know what software to write to bug it? How are they going to retrieve whatever the bug captures? Phillip and Elizabeth are masters of social engineering: wouldn't it have been easier to get a few teenaged hackers to steal some passwords?

Writing this must have been tricky: it's hard to un-know the present in order to imagine how people thought about the future in the past. The writers valiantly tried to convey how weird and incomprehensible the idea of a worldwide computer network seemed to the uninitiate. And yet: there was already the telephone network. Explaining the translation stuff only makes sense if your listener already knows about different computers running incompatible software. (Though, granted, it's a good way to disorient a mainstream 2014 audience who assume that all computers can share information.)

It's apparently even harder to remember how much already was known, even then. The thinking behind the ARPAnet originates to 1945 and Vannevar Bush in 1945. J.C.R. Licklider began working on the beginnings of the ARPAnet as early as 1963; by 1981 a new IMP was being added to the network every 20 days. Meanwhile, home computers, commercial dial-up information services, and amateur bulletin board systems were proliferating: CompuServe's information service, the first dial-up bulletin board systems, and the invention of Usenet all were going by 1978-1979. The Russians certainly should have known at least some of this without having to abduct a scientist: beginning in the 1950s they had computers, too, and certainly by 1982 they were doing their own networking experiments. The talk of God and the unification of all human knowledge - especially the "virtual highway" - is much more early 1990s West Coast hyperbole than early 1980s East Coast computer science.

So: the show gets a B for technology. But if they can get us to that future with no snafus and no tie-ups in delivering information, we'll take it.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an links to earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

Posted by Wendy M. Grossman at 5:47 PM | Permalink | Comments (0) | TrackBacks (0)

"The Heartbeat security hole is just one more example of why open systems aren't necessarily better," a friend wrote to me this morning.

Not necessarily better, but not necessarily worse, either. Blaming open source for Heartbleed is like blaming dating sites for the divorce rate. Like everything else, it's a tradeoff. As Eric S. Raymond said in 1999, Given enough eyeballs, all bugs are shallow". So the point is not that open source allowed the bug in OpenSSL's Heartbeat function to happen; it's that open source allowed it to be discovered and widely publicized without needing permission from an owner company - and possibly fixed faster. Wired, however, does point out that the economics of open source can make relying on it inherently risky; they predict there will be more such catastrophes unless we can find a way to pay people to actively seek them out.

What allowed Heartbleed to happen is a confluence of things - some blame the C programming language, for example - beginning and ending with a human programming error. No intellectual property regime is ever going to eliminate programming errors.

The basics of Heartbleed - what it is, why you should care, and what you need to do about it - have been helpfully laid out on a vast number of security and general news sites: Scientific American; Sophos; Bruce Schneier; Krebs; Codenomicon, the group that found it. There are more warnings about the future from the New York Times, and you can test a server and, if yours is afflicted, follow EFF's advice for system administrators to fix it.

The short term is a lot of scrambling, patching, fixing, and password changing. What then? Is this to be our collective future? One long series of security warnings until we stop listening and either go offline permanently or assume we're going to be robbed and surveilled every day?

The good news, in a twisted sense, is that the hard work engineers were already beginning to do to harden the Internet against endemic secret agency spying ought to automatically include paying attention to fundamental flaws in the Internet's infrastructure codebase. SSL already had serious enough problems to need a new approach: the bug in OpenSSL can be fixed much more quickly than the endemic problem of the rickety certificate authentication system. Users and even many site administrators do not know what to do when they're told a site's certificate doesn't match or has expired; certificate authorities can be hacked; and so on.

EFF argues that an important piece of fixing the infrastructure lies in implementing Perfect Forward Secrecy. That doesn't fix a vulnerability but does perform the important task of limiting the damage a vulnerability allowing the theft of private cryptographic keys can do. Under the present situation, an attacker using something like Heartbleed (or one of the cute little bugs that sits in place quietly exfiltrating information for years before it's discovered) can patiently pile up data, not caring that it's encrypted and consequently unreadable. Because: eventually, one day, the data captured may be a private key that can be used to retroactively decrypt the lot. This is little different from what hackers do when they patiently spend years writing down information gleaned from wanderings around the Internet until one day a user ID meets up with a password and they're into something like Prince Philip's mailbox, or what a large government agency might do with unlimited storage facilities knowing that the computing power necessary to brute-force keys is increasing daily. What PFS does is ensure that any given key can only decrypt future data, so that although the contents of a current session may be vulnerable when a hole is discovered you can immediately revoke the key and your exposure is limited to that relatively small amount of data.

It's an important point, but it's still just a technical patch. Earlier today, Richard Clayton pointed to a 2008 report he, Ross Anderson, Rainer Böhme, and Tyler Moore wrote for ENISA that, among other things, recommends that to foster systemic change we need to introduce product liability into the software industry. Acknowledging the political and practical difficulties of such a move, the authors suggest, "A good starting point would be to require vendors to certify that their products are secure by default." This would in fact apply to something as arcane as a cryptographic library like OpenSSL, even though it's open source, because users never touch it until it's been implemented in a bigger product that has a vendor that interacts with the user. I like this suggestion, in part because so much of the Internet's expansion has been by patching stuff up along the way, an ideal way to create vulnerabilities.

Cue this quote from Gene Spafford: "The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts."

None of us can live like that. But the way things are right now, there's half a hole in our pockets, and we're left wondering where the other half is.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Stories about the border wars between cyberspace and real life are posted throughout the week at the net.wars Pinboard - or follow on Twitter.

Posted by Wendy M. Grossman at 9:47 PM | Permalink | Comments (0) | TrackBacks (0)

In a 2002 episode ("The U.S. Poet Laureate", season 3 episode 16) of The West Wing, one of Aaron Sorkin's alter egos, Josh Lyman, discovers he has a TV fan site ("LemonLyman.com") and decides to set a few of his backseat drivers straight about some things. Because you are better versed in how socializing on the Internet works than he was, you can probably guess how that went. He made some stupid posting blunders, one of which attracted the attention of a Washington Post reporter, and explained the mess to the enraged White House communications director thusly: "It's got a dictatorial leader who I'm sure wears muu-muus and chain-smokes Parliaments". Said communications director informed him that, "The people on these sites, they're the cast of One Flew Over the Cuckoo's Nest", and ordered him offline.

The real-life site on which Sorkin based this (first) complaint about all things Internet was Television Without Pity, where he posted briefly and sporadically under his middle name, Benjamin. Being better versed in how socializing on the Internet works than he was, you can probably guess how that went: initially happy and then a big bust-up which his later works suggest he's never really gotten over. The full story is available in great detail.

"Spare the snark and spoil the networks," goes TWoP's slogan, and as it suggests, this is the site where people go to pick apart TV shows. Or I should say "went", because last week NBC Universal, whose Bravo subsidiary bought the site in 2007, decided to pull the plug because it wasn't making enough money. The last freelance-written recaps were posted last week though they will remain online for future enjoyment; the discussion forums will be closed at the end of May and taken down. That gives long-time posters only a couple of months to find a new home. For now, most seem to be heading to PreviouslyTV, since it's run by TWoP's original founders. Other candidates for TWoP refugees seem to be AVClub, Vulture (which was so brilliantly hilarious about Gossip Girl), and even The Straight Dope's TV boards.

That there are so many options speaks to TWoP's influence: it more or less invented the now-ubiquitous recap.

Praise and reminiscences are coming from some surprising quarters: TWoP gave young writers their start; inspired affection; and taught others to think analytically about popular culture, entertained many more.

TWoP began life circa 1998 as a recap site for Dawson's Creek and then was briefly known as MightyBigTV. Its inhabitants, speculate that the site is the last of the Web 1.0 era; the Guardian writer linked above believes message boards are over. Neither is really true. In-depth written discussion has always been a minority pastime. TWoP's antecedents are the WELL and Salon.com's Table Talk; TWoP's competition is not the status updates of Twitter and Facebook but blogs, newspaper and magazine comment boards, and niche forums that survive by never getting quite big enough to attract and disappoint a large corporate purchaser. The brief history of the Internet is awash in memories of shut-down communities, from Geocities (bought and closed by Yahoo!), to CompuServe (bought and eviscerated by AOL), and much of AOL (ditto, when that company shifted away from subscriptions and towards advertising as its main source of revenue). I still miss JumptheShark.com, which had frustrated viewers voting to pinpoint the precise episode when a show lost its spark; that was bought by TVGuide and taken down.

TWoP had two distinguishing factors: the consistently snarky attitude of its official postings and its rather rigid, rule-bound moderation. (ObDisclosure: I posted once a couple of years ago, got scolded for three infractions, one of which was so clearly inconsistently enforced across the site that I thereafter went read-only.) Like early 1990s CompuServe and AOL, the forum moderators were paid to stomp when discussions drifted away from the stated topic, repeated themselves, or become too meta. The snarky attitude was pure mid-1990s, found on early Web sites such as Suck.com and pervasive on Usenet, especially in alt.showbiz.gossip, which caught it from the hilariously sarcastic magazine Movieline. TWoP's special contribution was marrying the two.

The net result was that you could not come away from a discussion, even of your favorite show, without seeing the ways in which it stumbled. Persistent reading of the site turned people from passive consumers of television to active critics - as much a threat to crap network television as cable channels. It was a great place to go when the quality of the show you loved since season one fell off a cliff. Arguably, studying those merciless fans was also valuable to anyone interested in writing creatively: it's extraordinary how harshly people can judge fictional characters.

To TWoPpers I say, take heart. you will find other places to snark collectively. But also take note: communities controlled by others are, to them, fungible. Own your own community. Because here's a thing: I first heard about TWoP on the WELL, founded 1985. And that's the first place I went to discuss TWoP's death. Some kind of irony there.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

Posted by Wendy M. Grossman at 6:37 PM | Permalink | Comments (0) | TrackBacks (0)