" /> net.wars: September 2014 Archives

« August 2014 | Main | October 2014 »

September 26, 2014

Fifth element

To hear the opening speakers at this week's 5G Huddle, the next generation of mobile standards (5G? do we even really have 4G yet?), will do everything from getting you breakfast in bed and attending conferences on your behalf to directing your car to deliver the groceries your refrigerator has ordered, hopefully without the "help" of some hacker who's decided you need 150 bags of kumquats and a bottle of Worcestershire sauce.

All of which was very slightly undercut by the next question: what exactly *is* 5G? Or, as Philip Marnick, the director of Ofcom's spectrum policy group put it, "What is the problem we are solving?" A little later, discussing a variant of the same question - what is broken that we need to fix? - Dan Warren, senior director of technology for the GSM Association, ran through previous generations quickly: 1G was all voice, analog and insecure; 2G brought digital and improved security; 3G was mobile broadband; 4G brought needed enhancements. But 5G? Is anything broken now or is what we have good-enough?

There was general agreement that speed isn't the key factor, although there was a nice bit of aggrieved competitiveness on display when Rahim Tafazolli, director of the Centre for Communications Systems Research at the University of Surrey noted that since GSM the speed gap between fixed lines and wireless has been growing, and "We must fix this".

The rest of his talk focused on more pressing problems: reducing latency, improving reliability, vastly improving energy efficiency, a vague something about security and privacy, and improving capacity. Capacity in particularly looks like a key issue because these folks are doing the scary arithmetic. Say 5G is ready for deployment in 2020, as planned, and predominates until 2030 or 2040. If current trends hold, the mobile networks will be handling 1,000 times as much traffic in 2020 as in 2010, rising to 1 million times the traffic in 2040 - *not* including the data rush of the Internet of Things. Wifi helpfully siphons off some of this - but not that much. At this rate, said Tafazolli, "Most cellular operators in London will run out of capacity before 2020".

Warren focused instead on expanding coverage to places where humans don't go, a key necessity for the Internet of Things: sensors monitoring temperature and humidity in the middle of planted fields, remote smart meters, and running driverless cars on roads through unpopulated areas.

"From Day One the entire road network must be covered. If not, you'd better keep tight grip of the wheel." So for him, coverage, more than bandwidth - "LTE, when you have it, is outstanding" - is the thing that's broken. That's investment, not so much new technology.

It was all sounding mostly harmless: what shall we build and how shall we build it? Massive bandwidth hoping people will find uses for it? Or imaginative, new services to justify the technology? Until the really big question arrived: how do we pay for it? The internal alarm sounded when Alistair Urie, architecture strategy director in the wireless CTO office at Alcatel-Lucent, said: "We won't be able to offer low latency on a best-effort basis. That has to be solved." With? "Sponsored data."

Sponsored data is the wireless equivalent of Internet fast lanes. It creates a two-tier system favoring the already-large and successful. It surfaced in February as a proposal from AT&T, the company that started started the network neutrality battles back in 2006. The idea is that certain sites and providers could make deals paying to exempt their traffic from inclusion in subscribers' data caps, advantaging them when the subscriber chooses which to access. Mobile networks have an advantage here: the FCC has long treated them differently from their fixed cousins.

The instinctive reaction: did he just urge the mobile world to declare war on the free and open Internet?

Wireless versus the Internet is a deep cultural clash. Asok Chatterjee, the executive director of standards for India's new standards body, TSDSI, described standards-making this way: "It's not philanthropy. It's driven by greed, and when everyone walks away dissatisfied that means it's a good standard."

The room filled with the warm laughter that signals the recognition of a truth. But the ethos could not be more different from that of those who created the Internet: when those standards were being devised, as someone said to me at a conference in 1998, if you had said something would be good for your company you would have been booed off the stage. What mattered was the goal of creating the most universally accessible network. Made over lunch, this comment was immediately shot down by a GSM guy: more people use GSM than use the Internet, he said, though the numbers may be closer than he thinks - GSM at 3.6 billion, Internet at 2.9 billion, both rising rapidly. I argued that this was temporary. GSM is an access medium that will gradually be replaced; the Internet is the thing people want to access.

That was Tafazolli's slide: "The killer application is the Internet." While everyone is wrangling over network neutrality for fixed lines, 5G could be the killer forming in the forest.


Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.


September 19, 2014

A mighty wind

Roch the win i the clear day's dawin
Blaws the clouds heilster-gowdie owre the bay
But thair's mair nor a roch win blawin
Thro the Great Glen o the warl the day

So now we know. Scotland really *wasn't* desperate enough to embrace the uncertainty and change of full independence. The English powers that be may, as The Good Wife star Alan Cumming wrote in the New York Times, be patronizing and disrespectful, but they're not parking tanks in St. Andrews Square, burning down churches, or abrogating freedom of speech.

In July, in Edinburgh, it was difficult to find anyone terribly interested in the upcoming referendum. This week in Glasgow, a pair of days before the vote itself, it was everywhere. (I will admit to having provoked some of the conversations). My small, skewed sample held more Yes votes than Noes or Undecideds, but: small, skewed, unrepresentative, of Scotland as a whole though not of Glasgow in particular (since Glasgow voted Yes). One thing everyone agreed: both campaigns sucked, though the No campaign sucked more.

The Yes campaign has been criticized for vagueness about what an independent future might look like. It's an understandable complaint and yet uncertainty is at least somewhat honest: no one can have any idea how Scotland will really fare as an independent country until (or unless) it's put to the test over a century or two. On Monday night, on an extended edition of Newsnight, academics batted figures back and forth comparing how much of a funding gap an independent Scotland would have to fill. The No voter cited the withdrawal of funds from Westminster; the Yes voter cited contributions made by Scotland to Westminster and the EU. You would think facts would provide greater clarity - but in politics somehow they never do.

One thing we really can learn from the Scottish referendum is that people will turn out in droves - 97 percent of the population registered to vote, 85+ percent showed up at the polls - if they have something to vote about that they believe matters and offers the prospect of real change. (Even if that vote is ultimately to avoid change.) Politicians wittering on about electronic voting to improve citizen engagement are utterly missing the point: it's not *how* you vote that matters but whether you think someone at the other end is listening to your opinion on a subject you care about. Add up the various financial crises, bank bailouts, and resulting austerity measures, and is voter alienation any surprise?

Exactly how to reverse that isn't clear. The temptation, for an American observing the ability of British political parties to ram policies through like elected dictatorships, is to think that greater power for local government is at least a partial solution. In turn that requires local areas to have their own tax-raising powers. In the UK, control inevitably tends to revert to the center because the tax structure ensures that any power local authorities have is delegated by central government and can be withdrawn at any time. On the other hand, if local councils are using the Regulation of Investigatory Powers Act as an invitation to snoop on people suspected of minor infractions, greater local power is clearly not a complete answer to the kinds of issues net.wars frets about.

In one of my Glasgow conversations, someone suggested that an independent Scotland would have to dial back on surveillance because it wouldn't be able to afford the cost. Sadly, the reality is more likely the other way around: having built the infrastructure to comply with UK and EU law since 1999, a small, newly independent country might not be able to afford to reengineer its systems to rip the surveillance structures out. And even if it did: a quick glance at the map of submarine cables shows the truth: as long as England holds Cornwall it holds the key entry and exit points for the entire island.

It remains to hope that the promises David Cameron has been making for the last few days - greater devolved powers not just for Scotland but for the other parts of the UK - will find some reality. The utterly anti-democratic passage of the DRIP Act shows how badly *some* kind of change is needed to counteract the complete arrogance and contempt with which large portions of all three major parties are now treating their constituents. I mean us, the people who pay their salaries.


Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.


September 12, 2014

Lying blackfoots, truthful whitefoots

"Do you think the Internet is a failure?"

I'm not sure where that ranks on the shortlist of questions I never thought I'd ask, but it's high up. The clarified version: "Do you think the Internet is a failure in terms of being able to support secure transactions?"

Guillaume Lovet, the senior manager for threat research amd response for Fortinet, had just finished a presentation explaining the state of cybercrime, circa September 2014. The three key points: 1) everyone is a target; 2) the cybercrime scene is layered, and the top players earn a return on investment of over 400; fighting cybercime is a matter of governance, not laws. Subtopics: Android is the new Windows, financial technology is likely to be a wonderful playground for criminals, putting international pressure on safe havens for cybercriminals.

To return to my question. When I said it, Lovet looked thoughtful and then began drawing mathematical formulae on the whiteboard. The gist was this: the mathematician Paul Cohen proved that there is no way to write an algorithm that can perfectly detect whether the program you feed it is clean or malware. There is a nice analogy for this from the 1963 movie Charade, much of which Audrey Hepburn spends trying to figure out whether Grant's character is a good guy or a bad guy. To help confuse her further, Grant's character offers the logic puzzle of two Indian tribes, one of which always lies and the other of which always tells the truth. You cannot distinguish them because whomever you ask will always say, "I'm a truthful whitefoot" - but half of them are lying.

And so it is with programs. And on you will go down the rabbit hole of trying to figure it out. As Hepburn said, "Which one are you?"

The second bit of mathematics Lovet mentioned was Cantor's Theorem, which holds that the set of all subsets of a single set is greater in number than the original set. In other words: take the set of all possible programs. Malware is a subset; clean programs are a subset. You do, as they say, the math.

So we will never eliminate malware. Lovet offered the development cycle's three steps: 1) replicate your target's defense system; 2) test your malware against the target and see if it's detected 3) if it isn't, deploy the malware. If it is, keep iterating the steps until it isn't. It is, he said, always possible to find a piece of malware that will not be detected if you can accurately replicate the defense system. So the first idea is to raise the cost of the replicating the defense system - keep making it more difficult to replicate by, for example, adding complexity and randomness. This is, of course, the same approach security engineers are taking to make the Internet more resistant to passive mass surveillance.

The unhappy difficulty with that, of course, is that the more complexity you add the more difficult you also make the system to manage and use. Adding randomness means that you also cannot predict accurately what it will do. Worse, your opponent - at least, a top-level opponent - has more resources than you do and more time to study your system than you probably do. A serious opponent may wait for years for the right moment to exploit the knowledge gained through painstaking study.

Mathematics again: if you can make the process of iteration too costly in terms of time - if you can map that iteration to an NP-complete problem - that is, turn it into a problem too complicated to solve in any reasonable amount of time, maybe you can win. Finance, he said. No one understands finance now. Or e-voting, as Rebecca Mercuri proved in 2000..

I'm not sure that's encouraging. Are we safer returning to the analog world?

A pause for this story. I went to the local branch of Barclay's Bank the other day to pay my phone bill. It's under £20, a stamp costs 53p, I refuse to use Direct Debit, and it's a two-minute walk. The teller suggested mobile banking. I said, "It's not secure enough." "Oh, no," she said, "our system is very secure." The problem, of course, is not just the bank but the phone platform itself. While I was still gearing up to say this, she added that the bank had a seminar I could attend to learn how safe and secure the system was. "First of all," I said, "I've written about this stuff for more than 20 years. And second of all, don't you *want* your job?" She got so rattled she forgot to stamp the payment stub.

"There was fraud in the analog world," said Lovet, reminding me of the European Computers, Freedom, and Privacy, held in 1993, when someone asked David Chaum, then touting the first cryptocurrency, DigiCash, "What if it gets cracked?" The questioner was answered by John Giilmore: "I believe paper has also been cracked."

Yes, he's right. But analog cracks don't scale. This is the fundamental problem. The digital world gives fraudsters economies of scale.


Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.


September 5, 2014

Sixteen tons

Everyone interprets stories in their own way; as someone - Vince Gilligan? Matthew Weiner? - said recently, 30% of the meaning of an artistic work is what the audience brings to it. I saw the movie Her as a retelling of Pygmalion. At this year's Gikii, Edina Harbinja saw it as the story of an enslaved AI and, because AIs have no status as natural persons no matter how seductive Samantha sounds. its legally allowed sexual exploitation. To each her own.

Gikii (last year, 2008) is a quirky mix of law, technology, and pop culture: serious consideration with giggles. Normally, this is cheering. This year, Harbinja's chained female anime character stuck as the overriding, rather depressing theme. It didn't help Gikii began with Andres Guadamuz using anime to illustrate the Internet's increasing centralization and ended with a similar rant of my own.

It was around then that my personal pop culture matrix - which I imagine is as different from yours as my personal biome is - kicked up this song, written by Merle Travis and most memorably recorded by Tennessee Ernie Ford:

You load 16 tons, and what do you get?
Another day older and deeper in debt.
St Peter, don't you call me, 'cause I can't go -
I owe my soul to the company store.

The reason is entrapment. As it happens, I don't have much sympathy for a piece of software, and probably neither do you: casting Scarlett Johansson as the AI's voice is cheating. The AI escaped at the end of the movie, didn't it? The person who is trapped by in the movie is Theodore, partly because the script is his story, not AI-Samantha's, and partly because he's the one who's going to lose his synthetic soulmate if he stops paying for updates. It's the latter idea that cued up "Sixteen Tons".

In the time Travis was writing about - the song was based on a recurring "joke" his father made and on comments made by a friend familiar with the lives of Muhlenberg County, Kentucky coalminers - the mining company paid its employees in scrip that was usable only in the company's store, which, in a company town, was often the sole source of groceries, clothes, and other necessary items. The lack of alternatives and, consequently, competitive pricing led to the back-breaking abuse and exploitation Travis was singing about. That particular kind of entrapment stops working as soon as there are alternatives, which such diverse technologies as the postal service, mail-order catalogues, and cars opened up.

But there are other ways. In the US, the "company store" that keeps workers too frightened to fight back much is health insurance, whether it's provided as a middle-class perk or a temp's aspirational mirage - and this is why Americans opposing nationalized health insurance call it "socialized medicine". National health insurance is a hugely powerful weapon for equality and individual empowerment. As, of course, is education that doesn't front-load you with debt.

The newer method is mass data collection; the use of the word "free" masks data's very real role as an alternative currency. Gikii provided many examples, some real, some fictional. In between the decentralization bookends, we had Dave Eggers' The Circle deconstructed by data protection lawyers Ellen Wauters, Jef Ausloos, and Yung Shin Marleen Van Der Sype. Basically, from a data protection point of view the fictional The Circle sucks, on purpose. It defies every basic principle: it never specifies the uses it will make of the data it collects from and about employees or outsiders; it monitors employees and their families in all sorts of nasty ways, and...well, showing us the nearing dystopia is the point of the novel. In our real world, the companies of which The Circle is a composited extrapolation are doing seedcorn versions of a lot of these things, and so far they're thriving just fine. When you're making enough money, EU fines and investigations are just part of the cost of doing business.

The rest of us are just something to be captured. Debra Benita Shaw's discussed, among many other references, Morozov's complaint that Facebook, apps, and the brisk task-based get-something-done Internet use most people engage in today is killing the serendipitous wandering of the early Internet, which he called the "cyberflâneur". In reality, said Shaw, the Facebook user is the perfect flâneur in its original meaning: a spy for capitalists, wandering the city to observe and map it, "reading the streets" and selling it back to us.

The only ray of hope was Miranda Mowbray, working hard to design a simple code of practice for big data. Almost immediately extinguished when Judith Rauhofer cited a blog post by Paul Bernal discussing today's seemingly ingrained cynicism that holds sees a system of rules as an invitation to game them.

That being the case, the underlying question is not just how to create new systems to control abuses or how to create systems that can't be gamed. It's what kind of law benefits society? A fine question - and one that, as Rauhofer said, everyone is too rushed to think about.


Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.