Law in the Internet Society

View   r8  >  r7  ...
HarryLaymanPaperTheFirst 8 - 08 Feb 2010 - Main.HarryLayman
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"
Changed:
<
<
Current mass-market communications technology is very insecure. User adoption rates for encryption of emails, instant messages, and phone calls are for all intents nil. Even the use of ad-free, cookie-free, untraceable internet browsing is on the order of 5%, despite its extreme ease. Legal protection for the privacy of such communications is scarcely any better. For example, the NSA entrapped, wiretapped, and blackmailed a high-ranking Democratic congresswoman for the purpose of installing her on the House Intelligence committee where she could expand their surveillance powers.
>
>
Current mass-market communications technology is very insecure. User adoption rates for encryption of emails, instant messages, and phone calls are for all intents nil. Even the use of ad-free, cookie-free, untraceable internet browsing is on the order of 5%, despite its extreme ease. Legal protection for the privacy of such communications is scarcely any better. For example, the NSA wiretapped and obtained incriminating evidence about a high-ranking Democratic congresswoman who was perhaps uncoincidentally in line for the chairmanship of the House Intelligence Committee. Authority for roaming, warrantless wiretaps has been claimed by presidents from both political parties. The dominant usage of technology in America has destroyed the expectation of privacy that people used to enjoy effortlessly. Perhaps we can convince people to take matters into their own hands.
 
Changed:
<
<
  • That's not an accurate summary of the source.
>
>
I initially proposed the PATRIOT phone, envisioning this. It'd feature RSA cryptography with no back doors or key escrow. With the right marketing strategy, a satisfactory product, and reasonable price points, it shouldn't be difficult to sell several thousands of such devices. At that point, the device becomes an impediment to large scale surveillance. If even 1% of network traffic were encrypted, it would be impossible to capture that volume of traffic for cryptanalysis -- there simply aren't enough supercomputers.
 
Changed:
<
<
Authority for roaming, warrantless wiretaps has been claimed by presidents from both political parties. The dominant usage of technology in America has done much to destroy the expectations of privacy and secrecy that people enjoyed just a few decades ago. Might it be possible to convince people to take matters into their own hands?
>
>
Such consumer technology does not exist. Many phones that employ RSA or similarly strong encryption, but they are not interoperable and cost $1500 or more. This is puzzling. Crytographic algorithms, qua algorithms, are not patentable subject matter and to whatever extent such monopolization was possible (i.e. patenting cryptographic math done "on a computer" or "a microchip that performs cryptographic math"), those patents should have long since been expired. See 1, 2. This academic paper suggests a means for implementing RSA into programmable logic chips that cost less than $10, and provides sufficient computing power to encrypt voice data in real time. In fact, that paper is five years old: the technology should now be trivial.
 
Changed:
<
<
I initially proposed the PATRIOT phone. It will look like this. It will feature RSA cryptography that is all but impossible to break, with no back doors or key escrow. With the right marketing strategy, a satisfactory product, and reasonable price points, it shouldn't be difficult to put such devices in the hands of several thousands of users. At that point, the device becomes an impediment to large scale surveillance. If even 1% of network traffic were encrypted, it would be impossible to capture that volume of traffic for cryptanalysis -- there simply aren't enough supercomputers.
>
>
The US cellular handset market is highly concentrated. The top three companies account for two thirds of the market, and the top six account for almost 90%. Part of the problem seems to be that US consumers buy handsets bundled with phone service, whereas in most countries the two products are separate. Nokia, for example, has 40% of the global handset market but only about 8% of the US market, purportedly because they refuse to 'play ball' with the large telecommunications companies. The cellphone market is similarly concentrated -- 4 companies control 81.2% of the market. High concentration indicates barriers to entry (i.e., large fixed capital costs). Thus, a would-be wireless player must build its own network or play nicely with a party that already has one. In other countries, an innovator might be able to rely upon the essential facilities doctrine of antitrust law, or open network access provisions, but not here.
 
Changed:
<
<
Such consumer technology does not exist. There are a variety of phones that employ RSA or similarly strong encryption, but they are not interoperable and cost $1500 or more. This is puzzling. Crytographic algorithms, qua algorithms, are not patentable subject matter and cannot be monopolized. To whatever extent such monopolization was possible (i.e. by patenting cryptographic math done "on a computer" or "a microchip that performs cryptographic math"), those patents should have long since been expired. See 1, 2. This academic paper suggests a means for implementing RSA into programmable logic chips that cost less than $10, and provides sufficient computing power to encrypt voice data in real time. In fact, that paper is five years old: the technology should be trivial at this point.

As a regulatory matter, the approval of such a device ought to be straightforward. The FCC's Rule Part 15 requires that devices not cause "harmful interference" that would jam other authorized signals (radio, television, etc). There does not appear to be any sort of clause that allows the FCC to disapprove devices that it simply does not like.

The US cellular handset market is highly concentrated. The top three companies account for two thirds of the market, and the top six account for almost 90%. Part of the problem seems to be that US consumers buy handsets bundled with phone service, whereas in most countries the two products are separate. Nokia, for example, has 40% of the global handset market but only about 8% of the US market, purportedly because they refuse to 'play ball' with the large telecommunications companies. The market for wireless communication is similarly concentrated -- 4 companies control 81.2% of the market. The fact that these industries are highly concentrated may indicate that there are barriers to entry (for example, large fixed capital costs). Thus, a would-be wireless player would either have to build its own network or play nicely with a party that has already done so. In other countries, an innovator might be able to rely upon the essential facilities doctrine of antitrust law, or open network access provisions, but not here.

Recent telecommunication innovators like Skype avoid the cellular network altogether. Skype users may make encrypted calls (only to other Skype users) using 256 bit AES encryption, which, while not impenetrable, would certainly thwart all but highly motivated eavesdroppers and would prevent wholesale data mining. However, Skype itself is not open source, and it is widely believed that some set of motivated parties (governments, at a minimum) are given "backdoor" snoop access. A number of open source VoIP suites exist, but none of them seem to feature PC-to-landline/cellular calls (unless I misunderstand the websites).

  • I don't understand what that means. Of course free software VoIP? running in a PC can communicate with ordinary landline and cellular phones: I do it many times a day. If I call such a phone, which will be switched through a free software computer in my office that also communicates with the telephone system, the traffic between me and the switch will be fully encrypted. I cannot force the telephone company to encrypt the traffic between the switch and the other person, so both sides of the call can be intercepted between her telephone company's interface to my VoIP? network and her. But if she has a computer, any kind of computer (including the kind of computer in a smartphone), she can make an encrypted communication link to me through the Net using only free software anytime, without our having to trust one another at all, trivially.

  • So the reason you're not seeing such products is that they are already obsolete. People who want simple, strongly encrypted voice communications based on software that doesn't have a gremlin inside already have it, without buying any hardware. Everyone else uses crap that they think is secure, which makes the world's spooks happier, even though the stuff we make that everyone can find and use at no cost is strong enough to exclude almost all the world's cops and spooks, people use the junk.

It does not seem that the incumbent telecommunications carriers are willing to allow access to their network for free, unlike the rest of the internet. To the extent that they allow Skype and Google Voice to exist, it is probably because they view them as interesting experiments in marketing and distribution, much in the manner that they experiment with giving customers "night and weekend" minutes or a "circle of five" or other such nonsensical demand metering masquerading as bandwith pricing. I would be surprised if Ebay viewed Skype as long-term strategic fit--perhaps one of the four companies that control 82% of the phone network might be interested in buying it in the future. The only real solution seems to be to abandon the closed networks of the telecommunications monopolists all together. This would require adoption of an addressing system more like instant messenger than a phone directory, but if the reward were free or near-free phone calls, people might be convinced. Cell phones would fuse with tablet PCs, and access the internet over municipal wifi.

  • Over all kinds of links, paid for by all kinds of people, but freely shared the way you never worry about whether you can afford to let someone drink water at your home or office.

The use of open networks to transmit voice data would make encryption nearly mandatory, since otherwise anyone situated between two callers could simply sniff packets and eavesdrop entire conversations. Due to open network architecture, there are a lot of people so situated, whereas on closed phone company networks, the only person between you and the person you are calling is Ma Bell. People are not generally convinced of the need conceal their conversations from her, which is just as well, because as long as you're on her network, the only way to do so is to buy $1500 phones, and to insist that your banks, doctors, and phone sex operators all use them.

>
>
Recent telecommunication innovators like Skype avoid the cellular network altogether. Skype users may make encrypted calls (only to other Skype users) using 256 bit AES encryption, which, while not impenetrable, would certainly thwart all but highly motivated eavesdroppers and would prevent wholesale data mining. However, Skype itself is not open source, and it is widely believed that some parties (governments, at a minimum) are given "backdoor" snoop access. A number of open source VoIP suites exist, but none of them seem to feature PC-to-landline/cellular calls without an additional account with some form of interconnection service provider that charges a few pennies per call.
 
Added:
>
>
Incumbent telecommunications carriers are unwilling to allow access to their network for free, unlike the rest of the internet. To the extent that they allow Skype and Google Voice to exist, they may view them as interesting experiments in marketing and distribution, much in the manner that they experiment with giving customers "night and weekend" minutes or a "circle of five" or other such nonsensical demand metering masquerading as bandwith pricing. I would be surprised if Ebay viewed Skype as long-term strategic fit--perhaps one of the four companies that control 82% of the phone network might be interested in buying it in the future. The only real solution is to abandon the closed networks of the telecommunications monopolists entirely. This would require adoption of an addressing system more like instant messenger than a phone directory, but if the reward were free or near-free phone calls, people might be convinced. Cell phones would fuse with tablet PCs, and access the internet over municipal wifi.
 
Changed:
<
<
--Okay, this is relatively done.

  • Relatively, yes.
>
>
The use of open networks to transmit voice data would make encryption nearly mandatory, since otherwise anyone situated between two callers could simply sniff packets and eavesdrop entire conversations. Due to open network architecture, there are a lot of people so situated, whereas on closed phone company networks, the only person between you and the person you are calling is Ma Bell. People are not generally convinced of the need conceal their conversations from her, which is just as well, because as long as you're on her network, the only way to do so is to buy $1500 phones, and to insist that your banks, doctors, and phone sex operators all use them.
 
Deleted:
<
<
 
<--/commentPlugin-->
 \ No newline at end of file
Added:
>
>
Because of open-source VOIP suites and other free software, these problems don't really exist for a small, educated, and technologically proficient subset of society. When those people speak to each other, they do so with a degree of privacy that has not existed in at least a century. Everyone else has to pay $50 to $75 a month for a portable phone featuring less privacy by the year. It is no solution to condemn those people as stupid or lazy for their consumer choices. Marketing need not be exclusively for the purpose of making people want to buy things that they don't need. Social attitudes about communication are malleable, and if a physical device can be constructed to wean people off of the incumbent telecommunications monopolists, it would offer a value proposition that people of all levels of sophistication would appreciate.

Revision 8r8 - 08 Feb 2010 - 20:49:53 - HarryLayman
Revision 7r7 - 23 Jan 2010 - 20:57:34 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM