Friday, July 28, 2017

FTC IOT Winner :: Sec. 1201 RFC :: LOC Ringer Fellowships

FTC Announces Winner of its Internet of Things Home Device Security Contest https://www.ftc.gov/news-events/press-releases/2017/07/ftc-announces-winner-its-internet-things-home-device-security

The Federal Trade Commission announced that a mobile app developed by a New Hampshire software developer was awarded the top prize in the agency's competition seeking tools to help consumers protect the security of their Internet of Things (IoT) devices.

The FTC launched the contest in January to challenge innovators to develop a tool that would help address security vulnerabilities of IoT devices.

With the assistance of an expert panel of five judges, the FTC awarded Steve Castle the $25,000 top prize for his proposal for a mobile app, "IoT Watchdog." As a software developer, Castle said he was motivated to enter the contest to distill his network security knowledge and experience into a tool that can help users easily determine if their devices are out of date or if their networks are insecure. The mobile app he proposed seeks to help users manage the IoT devices in their home. It would enable users with limited technical expertise to scan their home Wi-Fi and Bluetooth networks to identify and inventory connected devices. It would flag devices with out-of-date software and other common vulnerabilities and provide instructions on how to update each device's software and fix other vulnerabilities.


Copyright Office Announces Open Application Period for Ringer Fellowships https://copyright.gov/newsnet/2017/674.html?loclr=eanco

The United States Copyright Office is now accepting applications for the Barbara A. Ringer Copyright Honors Program. The fellowship, which runs eighteen- to twenty-four months, was created for attorneys in the initial stages of their careers who demonstrate exceptional ability and interest in copyright law. Ringer Fellows work closely with senior attorneys and others in the Office of the General Counsel, the Office of Policy and International Affairs, the Office and the Register, and the Registration Program on a range of copyright-related law and policy matters. Ringer Fellows serve as full-time federal employees for the term of their fellowships and are eligible for salary and benefits as permitted under federal law.


Additional details about the Ringer Fellowship, including the application process, can be found on the Barbara A. Ringer Copyright Honors Program website. Applications will be accepted through September 15, 2017. The fellowship is expected to start in September 2018.


RFC LOC DMCA Sec 1201 Circumvention Exceptions Comments Due Sept 13 https://copyright.gov/newsnet/2017/673.html?loclr=eanco


U.S. Copyright Office Announces Start of Seventh Triennial Rulemaking Proceeding Under Section 1201
Issue No. 673 - June 30, 2017


The Copyright Office has published a notice of inquiry and request for petitions initiating the seventh triennial rulemaking proceeding under the Digital Millennium Copyright Act (DMCA), 17 U.S.C. § 1201. Section 1201 provides that the Librarian of Congress, upon the recommendation of the Register of Copyrights, may adopt temporary exemptions to the DMCA's prohibition against circumvention of technological measures that control access to copyrighted works. The ultimate goal of the proceeding is to determine whether there are particular classes of works as to which users are, or are likely to be in the next three years, adversely affected in their ability to make noninfringing uses due to the prohibition on circumventing access controls. When such classes are identified, the Librarian promulgates regulations exempting the classes from the prohibition for the succeeding three-year period.


For this proceeding, the Office is establishing a new, streamlined procedure for the renewal of exemptions that were granted during the sixth triennial rulemaking. If renewed, those current exemptions would remain in force for an additional three-year period (October 2018–October 2021).


The notice of inquiry requests for interested parties to submit written petitions for renewal of current exemptions by July 31, 2017, written comments in response to any petitions for renewal by September 13, 2017, and written petitions proposing new exemptions by September 13, 2017.


For more information, please visit https://www.copyright.gov/1201/2018/.


Wednesday, July 12, 2017

1962 :: July 12 :: Telstar Satellite Launched

July 12, 1962: The Day Information Went Global, NASA

"Telstar was launched by NASA on July 10, 1962, from Cape Canaveral, Fla., and was the first privately sponsored space-faring mission. Two days later, it relayed the world's first transatlantic television signal, from Andover Earth Station, Maine, to the Pleumeur-Bodou Telecom Center, Brittany, France.

"Developed by Bell Telephone Laboratories for AT&T, Telstar was the world's first active communications satellite and the world's first commercial payload in space. It demonstrated the feasibility of transmitting information via satellite, gained experience in satellite tracking and studied the effect of Van Allen radiation belts on satellite design. The satellite was spin-stabilized to maintain its desired orientation in space. Power to its onboard equipment was provided by a solar array, in conjunction with a battery back-up system.

"Although operational for only a few months and relaying television signals of a brief duration, Telstar immediately captured the imagination of the world. The first images, those of President John F. Kennedy and of singer Yves Montand from France, along with clips of sporting events, images of the American flag waving in the breeze and a still image of Mount Rushmore, were precursors of the global communications that today are mostly taken for granted.

"Telstar operated in a low-Earth orbit and was tracked by the ground stations in Maine and France. Each ground station had a large microwave antenna mounted on bearings, to permit tracking the satellite during the approximately half-hour period of each orbit when it was overhead. The signals from Telstar were received and amplified by a low-noise "maser" (Microwave Amplification by Stimulated Emission of Radiation), the predecessor of the modern laser. After demonstrating the feasibility of the concept, subsequent communications satellites adopted a much higher orbit, at 22,300 miles above the Earth, at which the satellite's speed matched the Earth's rotation and thus appeared fixed in the sky. During the course of its operational lifespan, Telstar 1 facilitated over 400 telephone, telegraph, facsimile and television transmissions. It operated until November 1962, when its on-board electronics failed due to the effects of radiation."

Tuesday, June 13, 2017

FTC Announces Third PrivacyCon, Calls for Presentations

FTC Announces Third PrivacyCon, Calls for Presentations

FOR RELEASE

Building on the success of its two previous PrivacyCon events, the Federal Trade Commission is announcing a call for presentations for its third PrivacyCon, which will take place on February 28, 2018.

The 2018 PrivacyCon will expand collaboration among leading privacy and security researchers, academics, industry representatives, consumer advocates, and the government. As part of this initiative, the FTC is seeking general research that explores the privacy and security implications of emerging technologies, such as the Internet of Things, artificial intelligence and virtual reality. The 2018 event will focus on the economics of privacy including how to quantify the harms that result from companies' failure to secure consumer information, and how to balance the costs and benefits of privacy-protective technologies and practices.

"Deepening the FTC's understanding of the economics of privacy and consumer harm in the context of information exposure is integral to the FTC's enforcement and educational efforts," said Acting FTC Chairman Maureen K. Ohlhausen. "I have made studying the economics of privacy a centerpiece of my consumer protection agenda, and I hope that PrivacyCon 2018 will highlight important research in this area."

The call for presentations seeks research and input on a wide range of issues and questions to build on previously presented research and promote discussion, including:

  • What are the greatest threats to consumer privacy today? What are the costs of mitigating these threats? How are the threats evolving? How does the evolving nature of the threats impact consumer welfare and the costs of mitigation?
  • How can companies weigh the costs and benefits of security-by-design techniques and privacy-protective technologies and behaviors? How can companies weigh the costs and benefits of individual tools or practices?
  • How can companies assess consumers' privacy preferences?
  • Are there market failures (e.g. information asymmetries, externalities) in the area of privacy and data security? If so, what tools and strategies can businesses or consumers use to overcome or mitigate those failures? How can policymakers address those failures?

Submissions for PrivacyCon must be made by November 17, 2017.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook(link is external), follow us on Twitter(link is external), read our blogs and subscribe to press releases for the latest FTC news and resources.

CONTACT INFORMATION 

MEDIA CONTACT:
Juliana Gruenwald Henderson(link sends e-mail)
Office of Public Affairs
202-326-2924

STAFF CONTACT:
Kristen Anderson
Bureau of Consumer Protection
202-326-3209

Friday, June 09, 2017

Is an IP Number the Same as a Telephone Number? :: U.S. v Ulbright, 2nd Cir. May 31, 2017 (The Silk Road Case)

Both telephone numbers and IP numbers function as network addresses. Are they analogous in terms of law and policy? The recent Second Circuit decision U.S. v Ulbright (The Silk Road Case) concludes that they are. But of course the answer to this question depends on the context in which it is asked.

Source: Wikicommons
CASE SUMMARY: "Defendant Ulbricht appeals from a judgment of conviction and sentence to life imprisonment entered in the United States District Court for the Southern District of New York. A jury convicted Defendant of drug trafficking and other crimes associated with his creation and operation of Silk Road, an online marketplace whose users primarily purchased and sold illegal goods and services. He challenges several aspects of his conviction and sentence, arguing that (1) the district court erred in denying his motion to suppress evidence assertedly obtained in violation of the Fourth Amendment; (2) the district court committed numerous errors that deprived him of his right to a fair trial, and incorrectly denied his motion for a new trial; and (3) his life sentence is both procedurally and substantively unreasonable. Because the appellate court identified no reversible error, it AFFIRMED Defendant's conviction and sentence in all respects."

In this post, we look at Defendant's claim that evidence was obtained in violation of the Fourth Amendment, specifically that for purposes of Trap and Trace, an IP number is not functionally the same as a telephone number.

FACTS: Suspecting Defendant's involvement in Silk Road, law enforcement agents (LEAs) obtained five pen/trap orders pursuant to 18 U.S.C. § 3121-27. "The orders authorized LEAs to collect IP address data for Internet traffic to and from Defendant's home wireless router and other devices that regularly connected to Defendant's home router." "The pen/trap orders did not permit the government to access the content of Defendant's communications, nor did the government 'seek to obtain the contents of any communications.'"

"According to Defendant, the government's use of his home Internet routing data violated the Fourth Amendment because it helped the government match Defendant's online activity with DPR's use of Silk Road. Defendant argues that he has a constitutional privacy interest in IP address traffic to and from his home and that the government obtained the pen/trap orders without a warrant, which would have required probable cause."

RULE: "The government obtained the orders pursuant to the Pen/Trap Act, which provides that a government attorney "may make [an] application for an order . . . authorizing or approving the installation and use of a pen register or a trap and trace device . . . to a court of competent jurisdiction." 18 U.S.C. § 3122(a)(1). A "pen register" is defined as a "device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted," and "shall not include the contents of any communication." Id. § 3127(3). A "trap and trace" device means "a device or process which captures the incoming electronic or other impulses which identify the originating number or other dialing, routing, addressing, and signaling information reasonably likely to identify the source of a wire or electronic communication." Id. § 3127(4). Like pen registers, trap and trace devices may not capture the "contents of any communication." Id."

The level of legal process required is an application to a court, unlike a Fourth Amendment search and seizure that requires a warrant. LEAs receive transactional information about the communications, such as the communications' addressing. Courts have held that pursuant to the Third Party Doctrine, individuals have no expectation of privacy in transactional information - individuals turn this information over to network providers in order to set up and complete communications.

It is settled caselaw that telephone numbers are "addressing" that fall within this precedent. They are network addresses used by individuals given over to the network provider to set up and complete telephone calls. According to the Supremes,
Telephone users, in sum, typically know that they must convey numerical information to the phone company; that the phone company has facilities for recording this information; and that the phone company does in fact record this information for a variety of legitimate business purposes.
Smith v. Maryland, 442 U.S. 735, 743-44 (1979) .

ISSUE: Is an IP number an "address" analogous to a telephone number?

ANALYSIS: Federal courts have concluded that IP numbers provide the same function as telephone numbers and fall under the Third Party Doctrine in the same way as telephone numbers.
E-mail and Internet users, like the telephone users in Smith, rely on third-party equipment in order to engage in communication. Smith based its holding that telephone users have no expectation of privacy in the numbers they dial on the users' imputed knowledge that their calls are completed through telephone company switching equipment. 442 U.S. at 742, 99 S.Ct. 2577. Analogously, e-mail and Internet users have no expectation of privacy in the to/from addresses of their messages or the IP addresses of the websites they visit because they should know that this information is provided to and used by Internet service providers for the specific purpose of directing the routing of information. Like telephone numbers, which provide instructions to the "switching equipment that processed those numbers," e-mail to/from addresses and IP addresses are not merely passively conveyed through third party equipment, but rather are voluntarily turned over in order to direct the third party's servers. Id. at 744, 99 S.Ct. 2577.
United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2008).

The 2nd Circuit in Ulbright agrees with the 9th Circuit, stating that "the recording of IP address information and similar routing data, which reveal the existence of connections between communications devices without disclosing the content of the communications, are precisely analogous to the capture of telephone numbers at issue in Smith… The substitution of electronic methods of communication for telephone calls does not alone create a reasonable expectation of privacy in the identities of devices with whom one communicates."

HOLDING: IP numbers are analogous to telephone numbers for purposes of Trap and Trace and Pen Registers.

WHERE IP NUMBERS and TELEPHONE NUMBERS INTERSECT: There are other points where IP numbers and telephone numbers intersect. Recently the FCC in the 2015 Open Internet order revised the definition of " telecommunications service" to include networks that utilize the North American Numbering Plan as well as ICANN's IP address resource. When the FCC then applied privacy regulations to the Internet, the Internet Society adamantly argued that IP numbers are not analogous to telephone numbers. . However, ISOC elsewhere indicated support for the Open Internet. ISOC's concern appeared to be less about the analogy and more about applying "telephone era regulations to the Internet."

The analogy between IP numbers and telephone numbers has also arisen in the context of Regional Internet Registries (RIRs) who have grappled with address transfers and whether network addresses are the property of the assignee or of the network. FCC precedent has held that network addresses are the property of the network, not the subscriber - a policy necessary to ensure the efficient operation of the network. A policy that views network addresses as the property of subscribers encumbers the network resource in bankruptcy proceedings, trademark disputes, mergers and acquisitions, and speculations. Following the precedent of the telephone numbering resource, RIRs have contractual terms that state that IP numbers are the property of the RIRs and not assignees.

Finally, IP Numbers and telephone numbers intersect with VoIP. iVoIP providers need access to the telephone number resource in order to assign telephone numbers to their customers and must make number portability available. They also need to be able to interconnect with other North American Numbering Plan networks (in other words, reach other network end points addressable by telephone numbers). See also ENUM.

CITATION: U.S. v Ulbright, 2nd Cir. May 31, 2017 (The Silk Road Case)

Sunday, April 30, 2017

1995 :: April 30 :: NSFNET Decommissioned

April 30th, 1995 marked the end of the wildly successful NSFNET.  NSFNET was born out of the desire to expand the Internet community beyond a Department of Defense playground, extending it to the full academic community.  It ended with the successful privatization of the Internet, transferring backbone services to commercial networks, and establishing key commercial Internet interconnection sites.

NSFNET gave us the early commercial topology of the Internet, with Tier 1 backbones, Tier 2 regional networks, and Tier 3 local networks. NSFNET gave us our first dedicated backbone and the first mbps backbone.  It also gave us the crucial Network Access Points, known today as Internet eXchange Points.  The contractors that bid for the opportunity to build and operate NSF's network learned from their experience and launched into the information economy as the leading commercial Internet networks. A government investment of millions of dollars had a Return on Investment of an entire new economy.


In 1995, MERIT published the NSFNET Final Report, in which it was stated:
"Infrastructures, for purposes such as transportation and communication, have long been vital to national welfare. They knit together a country's economy by facilitating the movement of people, products, services, and ideas, and play important roles in national security." p. 4.
The report concluded:
"Since the earliest days of the telegraph and the telephone, history tells us that the arrival of each new communications medium has been accompanied by grandiose claims of its potential benefits to society. In order to take advantage of the exciting opportunities afforded by today's technology, it is imperative that policy makers examine the development of the NSFNET and the Internet. We are still far away from a truly open, interoperable, and ubiquitous global information infrastructure accessible to all, "from everyone in every place to everyone in every other place, a system as universal and as extensive as the highway system of the country which extends from every man's door to every other man's door," in the words of Theodore Vail, president of AT&T in 1907. However, the Internet has brought us a giant step closer to realizing the promise of high-speed networking, one of the most revolutionary communications technologies ever created. As part of this phenomenon, the NSFNET backbone service provided a model for future partnerships as well as a legacy of technology for the world." p. 43.