Friday, November 03, 2017

Sen. Comm. Comm. Hrg. Nov 7 :: Advancing IoT in Rural America

U.S. Sen. Roger Wicker (R-Miss.), chairman of the Subcommittee on Communications, Technology, Innovation, and the Internet, will convene a hearing titled "Advancing the Internet of Things in Rural America," at 10:00 a.m. on Tuesday, November 7, 2017. The hearing will examine the use and benefits of the Internet of Things (IoT) in rural communities, and the infrastructure needs necessary to advance the IoT market to ensure rural America has access to products and devices that are driving the digital economy.

Witnesses:

  • Mr. Michael Adcock, Executive Director, Telehealth Center University of Mississippi Medical Center, Jackson, Miss.
  • Mr. David Armitage, Founder and CEO of Cartasite, Denver, Colo.
  • Mr. Timothy Hassinger, President and CEO, Lindsay Corporation, Omaha, Neb.
  • Mr. Michael Terzich, Chief Administrative Officer, Zebra Technologies, Lincolnshire, Ill.

Hearing Details:

Tuesday, November 7, 2017
10:00 a.m.
Subcommittee on Communications, Technology, Innovation, and the Internet

 

This hearing will take place in Russell Senate Office Building, Room 253. Witness testimony, opening statements, and a live video of the hearing will be available on www.commerce.senate.gov.

Thursday, November 02, 2017

1988, Nov. 2 :: 25th Anniversary of the Morris Worm

"In the fall of 1988, Morris was a first-year graduate student in Cornell University's computer science Ph.D. program. Through undergraduate work at Harvard and in various jobs he had acquired significant computer experience and expertise. When Morris entered Cornell, he was given an account on the computer at the Computer Science Division. This account gave him explicit authorization to use computers at Cornell. Morris engaged in various discussions with fellow graduate students about the security of computer networks and his ability to penetrate it.

Disc containing Morris Code
at Museum of Science
"In October 1988, Morris began work on a computer program, later known as the Internet "worm" or "virus." The goal of this program was to demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects that Morris had discovered. The tactic he selected was release of a worm into network computers. Morris designed the program to spread across a national network of computers after being inserted at one computer location connected to the network. Morris released the worm into Internet, which is a group of national networks that connect university, governmental, and military computers around the country. The network permits communication and transfer of information between computers on the network.

"Morris sought to program the Internet worm to spread widely without drawing attention to itself. The worm was supposed to occupy little computer operation time, and thus not interfere with normal use of the computers. Morris programmed the worm to make it difficult to detect and read, so that other programmers would not be able to "kill" the worm easily. Morris also wanted to ensure that the worm did not copy itself onto a computer that already had a copy. Multiple copies of the worm on a computer would make the worm easier to detect and would bog down the system and ultimately cause the computer to crash. Therefore, Morris designed the worm to "ask" each computer whether it already had a copy of the worm. If it responded "no," then the worm would copy onto the computer; if it responded "yes," the worm would not duplicate. However, Morris was concerned that other programmers could kill the worm by programming their own computers to falsely respond "yes" to the question. To circumvent this protection, Morris programmed the worm to duplicate itself every seventh time it received a "yes" response. As it turned out, Morris underestimated the number of times a computer would be asked the question, and his one-out-of-seven ratio resulted in far more copying than he had anticipated. The worm was also designed so that it would be killed when a computer was shut down, an event that typically occurs once every week or two. This would have prevented the worm from accumulating on one computer, had Morris correctly estimated the likely rate of reinfection.

"Morris identified four ways in which the worm could break into computers on the network: (1) through a "hole" or "bug" (an error) in SEND MAIL, a computer program that transfers and receives electronic mail on a computer; (2) through a bug in the "finger demon" program, a program that permits a person to obtain limited information about the users of another computer; (3) through the "trusted hosts" feature, which permits a user with certain privileges on one computer to have equivalent privileges on another computer without using a password; and (4) through a program of password guessing, whereby various combinations of letters are tried out in rapid sequence in the hope that one will be an authorized user's password, which is entered to permit whatever level of activity that user is authorized to perform.

"On November 2, 1988, Morris released the worm from a computer at the Massachusetts Institute of Technology. MIT was selected to disguise the fact that the worm came from Morris at Cornell. Morris soon discovered that the worm was replicating and reinfecting machines at a much faster rate than he had anticipated. Ultimately, many machines at locations around the country either crashed or became "catatonic." When Morris realized what was happening, he contacted a friend at Harvard to discuss a solution. Eventually, they sent an anonymous message from Harvard over the network, instructing programmers how to kill the worm and prevent reinfection. However, because the network route was clogged, this message did not get through until it was too late. Computers were affected at numerous installations, including leading universities, military sites, and medical research facilities. The estimated cost of dealing with the worm at each installation ranged from $200 to more than $53,000.

"Morris was found guilty, following a jury trial, of violating 18 U.S.C. Section 1030(a)(5)(A). He was sentenced to three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision."

- U.S. v. Morris, 928 F.2d 504 (2nd Cir. 1991)

Postlude 

The Morris Worm also resulted in the creation of multiple new federal projects such as CERT with the mission of researching, thwarting, and alerting the network to new possible threats.  

Robert Morris is reportedly a professor at MIT.

Monday, October 30, 2017

U.S. Copyright Office Issues Notice of Proposed Rulemaking in the Seventh Triennial Rulemaking Proceeding Under Section 1201

"The Copyright Office has published a notice of proposed rulemaking in the seventh triennial rulemaking proceeding under the Digital Millennium Copyright Act (DMCA), 17 U.S.C. § 1201. Section 1201 provides that the Librarian of Congress, upon the recommendation of the Register of Copyrights, may exempt certain classes of works from the prohibition against circumvention of technological measures that control access to copyrighted works.


"As set forth in its prior notice of inquiry, the Office established a new, streamlined procedure for the renewal of exemptions that were granted during the sixth triennial rulemaking. The Office has now reviewed all comments regarding current exemptions received in response to that notice. With this notice of proposed rulemaking, the Office concludes that it has received a sufficient petition to renew each existing exemption, and it does not find any meaningful opposition to renewal. Accordingly, the Office intends to recommend readoption of all existing exemptions.


"In addition, the notice outlines proposed classes for exemptions for which the Office now initiates three rounds of public comment. In the first round of comments, which are due December 18, 2017, the Office seeks legal and evidentiary submissions from parties who support the adoption of a proposed exemption as well as parties that neither support nor oppose an exemption but seek to share pertinent information about a proposal. Responsive legal and evidentiary submissions from those who oppose the adoption of a proposed exemption are due February 12, 2018. Written reply comments from supporters of a proposed exemption and parties that neither support nor oppose a proposed exemption are due March 14, 2018.


"Participants in the proceeding are encouraged to familiarize themselves with section 1201(a)(1) and the rulemaking requirements so they can maximize the effectiveness of their submissions. For more information, commenters should carefully review the notice of proposed rulemaking and submission instructions available at https://www.copyright.gov/1201/2018/. Additional background information about section 1201 is available at https://www.copyright.gov/1201/, which contains helpful resources, such as video tutorials, the Office's recent policy study on section 1201, and links to prior rulemaking proceedings. 

Friday, October 20, 2017

Truth and Misinformation :: Content Providers and Intl Transport :: Geoff Huston :: CFP Internet Law Works in Progress Conf



The Future of Truth and Misinformation Online Pew http://www.pewinternet.org/2017/10/19/the-future-of-truth-and-misinformation-online/


NANOG Vid: Telegeography, Optical Illusions: Content Providers and the Impending Transformation of International Transport https://youtu.be/0_6zk87pxRQ


NANOG Vid: Geoff Huston, Let's Encrypt with Dane https://youtu.be/09fNjMur1Gs


Call for Projects/Papers/Participation for 8th Annual Internet Law Works-in-Progress Conference, NYLS, March 24, 2018

http://blog.ericgoldman.org/archives/2017/10/call-for-projectspapersparticipation-for-8th-annual-internet-law-works-in-progress-conference-nyls-march-24-2018.htm


Thursday, October 19, 2017

BEREC NN Report :: House Tech Hrg Cybersecurity Kaspersky Labs :: FCC FACA Broadband Deployment :: NTIA IOT Mtg ::

BEREC publishes study on Net Neutrality regulation in Chile, India and USA http://berec.europa.eu//eng/news_and_publications/whats_new/4539-berec-publishes-study-on-net-neutrality-regulation-in-chile-india-and-usa

House Tech Com Hrg: Bolstering Govt's Cybersecurity: Assessing Risk of Kaspersky Lab Products to Federal Government https://science.house.gov/legislation/hearings/bolstering-government-s-cybersecurity-assessing-risk-kaspersky-lab-products


Protecting the Privacy of Customers of Broadband and Other Telecommunications Services

Under the Congressional Review Act, Congress has passed, and the President has signed, Public Law 115-22, a resolution of disapproval of the rule that the Federal Communications Commission (FCC) submitted pursuant to such Act relating to "Protecting the Privacy of Customers of Broadband and Other Telecommunications Services." By operation of the Congressional Review Act, the rule submitted by the FCC shall be treated as if it had never taken effect. However, because the Congressional Review Act does not direct the Office of the Federal Register to remove the voided regulatory text and reissue the pre-existing regulatory text, the FCC issues this document to effect the removal of any amendments, deletions, or other modifications made by the nullified rule, and the reversion to the text of the regulations in effect immediately prior to the effect date of the Report and Order relating to "Protecting the Privacy of Customers of Broadband and Other Telecommunications Services."

Notice of 11/08/2017 Virtual Meeting of Multistakeholder Process on Internet of Things Security Upgradability and Patching


Date: 
October 12, 2017
Docket Number: 

NTIA will convene a virtual meeting of a multistakeholder process on Internet of Things Security Upgradability and Patching on November 8, 2017. The virtual meeting will be held on November 8, 2017, from 2:00 p.m. to 4:30 p.m., Eastern Time. 

For further information contact Allan Friedman, National Telecommunications and Information Administration, U.S. Department of Commerce, 1401 Constitution Avenue NW., Room 4725, Washington, DC 20230; telephone: (202) 482-4281; email: afriedman@ntia.doc.gov. Please direct media inquiries to NTIA's Office of Public Affairs: (202) 482-7002; email: press@ntia.doc.gov.



Report on Responses to NTIA's Request for Comments on Promoting Stakeholder Action Against Botnets and Other Automated Threats


Date: 
September 18, 2017
Docket Number: 
170602536-7536-01

This report identifies the common themes found in the responses to NTIA's "Request for Comments on Promoting Stakeholder Action Against Botnets and Other Automated Threats." It is not a comprehensive discussion of all comments, nor does it reflect a government decision. The full text of all comments is available here.



Friday, July 28, 2017

FTC IOT Winner :: Sec. 1201 RFC :: LOC Ringer Fellowships

FTC Announces Winner of its Internet of Things Home Device Security Contest https://www.ftc.gov/news-events/press-releases/2017/07/ftc-announces-winner-its-internet-things-home-device-security

The Federal Trade Commission announced that a mobile app developed by a New Hampshire software developer was awarded the top prize in the agency's competition seeking tools to help consumers protect the security of their Internet of Things (IoT) devices.

The FTC launched the contest in January to challenge innovators to develop a tool that would help address security vulnerabilities of IoT devices.

With the assistance of an expert panel of five judges, the FTC awarded Steve Castle the $25,000 top prize for his proposal for a mobile app, "IoT Watchdog." As a software developer, Castle said he was motivated to enter the contest to distill his network security knowledge and experience into a tool that can help users easily determine if their devices are out of date or if their networks are insecure. The mobile app he proposed seeks to help users manage the IoT devices in their home. It would enable users with limited technical expertise to scan their home Wi-Fi and Bluetooth networks to identify and inventory connected devices. It would flag devices with out-of-date software and other common vulnerabilities and provide instructions on how to update each device's software and fix other vulnerabilities.


Copyright Office Announces Open Application Period for Ringer Fellowships https://copyright.gov/newsnet/2017/674.html?loclr=eanco

The United States Copyright Office is now accepting applications for the Barbara A. Ringer Copyright Honors Program. The fellowship, which runs eighteen- to twenty-four months, was created for attorneys in the initial stages of their careers who demonstrate exceptional ability and interest in copyright law. Ringer Fellows work closely with senior attorneys and others in the Office of the General Counsel, the Office of Policy and International Affairs, the Office and the Register, and the Registration Program on a range of copyright-related law and policy matters. Ringer Fellows serve as full-time federal employees for the term of their fellowships and are eligible for salary and benefits as permitted under federal law.


Additional details about the Ringer Fellowship, including the application process, can be found on the Barbara A. Ringer Copyright Honors Program website. Applications will be accepted through September 15, 2017. The fellowship is expected to start in September 2018.


RFC LOC DMCA Sec 1201 Circumvention Exceptions Comments Due Sept 13 https://copyright.gov/newsnet/2017/673.html?loclr=eanco


U.S. Copyright Office Announces Start of Seventh Triennial Rulemaking Proceeding Under Section 1201
Issue No. 673 - June 30, 2017


The Copyright Office has published a notice of inquiry and request for petitions initiating the seventh triennial rulemaking proceeding under the Digital Millennium Copyright Act (DMCA), 17 U.S.C. § 1201. Section 1201 provides that the Librarian of Congress, upon the recommendation of the Register of Copyrights, may adopt temporary exemptions to the DMCA's prohibition against circumvention of technological measures that control access to copyrighted works. The ultimate goal of the proceeding is to determine whether there are particular classes of works as to which users are, or are likely to be in the next three years, adversely affected in their ability to make noninfringing uses due to the prohibition on circumventing access controls. When such classes are identified, the Librarian promulgates regulations exempting the classes from the prohibition for the succeeding three-year period.


For this proceeding, the Office is establishing a new, streamlined procedure for the renewal of exemptions that were granted during the sixth triennial rulemaking. If renewed, those current exemptions would remain in force for an additional three-year period (October 2018–October 2021).


The notice of inquiry requests for interested parties to submit written petitions for renewal of current exemptions by July 31, 2017, written comments in response to any petitions for renewal by September 13, 2017, and written petitions proposing new exemptions by September 13, 2017.


For more information, please visit https://www.copyright.gov/1201/2018/.