126 posts categorized "Internet Access" Feed

The Bogus Claims By Broadband Providers And Their Allies About Net Neutrality

The Techdirt blog has called out -- in plain language -- the bogus claims and distortions by broadband providers about net neutrality rules. Techdirt reported:

"... one of AT&T, Comcast and Verizon's favorite bogus claims about net neutrality rules is that such consumer protections will somehow prevent the sick or disabled from getting the essential internet connectivity they need. For example, Verizon once tried to claim that the deaf and disabled would be harmed if large ISPs weren't allowed to create fast or slow lanes.. this claim that net neutrality rules somehow prevent ISPs from prioritizing essential medical technologies or other priority traffic has always been bullshit. The FCC's 2015 open internet rules (pdf) are embedded with numerous, significant caveats when it comes to creating fast and slow lanes... In fact, the existing rules go to great lengths to differentiate "Broadband Internet Access Service (BIAS),” (your e-mail, Netflix streams and other more ordinary traffic) from “Non-BIAS data services,” which can include everything from priority VoIP traffic to your heart monitor and other Telemedicine systems."

The U.S. Federal Communications Commission (FCC), led by Ajit Pai a former lawyer at Verizon, moved closer to eliminating net neutrality with a preliminary vote in May. For those who don't know or have forgotten, net neutrality is when consumers are in control -- consumers choose where to go online with the broadband they've purchased, and ISPs must treat all content equally. That means no blocking, no throttling, and no paid prioritization. Net neutrality means consumers stay in control of where they go online.

Without net neutrality, consumers lose the freedom of choice. ISPs will decide where consumers can go online, which sites you can visit, and which sites you can visit only if you pay more. ISPs will likely group web sites into tiers (e.g., slow vs. fast "lanes"), similar to premium cable-TV channels. Do you want your monthly internet bill as confusing, complicated, and expensive as your cable-TV bill? I don't, and I doubt you do either.

TechDirt highlighted other bogus claims:

... how net neutrality kills network investment) doesn't stop it from being circulated repeatedly by the army of politicians, think tankers, consultants, fauxcademics, and lobbyists paid to pee in the net neutrality discourse pool.

One of the core perpetrators of this myth is AT&T, which just scored a massive, lucrative $6.5 billion contract to build the nation's first, unified emergency first responder network: aka FirstNet... AT&T isn't worried about net neutrality rules harming medical services, since they've long-been exempted. AT&T's worried about one thing: any rules stopping it from abusing a lack of broadband competition to drive up prices and engage in anti-competitive behavior."

Back in May, the U.S. Federal Communications Commission (FCC) tmoved closer to eliminating net neutrality with a preliminary vote in May.

What can you do? Plenty. Now is the time for more concerned citizens to rise, speak up, and fight back. Write to your elected officials. Tell your friends, classmates, coworkers, and family members. Use this action form to contact your elected officials. Participate in local marches and protests. Join the Fight For The Future. Support the EFF.


Data Breach Exposes Information Of Millions Of Verizon Customers

Verizon logo A data breach at Verizon has exposed the sensitive information of millions of customers. ZD Net reported:

"As many as 14 million records of subscribers who called the phone giant's customer services in the past six months were found on an unprotected Amazon S3 storage server controlled by an employee of NICE Systems, a Ra'anana, Israel-based company. The data was downloadable by anyone with the easy-to-guess web address."

Many businesses use cloud services vendors  -- Amazon Web Services and other vendors -- to outsource the storage of customers' information in online databases. While the practice isn't new, a problem is that customers aren't always informed of the business practice using their sensitive information.

Founded in 1986, NICE Systems has 3,500 employees, serves about 25,000 customers in 150 countries, and provides services to 85 percent of Fortune 100 companies. The exact number of affected Verizon customers is disputed.

The security firm Upguard found the unprotected cloud-based storage server:

"Upguard's Cyber Risk Team can now report that a mis-configured cloud-based file repository exposed the names, addresses, account details, and account personal identification numbers (PINs) of as many as 14 million US customers of telecommunications carrier Verizon, per analysis of the average number of accounts exposed per day in the sample that was downloaded. The cloud server was owned and operated by telephonic software and data firm NICE Systems, a third-party vendor for Verizon. (UPDATE: July 12, 3 PM PST - Both NICE Systems and Verizon have since confirmed the veracity of the exposure, while a Verizon spokesperson has claimed that only 6 million customers had data exposed)."

Whether the total number of breach victims is 6 or 14 million customers, neither is good. The phrase "account details" is troubling. That could mean anything from e-mail addresses to payment information to residential addresses, or more.

Upguard's announcement added:

"Beyond the risks of exposed names, addresses, and account information being made accessible via the S3 bucket’s URL, the exposure of Verizon account PIN codes used to verify customers, listed alongside their associated phone numbers, is particularly concerning. Possession of these account PIN codes could allow scammers to successfully pose as customers in calls to Verizon, enabling them to gain access to accounts—an especially threatening prospect, given the increasing reliance upon mobile communications for purposes of two-factor authentication.

Finally, this exposure is a potent example of the risks of third-party vendors handling sensitive data... Third-party vendor risk is business risk; sharing access to sensitive business data does not offload this risk, but merely extends it to the contracted partner, enabling cloud leaks to stretch across several continents and involve multiple enterprises."

Agreed. This outsourcing business practice may be profitable for all companies involved, but the outsourcing practice does not decrease the risks. Not good. Mis-configured cloud servers should not happen. Not good. The event raises the question: when has this happened before, but went undetected?

Verizon released a statement about the incident:

"... an employee of one of our vendors put information into a cloud storage area and incorrectly set the storage to allow external access. We have been able to confirm that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention. In other words, there has been no loss or theft of Verizon or Verizon customer information.

By way of background, the vendor was supporting an approved initiative to help us improve a residential and small business wireline self-service call center portal and required certain data for the project. The overwhelming majority of information in the data set had no external value, although there was a limited amount of personal information included, and in particular, there were no Social Security numbers or Verizon voice recordings in the cloud storage area.

To further clarify, the data supports a wireline portal and only includes a limited number of cell phone numbers for customer contact purposes. In addition, to the extent PINs were included in the data set, the PINs are used to authenticate a customer calling our wireline call center, but do not provide online access to customer accounts..."

Typically, after a breach companies hire independent security experts to investigate breaches and the contributing causes. Verizon's announcement did not state who, if anyone, it hired to perform a post-breach investigation nor when. So, according to Verizon: no big deal. No problem. Hmmmmm.

Reportedly, Upguard notified Verizon about the breach on June 13, and the breach was fixed on June 22. Upguard added:

"The long duration of time between the initial June 13th notification to Verizon by UpGuard of this data exposure, and the ultimate closure of the breach on June 22nd, is troubling."

Troubling, indeed. What took Verizon (and/or Nice Systems) so long? Verizon's statement didn't say. And what is Verizon (and/or NICE Systems) doing so this type of breach doesn't happen again? I look forward to upcoming explanations by both companies.

Readers: what are your opinions of this data breach? Of how long it took Verizon to fix things? Of the outsourcing practice? Verizon customers:

  • Is Verizon doing enough to protect your sensitive data?
  • Should affected customers be notified directly?
  • Have you received a breach notice from Verizon? If so, share some of its details.

Verizon To Exit Its Copper Wire Telephone Business In Several States In 2018

Verizon logo If your home uses a copper wire telephone service, often called a "landline" or POTS (e.g., Plain Old Telephone Service), you may soon have to make a change. In Boston, Verizon will abandon its landline business in June 2018.

On Saturday, my wife received a letter via postal mail from Verizon. We live in Boston. The "Notice of Copper Retirement" stated:

"Currently, Verizon brings voice and/or data services to your home over copper cables. However, the company is updating to fiber-optic technology in your area, and will be retiring its copper facilities that currently serve you and your neighbors.

To continue to provide you service, Verizon will have to move your service to these fiber-optic facilities. If fiber is available to your home now, we will be contacting you individually soon to schedule an appointment to transition your services to fiber. Otherwise, we will be contacting you once fiber is available. In either case, we will need to move your service well before we retire the copper in your area which is scheduled for on or after June 1, 2018

We will transfer your voice services from copper to fiber at no cost to you. This transfer will not result in any change to the voice service that you currently receive from Verizon. You may continue to subscribe to the same voice service at the same price, terms, and conditions. In addition, any devices that rely upon your voice service, such as fax machines, medical devices, or security alarms connected to a central station, will continue to work in the same way as they currently do over copper. We will also provide you with a battery backup device at no charge. For almost all residential customers, that device uses standard D-cell batteries that can support up to 24 hours of standby voice service during a commercial power outage. In case of a prolonged power outage, you can simply replace the batteries and extend the backup power.

If you subscribe to our High Speed Internet service, the migration to fiber will require a change since that service is not available on our fiber facilities. The Internet access service that we offer on fiber is FiOS Internet. FiOS Internet is available at significantly faster speeds than High Speed Internet. We will offer the service at a special rate for customers who migrate from copper to fiber facilities as a result of the retirement of our copper facilities. In some cases, this price may be lower or higher than what you currently pay for internet access.

Please review the Frequently Asked Questions for additional information about the fiber update or visit us at verizon.com/fiberupgrade. If you still have questions, please call us Monday through Friday, 8 a.m. - 8 p.m., or Saturday 9 a.m. - 5 p.n. at 1-877-439-7442.

You may also contact the Federal Communications Commission or your State Commission if you have any questions. Thank you for continuing to be a loyal customer. We greatly appreciate your business.

Sincerely

Janet Gazlay Martin
Director, Network Transformation

I visited the website mentioned in the notice. That site pitches the FiOS Internet service, and doesn't explain the company's copper landline retirement activities. You have to do a little digging online to find the locations where Verizon announced its retirement of copper-wire telephone services. The locations include several states in the Northeast and Middle Atlantic regions. Earlier this month, Verizon announced the retirement of copper landlines next year in the following states, cities, and towns:

  • Delaware: Newark, Ocean View
  • Maryland: Bethesda, Columbia, Glen Burnie, Rockville, Towson
  • Massachusetts: Danvers, Dorchester, Framingham, Hanover, Lawrence, Leominster, Marblehead, Newton, North Chelmsford, Roxbury, Stoughton, West Roxbury
  • New Jersey: Bergen, Berlin, Cape May, Cranford, East Dover, East Orange, Ewing, Freehold, Hackensack, Haddonfield, Journal Square, Marlton, Medford, Merchantville, Morristown, New Brunswick, Red Bank, Somerville, Toms River, Union City, Wall Township, Woodbury
  • New York: Cayuga Williamsville, Cornwall, Mineola, Mount Vernon, Plainview Central, Skaneateles, White Plains, and multiple areas within all of the five boroughs of New York City
  • Pennsylvania: Allentown, Dormont, Glenolden, Jefferson, Jenkintown, Mayfair, Mechanicsburg, portions of Philadelphia, Pilgrim, Turtle Creek, Wilkinsburg
  • Rhode Island: portions of Providence
  • Virginia: Arlington, Falls Church, Reston, Springfield, Virginia Beach, and portions of Richmond

The telecommunications company made similar announcements during February, 2017 about other areas within the same states. Verizon is not alone. Telephone companies have planned for years to abandon their their copper landline services. In August 2015, the Institute of Electrical and Electronics Engineers (IEEE) reported that the U.S. Federal Communications Commission (FCC):

"... set new ground rules for carriers seeking to replace their old copper telephone networks. Approved by a 3-2 vote at an open meeting yesterday, the rules require carriers to notify customers in advance and to seek FCC approval before reducing services... FCC chairman Tom Wheeler and others have been pushing to shift telephone traffic to fiber optics and the Internet. Critics have charged that phone companies are allowing their old copper networks to decay to force customers to shift to fiber service. But some 37 million households —- many of them headed by elderly people —- remain on legacy copper, commissioner Mignon Clyburn noted at the hearing. Other holdouts live in rural areas that lack cellular and broadband service. Some prefer copper connections because they are independent of local power lines, and offer better 911 emergency service.

The FCC ruling requires that carriers notify retail customers at least three months before shutting down a copper network, and provide six-months notice to interconnecting carriers using the old lines. (Clyburn complained that that's much less time than the FCC gave before shutting down analog broadcast television, but voted for the measure anyway.) Carriers also must seek FCC approval if the telephone changeover would "discontinue, reduce or impair" service... In a separate vote, all five FCC commissioners agreed to require carriers to offer customers backup power supplies that maintain their phone service during prolonged power outages..."

You can read announcements by AT&T about copper landline retirements. CenturyLink notified the FCC last year about copper landline retirements in eight states: in Alabama, Florida, Michigan, Minnesota, Pennsylvania, Virginia, Washington, and Wisconsin.

Since the FCC set copper-retirement rules in 2015, technology adoption has climbed slightly. In January of this year, Pew Research reported that 77 percent of adults in the USA own a smartphone and 73 percent have broadband internet at home. However, while:

"... broadband adoption has increased to its highest level since the Center began tracking this topic in early 2000, not all Americans have shared in these gains. For instance, those who have not graduated from high school are nearly three times less likely than college graduates to have home broadband service (34 percent vs. 91 percent)... 12 percent of Americans say they are “smartphone dependent” when it comes to their online access – meaning they own a smartphone but lack traditional broadband service at home. The share of Americans who are smartphone dependent has increased 4 percentage points since 2013, and smartphone reliance is especially pronounced among young adults, nonwhites and those with relatively low household incomes."

While more people have smartphones and internet access at home, a sizeable number still have copper landlines. Phys.org reported in November 2016 the results of a recent survey:

"... 20 percent of the nation's households still view having a landline or fixed telephone as the most important of their telecommunications choices, according to a survey that queried consumers about their telephone and internet preferences... The study also found that for the average consumer, having mobile telephone service is about 3.5 times more important than a landline or fixed telephone service... Study findings suggest about 90 percent of American households have at least one mobile phone, 75 percent have fixed internet service, 58 percent have mobile internet service and 49 percent have fixed telephone service. Mobile telephone service was the most important service for the typical respondent, followed by fixed internet service, mobile internet service and fixed telephone service, although a portion rank fixed telephone first."

According to the 2012 United States Census, there are about 117 million households in the United States, and 2.59 persons on average per household. So, a substantial portion of the population will probably view negatively the termination of copper wire telephone services in their homes.

Verizon's copper termination notice was unnecessarily complicated, which could confuse many consumers. The portion of its notice which said "If fiber is available to your home..." was laughable. FiOS is already available in our neighborhood. Verizon notified me months ago, and I already migrated my antiquated DSL (Digital Subscriber Line) internet service on my phone line to FiOS. Verizon's landline business unit should know what its FiOS division is doing.The left hand should know what the right hand is doing.

So, Verizon's notice wasn't as customized nor as relevant as it could have been. It makes one wonder if, in its zeal to terminate its copper wire phone business, Verizon rushed the customer letters.

Readers of this blog remember the Boston City Council's hearings in 2015 about residents' requests for FiOS. In 2015, Verizon hadn't deployed FiOS even though it had been available in several suburban towns for many years. Example: a friend in Lexington has had FiOS since at least 2009. So, Verizon could have deployed FiOS far sooner, providing consumers more time to migrate their phone service without rushing.

What should consumers do? It depends upon your lifestyle. If you already have a smartphone, you may want to simply terminate your landline phone service and use your smartphone instead. If you don't have a smartphone, you can migrate your copper landline phone service to Verizon's FiOS fiber connection, to a smartphone, or to another telephone service provider. For example, many cable-TV providers, such as Comcast, provide phone service in residences.

Some consumers value security and privacy. If you perform phone-based banking or online banking with your desktop/laptop computer, then security is a concern. Since smartphones or wireless phones using home WiFi networks transmit using radio waves, you'll probably want to encrypt you wireless online banking transmissions to protect against theft by criminals or hackers. Several brands of Virtual Private Network (VPN) software and apps are available to encrypt your wireless transmissions. If you are unfamiliar with VPN software, this prior blog post contains links to online primers and tutorials.

If you received a copper termination letter from your phone company, what were your opinions of it? Did you switch to fiber landlines or to wireless?


FCC Voted Yesterday To Start To Overturn Net Neutrality Rules

Federal communications Commission logo Yesterday, the Federal Communications Commission (FCC) voted to kill net neutrality rules it enacted a couple years ago. The FCC announcement:

"The Federal Communications Commission today took the first step toward restoring Internet freedom and promoting infrastructure investment, innovation, and choice by proposing to end utility-style regulation of broadband Internet access service. In a Notice of Proposed Rulemaking, the FCC proposes to return to the bipartisan framework that preserved a flourishing free and open Internet for almost 20 years.  First, the Notice proposes to reverse the FCC’s 2015 decision to impose heavy-handed Title II utility-style government regulation on Internet service providers (ISPs) and return to the longstanding, successful light-touch framework under Title I of the Communications Act.

Second, the Notice proposes to return to the Commission’s original classification of mobile broadband Internet access service as a private mobile service.  Given the historical innovation and success of the wireless marketplace prior to the Title II Order, this proposal is expected to substantially benefit consumers and the marketplace.

Third, the Notice proposes to eliminate the catch-all Internet conduct standard created by the Title II Order.  Because the Internet conduct standard is extremely vague and expansive, ISPs must guess at what they are permitted to do.  Eliminating the Internet conduct standard is therefore expected to promote innovation and network investment by eliminating regulatory uncertainty."

The vote happened on the scheduled date, despite the unavailability for several hours Sunday morning, May 7, of the FCC website for public comments. The FCC said its site crashed due to a DDoS attack. Before the vote, more than 2 million persons and organizations submitted feedback to the FCC.

The vote was expected since Republicans dominate the three-member committee. FCC Chairman Pai and Commissioner Michael O'Rielly, voted for the change. Commissioner Mignon Clyburn, the only Democrat on the three-member committee, voted against it. In January of this year, President Donald Trump appointed Ajit Pai, a former lawyer with Verizon, as the FCC Chairman.

In a statement about the vote, FCC Chairman Ajit Pai repeated prior claims about "heavy-handed" regulation, an internet that wasn't broken, and decreased infrastructure investment by internet service providers (ISPs). All of these claims were discussed and debunked previously after Chairman Pai's speech in April.

C/Net reported:

"Eliminating the Open Internet Order takes away the internet's level playing field and would allow a select few corporations to choose winners and losers, preventing consumers from accessing the content that they want, when they want it," said Jonathan Schwantes, senior policy counsel for Consumers Union. Democratic Senator Al Franken of Minnesota called it "a major step toward destroying the internet as we know it."

CNN reported:

"More than 1,000 startups and investors have now signed an open letter to Pai opposing the proposal. The Internet Association, a trade group representing bigger companies like Facebook, Google, and Amazon, has also condemned the plan. "The current FCC rules are working for consumers and the protections need to be kept in tact," Michael Beckerman, president and CEO of the Internet Association, said at a press conference Wednesday."

USA Today reported:

"Congress could eventually have a say on the issue. At about the same time the FCC was considering the issue, Sen. John Thune, R-S.D., called for Congress to pass legislation "to protect the internet." Thune, who is the chairman of the Senate Commerce Committee, urged colleagues "to begin bipartisan work on such legislation without any further delay. Innovation and job creation should no longer take a backseat to partisan point-scoring," he said..."

After re-reading the FCC announcement several times, I noticed that it failed to mention nor summarize the feedback received from the public. This makes one wonder if Chairman Pai and the committee took the time to review the comments submitted. During the last thirty (3) days, the public submitted 2,174,196 filings and comments. (See image below.) The feedback included a mix of comments for and against the latest changes.

Did Chairman Pai and the committee read this feedback, or were their minds already made up? And if so, did they simply ignore more than 2 million comments? Fortunately, the public can continue to submit feedback about Proceeding 17-108 until August for the subsequent final FCC vote.

Image of most active items in the FCC Electronic Comment Filing System as of May 19, 2017. Click to view larger version


Any Half-Decent Hacker Could Break Into Mar-a-Lago

[Editor's Note: Today's guest blog post is by the reporters at ProPublica. The article explores the security issues about key locations the President visits repeatedly and does business at. It was originally published yesterday, and is reprinted with permission.]

by Jeff Larson and Julia Angwin, ProPublica; and by Surya Mattu, Gizmodo

Two weeks ago, on a sparkling spring morning, we went trawling along Florida's coastal waterway. But not for fish.

We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained.

A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, New Jersey, with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation.

We have also visited two of President Donald Trump's other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Virginia. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.

The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises.

"Those networks all have to be crawling with foreign intruders, not just ProPublica," said Dave Aitel, chief executive officer of Immunity, Inc., a digital security company, when we told him what we found.

Security lapses are not uncommon in the hospitality industry, which -- like most industries and government agencies -- is under increasing attack from hackers. But they are more worrisome in places where the president of the United States, heads of state and public officials regularly visit.

U.S. leaders can ill afford such vulnerabilities. As both the U.S. and French presidential campaigns showed, hackers increasingly exploit weaknesses in internet security systems in an effort to influence elections and policy. Last week, cyberattacks using software stolen from the National Security Agency paralyzed operations in at least a dozen countries, from Britain's National Health Service to Russia's Interior Ministry.

Since the election, Trump has hosted Chinese President Xi Jinping, Japanese Prime Minister Shinzo Abe and British politician Nigel Farage at his properties. The cybersecurity issues we discovered could have allowed those diplomatic discussions -- and other sensitive conversations at the properties -- to be monitored by hackers.

The Trump Organization follows "cybersecurity best practices," said spokeswoman Amanda Miller. "Like virtually every other company these days, we are routinely targeted by cyberterrorists whose only focus is to inflict harm on great American businesses. While we will not comment on specific security measures, we are confident in the steps we have taken to protect our business and safeguard our information. Our teams work diligently to deploy best-in-class firewall and anti-vulnerability platforms with constant 24/7 monitoring."

The White House did not respond to repeated requests for comment.

Trump properties have been hacked before. Last year, the Trump hotel chain paid $50,000 to settle charges brought by the New York attorney general that it had not properly disclosed the loss of more than 70,000 credit card numbers and 302 Social Security numbers. Prosecutors alleged that hotel credit card systems were "the target of a cyber-attack" due to poor security. The company agreed to beef up its security; it's not clear if the vulnerabilities we found violate that agreement. A spokesman for the New York attorney general declined comment.

Our experience also indicates that it's easy to gain physical access to Trump properties, at least when the president is not there. As Politico has previously reported, Trump hotels and clubs are poorly guarded. We drove a car past the front of Mar-a-Lago and parked a boat near its lawn. We drove through the grounds of the Bedminster golf course and into the parking lot of the golf course in Sterling, Virginia. No one questioned us.

Both President Obama and President Bush often vacationed at the more traditional presidential retreat, the military-run Camp David. The computers and networks there and at the White House are run by the Defense Information Systems Agency.

In 2016, the military spent $64 million on maintaining the networks at the White House and Camp David, and more than $2 million on "defense solutions, personnel, techniques, and best practices to defend, detect, and mitigate cyber-based threats" from hacking those networks.

Even after spending millions of dollars on security, the White House admitted in 2015 that it was hacked by Russians. After the hack, the White House replaced all its computer systems, according to a person familiar with the matter. All staffers who work at the White House are told that "there are people who are actively watching what you are doing," said Mikey Dickerson, who ran the U.S. Digital Service in the Obama administration.

By comparison, Mar-a-Lago budgeted $442,931 for security in 2016 -- slightly more than double the $200,000 initiation fee for one new member. The Trump Organization declined to say how much Mar-a-Lago spends specifically on digital security. The club, last reported to have almost 500 members paying annual dues of $14,000 apiece, allotted $1,703,163 for all administration last year, according to documents filed in a lawsuit Trump brought against Palm Beach County in an effort to halt commercial flights from flying over Mar-a-Lago. The lawsuit was dropped, but the FAA now restricts flights over the club when the president is there.

It is not clear whether Trump connects to the insecure networks while at his family's properties. When he travels, the president is provided with portable secure communications equipment. Trump tracked the military strike on a Syrian air base last month from a closed-door situation room at Mar-a-Lago with secure video equipment.

However, Trump has held sensitive meetings in public spaces at his properties. Most famously, in February, he and the Japanese prime minister discussed a North Korean missile test on the Mar-a-Lago patio. Over the course of that weekend in February, the president's Twitter account posted 21 tweets from an Android phone. An analysis by an Android-focused website showed that Trump had used the same make of phone since 2015. That phone is an older model that isn't approved by the NSA for classified use.

Photos of Trump and Abe taken by diners on that occasion prompted four Democratic senators to ask the Government Accountability Office to investigate whether electronic communications were secure at Mar-a-Lago.

In March, the GAO agreed to open an investigation. Chuck Young, a spokesman for the office, said in an interview that the work was in "the early stages," and did not offer an estimate for when the report would be completed.

So, we decided to test the cybersecurity of Trump's favorite hangouts ourselves.

Our first stop was Mar-a-Lago, a Trump country club in Palm Beach, Florida, where the president has spent most weekends since taking office. Driving past the club, we picked up the signal for a Wi-Fi-enabled combination printer and scanner that has been accessible since at least February 2016, according to a public Wi-Fi database.

An open printer may sound innocuous, but it can be used by hackers for everything from capturing all the documents sent to the device to trying to infiltrate the entire network.

To prevent such attacks, the Defense Information Systems Agency, which secures the White House and other military networks, forbids installing printers that anyone can connect to from outside networks. It also warns against using printers that do more than printing, such as faxing. "If an attacker gains network access to one of these devices, a wide range of exploits may be possible," the agency warns in its security guide.

We also were able to detect a misconfigured and unencrypted router, which could potentially provide a gateway for hackers.

To get a better line of sight, we rented a boat and piloted it to within sight of the club. There, we picked up signals from the club's wireless networks, three of which were protected with a weak and outmoded form of encryption known as WEP. In 2005, an FBI agent publicly broke this type of encryption in minutes.

By comparison, the military limits the signal strength of networks at places such as Camp David and the White House so that they are not reachable from a car driving by. It also requires wireless networks to use the strongest available form of encryption.

From our desks in New York, we were also able to determine that the club's website hosts a database with an insecure login page that is not protected by standard internet encryption. Login forms like this are considered a severe security risk, according to the Defense Information Systems Agency.

Without encryption, spies could eavesdrop on the network until a club employee logs in, and then steal his or her username and password. They then could download a database that appears to include sensitive information on the club's members and their families, according to videos posted by the club's software provider.

This is "bad, very bad," said Jeremiah Grossman, chief of Security Strategy for cybersecurity firm SentinelOne, when we described Mar-a-Lago's systems. "I'd assume the data is already stolen and systems compromised."

A few days later, we took our equipment to another Trump club in Bedminster, New Jersey. During the transition, Trump had interviewed candidates for top administration positions there, including James Mattis, now secretary of defense.

We drove on a dirt access road through the middle of the golf course and spotted two open Wi-Fi networks, TrumpMembers and WelcomeToTrumpNationalGolfClub, that did not require a password to join.

Such open networks allow anyone within range to scoop up all unencrypted internet activity taking place there, which could, on insecure sites, include usernames, passwords and emails.

Robert Graham, an Atlanta, Georgia, cybersecurity expert, said that hackers could use the open Wi-Fi to remotely turn on the microphones and cameras of devices connected to the network. "What you're describing is typical hotel security," he said, but "it's pretty concerning" that an attacker could listen to sensitive national security conversations.

Two days after we visited the Bedminster club, Trump arrived for a weekend stay.

Then we visited the Trump International Hotel in Washington, D.C., where Trump often dines with his son-in-law and senior adviser Jared Kushner, whose responsibilities range from Middle East diplomacy to revamping the federal bureaucracy. We surveyed the networks from a Starbucks in the hotel basement.

From there, we could tell there were two Wi-Fi networks at the hotel protected with what's known as a captive portal. These login screens are often used at airports and hotels to ensure that only paying customers can access the network.

However, we gained access to both networks just by typing "457" into the room number field. Because we provided a room number, the system assumed we were guests. We looked up the hotel's public IP address before logging off.

From our desks in New York, we could also tell that the hotel is using a server that is accessible from the public internet. This server is running software that was released almost 13 years ago.

Finally, we visited the Trump National Golf Club in Sterling, Virginia, where the president sometimes plays golf. From the parking lot, we recognized three encrypted wireless networks, an encrypted wireless phone and two printers with open Wi-Fi access.

The Trump club websites are hosted by an Ohio-based company called Clubessential. It offers everything from back-office management and member communications to tee time and room reservations.

In a 2014 presentation, a company sales director warned that the club industry as a whole is "too lax" in managing and protecting passwords. There has been a "rising number of attacks on club websites over the last two years," according to the presentation. Clubessential "performed [an] audit of security in the club industry" and "found thousands of sensitive documents from clubs exposed on [the] Internet," such as "lists of members and staff, and their contact info; board minutes, financial statements, etc."

Still, the club software company has set up a backend server accessible on the internet, and configured its encryption incorrectly. Anyone who reaches the login page is greeted with a warning that the encryption is broken. In its documentation, the company advises club administrators to ignore these warnings and log in regardless. That means that anybody snooping on the unprotected connection could intercept the administrators' passwords and gain access to the entire system.

The company also publishes online, without a password, many of the default settings and usernames for its software 2014 essentially providing a roadmap for intruders.

Clubessential declined comment.

Aitel, the CEO of Immunity, said the problems at Trump properties would be difficult to fix: "Once you are at a low level of security it is hard to develop a secure network system. You basically have to start over."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


FCC Says Denial-Of-Service Attacks Caused Its Site To Crash Sunday Morning

Federal communications Commission logo Last weekend, the U.S. Federal Communications Commission (FCC) website crashed during a key period when the public relied upon it to submit feedback about proposed changes to net neutrality rules. Dr. David Bray, the FCC Chief Information Officer, released a statement on Monday that the crash was due to a distributed denial-of-service (DDoS) attack:

"Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC. While the comment system remained up and running the entire time, these DDoS events tied up the servers and prevented them from responding to people attempting to submit comments. We have worked with our commercial partners to address this situation and will continue to monitor developments going forward."

The FCC’s , Electronic Comment Filing System (ECFS) is the site the public users to submit and review feedback about proposed changes. Bray's statement did not identify the "bad actors" responsible for the DDoS attack, did not state the countries or locations of the illegitimate site traffic, nor offer much in the way of any substantial details.

A DDoS attack is when hundreds or thousands of internet-connected devices, often coordinated by malware and/or criminals, overwhelm a targeted website by trying to access it simultaneously. This type of attack prevents legitimate users from accessing the targeted site to perform desired tasks (view/buy products, register for services, view videos, get help, contact representatives, etc.). This can easily disable the targeted website for hours, days, or weeks. It can also disrupt businesses, and cause financial losses.

This blog and its hosting service experienced a DDoS attack in 2014 when offshore advertisers retaliated after the hosting service implemented stronger measures to block illegitimate traffic. An October, 2016 DDoS attack against Dyn, a major DNS provider, interrupted many popular websites and services including Spotify, Reddit, and Twitter. Some DDoS attacks are about politics or censorship. A September, 2016 DDoS attack disabled the Krebs On Security blog.

Generally, security experts are concerned about botnets, collections of internet-connected devices used to perform DDoS attacks. These devices can include home WiFi routers, security cameras, and unprotected computers infected with malware. Often, home devices are used without consumers' knowledge nor consent.

Others were skeptical of the FCC's explanation. Some people attributed the crash to John Oliver, the host of the "This Week Tonight" show on HBO. In 2014, the show's viewers crashed the FCC site trying to submit feedback about net neutrality. Oliver published a similar video this past weekend in support of net neutrality.

Broadcasting & Cable reported:

"Fight for the Future is calling on the FCC to release logs on the attack to an independent third party—a security researcher or media outlet—to independently verify the attack. "The agency has a responsibility to maintain a functioning website to receive large numbers of comments and feedback from the public," said Evan Greer campaign director for Fight for the Future. "They can't blame DDoS attacks without proof, they need to fix this problem and ensure that comments on this important issue are not lost."

MediaPost reported that at least two U.S. Senators have demanded answers:

"Senators Ron Wyden (D-Oregon) and Brain Schatz (D-Hawaii) are also seeking answers from the FCC. "As you know, it is critical to the rulemaking and regulatory process that the public be able to take part without unnecessary technical or administrative burdens," the lawmakers write. "Any potentially hostile cyber activities that prevent Americans from being able to participate in a fair and transparent process must be treated as a serious issue."

They are asking the FCC to provide details about any malicious traffic, including how many devices sent malicious traffic to the agency. The lawmakers also have asked the FCC whether it requested investigatory assistance from other federal agencies, and whether it uses any commercial protection services."

A reasonable demand for the FCC to provide proof. If the DDoS attack was a new form of 21st-centry censorship to stop concerned citizens (e.g., voters) from submitting feedback in support of net neutrality, then we all need to know. And, we need to know what the FCC is doing to protect its systems.


Seattle Strengthens Privacy Protections For Broadband And Cable Users

The city of Seattle has strengthened it privacy rules to better protect residents using cable-TV services and high-speed internet services (a/k/a broadband). The new rules go into effect on May 24, and mirrors the FCC broadband privacy rules which Congress revoked earlier this year.

The announcement by the Seattle Mayor's office explained:

"Seattle Municipal Code (SMC 21.60) grants the City of Seattle authority to issue rules related to the privacy practices of cable operators. These rules govern not only cable television services but also non-cable services, such as internet service. The new rule states cable operators must obtain opt-in consent before sharing a customer’s web browsing history or otherwise using such information for a purpose other than providing a customer with their requested service.

Comcast, CenturyLink, and Wave have cable franchise agreements with the City of Seattle and will be subject to the new rule. Under the terms of the rule, these cable operators must report their compliance by Sept. 30, 2017 and annually thereafter."

Earlier this year, a national poll found the the Republican rollback of FCC broadband privacy rules very unpopular among consumers. Despite this, President Trump signed the privacy-rollback legislation on April 3.

The new rules in Seattle, ITD Director's Rule 2017-10 (Adobe PDF), state in part:

"- Prohibit Cable Operators from collecting or disclosing any information regarding the extent of any individual customer's viewing habits, or other use by a customer of a cable service or other service provided such as web browsing activity, without the prior affirmative consent of the customer, unless such information is necessary to render a service requested by the customer, or a legitimate business purpose related to the service.
- Require Cable Operators to fully and completely disclose customer rights and the limitations imposed on a Cable Operator's collection, use, and disclosure of Personally Identifiable Information (PII) in clear language that a customer can radily understand.
- Require Cable Operators to destroy within 90 days any PII if the PII is no longer necessary for the purpose for which it was collected and there are no pending requests or orders for access to shuch PII... Require Cable Operators to provide stamped, self-addressed post cards that customers can mail in to have their names and addresses removed form any lists the Cable Operators might use for purposes other than the direct provision of service to those customers.
- Establish without ambiguity that a customer, once "opting out" of the Cable Operator's mailing list, is permanently removed from that list unless that customer subsequently requests inclusion on such list."

This is a great start. The rules define PII as:

"... specific information about a customer, including, but not not limited to, a customer's (a) login information, (b) extent of viewing of video programming or other services, (c) shopping choices, (d) interests and opinions, (e) energy uses, (f) medical information, (g) banking data or information, (h) web browsing activities, or (i) any other personal or private information..."

Mayor Edward B. Murray commented about the new rules:

"Where the Trump administration continues to roll back critical consumer protections, Seattle will act... I believe protecting the privacy of internet users is essential and this policy allows the City to do just that. Because of regulation repeals at the national level, we must use all of the powers at our disposal to protect the rights of our residents."

Citizens in other major cities across the United States may want to ask what consumer-friendly privacy actions their mayors are taking.


Update: Net Neutrality, Adminstrative Law, The Courts, And Next Steps

Federal communications Commission logo A lot has happened since Federal Communications Commission (FCC) Chairman Ajit Pai disclosed his plan last week to kill net neutrality. While the FCC commissioners will vote on May 18 about the rules changes, a federal law could affect the outcome. First, Wired reported:

"A 1946 law called the Administrative Procedure Act bans federal agencies making “capricious” decisions. The law is meant, in part, to keep regulations from yo-yoing back and forth every time a new party gained control of the White House. The FCC successfully argued in favor of Title II reclassification in federal court just last summer. That effort means Pai might have to make the case that things had changed enough since then to justify a complete reversal in policy."

Read the text of the Administrative Procedure Act (APA). Learn more here.

The recent actions (e.g., privacy, net neutrality) by the Republican-led FCC have definitely resulted in both uncertainty and a yo-yoing of rules. At times, it feels like watching a tennis match. While Pai and other advocates of killing net neutrality have claimed that infrastructure investment has declined due to the reclassification by the FCC, the reality:

"During a hearing earlier this year, senator Edward Markey (D-Massachusetts) pointed to US Census Bureau estimates that broadband investment increased slightly from $86.6 in 2014 to $87.2 billion in 2015..."

Data for 2016 isn't available yet. As I mentioned in a prior post, telecommunications companies made conscious decisions and could have diverted money from other spending to infrastructure. They didn't and chose this legislation path instead. Again from Wired's analysis:

"Other business considerations could also play into changes in telecom spending on network infrastructure, such as a desire to wait and let previous investments pay for themselves before making new ones. The CEO of Verizon, for example, told shareholders that Title II didn’t affect the company’s investment plans. And Martin points out that a recent auction in which companies spent $19.8 billion to buy rights to use more of the wireless spectrum doesn’t exactly look like an industry shy of investing."

"If the infrastructure argument doesn’t fly, Pai could also argue that the rules are unnecessary because proverbial fast and slow lanes for the internet never existed. The problem is that’s not true. The Bush-era FCC ordered Comcast to stop throttling BitTorrent traffic in 2008... Under a secret agreement with AT&T, Apple blocked iPhone users from making Skype calls over the carrier’s network until the FCC pressured the companies into reversing the policy in 2009..."

Read the entire Wired analysis. It makes it crystal clear how corporate ISPs are trying to rig the system for themselves and against consumers.

Second, a recent decision by a federal court rejected big telecom's petition to have the existing FCC's net neutrality rules overturned. On Monday, Ars Technica reported:

"The US Court of Appeals for the District of Columbia Circuit denied the broadband industry's petition for a rehearing of a case that upheld net neutrality rules last year. A three-judge panel ruled 2-1 in favor of the FCC in June 2016, but ISPs wanted an en banc review in front of all of the court's judges. The request for an en banc review was denied in the order issued today."

What to make of this? The bottom line is that the circuit court decided to uphold the reclassification of broadband ISPs as common carriers and the FCC's net neutrality rules. While big telecom could appeal the decision with the Supreme Court, that seems unlikely since they know that the FCC, led by Chairman Ajit Pai, a Republican, has a majority of Republican commissioners who will vote to overturn net neutrality rules on May 18. And, Chairman Pai will have to overcome any challenges with the APA.

In response to the court decision, FCC Chairman Pai issued this statement:

"In light of the fact that the Commission on May 18 will begin the process of repealing the FCC’s Title II regulations, it is not surprising, as Judges Srinivasan and Tatel pointed out, that the D.C. Circuit would decide not to grant the petitions for rehearing en banc. Their opinion is important going forward, however, because it makes clear that the FCC has the authority to classify broadband Internet access service as an information service..."

Chairman Pai seems hell-bent upon ignoring the historical problems in the broadband industry that plagued consumers, in order to change the rules in favor of big telecom. Those problems led to the reclassification by the FCC. A prior blog post listed some of those problems:

"The lack of ISP competition in key markets meant consumers in the United States pay more for broadband and get slower speeds compared to other countries. Rural consumers and low-income areas lacked broadband services. There were numerous complaints by consumers about usage Based Internet Pricing. There were privacy abuses and settlement agreements by ISPs involving technologies such as deep-packet inspection and 'Supercookies' to track customers online, despite consumers' wishes not to be tracked. Many consumers didn't get the broadband speeds ISP promised. Some consumers sued their ISPs, and the New York State Attorney General invited residents to check their broadband speed with this tool. Tim Berners-Lee, the founder of the internet, cited in March three reasons why the Internet is in trouble. His number one reason: consumers had lost control of their personal information... Some consumers found that their ISP hijacked their online search results without notice nor consent. An ISP in Kansas admitted in 2008 to secret snooping after pressure from Congress."

Third, big telecom is engaged in some savvy, deceptive maneuvering. Ars Technica discussed bizarre claims by Verizon:

"... Verizon's general counsel, Craig Silliman, wants you to believe that Verizon never opposed net neutrality rules, even though it sued the FCC to eliminate them. He's also making the claim that the FCC isn't even talking about eliminating the net neutrality rules, even though FCC Chairman Ajit Pai is proposing to do exactly that."

Watch the Verizon video with Verizon's Silliman. When Silliman said, "changing the legal footing," he is referring to comments by others that the FTC should regulate broadband services, and not the FCC. That places the burden on consumers and the FTC to sue when broadband providers don't deliver the services promised; assuming that broadband providers disclose in their terms-of-service and privacy policies what they will deliver. With regulation by the FCC, consumers would have been in charge of their privacy, big telecom would have been forced to be transparent and explain what they were doing, and big telecom couldn't slice up the internet into slow and fast lanes forcing consumers to pay more to access certain sites.

During the last fight about neutrality in 2014, about about 90 tech companies sent a letter to FCC Chairman Tom Wheeler (Adobe PDF) encouraging the FCC to support for a free and open internet, where consumers decide where to go online with the broadband services purchased. Several notable companies signed that 2014 letter: Amazon, Dropbox, Ebay, Facebook, Gawker, Google, Microsoft, Mozilla, Netflix, Twitter, Vonage, and Yahoo. I did not see Verizon (nor Comcast) in the list of signers.

That's some brilliant and deceptive maneuvering. Big telcom can appear reasonable and deny talking about killing net neutrality rules while knowing that their representative, Chairman Pai and his fellow Republican commissioners at the FCC, will do it for them. Again, from Ars Technica:

"No major Internet service provider has done more to prevent implementation of net neutrality rules in the US than Verizon. After years of fighting the rules in courts of law and public opinion, Verizon is about to get what it wants as the FCC—now led by a former Verizon lawyer—prepares to eliminate the rules and the legal authority that allows them to be enforced."

Fourth, the FCC released its Notice of Proposed Rule Making (NPRM): Proceeding 17-108, "Restoring Internet Freedom" - April 26, 2017 (Adobe PDF). Just as before in 2014 - 15, the new rule is open to public comments. This means, it is time for citizens and voters to take action.

FCC Chairman Pai and others claim that the Internet was working well before, and net neutrality rules are unnecessary and a government intrusion. Ordinary broadband customers can have a great impact. It is time for consumers to submit comments to the FCC. About 25,578 people have already submitted comments. For example, a comment by Darion from Austin, Texas:

"The FCC Open Internet Rules (net neutrality rules) are extremely important to me. I urge you to protect them. Most Americans only have one choice for true high speed Internet access: our local cable company. Cable companies (and wireless carriers) are actively lobbying Congress and the FCC for the power to: i) Block sites and apps, to charge them "access fees;" ii) Slow sites and apps to a crawl, to establish paid "fast lanes" (normal speed) and slow lanes (artificially low speeds); and iii) Impose arbitrarily low data caps, so they can charge sites to escape those caps, or privilege their own services ("zero rating").
They're doing it so they can use their monopoly power to stand between me and the sites I want to access, extorting money from us both. I'll be forced to pay more to access the sites I want, and sites will have to pay a kind of protection money to every major cable company or wireless carrier—just to continue working properly!

The FCC's Open Internet Rules are the only thing standing in their way. I'm sending this to letter to my two senators, my representative, the White House, and the FCC. First, to the FCC: don’t interfere with my ability to access what I want on the Internet, or with websites' ability to reach me. You should leave the existing rules in place, and enforce them.

To my senators: you have the power to stop FCC Chair Ajit Pai from abusing the rules by refusing to vote for his reconfirmation. I expect you to use that power. Pai, a former Verizon employee, has made it clear he intends to gut the rules to please his former employer and other major carriers, despite overwhelming support for the rules from voters in both parties... To the White House: Ajit Pai, a former Verizon employee, is acting in the interests of his former employer, not the American people. America deserves better... To my representative: please publicly oppose Ajit Pai's plan to oppose the rules... I would be happy to speak more with anyone on your staff about the rules and why they’re so important to me. Please notify me of any opportunities to meet with you or your staff."

Be brief. Use your own words. Submit your comments soon, since the deadline fast approaches. Also, tell your elected officials. Participate in local marches and protests. Join the Fight For The Future. Support the EFF.


Speech By FCC Chairman. Time For Citizens To Fight To Keep Net Neutrality Protections

Federal communications Commission logo Earlier today, Ajit Pai, the Chairman of the U.S. Federal Communications Commission (FCC), gave a speech titled, "The Future Of Internet Freedom" at the Newseum in Washington, DC. He discussed the history of the Internet, regulation, business investment, innovation, and jobs. He also shared his views on regulation and a desire for the FCC's to pursue a "light touch" regulatory approach:

"First, we are proposing to return the classification of broadband service from a Title II telecommunications service to a Title I information service—that is, light-touch regulation drawn from the Clinton Administration.  As I mentioned earlier, this Title I classification was expressly upheld by the Supreme Court in 2005, and it’s more consistent with the facts and the law.

Second, we are proposing to eliminate the so-called Internet conduct standard. This 2015 rule gives the FCC a roving mandate to micromanage the Internet... The FCC used the Internet conduct standard to launch a wide-ranging investigation of free-data programs. Under these programs, wireless companies offer their customers the ability to stream music, video, and the like free from any data limits. They are very popular among consumers, particularly lower-income Americans... Following the presidential election, we terminated this investigation before the FCC was able to take any formal action. But we shouldn’t leave the Internet conduct standard on the books for a future Commission to make mischief.

And third, we are seeking comment on how we should approach the so-called bright-line rules adopted in 2015. But you won’t just have to take my word about what is in the Notice of Proposed Rulemaking. I will be publicly releasing the entire text of the document tomorrow afternoon..."

This should not be a surprise. We've heard much of this before from Congresswoman Blackburn, the author of the recently passed House legislation to roll back consumers' online privacy protection. Blackburn said the same about FCC reclassification; that it was bad, and that the internet wasn't broken. Well it was broken prior to to 2014, and in several specific ways.

The lack of ISP competition in key markets meant consumers in the United States pay more for broadband and get slower speeds compared to other countries. Rural consumers and low-income areas lacked broadband services. There were numerous complaints by consumers about usage Based Internet Pricing. There were privacy abuses and settlement agreements by ISPs involving technologies such as deep-packet inspection and 'Supercookies' to track customers online, despite consumers' wishes not to be tracked. Many consumers didn't get the broadband speeds ISP promised. Some consumers sued their ISPs, and the New York State Attorney General invited residents to check their broadband speed with this tool. Tim Berners-Lee, the founder of the internet, cited in March three reasons why the Internet is in trouble. His number one reason: consumers had lost control of their personal information. With all of this evidence, how can Pai and Blackburn claim the internet wasn't broken?

There are more examples. Some consumers found that their ISP hijacked their online search results without notice nor consent. An ISP in Kansas admitted in 2008 to secret snooping after pressure from Congress. Given all of this, something had to be done. The FCC stepped up to the plate and acted when it was legally able to; and reclassified broadband after open hearings. Then, the FCC adopted new privacy rules in November, 2016. Proposed rules were circulated prior to adoption. It was done in the open. It made sense.

Meanwhile, the rollback of FCC broadband privacy rules is very unpopular among consumers. Comments by Pai and Blackburn seem to ignore both that and key events (listed above) in broadband history. That is practicing the "revisionist history" Pai said in his speech he disliked. That leaves me questioning whether they can be trusted to develop reasonable solutions that serve the interests of consumers.

With their victory last month to roll back the FCC's online privacy protections, pro-big-telecom advocates claim they are acting in consumers' best interests. What bull. With that rollback, consumers are no longer in control of their information. (The opt-in and other controls were killed.) Plus, we live in a capitalist society where the information that describes us is valuable property. That's why so many companies want to collect it. Consumers should be in control of their online privacy and the information that describes them, not corporate ISPs.

Corporate ISPs' next target is "net neutrality." Pai referred to it in the "bright lines" portion of his speech. For those who don't know or have forgotten, net neutrality is when consumers are in control -- consumers choose where to go online with the broadband they've purchased, and when ISPs must treat all content equally. That means no blocking, no throttling, and no paid prioritization. Net neutrality means consumers stay in control of where they go online.

Pai claimed this was unclear. Again, more bull. The FCC's no blocking, no throttling, and no paid prioritization position was crystal clear.

Without net neutrality, ISPs decide where consumers can go online, which sites you can visit, and which sites you can visit only if you pay more. ISPs would likely group web sites into tiers (e.g., slow vs. fast "lanes"), similar to premium cable-TV channels. Do you want your monthly internet bill as confusing, complicated, and expensive as your cable-TV bill? I don't, and I doubt you do either.

Pai and Blackburn claim that net neutrality (and privacy) kills innovation. I guess that depends how you define "innovation." If you define innovation as the ability of ISPs to carve up the internet to maximize they profits where consumers pay more, then it should be killed. That's not innovation. That's customer segmentation by price and paid prioritization.

In his speech, Pai provided an appealing explanation about how ISPs spent less on infrastructure. He neglected to mention that decreased infrastructure spending was a choice by ISPs. They could have cut expenses elsewhere and continued infrastructure spending, but they didn't. Instead, ISPs chose the path we see: utilize a compliant, sympathetic Republican-led Congress and White House to get what they wanted -- the ability to charge higher broadband prices -- and use slick, misleading language to appear to be consumer friendly.

Take action today to defend net neutrality protections. Fight For The Future The Pai-led FCC isn't consumer friendly. The GOP-led Congress isn't, either. Regardless of how they spin it. Don't be fooled.

Anyone paying attention already knows this. Concerned citizens fought for and won net neutrality in 2014. Sadly, we might fight the net neutrality fight again.

It will be an uphill fight for two reasons. First, Republicans control the White House, House of Representatives, and Senate. Second, the Trump Administration is working simultaneously on rollbacks for several key issues (e.g., health care, immigration, wall along Mexican border, tax reform, environment, education, terrorism, etc.), making it easier to distract opponents with other issues (and with outrageous midnight tweets). Yet, people demonstrated last week at an open FCC meeting. (Video is also available here.) Now is the time for more concerned citizens to rise, speak up, and fight back. Write to your elected officials. Tell your friends, classmates, coworkers, and family members. Use this action form to contact your elected officials. Participate in local marches and protests. Join the Fight For The Future. Support the EFF.

Some elected officials have already committed to defend net neutrality protections:

What about your elected officials? Have they made a commitment to defend net neutrality? Ask them. Don't be silent. Now is not the time to sit on the sideline and wait for others to do the fighting for you.


Poll Finds Republicans Rollback of Broadband Privacy Very Unpopular

A recent poll found that the Republican rollback of broadband privacy rules is very unpopular. Very unpopular. The poll included 1,000 Americans, and the results cut across age, gender, and political affiliations. Despite this, President Trump signed the privacy-rollback legislation on April 3. Since then, many consumers have sought online tools to protect their privacy.

Vox reported the survey results:

Image of Yougov poll results about Republican rollback of broadband privacy. Click to view larger version

Late last week, several Republicans in the House of Representatives sent a letter (Adobe PDF) to Ajit Pai, the Chairman of the U.S. Federal Communications Commission (FCC), urging the FCC to regulate broadband service providers. The letter read, in part:

"We write to ensure that the Federal Communications Commission (FCC) stands ready to protect consumer privacy... The Federal Trade Commission (FTC) has long been the standard bearer for striking the right balance of consumer protection with a pro-innovative construct that encourages consumer choice, opportunities, and new jobs... An FCC approach that mirrors the FTC will continue to protect consumers in this tumultuous time... Until such time as the FCC rectifies the Title II reclassification that inappropriately removed ISPs from the FTC's jurisdiction, we urge the FCC to hold Internet service providers (ISPs) to their privacy promises..."

The letter was signed by Greg Walden (Chairman, Committee on Energy & Commerce), Marsha Blackburn (Chairman, Subcommittee on Communications & Technology), and 48 other representatives.

Tumultuous times? The tumult was created by the rollback of privacy rules -- a situation created by Republicans. All would have been fine if they'd left the FCC's broadband privacy rules in place; rules consumers clear want -- rules that keep users in control of their online privacy.

Representative Blackburn and her fellow Republicans either doesn't know history or have chosen to ignore it. Several problems have plagued the industry: a lack of ISP competition in key markets, consumers in the United States pay more for broadband and get slower speeds compared to other countries, and numerous privacy violations and lawsuits:

Clearly, the FCC had to act, it did, it held hearings, and then finalized improved broadband privacy rules to help consumers. Now, the Congress and President undid all of that creating the tumult they now claim to want to solve.

Clearly, Representative Blackburn and others are happy to comply with the wishes of their corporate donors -- who don't want broadband classified as a utility. Internet access is a basic consumer need for work, entertainment, and school -- just like water, electricity, and natural gas (for cooking). Internet access is a utility, like it or not. The FCC under Chairman Wheeler had the right consumer-friendly approach, despite the spin by Blackburn and others.

What are your opinions?


President Trump Signed Legislation Revoking FCC's Broadband Privacy Rules. Lots Of Consequences

Late yesterday, President Trump signed legislation revoking broadband privacy rules adopted by the Federal Communications Commission (FCC). The rules would have kept consumers in control of their information online. Instead, internet service providers (ISPs) are free to collect, archive, and share at will without notice nor consent information about consumers' online activities (e.g., far more than browsing histories).

The legislation narrowly passed both in the Senate (50 - 48) and in the House (210 - 205). Proponents of the legislation claimed duplicate legislation. Representative Marsha Blackburn (R-Tenn.), who introduced the legislation in the House, said plenty recently according to Breitbart News:

"What we are doing is recalling a privacy rule that the FCC issued right at the end of the Obama administration, and the reason we are doing this is because it is additional and duplicative regulation... What the FCC did was clearly overreach. It gives you two sets of regulators that you’re trying to comply with, not one. So we are recalling the FCC’s rule, and that authority will go back to the FTC...”

"What the Obama administration did... they reclassified your Internet service as Title II, which is a common carrier classification. It is the rule that governs telephone usage... Those rules were put on the books in the thirties. So what the Democrats did... they reclassified Internet, which is an information service, as a telephone service, and then put those 1930s-era rules on top of your Internet service... They did that so they could tax it, so they could begin to regulate it..."

"You don’t need another layer of regulation. It’s like flashing alerts: We don’t need net neutrality. We don’t need Title II. We don’t need additional regulations heaped on the Internet under Title II. The Internet is not broken. It has done just fine without the government controlling it."

Not broken? The founder of the internet, Tim Berners-Lee gave three solid reasons why the internet is broken. His number one reason: consumers have lost control over their personal information.

And, Representative Blackburn either doesn't know history or has chosen to ignore it. Several problems have plagued the industry: a lack of ISP competition in key markets, consumers in the United States pay more for broadband and get slower speeds compared to other countries, and numerous privacy violations and lawsuits:

Clearly, the FCC had to act, it did, it held hearings, and then finalized improved broadband privacy rules to help consumers. Now, the Congress and President undid all of that.

There are plenty of consequences. To regain some online privacy lost due to the new legislation, many consumers have considered Virtual Private Networks (VPNs) and other online tools to prevent ISPs from spying on them. VPNs are not a cure-all. ISPs can still block or throttle consumers' VPN connection, and VPNs won't protect e-mail nor internet-of-things devices installed in homes.

Basically, there is no substitute for consumers being in control of their online privacy with transparent notice by ISPs. The impact upon consumers: less online privacy and higher internet prices. Consumers are forced to spend more money on VPN and other tools.

Blackburn and others claimed that the U.S. Federal Trade Commission (FTC) should regulate ISPs. Regulation by the FTC is not a slam-dunk. AdAge reported:

"If the FTC does regain its oversight, the result is likely to be weaker privacy protections than what the FCC intended with its rules, as well as a relatively clear path for telcos to pursue their data-revenue-generating goals... One legal peak to climb: precedent set by a U.S district court ruling siding with AT&T against the FTC last year which carved out an exemption for companies that provide bundled phone and ISP services which effectively protected AT&T from FTC regulations protecting consumers from unfair or deceptive practices.

Even if the FTC eventually garners ISP jurisdiction, argued [Gigi Sohn, a senior counselor to former FCC Chairman Tom Wheeler], "it will lead to some privacy protection but much weaker than what people just lost." She pointed to FTC Chairman Ohlausen's high bar for showing harm against consumers before actions against companies are taken, noting, "She wants to see harm first. Well, rules protect you before you're harmed." "

Despite the claims by Blackburn and others, the bottom line is:

"... what we're left with is a period of uncertainty where the carriers may do certain things but it's unclear. Does the FCC have jurisdiction or does the FTC have jurisdiction?"

The Los Angeles Times reported:

"The FTC is empowered to bring lawsuits against companies that violate its privacy guidelines, but it has no authority to create new rules for industry. It also cannot enforce its own guidelines against Internet providers because of a government rule that places those types of companies squarely within the jurisdiction of the FCC and out of the reach of the FTC. As a result, Internet providers exist in a "policy gap" in which the only privacy regulators for the industry operate at the state, not federal, level, analysts say."

Ambiguity. Lack of clarity. Policy gap. None of those are good for business, or for consumers.

Read more about President Trump's signing of the legislation at C/Net and Reuters.


Tools For Consumers To Regain Some Online Privacy. Higher Internet Prices Likely

Now that the Republican-led Congress and President Trump have dismantled broadband privacy rules, internet service providers (ISPs) are free to collect, archive, and share at will without disclosure consumers' complete online activities (e.g., far more than browsing histories) to maximize their profits. Just about all of your online activities are harvested by ISPs, not just your browsing histories. Readers of this blog may remember the Deep-Packet Inspection software some ISPs installed on their servers to track their customers' online usage without notice nor consent.

To combat this, many consumers seek technical solutions, such as a virtual private network (VPN), to maintain as much privacy online as possible. Consumers will need to locate VPN and other tools than run on several devices (e.g., phones, tablets, laptops, desktops, etc.) and browsers (e.g., Firefox, Opera, etc.). Resources about several tools including VPNs:

Reviews and comparisons about VPN providers:

Some recommended, paid VPNs run on several platforms including Apple brand devices: F-Secure Freedome, Private Internet Access, and SurfEasy. Some VPNs offer a lower monthly price for a longer contract term. Look for pricing that covers multiple devices.

All of the above resources contain links to specific VPN brands. Experts recommend that consumers shop around for a paid VPN, since many of the free VPNs collect and resell consumers' information to make money. Some VPN providers offer phone customer service and support. This may be especially helpful for inexperienced users.

If a (free or paid) VPN saves usage logs of its customers' online activity and shares those logs with others (e.g., advertisers, affiliates, marketing partners, law enforcement, etc.), then that totally defeats the purpose of using a VPN service for privacy. So wise consumers shop around, read the terms of service, and read the privacy policy before signing up for a VPN.

Just like anti-virus software, several VPNs running on the same device can cause problems. So, you'll need to spend time sorting that out, too.

Sadly, VPNs are not a cure-all. Your ISP can still block or throttle your connection. Basically, there is no substitute for consumers being in control of their online privacy with transparent notice by ISPs. And, VPNs won't protect internet-of-things devices (e.g., appliances, refrigerators, thermostats, security systems, televisions, etc.) connected in to the WiFi router in your home. Tech Dirt reported:

"VPN clients are typically for desktop machines and, in some cases, mobile devices such as phones and tablets. As previously discussed, IoT devices in homes will continue to generate more traffic. Most such devices do not support VPN software. While it is conceivable that a user could set up an encrypted VPN tunnel from the home router and route all home traffic through a VPN, typical home gateways don’t easily support this functionality at this point, and configuring such a setup would be cumbersome for the typical user."

Note: VPN services don't protect e-mail. ISPs user a different set of servers for e-mail (e.g., SMTP, SMTPS) versus web browsing (e.g., HTTP, HTTPS). You might consider a secure e-mail service like ProtonMail. You might find this review of ProtonMail helpful.

Do you use Gmail? Remember Google scans both inbound and outbound e-mail messages supposedly to serve up relevant ads. While a certain amount of message scanning is appropriate to identify spam and malware, last month a federal court judge rejected a proposed settlement offer with non-Gmail users who had filed a class-action lawsuit because their e-mail messages had been scanned by Google (and they couldn't opt out of the scanning).

So, internet costs for consumers are going up with thanks to privacy-busting legislation passed by a Republican-led Congress. Consumers will pay more, perhaps an additional $50 - $80 yearly for VPN services, on top of already high monthly internet prices -- with a marginal increase in privacy; not the better, more complete solution consumers would have received with the FCC broadband privacy rules. Add in the value of your time spent shopping around for VPN and privacy tools, and the price increase is even greater.

Plus, monthly internet costs for consumers could go far higher if ISPs charge for online privacy. Is that possible you ask? Yep. Comcast and industry lobbyists have already stated that they want "pay-for-privacy" schemes. Congress seems happy to oblige corporate ISPs and stick it to consumers.

Petition to keep FCC broadband privacy rules and nullify Senate Joint Resolution 34 Mad about all of this? You probably are, too. I am. Be sure to tell your Senators and House representatives that voted to revoke FCC online privacy rules. Tell them you dislike the higher prices you're forced to pay to maintain privacy online.

Do any VPN providers act as fronts for government intelligence and spy agencies? I do not have the resources to determine this. Perhaps, some enterprising white-hat users can shed some light on this.

What online privacy resources have you found?


Congress Passed Joint Resolution To Revoke New Online Privacy Rules By The FCC. Plenty of Consequences

On Tuesday, the U.S. House of Representatives approved legislation to revoke new online privacy rules the U.S. Federal Communications Commission (FCC) adopted in 2016 to protect consumers by govern the data collection and sharing of consumers' personal information by Internet Service providers (ISPs). Several cable, telecommunications, and advertising lobbies sent a letter in January asking Congress to remove the new broadband privacy rules, which they viewed as burdensome.

Congress quickly complied. The new legislation consisted of two companion bills: Senate Joint Resolution 34 (S.J. Res. 34) and House Joint Resolution 86 (H.J. Res. 86). The House vote was close: 210 to 205 with 215 Republican representatives voting for S.J. Res. 34. 190 Democratic and 15 Republican representatives voted against it. Consumers can view H.J. Res. 86 votes by their elected officials.

Representative Marsha Blackburn (R-Tenn.) introduced the legislation in the House. Blackburn said plenty in an interview published on Breitbart News:

"What we are doing is recalling a privacy rule that the FCC issued right at the end of the Obama administration, and the reason we are doing this is because it is additional and duplicative regulation... What the FCC did was clearly overreach. It gives you two sets of regulators that you’re trying to comply with, not one. So we are recalling the FCC’s rule, and that authority will go back to the FTC...”

"What the Obama administration did... they reclassified your Internet service as Title II, which is a common carrier classification. It is the rule that governs telephone usage... Those rules were put on the books in the thirties. So what the Democrats did... they reclassified Internet, which is an information service, as a telephone service, and then put those 1930s-era rules on top of your Internet service... They did that so they could tax it, so they could begin to regulate it..."

"You don’t need another layer of regulation. It’s like flashing alerts: We don’t need net neutrality. We don’t need Title II. We don’t need additional regulations heaped on the Internet under Title II. The Internet is not broken. It has done just fine without the government controlling it."

Not broken? Really? The founder of the internet, Tim Berners-Lee gave three solid reasons why the internet is broken. His number one reason on his list: consumers have lost control over their personal information.

Plus, Representative Blackburn either doesn't know history or has chosen to ignore it. Several problems have plagued the industry: a lack of ISP competition in key markets, consumers in the United States pay more for broadband and get slower speeds compared to other countries, and numerous privacy violations and lawsuits:

Clearly, the FCC had to act; and it did. Congress held hearings, too.

Advertisement in the New York Times newspaper after the Senate vote. Click to view larger version The Senate passed S.J. Res. 34 about a week before the House vote Tuesday. The Senate vote was also close: 50 to 48. Senator Jeff Flake (R-Arizona) introduced the legislation in the Senate, and he repeated the same over-reach claims:

"The FCC’s midnight regulation has the potential to limit consumer choice, stifle innovation, and jeopardize data security by destabilizing the internet ecosystem. Passing my resolution is the first step toward restoring a consumer-friendly approach to internet privacy regulation that empowers consumers to make informed choices on if and how their data can be shared. It will not change or lessen existing consumer privacy protections.”

Consumers can view S.J. Res 34 votes by their elected officials. The press release by Senator Flake's office also stated:

"Flake’s resolution, S.J.Res. 34, would not change or lessen existing consumer privacy regulations. It is designed to block an attempt by the Federal Communications Commission (FCC) to expand its regulatory jurisdiction and impose prescriptive data restrictions on internet service providers. These restrictions have the potential to negatively impact consumers and the future of internet innovation."

Federal communications Commission logo Flake's spin of "midnight regulation" is unfair and inaccurate. The new FCC privacy rules were proposed in April 2016, and enacted in October. That provided plenty of time for discussion and input from consumers, experts, and companies. In March 2016, the FCC released a broadband privacy Fact Sheet, which explained the need for the new privacy rules:

"Telephone networks have had clear, enforceable privacy rules for decades, but broadband networks currently do not... An ISP handles all of its customers’ network traffic, which means it has an unobstructed view of all of their unencrypted online activity – the websites they visit, the applications they use. If customers have a mobile device, their provider can track their physical and online activities throughout the day in real time. Even when data is encrypted, broadband providers can still see the websites that a customer visits, how often they visit them, and the amount of time they spend on each website. Using this information, ISPs can piece together enormous amounts of information about their customers – including private information such as a chronic medical condition or financial problems. A consumer’s relationship with her ISP is very different than the one she has with a website or app. Consumers can move instantaneously to a different website, search engine or application. But once they sign up for broadband service, consumers can scarcely avoid the network for which they are paying a monthly fee."

To distinguish spin from facts, it is critical to read the FCC announcement of its new broadband privacy rules from last year:

"Opt-in: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.

Opt-out: ISPs would be allowed to use and share non-sensitive information unless a customer “opts-out.” All other individually identifiable customer information – for example, email address or service tier information – would be considered non-sensitive and the use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations.

Exceptions to consent requirements: Customer consent is inferred for certain purposes specified in the statute, including the provision of broadband service or billing and collection. For the use of this information, no additional customer consent is required beyond the creation of the customer-ISP relationship.

Transparency requirements that require ISPs to provide customers with clear, conspicuous and persistent notice about the information they collect, how it may be used and with whom it may be shared, as well as how customers can change their privacy preferences;

A requirement that broadband providers engage in reasonable data security practices and guidelines on steps ISPs should consider taking, such as implementing relevant industry best practices, providing appropriate oversight of security practices, implementing robust customer authentication tools, and proper disposal of data consistent with FTC best practices and the Consumer Privacy Bill of Rights.

Common-sense data breach notification requirements to encourage ISPs to protect the confidentiality of customer data, and to give consumers and law enforcement notice of failures to protect such information."

Sounds clear, reasonable, and appropriate. Not perfect, but an improvement of what was before. Addressed transparency concerns, too. To summarize, the new FCC broadband privacy rules kept consumers in control of their sensitive personal information. By revoking those rules, Congress is effectively telling consumers they shouldn't be in control of their own information and ISPs should be in control.

Do you want to be in control of your personal information online? I do, and I suspect you do, too.

Think about the consequences. Once the legislation is signed by President Trump, ISPs will be free to collect, use, and share information describing your online activities. Your ISP is in a unique position because it can scan all un-encrypted data flowing through your internet connection. That typically includes: a) the websites you visit and apps you use; b) which items in "a" you use repeatedly, when and how long; c) the searches you perform online at search engine sites, and via personal assistants, d) activity generated by appliances, televisions, thermostats, security systems, and other devices connected to your home WiFi; and d) the geo-location or where in the physical world your perform online activities. (Besides your smartphone, several devices including your car, fitness bands, smart watches, and wearables collect and share your geo-location data.) Perhaps most importantly, your ISP won't need your consent and probably won't tell you what it is sharing and with whom.

Think about the consequences.

It's not just porn. Your online activities reveal plenty: 1) appointment confirmation emails from your doctor reveal the type of doctor and imply certain medical conditions or procedures; 2) online visits to your bank(s) reveal the types of money and the location of your bank accounts; 3) online activities by your CHILDREN reveal much, including the types of toys and devices they use; 4) work-from-home can reveal proprietary information your employer does not want disclosed; and 5) simple curiosity becomes dangerous. Example: a rash appears on your skin, so you surf over to WebMD to read about symptoms and what it might be. Or, maybe you're reading about a condition of an elderly parentor family member. Problem is: your ISP can infer from your online activities conditions and diseases relate to you, even though they may not. Another example: health care organizations have to comply with HIPPA regulations to protect patients' privacy. Many patients use online healthcare portals by their hospital to coordinate care by several doctors and surgeons. Will your ISP honor HIPPA regulations? They probably won't.

Think about the consequences.

All of that information collected about your online activities could be used against you someday... when you apply for a job, when you sign up for insurance, when you apply for a loan, when you try to adopt a baby or child. Remember, two huge industries exist to help companies buy, sell, and trade information (data brokers); the second (data mining) to help companies merge, manipulate, and analyze the data they've collected and bought.

Comcast logo Think about the consequences. Your ISP may not allow you to decline (e.g., opt out of) the data collection, tracking, usage, and sharing. Or your ISP may charge more fees for online privacy. Don't think that can't happen. Comcast and industry lobbyists have already stated that they want "pay-for-privacy" schemes. So, with Congress' latest action, consumers may soon see price increases and higher monthly internet and wireless bills.

Some consumers are worried, and are exploring technical solutions to thwart ISPs that snoop. The problem: there is no cure-all solution. Some people are angry. To show lawmakers how terrible their decision was, a crowd-funding campaign was started to raise money to buy (and then publish publicly) the internet histories of leading Republicans (e.g., Senate Majority Leader Mitch McConnell, House Speaker Paul Ryan, House Representative Marsh Blackburn) and FCC members who voted for and support the privacy-busting legislation. So, we may then learn which members of Congress watch the most porn.

Lawmakers in some states are already responding to voters' online privacy concerns. In Illinois, lawmakers have introduced two items of legislation: the Geolocation Privacy Protection Act (GPPA) and the Right To Know Act (RTKA). Lawmakers in Nevada introduced geolocation privacy legislation. More states will likely follow.

With the FCC broadband privacy rules revoked, there are five creepy things your ISP could do. What are your opinions of Congress revoking FCC broadband privacy rules?

[Editor's note: this blog post was revised on Friday, March 31 with links to new legislation in Illinois and Nevada.]


Study: Many Consumers Don't Secure Their Mobile Devices

Many consumers in the United States don't take the steps experts recommend to secure their mobile devices. Pew Research reported the findings of a recent survey:

"More than a quarter (28%) of smartphone owners say they do not use a screen lock or other security features to access their phone. And while a majority of smartphone users say they have updated their phone’s apps or operating system, about 40% say they only update when it’s convenient for them. Meanwhile, some users forgo updating their phones altogether: Around one-in-ten  smartphone owners report they never update their phone’s operating system (14%) or update the apps on their phone (10%)."

And, there are differences by the age of phone owners:

"owners ages 65 and older are much less likely than adults younger than 65 to use a screen lock and regularly update their phone’s apps and operating system (13% vs. 23%). Smartphone users 65 and older are also more than twice as likely as younger users to report that they do not take any of these actions to secure their phones (8% vs. 3%)..."

Other risky behaviors consumers perform:

"... 54% of internet users use public Wi-Fi networks, and many of these users are performing sensitive activities such online shopping (21%) or online banking (20%)."


Berners-Lee: 3 Reasons Why The Internet Is In Serious Trouble

Most people love the Internet. It's a tool that has made life easier and more efficient in many ways. Even with all of those advances, the founder of the Internet listed three reasons why our favorite digital tool is in serious trouble:

  1. Consumers have lost control of their personal information
  2. It's too easy for anyone to publish misinformation online
  3. Political advertising online lacks transparency

Tim Berners-Lee explained the first reason:

"The current business model for many websites offers free content in exchange for personal data. Many of us agree to this – albeit often by accepting long and confusing terms and conditions documents – but fundamentally we do not mind some information being collected in exchange for free services. But, we’re missing a trick. As our data is then held in proprietary silos, out of sight to us, we lose out on the benefits we could realise if we had direct control over this data and chose when and with whom to share it. What’s more, we often do not have any way of feeding back to companies what data we’d rather not share..."

Given appointees in the U.S. Federal Communications Commission (FCC) by President Trump, it will likely get worse as the FCC seeks to revoke online privacy and net neutrality protections for consumers in the United States. Berners-Lee explained the second reason:

"Today, most people find news and information on the web through just a handful of social media sites and search engines. These sites make more money when we click on the links they show us. And they choose what to show us based on algorithms that learn from our personal data that they are constantly harvesting. The net result is that these sites show us content they think we’ll click on – meaning that misinformation, or fake news, which is surprising, shocking, or designed to appeal to our biases, can spread like wildfire..."

Fake news has become so widespread that many public libraries, schools, and colleges teach students how to recognize fake news sites and content. The problem is more widespread and isn't limited to social networking sites like Facebook promoting certain news. It also includes search engines. Readers of this blog are familiar with the DuckDuckGo search engine for both online privacy online and to escape the filter bubble. According to its public traffic page, DuckDuckGo gets about 14 million searches daily.

Most other search engines collect information about their users and that to serve search results items related to what they've searched upon previously. That's called the "filter bubble." It's great for search engines' profitability as it encourages repeat usage, but is terrible for consumers wanting unbiased and unfiltered search results.

Berners-Lee warned that online political advertising:

"... has rapidly become a sophisticated industry. The fact that most people get their information from just a few platforms and the increasing sophistication of algorithms drawing upon rich pools of personal data mean that political campaigns are now building individual adverts targeted directly at users. One source suggests that in the 2016 U.S. election, as many as 50,000 variations of adverts were being served every single day on Facebook, a near-impossible situation to monitor. And there are suggestions that some political adverts – in the US and around the world – are being used in unethical ways – to point voters to fake news sites, for instance, or to keep others away from the polls. Targeted advertising allows a campaign to say completely different, possibly conflicting things to different groups. Is that democratic?"

What do you think of the assessment by Berners-Lee? Of his solutions? Any other issues?


GOP Legislation In Congress To Revoke Consumer Privacy And Protections

Logo for Republican Party, also known as the GOP The MediaPost Policy Blog reported:

"Republican Senator Jeff Flake, who opposes the Federal Communications Commission's broadband privacy rules, says he's readying a resolution to rescind them, Politico reports. Flake's confirmation to Politico comes days after Rep. Marsha Blackburn (R-Tennessee), the head of the House Communications Subcommittee, said she intends to work with the Senate to revoke the privacy regulations."

Blackburn's name is familiar. She was a key part of the GOP effort in 2014 to keep state laws in place to limit broadband competition by preventing citizens from forming local broadband providers. To get both higher speeds and lower prices compared to offerings by corporate internet service providers (ISPs), many people want to form local broadband providers. They can't because 20 states have laws preventing broadband competition. A worldwide study in 2014 found the consumers in the United States get poor broadband value: pay more and get slower speeds. Plus, the only consumers getting good value were community broadband customers. In June 2014, the FCC announced plans to challenge these restrictive state laws that limit competition, and keep your Internet prices high. That FCC effort failed. To encourage competition and lower prices, several Democratic representatives introduced the Community Broadband Act in 2015.That legislation went nowhere in a GOP-controlled Congress.

Pause for a moment and let that sink in. Blackburn and other GOP representatives have pursued policies where we consumers all pay more for broadband due to the lack of competition. The GOP, a party that supposedly dislikes regulation and prefers free-market competition, is happy to do the opposite to help their corporate donors. The GOP, a party that historically has promoted states' rights, now uses state laws to restrict the freedoms of constituents at the city, town, and local levels. And, that includes rural constituents.

Too many GOP voters seem oblivious to this. Why Democrats failed to capitalize on this broadband issue, especially during the Presidential campaign last year, is puzzling. Everyone needs broadband: work, play, school, travel, entertainment.

Now, back to the effort to revoke the FCC's broadband privacy rules. Several cable, telecommunications, and advertising lobbies sent a letter in January asking Congress to remove the broadband privacy rules. That letter said in part:

"... in adopting new broadband privacy rules late last year, the Federal Communications Commission (“FCC”) took action that jeopardizes the vibrancy and success of the internet and the innovations the internet has and should continue to offer. While the FCC’s Order applies only to Internet Service Providers (“ISPs”), the onerous and unnecessary rules it adopted establish a very harmful precedent for the entire internet ecosystem. We therefore urge Congress to enact a resolution of disapproval pursuant to the Congressional Review Act (“CRA”) vitiating the Order."

The new privacy rules by the FCC require broadband providers (a/k/a ISPs) to obtain affirmative “opt-in” consent from consumers before using and sharing consumers' sensitive information; specify the types of information that are sensitive (e.g., geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications); stop using and sharing information about consumers that have opted out of information sharing; meet transparency requirements to clearly notify customers about the information collection sharing and how to change their opt-in or opt-out preferences, prohibit "take-it-or-leave-it" offers where ISPs can refuse to serve customers who don't consent to the information collection and sharing; and comply with "reasonable data security practices and guidelines" to protect the sensitive information collected and shared.

The new FCC privacy rules are common sense stuff, but clearly these companies view common-sense methods as a burden. They want to use consumers' information however they please without limits, and without consideration for consumers' desire to control their own personal information. And, GOP representatives in Congress are happy to oblige these companies in this abuse.

Alarmingly, there is more. Lots more.

The GOP-led Congress also seeks to roll back consumer protections in banking and financial services. According to Consumer Reports, the issue arose earlier this month in:

"... a memo by House Financial Services Committee Chairman Rep. Jeb Hensarling (R-Tex), which was leaked to the press yesterday... The fate of the database was first mentioned [February 9th] when Bloomberg reported on a memo by Hensarling, an outspoken critic of the CFPB. The memo outlined a new version of the Financial CHOICE Act (Creating Hope and Opportunity for Investors, Consumers and Entrepreneurs), a bill originally advanced by the House Financial Services Committee in September. The new bill would lead to the repeal of the Consumer Complaint Database. It would also eliminate the CFPB's authority to punish unfair, deceptive or abusive practices among banks and other lenders, and it would allow the President to handpick—and fire—the bureau's director at will."

Banks have paid billions in fines to resolve a variety of allegations and complaints about wrongdoing. Consumers have often been abused by banks. You may remember the massive $185 million fine for the phony accounts scandal at Wells Fargo. Or, you may remember consumers forced to use prison-release cards. Or, maybe you experienced debt collection scams. And, this blog has covered extensively much of the great work by the CFPB which has helped consumers.

Does these two legislation items bother you? I sincerely hope that they do bother you. Contact your elected officials today and demand that they support the FCC privacy rules.


Cable, Telecom And Advertising Lobbies Ask Congress To Remove FCC Broadband Privacy Rules

The Association of National Advertisers (ANA) and 15 other cable, telecommunications, advertising lobbies sent a letter on January 27, 2017 to key leaders in Congress urging them to repeal the broadband privacy rules the U.S. Federal Communications Commission (FCC) adopted in October 2016 requiring Internet service providers (ISPs) to protect the privacy of their customers. 15 advertising and lobbyist groups co-signed the letter with the ANA: the American Cable Association, the Competitive Carriers Association, CTIA-The Wireless Association (formerly known as the Cellular Communications Industry Association), the Data & Marketing Association, the Internet Advertising Bureau, the U.S. Chamber of Commerce, the U.S. Telecom Association, and others.

The letter, available at the ANA site and here (Adobe PDF; 354.4k), explained the groups' reasoning:

"Unfortunately, in adopting new broadband privacy rules late last year, the Federal Communications Commission (“FCC”) took action that jeopardizes the vibrancy and success of the internet and the innovations the internet has and should continue to offer. While the FCC’s Order applies only to Internet Service Providers (“ISPs”), the onerous and unnecessary rules it adopted establish a very harmful precedent for the entire internet ecosystem. We therefore urge Congress to enact a resolution of disapproval pursuant to the Congressional Review Act (“CRA”) vitiating the Order.

Adopted on a party-line 3-2 vote just ten days before the Presidential election, over strenuous objections by the minority and strong concerns expressed by entities throughout the internet ecosystem, the new rules impose overly prescriptive online privacy and data security requirements that will conflict with established law, policy, and practice and cause consumer confusion... the FCC Order would create confusion and interfere with the
ability of consumers to receive customized services and capabilities they enjoy and be informed of new products and discount offers. Further, the Order would also result in consumers being bombarded with trivial data breach notifications."

Data breach notifications are trivial? After writing this blog for almost 10 years, I have learned they aren't. Consumers deserve to know when companies fail to protect their sensitive personal information. Most states have laws requiring breach notifications. It seems as these advertising groups don't want to be responsible nor held accountable.

The Hill explained the CRA and how it usually fails:

"The Congressional Review Act (CRA) has only worked precisely one time as a way for Congress to undo an executive branch regulation... The CRA was passed in 1996 as part of then-Speaker Newt Gingrich's (R-Ga.) "Contract with America." While executive branch agencies can only issue regulations pursuant to statutes passed by Congress, Congress wanted to find a way to make it easier to overturn those regulations. Previously there was a process by which, if one house of Congress voted to overturn the regulation, it was invalidated. This procedure was ruled unconstitutional by the Supreme Court in 1983.

Congress was still able to overturn an executive branch regulation by passing a law. Passing a law is, of course, subject to filibusters in the Senate. We've learned that the filibuster in recent years has made it quite difficult to pass laws. The CRA created a period of 60 "session days" (days in which Congress is in session) during which Congress could use expedited procedures to overturn a regulation.

Also on January 27, several consumer privacy advocates sent a letter (Adobe PDF) to the same Congressional representatives. The letter, signed by 20 privacy advocates including the American Civil Liberties Union, the Center for Democracy and Technology, the Center for Media Justice, Consumers Union, the National Hispanic Media Coalition, the Privacy Rights Clearing House, and others urging the Congressional representatives:

"... to oppose the use of the Congressional Review Act (CRA) to adopt a Resolution of Disapproval overturning the FCC’s broadband privacy order. That order implements the mandates in Section 222 of the 1996 Telecommunications Act, which an overwhelming, bipartisan majority of Congress enacted to protect telecommunications users’ privacy. The cable, telecom, wireless, and advertising lobbies request for CRA intervention is just another industry attempt to overturn rules that empower users and give them a say in how their private information may be used.

Not satisfied with trying to appeal the rules of the agency, industry lobbyists have asked Congress to punish internet users by way of restraining the FCC, when all the agency did was implement Congress’ own directive in the 1996 Act. This irresponsible, scorched-earth tactic is as harmful as it is hypocritical. If Congress were to take the industry up on its request, a Resolution of Disapproval could exempt internet service providers (ISPs) from any and all privacy rules at the FCC... It could also preclude the FCC from addressing any of the other issues in the privacy order like requiring data breach notification and from revisiting these issues as technology continues to evolve in the future... Without these rules, ISPs could use and disclose customer information at will. The result could be extensive harm caused by breaches or misuse of data.

Broadband ISPs, by virtue of their position as gatekeepers to everything on the internet, have a largely unencumbered view into their customers’ online communications. That includes the websites they visit, the videos they watch, and the messages they send. Even when that traffic is encrypted, ISPs can gather vast troves of valuable information on their users’ habits; but researchers have shown that much of the most sensitive information remains unencrypted. The FCC’s order simply restores people’s control over their personal information and lets them choose the terms on which ISPs can use it, share it, or sell it..."

The new FCC broadband privacy rules kept consumers in control of their online privacy. The new rules featured opt-in requirements allowing them to collect consumers' sensitive personal information only after gaining customers' explicit consent.

So, advertisers have finally stated clearly how much they care about protecting consumers' privacy. They really don't. They don't want any constraints upon their ability to collect and archive consumers' (your) sensitive personal information. During the 2016 presidential campaign, candidate and now President Donald Trump promised:

"One of the keys to unlocking growth is scaling-back years of disastrous regulations unilaterally imposed by our out-of-control bureaucracy. In 2015 alone, federal agencies issued over 3,300 final rules and regulations, up from 2,400 the prior year. Every year, over-regulation costs our economy $2 trillion dollars a year and reduces household wealth by almost $15,000 dollars. Mr. Trump has proposed a moratorium on new federal regulations that are not compelled by Congress or public safety, and will ask agency and department heads to identify all needless job-killing regulations and they will be removed... A complete regulatory overhaul will level the playing field for American workers and add trillions in new wealth to our economy – keeping companies here, expanding hiring and investment, and bringing thousands of new companies to our shores."

Are FCC rules protecting your privacy "over-regulation," "onerous and unnecessary?" Are FCC privacy rules keeping consumers in control over their sensitive personal information "disastrous?" Will the Trump administration side with corporate lobbies or consumers' privacy protections? We shall quickly see.

There is a clue what the answer to that question will be. President Trump has named Ajit Pai, a Republican member of the Federal Communications Commission, as the new FCC chair replacing Tom Wheeler, the former chair and Democrat, who stepped down on Friday. This will also give the Republicans a majority on the FCC.

Pai is also an opponent of net neutrality rules the FCC has also adopted, which basically says consumers (and not ISPs) decided where consumers go on the Internet with their broadband connections. Republicans in Congress and lobby groups have long opposed net neutrality. In 2014, more than 100 tech firms urged the FCC to protect net neutrality. With a new President in the White House opposing regulations, some companies and lobby groups seem ready to undo these consumer protections.

What do you think?


74 Percent of US Broadband Households Have Internet-Connected Televisions

According to new research from The Diffusion Group (TDG), 74 percent of US households had Internet-connected televisions at year-end 2016. In 2013, 50 percent of households had Internet-connected televisions. Michael Greeson, TDG President and Director of Research, said:

"At 74% penetration, connected TV use is squarely in the Late Mainstream phase of its trajectory. Barring any major disruption in TV technology or market conditions, growth will slow each year as the solution reaches saturation... Broadband pay-TV services are particularly well positioned to leverage this utility, which permits scale at much lower costs."

TDG first noted in 2004 that the penetration of connected televisions would closely follow broadband (a/k/a high-speed Internet) services.

Chart by TDG of Internet-connected televisions in the United States. Click to view larger version


How To Spot Fake News And Not Get Duped

You may have heard about the "pizzagate" conspiracy -- fake news about a supposed child-sex ring operating from a pizzeria in Washington, DC. A heavily armed citizen drove from North Carolina to the pizzeria to investigate to investigate the bogus child-sex ring supposedly run by Presidential candidate Hillary Clinton. The reality: no sex ring. That citizen had been duped by fake news. Shots were fired, and thankfully nobody was hurt.

CBS News reported that the pizzagate conspiracy had been promoted by Michael G. Flynn, son of retired General Michael T. Flynn, Donald Trump's pick for national security adviser. As a result, the younger Flynn resigned Tuesday from President-Elect Trump's transition team.

I use the phrase "fake news" for several types of misleading content: propaganda, unproven or fact-free conspiracy theories, disinformation, and clickbait. The pizzagate incident highlighted two issues: a) fake news has consequences, and b) many people don't know how to distinguish real news from fake news. So, while political operatives reportedly have used a combination of fake news, ads, and social media to both encourage supporters to vote and discourage opponents from voting, there clearly are other real-life consequences.

To help people spot fake news, NPR reported:

"Stopping the proliferation of fake news isn't just the responsibility of the platforms used to spread it. Those who consume news also need to find ways of determining if what they're reading is true. We offer several tips below. The idea is that people should have a fundamental sense of media literacy. And based on a study recently released by Stanford University researchers, many people don't."

The report is enlightening. In the "Evaluating Information: The Cornerstone of Civic Online Reasoning" report, researchers at Stanford University tested about 7,804 students in 12 states between January 2015 and June 2016. They found:

"... at each level—middle school, high school, and college—these variations paled in comparison to a stunning and dismaying consistency. Overall, young people’s ability to reason about the information on the Internet can be summed up in one word: bleak. Our “digital natives” may be able to flit between Facebook and Twitter while simultaneously uploading a selfie to Instagram and texting a friend. But when it comes to evaluating information that flows through social media channels, they are easily duped... We would hope that middle school students could distinguish an ad from a news story. By high school, we would hope that students reading about gun laws would notice that a chart came from a gun owners’ political action committee. And, in 2016, we would hope college students, who spend hours each day online, would look beyond a .org URL and ask who’s behind a site that presents only one side of a contentious issue. But in every case and at every level, we were taken aback by students’ lack of preparation... Many [people] assume that because young people are fluent in social media they are equally savvy about what they find there. Our work shows the opposite."

This is important for both individuals and the future of the nation because:

"For every challenge facing this nation, there are scores of websites pretending to be something they are not. Ordinary people once relied on publishers, editors, and subject matter experts to vet the information they consumed. But on the unregulated Internet, all bets are off... Never have we had so much information at our fingertips. Whether this bounty will make us smarter and better informed or more ignorant and narrow-minded will depend on our awareness of this problem and our educational response to it. At present, we worry that democracy is threatened by the ease at which disinformation about civic issues is allowed to spread and flourish."

While the study focused upon students, but older persons have been duped, too. The suspect in the pizzeria incident was 28 years old. The Stanford report focused upon what teachers and educators can do to better prepare students. According to the researchers, additional solutions are forthcoming.

What can you do to spot fake news? Don't wait for sites and/or social media to do it for you. Become a smarter consumer. The NPR report suggested:

  1. Pay attention to the domain and URL
  2. Read the "About Us" section of the site
  3. Look at the quotes in a story
  4. Look at who said the quotes

All of the suggestions require readers to take the time to understand the website, publication, and/or publisher. A little skepticism is healthy. Also verify the persons quoted and whether the persons quoted are who the article claims. And, verify that any images used actually relate to the event.

We all have to be smarter consumers of news in order to stay informed and meet our civic duties, which includes voting. Nobody wants to vote for politicians that don't represent their interests because they've been duped. To the above list, I would add:

  • Read news wires. These sites include the raw, unfiltered news about who, when, where, and what happened. Some suggested sources: : Associated Press (AP), Reuters, and United Press International (UPI)
  • Learn to recognize advertisements
  • Learn the differences between different types of content: news, opinion, analysis, satire/humor, and entertainment. Reputable sites will label them to help readers.

If you don't know the differences and can't spot each type, then you are likely to get duped.