Category: Internet

What happens to your internet security when your fingerprints are stolen?

There is recent news that the US government last 5.6 million fingerprints to unknown people in a cyber-attack. While it is worrisome, I don’t blame the government, it seems like it can happen to anyone.  For example, pretty much every store and business cannot keep our credit cards safe.  If we take it as a given that if something is stored on a network, eventually it will fall into the hands of people not authorized to have it, then it is OK to worry about the significant loss of data, and in this case, not credit card data, but rather fingerprint data.

We have been told that passwords are inherently unsafe because they can be hacked or stolen.  And because passwords are unsafe, we need a new “safe” method of authenticating to the network – and the “safest” way is through biometric data like fingerprints.  So this brings me to my question – at least a password can be changed at the sign of hacking.  Fingerprints cannot be changed.  What are we supposed to do when the “bad guys” get a copy of our fingerprints like has just happened for 5.6 million people?  It is something I am thinking about in the realm of public policy.  Please leave a comment if you have an idea.

Privacy and mobile facial recognition

I just finished teaching my class on “Current Issues in Privacy.” Northwestern students are incredibly smart and it is always a joy to work with them. Of course one of the big issues is privacy on Facebook, but I will save that one for later. Instead, I would like to talk about a technology that one of our groups discussed in their final project – mobile face recognition. It seems there is an app for Android phones (Recognizr) that lets to snap a picture of someone and have it pair up that picture through facial recognition software with publicly available contact information. It will probably be available for iPhones soon.

So when you go to a bar, you do not have to ask the cute girl or handsome man for their contact information – just snap a picture with your smartphone and it will give their phone number, street address, email address, etc. to you. Nevermind that they did not want to give you their number. Or nevermind they thought you were a jerk and would have given you a fake number. Nevermind consent of any sort, they can just take the picture of you from a range that you never even see them doing it. It is one thing in classic privacy theory to expose yourself in public and it is another that anyone with common technology can use database aggregation (which is what these lookups are called) in new and possibly scary ways. It is one thing for the police to be able to pull you over and verify the picture on your driver’s license. It is another for anyone on the street to be able to get this type of information. So I guess we just need to get over the idea of privacy.

The FCC, Net Neutrality, and a lack of jurisdiction

It has been a while since I posted, so time to catch up. One of the biggest things happeing in communications law is the recent decision of the US Court of Appeals for the DC Circuit in the case Comcast v. FCC. In this case, the court ruled that the FCC did not have jurisdiction over the Internet. While a surprise to the FCC and probably the Obama administration who tasked the FCC with Internet regulation, it is of little surprise to long-time scholars of media law.

The FCC was attempting to use its “ancillary” jurisdiction to regulated “net neutrality.” Ancillary jurisdiction has worked in the past – when cable television was a young, and at the time, inconsequential aid to a few people in rural areas who needed to receive over-the-air television. But in this case we have a mature, ubiquitous, and important media and the FCC tried to use its “ancillary” jurisdiction. The court said that the FCC exceeded its general regulatory authority when trying to apply plenary regulation to the Internet.

Congress gives authority to the FCC in the Communications Act of 1934. It is an interesting read of structural policy. For example, there is a chapter on “common carriers,” and one on “radio (and television),” and one on “cable television.” But nowhere do you find the chapter on “the Internet.” Not that the Internet needs its own chapter (but it should have one…), plenty of services are regulated under the big topics including cellphones (common carrier) and satellites (also common carrier). But even when looking for the provisions that apply to the Internet, there are few of them. So the FCC did see itself as having significant authority over the Internet, but the court saw the FCC has having what Congress has given it and not too much more.

And the importance of this case? First the FCC needs to think of another way to regulate things like net neutrality (and it is busy brainstorming right now) and second, perhaps this will encourage Congress to take up the topic of Internet regulation and jurisdiction (a new chapter in the communications act, anyone?). With clarity from Congress, the FCC could have its way with Internet regulation.

100 MB download speeds – Google and Medialawprofessor think alike

Back in 2001 I gave a presentation at a broadband conference where I made the then-bold assertion that each household would need a minimum of 100 MB of undiminishable (ie not shared) bandwidth.  I remember at this same conference that another speaker who was attached to slow DSL speeds made fun of me saying essentially that there was no need for 100MB of bandwidth to every home – he asserted that DSL( then 1.5MB tops) was as fast as anyone would need.  Well it feels good to be right and just about a decade ahead of my time.  Google is now imagining ultra high speed networks to the home and the FCC is proposing its “100 squared initiative” – 100 million homes with 100 MB of service.  In order to stay ahead of the curve, I can now foresee the need for 10GB of service to the home in the next 20 years.  It takes a lot to do a hologram even with good compression….

This is a link to my original 2001 presentation.  Towards the end you will see a couple of slides where I calculate what I think the then-foreseeable need for 100MB might be: https://medialawprofessor.files.wordpress.com/2010/02/broadband-presentation-morris1.ppt

The FCC and “The Future of Media”

The FCC (www.fcc.gov) has started a proceeding examining “the future of media.” The public notice lists 42 questions covering everything from the state of journalism to traditional radio and television to the Internet.  The FCC welcomes is requesting comments and they have started a new website at http://www.fcc.gov/futureofmedia.

For more information on cameras in the courtroom, read our book chapter on “Court TV”

I worked with my colleague Chuck Kleinhans at Northwestern University on a media study of the cable channel “Court TV.”  While the current channel “TruTV” has roots in Court TV, they are really nothing alike.  Court TV was owned by a lawyer and went courtroom-by-courtroom across the country fighting for access for cameras to the courtroom.  They learned how to “do it right” in the broadcast of court proceedings – no easy feat.  You don’t want to just dump any set of technologists into a courtroom and expect everything to be alright.  Judges became experienced in how to handle cameras.  The legacy of their early successes remain in most states today.

Chuck and I watched Court TV for ten years to do our study.  It is humanities-oriented (ie not quantitative) and a fun read. Court TV provided live gavel-to-gavel coverage of fascinating cases from divorces to small claims court.  It provided post-trial interpretation by experts and in the early years, it even had continuing-education programs for lawyers.  Court TV was not able to sustain sufficient ratings and transformed into the popular-cime-drama/docu genre that it is now.

Here is the citation: Chuck Kleinhans and Rick Morris, “Court TV: The Evolution of a Reality Format,” Startling! Heartbreaking!Real! Reality TV and the Remaking of Television Culture, Laurie Ouellette and Sue Murray, eds., (New York: NYU Press, 2004), 157-175  Note that this is the FIRST  edition of the book.  Laurie and Sue went on to do a second edition and Court TV had transformed into TruTV by then so our chapter did not make it through to the second edition.

Comcast v. FCC, net neutrality, and homework

In Comcast v FCC, the FCC is attempting to sanction Comcast for interfering with internet services – and interfering with internet services is against the principles of “net neutrality.”  However, Comcast is defending on what this author believes is a very effective ground – that the FCC does not have authority to regulate net neutrality.

The FCC is given its authority by the Communications Act of 1934, as amended many, may times over the years including by the Telecommunications Act of 1996.  The problem for the FCC in this case is that the Communications Act has not been amended to empower the FCC to address net neutrality.  The FCC normally needs explicit jurisdiction, granted by Congress and the President, in order to regulate communication subjects.

Of course there are some exceptions.  For example, when the subject is “reasonably ancillary” to a subject that the FCC has explicit authority over, the courts have held that regulation is OK.  Even so, the FCC can go too far in that regulation.  The reasonably ancillary doctrine was applied to cable television cases.  US v. Southwestern Cable 392 US 197 (1968).  However, the FCC went too far in its “ancillary regulation,” and the courts rejected additional regulation in FCC v. Midwest Video. The jurisdiction of the FCC over cable television was eventually cleared up in the Cable Communications Policy Act of 1984.

So which will it be in this case? The appeals court has yet to rule.  So this is an instance where FCC regulation is not certain.  In cases where the FCC overreaches, or where the FCC does not “do its homework,” the courts are not afraid to overturn the FCC’s rules.

Net Neutrality – Why is it important to me?

The Federal Communications Commission (FCC) has an open proceeding on net neutrality.  What is net neutrality and what does it mean to me?

Net neutrality is a nominative term for equal access to all of the services that the internet has to offer.  In contrast to net neutrality is a variety of activities that restrict the end-user from transmission of the full range of internet communications.  For example, suppose that you want to use a VOIP service that is much cheaper than what your internet service provider provides.  Say you can get Skype for $3.95 a month but your internet service provider – the phone company that provides your DSL or your cable company that provides your high-speed internet service – has a competing offering of VOIP telephone for $12.95 a month.  Your internet service provider might consider the competing service as undesirable and either block it entirely or at least slow down the access of that service.  In that case your internet service provider is not providing neutral, equal access to the internet.

There are plenty of legitimate reasons to block some services on the internet.  For example, certain services are obsolete and insecure, so some ISPs block them entirely.  Also, some services, especially database services, are often deemed premium services and the ISP is willing to let those services operate for a slightly higher monthly fee.  On the other hand, however, are actions by ISPs such as blocking services like competing VOIP providers – those actions seem to be an uncompetitive practice.  The most difficult questions come with services used for both legitimate purposes as well as purposes that may lead to illegitimate uses such as copyright infringement.  Some of the P-to-P protocols and services might be considered in this category.  The ISP will claim that the P-toP services consume too much bandwidth.  The end user will claim that they are entitled to be able to use the P-toP service.

The macro business issues are difficult.  The ISPs have invested millions of dollars into their physical plants and the labor it takes to run them.  shouldn’t they be able to make money off of their investment in appropriate ways?  The end users will assert that they are paying the monthly fee, shouldn’t they be entitled to use the internet in any way the wish?

You are an end user.  What do you think? Under what circumstances should ISPs be able to block services on the internet? For security reasons? For business reasons? Should end users have complete and unfettered access to all services on the internet?  The FCC has an open proceeding.  They will be holding public hearings on the issues, they will be posting information and notices, and they will be accepting comments from the public.

Dangerous communications

Communications dangers in 2010, a few resolutions for the new year

1) Getting to know someone: Everything from dating to social media sites present dangers to the participants.  Recently we have seen children commit suicide for what was said to them on social media sites and have seen too many episodes of Dateline to know that there are real dangers.

2) Letting someone find out about you: Sure, you thought that only your friends would see that picture of you drunk and get a laugh.  But when the hiring partner of your future firm does not get a laugh of your picture with the lampshade posted world-wide, you will need to re-evaluate what you let others know about your personal life.  Remember that the hiring partner has a personal life too, but they don’t put pictures available worldwide on the Internet….

3) Not guarding your numbers: Keep your SSN, bank numbers and other important numbers away from the bad folks.