Tag Archives: markets

Telecommunications and Backdoors

Posted on by
Reply

It turns out that Huawei has been able to use legislatively mandated backdoors into telecommunications software—backdoors ostensibly for the sole benefit of law enforcement, and then only usable within judicially allowed limits, search warrants duly sworn, in the US, for instance—for years.

But we would never do that, says Huawei in its wide-eyed innocence.

“The use of the lawful interception interface is strictly regulated and can only be accessed by certified personnel of the network operators. No Huawei employee is allowed to access the network without an explicit approval from the network operator,” the [senior Huawei] official said.

The existence of the interface is the access pathway. The bar to its use is wholly a matter of the integrity of the humans involved. This is not a hard concept to understand; Huawei’s management is being disingenuous to pretend otherwise.

Further, PRC law requires PRC companies to cooperate with the government on the government’s demand.

Huawei “has never and will never do anything that would compromise or endanger the security of networks and data of its clients,” the company said.

Huawei’s CEO Ren has also made that preposterous claim. He and his management team insult our intelligence, assuming as they do that we would believe that Huawei would actually defy the PRC government.

Markets in Internet Domains

Posted on by
Reply

ISOC, which owns the .org Internet domain, wants to sell the address to a company called Ethos, which wants to go into a for-profit business managing Internet domains or Internet addresses. ICANN has to approve the sale before it can go through.

The free market competition that would result from the sale and others like it is supposed to knell the end of the Internet. The Wall Street Journal‘s Editorial Board likes the idea.

They’re both wrong, and they’re both being hysterical about it.

ICANN, and ISOC, come to that, have done a fine job of managing the domains within their purview. I’m not sure that’s a thing needing fixing, so I’m spring-loaded against the sale of any their domains to Ethos or any other organization.

Competition? Of course. Let Ethos generate its own domain or suite of domains to compete with the .org domain. Let Ethos and other private enterprises create their own domains or suites of them to compete with the existing ICANN-overseen domains like .com, .edu, .[whatevs].

Simply passing a domain from one manager to another does nothing for competition; that’s just a game of Two-Card Monte.

In Which Illinois Got It Right

Posted on by
Reply

Back in 2008, Illinois passed a law barring companies from collecting customers’ personal biometric information without their prior permission. Companies in Illinois also were required to develop a policy, and make it readily available, that laid out how those biometric data would be stored and when they would be destroyed.

Facebook was accused of violating that law when it decided to use its facial recognition technology to analyze users’ photos in order to create and store “face templates.” Users’ faces are plainly biometric data in this context, the data were taken by Facebook without the owners’/users’ permission, and in 2015, folks sued Facebook over its misbehavior.

Now comes a reckoning of sorts.

Facebook has agreed to settle a $550 million lawsuit brought on behalf of millions of Illinois users who claim the social network’s automated tagging feature powered by facial recognition technology violates their biometric privacy rights.

Good law, and mostly good outcome.

But maybe the class action group shouldn’t have settled. Settlements only bind the parties to the suit and are only as good as the promises of those parties. Facebook has a long history of finding ways to weasel-word around the terms of its settlements, violating their spirit if not their letter.  Court judgments, though, are permanent, binding on all parties to the suit, and binding also on everyone else within the court’s jurisdiction.

We’ll see on this one, but Illinois got this one right with its law.

A Good Start

Posted on by
Reply

But it’s only a start. The Trump administration is working with companies including Microsoft, Dell, and AT&T to develop 5G software in an attempt to break Huawei’s current dominance of the 5G market and to supplant it.

The plan would build on efforts by some US telecom and technology companies to agree on common engineering standards that would allow 5G software developers to run code atop machines that come from nearly any hardware manufacturer.

Software isn’t the only source or solution, though; we need to push hardware development, too. It’s too easy to bury malware in hardware’s ROM/PROM/EPROM chips; Huawei’s hardware will need to be excised as well.

Foolish Risks

Posted on by
Reply

Great Britain has decided to let the People’s Republic of China’s Huawei—which by PRC law must cooperate with the PRC government whenever that government requires it—to play a role in Britain’s development and deployment of its 5G telecommunications network.

Great Britain says Huawei role will be limited, but in a computer network, such limits lie somewhere between chimera and pipe dream.

The Brits say that Huawei, and “high risk vendors” generally, would be excluded from the network “core.”

The Brits say they are

taking steps that would allow it “to mitigate the potential risk posed by the supply chain and to combat the range of threats, whether cybercriminals, or state-sponsored attacks.”

And that

high-risk vendors would be subject to a 35% cap on access to even non-sensitive parts of the network.

Thirty-five per cent. That’s a broad penetration of a network’s “non-sensitive parts,” a network’s periphery.

This is foolish.

Mitigating risks is not the same as preventing them. This isn’t a matter of the Internet going down for a bit, and our not being able to post our blog articles or do a Bing search for this or that. It’s not a matter of losing a cable connection so we can’t watch TV for a few minutes or an hour, nor is it a matter of a temporary drop of cell phone access.  This is a matter of national security, and the difference between mitigation and prevention is critical.

It takes only a single opening in a network’s outlying accesses to enable a nefarious entity to insert malware into the network. Once inserted, that malware can proliferate on its own, even penetrate the core, and then that malware is positioned to allow the entity to engage in cybercrime, cyberespionage, cyber-triggered sabotage of other infrastructure.

Even were the core adequately protected, malware in the periphery still can render the core impotent by isolating it from the periphery—much as biological damage can isolate a body’s core, its brain, from the body.