Three Big Deal News Items in Tech Policy

Since last we spoke, there’s been significant news on three tech policy fronts with major significance that are worth noting, so this is an all-purpose post with news value to catch you up on everything but the latest developments in the presidential race (which is too wild for to comprehend.)

MOBILE Now Passes Committee

First, the Senate Commerce Committee passed the MOBILE Now Act with a heavy raft of amendments. The hearing is archived here and the amendments are here. Not surprisingly, the author’s amendments gave a larger role to NTIA in identifying government spectrum for reassignment since FCC has no visibility into federal spectrum use. They also tightened up some of the timelines and replaced decision making by Congress with more consultation with the FCC. The barriers to 5G are going to come from a lack of low-band spectrum (under 3 GHz in the bill) and the complications and delays involved in securing access to rights of way, easements, and pole attachments for new fiber optic cable. The faster these problems can be dealt with, the sooner we’ll have gigabit mobile broadband.

The amendments added a number of ornaments to the bill, the most significant of which were a longer timeline for repacking of TV stations that don’t sell their spectrum after the Incentive Auction. The timeline the broadcasters want can be compressed by adding a training program for mast technicians to the auction process, so there’s plenty of work to be done as the bill progresses. I’ll do a detailed analysis of the amendments in the days to come.

House Judiciary Holds Marathon Hearing on Apple/FBI

Five hours is a long hearing, even if it’s not interrupted by a floor vote, and that’s what happened in the House last Tuesday. While a few members are willing to impose a Clipper chip-style ban on encryption without a back door, most realize that apps can supply end-to-end encryption regardless of the duties imposed on Apple and Google for back doors, which makes back doors useless to national security and law enforcement. It’s interesting that the FBI continues to blast Apple for not cooperating while NSA is silent.

The hearing featured two panels, one with FBI director James Comey and another with a group with Apple General Counsel Bruce Sewell, New York County DA Cyrus R. Vance Jr, and Professor Susan Landau of Worcester Polytechnic and formerly of NSA. I presume this was in the Judiciary Committee because Apple has raised First Amendment and other constitutional issues in its challenge to the court order it received about unlocking the San Bernardino County’s iPhone used by terrorist Syed Rizwan Farook. Apple’s argument comes down to the fact that the tool the FBI is seeking would be dangerous to create because it would make every iPhone less secure; but they also argue that the FBI erred when it changed the iCloud password on the phone’s account.

While Vance and Comey want to enlist Apple’s manpower in their respective law enforcement efforts, Professor Landau sagely observes that law enforcement needs to up its game and stop relying so much on the private sector to do its work. I’m fairly certain this message resonates with those who feel that dependency is to be avoided when at all possible. While there were a few dramatic moments, nothing was resolved. The next steps play out in the courts and it’s crystal clear that nobody knows who to believe on this very complicated issue.

Feamster Acknowledges Swire’s Paper is Factual as Far as it Goes

In other news, Princeton professor Nick Feamster sent a letter to the FCC last week complaining that Professor Peter Swire’s paper on the limited ISP visibility into user behavior was full of factual errors. Swire pushed back on Feamster’s claim:

Professor Feamster writes: “To claim that ISPs cannot learn about user activity from the traffic they can see is simply not true.” We did not make any such claim. We did say there are limits on the comprehensiveness of ISP access to user information, notably including the sharp rise from 13% to 49% of encrypted traffic over the Internet backbone since April, 2014.

Professor Feamster writes: “While it is true that end-to-end encryption is becoming more pervasive, this also does not by itself prevent the ISP from observing user activity from network traffic.” Our paper carefully and accurately describes the change in ISP visibility when traffic becomes encrypted, notably that content and detailed URLs are blocked from view. Other information, including the host name, length of session and number of bits transmitted, remains available to view.

But the “public interest” lobby was full of praise for Feamster’s letter. Public Knowledge, for example, called it an “excellent letter” in a tweet auto-posted to its Facebook account.

Public Knowledge Praises Feamster Letter

Public Knowledge Praises Feamster Letter

Now, Feamster has clarified that his letter was wrong to assert there were factual errors in the Swire paper, but maintains that the omissions in the paper can give readers an inaccurate impression of ISPs’ capabilities.

Here’s the Politico news mention (scroll down):

PRINCETON PROF: NOTHING INCORRECT IN SWIRE PAPER Georgia Institute of Technology professor Peter Swire’s paper on ISPs data mining took some flack from Princeton professor Nick Feamster last week for technical inaccuracies, but Feamster is revising his stance. “Upon more careful review of the paper, I have not found anything in the report that I believe is incorrect,” he said, but added there are points missing from the paper that need more attention. “I continue to believe that there are important additional facts that should be considered by policymakers, which were not discussed by the paper.” Swire had criticized Feamster’s criticism of the paper. Their back-and-forth underscores the complexity of ISPs’ current role in data collection, which the FCC will have to sort through as part of its broadband privacy rulemaking.

Here’s what happened: Swire discussed activities that take place on the Internet between the consumer’s home or business router and the public Internet. Feamster, who has been studying home networks for some years now, raised a number of issues about visibility that ISPs may have if they were to supply customers with home routers loaded with surveillance code. The two know each other, so they were able to have a polite point-by-point review of Feamster’s analysis. While Feamster raised some interesting hypotheticals, they didn’t have any direct bearing on the points that Swire offered in his paper, Online Privacy and ISPs. Feamster has clarified the issues he raised in a nicely nuanced post on the Princeton Freedom to Tinker blog.

There are three reasons for this:

  1. There’s no evidence that ISPs do in fact load surveillance code in the routers they provide to customers;
  2. Users are not generally required to use ISP routers. Even in the most extreme cases where some sort of network interface is embedded in an ISP router, the router can be placed in a pass-through mode where the customer-supplied router does all the work;
  3. End-to-end encryption and VPNs cloak user payloads all the way from the customer’s computer to the Internet regardless of what’s going on inside the router.

Hence, control of the home router doesn’t significantly change anything. I’m glad the two were able to get together and realize they were talking past each other since I like and respect both of them. The vantage point of home routers is important, but that’s the case for routers purchased by consumers at retail as well as those supplied by ISPs. And I dare say that the FCC’s AllVid plan has the same issues because Chromecast and FireTV sticks from Google and Amazon are in a similar situation to home routers.

This News is Good News

So this is all good news. Policy makers need to be armed with good information when stepping into tech policy controversies and these three news items were all brought to us on the strength of good information.  The amendments to MOBILE Now were the result of good old-fashioned consulation between Senate staffers and interested parties over a period of several weeks (if not months,) the Judiciary Committee hearing exposed a lot of insight simply by its length, and the willingness of Swire and Feamster to work together ended up providing the FCC with good information about privacy and how the Internet works. So all in all, the search for truth was well served last week. Let’s have some more weeks like that.

[Note: This piece is a revised. Originally I thought Feamster had retracted his letter because it didn’t load, but that issue has been corrected. Thanks to Professor Feamster for the correction.]