Comments Off

Should app developers be more wary of CALEA

Posted November 18th, 2015 in CALEA, communications act of 1934 and tagged , by Alton Drew

ISIS’ recent attacks in Paris was allegedly facilitated via encrypted communications conducted over the internet. One of the apps allegedly used was Telegram. According to CNN:

“ISIS is also using Telegram to broadcast big messages on the app’s “channels,” which are devoted to a variety of topics. It was on the official ISIS channel that the group said the Paris attacks would be the ‘first of the storm.’”

Telegram has been flying under the radar having only been developed in 2013. Commercial applications like Telegram are hard to break allegedly because of the quality of their encryption. This quality of encrypted communications are providing law enforcement with its share of headaches. Again, according to CNN:

“Encryption is one of many ways that an adversary, whether that’s a criminal, a terrorist, a rogue nation, one of the many ways that they might use to hide their activities,” former NSA Deputy Director Chris Inglis, told CNNMoney. “I saw dozens of times — more than that, likely — across my career that, in fact, was an obstacle for us.”

Should app developers expect more scrutiny given not only the Paris attacks but threats by ISIS about striking targets in Washington, DC? Probably. And one agency that could add pressure is the Federal Communications Commission. Earlier this year the FCC issued rules that declared broadband services were no longer “information services” but “telecommunications services.” In a nutshell, the Communications Assistance for Law Enforcement Act (CALEA) requires telecommunications companies to enable the government, once a warrant has been obtained, to intercept all wire and electronic communications carried by the telecommunications company to and from equipment, facilities, and services of a subscriber. Carriers, however, are not responsible for decrypting any communications encrypted by a subscriber unless the encryption was provided by the carrier.

But while encryption can help hide the contents of a communication, it can’t hide that a communication happened. CALEA, as written, could be a tool to help law enforcement crack the actual devices (or what security experts call “the end point”)  used by a subscriber for receiving and sending messages. So if the subscriber is using a device with Telegram or some other enabling app loaded on it, data collected within the software could be subject for an investigation.

 

Comments Off

Replace “telecommunications carrier” with “broadband access provider and voila, privacy rules

The Federal Communications Commission today issued some guidance on protection of consumer privacy.  Short of any specific privacy rules, the FCC will apply provisions of Section 222 of the Communications Act to providers of broadband access services.  In other words, substitute the term “telecommunications carrier” with the phrase, “broadband internet access service provider” and we will have a template for broadband access providers to follow when determining how to use consumer information that they collect either from consumers themselves or the other broadband access providers with which traffic, data, and private information are exchanged.

Which has me asking.  Just what type of consumer information do broadband providers collect and how do they use it? To provide an example of information collected and how it is used, I took a look at the privacy agreement provided by All Points Broadband, a broadband provider located in Loudon County, Virginia.  The company collects personal information including a subscriber’s name, billing address, credit card information, service address, and the nature of the devices used by the subscriber.

Personal information provided by the subscriber to the company may be combined with other personal data gleaned from the company’s Facebook page, the company’s affiliates, third party operators, market research firms, or credit reporting firms.  All Points also collects non-personal information such as the specific device identifier for a subscriber’s device, the browser being used by the subscriber, or the page requested during a subscriber search.

The company also collects information about the use of their network including the equipment used on the subscriber’s premises, time when the service is being used, the type of data being transmitted, the content received and transmitted by the subscriber, and the websites visited by the subscriber.

And just how is this data being used?  Network information is used by the company to monitor the performance of the company’s network.  The company, using network information, assesses how the subscriber uses the company’s services including the amount and type of data beineg received and transmitted.

Personal information may be used to send the subscriber marketing and advertising messages about the company’s servivces and website.  While disclosure of personal information to third parties is provided only with a subscriber’s consent, the company reserves the right to disclose non-personal information or any other information that the subscriber decides to make public.

In an era of big data, broadband companies are sitting on a treasure chest of information that can generate up to 10% economic value, depending on the quality of analytics, both from internal and external monetization points of view.

Could the FCC’s application of Section 222 to data collected by broadband providers threaten a provider’s revenues and profits?  My answer is yes.  For example, take Section 222(c)(1) of the Communications Act.  Under this section, broadband access providers receiving customer proprietary network information would only be able to use this network information in the provision of broadband services from which the information was derived or for service necessary for providing broadband servivces.

Broadband providers would have to make the argument that network information has a distinct meaning from personal  or run the risk of losing revenues from the acquisition and distribution of this data.  Should the FCC’s network neutrality rules survive court challenge, the agency should consider making a distinction in its rules between network information and personal information.

Comments Off

Quick note on the Federal Communications Commission’s inconsistency on rate regulation

I just finished delivering a presentation before the National League of Cities infrormation technology committee.  Cities and towns are taking an interest in how the Federal Communication Commission’s reclassification of broadband may impact their decision to deploy commercial broadband facilities.  It’s one thing for the FCC to say that it will preempt state laws that prohibit a city from expanding broadband services from beyond its electric utility’s boundaries.  It is quite another to run the risk of having those services regulated by Tom Wheeler and Associates.

I pointed out to attendees that there is an inconsistency stemming from two sources.  First is the FCC’s proclamation that it will not apply public utility style rate regulation to broadband providers and that it will forbear from applying tariffing requirements to broadband carriers.  The problem is that the FCC is ready to apply “core requirements” of Title II.  Those core requirements, as found in sections 201 and 202 of the Communications Act, require that the rates charged by telecommunications firms be just and reasonable.  How will the FCC ensure just and reasonableness without a rate review?  In addition, “rate regulation” need not take the form of the traditional methodology where a regulatory body determines what the appropriate rate base is i.e. the assets needed for providing a service and, after applying a government-determined rate of return, calculating revenue and rates.

Rate regulation, as I shared with the committee, may take the form of determining rate bands, implementing price caps, or some other form of incentive regulation.  Also, while traditional tariff requirements might be foreborne, simple price schedules, as required for cable companies, may also be an option for making rates transparent and publicly on file with the FCC.  Simply sayng there will be no “public utility-style” rate regulation does not mean that broadband operator rates will not be regulated.

Second, the FCC and its net neutrality proponent allies sold consumers a level of expectation, a bill of goods, by arguing that need for regulating the internet was imperative to maintaining an open internet that would facilitate consumers’ abilities to freeluy express themselves on the printing press of the 21st century.  Notwithstanding a lack of any threat to the consumers’ ability to express themselves, the FCC, Free Press, Public Knowledge, and other groups insisted on Title II as a ready source of necessary consumer protections.  To the consumer, protection takes the form of rate and services regulation.  If the FCC is going to forbear from rate regulation, then what was the point of the net neutrality exercise?

As I relayed to the atendees, net neutrality was never about consumers and their rights to rant, vent, and watch videos.  Net neutrality is and always be a battle about content providers attempting to push their costs for transmitting content to a zero rate.  Uncertainty has been created by the FCC with its reclassification of broadband as a Title II, common carrier service.  That’s a quagmire that municipalities should stay out of.

Comments Off

In the wake of City of Roswell, can you trust locality’s power over broadband market?

The United States Supreme Court today issued a ruling in a tower siting case.  On the surface it was no big deal.  The City of Roswell Georgia thought that a cell tower proposed by T-Mobile would be an eyesore for the community so the city denied T-Mobile application.  T-Mobile cried foul, claiming that the city violated the Communications Act by failing to explain its reasoning.  The Court held that although Roswell was in its right to not include in its denial letter its reason for denying the application, the city’s reasons should have been provided to T-Mobile right around the time the wireless carrier received its denial letter.

What I found downright scary was the City’s argument for not providing a written explanation along with the denial.  The City believed that an obligation to provide a reason took away from its local zoning authority.  In addition at least one city council member believed that Roswell had enough cellular coverage that it was not necessary for the city to leverage the playing field for T-Mobile.

The court said, whoa; hold up a minute.  The reason you explain your denial is to prevent that very attitude toward new entrants.  Localities are required to state their reasons for denying applications in order to prevent unreasonable discrimination among providers of functionally equivalent services.

Now consider Roswell’s attitude in light of President Obama’s announcement that he would like to see the Federal Communications Commission pre-empt any state legislation that restricts municipalities from providing their own broadband facilities.  Localities are the gatekeepers to companies entering local markets to sell broadband services.  If localities took this attitude toward wireline and wireless broadband providers seeking franchise agreements to provide services, there would be a disincentive on the part of the private sector to invest in, build out, and deploy broadband facilities.

It’s tough enough having to negotiate franchise agreements with localities.  Competing against them for the provision of broadband only makes market entry all the more difficult.

Comments Off

The FCC does not owe Marriott an unencumbered revenue stream

According to a petition filed with the Federal Communications Commission by Marriott International and other hotels, Marriott would like to the FCC to declare that a hotel’s management of its wifi networks does not violate section 333 of the Communications Act if management of its wifi operations interfere with wifi hot spots authorized under the FCC’s rule 15.  Sounds more like the hotels would like to protect one of their revenue streams.

From a business standpoint I’m not surprised, but if the FCC allows Marriott’s petition, in my opinion they run the risk of contradicting themselves on the policy of an open Internet, specifically the policy of allowing consumers to attach any lawful devices to the #internet for use by the consumer.

In addition, Marriott would like the public and the FCC to believe that this is not a #netneutrality issue. Granted I’m no fan of net neutrality but if you want to promote consumer access to websites of their choice, shouldn’t the FCC ensure that the consumer can access those sites using the lawful devices of their choice?

Given the proliferation of hot spots, it makes better business sense for hotels to discontinue their wifi services. Over 80% of consumers have cell phones and hot spots are less expensive than phones. Simply put in your brochures that you do not offer wifi and that you better buy a hot spot from AT&T or Verizon or a hot spot enabling smart phone before making that business trip.

The FCC does not owe Marriott or any other hotel an unencumbered revenue stream.