Post on 04-Jul-2015
description
transcript
4/11
@PrincetonCITP
“Trusting Human
Safety to
Software:
What Could
Possibly Go
Wrong?”
How the Tubes are
Strangling Their Owners
Internet a series of tubes
Tubes provide our software updates.
What could possibly go wrong?
Patch Tuesday biggest Internet event, especially for sysadmins:
• “In a relatively light September 2014 Patch Tuesday release,
“Microsoft addressed 42 vulnerabilities across four bulletins.
• “The majority (37) repair issues in Internet Explorer (IE),
• “8th month in a row the Web browser has required patching.
• “Over the past three months, Microsoft has issued updates for
more than 100 vulnerabilities in IE”
Xkcd 1328
Microsoft trying hard to restore trust
in intermediaries…
But I will discuss more consumer
issues: who controls your download?
What’s worse than a free U2 album?
No, it’s not two free albums….
It’s….
Who decides what you get?
• Terms and conditions of e-commerce providers
• Intermediary terms
• Internet Service Providers’ Terms of Use
• Note many ISPs scan email and web for spam and malware
• Billions of spam emails removed every day
• You give them permission in your Terms of Use
• That provided a backdoor to breach net neutrality in mid-2000s
• “Not throttling but security scanning…”
More here….
UK Consumer Rights Bill 2014:
updates Sale of Goods Act 1979
Helpful Q&A section: case study
Consumer buys an e-book…which does not download properly…
“She also checks with her ISP that
there were no interruptions
during the time of the download."
Who double checks that?
The consumer must prove that….
“the digital content was not of satisfactory quality
and
the problem was not due to their internet connection or hardware.
“The trader would then have to provide the consumer with redress
regardless of whether they had provided the related service with
reasonable care and skill.”
See any problem with the government case study proof?
It's a net neutrality law!
How will ISP satisfy proof of an uninterrupted service
if it does any filtering or throttling at all?
• ”Has #UKgov thought about #netneutrality implications of
#prosumerlaw refunds for 'faulty' (jittery) downloads?”
225 page consultation document shows no hits for net neutrality
• http://discuss.bis.gov.uk/consumer-bill-of-
rights/ministers-introduction/
Many players: author, distributor,
consumer, 3rd parties
Codes of
Conduct all over
the place for
ISPs, for
retailers, for
consumers
My co-author Ian Brown suggests
monitoring by e-commerce providers
“I suspect this law would encourage interactive content suppliers
to develop software for the user's device
• that would monitor media playout and connection quality
Supplier can reject claims resulting from hardware/ISP problems”
Test hardware & connection speed
before agreeing to supply content
Result: overt monitoring of your
device/connection by every app
Sounds familiar?
There’s an app for that...
BBC iPlayer already monitors
connections on the fly
BBC Internet Blog 2012: Android Update
http://www.bbc.co.uk/blogs/legacy/bbcinternet/2012/02/bbc_iplayer
_android_update.html
“Some people have asked why the BBC iPlayer Android app asks
for permission to access your phone's Network communication,
Phone calls and System tools.
“These are standard Android app permissions that are defined by
the Google Android platform.”
The 3 permissions the BBC iPlayer
Android app asks to use
1. Network Communication - full internet access.
provides iPlayer access to the internet so it can play programmes.
2. Phone Calls - read phone state and identity.
provides iPlayer with phone communication status and notifies the
application if the phone rings or a phone call is in progress.
• iPlayer app pauses if you receive a phone call while watching.
• iPlayer app does not access or store any personal information,
phone numbers or IMEI numbers.
3. System tools – prevents sleeping, retrieve running applications.
• iPlayer ability to prevent phone going to sleep when watching
BBC monitoring iPlayer performance
to regulate ISP throttling
Vaizey says no to net neutrality, BBC looks to iPlayer traffic light system
• November 18, 2010 http://www.digitaltveurope.net/1931/vaizey-says-no-to-net-
neutrality-bbc-looks-to-iplayer-traffic-light-system/
“UK ISPs should not be bound by so-called network neutrality
commitments, according to communications minister Ed Vaizey”
BBC response – name and shame ISPs who throttle
Why else might
BBC monitor?
iPlayer provides early access to
two shows in great demand
[1] UK Top Gear
[2] Dr Who
Millions of ‘petrolheads’ and scifi fans use VPN proxies
Costs UK tax payer (=licence fee payer)?
• http://www.theninjaproxy.org/ninja/how-to-watch-bbc-iplayer-on-
your-ipad-from-outside-the-uk/
Similar issues with net neutrality
forensics in US
• Neubot: http://www.neubot.org/2014/10/15/neubot-update-
2014-q3
• Measurement Lab: http://www.measurementlab.net/
• SamKnows for FCC: http://www.fcc.gov/reports/measuring-
broadband-america-2014#Figure2
• Mobile data? http://www.fcc.gov/reports/measuring-broadband-
america-2014#Launch
• uCap talk next week @CITP
• https://citp.princeton.edu/event/chetty/
Conclusion: Computer says no…
government in denial on CRB
Final thought: problems both ways –
providing higher service quality
If ISPs throttle,
that might become a cause of action under
Consumer Rights Bill –
though government claims no impact
But if ISPs develop ‘specialised
services’ and still fail to deliver?
Would NexFlix, YouTube or Facebook have contractual cause?
• SS are not flawless – many B2B disputes over network outages
Difference here is the consumer’s involvement
• Especially if that consumer has no financial damages except
time and effort –
• for Wikipedia or BBC content, for instance?
In both US/Europe, outside consumer/communications law?
What’s worse than a free U2 album?
One that doesn’t play back?