The End of AT&T - FON and the rise of Citizen Networks

This week's column for VoIP Magazine is on "Anarchic Wireless Networks" -- a term I was introduced to while working with Nokia back at the beginning of the millennium. At the time folks in Nokia's strategy group expressed the belief that AWN was the biggest threat to operator hegemony -- offering citizen driven wireless networks as an alternative to corporate controlled and government regulated cellular networks. Now along comes FON, $5 routers, and backing from Google and EBay. The end of AT&T? Not today or even tomorrow. But it may finally be a vector for competition with what is otherwise beginning to look like a very cozy relationship between mega-corporations and government aimed at completely controlling our access to information and communications.

Of course, as I point out in my opinion piece, the existing broadband providers will fight FON (and other AWN offerings) to protect their monopoly franchises. Don't be surprised if they even do this in the name of "national security" since, of course, if it is being driven from the bottom up it must be dangerous. Let's all start calling this technology "CITIZEN NETWORKS" so that when AT&T lobbies to have these networks shut down, it is clear that they are trying to take away our FREEDOM.

Here is an excerpt from my VoIP Magazine article:

Way back in the year 2000, big telecommunications companies like Nokia were talking about wireless broadband as an alternative to telecommunications companies. The Nokia RoofTop Router Management System was the beginning of a strange new networking animal that the company privately called "anarchic wireless networks" -- subscriber-driven networks that would grow organically and provide consumers with "…a high speed, always-on Internet connection." But the "anarchic wireless network" -- let's call it AWN -- group at Nokia hasn't been heard from in awhile, perhaps in part because these kinds of networks provide stiff competition for the kind of customers that provide the bulk of Nokia's revenue -- traditional large telecommunications carriers.

In the meantime a spunky Spanish startup has independently developed a technology and business model that brings the idea of AWN into consumer's hands, at a fraction of the price thought possible just 5 years ago. And with a $21.7 million venture round closed this past February (which includes Google and EBay), FON has the resources and corporate backing to bring this idea to market in the developed world.

Read the rest on the VoIP Magazine website --> "Anarchic Wireless Networks, The Future of Telco Competition?"

AT&T-Bellsouth behemoth may harm WiMAX market

Before Behzad Nadji resigned as the CTO of AT&T Labs, he was a vocal proponent of WiMAX, insisting that AT&T had "billions of reasons" to get WiMAX up and running between its central offices and customer premises... he was referring to the billions of dollars that AT&T spent every year on last mile access over monopoly telcos wires. AT&T's investment in WiMAX might have created a real alternative to the Bell operating companies...

But with SBC's acquisition of AT&T and the pending acquisition of BellSouth, strategists at the new Ma Bell reasonably have concluded that there is no reason for them to create competition to their own infrastructure. The Wireless Report's Brian White writes today that

With the AT&T-Bellsouth merger close looming ever-so-closely on the horizon, members of the U.S. Senate are a little perturbed that this merger, when complete, will possibly dampen development of newer broadband technologies like WiMAX, which is considered to be the potential third broadband pipe coming to a PC near you soon -- DSL and cable need competition anyway.

White points out that Sprint Nextel owns licenses to the 2.5GHz range where WiMAX is likely to be deployed in the US, but the fact remains that the old AT&T, with its vast business customer base and wide variety of central office locations to mount WiMAX gear was in the best position to offer a real alternative to the Bells.

When there is real competition, markets work. When there isn't... well I think we can all see what happens.

ACTION ALERT: Broadcast Flag Hidden in Telecom Bill | Public Knowledge

The "Public Knowledge" website reports that Senator Stevens is trying to sneak broadcast flags into the new telecom bill -- in this article they write...

If you’re saying, “Broadcast Flag? I thought we defeated that?” You’re right! But we’ll have to do it again. But we’ll have to do it now, as the bill is being marked up THIS THURSDAY…

Amidst all the Net Neutrality hubbub you might have missed the return of the Broadcast Flag, this time tucked into Senator Stevens’ 151 page telecommunications bill, S.2686. What’s an onerous copy protection scheme doing in the middle of a telecommunications bill? If you’re confused, you should be, it’s a tactic designed to sneak in a regulation that’s been repeatedly rejected by both Congress and the courts.

The most recent version is worse than any before, without any real exceptions for fair use. Even worse, this time it’s paired with an Audio Broadcast Flag that will cover digital and satellite radio too. Government technology mandates all around!

Contacting your Senators is vital to defeat the Broadcast Flag—again.

Spread the word, read the talking points here, contact your Senator.

Did The Telcos Break The Law In Getting Merger Approvals?

When Gary Reback filed harrassing lawsuits against tech companies, I had a tendency to think that he was a burden on legitimate business activities, leaching off of the system... But now I have been challenged to reassess my view of him now that, as TechDirt reports, he is suing telecom monopolies for having broken the law to get their mergers approved by the government. TechDirt writes:

In case you didn't already have enough information on how the telcos have lied and cheated their way to power, taking public funds and assets, and breaking the promises made to get that loot, here's another one for you. Larry Lessig points out that Gary Reback (the famed lawyer who spent a good part of the 1990s trying to get Microsoft taken down for antitrust violations) is focusing on a new case: showing how the telcos and the government broke the law in approving some of the recent big telco mergers (the same mergers that helped those telcos get rid of competition, now allowing them to do things like get rid of network neutrality).

TechDirt offers some additional details on the case over on their post (read up on the Tunney act) but now the big question for me to ponder is, now do I have to like Reback?

In Case You Weren't Clear On How The Telcos Screwed Everyone

TechDirt provides a link to Bruce Kushnick's book, "$200 Billion Broadband Scandal" pointing out that you can download it for free this week. TechDirt writes about the book that it lays "..out all the details for how the telcos were granted all sorts of subsidies and benefits in exchange for promising to delivering high speed fiber to our homes -- something they've still never done. Kushnick has been talking about this travesty of a situation for many years, and the book lays it all out in tremendous detail."

Book download link -- here

TechDirt's article -- here

Security and Complacency

Nobody likes to talk about a security breach. At some level its just embarrassing. At another level it feels like you are saying to your partners, customers, readers - hey we are sloppy, we live in a pigpen, we don't take care of ourselves... But if no one talks about the security breaches that they suffer from, then the next person down the line won't learn from the mistakes and improve their own procedures... and then they will have to learn the hard way.

On Wednesday of last week we were attacked by a criminal gang that seeks to use legitimate websites as proxy servers for "phishing." In this case it was a PayPal phishing site that we were encumbered with. I came away from this experience with two lessons about how complacent we have become about security -- the big "we" meaning all of us...

THIS EXPLOIT WAS OUR FAULT
First of all, the exploit was our own fault. We were having an HTML problem that we couldn't solve ourselves. We have been using an outside design firm. That firm uses overseas talent. We provided a username and password to our server to that outside design firm and then they, in turn, sent it to the offshore developer. Within an hour of providing that legitimate login to our server, we had been attacked.

A number of mistakes were made here.

First of all, we should never have provided a logon to our own server. We could have set up some separate sandbox that would have provided a demonstration of our problem. But we were lazy. Don't be lazy.

Secondly, our outside design firm sent the username and password IN THE CLEAR. The Internet is a dangerous place. Don't EVER send usernames and passwords in the clear.

Thirdly, we don't know this third party offshore developer, so we don't know whether that individual has a motivation to provide our information to a criminal element.

Even without having provided the keys to the kingdom to an outsider, we could have been vulnerable to this kind of attack if we had not been careful about the username / password combinations that we put on our machines. Here is something that I hadn't thought about until after we were compromised -- while most people do a good job of protecting their systems from external attacks, it is VERY hard to protect from attacks when the outsider has a legitimate user account on your system.

PRIVILEGE ESCALATION
These kinds of attacks are called "privilege escalation" attacks. A legitimate user account is used to run a variety of programs on a compromised system which allow that user to gain root permission on the system. Once the user has root access, he can do anything he wants with your computer.

In our case we were used as a PayPal phishing server. Emails are sent out to unsuspecting users telling them that they need to log on to their PayPal account. When a user does log on, their user ID and password are then emailed to the attackers.

THE LARGER COMPLACENCY PROBLEM
And this brings up the second area of complacency that we (the big we) need to address. We have sent numerous emails to EBay letting them know that we have shut down this rogue server and letting them know that we have log files showing the IP addresses for the 29 people that were foolish enough to fall for this phishing scheme via our servers. Admittedly a lot of cooperation between EBay and various ISPs would have to occur to track down these 29 people -- but why aren't we doing it? EBay isn't responding to us and most people I've spoken with say that they won't -- that this happens so many times a day that EBay can't follow up with them all. This is ridiculous.

Spam blocking company Blue Security recently shutdown with CEO Reshef saying that "...large ISPs and governments need to recognize that spammers are connected to criminal syndicates and that they, not a small startup, are the only ones who can shut down these networks."

These criminal syndicates are the same ones that are setting up phishing scams. This is the new underworld and it is only going to get worse. Especially when companies like EBay do nothing to mount effective defense. If the phishers were deprived of gaining value from their theft of user IDs and passwords, would they continue to use that method of attack? If the FBI (and other police organizations) had effective programs in place to track these people down, would it be the scourge that it is today? I'd like to think we as a society could become bolder and smarter in our defense against these criminals.

Of course the first defense begins in addressing our own complacency. I've changed all of my passwords over the weekend. Maybe this post will cause you to ask the question of your own company, and help make the whole Internet more secure as a result.

Internet Freedom -- NOT Network Neutrality

Following up on my previous post, "Network Neutrality is the Wrong Frame", I have written a column for VoIP Magazine Online entitled "Internet Freedom -- Not Network Neutrality"(registration required).

The core of the article is this -- the technology industry has mis-cast the entire debate about what is happening with telecommunications regulation. Mis-cast both because the focus on networks and neutrality is too esoteric for the average congressperson (much less the average American) and also because it is too easy for telecommunications companies to focus people on the wrong issue -- on packet prioritization as opposed to fair and equal access.

I propose that we shift the debate and shift it NOW -- this argument is really about INTERNET FREEDOM. Its about, in the words of David Isenberg:

"...an Internet where it would be legal for a monopolistic gatekeeper to stand between us and our medical information, us and our financial transactions, us and our travel plans, us and the information we try to find, us and the news we choose to read and watch, us and our leisure time activities, us and our intimate correspondence with our friends, us and our creativity, us and our political expression."

Jeff Pulver are you listening?? It is time to stop talking about neutrality and start talking about freedom. The debate should be about whether we want to continue the spirit of common carrier regulation of the monopoly telecom companies or whether we want to create a new OPEC, controlling something every bit as important to the competitiveness of American business and the quality of American lives.

More ranting over at VoIP Magazine...

Shame on you, Washington Post

In an editorial today in one of this country's greatest newspapers, The Washington Post, the editors repeated the false statement that healthy competition exists in the market for consumer broadband services. In the editorial, entitled "The Internet's Future: Congress should stay out of cyberspace" the editors write:

The advocates of neutrality suggest, absurdly, that a non-neutral Internet would resemble cable TV: a medium through which only corporate content is delivered. This analogy misses the fact that the market for Internet connections, unlike that for cable television, is competitive: More than 60 percent of Zip codes in the United States are served by four or more broadband providers that compete to give consumers what they want -- fast access to the full range of Web sites, including those of their kids' soccer league, their cousins' photos, MoveOn.org and the Christian Coalition. If one broadband provider slowed access to fringe bloggers, the blogosphere would rise up in protest -- and the provider would lose customers.

But this is entirely incorrect and misleading. There are just two pipes into the majority of consumer's homes -- a telephone wire and a cable TV wire. Every broadband provider in the country must connect to the consumer over one of those two wires. The only third party access deals that exist were created as partnerships with telephone companies back when there was an FCC enforcing access regulations. Those regulations are gone. Phone companies now have no obligation to allow other providers to offer service to consumers and as those agreements end, they will not be renewed. So there are at best TWO providers.

However, the situation is getting worse as we begin to look at "broadband" as 14 mbps or 40 mbps instead of 1.5 (or less) -- as we "need" and "want" real broadband speeds, fiber to the home will be the only wire capable of providing this speed. Then we will be reduced to a single option, the phone company.

Write to the Washington Post and let them know what you think: letters@washpost.com

Astroturf Commenting

IP Democracy has confirmed my suspicions -- in this article, "Net Neutrality Astroturf Commenting Harms.. The Telcos" IP Democracy notes that they have been seeing the same behavior that we have here at IP Inferno --

a coordinated group of possibly paid blog commenters who roam the web looking for blog items on net neutrality. (See here and here.) These commenters almost always write in generalities and their comments are always negative of net neutrality regulations.

Here is someone else noticing the same behavior -- "Anti-network neutrality astroturfing comment spam" So OK guys. The jig is up. Stop the spam.

This is a great case study for why the net needs less anonymity.