last week, Josh had the chance to talk with Grant Gross, editor at IDG News for secure sessions. Gross, whose contributions appear regularly in publications such as PCWorld and IOC, followed closely Trending news in cyber security and net neutrality. Throughout their discussion, Grant and Josh analyzed the proposal of the Federal Commission for the United States communications to protect user privacy on ISP monitoring, how the net neutrality is affected by Internet service providers, Panama documents, and much more! Listen to the podcast now or read the full transcript below.
Transcript
JOSH : Welcome to secured podcast sponsored by IPVanish sessions. This is Josh Gagliardi, CTO at IPVanish.
Today our guest is Grant Gross, chief editor at IDG News, to talk about the proposal from the FCC to reign in the ISP monitoring. How are you today, Grant
GRANT :? I'm good, how are you
JOSH : Okay. You have written about a number of topics related to the security interest, and seem to be pretty well composed in exactly how it is that our rights online are oriented. An interesting dynamic for us was to see how Internet service providers as an industry are really kind to do battle with consumers on several fronts
GRANT :. It is an interesting debate at the moment, yes
JOSH . We saw over a bill coming on security sterilization, we also have the GOP is going after the FCC's capabilities simultaneously with an FCC rule making exercise. From having covered the FCC action in the past, how do you see this debate and this discussion of trends over time
GRANT :? There are many facets to the debate on security and confidentiality. The FCC is moving in time to limit the data that ISPs collect from customers and limit how they can use it and well, which is a regulatory procedure happening now. And I imagine the FCC will pass this rule on some ISPs and other objections, and then there's all the encryption and debate, it is difficult so to predict whether this will go. I do not see the encryption front many laws being passed that. This appears to be stuck at some point, I think
JOSH :. And of course, we are at an interesting time in our political process where all jammed except for the burning issues for some time
GRANT :. law, that the elections are coming. And get the law passed by Congress in the coming months will be quite difficult
JOSH : .. Unless it is to protect babies and rainbows
GRANT :. exactly
JOSH :. But not rainbows, rainbows are now controversial
GRANT : Oh, I do not know
JOSH . we also see that service providers, we provide privacy and security of our users. And one of the things users regularly report to us is that they will see throttled access to certain Web services. And then, when they engage VPN suddenly their speed is faster
Which, given that there cryptography involved, this is not an obvious conclusion, right
GRANT:.? Right.
JOSH: And strongly implies that there are a number of, say, non-neutral net routing policies in place. So we think that quite the position of the FCC and they settle in the end it; if there is a sort of application could actually help our users. But I think we learned that it takes a lot for American consumers to subvert the US industry
GRANT :. The last time I arrived, which was just a few weeks, there were something like 8,500 net-neutrality complaints to the FCC. And this policy, this rule is aged only about a year and so we'll see where the FCC goes with some of this stuff. It will be interesting to see if some of these consumer complaints so to capture the attention of the FCC, and what happens with them
JOSH . So as a journalist in space technology, what happens is that we do not see in terms of positioning of these questions, there interesting conversations about the scenes, for example, with the Apple iPhone, or FCC, or the Panama Papers and leaks? Are there conversations about meta, well not turn out that way, no, hold on we must change our statement? (5:44)
GRANT : Some that I do not, I guess. I think there are many conversations behind the scenes that I do not see as well, but I mean, there's always a lot of positioning in progress and people trying to turn their views with journalists and try perfecting that for the general public.
and I think the encryption debate, there is undoubtedly a lot of things behind the scenes related to potential compromise and things like that. I'm not sure they'll come up with something in these conversations, but I think those conversations are ongoing on how to sort of keep the encryption in place and still give law enforcement some access to communications encrypted suspects. I think there are always ongoing conversations, but I'm not sure that everyone has found a suitable compromise it
JOSH . It seems that this is an area where the rules are always changing. And part of the reason for this podcast is that we think it is interesting that, as a society, we try to understand what the rules should be. I think when you look at the flight Panama Papers, I think anyone who has a job in the industry simultaneously, two reactions, which is, "It's great that all these fresh data came out," and, " Oh God, I hope mine does "
GRANT :. Panama documents is interesting. I do not know if there will be a new proposed legislation because of it, especially because in many cases those who are unsympathetic victims in one direction. They are rich people supposed to try to hide so they are not imposed their money, and in this case, which is probably not a good test for a new regulation or legislation. But yes, I think that scares the heck out of a lot of people on how they could be next and their personal data held in their company could be exposed in some way. (8:24)
JOSH : I think with Panama Papers that the angle on the special heads of state or people in positions of power, you are not while dodging taxes, but in fact essentially building financial deposit boxes for corruption. This is the angle that I used to explain to my children when they ask what the title was. That's fine, this is a dropbox for people to obtain illegal gains so they can pick up retired
GRANT . And in some countries, there may be, some of the heads of state may try to push for new penalties and things like that. But this will not be a popular position, I think. We'll see how we play on
JOSH :. Much of what we see the role of VPN such as getting unlimited Internet access, so in a way the Western view of the Internet.
As far as we know, other than the occasional memory hole kind of thing, we have access to the Internet largely unrestricted. This is very much not the case in Turkey. We have seen a number of cases where, at that point, as soon as the misdeeds get on the Internet, the reflex is to close the Internet
GRANT .: Right, to the right. So I think for the Panama question Papers as I said, this can not be a good test for a new regulation, but I certainly see your point that many places in the world, not only Turkey, Russia, and other places as well, that there are limits to what the Internet access, you
JOSH :. Yes, we could have hoped against hope that maybe the rules of ethics in various executive agencies and Congress would be increased in the light of demand; for example, electronic disclosure and something like that.
For my part, I am not holding my breath giving self- little what happens today.
And then the other FCC angle you mentioned this idea that we should potentially restrict what Internet service providers may collect.
With a background in ISP operations as customers before launching the VPN server, we always thought that to your ISP or heavy collect data about your habits is basically a kind of violation contract, because if I get free Internet and they measured all, although it's just the same compact of society I have with Facebook, where I know they are storing and indexing and all because they give me something for free. But when I pay my ISP, and frankly, unpleasant amount of money in the United States since the broadband speed available elsewhere in the world where there is competition, it seems a bit violation for them to be collection really anything all
GRANT . I think that the argument for some kind FCC to proceed in the way they are conducted. I think the FCC sees ISPs as having a sort of single window for each type of subscriber Internet habits and where they go and what they do and questionable sites they run and everything like that. Where Google and Facebook and things like that have similar capabilities but like you said they are giving you a free service monitoring type of exchange for your information.
Thus, ISPs argue, why we regulate when you 're leaving Google and Facebook and these unregulated ad networks? So I think there's some legitimacy to this argument, but again, the ISP may have a more complete picture than some of these other places have. (12:40)
JOSH: This is precisely the reason why our customers are trying to encrypt anything that crosses their ISP. We thought about maybe a modest proposal that all those who want to vote for a bill destruction of privacy was required to publish ten years of their own browser history
GRANT :. This would give them break
JOSH: .. Yeah, we could call the ... .instead restore Glass-Steagall, we need a glass house rule
GRANT : I think the ISPs also argue that more and more people are using encryption and VPNs and other tools. Thus, the development of regulations FCC may not be needed now.
Encryption and VPNs get much, much easier to use, but there are still many people out there who do not use or do not think to use them, and that kind of momentum for FCC new rule making
JOSH . I think we'll see FTC and FCC to be on a bit of a collision course because so much of the information industry is in theory ... well, it is not regulated by the FTC, there a self-regulatory agreement to avoid regulation
GRANT :. Yeah, and the FTC is part of that kind of thing things after the fact. They see things happen and then they take action after it happened. So it's not really regulations; I get is an application more than regulation law
JOSH : Exactly. Now you covered the case before Microsoft Ireland where we see that, since Neuroromancer predicted, the ascendancy of the companies so they can work as equals with or against governments.
Do you think it'll be a trend we will see, we are ... how are these multinationals conduct rules
GRANT : Well, it is an interesting case, because on one side you have a large company like Microsoft saying that we have this data on an overseas server and it does not mean that the uS government should be able to send a mandate to Ireland for this information.
and secondly, companies can be sure of skirting certain requirements mandated by making information, they can move around on the server information to the server. So it is an interesting kind of dichotomy between the rights of a corporation so to use their data as they wish and certain needs of law enforcement. (15:45)
JOSH There are certainly huge cultural differences in the interaction between government forces and law, while in the United States we have. It is quite common for there to be formal approaches as a service provider for an application to expose an IP and it comes in a formal request.
My understanding is that if you use a similar service in the UK for example, a nice man will just stop or they send you a letter saying, "We would like to have this information," without quote from a reason why they should be entitled to it, they will just ask
GRANT . right so I do not think the United States wants Russia or. China or any other country in the service of good to choose either the customer information out of the servers in the United States. so they do not want the reverse of what they argue in the case of Microsoft, so it is a bit of a difficult argument on both sides
JOSH :. Russia is a case abroad. If you make operations in Russia, they simply ask you to give to a switch port federal security services. They are literally connected to all your routers and have your passwords as a condition of your operating there. It is a bit strange transparent, it's like you get a warrant to everything all the time
GRANT :. Right, but what if the US wants Microsoft to Ireland, if other countries see that, for example, would mean Russia could potentially serve a warrant on a server Florida and say we want customer data on this server in Florida and we expect to comply with it. So I'm not sure that companies and the US government want that to happen either. (5:47 p.m.)
JOSH : As a US company, we are absolutely certain that we do not want that to happen. This is one of the rare cases where the bad governments give way to cover yourself. There was a motion by the International Union Telecom to establish that the regulators of the Internet in the last few years. And given the way President Obama has included international trade agreements that have been very corporate-friendly, I think it would have been possible for us heading in this direction, until three or four bad actor embraced governments regulatory and said yes, and we need to put a lot of listening at the same time. This gave immediate coverage of the United States to withdraw from the conference and say,
GRANT "We do nothing of all this." Yes, many uS troops also all kind of said what we're trying to do here, it makes no sense. Thus, the support of countries such as Russia and China seemed to kind of put that over-the-top
JOSH :. The last question I'm always interested in talking to information professionals is, how cryptography play a role in modern communications between and among journalists, information sources, and things like that
GRANT :? It's a good question. I use a kind of mail and things like that secure. I'm probably not as much of encryption that I probably should, I used some Tor, things like that.
I do not have many sources recently told me information leakage, as the substance Edward Snowden, then in that case, if someone was going to be a government informant then I would suggest to use safer services than what I do on a regular basis, but I know that many of my colleagues use VPN and things like that. I use a kind of basic secure services, but I have not done as much as some people
JOSH :. Well, I think in both Panama and Papers in the Snowden case, I think I saw him treat stories to the effect that, when obtaining suspicion of a large leak, the first thing that the journalists had to do was run to the aid in terms of setting up secure communications.
GRANT right. My past experience was with Tor and other things, it slows you down a bit, browser, and things like that. And it happens to be in some cases more hassle, no more pain in the ass, then when you're just trying to get to a website and things like that.
JOSH : This is actually a ton of what we as a security software provider, which is a ton of where our effort is, is sand edges rough around, establishing secure communications, and infrastructure we make in trying to ensure secure communications always run as fast as possible, precisely for this reason. (21:27)
GRANT : That makes sense, because I think we have a number of people adopting encryption and VPN and other security systems, and then you have people who do not know about them, or are interested but do not know how to do, or think they will be a pain in the ass, so I think more they are to use, the more they will obviously used
JOSH :. We'll keep working on it and if there is ever anything we can do to help you in terms of secure communications, it's really our mission, then please reach out
well, thank you very much for talking with us today Grant
GRANT: ..! You bet
JOSH : My guest was Grant Gross, editor for IDG. We discussed privacy and security and the world and how it is evolving. So, thank you for spending some time with us, and we will be in touch.
0 Komentar