regulation

Cyber Vulnerability and the Coming I-Patriot Act

Jerry Sheehan — Sun, 10 Aug 2008 21:45:21 -0700

Description

With almost 1.5 billion people on-line in 2008[1] and an estimated $33.8 billion in e-commerce in the United States[2] it should come as no surprise that the Internet has become a target for theft (criminals), disruption (hackers), and attack (nation states/cyber war).

The very technologies which create the power of the Internet also allow vulnerabilities to quickly become known and exploited by nefarious elements. The most recent DNS vulnerability is a great example of this phenomena. As John Markoff of the New York Times noted on August 8th

"The general risk of such a flaw had been known for some years within the insular Internet technical community. But in the last month security engineers have repeatedly stated that it is only a matter of time before financial organizations and others are attacked by computer criminals seeking to exploit the now-public flaw. One expert says this is happening now.

“We have already been seeing attacks in the wild for the past two weeks,” said Bill
Woodcock, research director of the Packet Clearing House, a nonprofit technical organization. Some of the initial attacks focused on distributing malicious software, he said, and more recently there has been evidence of so-called phishing attacks aimed at stealing personal information."[3]
Within the last five years there have been increasing warnings about a "cyber pearl harbor". The US government has increased its focus on this issue within the last year with the creation of the Air Force Cyber Command and the January 8th National Security Directive by President Bush redirecting billions of dollars to protect America's cyber-infrastructure.[4]

What would the likely reaction be to a cyber-attack on America be? Well known Internet author and Stanford Law Professor Larry Lessing revealed at a futures conference that there already exists proposed legal regulations equivalent to the Patriot Act that would be put into place. Lessing "claims that he spoke to the former government Counter Terrorism Czar Richard Clarke and he found out that the Justice Department was waiting for a cyber terrorism event that would be the catalyst for implemented the "cyber equivalent " of the Patriot Act, to which Lessig nicknamed the i-Patriot Act."[5]

Computer & Information Science

Source

[1]Internet Population Size, http://www.internetworldstats.com/stats.htm
[2]"Quarterly Retail E-Commerce Sales, 1st Quarter 2008", US Census Department, http://www.census.gov/mrts/www/data/html/08Q1.html
[3]"DNS Vulnerability", John Markoff, August 8, 2008, New York Times, http://www.nytimes.com/2008/08/09/technology/09flaw.html?ref=technology
[4]"Seven Questions: Richard Clarke on the Next Cyber Pearl Harbor", April 2008, Foreign Policy Web Exclusive, http://www.foreignpolicy.com/story/cms.php?story_id=4241
[5] "Internet Censorship: The i-Patriot Act Waiting to be Implemented", Digital Journal, http://www.digitaljournal.com/article/258311

Regulation Vs Innovation and the Internet's Future

Jerry Sheehan — Wed, 30 Jul 2008 19:17:05 -0700

Description

The Internet revolution relies on a foundation of an enabling infrastructure allowing a radically decentralized group of developers to create their own applications. Over time, even the meager technical barriers to participation and importantly development have decreased to the point of being merely a nuisance.

This freedom has led to the creation of unanticipated new applications, unforeseen billion dollar markets, and new devices for personal communication that never showed up on a technology road map. However, at the same time many uses have created obstacles (impact of ﬁle sharing on copyrighted materials, anonymous posting online, slanderous speech in Web pages, etc). When a civil society is confronted by problems it traditionally turns to the legal system to create new regulations or laws to alter behavior. To date, this has not been the case for the Internet which has instead attempted to address problems through innovation as opposed to regulation.

The issue currently focusing the debate on regulation vs innovation has to do with the consideration of punishment (legal sanction) against Comcast for limiting the bandwidth available to a peer to peer network application called BitTorrent. Comcast has argued that this was necessary to manage their network while others have argued that their behavior was motivated by competitive reasons. As the issue was brought to the regulatory light of the FCC the two companies reached a private compromise. The compromise means that Comcast will not target the BitTorrent application as they have done in the past and that BitTorrent will work with ISPs, and the Internet Engineering Task Force, to develop ways to optimize ﬁle swapping on their networks. [1]

On the face of it this should be the end of the story, the Internet was again able to come up with a compromise solution that will spur new technology development improving the global commons through engineering. Unfortunately although both companies have indicated to the FCC that no regulatory action is required once motivated government becomes difficult to stop. The FCC decision on this issue
later this week will set not only important precedent regarding P2P ﬁle sharing but also impacts the "tradition" of conﬂict resolution on the Internet.

Robert McDowell, current FCC Commissioner, perhaps explains it best in his recent op-ed piece in the Washington Post:

"If we choose regulation over collaboration, we will be setting a precedent by thrusting politicians and bureaucrats into engineering decisions. Another concern is that as an institution, the FCC is incapable of deciding any issue in the nanoseconds that make up Internet time. And asking government to make these
decisions could mean that every few years the ground rules would change based on election results. The Internet might grind to a halt in such a climate. It would certainly die of clogged arteries if network owners had to seek government permission before serving their customers by managing surges of information ﬂow."

Computer & Information Science

Source

[1] Comcast and BitTorrent Agree to "Collaborate", CNET News, March 23, 2008,
see http://news.cnet.com/8301-10784_3-9904494-7.html
[2] "Who Should Solve This Internet Crisis?", Washington Post, July 28, 2008, pA17
and online at http://www.washingtonpost.com/wp-dyn/content/article/2008/07/27/
AR2008072701172.html

The future of regulating science [DRAFT]

Alex Soojung-Kim Pang — Thu, 19 Jun 2008 13:17:42 -0700

Description

[work in progress]

Signals

Nature Magazine weighs in on issues surrounding industry/academic collaboration in the life sciences

Legal battles over personal genetic testing begin

Research misconduct may be far more prevalent than suspected

Legal battles over personal genetic testing begin

Alex Soojung-Kim Pang — Thu, 19 Jun 2008 13:06:35 -0700

Description

The state of California is starting to attack genetic testing companies like 23andMe. In Wired, Alexis Madrigal reports that

The state's laboratory field services group issued 13 cease-and-desist letters to genetic testing companies. Wired.com obtained a copy of the letters (pdf.) from two recipients. And the tough talk in a recent teleconference among regulatory officials confirms the seriousness of the department's intent.

"We [are] no longer tolerating direct-to-consumer genetic testing in California," Karen Nickles, Chief of Laboratory Field Services at the health department, told members of the Clinical Laboratories Advisory Committee on June 13.

Targeted companies include personal genomics startups 23andMe and Navigenics. These services are seen as the leading edge of a new type of health care in which consumers can use their genetic profile to tailor their medical and lifestyle choices. The established medical community, however, is wary of the technology arguing that the medical utility of some tests is unproven. Doctors also complain that direct-to-consumer services bypass them as the gatekeepers and analysts of medical information, which they worry could confuse consumers, not to mention cost them a billing event.

The health department's actions are a direct challenge to the viability of the infant DNA-testing industry, for which physician involvement is shaping up to be a major battleground. As far back as a September 2006 meeting, health department officials were voicing concerns over "nutrigenetic tests that analyze a limited number of genes to give personalized nutritional and lifestyle recommendations."

According to the Mercury News,

The agency said it began investigating gene-testing companies after receiving complaints from consumers "about the accuracy and cost of genetic testing advertised on the Internet." The agency declined to name the businesses, saying it would identify them after they confirm receipt of the letters. It said some were in California.

Forbes adds,

some gene testing Web sites take orders directly from patients without a doctor's involvement. (Navigenics says it uses a doctor.) California law requires that a licensed physician order any lab tests, including genetic tests, says Karen Nickel, chief of laboratory field services for the California Department of Public Health. All lab tests must also be validated for accuracy and medical utility, according to state requirements, Nickel says.

"These businesses are apparently operating without a clinical laboratory license in California. The genetic tests have not been validated for clinical utility and accuracy," says Nickel. "And they are scaring a lot of people to death."

Requiring that such tests demonstrate clinical "utility" could pose a particular problem if applied to 23andMe: The company has admitted its tests are not medically useful, as they represent preliminary findings, and so are merely for educational purposes.

California's move follows a crackdown on online gene testing firms by the state of New York, which sent warning letters to a number of firms, including 23andMe and Navigenics. California said its investigation followed a number of consumer complaints. "The consumers were unhappy about the accuracy [of the tests] and thought they cost too much," a spokeswoman for the department said.

Amateur, DIY, and citizen science

Source

http://www.wired.com/medtech/genetics/news/2008/06/ca_dna
http://www.forbes.com/business/2008/06/14/stop-gene-testing-biz-healthcare-cz_rl_0614genetest.html
http://www.mercurynews.com/ci_9585645?IADID=Search-www.mercurynews.com-www.mercurynews.com
http://www.dynamist.com/weblog/archives/002813.html
http://pimm.wordpress.com/2008/06/18/future-stop-california-health-officials-against-personal-genetics-risk-takers/