OneWebDay
September 22, 2006! There are other logo colors too, for all the different moods of OneWebDay. Try orange:
Viola
So I brought the viola to Vancouver. It's nice to have it here, and it gives me something to do that is fully analog. Wave forms.
Although I have to say that it came to me tonight that I have been assiduously playing the same Bach partita, off and on, for the last 25 years. I used to play it on the violin, now I play it on the viola, and I'm still not completely happy with how it sounds.
Give me another 25 years and I'll get it right.
Meetings
The ICANN meetings are long. This one runs Sunday to Sunday, with sub-meetings booked back to back. It's as if all possible ICANN interactions take place face to face during these thrice-annual meetings. I'm wondering whether there's a way to lighten the load of these meetings for everyone concerned. It's expensive to attend (obviously) and time-consuming.
Is there a way to use the key goal of transparency to inform this — to have more happen online, in a visual way? Docket sheets, ways to track what's going on visually (think small policy-wagons going horizontally across a time line, with moments when comments are coming in demarcated with vertical lines and flags)? There should be a better way to get things done than to have all interactions be face to face. There's always a need to have part of communications as close to full-bandwidth (in person) as possible. But if that's making it difficult for people to participate, why focus so much energy on in-person only, to the exclusion of other lower-bandwidth ways to communicate?
Speaking of meetings, there are lots of meetings tomorrow, Tuesday, that potentially conflict. So I want to underline a couple that I'll do my level best to attend. I may not be able to stay for the entire time, but I'll be there at some point.
1. From 12:30 to 2:30pm tomorrow, in the Grand Ballroom A-C, there's a meeting about the VeriSign settlement.
2. From 2:30pm to 6:30pm tomorrow, in the Stanley Park Ballroom 3, there's a meeting about whois questions.
More later.
Vancouver
I'll be in Vancouver at the ICANN meetings from now until next Sunday afternoon. I took a walk this afternoon that looped around this:
I've recently been reading these (q&a about the VeriSign settlement agreement) and these (the proposed new VeriSign agreements) and this (the current MoU) and this (the original NSI Amendment 11) and this (the current IANA agreement) and this (which describes ICANN's view of the IANA services) and many many other related documents. I'll blog this week, but I won't be able to do a play-by-play — it is shaping up to be an enormous swirl of events. I'll be walking around and finding people to talk to. I'm not an official board member until the last minutes of the meeting on Sunday.
(Thanks to Joi Ito for the Vancouver picture)
Alignment
I heard something wonderful this afternoon. It had a dramatic back-story: the singer had been ill this year, and kept canceling concerts. People wondered anxiously whether she was going to cancel this one. Was she still sick? Was she dying?
The music: settings of glowing Pablo Neruda poems by the singer's adoring husband.
The conductor: scarcely moving, beloved by the crowd, conjuring astonishing sounds from the players.
Okay, okay: The piece was Neruda Songs by Peter Lieberson, the singer was Lorraine Hunt Lieberson (who started off as a violist but has gone on to much better things), the conductor was James Levine, and the orchestra was the Boston Symphony. Everything came together for an unforgettable span of time this afternoon. Hunt Lieberson was luminous. Before the applause there was a time of silence that seemed to go on forever.
The BSO will repeat this program (totally delightful programming, too: Til Eulenspiegel and Mahler 4) on Monday the 28th at Carnegie Hall. If I could, I'd go hear it again.
The New Regulatory Capture II
Within the last ten days or so, the key vendor of CALEA compliance services (VeriSign) has taken a very stern tone [pdf] with the FCC, saying that the Commission has read CALEA far too narrowly. VeriSign wants any SIP-using service to be part of the program, and suggests that interconnection with the traditional telephone network shouldn't necessarily be the standard for compliance. Translation: any possible multimedia application (whether connected to the phone network or not) and all connections to the internet should be designed in advance so as to be easily tappable by law enforcement.
(What's a SIP-based service? It's any service using the Session Initiation Protocol, an IETF signaling protocol that can be used in connection with any multimedia or voice or gaming application. GoogleTalk will use SIP; MSN Messenger already does; a host of VoIP applications already do. It's a very broadly used peer-to-peer protocol.)
VeriSign is also arguing that the rest of the world is moving smoothly along the vendor-assisted interception path, and that “the only impediment to implementation domestically principally lies in the Commission's actions” in the CALEA proceeding. We are ready, sayeth VeriSign (describing itself as a member of the “entrepreneurial and innovative global lawful interception industry“) to provide these compliance services at minimal cost, but the Commission is getting in the way. Really, how could you, Commission?
Similarly, the DOJ has also taken a very stern tone [pdf] with the FCC, saying that the Commission has read CALEA far too narrowly. They'd like CALEA to cover any application that is capable of connecting to the traditional telephone service, whether for receiving or making calls, and they want all services (not just broadband services) to be covered, no matter what equipment they use.
What's extraordinary about all this firmness on the part of the sole listener (DOJ) and the key vendor (VeriSign) is that the FCC has reached very far indeed to do their bidding already. By virtue of a less-than-weak reading of CALEA (which doesn't apply to “information services”), the Commission has gotten up the nerve to act like Congress and proclaim that a huge range of actors have to be CALEA compliant within 18 months, without saying what compliance means. Non-compliant firms will be subject to fines of $10,000 a day. So entities have to start complying without knowing what to do, and they won't even know whether they're covered — because the FCC is sometimes flip about whether they are. Enormous, arbitrary, capricious, and aggressive confusion is in the air.
It's all pretty astonishing and pretty abusive, and the DC Circuit will have its say soon. The CDT coalition just filed a very strong request for a stay of the CALEA order with the FCC, and will file a similar request in court on December 7 if the Commission doesn't respond. The stay request points out that the FCC has effectively delegated its authority to decide how CALEA will be complied with to the DOJ. A key line:
With the looming deadline, the FBI can say in its “discussions” with industry representatives, “Define call-identifying information our way and you’ll be fine, define it a different way and we may bring a civil action against you for non-compliance in 18 months.”
But if you listen to VeriSign, we're all being silly, the world has moved on, and we should just shape up and get with the program. I feel sorry for the well-meaning professional staff at the Commission. They're under tremendous pressure.
Plesser Fellowship
Here's an announcement from CDT. This is a wonderful opportunity that has been established in honor of Ron Plesser, someone who befriended many many people over the years and was a joy to be with:
RON PLESSER PUBLIC INTEREST FELLOWSHIP IN PRIVACY LAW AND INTERNET POLICY
The law firm of DLA Piper Rudnick Gray Cary has established a public interest fellowship at the Center for Democracy and Technology (“CDT”) in honor of Ron Plesser, a senior partner at the firm who died suddenly last fall. Ron was a leader in the fields of e-commerce, freedom of information, and privacy law who began his career as a public interest lawyer. Over the course of his legal career, Ron helped frame the still-evolving legal standards for information policy in the digital era. In order to encourage new lawyers to follow in his path, the first fellowship will be awarded in 2006 to a recent law school graduate to practice in the areas of privacy law and Internet policy at CDT for two years under the direction of the organization’s senior attorneys.
CDT works to promote democratic values and constitutional liberties in the digital age. With expertise in law, technology, and policy, CDT engages in a variety of strategies to enhance free expression and privacy, including advocacy, public education and research.. CDT works on legislation, participates, participates in agency rulemakings, engages in litigation, and fosters consensus building among public interest and private sector stakeholders. www.cdt.org
Ron Plesser worked closely with CDT from its founding a decade ago. The fellowship will honor his memory by identifying and nurturing the careers of young lawyers interested in learning the consensus building approach to policymaking that Ron’s career exemplified. The Plesser fellow will work on projects offering an opportunity to exercise leadership, and will broadly participate in the organization’s legal and public policy activities, in order to provide the fellow with a strong foundation upon which to pursue a public interest legal career in the privacy and Internet policy field. www.ronplesserfellowship.org
How to Apply: Third year law students and recent law graduates with exemplary academic records, an interest in privacy, information policy, civil liberties and technology policy, and a demonstrated commitment to public interest law are encouraged to submit applications to dani at cdt.org by January 31, 2005. Individuals completing other fellowships are welcome to apply. Applicants should include a cover letter explaining their interest in the field of privacy and Internet policy and two writing samples. Two letters of recommendation will be required of leading candidates, but may optionally be submitted with the application. CDT is an equal opportunity employer, and women and minorities are particularly encouraged to apply.
Important Deadlines:
January 31, 2005- All applications must be submitted
February – March- Semifinalists selected and interviewed
Late March- Plesser Fellowship Committee reviews one or more finalists, selects Fellow and extends offer
June- September 2006- Fellow commences work at CDT, on a date to be agreed between CDT and the Fellow
Fellowship Candidate Evaluation Criteria:
• The candidate’s demonstrated or stated commitment to public interest generally and specifically to the area of privacy and civil liberties;
• The candidate’s academic record, professional/ volunteer activities, subject matter expertise indicating that s/he possesses the relevant skills, initiative to make the Fellowship a success;
• The candidate’s legal writing and research skills;
• The candidates commitment and ability to fulfill the two-year term required by the program; careers of public interest careers;
Terms of Fellowship:
The Plesser Fellowship requires a two-year commitment from the Fellow. The fellowship will pay a salary of $50,000 plus health care and other benefits.
CALEA creep
Sometimes the Commission can be a little flip, a little offhand. This happened in the CALEA order [pdf] that was released in late September. After saying that educational networks like those operated by universities and research libraries (including Internet2) probably wouldn't be subject to CALEA, the Commission stated:
To the extent, however, that these private networks are interconnected with a public network, either the PSTN or the Internet, providers of the facilities that support the connection of the private network to a public network are subject to CALEA [because they are substantial replacements for local telephone service].
There's a lot in the text of this footnote snippet. (It's note 100, for those of you who like footnotes.)
First of all, defining the PSTN and the internet as [roughly equivalent] ”public networks” is a big rhetorical step. It seems as if the internet is being reframed as another flavor of telephone network. Rhetoric matters. That's why they called it the “broadcast flag” — who could possibly be against a patriotic flag waving in a friendly way to protect beloved broadcast programs? As it turned out, of course, the broadcast flag was a massive cost-shifting and innovation-squelching effort of which the flag (the marking scheme) was the smallest and most inoffensive part. Names set the initial terms of debate, and there is reason to worry about setting up the traditional telephone network and the internet as peers — both “public networks” that need to be protected and regulated like public libraries and public highways.
Beyond the naming scheme, it's quite a step to say that any private network (say, any enterprise VPN) that is capable of connecting to the internet must be CALEA-compliant — if that's what the footnote is saying. If it's not saying that, what is it saying? What entities “support the connection of [a] private network to a public network”? Arguably all actors involved in making it possible for one network to connect to another — all device manufacturers, all access providers, anyone who leases a line that connects to an ISP, all technicians.
An enormous consortium of associations calling itself the Higher Education Coalition recently filed comments in the CALEA proceeding. The Higher Education Coalition points out that private networks are exempted from CALEA, and that CALEA's coverage is specifically limited to common carriers.
But beyond the legal-beagle analysis, the Coalition's points on burden are very strong: since 2004, only one higher education institution has received a wiretap request, and it was complied with very swiftly — within 24 hours. So what's the problem? Why would law enforcement need this subset of private networks to change all of their systems in advance so as to make them easily tappable? And here's what the vendors say (remember the new form of regulatory capture): “if the Commission or DOJ adopted an expansive reading of the [CALEA] Order, higher education and research institutions would have to replace much–if not all–of their network equipment.” Even doing this with software would be “costly,” according to these vendors.
This could cost billions of dollars — just for the universities.
Now, the most important point of all is that the FCC hasn't yet said what anyone subject to its expansive reading of CALEA will have to do. All it has done is announce who may be covered by CALEA, and that these entities (any business with a private network that is capable of connecting to the internet? any free VoIP application that can interconnect?) will have just 18 months to comply. The clock is already running on an entirely uncertain, and hugely expensive, mandate.
Post-WSIS
Washington Internet Daily puts it well:
Especially in the Internet governance debate [at WSIS], conflicting parties presented very different interpretations of what the cut deal including an Internet Governance Forum [meant]. . . .
The still-deep rift over the governance issue was exemplified by the contrast between visions on the future of the Internet. John Marburger, dir., White House Office of Science & Technology Policy, said the result was “to do no harm to a system that works so well.” ITU Secy. Gen. Yoshio Utsumi, however, at the concluding press conference, spoke about a regionalization of the Internet, saying “the Internet in 5 years will be a very different network.”
It sounds, from a great distance, as if the ITU is continuing to make a play to have some kind of “oversight” over ICANN. And it's likely that the Governmental Advisory Committee wants to have more say as well.
The ITU's continued work on next generation networks (NGNs) seems to fit here. They're drawing up specifications and pleading with industry to work with them — they already have Cisco as a sponsor — in an effort to show that they can work quickly. It's hard to tell (as usual) exactly what is going on. Certainly there's a big push on ITU's part for IPTV standards.
ITU may want to position itself as the source of standards for the internet as a whole. Because what ICANN does (or should do) is approve global consensus-based standards for naming and addressing, the tensions will continue for the forseeable future.
Here's a quote from a recent ITU NGN telco meeting, also from tomorrow's Washington Internet Daily:
Speakers were asked how to make NGN easy for consumers to use. One thing NGN might accomplish is creation of a self-sustaining network service that gives users a safer, simpler and more secure experience, [a UK trade group chair] said. With NGN and broadband access, he said, stable devices can be developed that “half-wits” can use.
That's one vision of the online future: the online world will be designed in advance for half-wits.
Universal Service news
Reps. Boucher and Terry have introduced a bill [pdf] that would support universal service (roughly, telephone service in rural areas) by imposing a tax on any entity providing voice communications over any platform.
So the bill defines “communications service providers” to include any entity that “uses telephone numbers or Internet protocol addresses, or their functional equivalents or successors, to offer a service or a capability (i) that provides or enables real-time voice communications; and (ii) in which the voice component is the primary function.”
This must mean that any provider of free voice services is covered too, whether or not they connect to the traditional telephone network. This must cover Skype. The idea is that the FCC is supposed to begin a rulemaking that would lead to charging “communications service providers” for universal service.
Section 4 (starting on p. 17 of the draft) says that another rulemaking is supposed to establish mandatory rules for tracking all services – presumably so that USF can be assessed. This section is truly startling. It appears, among other things, to outlaw encrypted online traffic. Take a look at this:
Communications service providers [this includes any application that uses IP addresses to provide real-time voice communications] shall ensure that all traffic that originates on their networks contains sufficient information to allow for traffic identification by other communications service providers that transport, transit, or terminate such traffic, including information on the identity of the originating provider, the calling and called parties, and the jurisdiction in which the traffic originates. . . .
This is outrageous. This means that any voice application has to label its packets so that everyone else handling their packets can tell exactly what's going on. Who's talking. Where they are. This is unbelievable.
Such rules shall include mandatory requirements for identification of all traffic by the originating provider and shall require that such traffic identification information is transferred to transporting, transiting, and terminating providers unchanged and unaltered. The rules shall also establish procedures for carriers to contest insufficiently labeled traffic in a prompt manner and shall establish appropriate enforcement and penalty provisions for carriers that insufficiently label traffic. The processes to adjudicate insufficiently labeled traffic shall require the relevant providers to demonstrate their compliance with the Commission’s traffic labeling standards.
Don't be confused by the sloppy label “carriers” in this section. Communications service providers, again, includes anyone providing a voice service online, whether for a fee or not, and whether or not they've been a traditional telephone company.
Follow the money. The USF “social policy” is the most important of the lot, because congressional constituents care about it. This is only a bill, but it's even worse than what we've seen coming out of the Commission on E911 and CALEA. We're taking a major step to tax the internet — a huge step beyond assessing USF fees for use of telephone numbers, which was the standard policy suggestion not long ago.
If this bill passes, the FCC will be asked to make rules standardizing the identification of all online traffic. You've never seen a tech mandate like this one.
Okay, the gloves are off. The section-by-section analysis says only that the bill “[R]equires telecommunications carriers to identify all traffic which originates on their networks so carriers that terminate traffic can seek appropriate intercarrier compensation,” but this bill is about much more than that. Because the bill's definition of “communication service providers” is so broad — because it includes Skype and maybe even Xbox — the bill's twin goals are to outlaw unidentified packets and tax the internet.
Read the bill — let me know if I've misunderstood it.