Microsoft legal has a philosophy that local laws ought to apply to data — the only part that gets fuzzy under this approach is cloud data that is mirrored in multiple servers across multiple nations.
This discussion and case is highly important for the future of technology – if one country can by fiat demand that only country of origin laws apply to US companies doing business in foreign countries, what kind of reception and business can they expect? If your data is not secure when housed in US data farms, where will the data farms go? There will be lots of fallout from this case that could affect US employment. Right now businesses seek secure and stable locations that have class A networks for their data farms – if we fall behind in laws protecting data, and in network, we aren’t going to see many cloud farms built here.
The major market share players for PaaS and SaaS cloud services are Amazon, Google, and Microsoft – if the NSA continues to take an “All your base are belong to us” approach then that’s not going to continue.
Microsoft’s fight against the US position that it may search its overseas servers with a valid US warrant is getting nasty.
Microsoft, which is fighting a US warrant that it hand over e-mail to the US from its Ireland servers, wants the Obama administration to ponder a scenario where the “shoe is on the other foot.”
“Imagine this scenario. Officers of the local Stadtpolizei investigating a suspected leak to the press descend on Deutsche Bank headquarters in Frankfurt, Germany,” Microsoft said. “They serve a warrant to seize a bundle of private letters that a New York Times reporter is storing in a safe deposit box at a Deutsche Bank USA branch in Manhattan. The bank complies by ordering the New York branch manager to open the reporter’s box with a master key, rummage through it, and fax the private letters to the Stadtpolizei.”
In a Monday legal filing with the 2nd US Circuit Court of Appeals, Microsoft added that the US government would be outraged.
Some key concepts come up in this discussion of trust and corporate principles in the Post Snowden age of the internet. Pay attentions to Microsoft’s conclusions on when to redirect government subpoenas and when to deny extraterritorial requests.
“…but secret courts with secret decisions are NOT part of the American legal tradition” — Brad Smith — Microsoft’s general counsel and executive vice president of Legal and Corporate Affairs on the need for reform of the FISA court.
So I have this feeling often while taking photos — and then I try to do something different, but actually doing something different that’s not been done before is exceedingly rare because … 7 billion. Let me repeat that: Seven Billion. Now say it again like Carl Sagan would, then feel the hope and despair.
One of the key arguments in the brand X case was that broadband providers didn’t just offer transmission, but also packaged information services such as e-mail, and thus were information providers. However you then have to ask what’s the essential difference between voicemail and email other than media format?
It’s an important discussion especially at this juncture; telephony has always been held to higher standards for stability and reliability than broadband. Now that broadband is consuming wired telephone service with VOIP and media conferencing services, it’s time to ask public safety questions like: shouldn’t broadband be at least as dependable at POTS was?
e.g. If the area power goes out and you have POTS, your phone will still work due to an infrastructure that includes batteries, UPS’s, and Generators at strategic nodes to keep phone system electric current available during power outages. If your cable goes out you have no such system to keep your phone in service, indeed if you want a battery for your cable modem in most cases you have to ask. If the area power goes out, your phone dies if it’s over a broadband pipe.
Before net neutrality became a left-wing cause célèbre, it had an unlikely champion: U.S. Supreme Court Justice Antonin Scalia.
In 2005, Scalia in a dissent wrote that the Federal Communications Commission should classify broadband providers as a more heavily regulated Title II telecommunications service—a position in sync with a statement from President Barack Obama on Monday as well as with calls from groups such as Free Press and Consumers Union.
“After all is said and done, after all the regulatory cant has been translated, and the smoke of agency expertise blown away,” Scalia wrote in 2005, “it remains perfectly clear that someone who sells cable-modem service is ‘offering’ telecommunications.”
Justice Ruth Bader Ginsburg and since-retired Justice David Souter joined his dissent in National Cable & Telecommunications Association v. Brand X Internet Services.
Google’s getting ready to phase out SSL 3.0 in Chrome 39 due to it’s vulnerability to “man in the middle” attacks like those presented by Poodle.
If they are going there, then you need to move as well. While Google’s move will protect consumers using Chrome, it’s not going to help you if a hacker gets into your network using an old browser that allows downgrade to SSL 3.x or lower short keys and your apps still accept that.
If you still allow old versions of ssl (aka secure sockets layer, now superseded by TLS 1.2,) to be used in your enterprise due to outdated applications or hardware deficiencies then you need to migrate to TLS 1.2 and disallow insecure SSL 3.0 and lower connections that might still use short cryptographic keys. (SHA 256 or better is the current NIST recommendation. See table on page 67.)
You also need to be very aware that several well known web services and applications just one or two versions down sometimes come with older versions of SSL embedded in Apache Tomcat services. A good scanner such as Nessus will reveal that an insecure version of Apache (or whatever) SSL is being used with shorter keys, but it won’t tell you which app is the culprit so you are going to have to monitor the transactions to trace them back if you are not sure which one it is. This is especially true if your app vendor is not coming clean about it. Longer keys also take more server resource to crypt/decrypt so be prepared for a potential performance hit after you upgrade.
From Lucian Constantin at InfoWorld:
The decision comes after Google security researchers recently discovered a dangerous design flaw in SSL 3.0. Dubbed “POODLE,” the vulnerability allows a man-in-the-middle attacker to recover sensitive, plain text information like authentication cookies, from a HTTPS (HTTP Secure) connection encrypted with SSLv3.
Even though POODLE is the biggest security issue found in SSL 3.0 so far, it is not the protocol’s only weakness. SSL version 3 was designed in the mid-1990s and supports outdated cipher suites that are now considered insecure from a cryptographic standpoint.
HTTPS connections today typically use TLS (Transport Layer Security) versions 1.0, 1.1 or 1.2. However, many browsers and servers have retained their support for SSL 3.0 over the years — browsers to support secure connections with old servers and servers to support secure connections with old browsers.
The headline statement won’t be true until the real broadband apps are actually there because while you can predict a trend you can’t predict the future. Locking into broadband apps until real broadband is in place a while would be premature. I foresee a day when musicians will regularly collaborate in real time or near real time on the network, I see phone calls going video, but the ability and the openness comes first. You have to be open to get those true broadband apps propagated, and if you remain open you will have apps that foster “stickiness” for your network.
From Jason Meyers, Light Reading:
The report, published by Broadbandtrends LLC , surveyed 88 service providers in various parts of the world (with a heavy focus on North America) about their plans for delivering gigabit broadband. Not surprisingly, the study credits Google Fiber Inc. ‘s announced intent in 2010 to enter the market with both raising consumer consciousness about gigabit services and catalyzing other providers. Google, the report suggests, sparked a race to save face.
“When we asked what the drivers were, it was interesting that being perceived as a tech leader was number one,” says Teresa Mastrangelo, principal analyst for Broadbandtrends. “It wasn’t about the speed at all. It wasn’t about future-proofing the network. It was about saying ‘We’re the first in this market,’ and being perceived as very forward-looking.”
It also wasn’t about identifying and fostering new or enhanced applications like gaming or high-definition telepresence, for example, that could fully leverage the speed of gigabit networks, Mastrangelo says. That’s significant, especially given widespread skepticism about the need for gigabit speeds — particularly in residential environments — and industry efforts to foster creation and development of gigabit-ready apps.
This is as predictable as the sunrise, if there weren’t titles only available on DVD then the red envelopes would be even fewer.
Netflix is closing a call center devoted to its DVD subscription business in Hillsboro, Oregon, letting go of 188 remaining employees, according to a report by the Oregonian. The news is just the latest sign for Netflix shifting priorities away from its DVD business as the number of subscribers still paying for those iconic red envelopes continues to decline.Netflix used to have close to 14 million DVD subscribers in Q3 of 2011. Three years later, that number has shrunk to less than six million. The company has responded by closing a number of its DVD distribution centers, and is now looking to manage customer support out of its DVD business offices in Fremont, California.