Tag Archives: encryption

Video downloads and all kinds of uploads driving Internet bandwidth demand

by Steve Blum • , , ,

Video accounts for 58% of Internet traffic worldwide, according to a new report by Sandvine, an Internet technology and research company based in Waterloo, Ontario.

Netflix accounts for nearly one-fifth of all the user download traffic in the Americas – more than any other company or protocol category – and five percent of all user upstream traffic. That makes it the number one bandwidth demand driver in this hemisphere. Netflix is in third place on the user upload side, behind raw video – surveillance cameras, for example – and bit torrent. Apple is also capturing a significant share of upstream traffic, with its iCloud photo service accounting for 3% of bandwidth. Netflix’s upstream consumption was unexpected, according to the report

MPEG (video cameras/surveillance) and HTTP media streaming (many different live streaming services) make sense, but why Netflix? Netflix is constantly “bookmarking” your location; as users browse the library, Netflix interactively starts video previews, which has had a huge impact on the upstream. This has made video a major player in the upstream, even with social networking video having less impact than expected on networks…

iCloud Photo Stream makes the first appearance for an Apple product as well as a storage application, illustrating the popularity of mobile photos that immediately get uploaded to the cloud. Photo traffic is also part of the Google number from Androids. There are also lots of VPNs in the Americas, as IPSec is 10th on the list at 2.65%, representing both business users and privacy VPN services.

Mobile operators seem to be hardest hit by the increasing demand for bandwidth, in either direction. They’re responding by giving users incentives to consume less…

It also bears mentioning that the number of mobile operators managing video traffic by offering unlimited viewing for reduced resolutions, which is also depressing the volume of video traffic worldwide.

Encryption continues to grow in popularity, too. Sandvine reports that more than half of the world’s Internet traffic is now encrypted.

Mobile OS security gains strength as a selling proposition

by Steve Blum • , , , ,

They mind their own business.

A reason for Sailfish’s existence, and perhaps even for the $12 million investment it received earlier this year is becoming clearer. It’s an alternative mobile operating system – a competitor to Android and iOS – that arose from the ashes of Nokia’s MeeGo operating system, which was scrapped when Microsoft bought the company.

But it didn’t buy everything and the Finnish engineers who stayed behind started a new company, Jolla, and kept working on it. And now they’ve found a big customer in the Russian government. According to a press release from Jolla

Sami Pienimaki, CEO of Jolla Ltd. comments: “Sailfish OS development in Russia is an important part of Jolla’s wider agenda, aiming to power various countries’ mobile ecosystems. Our solution is based on open source code and contribution models with partners, which makes it possible to ramp up local systems effectively in 6 months. We have now done this in Russia with a local partner and using this experience we are looking forward to ramping up similar projects in other countries.”

In Russia, Sailfish OS is the only mobile operating system, which has been officially accepted to be used in governmental and government controlled corporations’ upcoming mobile device projects.

Customers in China and South Africa – two other countries that don’t put complete trust in the developed world’s good intentions – are also reported to be giving Sailfish a close look.

Sailfish’s selling proposition is security, and it makes good on that promise in a couple different ways. First, it’s open source, which means anyone who installs it can inspect the code for bugs and gain a level of confidence that there are no backdoors or otherwise compromised encryption systems, as with the Blackberry OS or as the U.S. government seeks for iOS and Android.

Second, Finland has strong privacy laws. It’s why Turing Robotics, a tiny mobile phone maker that also aims for the security minded side of the market, moved its mobile phone operations there from California.

Speech-licensing regime for digital world challenged in court

by Steve Blum • , ,

You have the right to a lobbyist. If you cannot afford one, you’re screwed.

The Electronic Frontier Foundation launched a constitutional challenge to a federal law that criminalises what you do with digital media and devices that you think you own. The Digital Millennium Copyright Act outlawed nearly anything anyone does that circumvents restrictions on DVDs you buy, mobile phones you own and pretty much anything that involves digital intellectual property. The language is so broad that it can turn millions of unwitting people into criminals every day.

When congress passed it in 1998, digital media was in its infancy. Lobbyists from movie studio, record labels and other companies that were nursing decades long grudges against analog tape recording convinced their congressional friends to completely change the game for the digital world to come.

One of the provisions of the law makes it the responsibility of the Librarian of Congress to grant exceptions, something that’s done only once every three years. That process has been sporadic and inconsistent, as low tech bureaucrats flip flop over high tech arcana. The end result, according to the lawsuit EFF filed in a D.C. court, is an assault on free speech…

These provisions broadly restrict the public’s ability to access, speak about, and use copyrighted materials, without the traditional safeguards—such as the fair use doctrine—that are necessary to protect free speech and allow copyright law to coexist with the First Amendment. The threat of enforcement of these provisions chills protected and noninfringing speech that relies on copyrighted works, including independent technical research into computer security systems and the discussion of that research, and accessing copyrighted works in order to shift the content to a different format, space, or time. The triennial rulemaking process by which the public may seek exemptions…does not alleviate these problems. To the contrary, the rulemaking is itself an unconstitutional speech-licensing regime.

The First Amendment does not distinguish between different kind of media. What matters is content and what you do with it. Transferring a movie from a DVD to your cellphone is no different than copying a vinyl record to a cassette tape so you can listen to it in your car. If the latter is legal – and it is – the former should be too.

Niche computer maker Purism turns lack of trust into a selling proposition

by Steve Blum • , , ,

Simple security comes at a cost.

If you want to know what every bit on your computer is doing, I mean really know, then you’re the kind of customer that Purism has in mind. The South San Francisco company makes a range of Linux-based laptops and tablets with 100% open source software not-quite-preinstalled. That includes applications of course, but also device drivers, the boot system and everything else.

Not-quite-preinstalled means that the device comes with all the software and a totally naked hard drive. The customer then encrypts the disk with the included open source utility and loads everything up. In theory, that means no back doors or master keys that can be handed over to an interested agency – like maybe the Mounties? – purely for your own protection, of course.

The chips that power the Librem laptops and tablets – Purism uses Intel processors – contain opaque code, but there’s no getting around that. The code in the included software, though, is all open to inspection. “The trust us model doesn’t work in the security market”, explained founder Todd Weaver at Pepcom’s Mobile Focus event last month.

It’s not necessary to load the Linux OS and other software that comes with the devices – you can install whatever you want. Purism is shipping 13-inch and 15-inch laptops now and plans to have 10-inch and 11-inch tablets on the market by September. The components are made in relatively small batches and assembled at Purism’s South City headquarters, which means the Librem devices are relatively expensive, ranging from $599 for the smaller tablet to $1,899 for the bigger laptop. That’s the premium you pay if you want to really know.

Blackberry shares the big one with the cops

by Steve Blum • , , ,

Blackberry’s sole remaining selling proposition – security – has gone up in smoke with the revelation that the Royal Canadian Mounted Police has the master key to decrypt messages on consumer phones. Investigative stories by Vice and Motherboard document how the Mounties read encrypted messages, and leave little doubt that it was with the company’s active assistance

Neither the RCMP, nor BlackBerry ever confirmed where the global key actually came from and the documents shed little light on the matter. They also didn’t deny it.

In fact, BlackBerry has recently signalled a willingness to deal with law enforcement on encryption, with company CEO John Chen writing last year that “we reject the notion that tech companies should refuse reasonable, lawful access requests.”…

Crown prosecutors pulled out a variety of excuses as to why the information about the origin of the key, and the exact nature of BlackBerry’s cooperation with the RCMP, should remain strictly private.

Enterprise customers are immune to the particular technique used. Companies that set up their own servers also set their own encryption keys, so Blackberry’s master key won’t work. That’s thin comfort, though. Blackberry uses a proprietary encryption system that might or might not have deliberately designed weak spots.

Until now, the assumption was that it was secure. There’s never any guarantees when it comes to security, but there’s also never been any particular reason to doubt Blackberry’s integrity. Now there is, and that will scare away some security conscious customers, the very people Blackberry has worked so hard over the years to cultivate.

There’s nothing harder to build and easier to lose than a reputation.

Backdoor to encrypted data required in proposed bill

by Steve Blum • , , ,

California’s senior U.S. senator wants software, hardware and telecoms companies, and pretty much everyone else in the high tech universe to keep a master key to their encrypted products and services. And turn the key anytime a court tells them to do so. The draft of a bill by senators Diane Feinstein (D – California) and Richard Burr (R – North Carolina) says…

A covered entity that receives a court order from a government for information or data shall— (A) provide such information or data to such government in an intelligible format; or (B) provide such technical assistance as is necessary to obtain such information or data in an intelligible format or to achieve the purpose of the court order.

Covered entity

…means a device manufacturer, a software manufacturer, an electronic communication service, a remote computing service, a provider of wire or electronic communication service, a provider of a remote computing service, or any person who provides a product or method to facilitate a communication or the processing or storage of data.

On the face of it, the bill would effectively outlaw products with unbreakable encryption or the sale of services that include it. What it would really do is create two classes of criminals: those who have the smarts and motivation to layer in their own encryption and those who don’t. And the former would be handed a golden opportunity to hack, phish or subvert their way into government-mandated backdoors.

The conventional wisdom in the tech press is that the bill isn’t going anywhere, with political opposition ranging from libertarian-leaning republicans to the Obama administration, and with Silicon Valley mobilising battalions of lobbyists. Maybe so. But it’s an election year and a particularly odd one at that. Take nothing for granted.