What Really Happened With Internet Privacy?

Anyone paying attention to U. S. headlines recently heard something about internet privacy.  But what you heard probably depends on where you heard it.  President Trump signed a bill on Monday, Apr. 3 that used a thing called the Congressional Review Act to reverse a pending FCC rule.  So whatever it was, the rule that was revoked hadn't even gone into effect yet.

If it hadn't been shot down, the FCC's proposed rule would have required internet service providers (ISPs) such as AT&T to request permission from their customers to use certain data about what the customers do online.  Right now, ISPs don't have to ask, but depending on the ISP, they may not be doing much with that data anyway.  The big users of customer-generated data are social-media outlets such as Facebook, Internet companies such as Google, and advertisers who pay these outfits to place targeted ads using harvested customer data.  I'm sure the ISPs would like to get into that business eventually, but the FCC rule would have blocked them.  President Trump and the Republican-dominated Congress simply removed that stumbling block.

So for one thing, nobody lost any internet privacy they previously had.  As to the hypothetical future, it's anybody's guess what the FCC rule might have done, but clearly the ISPs were not happy about it, which was how the rule got quashed by a corporate-friendly Congress and President.

How you feel about this may depend on what you think about internet privacy and corporate freedom.  At this point in history, the phrase "Internet privacy" is about as meaningful as "Trump modesty."  Both are in short supply.  Most people who spend any time at all on the web have turned from looking for electric toothbrushes online, say, to researching the versions of ancient Mayan calendars, only to have an ad for toothbrushes pop up in the middle of the British Museum's webpage.  Obviously, a combination of "cookies" (little browser things that tell servers where your web browser has been) and clever marketing schemes has engineered that outcome.  All the FCC rule might have done would have been to stop ISPs such as AT&T and Verizon from doing similar things, at least without asking first.   And the asking could have been buried in one of those novel-length terms-and-conditions documents that everybody must either lie about reading before signing onto a new service, or actually read (and I don't know anybody who reads them).  The only reason that the FCC could have passed the rule in the first place lies in the historical carve-outs of which Federal agency gets to regulate what electronic communications means.  A similar historical fluke explains why on-the-air TV shows are not quite as raunchy as cable shows:  the FCC gets to regulate on-air stuff, but not cable-only stuff.

So what has been portrayed in some circles as an epic loss of consumer protection turns out to be more of a turf battle among giant powerful Federal agencies and giant corporations, and the consumer just gets to watch the results from the sidelines. 

Even though the actual effect of either the FCC ruling or its revocation by Congress and the President might have been minimal, it's worth asking a broader question about how consumers—or citizens, to use a more general term—are faring with respect to the centers of power in the U. S.  I recently ran across a blog by a man who, back in May of 2016 before the party conventions had selected either Presidential candidate, predicted that Trump would not only be the Republican nominee, but that he'd win too.  Anybody can make a lucky guess, but this gentleman, a writer by the name of John C. Médaille, based his prediction on the fact that ordinary Americans were enraged that their interests have been ignored in favor of the interests of "the Rich, the powerful, the banker, the foreigner."  Of course, our current President belongs to at least two of those categories himself, and Médaille was far from pleased that Trump was probably going to win.  But he was right.

Powerful corporations such as Google and Facebook are able to offer "free" services that compel users to generate content that profits the companies.  Médaille, who believes in an obscure and mostly forgotten system of economics called distributism, sees this sort of thing as an injustice, which brings the matter into the scope of engineering ethics.  Because engineering, broadly speaking, makes everything on the Internet possible, engineers who work for such companies shouldn't simply turn a blind eye to the applications of their code, saying, "All they pay me to do is code.  What they do with the code isn't my business."  Google's code of conduct, summed up in the phrase "Don't be evil," is a masterful exercise in question-begging, namely because at least to my knowledge, it doesn't include a definition of "evil." 

And by the nature of human relations, we can never set out a precisely-written code of conduct that a robot could follow flawlessly, because we're not robots.  We're human beings, each of us a mystical world unto ourselves, and relations among such beings cannot be reduced to mathematical formulas. 

The kerfuffle about the proposed FCC ruling shows that, although our current President ran as the vindicator of the common man and woman, reality may be setting in rather faster than anyone expected—reality being the continuation of a long-term trend of concentration of both economic and political power in the hands of an oligarchic few.  By the nature of modern engineering, most engineers will end up working for medium-size to large corporations, and therefore have a perhaps unconscious bias in favor of policies and actions that favor such corporations. 

However, there are reasons that millions of people in the U. S. have experienced stagnating wages, worsening work conditions, and a lack of genuine opportunities to be a free contributor to the common wealth.  Instead, unless you have reached a certain educational level, your options are nearly all of the "heads we win, tails you lose" variety, and many men in particular have taken the easy way out of simply giving up on work and living off the meager surpluses of welfare and compliant relatives and girlfriends that are available. 

To reverse such trends will take more than an internecine government flap.  It will take first, awareness of the depth and scope of the problem, and second, a willingness to overlook differences and artificial divisions set up by those hoping to keep the masses tranquil, and to do something in a united way that will bring about meaningful change.  But that is a topic for another time.

Sources:  I used material from The Hill's website posted on Apr. 3, 2017 at http://thehill.com/homenews/administration/327107-trump-signs-internet-privacy-repeal., entitled "Trump signs Internet privacy repeal."  That article referred to a blog by a person described as "AT&T's top lobbyist" Bob Quinn at https://www.attpublicpolicy.com/privacy/reversing-obamas-fcc-regulations-a-path-to-consumer-friendly-privacy-protections/, which I also referred to.  John C. Médaille's prediction of Trump's triumph and his mixed feelings about it can be read at http://distributistreview.com/cassandra-calls-election/.  Another blog of mine on distributism can be found at http://engineeringethicsblog.blogspot.com/2008/09/what-is-distributism-and-why-should.html.

Tricks A Dumb Grid Can Play

Inauguration Day in Brookville, Pennsylvania arrived with a bang. Within minutes after Donald Trump swore to preserve, protect, and defend the constitution of the United States, the 911 calls began.  In one house, light bulbs were exploding.  Another resident reported that a power strip was smoking.  At another house, the siding was on fire, and at yet another the electric meter was engulfed in flames.  The main radio transmitter at the police station tripped out, so the 911 call center was unable to contact them until the dispatcher used his battery-powered radio to make contact.  In all, about 400 residents of the small western Pennsylvania town of 3800 suffered some type of damage, ranging from singed carpets to fried computers and exploding fluorescent light fixtures.

The power surge had nothing directly to do with Donald Trump.  A quick investigation by Penelec, the local electric utility, revealed that an insulator on a power line had failed.  What follows here is my extrapolation from the limited details in the Associated Press wire story, but represents what I think is a good guess.

Electric power networks are divided into transmission lines and distribution lines.  The transmission lines are the tall steel-framed towers that span many miles across the countryside, and are the interstate highways of the electric grid, transmitting megawatts of power from generating plants to substations many miles away.  To transmit this much power efficiently, the voltage of these lines is generally above 100,000 volts (100 kV).  For example, there is a 138-kV transmission line that connects Brookville with the rest of the power grid in western Pennsylvania, and there may be others at even higher voltages.

           

Once power arrives at a substation, it is stepped down in voltage with large, expensive units called transformers to a lower voltage suitable for distribution locally.  Distribution lines, the neighborhood streets of the network, carry voltages in the range of 12 kV to 35 kV, or occasionally higher in rural areas.  My guess is that Brookville has at least two or three separate distribution circuits with voltages in the 25-kV range.  The familiar wooden power poles that carry telephone and cable TV lines also support power-distribution cables, always suspended on the highest point of the poles.  Every few hundred feet, a "pole pig" (distribution transformer), usually a metal can a couple of feet tall, lowers the voltage still more to 240 V or less for delivery to commercial and residential customers. 

What probably happened was this.  One of the high-voltage insulators on a transmission line carrying in excess of 100,000 volts failed mechanically, dropping its conductor on or near enough to one of the town's distribution lines to allow a flashover (an arc) to jump from the 100+ kV transmission line to a 25-kV distribution line.  All power-line insulators are built with a safety margin.  That is, an insulator for a 25-kV line may be able to withstand 50 or even 100 kV, which can happen during situations such as lightning surges and so on.  This is good in normal circumstances, but in this case it backfired.

The insulation of the 25-kV distribution line held just long enough for the high voltage, four or five times normal, to get into the distribution transformers and ultimately the houses of about ten percent of the town.  So for a few seconds or maybe even longer, equipment designed for 120 V was receiving, say, 500 or 600 V. 

There are kooks on YouTube who delight in taking innocent electric appliances such as razors, clocks, toasters, light bulbs, and so on, and connecting them to high-voltage power sources just to see what happens.  They are never pretty.  Every electric appliance has a maximum rated voltage, and when you exceed it by 500% you either blow a fuse or, in the case of equipment that doesn't have fuses such as light bulbs, the excess heating makes something melt or vaporize or explode. 

Many power strips have surge-arresting devices in them meant to absorb fast transient surges caused by lightning.  But those surges usually last only milliseconds, and a surge of several seconds overheats such a device, making it smoke, which explains the reports of smoking power strips. 

Why didn't all the protective devices that a utility normally uses, such as fuses and circuit breakers, operate right away?  Because they are designed primarily for lightning strikes, not an overvoltage that lasts many seconds.  And the fuses probably didn't blow right away because a fuse only slightly over its rated current takes a considerable time to melt. 

Penelec has announced that they will compensate those who have suffered losses as a result of the surge.  Fortunately, no one was injured, but a considerable amount of property was damaged and the mess will take weeks or months to clean up. 

The "dumb grid" in the title refers to the fact that most electric utilities still use protective technology that was developed prior to World War I, for the most part:  fuses and electromechanical relays.  Innovative "smart grid" technology connecting the power grid to the Internet and replacing many electromechanical controls with faster-acting solid-state devices promises a number of good things, mainly pertaining to increased efficiency and reliability.  But it's also possible that if Brookville's grid was smarter—that is, if it could have figured out within milliseconds what happened and cut off the surge then—none of the bizarre damage might have occurred.

Admittedly, situations in which a transmission line arcs over to a distribution line are rare.  But as Brookville shows, they can happen.  If the new Trump administration wants to improve America's infrastructure, encouraging utilities to take the smart-grid path is one way to do it.  Whatever Washington does about it, though, it's too late for a few hundred residents of Brookville, who are still replacing siding, light bulbs, and computers as a result of a freak accident that shows we still have a ways to go in improving electric utility safety and reliability.

Sources:  The Associated Press report on the Brookville incident of Jan. 20, 2017 was carried by a number of news outlets, including  PressFrom.com at http://us.pressfrom.com/news/us/-21781-tiny-towns-power-surge-fries-computers-appliances-siding/ on Jan. 28, 2017.

What Are the Rules of Cyberwarfare?

We are now well into the era of cyberwarfare—the use of computers and computer networks in military, terrorist, and diplomatic conflicts.  But to judge by the recent tiff between President Obama and Russian President Vladimir Putin, neither the U. S. nor Russia has figured out exactly how to use these new weapons, or how to defend against them effectively.

Last July, Wikileaks unleashed a flood of embarrassing emails hacked from the Democratic National Committee, leading to the resignation of that organization's chairwoman Debbie Wassermann Schultz and undoubtedly influencing the Presidential selection process, though to what degree it is impossible to say.  In December, the CIA announced that they were confident that Russian hackers were responsible for stealing the emails and giving them to Wikileaks.  And on Dec. 23, President Obama announced that he was retaliating for the hacks by sending home 35 Russian diplomats and taking other actions against the Russian diplomatic corps in the U. S.  After initial talk by Russian officials of retaliation against the retaliation, Russian President Vladimir Putin surprised many by saying he would suspend any actions against U. S. diplomats in Russia, at least until the Trump administration takes office. 

Retaliation against diplomats has been around ever since there have been diplomats.  Over the decades, countries have developed traditional ways of treating official representatives from foreign lands with policies such as diplomatic immunity from routine prosecution, the suspension of normal customs inspection for diplomatic materials, special diplomatic zones around embassies, and other perks.  But one reason for all these special privileges is that they can be revoked at any time. 

This writer is old enough to recall some of the many times that the old Soviet Union (USSR) engaged in these kinds of games with the U. S. on any pretext or sometimes no pretext at all.  It was all part of the Cold War chess game, and watched closely for indications that the Soviets might be wanting to warm up the war a little.  Everyone agrees that sending a diplomat packing is a lot better than throwing bombs, so while tensions are raised by such incidents, it's usually a sign that serious conflicts are not in the immediate offing.

Still, there are a couple of notable and disturbing aspects of the DNC hacks and their consequences.  One concerns the identity of the hackers, and the other concerns what constitutes a truly effective response to such attacks.

It took nearly six months for the CIA to be confident enough to announce publicly that Russians were in fact responsible.  In that aspect, hacking and other hard-to-trace cyberattacks resemble terrorism, in that the identity of the terrorists responsible for a given attack is usually not immediately known, and may not ever be discovered.  Although good detective and investigative work often uncovers the perpetrators eventually, the delay between the attack and the discovery of who did it allows for uncertainty to dominate the situation, leading to general confusion, controversy, and other problems that are usually exactly what the attacker wants to achieve in the enemy camp.  It's possible that the CIA made its announcement when it did not because it took all that long to figure out who did it, but for other diplomatic or political reasons.  Still, it's hard to fight back against an enemy if you don't know who he is.

Identifying the source of a cyberattack is only the first step in an effective response.  As in conventional warfare, one doesn't want to overreact, but on the other hand, just letting an enemy get away with anything isn't good either.  An important factor in these not-yet-open-warfare conflicts is how the public perceives them.  Both the U. S. and the Russian presidents do everything with an eye to their constituents, so things done in secret which have secret effects are not that useful.  Instead of using the hacked emails for their own purposes, whoever hacked them (probably the Russians) gave them maximum publicity, and to the extent that the DNC was hampered in its operations, the attack was a success. 

What's new and disturbing about this particular incident is that it represents a significant intrusion into the domestic electoral process by a foreign power which overtly favored a particular candidate—one who will take office on Jan. 20, barring unforeseen circumstances.  What makes the situation worse is that the President-elect does not seem to be all that troubled about it.  Four years in office is a long time, though, and it's likely that Trump and Putin will at some point fail to agree on something, after which it's anyone's guess what will happen.

Part of what makes it so hard to defend against cyberattacks is the global nature of the Internet environment—Moscow or Paris or Adelaide is just as close to my Internet connection as the neighbor down the street.  Traditional military defenses were geographically fixed and you could draw contours of safety within them—here, you have to be concerned about ground attacks, there you are subject to air bombings, and way back behind the front lines, there was almost nothing to worry about.  But cyberattacks can go anywhere there's an Internet connection, and the targets are often only as well-defended as the private organizations and their IT people can make them.  As we know, these defenses range from the almost impregnable to the nearly nonexistent, and so many attractive cyber-targets are almost defenseless against a concerted attack by well-resourced agents of a foreign power.

It's not clear that the best defense is a good offense either, especially when it's not immediately clear who is doing the attacking.  And when many thefts of data are not discovered until months or years after the damage is done, it's even harder to mount an effective response.

It looks like international cyberwarfare will muddle along in this confused state unless and until such a major attack occurs that we get serious about some sort of national defense policy against foreign cyberwarfare.  There are serious concerns being voiced these days about the hacking of power grids and other vital infrastructure systems such as air-traffic control and the domestic Internet itself.  Our best defense for these systems right now is that nobody has a strong reason to attack them, but that could change at any time.  And if it does, I just hope we're ready for what comes afterwards.

Sources:  I referred to a report on President Obama's retaliatory actions against Russia carried by CNN on Dec. 29 at http://www.cnn.com/2016/12/29/politics/russia-sanctions-announced-by-white-house/, and also a report on Putin's non-response at https://www.washingtonpost.com/world/russia-plans-retaliation-and-serious-discomfortoverus-hacking-sanctions/2016/12/30/4efd3650-ce12-11e6-85cd-e66532e35a44_story.html.