Last month, the popular online publication TechDirt published an article based on the filing of Golden Frog with the FCC who urged the commission to restore a truly open Internet. A key part of the article focuses on how we noticed that ISPs and of wireless broadband providers can block encryption technologies if they so wish.
We have discovered by studying the service of a broadband service provider specific wireless, and discovered he was able to interfere with the ability of one of our engineers to encrypt their electronic communications.
Article collected a good amount of attention and we received questions from the press (including the Washington Post), advocacy groups and customers. We wanted to share the story:
An engineer Golden Frog first noticed the issue in September 2013 when he was a wireless client AIO. (AIO is a prepaid wireless service provider and a subsidiary of AT & T). Be a person of privacy oriented, he put his email client to require the use of an encrypted connection to the mail server using STARTTLS. STARTTLS is an SMTP extension (the standard sending email protocol) that enables a mail server and the client to use TLS (Transport Layer Security) to provide private, encrypted and authenticated communication over secure Internet connections.
In May 2014, AIO merged with Cricket Wireless so the Golden Frog engineer became a Cricket customer. In June 2014, he brought the matter to the attention of Golden Frog Co-CTO Michael Douglas as the two worked together at a cafe. While using his laptop computer attached to his phone and connected via Cricket, he was unable to send secure emails. He changed the cafe WiFi and was able to send encrypted e-mails. They concluded that STARTTLS was intercepted.
Both studied further and began running tests. They determined Cricket intercepting and blocking STARTTLS on port 25 - basically, the STARTTLS command has been hidden in the server responses, and a command failure response was returned. The engineer was connected to a personal email server NOT associated with the wireless provider. The test was repeated by connecting to multiple mail servers, including Golden Frog corporate email servers. These are the SMTP connections using the Cricket network / AIO as network provider to achieve remote control, not affiliated with AIO mail server.
Golden Frog Co-CTO Philip Molter STARTTLS presented the findings in a lightning speech LinuxFest Texas in Austin, TX a few weeks later. We tested again in July 2014 when we submitted our comments with the FCC, and we found the same results. We've included screenshots of those test results, in our FCC filing.
After the article TechDirt came out, we expected we would get some questions we ran the same tests and found that STARTTLS is not currently being intercepted and blocked. We do not know what changed.
We also tested the AT & T network and found the encryption is not blocked. Good.
However, this is a clear indication of what the wireless ISP can do so under reasonable network management application. Although he now apparently reversed course, putting particular ISP customers serious risk by inhibiting their ability to protect online communications. We included in our warehouse because as the FCC refused to return to its previous policy "open access" and then allow wide competition, it must establish effective rules to prevent ISPs wireless and wireline the throat and blocking of Internet user traffic and the prevention use encryption to protect their privacy. We also need more competition between ISPs if an encryption citizens blocked ISPs can "draw their ISP" and choose an ISP that does not block encryption or intentionally slowing down content providers such as Netflix
We ask :. Is it reasonable to invade privacy by disabling encryption to block outgoing spam?
either the old or the new Internet rules proposed debated by the FCC that would prevent wireless providers to block encryption technologies. This is very frustrating and one of the key points of our FCC filing. The FCC is a government agency and responsible for protecting national security in electronic communications. They are part of the same government that surveils its citizens. It is not unreasonable to think they are getting pressure to restrict encryption.
In addition, ISPs have an incentive to block the personal information protection technologies such as VPN. They want to enjoy as much as possible to the way you use the Internet. The privacy services that are independent of their offers do not allow them to do so. If they do not sell the service to you, they do not make money and frustrates them. However, when they block privacy services, they are dangerously putting confidential communications and individual business customers of privacy at risk.
We believe that the same rules that Open Access should be applied to wireline Internet service providers should also apply to mobile Internet service providers, especially in light of this incident linked to specific encryption affecting online privacy.
0 Komentar