This entry is from guest blogger Jim Fenton. Fenton is a Distinguished Engineer in the Security Technology Group at Cisco. Even though Cisco isn’t an e-mail vendor, it’s beneficial to users of the Internet (and therefore strategic to Cisco) to improve the accountability for Internet messages. That’s the reason that Cisco has been active in co-developing and standardizing DomainKeys Identified Mail (DKIM), an e-mail authentication technology based on cryptographic signatures. The new DKIM Working Group will hold its first meetings at the IETF meeting in Dallas March 20-24.The question many people ask, and one of the hurdles in getting the working group chartered, is,”What good is e-mail authentication, anyway? It won’t stop spam and phishing!” Indeed it won’t; spammers and phishers will sign their own messages, most likely using throw-away e-mail domains they register for a single use. The same is true for other methods of e-mail authentication, such as Sender ID Framework and SPF. In fact, many spammers were early adopters of SPF, and I expect that they will be early DKIM adopters as well.The similarity that works well for me is that of a peephole in your front door or hotel room door. When there’s a knock at the door, you look out. If you recognize the person and it’s a friend, you open the door and let them in. If it’s someone who looks sinister (or a landshark!) then you don’t. If it’s someone you just don’t recognize, you use additional means of identification: perhaps you ask them via an intercom who they are and what their business is. Do peepholes unambiguously identify everyone? No. The same is true for e-mail authentication. This is not a problem with peepholes or e-mail authentication, but simply that they aren’t intended to be used in a vacuum.This is a policy blog, so what’s the policy angle on this? In the same sense that governments shouldn’t mandate the authentication of callers at your front door, they shouldn’t mandate e-mail authentication (and especially the use of specific technologies). It’s entirely reasonable to advocate the use of authentication technologies, much as they do in recommending the use of peepholes. To push the metaphor further, just as peepholes, intercoms, and video cameras all may have a role in authenticating callers, the various e-mail authentication technologies all provide some information that may be useful to the recipient, and two or more technologies may be used together. It should be up to the recipient what forms of authentication they use. Callers (message senders) will quickly learn what they need to do in order to be recognized.
In one of our first entries on this blog over a year ago, I mentioned that “this Internet thing seems to really be taking off…” Blogging, it seems, is no different. Today, you may have read about Wal-Mart’s efforts to engage bloggers in The New York Times to help with their PR efforts.I also just came across this quote from Silicon Valley U.S. Representative Anna Eshoo (D-Palo Alto) in today’s National Journal’s Technology Daily People column that I thought was interesting enough to pass along. She is quoted as saying: “If Thomas Paine was alive today, he wouldn’t be a radical pamphleteer; he’d be a blogger at www.commonsense.com.” High praise for the blogosphere, indeed.To be sure, the blogosphere can be a cacophonous place, but with originality, substance and consistency a blog can be be very effective tool for getting your message to your audience.
I wanted to bring your attention to a Q&A that is posted on Cisco’s external website on the issue of China and censorship. I have posted the Q&A here, but you can also access it at News@Cisco site at:http://newsroom.cisco.com/dlls/2006/hd_030106.html?sid=BAC-JsSyndMark Chandler, Cisco SVP and General Counsel, Talks About Censorship in ChinaMarch 1, 2006 On February 15th, Mark Chandler, Cisco’s senior vice president and general counsel, testified before a U.S. House of Representatives International Relations subcommittee on the issue of censorship in China. The title of the hearing was “The Internet in China: A Tool for Freedom or Suppression?” and full written testimony of Mr. Chandler and others can be accessed on the subcommittee website at: http://wwwc.house.gov/international_relations/afhear.htmNews@Cisco sat down with Mr. Chandler after his Washington trip to get his view of how the hearing went as well as other top questions on our mind.How did you think the hearing went?Mark Chandler: Obviously there are many conflicting viewpoints on the issue of technology and China, so I was glad we had the chance to testify and help set the record straight on how Cisco conducts business in China. It was important to provide clarity around what we do and what we do not do. We provide the same equipment worldwide that we provide in China. We have never partnered with the Chinese government to help them censor content, nor have we altered equipment for the Chinese government for the purposes of censorship. I hope that message got through at the hearing.There are still allegations that you have altered your equipment for the purposes of censorship. Why do you think that is?Mark Chandler: I think the allegations likely stem from a misunderstanding of thefunctionality of our equipment and, unfortunately, inaccurate claims made about Cisco’s actions in China. Cisco has not and does not design products for the purpose of political censorship.The equipment we sell in China is the same equipment we sell worldwide. We have not designed, marketed or altered equipment for the Chinese government. The filtering capabilities of all Internet routing equipment, necessary for protection against viruses, spam and denial of service attacks, can be used to block access to sites for political reasons, anywhere in the world.What are your views with regards to political censorship?Mark Chandler: Cisco strongly supports free expression on the Internet.At the hearing, you were asked if you were ashamed of doing business in China. Are you?Mark Chandler: We are proud of the impact of the Internet around the world, including in China. We entered the Chinese market in 1994 and since then the number of Chinese accessing the Internet has grown from 80,000 to over 110 million. We know that we have contributed to that growth.How does your equipment function?Mark Chandler: Cisco supplies equipment that provides network access -- anytime, anywhere access to the Internet. The features that a library or parent may use to block chat rooms or unsavory sites, however, can also be used to block political content. Cisco has no control over this as we don’t manage networks. If the company you work for doesn’t want you to access, say, ESPN.com at work because it isn’t productive or isn’t work related, well, they could configure their network to do that. These capabilities are the same worldwide and function, primarily, for network security -- for example, blocking sites that may have viruses. They also function as a way to block sites not deemed appropriate by the network owner.Could you disable those features when selling to China or other countries that may censor the Internet?Mark Chandler: Because of threats to networks around the world, there is no feasible way to disable those capabilities that may be used to block access for political reasons. Networks cannot function without network management and security protection capabilities. Otherwise, network administrators couldn’t protect us against hackers who want to try to shut down the Internet or steal personal information. Companies couldn’t stop employees from illegally downloading copyrighted music or videos or from accessing computer viruses. Libraries and parents couldn’t control access to pornography.These generic features are available from all major manufacturers, including at least a dozen U.S., Canadian, European and Chinese companies. While I cannot speak to the many other U.S. and foreign companies who have been cited as providing these functions to the Chinese authorities, these capabilities in Cisco’s equipment are “off the shelf” -- their designated uses are appropriate and essential.There has been a suggestion that routers such as the ones Cisco sells should be configured so words like “democracy” and “freedom” cannot be blocked. Is that possible?Mark Chandler: That is certainly a well-meaning idea but likely would be met by great opposition by anyone who wanted to block unsavory content. For example, if that proposal was implemented, those who distribute pornography could get aroundrestrictions merely by putting “democracy” or “freedom” in their website name. And,further, the functionality that provides the means to limit access is available from numerous non U.S. vendors around the world.Has Cisco broken any laws in doing business in China?Mark Chandler: Cisco’s policy is strict compliance with all U.S. government laws and regulations which prohibit the sale of our products to certain destinations and users, or to those who resell to prohibited users.Some have alleged that Cisco’s equipment is designed to help Chinese law enforcement conduct surveillance or censorship activities. Does China sell equipment to the Chinese police to support surveillance and censorship activities?Mark Chandler: Cisco sells data networking equipment around the world, including to law enforcement. Sales of equipment to law enforcement agencies in China are strictly controlled by the U.S. Government under the Foreign Relations Authorization Act, and Cisco’s policy is strict compliance with those rules. While data networking equipment can be used for any type of available data, including written, audio or video data, Cisco does not sell the equipment in a manner that is customized in any way for Chinese law enforcement to conduct surveillance activities.There is currently a bill before Congress that would restrict what technology can be sold to China. What are your thoughts on the legislation?Mark Chandler: I would expect that there would be a great deal of debate over such legislation. There would be many who would oppose it on the grounds that it would actually reduce free expression. If countries were encouraged to build their own Internet because we were not willing to engage and sell them the equipment that is readily available elsewhere in the world then that outcome would be very unfortunate.The power of the Internet to expand free expression depends on there being one global Internet. Policies which promote the balkanization of the Internet -- even inadvertently -- will undermine rather than support the many projects which help users evade censorship.
With apologies to Andy Rooney (not really), did you ever wonder why broadband isn’t free? Seriously. If I can access broadband, I have a computer or an electronic device so I’m of at least some economic stature that someone would want to market to (absent of course the $100 computer that is always rumored to be around the corner). You access broadband though an access point of some such…be it a wireless or wireline into the network…you can therefore (privacy concerns aside) be tracked by where you are accessing the network…stay with me…Are you close to a Taco Bell when you are accessing the network for free? Check your e-mail: there’s a coupon for two for the price of one tacos…or a free drink with the purchase of a burrito…no, not the bean burrito, it has to have meat. Vegetarians need not apply. Seriously, if I was a franchise owner of some sort and I could beam you a coupon or information on a sale then why wouldn’t I pay the network owner to give you that coupon or sale information. I’m already sending you coupons to your home using direct mail. Isn’t this the same thing? Except that I’m sending you direct mail when you are near or next to my store. It is basically the g-mail model, in my mind. You first have to opt-in if you want to use the service. By opting in, you agree to receive ads or coupons. For that, you get free network access. The coupon senders pay the bill and everybody is happy. At least in my universe.Also, did you ever wonder why it has taken so long to have a great digital camera, great phone, great PDA and great mp3 player all rolled into one? Seems like a no brainer. I have a nice Canon digital camera…a TREO (great PDA, okay phone)…and an IPod Nano…why can’t these all merge with a, say, Motorola RAZR and call it a day?Did you ever wonder why you can’t access wireless access points in airports or public areas using your cell-phone number as a log-in? Service providers are used to paying each other already, right? Is it the billing? Does T-Mobile already have the market cornered?Anyway, just a couple of thoughts.
I had brunch with a US Senator this weekend and he said that the relationship between parties had gotten so bad in DC that the only issues likely to transact in the Senate this year were the things they “have” to do, i.e. budget and appropriations. Healthcare? Education? Public safety? Oh, those things likely have too much agreement to get anything done. If progress is made on any of these issues then the Republicans get credit because they are in charge of both houses of Congress — that the Democrats badly want back in the ’06 elections. And if legislation is passed with the help of both parties, then the Republicans can’t continue to bash the Democrats as stonewalling on the issues that the American people care about. Let’s face it, it’s good for fundraising. For both sides.I worked in the US Senate (not too, too long ago) when there seemed to be more reaching across aisles to pass bills and get stuff done. There seemed to be respect among colleagues. They could fundamentally disagree on the approach, but it was a diagreement based on fundamentally, true beliefs and not for political posturing. It was, in a word, civil. Where does the end of this current spiral downward begin? When is the beginning of the end of the caustic approach to “deliberative” government? It will likely take a leader to publicly reach out to the other side and say, “let’s forget about the R’s and the D’s next to our names and work together as Americans.” There was a time after 9/11 when this seemed possible. What happened?