CMU 15-112: Fundamentals of Programming and Computer Science
Class Notes: CS in the News
- Net Neutrality
- Big Idea
- Net Neutrality is a policy which states that the internet is essentially a utility. It holds that Internet Service Providers (ISPs) should treat all legal traffic which passes through the internet equally.
- Example: the Netflix dilemma. Netflix (and other video streaming services) take up over a third of internet traffic. Should video streaming services be charged more? Or should they be able to pay for access to 'fast lanes'?
- Claims of Pros: Encourages competition, prevents content discrimination
- Claims of Cons: Stifles innovation, burden of regulation
- Essential questions:
- Do you think the internet is a communication utility or an information service?
- Should ISPs be regulated or not?
- History
- In 2015, the FCC released FCC 15-24, a report and order on Protecting and Promoting the Open Internet. In this 400 page document the FCC outlines new regulations for internet service providers designed to safeguard what they call the open internet. There was a tremendous amount of debate at the time, and many internet service providers vowed to fight the order in court.
- In the document, the FCC outlines its three "Brightline Rules". Here are some quotes/excerpts from FCC 15-24 describing those rules:
- No-Blocking. First, we adopt a bright-line rule prohibiting broadband providers from blocking lawful content, applications, services, or non-harmful devices. This “no-blocking” principle has long been a cornerstone of the Commission's policies. While first applied in the Internet context as part of the Commission's Internet Policy Statement, the no-blocking concept dates back to the Commission's protection of end users' rights to attach lawful, non-harmful devices to communications networks.
- No-Throttling. Second, we adopt a separate bright-line rule prohibiting broadband providers from impairing or degrading lawful Internet traffic on the basis of content, application, service, or use of non-harmful device. This conduct was prohibited under the commentary to the no-blocking rule adopted in the 2010 Open Internet Order. However, to emphasize the importance of this concept we delineate under a separate rule a ban on impairment or degradation, to prevent broadband providers from engaging in behavior other than blocking that negatively impacts consumers' use of content, applications, services, and devices.
- No Paid Prioritization. Third, we respond to the deluge of public comment expressing deep concern about paid prioritization. Under the rule we adopt today, the Commission will ban all paid prioritization subject to a narrow waiver process.
"Paid prioritization" refers to the management of a broadband provider's network to directly or indirectly favor some traffic over other traffic, including through use of techniques such as traffic shaping, prioritization, resource reservation, or other forms of preferential traffic management, either (a) in exchange for consideration (monetary or otherwise) from a third party, or (b) to benefit an affiliated entity.
- In 2017 the FCC announced its intention to rollback those rules. After an open comment period where the vast majority of comments from individuals, companies, and other organizations were in favor of maintaining the rules, in December 2017 the FCC voted to rollback the rules anyway.
- That is where we stand today.
- Policy
- Media
- Data Privacy and Security
- Big Idea
- Most of the internet is paid for by advertising. Advertisers pay more for ads that they know will be effective ('targeted' ads). Therefore, the economy of the internet is based on data more than products.
- Data comes in many different types...
- Some data is provided by your browser: your IP address (which approximates your location), and the specs on the computer system you're running (hardware, browser app, screen size, plugins, etc.).
- Some data is provided by sites: when you've visited a site before, choices you made on the site recently.
- Some data is provided by you, the user: personal data you post online (name/birthday/phone number), what you've searched on Google/Amazon, what you've favorited or commented on.
- Individual sites collecting and using data isn't necessarily bad: for example, you probably want Grubhub to remember where you live so it can show you appropriate food options. However, some trackers will span across multiple websites, and some websites will sell data to other websites or offline companies.
- Data Privacy
- Data Privacy covers data that is being collected by companies legally, but perhaps in a way that you don't approve of.
- Many people don't want companies to collect and use certain types of data for reasons of privacy.
- Reasons can be personal: you might be a private person, or might have specific cultural/religious views.
- Reasons can be safety-oriented: you might identify as LGBTQ in a country where that is discouraged, or you might have a health issue that could jeopardize your job.
- Reasons can be practical: when you're purchasing something online, you don't want everyone to have access to your credit card number or bank account password!
- In the United States, certain types of data are guaranteed privacy: for example, data generated by children (see COPPA) and educational data related to students (see FERPA). However, there are no general laws regarding anyone's right to privacy.
- The European Union has recently taken a stricter view of privacy rights, including the right to be forgotten and the general data protection regulation.
- Data Security
- Data Security covers data that is taken by adversaries without permission or illegally.
- Adversaries who are trying to steal data have many different motivations, which lead to different behaviors:
- Economical: stealing credit card or bank information, scamming users, stealing data for identity theft
- Personal: stealing a specific person's data (private messages, nude pictures) to target them specifically
- Idealogical: taking down a specific company or system for vindictive purposes
- Adversaries use many different techniques to gain illegal access to systems or data:
- DDOS Attacks: in a Distributed Denial Of Service attack, adversaries use bots to send continuous access requests to servers in order to overwhelm them. This is mainly used to take websites down.
- Man-in-the-Middle Attack: a router is set up in a network so that it mimics a legitimate router. It can then gather unencrypted packets to try and find useful information sent out by users. This can be used to steal personal information that is not encrypted. To avoid this, use secure (encrypted) connections when sending personal data!
- Malware: software is written with the intent of damaging other computers, by deleting data, holding data hostage, or silently spying on the user. Must arrive at the computer from an outside source: usually an internet download, but sometimes USB drives. Malware relies on bugs in the computer software to function, so regular updates are your best defense.
- Phishing/Scamming: most often, data isn't stolen using advanced technical methods; instead, the hacker will gain access to a system by pretending to be a legitimate user and fooling someone within the system already. Staying alert against suspicious messages is the best way to avoid losing data.
- General messages online are best secured using encryption. Encryption secures data while it's being transferred from your computer to the end server so that intermediate servers cannot read the data. Whenever you use a URL that starts with HTTPS, you're using an encrypted connection! The internet is gradually moving towards making all websites run on HTTPS, but for now you still need to check your URLs.
- Media
- Digital Currencies
- Big Idea
- Most currencies depend on having some kind of trusted system that people use to manage transactions. In the past, these systems have been large and stable systems (countries and governments).
- In contrast, digital 'cryptocurrencies' are designed to have transactions managed simultaneously by a large set of users, removing the need for a trusted central party. This lets them exist outside of the context of a specific country or government.
- Otherwise, cryptocurrencies work similarly to other currencies, and follow similar economic rules for inflation and risk.
- Blockchain
- The first (and most well-known) cryptocurrency is Bitcoin, which has enjoyed rapid rises and falls in value recently. Bitcoin relies on a technology known as Blockchain to function.
- A blockchain is a data structure that can be thought of as a specialized list. Each element (or block) of the list represents the state of the transaction ledger at a given point in time. Each block also contains hashed encrypted information from the previous block; in this way, a new transaction is added to the blockchain by creating a new block based on the most recent block and the transaction data. Because of this, old transactions cannot be surreptiously changed, as that would affect the encrypted hash.
- When a new transaction is made, it is broadcast to many different Bitcoin users. These machines can all independently compute the new block and add it to their personal blockchain records. This is known as Bitcoin mining, because performing this service earns a small amount of bitcoin based on the transaction fee. The 'true' Bitcoin transaction log is then based on an agreement across many users all keeping track of the log independently.
- The amount of Bitcoin each individual user has is associated with a specific ID (a cryptocurrency wallet); transactions can then be performed using payer and receiver IDs.
- Properties of Cryptocurrencies
- Because cryptocurrencies are managed using anonymous IDs, these transactions are entirely private. This allows greater data privacy for Bitcoin users, but also makes it possible for the currency to be used for illegal purchases and in ransom/hostage situations.
- Cryptocurrencies have no central authority, which means that there is no one available to address user problems. Many Bitcoin users have lost their wallet IDs, and therefore have lost potential fortunes in Bitcoin. This has actually resulted in nearly a quarter of all Bitcoin being lost permanently.
- While cryptocurrency transactions are supposed to be impossible to trick because of how decentralized the system is, it is theoretically possible for a group of miners to group up until they represent over half of all the miners, which would let them control the transaction log. This almost happened in 2014 with Gnash.io.
- Media