[NNagain] Internet Education for Non-technorati?

David Bray, PhD david.a.bray at gmail.com
Wed Oct 11 14:19:44 EDT 2023 

Are we talking about the one that modelled after the label from CMU (they
showed some prototypes, there would be about 10-15 pieces of information on
the label followed by a QR code to get the rest), here's a link - and the
concerns I have apply to this:

https://news.pantheon.cmu.edu/stories/archives/2023/july/cylab-presents-at-white-houses-launch-of-new-iot-cybersecurity-labeling-system

https://www.securityindustry.org/2023/09/12/the-fccs-u-s-cyber-trust-mark-proposal-what-it-means-for-the-security-industry/

On Wed, Oct 11, 2023 at 2:06 PM Dave Taht <dave.taht at gmail.com> wrote:

> I think y'all are conflating two different labels here. The nutrition
> label was one effort, now being deploye, the other is cybersecurity,
> now being discussed.
>
> On the nutrition front...
> We successfully fought against "packet loss" being included on the
> nutrition label, but as ghu is my witness, I have no idea if a formal
> method for declaring "typical latency" was ever formally derived.
>
>
> https://www.fcc.gov/document/fcc-requires-broadband-providers-display-labels-help-consumers
>
> On Wed, Oct 11, 2023 at 10:39 AM David Bray, PhD via Nnagain
> <nnagain at lists.bufferbloat.net> wrote:
> >
> > I was at a closed-door event discussing these labels about two weeks ago
> (right before the potential government shutdown/temporarily averted for
> now) - and it was non-attribution, so I can only describe my comments:
> >
> > (1) the labels risk missing the reality that the Internet and
> cybersecurity are not steady state, which begs the question how will they
> be updated
> > (2) the labels say nothing about how - even if the company promises to
> keep your data private and secure - how good their security practices are
> internal to the company? Or what if the company is bought in 5 years?
> > (3) they use QR-codes to provide additional info, yet we know QR-codes
> can be sent to bad links so what if someone replaces a label with a bad
> link such that the label itself becomes an exploit?
> >
> > I think the biggest risks is these we be rolled out, some exploit will
> occur that the label didn't consider, consumers will be angry they weren't
> "protected" and now we are even in worse shape because the public's trust
> has gone further down hill, they angry at the government, and the private
> sector feels like the time and energy they spent on the labels was for
> naught?
> >
> > There's also the concern about how do startups roll-out such a label for
> their tech in the early iteration phase? How do they afford to do the extra
> work for the label vs. a big company (does this become a regulatory moat?)
> >
> > And let's say we have these labels. Will only consumers with the money
> to purchase the more expensive equipment that has more privacy and security
> features buy that one - leaving those who cannot afford privacy and
> security bad alternatives?
> >
> > On Wed, Oct 11, 2023 at 1:31 PM Jack Haverty via Nnagain <
> nnagain at lists.bufferbloat.net> wrote:
> >>
> >> A few days ago I made some comments about the idea of "educating" the
> >> lawyers, politicians, and other smart, but not necessarily technically
> >> adept, decision makers.  Today I saw a news story about a recent FCC
> >> action, to mandate "nutrition labels" on Internet services offered by
> ISPs:
> >>
> >>
> https://cordcuttersnews.com/fcc-says-comcast-spectrum-att-must-start-displaying-the-true-cost-and-speed-of-their-internet-service-starting-april-2024/
> >>
> >> This struck me as anecdotal, but a good example of the need for
> >> education.  Although it's tempting and natural to look at existing
> >> infrastructures as models for regulating a new one, IMHO the Internet
> >> does not work like the Food/Agriculture infrastructure does.
> >>
> >> For example, the new mandates require ISPs to "label" their products
> >> with "nutritional" data including "typical" latency, upload, and
> >> download speeds.   They have until April 2024 to figure it out. I've
> >> never encountered an ISP who could answer such questions - even the ones
> >> I was involved in managing.  Marketing can of course create an answer,
> >> since "typical" is such a vague term.  Figuring out how to attach the
> >> physical label to their service product may be a problem.
> >>
> >> Such labels may not be very helpful to the end user struggling to find
> >> an ISP that delivers the service needed for some interactive use (audio
> >> or video conferencing, gaming, home automation, etc.)
> >>
> >> Performance on the Internet depends on where the two endpoints are, the
> >> physical path to get from one to the other, as well as the hardware,
> >> software, current load, and other aspects of each endpoint, all outside
> >> the ISPs' control or vision.   Since the two endpoints can be on
> >> different ISPs, perhaps requiring one or more additional internediate
> >> ISPs, specifying a "typical" performance from all Points A to all Points
> >> B is even more challenging.
> >>
> >> Switching to the transportation analogy, one might ask your local bus or
> >> rail company what their typical time is to get from one city to
> >> another.   If the two cities involved happen to be on their rail or bus
> >> network, perhaps you can get an answer, but it will still depend on
> >> where the two endpoints are.  If one or both cities are not on their
> >> rail network, the travel time might have to include use of other
> >> "networks" - bus, rental car, airplane, ship, etc.   How long does it
> >> typically take for you to get from any city on the planet to any other
> >> city on the planet?
> >>
> >> IMHO, rules and regulations for the Internet need to reflect how the
> >> Internet actually works.  That's why I suggested a focus on education
> >> for the decision makers.
> >>
> >> Jack Haverty
> >>
> >> _______________________________________________
> >> Nnagain mailing list
> >> Nnagain at lists.bufferbloat.net
> >> https://lists.bufferbloat.net/listinfo/nnagain
> >
> > _______________________________________________
> > Nnagain mailing list
> > Nnagain at lists.bufferbloat.net
> > https://lists.bufferbloat.net/listinfo/nnagain
>
>
>
> --
> Oct 30:
> https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.html
> Dave Täht CSO, LibreQos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/nnagain/attachments/20231011/bf978bd7/attachment.html>

More information about the Nnagain mailing list