The importance of understanding how routers work and how to protect them from malicious attacks was highlighted by WikiLeaks’s recent revelations about the existence of an alleged CIA hacking tool, code named “CherryBlossom”. This tool can apparently hack routers, allowing the perpetrator to monitor traffic and perform software exploits on victims.
The average person is unlikely to be targeted by this level of attack. But if you’re going to have a router at home, it’s important to understand exactly how it works.
How does a router work?
A router is like a post office for the internet: it acts as a dispatcher, choosing the fastest and most effective delivery paths.
Let’s assume you have a smartphone at home that’s connected to your router and through that, the internet. You’re keen to find a song to listen to. Here’s how it works:
Your smartphone takes your song request, and converts it into a radio signal using the specification (it’s called a 802.11 Protocol) that controls how your Wi-Fi works
This information is sent to the router, including your smartphone’s Internet Protocol address (essentially, its internet street address) and the track you requested
This is where the Domain Name Server (DNS) comes into play. The main purpose of this platform is to take a text based address (let’s say, http://www.spotify.com) and convert it into a numeric Internet Protocol address
The router will then send off the request information to your internet provider, through their proxy and then on to Spotify.com
Along this journey from your home to your internet provider to Spotify.com, your request information will “hop” along different routers. Each router will look at where the the requested information has to reach and determine the fastest pathway
After going through a range of routers, an agreed connection between your home internet, your iPhone and Spotify will be established. As you can see in the image below, I have used a trace route service from Australian-based company Telstra to Spotify showing 16 routers along the journey
Then data will begin to travel between the two devices and you’ll hear the requested song playing through your smartphone.
Explaining the back of your router
Even if you now understand how your router works, the machine itself is covered in mysterious ports and jargon. Here are some to look out for:
Ethernet ports: these exist to enable hard wired networking to the router itself in cases where a Wi-Fi connection is not possible.
SSID: this refers to “Service Set Identifier”, and is an alphanumeric set of characters that act as your Wi-Fi network’s identifier.
Telephone/internet port: this port allows your router to gain a hard wired (RJ-45) connection to the internet, usually through telephone lines.
WPS: this stands for “Wi-Fi Protected Setup”. It allows users faster and easier access to Wi-Fi, because they will not have to enter in the passkey once pushed.
LAN: a “Local Area Network” refers to a grouping of computers and devices being networked together, typically with cables and routers in a singular space – often a university, small company or even just at home.
WAN: when we take a series of geographically distributed LANs and connect them together with routers, this is what we call a “Wide Area Network”. This is useful for larger companies that want to connect all their office locations together.
WLAN: closely related to a LAN, “Wireless Local Area Networks” are LANs whereby users who are on mobile devices can connect through a Wi-Fi connection, allowing complete mobility and thus reducing the need for any cables.
Cyber safety with routers
It’s important to protect your router and Wi-Fi network from being compromised.
Change your router’s administrator password and make it strong
change the identifying SSID name so it doesn’t give away any details about the model of your router or who owns it
ensure encryption is turned on in the router settings: this will ensure the traffic travelling over your network is unreadable
change the passkey you enter in when connecting to Wi-Fi
ensure your router’s firmware – the software that’s hard coded into your router – is up to date.
Routers ensure your home and internet service provider can stay connected. Look after your router, and it will (hopefully) look after you.
Self-help book and works of popular psychology often instruct us in the art of apologising. Their advice is reflected, in turn, in much online discussion.
Most commonly, we’re advised to give elaborate, self-abasing apologies: apologies that go well beyond acknowledging misjudgement or admitting to wrongdoing. Withvariations, we are told to elaborate in detail just what we did wrong, describe why it was unacceptable, offer nothing in the way of justification or excuse (though sometimes we’re told we can give an explanation without justifying ourselves), and provide explicit assurances that we will never repeat the behaviour. In summary, we’re told to condemn, criticise and abase ourselves, and to ask humbly for forgiveness.
This might be needed for some betrayals of love or friendship. But for most situations it is very bad advice.
In its most serious mode, the social practice of apologising relates to actions that are later regretted, leading to deep feelings of guilt or shame. With the passage of time, or when we’re brought to focus on what we’ve said or done, we sometimes feel terrible about our own conduct.
To save space, I’ll set aside serious failures resulting from, for example, incompetence (much as these might be interesting in their own right). Let’s consider cases of serious wrongdoing. Here, one person has deliberately harmed or deceived another (or others) in a significant way. In the worst cases, the victim might be someone who legitimately expected the wrongdoer’s goodwill, special concern or even love.
In a situation like this, the victim has every reason to feel profoundly betrayed. Since the wrongdoing was deliberate and significant, it revealed something important and unsavoury about the wrongdoer’s character – what she was psychologically capable of – and especially about her attitude to her victim. In acting as she did, she showed an attitude of disrespect or even malice.
If she aims at reconciliation and seeks forgiveness, the wrongdoer will need to demonstrate that she has undergone something of a psychological transformation. She will need to express heartfelt remorse, show a clear understanding of how she betrayed the victim, and offer especially strong and convincing assurances. She will enter the territory of condemning her own moral character – as it was expressed in the past – and claiming to have changed.
Even the most complete and self-abasing apology might not be enough to regain the victim’s trust and good opinion. The wrongdoer has, after all, revealed by her actions that she was psychologically capable of acting with disrespect or worse. Furthermore, claims to have transformed in moral character are inherently difficult to believe. The victim might understandably be unwilling to restore the relationship to anything like what it previously was.
But most cases are nothing like this. Worthwhile thoughts about apologising in cases of serious wrongdoing can be very bad advice for the range of milder situations that we encounter almost every day.
In most situations, any sense of guilt or shame is greatly attenuated, even to the point where it might – quite properly – not be felt at all. Thus, words like “sorry” are uttered more as matter of politeness and social convention than to express heartfelt remorse.
Think of the following sequence of events (which happened to me a few days ago). I’d alighted from an intercity train, late at night, and was walking along a moderately crowded platform when I stopped – fairly suddenly, no doubt – to check out a vending machine. The middle-aged man walking immediately behind brushed my arm as he stepped past, and we automatically turned to each other to say, “Sorry!” We spontaneously nodded and smiled at each other, raising our hands, palms outward, as if to indicate peaceful intent and absence of weapons … and he then walked on while I concluded that I didn’t really want the junk food on offer in the machine. And that was all.
The entire exchange took only a few seconds, and neither of us had to go through any process of abasement or self-criticism. How, exactly, is this different from cases that seem far more serious?
It is different along many dimensions, and what follows is not intended to be complete. First, no one was hurt (even psychologically). At most, both of us were momentarily startled.
Second, it would be beside the point to castigate either of us in any serious way. Perhaps we could both have been a bit more conscious of what was going on around us, but at most we showed the sort of lapse in attention and concentration that happens to human beings all the time. I had not been aware of his presence behind me; he did not expect me to stop. But people frequently bump into each other in crowds, and no one is seriously blamed: it’s a normal part of life. It would, of course, be quite different if somebody recklessly sprinted through a crowd, shoving aside people who were in his way.
Third, the two people concerned had no previous relationship except, I suppose, as fellow citizens and fellow human beings. There was no relationship of special regard and trust to try to restore. In that sense, we were not exactly seeking reconciliation, although a certain smoothing of the situation was called for. I doubt, however, that this point makes much difference. Even if the man who brushed past me had turned out to be an old friend, no elaborate apology would have been needed.
Small everyday incidents such as this can be surprisingly pleasant encounters. As long as both people act in the expected way – immediately signalling goodwill and peaceful intent – these incidents make us feel better about ourselves and tend to strengthen societal bonds. For a brief moment, each person provides the other with reassurance that whatever happened was not a prelude to any malicious or violent – or otherwise unfriendly or anti-social – course of action. Importantly, each conveys that the other deserves consideration and respect.
Notice how, during these quick exchanges, we often smile or laugh; we express some mutual amusement at the little tangles of social life. In part, we laugh at our own fallibility, and we forgive ourselves and each other for it. We acknowledge that our fallibility is part of being human, and that it does not, in itself, merit condemnation.
And yet, we do say “Oh, sorry!” or use similar words. In context, this is not an admission of serious wrongdoing or guilty thoughts. We are not seeking anything as grand as forgiveness. By using such words, however, we offer clarity and reassurance. We express something like the following: “I made a miscalculation (or had a lapse in concentration, or whatever might be the case); please understand that I bear you no ill will or disrespect; you have nothing to fear from me.”
Often, this is what we really want to know from each other, and this message also has the advantage that it is usually a believable one. By contrast, an assurance by a serious wrongdoer that she will never do such a thing again might strain credulity.
Words of apology are, then, often given without accepting any blameworthiness. Since we are human – not infallible or omniscient beings – we make mistakes, get distracted, have lapses in concentration, and so on. Sometimes, indeed, we take actions that prove not to be optimal, even though they were not contraindicated on the information available to us at the time.
If you’re at all like me, you might very often find yourself apologising for things that you don’t feel especially ashamed of or guilty about. You might also receive such apologies from others.
For example, a salesperson might apologise to you if you have to wait for an unusually long time to be served, even if the delay was caused by something obviously beyond her control. The apology does not indicate an admission of wrongdoing, and it is certainly not an assurance that nothing like this will happen again (it might well!). But it offers respect and reassurance to someone who has been inconvenienced, even unavoidably.
I frequently find myself apologising to someone I’m talking to if I’ve miscommunicated what I was trying to say and thus caused confusion (or perhaps even hurt feelings). Alternatively, I might apologise if I realise that I’ve been interpreting my interlocutor wrongly: I’ve grabbed the wrong end of the verbal pineapple and thereby caused confusion. In either case, however, the miscommunication is not a reason to feel any serious guilt or shame.
For example, if I misinterpret somebody’s words the reason might be genuine ambiguity in what he said. Conversely, if someone misunderstands my words, perhaps he was being uncharitable. Alternatively, it might have been genuinely difficult to formulate the idea I was trying to get across – and in the circumstances perhaps I couldn’t have been expected to do any better.
It might nonetheless be reasonable – and it is somewhat conventional – to waive our possible defences once we realise that we’re at cross purposes in a conversation. It isn’t difficult, and it can become almost instinctive, to say things like “Sorry – I’ll rephrase that” or “Oops, sorry – I see what you mean now.”
The truth of it is, we can almost always express ourselves a bit more clearly and listen a bit more astutely. In acknowledging this on any particular occasion, we are not admitting to serious wrongdoing or a nasty attitude. Our mild words of apology can and should reflect this.
Through minor apologies, we reassure the people we’re dealing with that we view them as worthy of respect. We signal that we don’t hold grudges or assign blame over small things that have gone wrong, and that the people we encounter don’t need to worry about how we regard them or what we might do next. All this helps us get along socially, as human beings must.
A flexible practice
The more we think about the practice of apologising, the more we become aware of how varied, complex and flexible it is.
On some occasions, perhaps you should have taken more care, yet you were not outright malicious or even reckless. Perhaps you were tired or stressed or poorly prepared for a task. In these cases, something more than a brief conventional apology might be in order. All the same, mere failure to take adequate care does not indicate anything especially unsavoury about your moral character. It happens from time to time to almost anyone.
If your carelessness has caused significant harm, you might feel urgent concern for those affected and you might owe them some kind of redress. But depending on the circumstances, it might be overkill if an officious interloper demanded that you humble and condemn yourself. If you did any such thing, it would feel and appear insincere.
Irrespective of any advice from pop psychologists, it often makes sense to accompany an apology with an explanation or excuse. Indeed, explanations or excuses can be better than apologies. Allow me to elaborate.
It is often said that “intent is not magic”, and that phrase does have some point when clear-cut harm has been inflicted on somebody identifiable. In more cases than not, however, it is precisely the wrong way to think about human interaction. Often, what hurts us most about someone else’s conduct is the attitude that it seems to reveal. It might seem to show that the person views us with malice or disrespect. If she is someone we care for, that can be emotionally devastating. We might wonder whether our relationship with her was based all along on an illusion.
But much of the sting is removed if she gives an explanation or excuse that shows she does not, after all, harbour malice or disrespect. She might, in fact, utter conventional words of apology, but the important thing is that she reassure us in some convincing way about how she feels. The point of good explanations is that they really do explain; the point of good excuses is that they really do excuse.
In some cases, we can even apologise for actions that were not our own. For example, you might apologise (as you try to shuffle him out of a party) for the boorish and embarrassing conduct of a friend who has had too much to drink. Similarly, a media organisation might apologise for a defamatory or outrageous remark made by a guest.
Likewise, the leader of a country might apologise formally for something done by her country, even if it happened a long time ago before she was born. This is a fairly well understood public act with a potential to reconcile and heal. It makes intuitive sense because it relies on the idea that political entities have an ongoing existence beyond the lifetimes and participation of their individual citizens.
However, not just any relationship can make an apology coherent. There has to be the right sort of connection between the person giving the apology and somebody else’s behaviour. For example, you can’t sensibly apologise for your friend’s boorish actions on some past occasion when you were not even present.
In some situations, we don’t have a clear idea who may have been inconvenienced or offended by our conduct. Contrary to much advice on the Internet, it makes perfectly good sense in these circumstances to offer contingent apologies such as “We apologise for any inconvenience” or “I am sorry if I upset anyone.”
On some particular occasion, you might think that any upset from your conduct was not reasonable. You might even doubt whether anyone was genuinely upset, as opposed to grandstanding to make a point. Nonetheless, you might also feel concern about any upset that actually was experienced, even unreasonably. If so, a mild and contingent apology might be perfectly in order. It is a socially intuitive way to convey that you are not motivated by malice or disrespect. And again, it signals that whatever you did or said was not the precursor to a more troubling course of conduct.
This leads me to the sensitive topic of weaponised demands for apologies, often followed by equally weaponised complaints about “notpologies”.
Weaponised demands and complaints
As we’ve seen, it’s coherent to apologise even when you are guilty of nothing more than ordinary human fallibility – or sometimes even when your conduct was justifiable. An example of the latter is when you have inconvenienced somebody in order to deal with a crisis.
In other cases, you – or I – might be guilty of something more than ever-present human fallibility. Even then, we might have shown no more than a low degree of negligence that is easily excused. In these cases, we might feel concern if we’ve caused anyone serious harm. Usually, however, feelings of deep guilt or shame will not be fitting. (Very often, in fact, it’s debatable whether we really were careless or merely unlucky: the line can be very blurred, and reasonable people can reach different conclusions.)
In all, the practice of apologising is subtle and complex, and we should enjoy a considerable range of discretion in when and how far we engage in it.
When others demand that we apologise against our own initial judgement, it can be a form of abuse or a political weapon. At the level of personal relationships, demands for apologies can be abusive: a method of punishment and control. At the level of political, social, and cultural debate, the purpose is to humiliate and discredit somebody who is viewed as an opponent or a wrongdoer.
If we force a public apology from someone we cast as a villain, we gain a victory over them and we warn others not to behave similarly. This might have some social value if restricted to people who’ve engaged in genuinely outrageous conduct. However, through public shaming and threats to careers, humiliating apologies can be forced from people who have done little – or arguably nothing – wrong.
As we’ve seen, elaborate self-criticism and self-abasement might be appropriate sometimes. They might be called for when apologising in private to a loved one who has been betrayed in some way. But when somebody is forced through this process in public – perhaps because of her honestly stated opinion on a matter of legitimate controversy, or perhaps for the phrasing of an unrehearsed remark – it is a cruel, unnecessary, indecent spectacle.
To be clear, somebody who is pressured to apologise might, indeed, feel concern at having offended others. She might willingly offer some clarification and some mild words of apology. The latter might, for example, be along the lines of, “I’m sorry if anyone was offended.” In the circumstances, this response provides clarification of intent, reassurance, and an expression of goodwill. Once a shaming campaign begins, however, it won’t get anyone off the public relations hook.
Whatever mob is pressuring and shaming her will inevitably condemn her (quite reasonable) response as a mere “notpology” and apply further pressure. In this parlance, appropriately limited and contingent apologies are referred to as “notpologies” by zealots who hope to humiliate and discredit their real or imagined enemies.
When demands and complaints are made in this weaponised manner, we have a powerful reason to resist them. Each time someone gives in to a mob of zealots, and offers public self-criticism and a humiliating public apology, it encourages the mob to find new victims. Don’t give such mobs positive feedback.
Your best guide?
My subheading to this article, “Your Best Guide on the Internet”, is lighthearted but on point. As I’ve emphasised, the practice of apologising is complex. We often have to make subtle, discriminating decisions about when and how to engage in it. By contrast, most advice on the Internet is misleading in suggesting that there is a single formula that we need to learn.
Fortunately, our intuitions are usually well honed by experience during our formative years, and most of us make reasonable judgements more often than not, even on the spur of the moment. We might not always be aware of it consciously, but we sense in our everyday practices that apologies can take many forms to suit a myriad of circumstances.
None of this is intended to suggest that I always get it right in my own life! Perhaps no one does; in any event, I am not holding myself out as a role model. I have sometimes made mistakes in this area, even quite serious ones, usually out of anger or pride or self-righteousness. If I have any advice to give beyond the most obvious, it’s to try to avoid those feelings – especially in combination. It’s wise to put them aside, if we can, and in cases of doubt it’s often best to give some sort of apology even if it goes against our grain.
The ability to apologise freely, without embarrassment, should be easier if we recognise how often our mistakes come from ordinary human limitations for which we should feel no particular guilt or shame. Combined with this, most apologies do not relate to serious wrongdoing, disrespectful attitudes to others, or defects of character.
Everyday apologies usually have rather conventional and pragmatic functions: to express regret (but not necessarily culpability) for inconvenience, confusion or hurt; to assure others that we respect them and recognise their interests, and that our intentions are not hostile; and to indicate that others have nothing to fear from us going forward.
In a sense, none of this is new. I’m telling readers what they already know, but the opposite of what they are too often told. I’ve set out in an explicit way some of the complexity that we are all aware of if we’re not confused by pop psychology or a dubious ideology.
Once again: it is often worth apologising (albeit mildly) even when we’ve done nothing wrong; apologies are often quite legitimately accompanied by explanations or excuses; most apologies do not have to be lengthy or especially self-critical or self-abasing. In some situations, much-maligned “notpologies” might be all that is needed.
This complexity should be familiar, once we think about it clearly and for ourselves.
For each of us, as individuals, the social practice of apologising gives many options to match with the ever-changing situations we encounter in our lives. We can think of them as tools in our social kit. Exactly how we use them is up to us.
Examining the rollout of NBN technologies as of December 2016, our preliminary analyses suggest areas of greatest socio-economic disadvantage overlap with regions typically receiving NBN infrastructure of poorer quality.
Comparing NBN technology with inequality
To determine socio-economic disadvantage, we used the Australian Bureau of Statistics’s (ABS) socio-economic indexes for area (SEIFA) and its index of relative socio-economic advantage and disadvantage (IRSD) from 2011.
Across Australia, we found only 29% of areas with a SEIFA decile of one (the lowest-scoring 10% of areas) had fibre-to-the-premise (FTTP) – considered the best broadband technology solution available – or fibre-to-the-node (FTTN) connections. So far, around 71% of the NBN technology available in these areas involves inferior options, including hybrid fibre-coaxial (HFC), fixed wireless or satellite technologies.
On the other hand, 93% of areas with a SEIFA decile of 10 (the highest-scoring 10% of areas) had FTTP or FTTN.
If we look only at major cities in Australia – where the level of fibre technology is higher overall – areas with the greatest disadvantage, while exceeding similarly disadvantaged areas nationally, still received significantly less FTTP and FTTN: 65% of areas with a SEIFA decile of one had FTTP and FTTN, compared with 94% of areas with a SEIFA decile of 10.
Of course Australia is a large, sparsely populated country, which makes the business case for rolling out fibre difficult in some regions. Nevertheless, inequitable access to NBN technology appears even when controlling for the remoteness of the location.
If we look at outer regional Australia where fibre is less prevalent, the pattern looks worse. Only 12% of the most disadvantaged areas with a SEIFA decile of one received FTTP and FTTN, compared with 88% of the most advantaged outer regional areas with a SEIFA decile of nine.
Receiving FTTP or even FTTN may still be better than receiving HFC, fixed wireless or satellite technologies. While HFC may be able to match maximum speeds of FTTN, this is unlikely to happen during peak times when the increased number of users sharing the same data capacity will slow service considerably. And, similar to FTTN, these technologies provide fewer opportunities to upgrade capacity to meet future demand.
However, given only a limited data set was made publicly available in December 2016 by the NBN company, it is difficult to determine exactly which services are currently installed where. For example, the data set we used does not differentiate between FTTP and the lesser FTTN connection.
It also aggregates some NBN technology into an “other” category, making it impossible to distinguish between HFC and satellite service.
The NBN company offers a “check your address” search for its most up-to-date rollout information including technology type, but was unable to share this information with us in a single, usable data set.
A NBN spokesperson said the network was being rolled out across Australia regardless of any socio-economic mapping.
“Determining the sequence is a complex process of weighing up factors including the location of construction resources, current service levels, existing broadband infrastructure, growth forecasts and proximity to nbn infrastructure such as the transit network,” she said in an email. “Only 8 per cent of premises in Australia are not in the fixed-line footprint.”
Internet access and social inequity
A faster internet connection is increasingly central to people’s social connections, education opportunities, employment prospects and ability to access services.
This was raised in a 2011 report by the parliamentary Standing Committee on Infrastructure and Communications. It emphasised the potential role of the NBN in enhancing greater equity in digital access to services in regional and rural areas.
The Committee heard that, due to the ‘digital divide’, many of the Australians who could benefit the most from broadband currently have the lowest levels of online participation … The extent of accompanying measures implemented by governments will determine whether the NBN narrows or widens this digital divide.
Previous research has also found that people from lower socioeconomic groups are already restricted in their use of digital information and communication technologies. This can limit their access to a range of social determinants of health.
When populations already facing disadvantage receive poorer quality digital infrastructure, those with the greatest need will continue to slip farther behind.
Equity must be at the forefront of the NBN company’s considerations as it continues to roll out across Australia. Further entrenching social inequities through digital infrastructure is not the NBN anyone dreamed of.
Note: The “contention rate” section of the NBN technology infographic on this story has been updated to improve clarity.
Imagine China takes down its national internet blocking system – aka the Great Firewall – tomorrow. Will this affect how you use the internet?
Without the Great Firewall, Facebook and Google will grow exponentially in China. Before long, the tech giants own a sizeable share of the Chinese market and have become good buddies with Beijing.
This scenario unfolds at a time when Donald Trump’s inward-looking policy upsets Silicon Valley’s efforts to expand its global empire, and when the US Congress further deregulates the internet industry, allowing internet service providers (ISPs), for example, to collect and trade user’s private data. So the tech giants decide to go to bed with China.
What does this have to do with you using your smartphone in, say, Sydney?
Well, if you have a Facebook presence, it means your social network information may now be used in a few additional ways, without your knowledge. Perhaps a few China-bashing news items, shared by your friends, will disappear from your news feed. And if you rely on Google, YouTube, Amazon or Uber, the data you accumulate during your daily routines may now empower not just the Little Sisters (that is, advertising companies), but also Big Brother himself.
According to urban geographer and unionist Kurt Iveson, surveillance cameras at the University of Sydney generate half of the internet traffic on campus. All the research, the paperwork, the social media back-and-forth, the videos people watch and the online games and music they play, all this online traffic, when added together, barely matches the terabytes of information generated by the surveillance feed.
That’s a pretty big achievement for those tiny cameras looking down at you in the corridors and from the street lamps.
The ‘big’ in Big Brother and Big Data
China has big ambitions. Its interests and investments in infrastructure on a global scale are well known. It will only be a matter of time before Beijing realises that digital assets are as vital, perhaps even more valuable, than highways and airports.
The Chinese Communist Party already has a good record of endorsing corporate platforms in the New Economy. Last November, China embraced the “disruptive” innovation of Uber and similar services. It became the first country to legalise the smartphone ride-hailing business on a national scale.
… a country that has consistently shown itself to be forward-thinking when it comes to business innovation.
Now you probably see why Silicon Valley might want to divorce Trump and have an affair behind Tiananmen.
Your digital rights
Maybe it’s not such a good idea, after all, to hastily agree to whatever terms and conditions tech companies hand down to you in tedious fine print. You don’t know your rights. You don’t know who has your data. But do you care?
As an individual, your power is limited. Using a virtual private network (VPN) can be a good start, but which VPN service can you really trust? This is a pertinent question because what if the VPN you use turns out to be a honeypot collecting data about you?
Your best shot, then, is to join a movement – such as a citizen group – to raise awareness or a watchdog organisation that guards against the mishandling of private data by telecommunication companies.
Other good places to seek refuge and spread the good word include non-government organisations that promote solidarity with IT-sector workers and hacker groups who develop new crypto technology. You don’t have to know programming or coding to join them, as even the best hackers will need other kinds of help.
Cities like Sydney have many such organisations. Plenty of folks are working on digital rights issues. Join them to protect your data from being infringed by Big Brother, his Little Sisters, and even telcos and ISPs.
Even if China doesn’t plan to take down its Great Firewall any time soon, that doesn’t make protecting your own data – personal information that reveals so much about your life – any less important.
As long as you have signed over your rights to corporations, they can still sell out big to Beijing, Moscow or whoever else is peeping from afar, at this very moment, into your campus or workplace CCTV system.
Over the past few months, Australians’ civil rights have come under attack.
In April, the government’s data retention law came into effect. The law requires telecommunications companies to store customer metadata for at least two years. Metadata from our phone calls, text messages, emails, and internet activity is now tracked by the government and accessible by intelligence and law enforcement agencies.
Australia’s data retention law is one of the most comprehensive and intrusive data collection schemes in the western world. There are several reasons why Australians should challenge this law.
First, it undermines the democratic principles on which Australia was founded. It gravely harms individuals’ right to privacy, anonymity, and protection from having their personal information collected.
The Australian Privacy Principles define limited conditions under which the collection of personal information is permissible. It says personal information must be collected by “fair” means.
Despite a recent ruling by the Federal Court, which determined that our metadata does not constitute “personal information”, we should consider whether sweeping collection of all of Australian citizenry’s metadata is consistent with our right to privacy.
Second, metadata – data about data – can be highly revealing and provide a comprehensive depiction of our daily activities, communications and movements.
As detailed here, metadata is broad in scope and can tell more about us than the actual content of our communications. Therefore, claims that the data retention law does not seriously compromise our privacy should be considered as naïve, ill-informed, or dishonest.
To date, the government has not presented any concrete empirical evidence to indicate that this risk has substantially changed. Democracies such as France, Germany and Israel – which face more severe terrorist threats than Australia – have not legalised mass data collection and instead rely on more targeted means to combat terrorism that do not jeopardise their democratic foundations.
Fourth, the data retention law is unlikely to achieve its stated objective and thwart serious terrorist activities. There are a range of widely-accessible technologies that can be used to circumvent the government’s surveillance regime. Some of them have previously been outlined by the now-prime minister, Malcolm Turnbull.
Therefore, in addition to damaging our civil rights, the law’s second lasting legacy is likely to be its contribution to increasing the budgetary debt by approximately A$740 million over the next ten years.
How can the law be challenged?
There are several things we can do to challenge the law. For example, there are technologies that we can start using today to increase our online privacy.
A full review of all available options is beyond the scope of this article, but here are three effective ones.
Virtual private networks (VPNs) can hide browsing information from internet service providers. Aptly, April 13, the day the data retention law came into effect, has been declared the Australian “get a VPN day”.
Tor – The Onion Router is free software that can help protect the anonymity of its users and conceal their internet activity from surveillance and analysis.
Encrypted messaging applications – unprotected applications can be easily tracked. Consequently, applications such as Signal and Telegram that offer data encryption solutions have been growing in popularity.
Australian citizens have the privilege of electing their representatives. An effective way to oppose continuing state surveillance is to vote for candidates whose views truly reflect the democratic principles that underpin modern Australian society.
The Australian public needs to have an honest, critical and open debate about the law and its social and ethical ramifications. The absence of such a debate is dangerous. The institutional accumulation of power is a slippery slope – once gained, power is not easily given up by institutions.
And the political climate in Australia is ripe for further deterioration of civil rights, as evident in the government’s continued efforts to increase its regulation of the internet. Therefore, it is important to sound a clear and public voice that opposes such steps.
Finally, we need to call out our elected representatives when they make logically muddled claims. In a speech to parliament this week Tuesday, Turnbull said:
The rights and protections of the vast overwhelming majority of Australians must outweigh the rights of those who will do them harm.
The data retention law is a distortion of the logic embedded in this statement because it indiscriminately targets all Australians. We must not allow the pernicious intent of a handful of terrorists to be used as an excuse to harm the rights of all Australians and change the fabric of our society.
Malcolm Turnbull and Bill Shorten will both home in on the importance of tackling cyber issues as part of the fight against terrorism, in parliamentary speeches on Tuesday.
In a security update on the threats facing Australia at home and abroad, Turnbull will say that an “online civil society is as achievable as an offline one”.
“The privacy and security of a terrorist can never be more important than public safety,” he says in notes released ahead of the address.
“The rights and protections of the vast overwhelming majority of Australians must outweigh the rights of those who will do them harm.
“That is truly what balancing the priority of community safety with individual liberties and our way of life is about.”
The government would not take an “if it ain’t broke we won’t fix it” mentality, Turnbull says – rather, Australia is at the forefront of efforts to address future threats.
Attorney-General George Brandis will visit Canada this month to meet his Five Eyes security counterparts – the others are from Britain, the US, New Zealand as well as Canada – and discuss what more can be done by likeminded nations and with the communications and technology industry “to ensure terrorists and organised criminals are not able to operate with impunity within ungoverned digital spaces online”.
Shorten, in his address (an extract of which has been released), will say: “We need to recognise this is a 21st-century conflict – being fought online as well as in the streets. Terrorists are using sophisticated online strategies as well as crude weapons of violence.”
He says this is where the private sector has a responsibility.
“For a long time Daesh has used the internet as an instrument of radicalisation. Through Twitter and Facebook they boast of a propaganda arm that can reach into every home in the world: spreading hate, recruiting followers and encouraging imitators.
“And with encryption technology like Whatsapp and Telegram they can securely communicate not just a message of violence – but instructions in how to carry it out.”
Shorten will acknowledge many internet providers and social media platforms such as Facebook work hard to detect and remove offensive content, namely child pornography and other forms of violent crime.
“But we need more – and these companies have the resources and the capacity to do more.
“As good corporate citizens and responsible members of democratic nations, I’m confident these tech companies will seek to do everything they can to assist the fight against terror.
“We must always be mindful of the rule of the law and the proper protections of our citizens – but we must be equally focused on adapting to new mediums and new technologies to detect and prevent new threats,” Shorten says.
The security focus in parliament comes after last week’s attack in Melbourne, events in Britain, and Friday’s decision by the Council of Australian Governments that there should be a presumption against parole and bail for people who have had any involvement with terrorism.
The government this week will introduce its tough new provisions governing visa and citizenship requirements. They include giving Immigration Minister Peter Dutton power to overrule Administrative Appeal Tribunal decisions on citizenship. Dutton said this would align citizenship provisions with the power he already has in relation to visas. There would still be the right to appeal to the Federal Court. Labor will announce its attitude when it sees the legislation.
While the Internet of Things (IoT) may lead to more efficiency in our daily lives, my research shows that consumers are exposed to many risks by the use of IoT devices, ranging from disclosure of private information, to physical injury and problems with the devices themselves.
Australia has no specific laws aimed at addressing IoT issues, and current laws intended to protect consumers have gaps and uncertainties when dealing with IoT devices.
1) Your devices can spy on you (and your kids)
Many IoT device manufacturers and suppliers show little regard for customers’ privacy. Some even make money from customer data.
Consumer electronics company Vizio recently agreed to pay US regulators US$2.2 million, after allegedly failing to get appropriate consent from users to track their TV viewing habits.
Late last year, the Norwegian Consumer Council found that a children’s doll recorded anything said to it by children and sent the recordings to a US company. The company reserved the right to share and use the data for a broad range of purposes.
2) Many IoT devices are vulnerable to hacking
The same doll was also found to have a security flaw that allowed strangers to talk and listen through the doll. Security vulnerabilities such as these can be exploited to cause damage in both the physical and virtual worlds.
But hacked IoT devices can also be dangerous by themselves. In 2015 Fiat Chrysler recalled 1.4 million vehicles when security researchers proved they could break into smart cars’ systems remotely and control brakes, steering and transmission.
3) Your devices are never really yours, even after you pay for them
Most IoT devices come with some form of embedded software, and the devices won’t work properly – or sometimes at all – without it. This software is usually licensed, not sold, and the conditions imposed through licence agreements can hinder users’ repairing, modifying or reselling their devices.
This can be anti-competitive, as individual users are effectively “locked in” to one brand and one supplier.
For several years now, US farmers have been in a dispute with agricultural machinery manufacturers such as John Deere, over their rights to repair tractors that contain embedded software.
The farmers were granted a three-year exemption to certain copyright laws in 2015. However, John Deere is fighting back.
In October 2016, the company issued a new licence agreement which prohibits almost all software modification on its tractors. This action appears to be an attempt to ensure all repairs are done by John Deere contractors.
4) Your devices know your weaknesses
IoT devices have the potential to collect more intimate data about individuals than was possible with previous devices. This data can then be used to create profiles that give incredible insight into consumers, and can even predict their behaviour.
But some IoT devices can collect even more intimate and personalised data. This was evident after a recent out-of-court settlement by a wireless vibrator manufacturer allegedly collecting data without consent.
5) It’s almost impossible to know what you’re getting yourself into, or how long it will last
Many IoT products are complex hybrids of software, hardware and services, often provided by more than one supplier. What your rights are when things go wrong, and who best to fix it for you, can be hard to figure out.
A recent investigation of the Nest thermostat system revealed that if consumers wanted to understand all of the rights and obligations of those in the supply chain, they needed to read a minimum of 13 different contractual documents.
Even if you know and trust your supplier, they may not be around forever. And when they go, services essential to their products working may disappear as well.
Revolv, a maker of home automation devices, was shut down after the company was acquired by Nest, which was itself acquired by Google. Nest refused to support Revolv’s products, and they stopped working less than two years after being released.
6) The law may not protect you
Many IoT devices put consumer privacy at risk, but the Privacy Act has significant limitations, as the definition of “personal information” is very narrow. The Act doesn’t even apply to many Australian companies, as they do not meet thresholds such as having A$3 million in annual turnover.
Consumers and regulators may attempt to pursue device suppliers under the consumer guarantees in the Australian Consumer Law. But there are grey areas here too. We don’t know what “acceptable quality” is when it comes to some of these devices, for instance. Is an internet-connected kettle that boils water perfectly well, but can be easily hacked, of acceptable quality?
Proceed with caution
Consumers are exposed to significant risks from IoT devices, from predatory use of data, to security flaws and devices no longer being supported. Meanwhile Australia has no specific laws aimed at addressing these IoT issues.
The most recent review of the Australian Consumer Law recommended investigating “emerging technologies” be made a priority. It is vital that a close examination of consumer protection relating to IoT devices be included front-and-centre in this project.
In the meantime, consumers should think long and hard about the risks they are taking on with IoT devices. Do you really need that internet-connected hairbrush?
It is perhaps time to remind ourselves of the ups and downs of the project that was once announced as a dream national infrastructure project for the 21st century. This requires a ten-year journey back in time, before we can figure out what needs to be done next.
The NBN company was announced in April 2009 to provide terrestrial fibre network coverage for 93% of Australian premises by the end of 2020. Fixed wireless and satellite coverage would serve the remaining 7%.
Looking back, it’s hard to deny the influence the NBN has had on Australian politics. Perhaps the peak influence was when three independent MPs cited the NBN as one of the key reasons why they supported a Labor government over the Coalition when the 2010 federal election produced a hung parliament.
The early NBN rollout experienced significant delays. This attracted a great deal of “overwhelmingly negative” media coverage. Public opinion polls reflected growing dissatisfaction with the national project.
This dissatisfaction and the September 2013 federal election result changed the fate of the NBN. In 2013, the new Coalition government suspended the first stage of the large-scale fibre-to-premises NBN rollout to reassess the scale of the project.
In 2014, the government announced that the NBN rollout would change from a primarily fibre-to-premises model to a multi-technology-mix model. The technology to be used would be determined on an area-by-area basis.
Delays continue in the construction of the Coalition’s NBN. What can only be described as a downgrade of the original national project is now seriously over budget.
In September 2016, a joint standing committee of parliament was established to inquire into the NBN rollout. The inquiry is continuing.
The bleak status quo only gets worse when the on-the-ground reality of the NBN rollout is considered. While fibre-to-premises rollout is supposed to be limited in the Coalition’s NBN, disturbing examples of misconduct in the NBN installations are highly concerning.
The image below shows one example of many in which heritage-listed buildings (in this case also public housing) are disrespected to the point that suggests an absolute lack of communication between NBN contractors, local government, or heritage agencies.
Who misses out?
In the Coalition’s NBN, the provision of universal high-speed capacity – as envisioned in the original NBN – has been transformed into a patchwork of final speeds and different quality of service. This leads to an important question about equity. It also puts the 60 early rollout locations in the spotlight as these could potentially be the only ones across the nation that enjoy fibre-to-premises NBN.
My new research points to the political motivations in the selection of these lucky 60 sites. Voting patterns in these locations were compared with all electorates in the federal elections from 2007 to 2013. The analysis shows the selections were skewed for potential political gain.
ALP-held seats were the main beneficiaries of the early NBN rollout; safe Coalition-held seats were the least likely to receive the infrastructure.
Tony Windsor, one of the three influential independent MPs in 2010, famously said of the NBN:
It is convenient to blame one political party for the state of chaos that the NBN is in right now. However, politicisation of the project has been part of the problem since day one.
Instead, we call for telecommunication infrastructure to be considered for what it really is: the backbone of the fast-growing digital economy; the foundation for innovation in the age of smart cities and big data; and a key pillar of social equity and spatial justice.
Policing the leaks of NBN data is not going to clean up the mess. Quite the opposite: the Australian government needs to share the NBN data, so the exact nature and scale of the problems can be determined. Only then can we talk about finding a way forward in this long journey.
A massive malware attack was launched on Friday, affecting at least 75,000 computers in 99 countries. Computers running Microsoft Windows were infected with “WanaCrypt0r 2.0 or WannaCry” ransomware. Once infected, all of the files on the computer are encrypted by the malware, which then displays a ransom demand of between US $300 and $600 in bitcoin that needs to be paid before the files can be decrypted.
The WannaCry ransomware is being spread through a weakness in Microsoft Windows that was originally exploited by the US National Security Agency (NSA) as part of their arsenal of cyberweapons in a tool called “Eternal Blue”. Unfortunately, this tool, along with many others, was stolen by hackers and leaked to the world in April 2017 by a hacker group calling themselves the “Shadow Brokers”.
Microsoft had already released a fix for the Eternal Blue vulnerability in March, but the extent of the WannaCrypt attack has highlighted how many organisations have failed to apply the fix, or are running copies of Windows that are so old that there wasn’t a fix for them.
Russia, Ukraine and Taiwan have been the countries most affected by the attack. In the UK however, the attack hit the National Health Service badly enough that services to patients were disrupted.
At the time or writing, one of the bitcoin addresses used by the malware showed that only a few people had paid the ransomware so far but the number has been slowly ticking up.
The spread of the first wave of WannaCry ransomware may have been halted by a cybersecurity researcher who, by registering a domain with a particular name, effectively activated a “kill switch” in the malware software that stops it from spreading further.
Ransomware has become the biggest threat to organisations and governments trying to protect critical infrastructure. According to a study by IBM ransomware attacks increased by 6,000% in 2016 and at least 40% of spam emails now carry ransomware. The study also found that 70% of businesses infected with ransomware would pay the ransom. In many cases, this is because they either did not have backups, or they believed it was a faster way of getting their business back up and running.
The NHS has come in for particular criticism about the consequences of the attack because they knew about the risks and had been warned repeatedly to take steps to protect their networks and computers.
Finding out who was behind the malware is going to be very difficult. The malware communicates using the anonymising Tor network and demands payments in the equally anonymous currency, bitcoin, making tracing those behind the attack more complicated.
The NSA has also been held partly to blame for the attack because it had not alerted Microsoft about the weakness in its system until the NSA’s software that exploited it had been stolen and leaked to the public. Had the NSA told Microsoft when it discovered the weakness, the patch to fix the vulnerability would have been available in enough time for even the slowest of organisations to have patched their computers.
Ironically, large scale attacks such as these do have the effect of highlighting the threat of malware attacks and cybersecurity in general. This is true at the national level as well as amongst businesses. The frequency and scale of attacks also gives us a measure of how effectively companies and countries are prepared for cybersecurity attacks of any kind. Governments can act to enforce cybersecurity protective measures on companies, especially those that provide critical services or infrastructure. They can also act to direct their security services to disclose weaknesses in software systems, rather than keeping them secret in order to exploit them themselves against some future enemy.
Companies and their employees can help protect themselves from future attacks of ransomware by taking the following steps:
Back up computers. This doesn’t stop a computer from being attack but effectively renders it ineffective because it is easy to re-install the system from a backup should it become locked by ransomware.
Don’t click on links in emails unless you are expecting the email to contain a link. If you don’t know, double check with the sender. Equally, if you open a document and it asks to run macros, just say no. Avoid putting people into this situation in the first place by not sending links unless you have agreed prior to sending the email.
Always update systems and software with the latest security updates. Better still, set the system to automatically do this on your behalf.
Use antivirus software to protect systems.
If infected, disconnect the computer from the network so that other computers are not infected.
This piece is part of our new Three Charts series, in which we aim to highlight interesting trends in three simple charts.
The Australian Bureau of Statistics’ latest figures on internet activity in Australia show a huge jump in the number of people with advertised speeds of greater than 24 Mbps (that’s megabits per second, a measure of data transfer speed).
That trend is significant because it suggests that Australia’s appetite for faster broadband is growing apace, and that the NBN may be helping to drive adoption of higher speed internet.
Starting from Dec 2014, the number of subscribers in Australia with internet advertised as being capable of 24 Mbps or greater rose from 2.3 million to 7.8 million. Or, expressed another way, from 19% of all internet subscribers to 58% of all subscribers.
(It’s worth noting that the growth is in people who have signed up to packages that advertised internet speeds capable of reaching 24 Mbps. That’s not to say that speed is actually delivered all of the time; there is variation and one doesn’t always get the advertised speeds.)
It’s likely that with the advent of the NBN and its standardised speed tiers, internet service providers started offering services that were on a par or better than those being offered on the NBN. Competition may be at work, and the technology itself is improving.
However, data reported by cloud computing services firm Akamai in their State of the Internet reports – frequently cited by the press – showed Australia’s broadband to be woefully behind most other developed countries.
Indeed, in the same time that Australia saw a huge increase in subscribers on internet speeds of 24 Mbps and above, Akamai was reporting that average internet download speeds had increased by a mere 27%, an increase to an underwhelming 10.1 Mbps. That puts Australia down the list in terms of average speeds.
With ABS data showing that 58% of the population is now on plans capable of delivering speeds of 24 Mbps and above, such a paltry rise in the average internet speed is somewhat surprising.
It is, of course, possible that the advertised speeds of Australian internet plans are, too often, misrepresenting the true speeds available.
The way that Akamai calculates its figures is not spelled out in its report – it says that it “includes data gathered from across the Akamai Intelligent Platform”. So perhaps it would be wise to take claims about Australia’s rank in the world on internet speeds with a hefty grain of salt. Things may be better than we are being told.
More data is needed to make sense of the impact of the shift of subscribers to higher speed internet. Projects like the Australian Competition and Consumer Commission’s plan to “test and report on the typical speed and performance of broadband plans provided over the NBN” will help build a more accurate picture.