We finally posted the final report for our workshop on Active Internet Measurements (AIMS ’09). The abstract:

(more…)

Recently a group of Internet technology researchers, attorneys and policy professionals participated in a DHS-sponsored workshop, “Ethical Principles and Guidelines for the Protection of Human Subjects in Information and Communications Technology Network and Security Research.” Possible nickname: Belmont Flux Workshop. If you’re still glassy-eyed: (1) you have yet to engage the depths of an Institutional Review Board (IRB) in the context of network and security research; (2) you gave up after seeing “Ethical principles”; and/or (3) you think human subjects issues and network research are orthogonal.

Here’s a summary of the event, and hopefully some inspiration.

(more…)

I spent a few hours at the FCC two weeks back, presented a slide version of a top ten list I wrote last year. Requested discussion topics: obstacles to data collection, how data is collected and used, policy-making based on inference, how to develop an objective knowledge base for science and policy, privacy expectations/rights versus the need for understanding the system as critical infrastructure. Audience mostly lawyers, worried about how they are going to accomplish a reasonable broadband plan. As I tried to describe in my five-minute presentation slot (and 1 slide, and more expansive blog entry) on the broadband panel at the DOC ten weeks ago, solutions begin with recognition of some underlying empirical facts, starting with one that is strangely not being emphasized by lobbyists: you can’t make Wall-Street-approved margins moving bits around over long distances. Lot of implications to that reality; the sooner we admit it, the more realistic our broadband plan will be.

2008 was an exciting year for the Internet and no less exciting for CAIDA. As network-capable personal/computing devices became ever more affordable and ubiquitous, and developers continued the flow of [open] applications/protocols that make it easier to create, capture, edit, publish and share information at the increasing speeds allowed by optical fiber, cable, and wifi services, we continue to make vast empirically untested assumptions about how the Internet is financed, operated, and used. What’s going on under the hood of the engine of our new digitized economy?

(more…)

Internet infrastructure economics research”, and how to do reasonable examples of it, has come up a lot lately, so i’m posting a brief description of an academic+icann community workshop i’ve been recommending for a few years, which has yet to happen, and (I still believe) is long past due, and specifically more important than passing policies, especially emergency ones to allow IP address markets with no supporting research on the impact on security and stability of the Internet, and even at the risk of killing IPv6 altogether.]

(more…)

Stefan pointed me at a paper titled “Designing and Conducting Phishing Experiment” (in IEEE Technology and Society Special Issue on Usability and Security, 2007) that makes an amazing claim: it might be more ethical to not debrief the subjects of your phishing experiments after the experiments are over, in particular you might ‘do less harm’ if you do not reveal that some of the sites you had them browse were phishing sites.

(more…)

ICANN hired JAS to write an independent evaluation of ICANN’s Security and Stability Advisory Committee, which I’ve served on since 2003. JAS published a first draft on 16 February 2009, which I commented on on a few days later. The same week I also spent a couple hours on the phone with the report authors Jeff Schmidt and William Yang, who intend to release a final draft of their SSAC review next week, which will incorporate the feedback received on the first draft. It’s a tough job to evaluate a complex system like SSAC, but it’s good to see ICANN proactively pursuing independent objective evaluations. I’ll post a link to the final report here.

Last month (23 March) I was on an NTIA panel at the Department of Commerce, to recommend conditions on this broadband stimulus money, aka arm wrestling between companies. Gigi covers it in her blog; today was the deadline to finish my recommendations to DOC and NTIA:

(more…)

[this thread on transfers is too painful to watch. here’s my take.]

Even if turning IP addresses into private property is the best policy decision of those available (which is far from demonstrated, since so little rigorous research of this question has actually occurred), executing such a policy by Board fiat while ARIN itself has no leadership is guaranteed to generate severe dissonance with ARIN’s organizational mission which includes forging public legitimacy entirely from its transparent, open processes.

(more…)

Update: In May 2015, ownership of Spoofer transferred from MIT to CAIDA

We are studying an empirical Internet question central to its security, stability, and sustainability: how many networks allow packets with spoofed (fake) IP addresses to leave their network destined for the global Internet? In collaboration with MIT, we have designed an experiment that enables the most rigorous analysis of the prevalence of IP spoofing thus far, and we need your help running a measurement to support this study.

This week Rob Beverly finally announced to nanog an update to spoofer he’s been working on for a few months. Spoofer is one of the coolest Internet measurement tool we’ve seen in a long time — especially now that he is using Ark nodes as receivers (of spoofed and non-spoofed packets), giving him 20X more path coverage than he could get with a single receiver at MIT.

(more…)