However, twice this weekend I have encountered proof that the rights holding industry won't survive no matter how many laws or police officers we give them.

My first experience was trying to use Spotify while in Switzerland. Now, I don't have the premium edition, but why should that matter? When trying to use it, I get the message that Spotify is not available in my country of location, as the content is not available. Why!?!? Has the recording industry completely missed the fact that people these days travel? And that quite regularly? And that the content I paid for (well, no I didn't as I can't even listen to the advertising) should be available to me where I am?

Secondly, I tried to watch the _clips_ of the Olympic opening ceremony from Swedish TV as I am not in Sweden. Which I can't as the content is only licensed to be shown in Sweden. Can someone remind me what the value of making content available on the net was again - oh yes, it was to have it available where and when I want.

Unless the rights holding industry comes to grip with consumption patters (history indicates they won't), and give at least the people who are trying to pay access to content their operating margins will diminish and I predict that the capital markets will either pull out completely or make the access to capital prohibitly expensive. I doubt that the shortfall will be made up in what they get back from suing their consumers.

This statement scares me, shows how broken the planning in Sweden is and irritates me. All at the same time. Let me explain my views on this (if you haven't already heard them....)

Why was there a risk?

The first thing I react on in the comment above is that MSB clearly thinks that loosing access to media and the police at the same time would be critical. Why?

In reality the issue is that we have no, reliable, trusted and well-known communications channel over the Internet from the government to citizens. Yes, MSB runs the crisis information site, www.krisinformation.se, that is supposed to be this channel. The "only" problem with this site is that it's virtually unknown to any citizen. Unless that changes, and the government is prepared to truly do what it takes to make this known, the site is a waste of tax-payers money. I won't comment on wether I actually think the site works. The design is unknown to me, but given that it's not located at one of the major providers, I don't trust the capacity. Further, I am not an expert on web-building or ASP, but the code to me looks like it both have off-site dependencies as well as database calls.

So given the above, citizens today are forced to turn to media, a multitude of agencies etc to get information. Or forced to, it's the most natural thing to do....

What agency should deal with DDoS attacks

DDoS attacks are a crime. Crimes are investigated by the police, in normal order. This DDoS is no different. If MSB would have done their job properly and provided a well-known information channel, this should just have been any other matter for the police. The Swedish police also have very good resources and knowledgeable people, and are fully capable to deal with this (at least as far as I have seen in the past). In addition, there is the Swedish CERT, SITIC operated by the Post and Telecommnications regulator, that are able to provide assistance, knowledge and operational co-ordination between small operators and the larger ones (the larger ones have better direct co-ordination).

Why is this irritating?

MSB lacks operational knowledge and focus. In the quote above, they say their role is to co-ordinate between the authorities. As far as I know we talk about two authorities, the police and the CERT. Both of whom have excellent contacts. Why do we need a third agency for this? More, an agency that have clearly failed one of their most basic tasks.

This is what scares me. On Thursday, the government also gave MSB the task to come with a plan to protect Sweden against attacks over the Internet. Well, a first task would be to complete the work already given to them. What I don't understand is why this was not given to one of the agencies that are already operationally working on these issues. For example the regulator that have done an excellent job on contingency and resilience on telecom networks. My only guess is rivalry. MSB is part of the department of defence, the police part of the department of justice and the regulator part of the department of industry and trade. So the defence department have no role to play currently. At the same time, Internet attacks are becoming more important and I suspect more budgets are allocated to it. So you need to be part of it to get any money. This is what scares me. Instead of minimizing the people (and hence process and confusion involved) to a minimum and keeping the strategic decisions integrated into the operational roles, we are watching a game of rivalry. Sigh.

Today will be somewhat more busy with two presentations. I just finished a tutorial on the IPv6 business case together with Philip Smith, and I will in a bit deliver the first presentation after the keynote. The second presentation will be about the history of peering and the success it brought in Europe.

During the workshop yesterday, it Philip said something that made me realize how little time we have left to deploy IPv6.

The "original" IPv6 RFC1883 was published in December 1995. That is 14 years ago. If I look at the IPv4 Address Space report at www.potaroo.net we will see that

Projected IANA Unallocated Address Pool Exhaustion: 10-Nov-2011

Projected RIR Unallocated Address Pool Exhaustion: 22-Jan-2013

That means that we have 23 months left until IANA pool run-out. I yesterday twitted that we had as many months left as years we have been working on IPv6. Even if we count from the start of the IPng effort, that is not quite true. But 23 months is not a long time to get deployment going. The good news is what you see workshops such as the one that me and Philip are doing right now, is that it's actually not that hard to deploy. The cost is not that high as CAPEX is covered as part of normal upgrade cycles and backbone deployments can in many (most?) cases be done fairly quickly.

The problems are still with end-users / DSL deployments and lack of support, but that is coming as well.

This started worrying me as I only had an hour for connection in Frankfurt and then had to switch from A pier to B pier and then go through immigration and extended immigration. It turns out I didn't really have to worry about that...

We boarded in Stockholm at 6.20 (on-time) and then sat on the plane. Due to fog in Frankfurt we where issued a slot time, first for 8.15 and later at 9.00. We finally landed in Frankfurt at around 11.30. And of course one of the few planes that had left Frankfurt on time was the Beirut morning flight, my connection....

After queuing to change my ticket for an hour (And that was the short queue in the lounge) I realized my best option was to stay in Frankfurt and wait for the evening direct flight that leaves at 21.15...so I had a wonderful saturday in the Senator lounge...

When we finally boarded, of course the flight was overbooked, but I got on it. And to top the day off, two passengers didn't show up so we had to wait while they unloaded the luggage....

Anyway, at 1.30 I arrived in Beirut!

Somehow I have always been fascinated by Beirut, and I am really looking forward to the week here. I am here for MENOG5, the twice a year operational conference for the Middle East. MENOGs are always good content and discussions so I am really looking forward to the conference as well!

I want to note one thing with the original text below - I don't think that .SE has done anything wrong, I am not even sure they would know how to notify the government portal (I know that I would know how to). Also, I don't think there is need for more monitoring. The fault was duly detected and quickly so. Monitoring with out understand the results will just lead to additonal misunderstandings. But I do think we need to think really hard about these events and how to communicate them in the future...

Tonight .SE had an error in the .SE zone file that rendered most .SE zones unreachable for almost an hour. Now I understand that generating and spreading information takes time - BUT this is what I have been arguing for a while. Today citizens look to the Internet to find out about and understand events.

23.15 CET the governments official web-site, all major news sources as well as the .SE registry themselves have yet to publish any info at all on what happened.

I believe that the right thing to do would have to publish a flash message, on the official web-siste www.krisinformation.se (that wasn't reachable through this time and I doubt many if any have it cached) - but so that once things start to work the information is again reachable.

The DNS system is very robust, and the distribution to the users is built so that all but one slave server can fail, but no system is 100% secure and against an error in the actual zone content it's hard to protect - except checks, checks again, and again checks. But, let's wait until we know more about the real reason for the outage before drawing conclusions on the root-cause. In the meantime, let's wait and see how long it takes for information to reach the public.

Oh, and what was the traffic effect? Around 10G...

UPDATE: I'll take one thing back - .SE had an announcement that they where doing maintenance between 19.00-23.00. Now we just lack the government....

23.43 and 23.46 first articles started to appear....still nothing on the offical gov site...or on the Swedish CERT site (which I wouldn't expect btw..)

One of the representatives looked at me and said loudly "funny, everyone always says that when I am around". Without any humor in the voice. This made me very uneasy. Not that the representative didn't find my story amusing, but that I was considered lying without any challenge to the truth.

All this I was reminded of the other day when I tried to download the Pwnage tool for my iPhone. I looked at the download list for my Bittorrent client. The below screenshot is all I have ever downloaded on Bittorrent. Before peopel get upset that I tried to hack my iPHone. Yes, that was the aim - but I could never get it to work as iTunes kept starting and I didn't have time to figure it out. So my iPhone remains non-jailbroken.

I guess that what I am trying to say is that many users have the situation as me. I don't have time to work out how all these things works just to get software, movies and music. A GOOD and WORKING on-line services that allows me to consume what I bought in the format that suits me is something I am willing to pay for. Now we are just waiting for that to happen....

http://tools.ietf.org/rfc/rfc5533.txt
http://tools.ietf.org/rfc/rfc5534.txt
http://tools.ietf.org/rfc/rfc5535.txt

Now the announcement further says that ICANN will manage the Key Signing Key process, but gives no further explanation on what is meant by this. Of course the most interesting and important procedural piece is exactly this, who holds the KSK? The use of the word "process" doesn't give any hint. This could still mean that the US GOV will hold a single key, or that there will be a split key model, but does not disclose any information on who would then hold the keys.

I guess we will just have to wait and see....

In todays SvD editorial (Swedish), PJ Anders Linder writes about the risks with increased supervision of citizens but the Swedish government and that no matter what the nobel reasons driving these actions are, they are no in proportion to the intrusion in privacy. I am not sure I share all his concerns. I believe the key to an acceptable tradeoff is the mechanisms used to allow access to this data by various government agencies, not the collection itself. I also believe that the collection of data at some level is necessary. The opponents to surveillance often defend various actions with the argument that the Internet is a copy of society at large. I have myself often used this defense pointing out that crime and illegal activities on the Internet is merely copies or advancement of crimes in our daily lives. But what we forget is that in society around us, we assume that law enforcement and the government will protect the system, and pro and reactively protect us from criminals and track them down once a crime is committed. In order to allow them to do this, we have given up some of our freedoms. We allow search warrants, surveillance (in the physical sense), and in some countries / cases even provocation of crime.

For some reason we don't have the same acceptance for intrusions on the Internet. The Pirateparty get 7.1% of the votes for the Swedish seats in the European Parliament. It's hard to analyze how much of those are based on true concerns and agreement with the party politics and how of the votes are protests against the traditional parties, but it's clear that these are issues that raises concerns for the citizens. But why co we accept something in our "off-line" society, but not in the on-line society? I have heard several people argue the reason is that social networking sites collect a lot more about our lives than what we aggregate about our selves in the real world. Maybe. But is that true? Is data gathering activities on our on-line activities that will only be shared with the government after a court ruling really more intrusive that physical surveillance in the "real world"?

I have an alternative explanation. Or perhaps complementary. I think that part of the reason we here in Sweden (and this might not apply in other countries, and might also be the reason why these issues are so high on the agenda in the Swedish political debate) see the massive opposition to giving government agencies more tools for crime prevention and investigation on the Internet, is that the proposals coincided, and in the public, got tightly linked to other events. Mostly they got associated to the actions of the recording industry, and their attempts to open up venues for action against broadband subscribers outside the legal system. This started with the previous socialdemocratic government and the then justice minister Thomas Bodström, who on numerous occasions sympathized with the needs of the recording industry. He was also one of the main proponents of the EU Dataretention directive, a directive that had/have nothing to do with the struggle of the recording industry. The most obvious case is that in 2006 the Swedish police raided the Bittorrent site/tracker, The Priate Bay. This provoked strong reactions in the swedish "bloggosphere". Shortly afterwards the Swedish government launched the bill for allowing the National Defence Radio Establishment (FRA) access to tap telecommunications traffic passing the borders, where concerns that the government without insight would be allowed to register all activity on the Internet. Further, the vagueness on who would have access to the data didn't help. Citizens started getting concerned with how their digital lives where really being tracked and used but the government and a vast opposition against the law forced the government into compromise. The fact that the law would have passed even with the opposition in power and that the differences between most of the political parties (with the exception of the environmentalist and left wing party) where semantical. They where not against giving FRA access to the data, just the process for doing so.

The debate raised the issues, and following on more and more EU legislation with regard to registration followed, making sure to keep the debate alive. At the same time, the various rights-holders groups, antipiratbyran (anti-priacy bureau) etc stepped up their efforts and made more and more public action, making sure that their assaults on pirates (And partly the legal system) was being known. At the same time they kept feeding the debate on government data collection, and feeding the fear that the data collected could also be used for petty crime such as file sharing. The rights-holder associations would have happily supported such a development but instead their actions effectively made implementation of the Dataretention directive politically impossible. The latest news is that it might be proposed as a law this fall. In the mean time the EU sued Sweden for the delay in implementation. To add to the fury, swedish parliament passed the IPRED directive, forcing operators to hand over identities of broadband subscribers to the rights-hodler, even for petty crimes such as file sharing. But IPRED only comes into play if you have the data, so several operators shortened the time they needed to save the identities, effectively making the the IPRED law useless. In combination with the Dataretention directive that could change though, depending on what the law actually says.

Yesterday Swedish radio show "Konflikt" discussed the implications of more surveillance on the Internet. The show summs up the issues very well and also seems to highlight the fact that the scare is really of how the data collected might be used in the future rather than that citizens are truly worried about using the data for their original intended purposes.

I believe it's now up to the political parties to show that the scare expressed is not needed. The only way to do so, is to resolutely show the citizens that they will not give into various, albeit strong, lobby groups such as the recording and movie industries. They need to show that the data is kept in a way to protect integrity and only used for national security, and not to solve poor legacy business models of various interest groups. The actions of the rights holders have severely damaged the trust in the legal system and the ability of government to protect individuals long term. The recording industry is starting to look very much like that banks - they forgot they where acting in a consumer market, where trust from your customers is essential to success. You will only get as far as you can keep up consumers buying behaviours. Instead of catering to this and working with consumers and try and be ahead in the consumption trends, both industries worked against their own customers in their own self interest. When that failed they ran to the government and asked for bailout. Be it in cash or draconian legislation. If we extrapolate what that made for public opinion on the banks, the recording industry probably didn't do their own sales any good.

Last night my dinner was three sausages from there, Duck breast with Lemon, Cumberland Pork and a Chorizo. I really liked the Cumberand, the Duckbreast and Lemon second. I wasn't that happy with the Chorizo, but it was still good.

For breakfast this morning I bought real bacon...

I have never understood why it's impossible to find real bacon outside the UK. Ok, Ireland is not so bad, but apart from the UK and Ireland - it just doesn't exist. Until now. The bacon from Talor and Jones was as good. Finally! It was even more than that, it was at par with some of the best bacon I have ever had. I was greatly impressed. Luckily there are a few slices left for tomorrows breakfast...

I have saved the last test for dinner tonight, a large really nice looking Entrecote. Report to follow.

Where I am currently sitting, to my joy I found an open Wlan from where I could access the Internet. I also found 4 machines with file-shares as according to the picture below.

Not sure how clever it is to have your cash registers openly accessible on the Internet...

Forreign minister Carl Bildt has launched a pretty clever on-line campaign encouraging the followers to spend 5 minutes of their time on a list of activities, which range from posting urls to emailing 5 friends.

This is the first time that political parties have tried to use the web, and it's been twittering, emailing and YouTube. It's the first time so I guess the expectations should not be that high. The Carl Bildt campaign is innovative (at least for Sweden) in what is says, but perhaps not in the technology used. All political parties seems to have to work a bit more on their videos and the message in them though. They are still pretty amateur looking. But I am happy that they are at least trying. Below the latest video from Moderaterna.

I have been around quite a few of the "web startups" (not that Google is a startup), and seen launches of Java, the Netscape developer conferences, Java script, some of the most religious Microsoft meetings - and yes, the launch video shows a very well orchestrated release event. Preaching to the already convereted. However, there is something in there that feels a bit more than that. The application if you so wish, or the protocol really IS cool. It also addresses quite a few of my own frustrations with social networking and twitter - that it's spread out and not tied together. Also, what they are demoing is how a framework can help us build future applications and how collaborative development can help us build much more advanced applications and do it faster than before. Not to mention help stimulate innovation.

Last time I saw something similar was when Javascript applications was presented at Netscape developer One. I came back to Åland and said I believed this to be the future and that we should develop applications on the web instead. While we certainly tried, our neighbors that where developing a ferry booking system laughed and said that would not scale. Well...

We will certainly see more of the Wave in the future...