Against the Ban of Online Sales

There is a call among some of the opponents of vaping, now including the New York Times‘ editorial board, to ban the online sale of (at least) nicotine-containing liquids. Their position falls, apparently, below the rubric of halting underaged purchases. The position is not unique, as it comes up from opponents of just about any good or service.

In our age, to suggest the need to ban any common commerce from the Internet simply fails, at least before the attempt is made to find technical solutions. Online buying and selling already, or will soon, amount to at least a billion dollars per day in the United States alone. And that’s just business-to-customer, so business-to-business is likely at least as large.

Online banking is another major online commercial activity. The fact that banks trust the current security regime enough to move forward is a clear sign that restricted items such as nicotine products, alcohol, and others should be allowed via the Internet.

Indeed, pornography is regularly purchased on the Internet. But a more important analog to nicotine would be e-pharmacies. While there are some illegitimate pharmacies online, many reputable, accredited pharmacies do sell via the Internet. The FDA even has pages devoted to helping consumers “Find a safe online pharmacy.”

Given the general direction of society toward e-commerce, and that we are obviously capable of meeting the challenges it poses (which in the case of drugs include temperature control, access control, etc.), it seems that any knee-jerk argument that some goods must only be sold in person falls on its face. We already have need to have authentication and chain-of-custody in purchases. While online sales ought to be regulated appropriately, they simply must be permitted and the regulations will merely serve to strengthen the e-commerce landscape for all goods.

Okay, so what about guns? Once again, as for any other restricted good, verification should suffice. A legitimate purchase is fine. Given the broad availability of illegal guns (not to mention drugs), there is absolutely no reason to believe that Internet sales will make the problem worse.

The call for banning of online sales is akin to incorporation of so-called digital rights management into digital content. It only punishes the legitimate consumers and users of the goods and services. It does not seriously hinder anyone that wishes to skirt the law. Worst of all, it weakens the market considerably, removing opportunities for new efficiencies and growth.

So what good is a call for banning online sales? It sure sounds good. Just like DRM. To quote H.L. Mencken, “there is always a well-known solution to every human problem — neat, plausible, and wrong.” Banning of commerce, even merely through one trade route, is the use of a cleaver to remove a splinter from your finger. It is a drastic overreach, beyond the pale except in the most extreme circumstances (e.g., plutonium and uranium in the case of outright prohibition, or maybe vending machines that sold cigarettes).

Sales via the Internet simply aren’t the issue, and we have a host of products that need proper age verification and/or buyer authentication. These, at volumes large enough to justify the cost of implementing the proper controls on purchasers, require the government to step in and regulate, but in no way justify a ban.


Merging Black Friday with Election Day

In the U.S.A. elections get held on the first Tuesday after the first Monday in November. That’s by statute, and only for general elections for federal office. States hold general elections occurring in the same year on this day as well, as it’s logistically easier.

It also makes sense for certain political factions that get a boost from synergies between top-of-ticket and down ballot elections.

But there’s another big event in November that could also benefit from the sort of synergy: Black Friday.

Black Friday takes place on the Friday after the fourth Thursday in November. It is a shopping holiday, where people buy gifts to give one another during the winter solstice and religious holiday season.

Estimates for the number of post-Thanksgiving weekend shoppers approach, if not exceed, the number of voters (something around 200 million for the weekend, 100 for the day), so it might make sense to merge the two in some way.

Imagine the scene, thousands of deal-addled post-Thanksgiving zomboids having to use their near-empty faculties to make their selections at the polls. Think of how much more ravenous the relatives would be in the Thanksgiving Dinner political discussions, if the votes were soon to be cast.

Think of Thanksgiving leftovers while watching the election returns, or better yet the arguments about whether to watch the football game or the results. Yes! Think of the conundrum and chaos that the sports-affiliated networks would have, cross-comentating the games and the votes (“That’s another House seat for Alaska Polytechnic, and the Republicans have picked up ten yards on a penalty.”).

The most straightforward way would be to simply push voting back to Black Friday or that weekend. Polling places could be relocated to malls, helping drive both shopping and voting.

But if the colder weather and commercial nature of Black Friday makes the whole spectacle a bit too raucous, maybe stores could simply offer discounts for those who had voted on the usual Election Day. That would also help avoid the problems with people traveling (though having a large contingent of the electorate absent might force jurisdictions to open their absentee processes and generally expand voting access, to pick up the slack).

Of course, we only hold federal elections biennially (except in case of special elections), so we might miss the combined force on the odd years (except in states with odd-year elections). We could always hold elections for the roles in the Christmas pageants or king of the mall or such.

Logistics aside, some sort of greater recognition of the relationship between this pair of November events would be appropriate. The shopping season refills the coffers for the corporations that contribute large amounts to the politicians’ campaigns.

In early November we pick the leaders that we pay for in late November. Sort of a restaurant arrangement, that.

On the other hand, given the scary ideas our politicians spout these days, maybe we would be better off merging Election Day with its closer peer, Halloween.


Global Network Security

The motivation for this post is the general lack of security permeating the services we use and the governments that are supposed to serve us.

The basic form of security on the Internet comes with your browser. Transport Layer Security scrambles your communication with a web service. This scrambling prevents governments, eavesdroppers, and aliens from listening while you access a bank or e-mail.

Many sites lack TLS support. It takes work to add, and it only gets added where necessary. That uncovers a basic point about security, that secure means protection equal to or greater than the risk. You probably wear clothes, at least sometimes, for protection from the elements. But you dress to the elements. If you will venture into a toxic area, you don a hazmat suit.

If you view this blog, assuming I don’t write anything obscene in your jurisdiction, you probably don’t care if those third parties know you accessed it. But for services with private data, you do care. Services should protect their important data first, and other parts only if needed or desired.

Look to the Firefox Sync service. The Firefox Sync service (Mozilla Wiki: Services: Sync), which allows users of the popular Mozilla Firefox web browser to store copies of their critical data (bookmarks, history, passwords etc.) in a service for copying between different computers and devices.

The architecture of Sync ensures that any time the risk of the data increases, the security increases to match. That’s just once, when it leaves your controlled device. Before upload, your browser encrypts the data, making it as impossible for Mozilla to access it as for any third party.

Compare that with a popular file storage service, Dropbox, which also uses encryption to secure your data. Quoting from Dropbox: Terms: Information Sharing and Disclosure: Compliance with Laws and Law Enforcement Requests; Protection of Dropbox’s Rights (emphasis added):

We may disclose […] when we have a good faith belief that disclosure is […] to (a) comply with a law […]; (b) protect the safety of any person […]; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.

The second emphasized portion surprises merely because Dropbox possesses the capacity to strip the encryption off of the data. While the last sentence serves to tell the user, “you can roll your own,” that strategy does not seem particularly effective at guaranteeing privacy. Sync’s method, on the other hand, leaves them powerless to decrypt the data (even if you need them to (eg, if you lose your secure key)).

Also compare the architecture of Sync to that of Google Gmail. A web-based e-mail service, Gmail uses TLS to keep your session of working with mail secure, but makes no claim to encrypt the data, and certainly not as it leaves your device.

Unlike Dropbox, which merely possesses the ability to decrypt the files, Gmail needs the plain text of the mail, as it advertises based on the content. While understandable, that business model does not necessarily benefit the user of the service. Again, you may DIY encrypt your mail, but most wouldn’t know where to begin.

Before moving on from Gmail and Sync to another topic, something worth noting (from Gmail Help: Accessing a deceased person’s mail, emphasis from original):

If an individual has passed away and you need access to the contents of his or her email account, in rare cases we may be able to provide the Gmail account content to an authorized representative of the deceased user. We extend our condolences and appreciate your patience and understanding throughout this process.

Their process includes a lot of legal documents and obtaining a court order among other hurdles. Compare that to a process Sync would need, which would require not only asking Sync for the data, but having access to a key that they do not know. If the deceased did not plan for disclosing such keys, consider that data lost until such time as computers may crack it (likely a long while).

Law enforcement and other legal processes sometimes require the disclosure of data from these services. For Sync, they receive a blob of data that they cannot read without the key. For Gmail and Dropbox, they get the actual data, ready to index and use.

The problems of government abuse weave through human history, and we should take them seriously. The first emphasized portion of the quotation from the Dropbox terms makes it clear that they do not need to prove a law enforcement request valid in order to comply.

Indeed, searching the web for information on how to verify the authenticity of law enforcement actions shows very little of use.

The American Civil Liberties Union (ACLU) writes (via ACLU: National Security: Surveillance Under the USA PATRIOT Act):

The FBI does not even have to show a reasonable suspicion that the records are related to criminal activity, much less the requirement for “probable cause” that is listed in the Fourth Amendment to the Constitution. All the government needs to do is make the broad assertion that the request is related to an ongoing terrorism or foreign intelligence investigation.

But, let’s modify that quote a little:

The [alleged government representative] […] needs to […] make the broad assertion that the request is related to an ongoing terrorism or foreign intelligence investigation.

The main change here underlines the possibility of impersonated government actions. Even if the individuals involved in a so-called law enforcement request do belong to the organizations, trusting their actions requires verification that currently does not exist.

I found a quote in a document distributed by the US Department of justice (US Department of Justice: Office of Justice Programs: Office for Victims of Crime: PDF: First Response to Victims of Crime: Tips on Responding to Victims With Blindness or Vision Impairment):

Tell victims your name, badge number, and the telephone number of
your dispatcher when responding to victims who are alone, and support
them in verifying your identity.

Note that applies only to victims, and vision-impaired ones at that. The verification process lacks any vigor, to boot. Under most circumstances, though, the merely appearing as a member of a law enforcement organization serves as equivalent to proof.

If you want to verify a government document (eg, a notice for jury duty), good luck. You can call the number provided, but they provide no chain of custody or proof. No cryptographic signature.

If served with a warrant, they provide no mechanism for verifying it, not only verifying the warrant’s registration with the claimed organization, but that the process that produced it represents an authorized, valid investigation.

We rely on some vague notion of trust alone.

The other path represents real security. The other path requires far more diligence, but it includes some emergent properties that make it worthwhile. These properties include a natural defense to corruption via feedback loops that erode bad law much faster and reinforce good ones.

Again, look at Sync. It makes you plan for if and how your estate may access your browser data. Look at the law enforcement request, where you retain control over your data, and some government agent acting under color of authority cannot ship your data to some foreign government or corporation.

A properly built online banking and payment system would preclude the possibility of unauthorized access, because a payment would not produce any data that could be used nefariously. A payment would simply be a one-time code for making a payment, just like a request to download a webpage can contain no identifiable information other than the IP address and the page requested.

Logging into your bank would give you a view of your account, but modifications (such as bill payment or fund transfer) would require several steps, with varying security, to preclude tampering. These steps use properties of known, secure handshakes, designed to thwart attacks.

The basic process of a payment:

  1. You tell a web store you wish to purchase.
  2. It prompts you for delivery information.
  3. You securely visit the postal service (or via some other mechanism prescribed) to obtain a secure hash for delivery information.
  4. You provide that to the website, which verifies the validity without knowing that location itself.
  5. The store prompts for payment information.
  6. You securely visit the bank service (or via some other mechanism prescribed) to obtain a secure hash for payment information.
  7. You provide it to the website, which again verifies the validity without knowing the bank account/credit account itself.

That may not be the exact process, but something similar could occur and limit the information leakage. Similar processes should work for a variety of transactions (again, warrants and other legal processes, web services, etc.). This does not merely protect you, but it protects the services as well (both their reputation and liability), as if a security breach occurs, the attackers only get a bunch of hashes they cannot do anything with.

Thanks, I know this ran long and still needs clarification and better development. Feel free to ask questions or give feedback.