Combine them all!

Multipath Networks

Are you struggling to play Netflix on a 2Mbps Internet connection? A new cloud-connected router using the same type of multipath technology that Apple put in the iPhone might solve your problem.

Launched this week on Indiegogo, the $199-$289 system from Multipath Networks in Ireland combines connections such as DSL, cable, 3G, and 4G into one pipe. Up to four connections can be used at once.

The idea of aggregating mobile and wired signals in the home is an old one. But it certainly hasn't become commonplace, and Multipath Networks takes advantage of the new Multipath TCP protocol that's used in the iPhone to let Siri switch between Wi-Fi, 3G, and LTE quickly and seamlessly.

"Apple claims to be the first to deploy this, but actually we were; we've been doing this for over a year now," Multipath Networks CEO Justin Collery told Ars today.

The company's debut product worked only with mobile networks and was intended for providing more reliable connectivity to emergency responders, Collery said. The latest system is its first intended for home and office use.

One caveat: The router requires a $5-per-month cloud service, potentially introducing latency or privacy and security concerns.

"Under the hood it works in exactly the same way as a regular router, but with multiple Internet connections," Multipath's Indiegogo page says. "The router sends traffic down each interface to our array of aggregating servers. These then put the packets back in the right order and send them on their way. The net result is that data, even a single stream, is sent across all your links. The combined links appear to connected devices as a single, fast, reliable Internet connection, with the speed of all links combined."

Multipath intends to spread out its servers so they're close to most customers. The system still adds one to 10 milliseconds of latency, Collery noted. The servers are needed because "as the traffic is being sent across different operators, it has to be brought back together again into a single stream before going on to the Internet—think of downloading a Netflix movie over two ISPs; the traffic has to be split across them and then recombined," Collery said.

And security? "There is no more or less security than your normal ISP. It's not a VPN. It can be, but that's not what we are selling here," Collery said.

Users will be able to run their own servers on Amazon Web Services if they wish, as Multipath plans to package the necessary software as a free, downloadable Amazon AWS image.

Another limitation of the router is that it only goes up to 100Mbps due to its 10/100Mbps Ethernet ports. A future version could upgrade that with a gigabit port, but since the primary use case is for people with slow Internet connections, 100Mbps is probably enough.

Devoting one's mobile connectivity to normal home Internet use isn't going to appeal to a lot of people worried about data caps. If anything, people like to do the opposite, connecting their phones to Wi-Fi at home to save on data.

However, it could still be useful for people with awful home connections but relatively strong cellular ones. "In the UK and Germany, 33 percent of DSL subscribers can only get 6Mbps or less," Collery said. "In my mind that's not even broadband."

Adding the two together can improve both speed and reliability, helping any Internet application but especially things like streaming video and VoIP calls. The router can be configured to use up your home bandwidth first, thereby limiting usage of cellular data to only those times when you need more than DSL or cable offers.

The router and cloud service operates at between 85 and 95 percent efficient, meaning an aggregated bandwidth of 100Mbps would turn into 85 to 95Mbps in real-world usage, Collery said.

Skype testing.

Phone or Mi-Fi connections can be added to the router wirelessly or with a USB cable. A phone must have tethering enabled to add its bandwidth to the router.

Multiple DSL and cable connections can be added together as well. For example, if you and your neighbor each have a Multipath Networks router, linking them would give you access to each other's bandwidth. Speeds would then improve at times when only one of you is heavily using the Internet.

Collery said he doesn't think this setup would violate most ISPs' terms of service since "You're not selling the bandwidth to each other."

Multipath is trying to raise $30,000. It's got about $7,000 pledged with 30 days to go (although $5,000 of that comes from one very generous donor). Estimated delivery of the technology is January 2014.

While $199 is the cheapest price for Multipath Networks hardware, Indiegogo contributors can also get just the Linux-based router software for $15. The software can be installed on a PC Engines ALIX 2D13, the same technology used in Multipath hardware.

The $199 product is a basic one with three Ethernet ports and two USB ports. For $249, one wireless card is added. A second wireless card is present in the $289 device. This is important since it lets you "use 1 wireless interface to access the router while using the second wireless interface to wirelessly tether your iOS/Android/Mi-Fi device," the Indiegogo page says.

All the hardware purchases come with six months of free access to the network of aggregating servers, which costs $5 per month thereafter. 

The router's Wi-Fi connectivity is single-band 802.11n, Collery said. Users can upgrade to dual-band themselves by replacing one of the wireless cards.

Security Advisor

Survey: 55% of IT Pros Believe Gov. Accesses All Cloud Data

More than half of readers say Microsoft allows government access to everything stored in its cloud services.

There is quite a disconnect between reported details surrounding the NSA's surveillance program PRISM and what IT pros actually believe, according to a Redmond reader survey conducted last month.

According to the report, which is featured in the October issue of the magazine, 54.8 percent of the 300 IT pros surveyed said that the U.S. government is accessing "all personal and corporate data stored through Microsoft." This includes all data stored in Office 365, <a href="http://Outlook.com" rel="nofollow">Outlook.com</a>, SkyDrive and Windows Azure.

Interestingly, only 10 percent believe the government is only accessing metadata -- the info that a recent white paper released by the Obama administration said it only collects.

"This information is limited to telephony metadata, which includes information about what telephone numbers were used to make and receive the calls, when the calls took place, and how long the calls lasted," according to the white paper's executive summary. "Importantly, this information does not include any information about the content of those calls -- the government cannot, through this program, listen to or record any telephone conversations."

The cause for mistrust is understandable, seeing as every day brings new allegations of how far of a reach PRISM and similar electronic surveillance programs have gone in the name of national security. Just recently, engineers who had a hand in creating BitLocker said they were repeatedly approached by the FBI to create a permanent backdoor for monitoring purposes. While the team did not comply, they did say they provided tips on gaining access by targeting user encryption keys.

If true, this directly contradicts numerous Microsoft statements that say the company only provides specific user data to law enforcement when requested through a court order.

However, just as the case with the leaked documents by former NSA contractor Edward Snowden, the nature of the information cannot be taken without a certain level of scrutiny due to the nature of how the information is reaching the public. And when companies like Microsoft say one thing and allegations say another, it's easy to understand how IT would be left to doubting all information available.

Find more of our reader survey results and see how security experts weigh in here.

In 2006, a federal agency, the National Institute of Standards and Technology, helped build an international encryption system to help countries and industries fend off computer hacking and theft. Unbeknown to the many users of the system, a different government arm, the National Security Agency, secretly inserted a “back door” into the system that allowed federal spies to crack open any data that was encoded using its technology.

Documents leaked by Edward Snowden, the former N.S.A. contractor, make clear that the agency has never met an encryption system that it has not tried to penetrate. And it frequently tries to take the easy way out. Because modern cryptography can be so hard to break, even using the brute force of the agency’s powerful supercomputers, the agency prefers to collaborate with big software companies and cipher authors, getting hidden access built right into their systems.

The New York Times, The Guardian and ProPublica recently reported that the agency now has access to the codes that protect commerce and banking systems, trade secrets and medical records, and everyone’s e-mail and Internet chat messages, including virtual private networks. In some cases, the agency pressured companies to give it access; as The Guardian reported earlier this year, Microsoft provided access to Hotmail, Outlook.com, SkyDrive and Skype. According to some of the Snowden documents given to Der Spiegel, the N.S.A. also has access to the encryption protecting data on iPhones, Android and BlackBerry phones.

These back doors and special access routes are a terrible idea, another example of the intelligence community’s overreach. Companies and individuals are increasingly putting their most confidential data on cloud storage services, and need to rely on assurances their data will be secure. Knowing that encryption has been deliberately weakened will undermine confidence in these systems and interfere with commerce.

The back doors also strip away the expectations of privacy that individuals, businesses and governments have in ordinary communications. If back doors are built into systems by the N.S.A., who is to say that other countries’ spy agencies — or hackers, pirates and terrorists — won’t discover and exploit them?

The government can get a warrant and break into the communications or data of any individual or company suspected of breaking the law. But crippling everyone’s ability to use encryption is going too far, just as the N.S.A. has exceeded its boundaries in collecting everyone’s phone records rather than limiting its focus to actual suspects.

Representative Rush Holt, Democrat of New Jersey, has introduced a bill that would, among other provisions, bar the government from requiring software makers to insert built-in ways to bypass encryption. It deserves full Congressional support. In the meantime, several Internet companies, including Google and Facebook, are building encryption systems that will be much more difficult for the N.S.A. to penetrate, forced to assure their customers that they are not a secret partner with the dark side of their own government.

Posted by Sabrina Farmer, Senior Site Reliability Engineering Manager for Gmail
On September 24th, many Gmail users received an unwelcome surprise: some of their messages were arriving slowly, and some of their attachments were unavailable. We’d like to start by apologizing—we realize that our users rely on Gmail to be always available and always fast, and for several hours we didn’t deliver. We have analyzed what happened, and we’ll tell you about it below. In addition, we’re taking several steps to prevent a recurrence.
The message delivery delays were triggered by a dual network failure. This is a very rare event in which two separate, redundant network paths both stop working at the same time. The two network failures were unrelated, but in combination they reduced Gmail’s capacity to deliver messages to users, and beginning at 5:54 a.m. PST messages started piling up. Google’s automated monitoring alerted the Gmail engineering team within minutes, and they began investigating immediately. Together with the networking team, the Gmail team restored some of the network capacity that was lost and worked to repurpose additional capacity, clearing much of accumulated message backlog by 1:00 p.m. PST and the remainder by shortly before 4:00 p.m. PST.
The impact on users’ Gmail experience varied widely. Most messages were unaffected—71% of messages had no delay, and of the remaining 29%, the average delivery delay was just 2.6 seconds. However, about 1.5% of messages were delayed more than two hours. Users who attempted to download large attachments on affected messages encountered errors. Throughout the event, Gmail remained otherwise available — users could log in, read messages which had been delivered, send mail, and access other features.
What’s next? Our top priority is ensuring that Gmail users get the experience they expect: fast, highly-available email, anytime they want it. We're taking steps to ensure that there is sufficient network capacity, including backup capacity for Gmail, even in the event of a rare dual network failure. We also plan to make changes to make Gmail message delivery more resilient to a network capacity shortfall in the unlikely event that one occurs in the future. Finally, we’re updating our internal practices so that we can more quickly and effectively respond to network issues. We’ll be working on all of these improvements and more over the next few weeks—even including this event, Gmail remains well above 99.9% available, and we intend to keep it that way!

[Ed. note -- We are pleased to feature a guest post today by Kit Walsh of the Harvard Law School Cyberlaw Clinic. More information on Kit and Kit's practice can be found here.]

In the midst of confusion over the NSA's spying powers, even members of Congress who voted for the applicable laws claim surprise at how they are playing out in practice. With defenders of spying saying to “read the statute” to understand its privacy protections, I thought I'd do just that.

Say I'm the NSA and I want to legally justify a court order giving me access to private emails of Occupy activists (so I can join in the FBI and DHS surveillance of peaceful protesters, for example). It's a domestic political movement, so that sounds as if it should be pretty hard, right? Let's see...

Just to challenge ourselves, we'll ignore the several statutory provisions and other doctrines that allow for spying without court oversight, such as urgent collection, gathering information not considered protected by the Fourth Amendment, the wartime spying provision, or the president's "inherent authority" for warrantless spying. Let's also ignore the fact that we have general wiretaps ala the Verizon order on phone metadata and Internet traffic that we can fish through in secret. Let's actually try to get this by the FISA Court under 50 U.S.C. §§ 1801-1805 for electronic surveillance or § 1861 for documents and records.

First Hurdle: I need "probable cause" to believe the "target" is a "foreign power" or "agent of a foreign power." This is great - I don't need probable cause of any crime, just something relating to the identity of the "target." And if the "target" of my investigation meets those criteria, I can slurp up all sorts of data about US people, subject only to toothless "minimization" requirements I'll discuss in step 2. To obtain stored records such as emails, it's even easier. The court is instructed to presume that I am entitled to an order to get those records if I can just show "reasonable grounds to believe" the records are "relevant to" investigating a foreign power or an agent of a foreign power or someone "known to" a suspected agent of a foreign power.

So, can I consider "Occupy" itself to be a foreign power? Believe it or not, any foreign-based political organization qualifies unless it is "substantially composed" of US persons. So all the Occupy branches in other parts of the world, and their agents, are valid "targets" for surveillance (as well as AdBusters, the Canadian organization that first called for an occupation of Wall Street). That's a great start. I bet a lot of the domestic Occupiers are within one or two links of a person directly communicating with a "foreign power" or one of their "agents," so I'll ask for their communications as part of my "targeting" the foreigners. Actually, some of the foreign-run banks and corporations they're protesting might qualify as valid foreign targets, too. I'll "target" them... by reading emails of people talking about their actions, and maybe their private intelligence about the protesters.

Second Hurdle: I'm going to have to "minimize" the data I collect about US persons. But wait! I don't have to minimize if it's evidence of a "crime" that has been or might be committed. All of Occupy's civil disobedience organizing is fair game for surveillance. I bet I can find evidence of drug crimes in here, too, and who knows what else? That'll give the state some leverage in case these uppity protesters get out of hand. I also have the general "national security" and "foreign affairs" exceptions to minimization, which might help if the protesters plan to demonstrate at sites relevant to national security or at diplomatic summits. Of course, the court can require me to minimize even in those circumstances, but they don't have to, and no one will ever know one way or the other. Besides, the secret "minimization" procedures may sound good to laypeople, but anyone who follows privacy research knows that it's really easy to re-identify people from anonymized records if you have other databases to correlate data against, and boy do we ever!

Third Hurdle: Maybe tech companies won't like it. But I have a court order, and I already beat Yahoo in court, so there's nothing they can do, and I'll pay them well for their time. They've already built me these nice PRISM systems to streamline the data acquisition process for me, so let's get spying!

Fourth Hurdle: Some Senators are whining about the invasive spying. Solution: Send in Director of National Intelligence James Clapper to lie to our Congressional overseers about what we do.

The most common form of lying that has been exposed is giving specialized meanings to English words that do not match their common meanings, then using those words misleadingly. The Electronic Frontier Foundation has

, and above I discussed some of the ambiguities in the "targeting" and "minimization" terms.

I didn't even have to break the letter of the law today to spy on these domestic political activists. (Breaking the law is for tomorrow, after the companies have handed over the data and there's no chance I'll ever have to justify myself in court, even one as favorable as the FISA Court.)

---

That's it. I spent just an hour and a half cooking up this analysis, while the intelligence/law enforcement apparatus has teams of lawyers who consider it part of their job to justify expansive surveillance and who have been doing this for years. The FISA Court has the power to reject the broad interpretations of statutory authority and close the “minimization” loopholes I outlined above. Given what we've seen in recent leaks, though, that doesn't seem to be the court's approach.

Kit Walsh is an attorney at the Cyberlaw Clinic at the Berkman Center for Internet and Society at Harvard University, with a practice that includes cybercrime and online privacy matters. Kit is not actually an anthropomorphic representation of the NSA, but would be willing to play one at creative protest events in the Boston area.

(Photo courtesy of Flickr user Chris Hardie pursuant to a Creative Commons CC BY-NC-SA 2.0 license.)