Sunday, April 19, 2015

Thoughts on the Norway FM Radio Switchoff.

Something showed up on my Facebook timeline today, linking to an article which caught my interest.  The reason it caught my interest was I could see the three-way clash of North American culture, worldwide culture and the fact that I've worked in and around radio (and radio related technologies) for most of my life.  What is very apparent to me isn't apparent to everyone, and sometimes I forget that.

A quick primer on radio and I...

  • As a kid I would do DX'ing (listening for radio stations from other countries).
  • As an adult, I've used radio to transmit stuff over vast distances (the most extreme case was using a YAPP packet radio and atmospheric skip to transmit stuff at 300 baud from the UK to a fishing trawler that was south of the Falkland Islands). 
  • I am still an avid radio listener.
  • I was once the sole iOS developer for Clear Channel's "iHeartRadio" app (I worked on it from version 2.45 through to 3.1), which is now called iHeartMedia.
  • I've worked alongside FEMA and their EAS test a few years ago.
I moved to Canada in 1998.  When I came over, I brought my radio/tuner with me - a Sony that was made for the European market (Yes, it runs on 220 volt electricity).  At that point this radio was about 5 years old and it was the second of it's type I'd owned.  In Canada, most of it's features didn't work until about 2004-2005, which I found highly fascinating.  To date, some features still don't work in Canada because Canadian radio hasn't caught up with the early 1990's yet.

Without getting technical, most people (including Canadians) are now aware that modern radios can tell you the name of the station you tuned to - some even tell you the name of the song/artist.  This comes from a system called RDS (Radio Data Service), which has been in Europe for a lot longer than in North America.  There's an advanced version of RDS called EON (Extended Other Networks), which gave us lots more features in the early 1990s that still don't exist in North America today.  I've never been able to switch on a Canadian radio and tell it to "only play Punk" music, or have it jump to a different station if the weather forecast comes on.  

These features don't exist because if you remove choices from the listener, you can create niche stations and so in places like Toronto, where I now live, you can't listen to what you want and still have the weather every 10 minutes - instead you have to tune to a specific type of "talk radio" station where you get the weather every 10 minutes, along with forced traffic (thats a different option in RDS EON) and adverts.  Put another way, whereas European usage of radio gives you a buffet of radio to pick and choose from, the North American model gives you 100 stations and you can only listen to one at a time - and the media companies just looove a captive audience.

This illusion of choice is much like the mechanism you see in Canadian burger restaurants;  Whilst the adverts with their condescending American narratives saying "Have it your way, Canada" are telling you that you have a choice to make things exactly how you want, what they're actually selling you is either a) you can pay X dollars for a fully loaded burger, or b) you can still pay X and skip some toppings.  Obviously, this works in the burger chain's favour as everyone still pays a premium price even if you decide not to have all the toppings you just paid for.

What this broadly translates into is radio turns into these little "islands" of listeners who are being kept away from other stations - and because the audience are not exposed to other stations, no stations have to try to win over new listeners.  Radio in Toronto is crap, and radio across most of North America is bad.  Ask anyone in North America to name a famous radio station where the DJ actually "DJ's" (i.e. spins a 30 minute session of proper mixes, or introduces you to something new) and nobody can name one.  In the UK, people would say "Pete Tong", "John Peel", "Danny Rampling", "Nicky Holloway".... In Canada and the USA, this really just doesn't exist, which is strange when you consider how much music and culture is born here.  

Again, it all comes down to these "silos" or "islands"...  To really ram this point home, lets say you're a Canadian and you're sitting at your computer and you want to listen to CBC Radio 1.... you have to go to cbc.ca to listen to that.  Then you want to listen to Q107, so you go to their website.  If you want to listen to something new, you have to find a new website.  Nothing is tied together even though they're all supposed to answer to the CRTC.  

By contrast, in the UK you just fire up www.radioplayer.co.uk and every station that has a broadcasting license is available there.  Now, there's over 400 radio stations on that site, and this brings us back to the digital radio issue.  In Ontario, there's just over 500 FM stations.  In the UK, there's over 400.  So, imagine cramming 80% of Ontario's radio into 1/6th of the province and you'll have some idea of what the airwaves look like. The radio spectrum is pretty crowded!

Digital Audio Broadcasting (DAB) solves two goals:
  • Free up radio broadcasting spectrum in dense areas.
  • Allow the addition of more features to the radio that RDS EON cannot handle.
When the bulk of people move over to this type of radio, the entire old FM spectrum can be freed up for better uses.

Now, this isn't a one-sided rant, because in North America we're seeing technologies like RDS being used in equally innovative ways that Europe doesn't.  The biggest one that comes to mind in Ontario is electricity grid management.  When your Air Conditioner is being commanded remotely to shed about 10% load in a heatwave because we're running out of electricity, it's RDS radio technology.  

This is really a culture thing;  Norway switching off it's FM radios will be shocking to many people, especially to those who didn't know that many European countries have already done the same with TV.  For instance, the UK switched over three years ago.  In Europe it's normally referred to as DVB (Digital Video Broadcasting), and a quick look down this list will likely shock the average Canadian or American into realising how far behind things are here.  I have always found this interesting.  I know what's going on as well, especially in Canada where two companies run most of the media and also happen to own the cable and broadcasting networks.  

It's a money thing.  Why give the people choice when you can keep them ignorant and gauge them for money?



Thursday, April 9, 2015

Cyber Crime & Fraud In Canada

In this post, I'm going to get something off my chest that has been a long time brewing... in fact, it's been brewing for years.  The subject is about Canada and cyber-crime and fraud prevention where computers and law-enforcement collide.

If you don't know already, I work in IT.  I'm a programmer by trade (for the past 7 years I've concentrated on iOS, but there's 20+ years of Windows developer mileage under this bridge before that).  My code runs in everything from ship inspection systems to SuperMax prisons to the Special Organised Crime Agency (now the NCA) and national banks.  I am JCP certified and I'm found in NATO handbooks H4 & H8.  In short, I'm a registered "good guy" with a vested interest in doing the right thing and maintaining my reputation as trustworthy.

So, onto the story....

In Canada, just as anywhere else, there's two sides to cyber-crime and fraud; There's those with the intent to prevent it and those with the intent to commit it.  Just like in most other civilised places, the legal system tries to protect people from computer related crime - in Canada we have the "Criminal Code Section 342.1" which tries to draw a box around what you're allowed to do and not allowed to do.  So far, everything seems cut and dried and nobody should be surprised by what I've said.

When it comes to fraud prevention, various layers of government and law enforcement inform the public that they are here to help, and the legal framework/laws and public education programs would lead you to believe that you are very well protected in Canada.  The reality is this apparent protection is a double-edged sword that is often as likely to prolong your exposure to fraud as it is to protect you from it.

I'm no expert in the world of cyber-crime/fraud, but I understand way more than the average person - and in the UK and the USA, experience has shown that when I try to help an organisation with a problem, people listen to me... except in Canada.  I've had conversations with Andrews Air Force base about the finer technical points of Air Force One, discussed iPhone-based Missile Impact mapping technologies with Fort Bliss by the White Sands Missile Range and everyone knows I'm a good guy who is on the same side as them.... then I get on the phone to Bell Canada one day to report to Sheilagh Malloy (their privacy bod) that one of Bell Canada's customers has been breached and needs rescuing from a very real chance of identity theft, and demonstrating this to Ms Malloy resulted in the aforementioned section 342.1 rules being read back to me and telling me to never go into Bell's systems again.  

That experience was several years ago.  Amongst the many things I learned in that conversation, I saw what I thought was a blind spot for customer safety and data.  I followed that hunch and a year later, I started a disagreement with Bell Canada about runaway customer data involving my own records that I was now looking into.  

Structuring my argument according to what I'd thought I'd learned in the previous conversation, the disagreement was "resolved" in a stale-mate with Ms Malloy so she'd think that she won her side of the argument about Bell's privacy policy because she didn't have to back down.  Because I'd pushed her into a stalemate position where I remained "dissatisfied" she had no choice but to gave me the escalation path necessary to go to the Privacy Commission of Canada, and this gave me the "green light" to go after Bell Canada's third party link with Yellow Pages Group because it involved them too.  Of course, when I asked YPG if they were willing to stand shoulder-to-shoulder with Ms Malloy at Bell Canada and her position on my data, they collapsed faster than a wet noodle and undermined what Bell Canada had argued.  

Thus, I had successfully secured my own data, and confirmed what I suspected the first time round was blind spot with Bell Canada.  Of course, once you know there is a problem, it's not hard to go looking for signs of it.

Watching Bell Canada customers get compromised is fairly trivial.  In the same way you can watch looters steal televisions from a shop across the street, you just watch the information appear outside of Bell - you don't need to go into Bell Canada's systems, in the same way you don't need to go into a leaky pipe to see that it's leaking.  

You can set up Google to notify you when a breach occurs, which means you're no longer violating Canada's Criminal Code section 342.1 because you're not accessing that data - instead someone else is telling you that data is now available - and if you're not accessing/viewing/transmitting/storing it, then you're not breaking the law.  A bonus to this, is we've gotten ourselves an accidental security canary because we can infer what Bell Canada failed at, and as long as the signals keep appearing that there's a failure, you know Bell Canada hasn't got it's act together.

What I'd like to do is help the people who are almost guaranteed to become victims of identity theft, fraud, etc.  Of course, this means reporting it and when you report it, you need to provide evidence, and under the rules of section 342.1, I can't handle that data or show that it compromises a customer by accessing their details.

As you can guess, this is very frustrating.

So, what are my options?

  • I could talk to Bell, CRTC, etc, but Bell Canada would launch a law-suit against me if I then went on to prove the problem exists because it means proving you can access compromised customers in their system.
  • Let's imagine I want to talk to the Canadian Anti-Fraud Centre:
    • You go to login here (Link) on a Mac and the RCMP securekey login fails...
    • You downgrade to Windows and login, only to find the CAFC requires specific information that you can't provide.  They have no "Contact us for something else" option.
  • I can't deal with the police, as no proof of a crime has happened yet, and again showing that the crime is likely to happen would require me to step over the law and put myself in danger when showing how and where.  

What we need:
Canada needs a program where trusted individuals can demonstrate to law enforcement that there is a cyber-fraud problem and help members of the public to be alerted when it can be proven that they are at risk from fraud/identity theft/etc.  The program should span customers of banks, too, as this is another problem area.  Finally, these whistle-blowers should have immunity from section 342.1 and have no further legal ramifications for cooperating with law enforcement to help the general public become safer by the people who dropped the ball in the first place.

In short, it's my belief that we need a mechanism whereby people can be protected from criminal activity, without those trying to help law enforcement identify the problem being penalized.  Where we stand currently is the very same mechanism to stop cyber-fraud now stops anyone from proving when you are at risk of cyber-fraud.  Of course, those who disregard the law are free to do so because they're now effectively protected by this catch-22 situation.