Articles About News

28June

How Viable are VPNs for your Online Privacy Needs?

By Quandary Peak Research

In a recent piece on internet privacy legislation, Quandary Peak’s editorial team addressed the Congressional vote in March to overturn Obama-era internet privacy laws. In short, the new law gives telecommunications companies greater flexibility in how they can track, collect, and sell customer data. From a consumer standpoint, the implications of this legislation may largely depend on one’s Internet Service Provider (ISP)’s specific policies – and whether those policies may change as a result of the new law.

In reality, a majority of consumers will be unaware and/or indifferent to this shifting landscape in online privacy rules. But for those increasingly concerned about the issue, part of the narrative has shifted to whether VPNs (virtual private networks) can be a potential solution for restoring a lost layer of privacy.

VPNs have long been used by businesses to allow employees in remote/foreign locations to connect to a business’s private computer network. VPNs have steadily become more mainstream for private citizens, but remain unfamiliar to a vast swath of internet users. This unfamiliarity begs a number of questions: what, exactly, are VPNs? What are their advantages and disadvantages? Are any VPNs a cut above the rest? And, if a person is concerned about their online privacy, is a VPN an adequate solution?

What is a Virtual Private Network (VPN), and How Does it Work?

A virtual private network (VPN) is a service that allows a user to connect to the internet over a public network as if it were a private network. A common analogy is to consider a tunnel that links a user’s computer directly to a server operated by the VPN provider. When a request is sent for information (like entering a website address), it is ‘funneled’ through the VPN’s secure connection, and the information is sent back through the same private […]

Comments (0)|Read more

10May

A Briefing on Internet Privacy Legislation (2017)

By Quandary Peak Research

On March 28, 2017, Congress voted to overturn Obama-era internet privacy laws that were scheduled to go into effect later this year. As one of their first orders of business under President Trump, Congress targeted the FCC rule that required Internet Service Providers (ISPs) to “protect the privacy of their customers…[ensuring] broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs (emphasis ours).”

The goal of the Obama-era legislation was to provide customers with the information and tools needed to make informed decisions about the use and sharing of personal information. In many cases, that meant having some power in restricting an ISP from collecting browsing history data and selling that information on the open market (mainly to advertisers).

In order to understand the new legislation, it is worth taking a look at how the now-repealed Obama-era regulations were structured, essentially on three tiers:

Opt-in

Internet Service Providers were “required to obtain affirmative ‘opt-in’ consent from consumers to use and share sensitive information.” Sensitive information that could not be collected or shared without a customer’s approval included “precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications. ”

Opt-out

ISPs “would be allowed to use and share non-sensitive information (our emphasis) unless a customer ‘opts-out.’” Email addresses or other “service tier” information was considered non-sensitive, and “use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations. ”

Exceptions to Consent Requirements

Exceptions existed when pertaining to basic services related to a consumer opening and maintaining an account with the broadband service, including “the provision of broadband service or billing and collection.”

The rules also included transparency requirements, rules that required broadband services to utilize “reasonable data security practices,” and […]

Comments (0)|Read more

3October

Google vs. EU: Antitrust Conflict Timeline

By Quandary Peak Research

The European Commission’s investigation of Google’s alleged misconduct has done nothing but expand and intensify over the last six years. Margrethe Vestager, the EU’s Competition Commissioner appointed in the midst of the investigations, has spearheaded the ‘don’t back down’ attitude taken by the EU. She resisted her predecessors’ efforts to settle the case with the tech giant, and has instead added to the list of accusations in the anti-trust lawsuit.

The accusations against Google now include earlier claims that the company abused its market dominance with unfair business practices pertaining to its comparison shopping services and search advertisements, as well as more recent allegations that it engaged in predatory business practices by imposing unfair restrictions on Android device manufacturers and mobile network operators. Earlier this year, the European Commission sent its second and third Statement of Objections to Google formalizing its charges against the company and heightening the profile of the case. Google continues to deny the charges and is working to settle the disputes, while avoiding heavy penalties. In other words, the battle is very much alive and well.

It may surprise many readers to realize this case is now well into its sixth year, so we’ve created a timeline to track the major developments and key findings of the case.

February 24, 2010 – The European Commission confirms receipt of three antitrust complaints against Google. The complaints were authored by Foundem, Ciao, and eJustice. The Commission informs Google of the complaints and asks the company to address the allegations.

November 30, 2010 – The European Commission opens an antitrust investigation of Google, citing allegations that Google has “abused a dominant position in online search”. The Commission’s press release indicates the investigation will explore three claims:

That Google lowered the rank of unpaid search results of competing services
That Google lowered the […]

Comments (0)|Read more

25September

Jury Finds Apple Infringed Smartphone Patent

By Quandary Peak Research

A patent trial in the District of Delaware between MobileMedia Ideas (MMI) and Apple ended with a jury finding of infringement by Apple and an award of $3 million to MMI. The patent at issue, U.S. Patent No. RE 39,231, described the invention of the “polite ignore” feature on cell phones for silencing an incoming call in a way that prevents the caller from knowing that the call was ignored.

During the trial, which lasted a week, the jury heard expert testimony from Dr. Sigurd Meldal, a Professor of Computer Engineering and Software Engineering at San Jose State University and an expert with Quandary Peak Research. Dr. Meldal’s testimony related to technical aspects of the Apple devices at issue, the iPhone 3G, iPhone 3GS, and iPhone 4. Dr. Meldal, who was the sole technical expert called by MMI, had previously testified as a smartphone expert in other patent cases, including another trial between MMI and Apple that concluded with a favorable verdict for MMI in 2012.

After deliberating for less than two days, the jury found the patent valid and returned an infringement verdict with a damages award to MMI. Additional details about the case are available at Law360 and Delaware Law Weekly.

Comments (0)|Read more

13September

Lacking in Transparency: The Google Transparency Project

By Quandary Peak Research

In April 2016, the Campaign for Accountability (CfA) launched the Google Transparency Project (GTP), aimed at creating an online resource for the public to explore the relationship between Google and the government—and the impact of this relationship on American lives. In a statement, CfA Executive Director Anne Weisman said, “Google has long been a strong advocate of transparency in government, business, and even users’ private lives. It has not, however, been transparent about its own dealings with the government.” While other issues targeted by the CfA appear to have a more industry-wide spotlight, the Google Transparency Project focuses specifically on Google’s relationship with the government and its influence on public policy.

Major reports released by the GTP thus far examine the scope of Google’s access to the White House during Obama’s presidency as well as the suggested ‘revolving door’ shared between Google employees and those of the White House. Data compiled in the reports is accessible for public review and is accompanied by analysis from the CfA.

On the surface, this effort seems like it would be cut-and-dry in the public’s interest. Google is the second largest company in the world by market capitalization (second only to Apple Inc.), and it spent over $16 million on lobbying in 2014. Not a meaningful number to Google, but certainty a meaningful number in the lobbying world. $16 million in 2014 puts Google just below Comcast and Pharmaceutical Research and Manufacturers of America in lobbying dollars spent.

Knowing what goes on in the lobbying world and between government and business is critical, but the GTP has a transparency problem of its own. As Fortune’s Jeff John Roberts noted back in April, “The folks running the Google Transparency Project won’t say who is paying for it, which is odd […]

Comments (0)|Read more

23August

Open to Content: A Look at the Case for Net Neutrality

By Quandary Peak Research

On June 14, 2016 the District of Columbia Circuit Court of Appeals upheld the Federal Communications Commission’s (FCC) Open Internet Rules. The Court’s ruling came after more than a decade of intense debate over the relationship between Internet Service Providers (ISPs), the Federal Government, and internet users. Twice before, attempts by the FCC to implement rules that would allow them to regulate discriminatory behavior by ISPs have been overturned by the Court of Appeals. For the FCC, it appears the third time was in fact the charm.

While the arguments heard by the court focused heavily on the scope of the FCC’s regulatory authority, the larger debate has revolved around the term ‘net neutrality,’ which can be defined as the open and indiscriminate movement of content (movies, songs, news, etc…) over a network. For many, net neutrality implies a level playing field for all internet users—an uncompromised venue that incentivizes innovation and investment and allows everyone to access content and pursue their objectives equally. In a rare turn, public interest groups actually find themselves on the same side as large tech firms like Google and Facebook supporting the millions of internet subscribers that have rallied in favor of net neutrality.

Summarizing the argument for net neutrality, Google wrote: “If internet access providers can block some services and cut special deals that prioritize some companies’ content over others, that would threaten the innovation that makes the internet awesome…” So, without net neutrality, an ISP would be able to decide what content you can access and the speed at which you can access it.

On the other side of the debate are special interest groups representing a host of ISPs and others whose platform was focused generally on being anti-regulation. Prominent in this group, the USTelecom Association believes the regulations, […]

Comments (0)|Read more

15June

It’s Not Over Yet: Apple Inc. and the FBI Continue Fight Over Encrypted Data Access

By Quandary Peak Research

In what could’ve been the highest-profile case the tech world has ever seen, Apple Inc. (ticker: AAPL) and the Federal Bureau of Investigation (FBI) locked horns for months over gaining access to an iPhone belonging to one of the shooters in the San Bernardino attacks. The world watched as the tech giant held its position seeking not to undermine the security of its products, and the FBI attempted to force Apple’s hand in creating code that would enable them to access information on a locked iPhone.

Normally, the force of the federal government would have this case framed as a David vs. Goliath. But Apple Inc. is the world’s second largest company by market capitalization (Alphabet is the first), and with $215 billion in cash as of year-end 2015, it is better capitalized than the federal government—Apple’s debt to cash ratio is around 30% while the federal government’s debt to GDP ratio is over 100%. This is Goliath vs. Goliath, where both entities seemingly have unlimited resources to fight this case to any end. And there’s sufficient pride on both sides to expect just that.

In a world where tech security is a growing paramount concern, the case was—and still is—poised to set a new precedent governing the complicated relationship between the U.S. government, tech companies, and access to private data. In the case of the San Bernardino shooter’s iPhone, the FBI argued (inaccurately) that they would not be able to access important information contained on the phone without Apple’s help. They obtained a court order from a Federal Magistrate demanding Apple’s assistance after citing the All Writs Act, a 227-year-old law that can be used by the government to compel companies to perform actions by government order, so long as they are legal and for good reason. […]

Comments (0)|Read more

7June

Design Challenges in Sub-11nm Process Technologies

By Quandary Peak Research

As VLSI devices shrink to atomic scales, design and analysis become increasingly challenging. Dr. Shahin Nazarian, an expert at Quandary Peak Research and a faculty member in the Electrical Engineering Department at the University of Southern California, has been conducting research on the design and analysis of high speed, energy efficient circuits and systems. He has recently co-authored numerous conference and journal papers in system-level, algorithm-level, device-level, and circuit-level design, analysis and optimization.

More than half a century ago, Gordon Moore predicted that the number of transistors in IC (Integrated Circuit) chips would double roughly every two years [1]. The significance of this prediction is related to the role of transistors as the key logic components in the performance of electronic systems. This prediction, also referred to as Moore’s Law, has sustained its correctness for several decades and has become the primary guidance for the semiconductor community to monitor its long term goals and plans. It is important to note that Moore’s Law is not about the reduction of the size of transistors only, but also cost reduction as well. This implies that design solutions involve high level software and hardware analysis and optimization methodologies in addition to device level techniques.

As the devices have scaled down to 28nm process nodes and below, the traditional bulk CMOS technologies have faced grave challenges linked to device unpredictability and high leakage dissipation induced by short-channel effects and Process-Voltage-Temperature (PVT) variations. There have been massive R&D investments to tackle those issues to help extend Moore’s Law. In parallel, alternative metrics (such as speed per unit power) and laws have emerged as the fear of the end of Moore’s Law grows. One of the most promising solutions has been the adoption of non-planar or quasi-planar FinFET and Gate-All-Around (GAA) transistors that offer more […]

Comments (0)|Read more

7April

Nazarian Provides Deposition Testimony in BIOS Cases

By Quandary Peak Research

Quandary Peak Research expert Dr. Shahin Nazarian was deposed in several IPR cases on March 15, March 16, April 4 and April 6, 2016. He was the lead testifying expert witness on six contested patents. Nazarian was asked to opine on the invalidity of US patents 6,519,659, 6,487,656, 6,633,976, 6,373,498, 6,401,202, and 6,892,304. Nazarian drew on his industrial and research skills in OS and firmware design and development from both hardware and software domains. He was engaged by Stadheim & Grear, who represented the patent owner, Kinglite Holdings Inc., against the petitioners, American Megatrends, Inc., Micro-Star International Co., Ltd, MSI Computer Corp., Giga-Byte Technology Co., Ltd., and G.B.T., Inc.

US 6,519,659: Method and System for Transferring an Application Program from System Firmware to a Storage Device

Basic Input and Output System (BIOS) firmware is the software shipped on a BIOS ROM or FLASH chipset with a PC system. Firmware is the ROM-based software that controls a computer between the time it is turned on and the time the primary OS (operating system) takes control of the machine. Firmware’s responsibilities include testing and initializing the hardware, determining the hardware configuration, loading or booting the OS, and providing interactive debugging facilities in case of faulty hardware or software.

This patent discloses a system and a method to deliver applications from system firmware to a storage device without the need for or availability of an OS and/or a directory service. Prior to booting an OS on the processor-based system, the stored instruction sequences cause the processor to write the contents of a storage element to the storage device.

This patent also teaches a system and a method to endow remote communication with a service computer to provide the user computer access a database. The method first writes the contents of at least one storage element to […]

Comments (0)|Read more

20November

Award Winning Research Conducted by Quandary Peak Experts

By Quandary Peak Research

Two Quandary Peak experts and their teams presented their latest research at the twenty-sixth International Symposium on Software Reliability and Engineering, one of the most accredited IEEE events.

Dr. Mahdi Eslamimehr with his teammate from MIT won the ISSRE 2016 Best Paper award for “AtomChase: Directed Search Towards Atomicity Violations”, the result of three years’ work developing a state-of-the-art debugging tool for super computers. The Best Paper award is given to top researchers whose work influences academy and industry.

Atomicity violation is one of the main sources of concurrency bugs. Empirical studies show that the majority of atomicity violations are instances of the three-access pattern, where two accesses to a shared variable by a thread are interleaved by an access to the same variable by another thread. Dr. Eslamimehr presented a novel approach to atomicity violation detection that comprises two parts: 1. execution schedule synthesis, and 2. directed concurrent execution based on constraint solving and concolic execution. In comparison to five previous tools on 22 benchmark codebases (like Apache Tomcat with 4.5 million lines of Java code), AtomChase increased the number of three-access violations found by 24% and found errors in programs were wrongfully assumed to be bug-free. To prevent reporting false alarms, Dr. Eslamimehr and his colleague confirmed sufficient conditions for non-atomicity of three-access pattern traces. These conditions could recognize 89% of the actual atomicity violations found by AtomChase. Because checking these conditions is two orders of magnitude faster than a brute-force check, AtomChase has made it possible to improve the quality of industrial software like the popular Eclipse integrated development environment.

Another interesting study on end-to-end Android application analysis was presented at the same symposium by Dr. Sam Malek and his research group at University of California, Irvine.

Pervasiveness of smartphones and the vast number of corresponding apps […]

Comments (0)|Read more