NZ now has a league of broadband heroes - NZWIP

The real heroes of rural broadband have taken a break from bringing the best broadband to rural NZ for long enough to form an organisation and get the ability to speak with a single voice and engage with the 'Wellington' labyrinth, the mysterious beltway triangle linking MBIE, the Commerce Commission and Parliament.

I was at their inaugural meeting and I wish them luck and success, here's the official release:

More than 20 representatives from independent New Zealand wireless broadband providers have met in Wellington and resolved to form an industry group to jointly address issues facing their industry and speak to central government with one voice.

The meeting in Wellington was initially set up to hear presentations from RSM, InternetNZ and TUANZ, and work towards a combined submission to the current review of the Radiocommunications Act, but it soon became obvious that most providers faced similar issues and there was much common ground.

“By mid-morning on the second day, members were able to agree on the aims and principles of the new organisation and elect officers to represent the group,” says newly-elected President Justin Wells of Nelson-based

The group will be known as the New Zealand Wireless Internet Providers Association (NZWIP). Full membership will be available to wireless broadband providers with a minimum of 200 end-point wireless customers, and other organisations such as equipment suppliers and sole operators will be able to apply for associate membership.

The group will share resources and also provide statistics on an anonymous basis so that the overall size of this part of the telecommunications industry can be established.

“We expect we will find that this group serves in excess of 80,000 customers throughout New Zealand,” says Mr Wells. “Almost all of us are privately funded companies set up by entrepreneurs who have become expert in bringing decent broadband speeds to remote rural areas where the traditional providers were unable or unwilling to go. Ask any farmer or rural town-dweller who is their broadband provider and you’ll most likely find that it’s a relatively small, local company. Our advantage is that we know our territory, we understand the local geography and we know our customers. It’s a business model that works, even if it’s one that has suffered from missing out on government funded rural broadband initiatives which have made money available only to companies who could provide national coverage. That’s an issue that has been really frustrating for us all, as we’ve had to deal with taxpayer-funded competition.”

Mr Wells said the group was encouraged to see Minister Amy Adams’ pre-election announcement that National would make $100 million of contestable funding available which independent wireless providers would be able to access.

“This is a huge step forward and an acknowledgement that our members have been out there closing the digital divide for over a decade – taking kiwi ingenuity, combining it with technical know-how and making things happen in rural New Zealand.”

I know these guys can make a difference because 10 years ago I got my rural broadband issues in Marlborough solved by the, in fact that's what started the whole process that leads me to being here today.

Their timing is right and they will delivered the best bang for the buck possible.

The Herod Clause - What would you give up for free WiFi?

A recent experiment in London showed that some people were prepared to give up their first born children in return for free wifi!, the story is here.

The reality is how many of us actually read the terms and conditions before we click agree on our way to some free surfing?

Here's the story:

A handful of Londoners in some of the capital’s busiest districts unwittingly agreed to give up their eldest child, during an experiment exploring the dangers of public Wi-Fi use.

The experiment, which was backed by European law enforcement agency Europol, involved a group of security researchers setting up a Wi-Fi hotspot in June.

When people connected to the hotspot, the terms and conditions they were asked to sign up to included a “Herod clause” promising free Wi-Fi but only if “the recipient agreed to assign their first born child to us for the duration of eternity”. Six people signed up.

F-Secure, the security firm that sponsored the experiment, has confirmed that it won’t be enforcing the clause.

“We have yet to enforce our rights under the terms and conditions but, as this is an experiment, we will be returning the children to their parents,” wrote the Finnish company in its report.

“Our legal advisor Mark Deem points out that – while terms and conditions are legally binding – it is contrary to public policy to sell children in return for free services, so the clause would not be enforceable in a court of law.”

Ultimately, the research, organised by the Cyber Security Research Institute, sought to highlight public unawareness of serious security issues concomitant with Wi-Fi usage.

The experiment used a mobile hotspot device built for less than £160 by German ethical-hacking company SySS using a Raspberry Pi computer, a battery pack and Wi-Fi aerial, all held together with elastic bands.

I'm pleased they won't be enforcing the clause, but the scary bit comes later in the article:

The experiment used a mobile hotspot device built for less than £160 by German ethical-hacking company SySS using a Raspberry Pi computer, a battery pack and Wi-Fi aerial, all held together with elastic bands.

The device “could have been easily concealed in a woman’s handbag and could be deployed in seconds,” claimed the report. It was first deployed in Cafe Brera in Canada Square, in the heart of Canary Wharf, and later just outside the Queen Elizabeth Centre near the Houses of Parliament.

After the initial Herod clause experiment, the research continued with the terms and conditions removed. In Westminster, 33 devices connected to the hotspot, with researchers startled to find that the popular POP3 email protocol revealed passwords in plain text when used over Wi-Fi.

This vulnerability dates back 13 years to 2001, showing how little effort has been put into fixing a potentially critical issue. If the researchers had been malicious, they could have easily siphoned off critical data like usernames and passwords and logged into people’s accounts.

“The authentication happens in plain text in some old protocols,” F-Secure’s Sean Sullivan told the Guardian. “You could probably snare a lot of people using email… you could do more to refine [an attack] to capture more people’s mail.”

Thats actually very scary, yet the allure of free wifi is really really strong. Here's the useful information from the end of the article:

But more mundane data can also be useful for hackers. Even when they aren’t connected to a hotspot, devices on average reveal the last 19 access points they hooked up to, the study found.

“It‘s a particularly disturbing development as recent research has shown that individuals can be accurately identified by using just the last four access points where they have logged on,” F-Secure’s report read.

Other metadata, such as websites people have visited or their device ID, would also prove useful to criminal or government spies hoping to piece together a fuller picture of targets.

The report concluded that there needs to be much more education around the use of public Wi-Fi, especially hotspots that are of unknown origin. F-Secure is also calling for more transparency from the telecoms industry.

Currently, users are suffering because of “collusion between different branches of the industry”, which has sacrificed security for the sake of usability, the researchers claimed.

“People haven’t had anything to compare it to to wrap their head around,” Sullivan added. “People are thinking of Wi-Fi as a place as opposed to an activity... You don’t do unprotected Wi-Fi at home, why are you doing it in public?”

Sullivan advises users run a Virtual Private Networking (VPN) software product, which will encrypt the data being sent to and from their device.

Turning Wi-Fi off when in public or when around untrusted hotspots can also be helpful wherever and whenever possible. Deleting old and known networks broadcasted by the device can help protect from metadata snoops too.

Good stuff to remember, it got me thinking about this story from a couple of years ago about the feasibility of digital pickpockets using a malicious android app to read NFC credit cards while they are still in your wallet! 

In a talk at the Defcon hacker conference in Las Vegas Friday, Lee demonstrated an Android software tool called NFCProxy that’s capable of both reading and “replaying” data from contactless credit cards–any of the common payment cards with embedded RFID chips that allow payments at retail outlets’ wireless point-of-sale devices like these. undefined

After using a Nexus S phone to read his own contactless Visa card onstage at Defcon, he then used his tool to relay the data a moment later to a point-of-sale device, where it was accepted as a payment. “I’ve just skimmed, abused and spent someone’s credit card within a couple minutes. It’s really simple,” he told the crowd.

That is really scary and we now have our banks and telco's rushing to get into payments before Apple Pay launches here.

But have they got the security sewn up tight?

2014 is shaping up to be the year of big security scares!



Dear Steven

Congratulations on reclaiming the ICT portfolio, I think I now know why you weren't so keen on having a CTO for New Zealand. I know you have the skills, experience and battle scars to make this area really perform.

I think you now have the unique opportunity to pull it all together, across your portfolios you have all the ingredients required to make us an ICT powerhouse, you've got Research, Science and Technology (the areas that do the real R&D in this space & REANNZ - the real telco of the future today) that means access to the real latest thinking (not just what the vendors have to sell today)

With Tertiary Education you've got the means to turn that knowledge into skills and then those skills are needed in jobs for our kids (I've got two 'minecraft' trained budding robotics engineers who'll be looking for jobs in the next 8-10 years). We need to both build ICT businesses and help all our business get more productive using ICT in smart, creative and effective ways.

Extending the UFB and getting to the nub of the real rural issues will help enormously, this time I'd love to see the true heroes of rural broadband included in the mix, the regional ISP's are your secret weapon, they literally go the extra mile and are truly local. 

Just pulling together those threads will create great synergies and the team you'll be able to assemble in your office and at your ministries can really make a difference.

And TUANZ is here to help, we don't always agree but we are focused on the same objectives,  

Can't wait until we get a chance to share our ideas with you too. 



NZ does have a CTO - Steven Joyce

Yesterday's announcement of ministerial portfolio's had the touch of experience, wisdom and smart thinking about it.

Actually it shows that the Government has absorbed the lessons of the election well, the itch that the 'Internet Party' was trying to scratch has been soothed, and the calls for a CTO for NZ have been answered with something even better.

Initially I was focused on Amy Adams retaining Communications and gaining Broadcasting, reflecting the fact that media is just content and hopefully pointing to some joined up thinking in that space,

I think an ironic consequence of the whole 'Dirty Politics' saga is that any illusions about 'old' media being somehow different and distinct have been shattered, the only difference is the delivery mechanism.

What slipped my attention was that ICT has returned to Steven Joyce, this is interesting because he is undoubtedly the architect of the ambitious projects that will give New Zealand a huge economic and social advantage in the decades that lie ahead. 

This is really good news, ICT has traditionally been seens as a relatively lowly portfolio that is used to train a new minister (this has been the case for both Steven and Amy), it has never been held at such a senior level before nor has it beem reclaimed before.  But I think it has dawned on the Government that ICT is going to be the platform that lets them keep delivering across all of their major portfolios without increasing taxes.

The third part of the new line up worth commenting on is the transfer of SIS and GCSB oversight to the Attorney General essentially moving the operational aspect of these agencies into a very legal framework. 

As I've said before I was pretty happy with the Government's two new ICT initiatives, the 5% extension to the UFB target and the extra $150 million for rural broadband, my two unfulfilled hopes had been for a 'CTO' for New Zealand and a 'Digital Bill of Rights'.

Well I actually think we may have sort of got both of those, separating the SIS and GCSB roles from the PM will put some welcome distance into cybersecurity and surveillance issues and Chris Finlayson could well be the architect of the real digital Magna Carta..

And having the 3rd most important cabinet minister take back ICT is actually way better than having an official who reports to the PM because it means that ICT is at every cabinet meeting and is going to be factored into every relevant government decision. Not just that Steven is very experienced at sorting out ICT projects, I suspect his Novopay experience could well earn him a CIO of the year nomination. 

When you add ICT in with his other portfolios such as Economic Development, Tertiary Education and Science and Innovation, he has the whole mix, research, skills, jobs and ICT driven economic growth. 

It's funny because before the election Steven claimed we didn't need a CTO because we had the GCIO (a role that really should report to him now), at the time I thought his response was flippant but now I think he wanted the role himsel.