Showing posts with label encryption. Show all posts
Showing posts with label encryption. Show all posts

15 February 2023

Incoming: Spare Slots for Freelance Work in 2023


I will soon have spare slots in my freelance writing schedule for regular weekly or monthly work, and major projects. Here are the main areas that I've been covering, some for nearly three decades. Any commissioning editors interested in talking about them or related subjects, please contact me at glyn.moody@gmail.com. I am also available to speak on these topics at relevant conferences around in the world, something I have done many times in the past. 

Privacy, Surveillance, Encryption, Freedom of Speech 

Over the last decade, I have written hundreds of articles about these crucial areas, for Techdirt, Privacy News Online, and Ars Technica. Given the increasing challenges facing society in these areas, they will remain an important focus for my work in the future. 

Copyright

I have also written many hundreds of articles about copyright. These have been mainly for Techdirt, where I have published nearly 1,900 posts, CopyBuzz, and Walled Culture. Most recently, I have written a 300-page book, also called Walled Culture, detailing the history of digital copyright, its huge problems, and possible solutions. Free ebook versions of its text are available

EU Tech Policy and EU Trade Agreements: DSA, DMA, TTIP, CETA 

I have written about EU tech policy for CopyBuzz, focussing on the EU Copyright Directive, and for Privacy News Online, dealing with major initiatives such as the Digital Services Act, the Digital Markets Act, and the Artificial Intelligence Act. Another major focus of my writing has been so-called "trade agreements" like TTIP, CETA, TPP and TISA. "So-called", because they go far beyond traditional discussions of tariffs, and have major implications for many areas normally subject to democratic decision making, notably tech policy. In addition to 51 TTIP Updates that I originally wrote for Computerworld UK. I have covered this area extensively for Techdirt and Ars Technica, including a major feature on TTIP for the latter. 

Free Software/Open Source

I started covering this topic in 1995, wrote the first mainstream article on Linux for Wired in 1997, and the first (and still only) detailed history of the subject, Rebel Code: Linux and the Open Source Revolution in 2001, for which I interviewed the world’s top 50 hackers at length. 

Open Access, Open Data, Open Science, Open Government, Open Everything 

As the ideas underlying openness, sharing and online collaboration have spread, so has my coverage of them, particularly for Techdirt. I wrote one of the most detailed histories of Open Access, for Ars Technica, and its history and problems also form Chapter 3 of my book Walled Culture, mentioned above. 

Europe 

As a glance at some of my 580,000 (sic) posts to Twitter, and 18,000 posts on Mastodon, will indicate, I read news sources in a number of languages (Italian, German, French, Russian, Spanish, Portuguese, and Georgian in descending order of capability.) This means I can offer a fully European perspective on any of the topics above - something that may be of interest to publications wishing to provide global coverage that goes beyond purely anglophone reporting. The 25,000 or so followers that I have across these social networks also means that I can push out links to my articles, something that I do as a matter of course to boost their readership and encourage engagement. 


London 2023

08 January 2018

Incoming: Spare Slots for Freelance Work in 2018


I will soon have spare slots in my freelance writing schedule for regular weekly or monthly work, and major projects. Here are the main areas that I've been covering, some for more than two decades. Any commissioning editors interested in talking about them or related subjects, please contact me at glyn.moody@gmail.com (PGP available).  I am also available to speak on these topics at relevant conferences.

Surveillance, Encryption, Privacy, Freedom of Speech

For the last two years, I have written hundreds of articles about these crucial areas, for Ars Technica UK (http://arstechnica.co.uk/author/glyn_moody/), Privacy News Online (https://www.privateinternetaccess.com/blog/author/glynmoody/) and Techdirt (https://www.techdirt.com/user/glynmoody). Given the challenges facing society this year, they are likely to be an important focus for my work in 2018.

China

Another major focus for me this year will be China. I follow the world of Chinese IT closely, and have written numerous articles on the topic. Since I can read sources in the original, I am able to spot trends early and to report faithfully on what are arguably some of the most important developments happening in the digital world today.

Free Software/Open Source

I started covering this topic in 1995, wrote the first mainstream article on Linux for Wired in 1997 (https://www.wired.com/1997/08/linux-5/), and the first (and still only) detailed history of the subject, Rebel Code (https://en.wikipedia.org/wiki/Rebel_Code) in 2001, where I interviewed the top 50 hackers at length. I have also written about the open source coders and companies that have risen to prominence in the last decade and a half, principally in my Open Enterprise column for Computerworld UK, which ran from 2008 to 2015.

Open Access, Open Data, Open Science, Open Government, Open Everything

As the ideas underlying openness, sharing and online collaboration have spread, so has my coverage of them. I wrote one of the most detailed histories of Open Access, for Ars Technica (http://arstechnica.com/science/2016/06/what-is-open-access-free-sharing-of-all-human-knowledge/).

Copyright, Patents, Trade Secrets

The greatest threat to openness is its converse: intellectual monopolies, which prevent sharing. This fact has led me to write many articles about copyright, patents and trade secrets. These have been mainly for Techdirt, where I have published over 1,500 posts, and also include an in-depth feature on the future of copyright for Ars Technica (http://arstechnica.co.uk/tech-policy/2015/07/copyright-reform-for-the-digital-age/).

Trade Agreements - TTIP, CETA, TISA, TPP

Another major focus of my writing has been so-called "trade agreements" like TTIP, CETA, TPP and TISA. "So-called", because they go far beyond traditional discussions of tariffs, and have major implications for many areas normally subject to democratic decision making. In addition to 51 TTIP Updates that I originally wrote for Computerworld UK (http://opendotdotdot.blogspot.nl/2016/01/the-rise-and-fall-of-ttip-as-told-in-51.html), I have covered this area extensively for Techdirt and Ars Technica UK, including a major feature on TTIP (http://arstechnica.co.uk/tech-policy/2015/05/ttip-explained-the-secretive-us-eu-treaty-that-undermines-democracy/) for the latter.

Europe

As a glance at some of my 318,000 (sic) posts to Twitter, identi.ca and Google+ will indicate, I read news sources in a number of languages (Italian, German, French, Spanish, Russian, Portuguese, Dutch, Greek, Swedish in descending order of capability.) This means I can offer a fully European perspective on any of the topics above - something that may be of interest to publications wishing to provide global coverage that goes beyond purely anglophone reporting. The 30,000 or so followers that I have across these social networks also means that I can push out links to my articles, something that I do as a matter of course to boost their readership.

18 May 2017

Tell the UK Government: No Backdoors in Crypto

The UK government seems to be pressing ahead with its idiotic plans to backdoor crypto. There is a (secret) consultation on the subject that closes tomorrow - write to investigatorypowers@homeoffice.gsi.gov.uk.  Here's what I've just sent:

I am writing in connection with UK government proposals to force tech companies and Internet providers to create government backdoors to encrypted communications.

Speaking as a journalist who has been writing about every aspect of computer technology for 35 years, and about the Internet for 20 years (https://en.wikipedia.org/wiki/Glyn_Moody), I cannot emphasise too strongly that this would be a very unwise and dangerous move.

There is no such thing as a safe backdoor that is only available to the authorities.  If a weakness is created in a program or service, it can be found be third parties.  That is hard, but not impossible, especially for well-funded state actors.

Even more likely is that details of backdoors will be leaked.  The recent experience of the WannaCry ransomware attack, which is based on an NSA exploit that was leaked earlier, show how devastating this kind of subversion can be.

There is another powerful reason not to force companies operating in the UK to weaken their security.  First, US companies may simply water down protections for UK users, while protecting those in the rest of the world.  Obviously that would leave UK users particularly vulnerable to attack, and make them prime targets.

Secondly, if British companies are forced to provide backdoors in their products, then no government or company elsewhere in the world will use UK software, since there will always be a risk that it contains intentional security flaws.  This is the surest way to sabotage the UK software industry, and to ensure that computer startups are located anywhere but in the UK.

As well as being harmful, moves to weaken the security of encrypted products are also unnecessary.  As recent events have confirmed, terrorists rarely use encryption, and when they do, they make mistakes that allow the security services to access communications.  Indeed, there are many ways to obtain access and information even when encryption is used, as a recent paper explained (https://www.schneier.com/blog/archives/2017/03/new_paper_on_en.html).

To summarise, the many and mighty harms caused by weakening encryption vastly outweigh any illusory benefits.  The UK government would be ill-advised to take this route.

23 November 2013

Should Wikipedia Force All Users To Use HTTPS?

It would be something of an understatement to say that encryption is a hot topic at the moment. But leaving aside deeper issues like the extent to which the Internet's cryptographic systems are compromised, there is a more general question about whether Web sites should be pushing users to connect using HTTPS in the hope that this might improve their security. That might seem a no-brainer, but for the Wikimedia Foundation (WMF), the organization that runs Wikipedia and related projects, it's a more complex issue. 

On Techdirt.

John Gilmore On How The NSA Sabotaged A Key Security Standard

In Bruce Schneier's uplifting call to fix the Internet in the wake of key technologies being subverted by the US government, one of the things he asks engineers to do is to come forward with detailed information about how the NSA did that

On Techdirt.

NSA's Crypto Betrayal: Good News for Open Source?

Revelations from documents obtained by whistleblower Edward Snowden that GCHQ essentially downloads the entire Internet as it enters and leaves the UK, and stores big chunks of it, was bad enough. But last week we learned that the NSA has intentionally weakened just about every aspect of online encryption:

On Open Enterprise blog.

19 September 2013

Saudi Arabia Starts Clamping Down On Encrypted VoIP Services; US And UK Strangely Silent On The Moves

Earlier this month, the messaging service Viber was blocked in Saudi Arabia. This was not entirely unexpected, since the authorities had been trying to come to grips with the service and its ability to encrypt messages for a while according to Viber's founder, as a BBC News report explains: 

On Techdirt

Is Encryption Effective Against Snooping? German Government Says No, Snowden Says Yes

The revelations of Edward Snowden about the NSA's snooping of citizens both inside and outside the US are posing more questions than they answer at the moment. One key area is whether the use of encryption -- for example for email -- is effective against the techniques and raw power available to the NSA (and equivalents in other countries). That's something that has come up before in the context of the UK's Snooper's Charter. When a top official there was asked whether the proposed surveillance technology would be able to cope with encrypted streams, he replied: "it will." Snowden's claims about massive, global spying makes the issue even more pertinent. 

On Techdirt.

08 December 2012

German Court Holds Internet User Responsible For Passing On Unknown, Encrypted File

A natural response to the increasingly harsh enforcement of laws against unauthorized sharing of copyright files is to move to encrypted connections. It seems like a perfect solution: nobody can eavesdrop, and so nobody can find out what you are sharing. But as TorrentFreak reports, a German court has just dealt a blow to this approach

On Techdirt.

19 December 2011

Former Tunisian Regime Goes Beyond Spying On Internet Traffic... To Rewriting Emails & More

Most people instinctively appreciate the dangers of government surveillance. But at least it's possible to be on your guard when you suspect such surveillance may be present by taking care what you write and send. You might even use some industrial-grade encryption for the important stuff. 

On Techdirt.

06 December 2011

More Collateral Damage From SOPA: People With Print Disabilities And Human Rights Groups

As people wake up to the full horror of what SOPA would do to the Internet and its users, an increasing number of organizations with very different backgrounds are coming out against it. Here's one more to add to that list, from the world of non-profit humanitarian groups. 

On Techdirt.

19 October 2008

Madness Begets Madness

This is where the madness of authoritarianism leads:

Everyone who buys a mobile telephone will be forced to register their identity on a national database under government plans to extend massively the powers of state surveillance.

Phone buyers would have to present a passport or other official form of identification at the point of purchase. Privacy campaigners fear it marks the latest government move to create a surveillance society.

A compulsory national register for the owners of all 72m mobile phones in Britain would be part of a much bigger database to combat terrorism and crime. Whitehall officials have raised the idea of a register containing the names and addresses of everyone who buys a phone in recent talks with Vodafone and other telephone companies, insiders say.

The move is targeted at monitoring the owners of Britain’s estimated 40m prepaid mobile phones. They can be purchased with cash by customers who do not wish to give their names, addresses or credit card details.

This is another reason why the super-duper snooper database is madness: to make it even vaguely workable, the government must try to plug all these loopholes. But plugging one - pay-as-you-go mobiles - only highlights the next. In this case, it's pay-as-you-go mobiles from *abroad*. The logic of the super-duper snooper database means that people will be forced to register every mobile as they come into the UK. But this will simply create a black market for used mobile phones, so then the UK government will have to make *those* illegal. And then people will turn to encrypted VoiP, so that will be made illegal, and so on, and so forth.

Why don't they just implant chips in us at birth at be done with it?

18 January 2008

No EU Snooping, Danke

Heise online reports on a very bad idea:

If things go the way the Conservative British MEP Christopher Heaton-Harris wants them to, internet providers will be much more closely involved in the battle against copyright infringements. He has introduced a proposal in the European Parliament under which access providers would not only have to install filters on the network side, in order to prevent misuse of their networks for the theft of intellectual property, but would also be obliged to close down Internet access to clients who "repeatedly or substantially" infringe copyright. Content that infringes others' rights would moreover have to be blocked by providers.

As to why it's a bad idea, here's what I've just sent to all my MEPs using the indispensable WriteToThem site:

First, it won't work. Users will simply encrypt their files before sending them, making them completely opaque to content filters. The power of computers is such that this is an easy operation to carry out, and it will become the norm if the above proposal is enacted. Breaking that encryption, by contrast, is very hard, and access providers will be unable to do this in order to inspect the contents.

Secondly, the proposal requires access providers to examine the full traffic flows of everyone. The scope for abuse is enormous. Most people do not encrypt sensitive information that they include in emails, for example. Sometimes Web transmissions are not properly encrypted, allowing sensitive information such as credit card details or health information to be read. If this proposal were enacted, and access providers were required to monitor all traffic, it would be tempting – and easy – for criminals to infiltrate such companies and extract sensitive data.

Finally, there is a deeper discussion needed about whether sharing copyright material is actually bad for the owners of that material. There is growing evidence that people who download such material go on to make more content purchases than those who do not. This is not really surprising: the downloaded materials are effectively free publicity, and a way to discover new content of interest. When people have the chance to sample and explore new content, they end up buying things that they would never have thought of purchasing, bringing more money to the content owners. It might be that the content industries should really be encouraging this kind of free marketing: more research is needed at the very least.

If you feel strongly about this - and you should - perhaps you'd like to write a quick note to your MEPs.

25 May 2007

Even Google Nods

Accessing Google Analytics to view some stats about this site, I received the following warning:

"www.google.com" is a site that uses a security certificate to encrypt data during transmission, but its certificate expired on 16/05/2007 00:18.

Whoops, someone was careless.

07 December 2006

The Politicians' Big Disconnect

According to heise online:

the [German] Federal Ministry of the Interior declares the ability to search PCs without physical access to them to be a key component in the fight against terror.

Well, it can declare away until its booties fall off, but as the article points out:

How a screening of PCs protected by a firewall or tucked away behind a router with Network Address Translation is to be carried out the proposals of the politicians concerned with internal security remain conspicuously silent, however.

Quite. Throw in a modicum of serious data encryption, and you have a PC that is seriously hard to hack - however much the politicians might declare this approach to be a "key component in the fight against a terror."

All of which provides a further demonstration, if one were needed, of how this idiotic "fight against terror" is merely a pretext for governments around the world (step forward, Mr Blair) to impose pointless and unworkable schemes that serve no other purpose than to trample on the freedom of all of us, while the ne'er-do-wells laugh up their terrorist sleeves.

06 April 2006

Why VOIP Needs Crypto

The ever-wise Bruce Schneier (whom I had the pleasure of interviewing a couple of years ago) spells out in words of one syllable why the hot Voice over IP digital 'phone systems absolutely need encryption. He also links to the perfect solution: Phil Zimmermann's latest wheeze, Zfone - an open source VOIP encryption program.

17 March 2006

Google's Grief, Open Source's Gain?

The news that a judge has ordered Google to turn over all emails from a Gmail account, including deleted messages, has predictably sent a shiver of fear down the collective spine of the wired community, all of whom by now have Gmail accounts. Everybody can imagine themselves in a similar situation, with all their most private online thoughts suddenly revealed in this way.

The really surprising thing about this development is not that it's happened, but that anyone considers it surprising. Lawyers were bound to be tempted by the all unguarded comments lying in emails, and judges were bound to be convinced that since they existed it was legitimate to look at them for evidence of wrong-doing. And Google, ultimately, is bound to comply: after all, it's in the business of making money, not of martyrdom.

So the question is not so much What can we do to stop such court orders being made and executed? but What can we do to mitigate them?

Moving to another email provider like Yahoo or Hotmail certainly won't help. And even setting up your own SMTP server to send email won't do much good, since your ISP probably has copies of bits of your data lying around on its own servers that sooner or later will be demanded by somebody with a court order.

The only real solution seems to be to use strong encryption to make each email message unreadable except by the intended recipient (and even this is an obvious weakness).

It would, presumably, be relatively simple for Google to add this to Gmail. But even if it won't, there is also a fine open source project called Enigmail, which is an extension to the Mozilla family of email readers - Thunderbird et al. - currently nearing version 1.0. The problem is that installation is fairly involved, since you must first set up GnuPG, which provides the cryptographic engine. If the free software world could make this process easier - a click, a passphrase and you're done - Google's present grief could easily be turned into open source's opportunity.