Showing posts with label surveillance. Show all posts
Showing posts with label surveillance. Show all posts

15 February 2023

Incoming: Spare Slots for Freelance Work in 2023


I will soon have spare slots in my freelance writing schedule for regular weekly or monthly work, and major projects. Here are the main areas that I've been covering, some for nearly three decades. Any commissioning editors interested in talking about them or related subjects, please contact me at glyn.moody@gmail.com. I am also available to speak on these topics at relevant conferences around in the world, something I have done many times in the past. 

Privacy, Surveillance, Encryption, Freedom of Speech 

Over the last decade, I have written hundreds of articles about these crucial areas, for Techdirt, Privacy News Online, and Ars Technica. Given the increasing challenges facing society in these areas, they will remain an important focus for my work in the future. 

Copyright

I have also written many hundreds of articles about copyright. These have been mainly for Techdirt, where I have published nearly 1,900 posts, CopyBuzz, and Walled Culture. Most recently, I have written a 300-page book, also called Walled Culture, detailing the history of digital copyright, its huge problems, and possible solutions. Free ebook versions of its text are available

EU Tech Policy and EU Trade Agreements: DSA, DMA, TTIP, CETA 

I have written about EU tech policy for CopyBuzz, focussing on the EU Copyright Directive, and for Privacy News Online, dealing with major initiatives such as the Digital Services Act, the Digital Markets Act, and the Artificial Intelligence Act. Another major focus of my writing has been so-called "trade agreements" like TTIP, CETA, TPP and TISA. "So-called", because they go far beyond traditional discussions of tariffs, and have major implications for many areas normally subject to democratic decision making, notably tech policy. In addition to 51 TTIP Updates that I originally wrote for Computerworld UK. I have covered this area extensively for Techdirt and Ars Technica, including a major feature on TTIP for the latter. 

Free Software/Open Source

I started covering this topic in 1995, wrote the first mainstream article on Linux for Wired in 1997, and the first (and still only) detailed history of the subject, Rebel Code: Linux and the Open Source Revolution in 2001, for which I interviewed the world’s top 50 hackers at length. 

Open Access, Open Data, Open Science, Open Government, Open Everything 

As the ideas underlying openness, sharing and online collaboration have spread, so has my coverage of them, particularly for Techdirt. I wrote one of the most detailed histories of Open Access, for Ars Technica, and its history and problems also form Chapter 3 of my book Walled Culture, mentioned above. 

Europe 

As a glance at some of my 580,000 (sic) posts to Twitter, and 18,000 posts on Mastodon, will indicate, I read news sources in a number of languages (Italian, German, French, Russian, Spanish, Portuguese, and Georgian in descending order of capability.) This means I can offer a fully European perspective on any of the topics above - something that may be of interest to publications wishing to provide global coverage that goes beyond purely anglophone reporting. The 25,000 or so followers that I have across these social networks also means that I can push out links to my articles, something that I do as a matter of course to boost their readership and encourage engagement. 


London 2023

08 January 2018

Incoming: Spare Slots for Freelance Work in 2018


I will soon have spare slots in my freelance writing schedule for regular weekly or monthly work, and major projects. Here are the main areas that I've been covering, some for more than two decades. Any commissioning editors interested in talking about them or related subjects, please contact me at glyn.moody@gmail.com (PGP available).  I am also available to speak on these topics at relevant conferences.

Surveillance, Encryption, Privacy, Freedom of Speech

For the last two years, I have written hundreds of articles about these crucial areas, for Ars Technica UK (http://arstechnica.co.uk/author/glyn_moody/), Privacy News Online (https://www.privateinternetaccess.com/blog/author/glynmoody/) and Techdirt (https://www.techdirt.com/user/glynmoody). Given the challenges facing society this year, they are likely to be an important focus for my work in 2018.

China

Another major focus for me this year will be China. I follow the world of Chinese IT closely, and have written numerous articles on the topic. Since I can read sources in the original, I am able to spot trends early and to report faithfully on what are arguably some of the most important developments happening in the digital world today.

Free Software/Open Source

I started covering this topic in 1995, wrote the first mainstream article on Linux for Wired in 1997 (https://www.wired.com/1997/08/linux-5/), and the first (and still only) detailed history of the subject, Rebel Code (https://en.wikipedia.org/wiki/Rebel_Code) in 2001, where I interviewed the top 50 hackers at length. I have also written about the open source coders and companies that have risen to prominence in the last decade and a half, principally in my Open Enterprise column for Computerworld UK, which ran from 2008 to 2015.

Open Access, Open Data, Open Science, Open Government, Open Everything

As the ideas underlying openness, sharing and online collaboration have spread, so has my coverage of them. I wrote one of the most detailed histories of Open Access, for Ars Technica (http://arstechnica.com/science/2016/06/what-is-open-access-free-sharing-of-all-human-knowledge/).

Copyright, Patents, Trade Secrets

The greatest threat to openness is its converse: intellectual monopolies, which prevent sharing. This fact has led me to write many articles about copyright, patents and trade secrets. These have been mainly for Techdirt, where I have published over 1,500 posts, and also include an in-depth feature on the future of copyright for Ars Technica (http://arstechnica.co.uk/tech-policy/2015/07/copyright-reform-for-the-digital-age/).

Trade Agreements - TTIP, CETA, TISA, TPP

Another major focus of my writing has been so-called "trade agreements" like TTIP, CETA, TPP and TISA. "So-called", because they go far beyond traditional discussions of tariffs, and have major implications for many areas normally subject to democratic decision making. In addition to 51 TTIP Updates that I originally wrote for Computerworld UK (http://opendotdotdot.blogspot.nl/2016/01/the-rise-and-fall-of-ttip-as-told-in-51.html), I have covered this area extensively for Techdirt and Ars Technica UK, including a major feature on TTIP (http://arstechnica.co.uk/tech-policy/2015/05/ttip-explained-the-secretive-us-eu-treaty-that-undermines-democracy/) for the latter.

Europe

As a glance at some of my 318,000 (sic) posts to Twitter, identi.ca and Google+ will indicate, I read news sources in a number of languages (Italian, German, French, Spanish, Russian, Portuguese, Dutch, Greek, Swedish in descending order of capability.) This means I can offer a fully European perspective on any of the topics above - something that may be of interest to publications wishing to provide global coverage that goes beyond purely anglophone reporting. The 30,000 or so followers that I have across these social networks also means that I can push out links to my articles, something that I do as a matter of course to boost their readership.

29 March 2017

The Copyright Industry's So-Called "Value Gap" Is Actually an Innovation Gap

The is a crucial year for the Internet in Europe, because 2017 will see key decisions made about the shape of copyright law in the EU. That matters, because copyright is in many ways the antithesis of the Net, based as it is on enforcing a monopoly on digital content, whereas the Net derives its power from sharing as widely as possible. The stronger copyright becomes, the more the Internet is constrained and thus impoverished.

There are three key areas in the proposed revision to the EU's Copyright Directive where the Internet and its users are under threat from attempts to strengthen copyright. First, there is the panorama exception, which allows people to take pictures in the street without needing to worry about whether buildings or public objects are subject to copyright. Despite this being little more than common sense – imagine having to check the legal status of everything in view before taking a photo – copyright maximalists are fighting to stop a panorama exception being added to EU law.

The second point of contention concerns the link tax, also known as the snippets or Google tax. The last of these explains the motivation: publishers want Google to pay for linking to their articles using snippets of text. Despite the obvious folly of charging for the ability to send traffic to your site, the copyright world's sense of entitlement is such that two countries have already introduced a link tax, with uniformly disastrous results.

When Spain brought in a law that required search engines to pay publishers for the use of snippets, Google decided to close down its Google News service in the country, which led to online publishers losing 10% to 15% of their traffic.

Similarly, in Germany, which also introduced a link tax, publishers ending up giving Google a free licence to their material, so great was the law's negative impact on their business when Google stopped linking to their publications.

The snippet tax is so manifestly stupid that it is unlikely to appear in the final version of the revised Copyright Directive. But the third area of concern stands a much better chance because of the clever way that the publishing world is dressing it up as being about a so-called "value gap." It's a very vague concept – see this new video that explores what it is - but it boils down to publishers being resentful because digital newcomers came up with innovative business models based around legal access to online music, and they didn't.

An interesting speech on the topic by the International Federation of the Phonographic Industry's CEO in 2016 laments the fact that the "value" of the global music industry has recently declined 36% over 15 years. That's not really surprising: during this period the recording industry did everything in its power to throttle or stall new ways of providing access to music on the Internet.

What the so-called "value gap" is really about here is the long-standing innovation gap among recording companies, and their refusal to adapt to a changing world. Imagine if they had embraced the P2P music sharing service Napster in 2000 instead of suing it into the ground. Imagine if they had set up sharing and streaming servers themselves a decade and a half ago; imagine how much money they would have made from subscriptions and advertising, and how much their value would have grown, not fallen.

If this evident innovation gap only harmed the copyright companies themselves, it would not be a problem, so much as just deserts. But they are now lobbying to get the laws around the world changed in important ways purely in order to prop up their old business models in an attempt to compensate for this failure to embrace the Internet. In the EU, they are using the fallacious "value gap" concept to call for mandatory upload filters for all major sharing sites – effectively large-scale surveillance and censorship.

Given that one of the most important consequences of the Copyright Directive could be the curtailing of basic human rights in the EU, it is disappointing that a seminar run by the Alliance of Liberals and Democrats for Europe (ALDE) group in the European Parliament – supposedly made up of liberals in favour of such democratic freedoms – skews the debate so completely in favour of the copyright industry. Judging by the programme, there is not a single representative of the public speaking at the event – which is pointedly entitled "Copyright reform: Sharing of the value in the digital environment" - pretty much guaranteeing a biased and unhelpful discussion.

That failure by ALDE even to acknowledge that EU citizens have anything useful to contribute, or any right to speak here, does not bode well for the ultimate outcome of the Copyright Directive negotiations later this year. ALDE needs to start caring about and listening to the millions of citizens who voted for its MEPs. At the moment it seems to have uncritically swallowed the backward-looking copyright industry's framing of the problem as a non-existent "value gap", when the deeper problem is its continuing innovation gap. As a result, this year could see key aspects of the Internet's operation, to say nothing of privacy and freedom of speech, gravely damaged because of yet another expansion of copyright's reach and power.

06 March 2016

Please Write To MPs To Call For More Time To Debate Investigatory Powers Bill

Last week, the UK government published a revised Investigatory Powers Bill, aka the Snooper's Charter.  Surprisingly, it took no notice of the the serious criticisms made by no less than three Parliamentary committees; indeed, in some respects, it has made the Bill even worse.

The UK government is now trying to force the Bill through Parliament quickly, so that there is very little scrutiny.  As a priority, we need to get more time allocated for the debates. To achieve that, UK citizens can write to their MPs using WriteToThem, asking them to support efforts to allow more time.  Here's what I've just sent to my MP:

This is just a quick note to ask you to support efforts to allow more Parliamentary scrutiny for the Investigatory Powers Bill.  Although views may differ on the contents of the Bill, surely everyone can agree that something as important and as complex as this deserve rigorous examination by MPs. 

As a journalist, I have looked through the Bill and several of the Codes of Practice, so I know from first-hand experience how much is contained in the 800 pages they represent in total.  With only a cursory examination by MPs, it is highly likely that there will be aspects that could cause huge problems later on – for the intelligence services and police, the public, UK computer companies and specific groups like journalists, lawyers and MPs.

I therefore urge you to join with your colleagues to ask the government to allocate more time for the Bill to be discussed.  The fact that there is a sunset clause in the Data Retention and Investigatory Powers Act is not a good reason to rush through a flawed Investigatory Powers Bill to replace it.

26 July 2014

India Developing Additional National Surveillance System; US Has No Moral High Ground To Protest

Like many other countries, India has been steadily extending its national surveillance capabilities. We wrote about its main Central Monitoring System (CMS) back in May last year, with more details in July. In news that shocked no one, we discovered in September that illegal surveillance is already taking place. And now, via The Economic Times, we learn that India has built another, completely independent system for spying on its citizens

On Techdirt.

Could 'Tailored Access Operations' Be An Alternative To 'Collect It All'?

One of the most contentious aspects of the NSA's surveillance is the central belief by General Alexander and presumably many others at the agency that it must "collect it all" in order to protect the public. To stand a chance of overturning that policy, those against this dragnet approach need to come up with a realistic alternative. An interesting article by Matt Blaze in the Guardian offers a suggestion in this regard that takes as its starting point the recent leaks in Der Spiegel about the extensive spying capabilities of the NSA's Tailored Access Operations (TAO). As Blaze points out: 

On Techdirt.

Huawei's Global Head Of Cyber Security Wants The Government 'To Have As Much Data As Possible'

In Der Spiegel's recent revelations about the far-reaching nature of the NSA's spykit, it mentions several US companies, Samsung from South Korea, and one from China -- Huawei. Like the others, Huawei denied any knowledge of the modifications to its products that Der Spiegel claims are used by the NSA to break into systems. This isn't the first time that the finger has been pointed at Huawei. Some years back, Huawei was accused of facilitating spying for the Chinese government, but after an 18-month investigation, no evidence was found of this. That fact allowed John Suffolk, Global Head of Cyber Security for Huawei and the former UK Government CIO, to enjoy the irony of Snowden's leaks about backdoors in US products

On Techdirt.

25 July 2014

Legal Challenges To Spying Mount In UK

It's taken a while for Europeans to recover from the discovery that they are being spied upon by the NSA (with some help from its friends at GCHQ and elsewhere) pretty much everywhere online and all the time, but finally the legal fightback is beginning to gather pace, at least in the UK. Things got moving in October, with a case filed at the European Court of Human Rights

On Techdirt.

24 July 2014

Companies Developing Crowd Analysis Programs To Detect 'Abnormalities' In Behavior And Match Faces Against Giant Databases

One of the reasons that the total surveillance programs of the NSA and GCHQ are possible is that computers continue to become more powerful and cheaper, allowing ever-more complex analyses to be conducted, including those that were simply not feasible before. Here's another example of the kind of large-scale monitoring that is now possible, as reported by Nikkei Asian Review: 

On Techdirt.

Chinese CCTV Surveillance Defeated By Chinese Smog

Techdirt has often written about CCTV surveillance, and its many pitfalls. But according to this story in the South China Morning Post, the provincial capital Harbin, in north-eastern China, has a very particular problem in this regard

On Techdirt.

Australia Spied On Japanese Companies To Help Its Industries Negotiate Trade Deals

As more information comes to light about the global snooping being conducted by the NSA and GCHQ, it is becoming clearer that much of it had little to do with combating terrorism, as a recent EFF article makes plain. But most damaging to the idea that massive surveillance was justified, because it was to protect people from extreme threats, is the revelation that commercial espionage was also being conducted. So far, the chief example of that is in Brazil, but The Sydney Morning Herald (SMH) now has information about large-scale industrial spying on Japanese companies carried out by Australian secret services: 

On Techdirt.

Is There Any Alternative To The NSA's 'Take It All' Approach?

At the moment, the only half-way serious attempt at justifying the NSA's "take it all" approach to surveillance is to claim that there is no alternative if we want intelligence agencies to spot and stop extreme threats like terrorism

On Techdirt.

IETF Begins To Work On Designing A Surveillance-Resistant Net

Edward Snowden's leaks show that the NSA and GCHQ have been systematically subverting key technologies that underlie the Internet. That betrayal of trust has prompted some soul-searching by the Net engineering community, which realizes that it needs to come up with more surveillance-resistant approaches. This story from Radio Netherlands Worldwide (RNW) provides information about the kind of thing they are working on in one key group, the Internet Engineering Task Force (IETF). It reports on a speech given by the IETF's chair, Jari Arkko, at the recent Internet Governance Forum in Bali, Indonesia. 

On Techdirt.

Resisting Surveillance on a Unprecedented Scale III

(The previous two parts of this essay appeared earlier.)

Or maybe not. There is a rough consensus among cryptography experts that the theoretical underpinnings of encryption - the mathematical foundations - remain untouched. The problem lies in the implementation and the environment in which encryption is used. Edward Snowden probably knows better than most what the true situation is, and here's how he put it:

Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

That's a hugely important clue as to what we need to do. It tells us that there is nothing wrong with crypto as such, just the corrupted implementations of otherwise strong encryption techniques. That is confirmed by recent leaks of information that show computer software companies complicit in weakening the supposedly safe products they sell - truly a betrayal of the trust placed in them by their customers.

The good news is that we have an alternative. For the last few decades, free software/open source has been building a software ecosystem that is outside the control of the traditional computer industry. That makes it much harder for the NSA to subvert, since the code is developed openly, which allows anyone to inspect it and look for backdoors - secret ways to spy on and control the software.

That's not to say free software is completely immune to security issues. Many open source products come from companies, and it's possible that some of them may have been pressured to weaken aspects of their work. Free software applications might be subverted as they are converted from the source code, which can be easily checked for backdoors, to the binaries - the versions that actually run on a computer - which can't. There is also potential for online holdings of open source programs to be broken into and tampered with in subtle ways.

Despite those problems, open source is still the best hope we have when it comes to using strong encryption. But in the wake of Snowden's revelations, the free software community needs to take additional precautions so as to minimise the risk that code is still vulnerable to attacks and subversion by spy agencies.

Beyond such measures, the open source world should also start thinking about writing a new generation of applications with strong crypto built in. These already exist, but are often hard to use. More needs to be done to make them appropriate for general users: the latter may not care much about the possibility that the NSA or GCHQ is monitoring everything they do online, but if they are offered great tools that make it easy to resist such efforts, more people may adopt them, just as millions have switched to the Firefox browser - not because it supports open standards, but because it is better.

Although the scale of the spying revealed by Snowden's leaks is staggering, and the leaks about the thoroughgoing and intentional destruction of the Internet's entire trust and security systems are shocking, there is no reason for despair. Even in the face of widespread public ignorance and indifference to the threat such total surveillance represents to democracy, as far as we know we can still use strong encryption implemented in open source software to protect our privacy.

Indeed, this may be an opportunity for open source to be embraced by a wider public, since we now know definitively that commercial software cannot be trusted, and is effectively spyware that you have to pay for. And just as Moore's Law allows the NSA and GCHQ to pull in and analyse ever-more of our data, so free software, too, can benefit.

For as Moore's Law continues to drive down the prices of personal computing devices - whether PCs, smartphones or tablets - so more people in developing countries around the world are able to acquire them. Many will adopt free software, since Western software companies often price their products at unreasonably-high levels compared to local disposable income. As open source is used more widely, so the number of people keen and able to contribute to such projects will grow, the software will improve, and more people will use it. In other words, there is a virtuous circle that produces its own kind of scaling that will help to counteract the more malign kind that underlies the ever-expanding surveillance activities of the NSA and GCHQ. As well as tools of repression, computers can also be tools of resistance when powered by free software, which is called that for a reason.

Resisting Surveillance on a Unprecedented Scale II

(The first part of this three-part essay appeared yesterday.)

The gradual but relentless shift from piecemeal, small-scale analogue eavesdropping to constant and total surveillance may also help to explain the public's relative equanimity in the face of these revelations. Once we get beyond the facile idea that if you have nothing to hide, you have nothing to fear - everybody has something to hide, even if it is only the private moments in their lives - there is another common explanation that people offer as to why they are not particularly worried about the activities of the NSA and GCHQ. This is that "nobody would be interested" in what they are up to, and so they are confident that they have not been harmed by the storage and analysis of the Internet data.

This is based on a fundamentally analogue view of what is going on. These people are surely right that no spy is sitting at a keyboard reading their emails or Facebook posts. That's clearly not possible, even if the will were there. But it's not necessary, since the data can be "read" by tireless programs that extract key information at an accelerating pace and diminishing cost thanks to Moore's Law.

People are untroubled by this because most of them can't imagine what today's top computers can do with their data, and think again in analogue terms - the spy sifting slowly through so much information as to be swamped. And that's quite understandable, since even computer experts struggle to keep up with the pace of development, and to appreciate the ramifications.

A post on the Google Search blog from last year may help to provide some sense of just how powerful today's systems are:

When you enter a single query in the Google search box, or just speak it to your phone, you set in motion as much computing as it took to send Neil Armstrong and eleven other astronauts to the moon. Not just the actual flights, but all the computing done throughout the planning and execution of the 11-year, 17 mission Apollo program. That’s how much computing has advanced.

Now add in the fact that three billion Google queries are entered each day, and that the NSA's computing capability is probably vastly greater than Google's, and you have some idea of the raw power available for the analysis of the "trivial" data gathered about all of us, and how that might lead to very non-trivial knowledge about our most intimate lives.

In terms of how much information can be held, a former NSA technical director, William Binney, estimates that one NSA data centre currently being built in Utah will be able to handle and process five zettabytes of data - that's five million million gigabytes. If you were to print out that information as paper documents, and store them in traditional filing cabinets, it would require around 42 million million cabinets occupying 17 million square kilometres of floor space.

Neither computing power nor the vast holdings of personal data on their own are a direct threat to our privacy and freedom But putting them together means that the NSA can not only find anything in those 42 million million virtual cabinets more or less instantly, but that it can cross-reference any word on any piece of paper in any cabinet - something that can't even be contemplated as an option for human operators, let alone attempted.

It is this unprecedented ability to consolidate all the data about us, along with the data of our family, friends and acquaintances, and their family, friends and acquaintances (and sometimes even the acquaintances of our acquaintances' acquaintances) that creates the depth of knowledge the NSA has at its disposal whenever it wants it. And while it is unlikely to call up that knowledge for most of us, it only takes a tiny anomalous event somewhere deep in the chain of acquaintance for a suspicion to propagate back through the links to taint all our innocent records, and to cause them to be added to the huge pile of data that will cross-referenced and sifted and analysed in the search for significant patterns so deep that we are unlikely to be aware of them.

Given this understandable, if regrettable, incomprehension on the part of the public about the extraordinary power at the disposal of the NSA, and what it might be able to extract as a result, the key question then becomes: what can we do to bolster our privacy? Until a few weeks ago, most people working in this field would have said "encrypt everything". But the recent revelations that the NSA and GCHQ have succeeded in subverting just about every encryption system that is widely used online seem to destroy even that last hope.

(In tomorrow's instalment: the way forward.)

Resisting Surveillance on a Unprecedented Scale I

Netzpolitik.org is the leading site covering digital rights in German. It played a key role in helping to stop ACTA last year, and recently has been much occupied with the revelations about NSA spying, and its implications. As part of that, it has put together a book/ebook (in German) as a first attempt to explore the post-Snowden world we now inhabit. I've contributed a new essay, entitled "Resisting Surveillance on a Unprecedented Scale", which is my own attempt to sum up what happened, and to look forward to what our response should be. I'll be publishing it here, split up into three parts, over the next few days.


Despite being a journalist who has been writing about the Internet for 20 years, and a Briton who has lived under the unblinking eye of millions of CCTV cameras for nearly as long, I am nonetheless surprised by the revelations of Edward Snowden. I have always had a pretty cynical view of governments and their instruments of power such as the police and secret services; I have always tried to assume the worst when it comes to surveillance and the assaults on my privacy. But I never guessed that the US and UK governments, aided and abetted to varying degrees by other countries, could be conducting what amounts to total, global surveillance of the kind revealed by Snowden's leaked documents.

I don't think I'm alone in this. Even though some people are now claiming this level of surveillance was "obvious", and "well-known" within the industry, that's not my impression. Judging by the similarly shocked and outraged comments from many defenders of civil liberties and computer experts, particularly in the field of security, they, like me, never imagined that things were quite this bad. That raises an obvious question: how did it happen?

Related to that outrage in circles that concern themselves with these issues, is something else that needs explaining: the widespread lack of outrage among ordinary citizens. To be sure, some countries are better than others in understanding the implications of what has been revealed to us by Snowden (and some are worse - the UK in particular). But given the magnitude and thoroughgoing nature of the spying that is being conducted on our online activities, the response around the world has been curiously muted. We need to understand why, otherwise the task of rolling back at least some of the excesses will be rendered even more difficult.

The final question that urgently requires thought is what can, in fact, be done? Since the level of public concern is relatively low, even in those countries that are traditionally sensitive about privacy issues - Germany, for example - what are the alternatives to stricter government controls, which seem unlikely to be forthcoming?

Although there was a Utopian naivety in the mid-1990s about what the Internet might bring about, it has been clear for a while that the Internet has its dark side, and could be used to make people less, not more, free. This has prompted work to move from a completely open network, with information sent unencrypted, to one where Web connections using the HTTPS technology shield private information from prying eyes. It's remarkable that it has only been in recent years that the pressure to move to HTTPS by default has grown strong.

That's perhaps a hint of how the current situation of total surveillance has arisen. Although many people knew that unencrypted data could be intercepted, there was a general feeling that it wouldn't be possible to find the interesting streams amongst the huge and growing volume flooding every second of the day through the series of digital tubes that make up the Internet.

But that overlooked one crucial factor: Moore's Law, and its equivalents for storage and connectivity. Crudely stated, this asserts that the cost of a given computational capability will halve every 18 months or so. Put another way, for a given expenditure, the available computing power doubles every year and half. And it's important to remember that this is geometric growth: after ten years, Moore's Law predicts computing power increases by a factor of around 25 for a given cost.

Now add in the fact that the secret services are one of the least constrained when it comes to spending money on the latest and fastest equipment, since the argument can always be made that the extra power will be vitally important in getting information that could save lives and so on. One of the first and most extraordinary revelations conveyed from Snowden by the Guardian gave an insight into how that extra and constantly increasing computing power is being applied, in what was called the Tempora programme:

By the summer of 2011, GCHQ had probes attached to more than 200 internet links, each carrying data at 10 gigabits a second. "This is a massive amount of data!" as one internal slideshow put it. That summer, it brought NSA analysts into the Bude trials. In the autumn of 2011, it launched Tempora as a mainstream programme, shared with the Americans.

The intercept probes on the transatlantic cables gave GCHQ access to its special source exploitation. Tempora allowed the agency to set up internet buffers so it could not simply watch the data live but also store it - for three days in the case of content and 30 days for metadata.

As that indicates, two years ago the UK's GCHQ was pulling in data at the rate of 2 terabits a second: by now it is certain to be far higher than that. Thanks to massive storage capabilities, GCHQ could hold the complete Internet flow for three days, and its metadata for 30 days.

There is one very simple reason why GCHQ is doing this: because at some point it realised it could, not just practically, because of Moore's Law, but also legally. The UK legislation that oversees this activity - the Regulation of Investigatory Powers Act (RIPA) - was passed in 2000, and drawn up based on the experience of the late 1990s. It was meant to regulate one-off interception of individuals, and most of it is about carrying out surveillance of telephones and the postal system. In other words, it was designed for an analogue world. The scale of the digital surveillance now taking place is so far beyond what was possible ten years ago, that RIPA's framing of the law - never mind its powers - are obsolete, and GCHQ is essentially able to operate without either legal or technical constraints.

(In tomorrow's instalment: why isn't the public up in arms over this?)

02 February 2014

Interview: Eben Moglen - "surveillance becomes the hidden service wrapped inside everything"

(This was original published in The H Open in March 2010.)

Free software has won: practically all of the biggest and most exciting Web companies like Google, Facebook and Twitter run on it.  But it is also in danger of losing, because those same services now represent a huge threat to our freedom as a result of the vast stores of information they hold about us, and the in-depth surveillance that implies.

Better than almost anyone, Eben Moglen knows what's at stake.  He was General Counsel of the Free Software Foundation for 13 years, and helped draft several versions of the GNU GPL.  As well as being Professor of Law at Columbia Law School, he is the Founding Director of Software Freedom Law Center.  And he has an ambitious plan to save us from those seductive but freedom-threatening Web service companies.  He explained what the problem is, and how we can fix it.

GM: So what's the threat you are trying to deal with?

EM:  We have a kind of social dilemma which comes from architectural creep.  We had an Internet that was designed around the notion of peerage -  machines with no hierarchical relationship to one another, and no guarantee about their internal architectures or behaviours, communicating through a series of rules which allowed disparate, heterogeneous networks to be networked together around the assumption that everybody's equal. 

In the Web the social harm done by the client-server model arises from the fact that logs of Web servers become the trails left by all of the activities of human beings, and the logs can be centralised in servers under hierarchical control.  Web logs become power.  With the exception of search, which is a service that nobody knows how to decentralise efficiently, most of these services do not actually rely upon a hierarchical model.  They really rely upon the Web  - that is, the non-hierachical peerage model created by Tim Berners-Lee, and which is now the dominant data structure in our world.

The services are centralised for commercial purposes.  The power that the Web log holds is monetisable, because it provides a form of surveillance which is attractive to both commercial and governmental social control.  So the Web with services equipped in a basically client-server architecture becomes a device for surveilling as well as providing additional services.  And surveillance becomes the hidden service wrapped inside everything we get for free.

The cloud is a vernacular name which we give to a significant improvement in the server-side of the web side - the server, decentralised.  It becomes instead of a lump of iron a digital appliance which can be running anywhere.  This means that for all practical purposes servers cease to be subject to significant legal control.  They no longer operate in a policy-directed manner, because they are no longer iron subject to territorial orientation of law. In a world of virtualised service provision, the server which provides the service, and therefore the log which is the result of the hidden service of surveillance, can be projected into any domain at any moment and can be stripped of any legal obligation pretty much equally freely.

This is a pessimal result.

GM:  Was perhaps another major factor in this the commercialisation of the Internet, which saw power being vested in a company that provided services to the consumer?

EM:  That's exactly right.  Capitalism also has its architectural Bauplan, which it is reluctant to abandon.  In fact, much of what the network is doing to capitalism is forcing it to reconsider its Bauplan via a social process which we call by the crappy name of disintermediation.  Which is really a description of the Net forcing capitalism to change the way it takes.  But there's lots of resistance to that, and what's interesting to all of us I suspect, as we watch the rise of Google to pre-eminence, is the ways in which Google does and does not - and it both does and does not - wind up behaving rather like Microsoft in the course of growing up.  There are sort of gravitational propositions that arise when you're the largest organism in an ecosystem. 

GM:  Do you think free software has been a little slow to address the problems you describe?

EM:  Yes, I think that's correct.  I think it is conceptually difficult, and it is to a large degree difficult because we are having generational change.  After a talk [I gave recently], a young woman came up to me and she said: I'm 23 years old, and none of my friends care about privacy.  And that's another important thing, right?, because we make software now using the brains and hands and energies of people who are growing up in a world which has been already affected by all of this.  Richard or I can sound rather old-fashioned.

GM:  So what's the solution you are proposing?

EM:  If we had a real intellectually-defensible taxonomy of services, we would recognise that a number of the services which are currently highly centralised, and which count for a lot of the surveillance built in to the society that we are moving towards, are services which do not require centralisation in order to be technologically deliverable.  They are really the Web repackaged. 

Social networking applications are the most crucial.  They rely in their basic metaphors of operation on a bilateral relationship called friendship, and its multilateral consequences.  And they are eminently modelled by the existing structures of the Web itself. Facebook is free Web hosting with some PHP doodads and APIs, and spying free inside all the time - not actually a deal we can't do better than. 

My proposal is this: if we could disaggregate the logs, while providing the people all of the same features, we would have a Pareto-superior outcome.  Everybody – well, except Mr Zuckenberg - would be better off, and nobody would be worse off.  And we can do that using existing stuff.

The most attractive hardware is the ultra-small, ARM-based, plug it into the wall, wall-wart server, the SheevaPlug.  An object can be sold to people at a very low one-time price, and brought home and plugged into an electrical outlet and plugged into a wall jack for the Ethernet, or whatever is there, and you're done.  It comes up, it gets configured through your Web browser on whatever machine you want to have in the apartment with it, and it goes and fetches all your social networking data from all the social networking applications, closing all your accounts.  It backs itself up in an encrypted way to your friends' plugs, so that everybody is secure in the way that would be best for them, by having their friends holding the secure version of their data.

And it begins to do all the things that we assume we need in a social networking appliance.  It's the feed, it maintains the wall your friends write on - it does everything that provides feature compatibility with what you're used to. 

But the log is in your apartment, and in my society at least, we still have some vestigial rules about getting into your house: if people want to check the logs they have to get a search warrant. In fact, in every society, a person's home is about as sacred as it gets.

And so, basically, what I am proposing is that we build a social networking stack based around the existing free software we have, which is pretty much the same existing free software the server-side social networking stacks are built on; and we provide ourselves with an appliance which contains a free distribution everybody can make as much of as they want, and cheap hardware of a type which is going to take over the world whether we do it or we don't, because it's so attractive a form factor and function, at the price. 

We take those two elements, we put them together, and we also provide some other things which are very good for the world.  Like automatically VPNing everybody's little home network place with my laptop wherever I am, which provides me with encrypted proxies so my web searching, wherever I am, is not going to be spied on.  It means that we have a zillion computers available to the people who live in China and other places where there's bad behaviour.  So we can massively increase the availability of free browsing to other people in the world.  If we want to offer people the option to run onion routeing, that's where we'll put it, so that there will be a credible possibility that people will actually be able to get decent performance on onion routeing networks.

And we will of course provide convenient encrypted email for people - including putting their email not in a Google box, but in their house, where it is encrypted, backed up to all their friends and other stuff.  Where in the long purpose of time we can begin to return email to a condition - if not being a private mode of communication - at least not being postcards to the secret police every day.

So we would also be striking a blow for electronic civil liberties in a way that is important, which is very difficult to conceive of doing in a non-technical way.

GM:  How will you organise and finance such a project, and who will undertake it?

EM:  Do we need money? Yeah, but tiny amounts.  Do we need organisation? Yes, but it could be self-organisation.  Am I going to talk about this at DEF CON this summer, at Columbia University? Yes.  Could Mr Shuttleworth do it if he wanted to? Yes.  It's not going to be done with clicking heels together, it's going to be done the way we do stuff: somebody's going begin by reeling off a Debian stack or Ubuntu stack or, for all I know, some other stack, and beginning to write some configuration code and some glue and a bunch of Python to hold it all together. From a quasi-capitalist point of view I don't think this is an unmarketable product.  In fact, this is the flagship product, and we ought to all put just a little pro bono time into it until it's done.

GM:  How are you going to overcome the massive network effects that make it hard to persuade people to swap to a new service?

EM:  This is why the continual determination to provide social networking interoperability is so important. 

For the moment, my guess is that while we go about this job, it's going to remain quite obscure for quite a while.  People will discover that they are being given social network portability.  [The social network companies] undermine their own network effect because everybody wants to get ahead of Mr Zuckerberg before his IPO.  And as they do that they will be helping us, because they will be making it easier and easier to do what our box has to do, which is to come online for you, and go and collect all your data and keep all your friends, and do everything that they should have done.

So part of how we're going to get people to use it and undermine the network effect, is that way.  Part of it is, it's cool; part of it is, there are people who want no spying inside; part of it is, there are people who want to do something about the Great Firewall of China but don't know how.  In other words, my guess is that it's going to move in niches just as some other things do.

GM:  With mobile taking off in developing countries, might it not be better to look at handsets to provide these services?

EM:  In the long run there are two places where we can conceivably put your identity: one is where you live, and the other is in your pocket.  And a stack that doesn't deal with both of those is probably not a fully adequate stack.

The thing I want to say directed to your point “why don't we put our identity server in our cellphone?”, is that our cellphones are very vulnerable.  In most parts of the world, you stop a guy on the street, you arrest him on a trumped-up charge of any kind, you get him back to the station house, you clone his phone, you hand it back to him, you've owned him.

When we fully commoditise that [mobile] technology, then we can begin to do the reverse of what the network operators are doing.  The network operators around the world are basically trying to eat the Internet, and excrete proprietary networking.  The network operators have to play the reverse if telephony technology becomes free.  We can eat proprietary networks and excrete the public Internet.  And if we do that then the power game begins to be more interesting.

24 November 2013

Of Surveillance Debates and Open Clinical Data

Revelations about the staggering levels of online surveillance that are now routine in this country have been met with a stunning silence from the UK government. There's an important meeting tomorrow where three MPs from the main parties are trying to get some kind of debate going on this crucial issue. It would be helpful if you could ask your MP to participate. Here's what I've written:

On Open Enterprise blog.

Russia Plans To Launch Sputnik Again -- This Time As A Search Engine

Techdirt has been reporting for a while the efforts of the Russian government to bring the Internet there under control. It now seems that it is taking a new approach: as well as banning or criminalizing activities it doesn't like, it wants to compete with them directly. Specifically, it plans to fund a new Russian search engine, called "Sputnik", named after the first artificial satellite, put into space by the Russians in 1957. According to an article in the news magazine "Der Spiegel" (original in German), this is designed to address two problems at once. 

On Techdirt.

China Sends Mixed Signals On Censorship

Last week we wrote about China's worrying new censorship approach, which threatens up to three years in prison for those spreading "false information" if their posts are viewed 5000 times, or forwarded 500 times. Improbable though that law is in its exactitude, it seems it has already been applied

On Techdirt.