While former NSA boss General Keith Alexander continues to run around insisting that the damage from the Snowden revelations has been catastrophic and has put us all in great danger, his successor in office, Admiral Mike Rogers (again, no relation to chief NSA defender and head of the House Intelligence Committee Rep. Mike Rogers), has actually been a hell of a lot more reserved in his own claims. In his latest interview, with the NY Times, he specifically notes that the sky is not falling from the Snowden revelations.

He repeated past warnings that the agency had overheard terrorist groups “specifically referencing data detailed” by Mr. Snowden’s revelations. “I have seen groups not only talk about making changes, I have seen them make changes,” he said.

But he then added: “You have not heard me as the director say, ‘Oh, my God, the sky is falling.’ I am trying to be very specific and very measured in my characterizations.”

Rogers also didn't spew the usual FUD about how we'd all be at risk if the bulk phone record collection was shut down, though, of course he said he still wanted access to the data in a reasonable amount of time, if necessary.

Admiral Rogers indicated that system, so long resisted by the security agency, was workable. “I am not going to jump up and down and say, ‘I have to have access to that data in minutes and hours,’ ” he said. “The flip side is that I don’t want to take weeks and months to get to the data.”

While it's doubtful that there will be any significant change in the NSA under Rogers, at the very least it's nice to see it have a leader who doesn't immediately jump to the usual FUD about how it absolutely needs every possible ability to spy on everyone or we'll all be put at risk.

We've talked plenty of times about what a complete joke the USTR's Special 301 report is. It's supposedly a "listing" of "naughty" countries who don't protect intellectual property enough for the US's tastes. However, as we've noted, there is no methodology behind it: a bunch of industry lobbyists submit lists of what countries they don't like to the USTR, the USTR talks to various diplomats, basically rewrites the list to "shame" certain countries, and releases the list. Canada, which has been put on the list for years despite having stricter copyright laws than the US, has officially stated that it simply does not accept the Special 301 findings as legitimate. Chile did the same thing a year ago. As I've mentioned before, at a conference a few years ago, I even saw the then head of the US Copyright Office mock the Special 301 report as a widely recognized joke.

Unfortunately, however, for countries who are heavily reliant on good relations with the United States, being on "the naughty" list is often an effective way to force them to jump through hoops to make Big Pharma or Hollywood happy. As we've discussed, Spain has been pressured into changing its copyright laws via the 301 list multiple times.

George Washington PhD student Gabriel Michael has decided to dig deep into the Special 301 Report and its history to determine if there's any point to it at all, and his initial results suggest that the process is even more of a joke than initially suspected. He notes that there's no real "enforcement" mechanism (at least not one that the US seems willing to use). He also notes that the US is incredibly hypocritical about it. While the Special 301 report mostly complains that other countries don't have enough intellectual property protection, at other times it goes the other way, like when it's the kind of IP that the US government doesn't like (geographical indicators or GI).

...by any reasonably objective standard, the European Union offers very high levels of IP protection. Yet as recently as 2006, Special 301 listed the European Union on its watch list, citing “concerns” about the EU’s geographical indication (GI) regime. Given that GIs are a form of intellectual property, USTR essentially placed the EU on its watch list for offering too much IP—or, if you prefer, the wrong kind of IP. Interestingly, this is a tacit admission by the U.S. that at least some kinds of IP can act as trade barriers.

In researching the effectiveness of the Special 301, Michael notes that supporters of the effort point to a study done in the International Trade Journal called "Special 301 and Royalty Receipts from U.S. Trade Partners" by David Riker, which argued that the Special 301 is effective, because there's a pretty big increase ($5.4 billion annually) in US royalty receipts from countries after being placed on the list. Michael sets out to replicate Riker's results and discovers very, very different results, in part because Riker made some notable errors (claiming Hong Kong was on the priority list, when it wasn't). Riker also only looked at some of the countries in the Special 301 Report. Michael looked at what happened when you viewed all of them, and he also had two more years of data to research. In the end, Michael finds that Riker's conclusions are simply not supported by the data.

To summarize, while I was able to replicate Riker’s results, simply including additional years of data causes his findings of significance to disappear. Likewise, even in his original dataset and models, if Watch List designations are included, the findings of significance disappear.

Ultimately, these results lead me to conclude that Riker’s 2012 article is both theoretically and empirically flawed. It cannot support the conclusion that Special 301 designations are correlated with increased IP royalties from designated countries in subsequent years.

In another post, Michael points out the obvious: the Special 301 list is never actually about intellectual property protections, but about political considerations. He notes that countries that are considered to have stronger IP protection (using the Park-Ginarte Index) are often listed on the Special 301 Report, while others with less protection are not. He even looks at the average of countries on the list and off, and finds that those on the list have higher protection than those off the list: Given that, Michael looked at the leaked Wikileaks State Department cables, where there are a bunch discussing the Special 301, and quickly notes that it's pretty clear that political considerations were much more important than actual concerns about intellectual property conditions. In short, the Special 301 is just a way to diplomatically slap a country with whom we're having other political issues, in order to give the US leverage on some political point. He quotes State Department cables concerning Taiwan, Saudi Arabia, Bolivia and Norway showing how it's much more about politics.

At some point, it needs to be asked why we have the Special 301 setup at all. It seems designed mainly to piss off other countries, while making Hollywood and Big Pharma feel good. It doesn't seem to do anything beneficial at all.

Humans have obviously had a significant impact on the Earth. We've killed off various species and built stuff that may long outlast our grandchildren (e.g., the pyramids, the Long Now clock, nuclear waste facilities, etc.). At some point, we might want to think about what we'll leave behind after we're gone ourselves. Here are just a few links on planning for the future for our world.

• A professor of water management looked at humanity's overall environmental footprint -- and concluded our behavior is unsustainable. It's not such a big surprise, but the report also points out that technology alone probably won't bring us back to sustainable levels if we don't alter our consumption habits. [url]
• Economically, though, maybe you shouldn't worry too much -- and just consume as much as you can when you're young and able to enjoy it. If you're not planning to live too long, it doesn't make much sense to save for the future or work long hours hoping that you'll be able to enjoy retirement someday. [url]
• Humanity's new, long-lasting techno-fossils might be plastiglomerates -- a new type of rock made up of plastics, volcanic sediment and various other kinds of beach debris. These plastic rocks might not last as long as other kinds of geological materials, but their traces could become a distinguishing feature of the Anthropocene era. [url]

If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.

Academic research has already shown pretty clearly that so called "graduated response" programs, in which ISPs send out notices concerning alleged infringement under a varying number of "strikes," don't actually work, but a failure to be effective has never stopped the legacy entertainment industry from pursuing useless policies and programs. Earlier this week, the Center for Copyright Information (CCI), which administers the Copyright Alert System (CAS), better known as the "six strikes" program, finally released some data about the program. While CCI quickly declared it a success, a quick look at the data suggests a rather dismal failure in terms of actually mitigating any behavior.

The proponents of the program insist that mere notices (i.e., "education") would lead people to suddenly stop their unauthorized usage ways, but that doesn't seem to be the case at all. While, yes, that shows a decreasing slope, there's always going to be a decreasing slope due to the nature of time between alerts. And, really, if "education" was effective, you'd expect to see a much more massive decrease. As TorrentFreak notes:

...the repeat warning percentage of 30% is quite high, especially when one takes into account that people who received their first alert during the last month had little time to generate a second one. In addition, the detection rate is relatively low, not to mention subscribers’ use of anonymizing tools.

It appears that U.S. pirates are relatively persistent. In France, for example, only 9% of all the warned copyright infringers received two warnings, and that was after two full years. Also, only 0.029% of the French got a third strike.

While these “strikes” programs have their differences, the high number of second warnings in the U.S. stands out.

In other words, the data certainly suggests the deterrent effect of the program isn't particularly powerful. Furthermore, it appears that there's a rather significant error rate. After the 3rd and 4th alert, people can challenge the claims, and there were 47 successful challenges (out of 265 total challenges). Most of the successful challenges involved people claiming that others were using their account, but it certainly highlights the problem with these programs, when you are declared guilty first, and can then "pay" to challenge, you'd hope there wouldn't be so many "errors" in the program. Either way, given the fact that these programs really appear to have little overall impact on the end user, it's not surprising that so few challenge them in the first place.

Two of the most common responses from people (often in the press) who want to minimize the importance and the impact of the Snowden revelations about NSA surveillance are that (1) "there's nothing new" or "people knew this already" and (2) "everyone spies on everyone -- what's the big deal?" The latter one got some new life recently after it was revealed that Brazil had spied on US diplomats in the past. As you may remember, Brazil has been acting outraged in response to the revelations of US spying on Brazilians and Brazilian companies. However, both responses are simply not accurate.

Zeynep Tufekci recently wrote a great piece over at Medium, in which she debunks these weak excuses, by pointing out that (1) while some people claim to have known, tons of people didn't -- and that's what's important and (2) the scale here is well beyond what was done in the past.

To start with, it does not matter much whether knowledgeable people should have guessed the scale of NSA spying or not. That is probably the least relevant question one can ask about all this. It relies on an old and outdated understanding of a world that is simply no more.

Repeating the mantra “this is nothing new, all governments spy” may make the mostly DC-insider chorus who cling to it ever more tightly with each new leak feel better, and entrench their self-image as insiders. There are certainly psychological and financial rewards to acting and feeling like insiders. But it does nothing to change the fact that this chorus has completely missed the point of the tectonic shifts affecting them, and all governance: They aren’t the only insiders anymore.

The “nothing new here” people aren’t fully correct, even in the technical details. It’s true: spying by governments, including on their own citizens and on other governments, be they enemies, allies or frenenemies, is not new. It’s even expected. However, the scale of the spying, enabled by the shift to digital infrastructure, is certainly novel.

As we discussed recently, the real "danger" of these leaks is that the US government can't get away with its hypocritical positions so easily any more, because the public (especially the non-US public) is demanding a response. And that makes a huge difference.

Furthermore, she points out, the most amazing thing in all of this is that the NSA appears to have no plan at all in place for how to deal with this situation. It's as if they just assumed that everything they did would remain secret. Basically, Tufekci points out, the NSA relied on the idea that some "insiders" might know about this, but the great unwashed "outsiders" would never know.

But that's changed. In a big way -- and that matters, because the "context collapse" can have massive implications:

Context collapse is everywhere. It’s not just teenagers on Facebook whose ordinary adolescent boundary-testing actions are viewed by finger-wagging adults; it’s not just a variety of institutions that have found their internal communications meant for friendly eyes are exposed to the world; it’s not just academics whose scholarly studies are being dug up by various constituencies as fodder for outrage. It’s everywhere.

The outsiders are peeking in and moving in, and they are here to stay. If, as an institution, keeping your balance relies on outsiders staying outside while you talk in jargon and acronyms with your fellow insiders, it’s time to look for a safety net and a harness. A fall is coming, sooner or later. In this world, “this is what we have always done” is not going to cut it.

Meanwhile, there's a related article over at The Atlantic by James Fallows, in which he publishes an email from a Defense Department insider, which hopefully should put to rest the idea that everyone knew about this and that there's nothing "shocking" in the revelations. This is from an actual insider who argues the exact opposite, even as he supports many of the general actions:

I obviously can't be quoted by name on this ... and indeed, since this email is being read (Hi guys!), I can probably get fired just for sending it, but let me just stress how shocking these NSA revelations are.

Look, I'm not a shrinking violet. I work for DoD. I support much of the war on terror. Some of these assholes out there just need killing. And gathering info on them that allows us to schwhack them is okay with me.

But there is law. And my view is that you have two choices. Either you change the law openly, publicly, or if that is impossible and you consider violating the law imperative, then you make a claim of "exceptional illegality."

But, that insider notes, the stunning thing about the NSA revelations aren't that they exceeded what most people believed the law is, but that it was an everyday thing rather than an "exceptional" case:

But the thing about the NSA revelations is that this isn't exceptional illegality. It is routine, somehow justified by legal opinions written by John Yoo-style hacks.

And worse, it is so routine that 29 y/o contractors have access to it.

The situation is stunning in many ways. To claim that "there's nothing new" or that "everyone spies" is to miss almost everything that's important about these revelations and the impact they are already having.

Just recently Thomas Rid, the author of a new book entitled Cyber War Will Not Take Place, was on the Surprisingly Free podcast, and had a very interesting discussion about the fact that the whole concept of "cyberwar" is incredibly overhyped (as we've also discussed in the past many times). At best, it's often really about espionage, not war, and (on the good side) unlike war, the likelihood of serious physical harm and deaths is much more limited when it comes to technological attacks. I highly recommend listening to the podcast, because Rid does a nice job laying out his thesis, much of which I agree with.

However, I was then somewhat surprised to see him over at Slate arguing that the rest of the documents Ed Snowden leaked should be destroyed. Unlike some others, he's not arguing that the leak was evil and that Snowden was a traitor. Instead, the argument is somewhat more nuanced. He basically argues that a lot of good things have already come out of the leaks that have been published, but he's unsure of the marginal benefit of additional leaks, while much more worried about potential harm from continued leaks. I think this argument is wrong, but it does provide an interesting thought experiment.

Rid does point to the good things the leaks have done, namely: (1) kicking off a long-overdue debate on these issues, (2) informing the public about digital security issues that they've ignored for ages and (3) convincing many tech companies to take security much more seriously. We all agree those are three good things that have come out of the leaks. However, it appears that Rid isn't sure that future leaks will do much more than existing leaks to further any of those points. Of course, I'd argue that part of the problem is he leaves out the fourth important point: putting into motion events that hopefully will lead to more limited surveillance, less abuse of the surveillance infrastructure and much more respect for things like the 4th Amendment and basic privacy rights. And it seems pretty clear that continued leaks do help to drive that forward.

However, Rid seems to see limited upside to further leaks, and also significant downsides to existing leaks, which he thinks could get worse with more. I think he's wrong on the downsides, but let's go through them:

One is that intelligence capabilities are damaged. There is no doubt that signal intelligence agencies are an essential tool necessary for international statecraft as well as for maintaining the domestic constitutional order. Revealing capabilities and tactics often means they become worthless as a result. Measuring such tactical costs is hard, but the damage is significant.

This is overblown. Yes, intelligence and espionage are always going to be a part of the way things work, but that has never meant that we should make it easy. In fact, the likelihood of abuse is so high that we've always tried to make this very, very difficult. There are reasons that the 4th Amendment has requirements for things like probable cause, warrants (i.e., oversight by a third party) and reasonable and limited searches.

This means, secondly, that militants, violent extremists, and adversaries—think the Syrian regime—are already racketing up their communication security. In the future it will be harder to detect and foil terrorist attacks. In the future it will be harder to say if some regime possesses or used a specific weapon system. In the future it will be harder to unveil wealth-draining cyberespionage. This is very serious.

The history of signals intelligence is littered with the cat and mouse game of finding new ways to hide messages, followed by someone cracking them, and people moving on to other methods. Arguing there's some awful damage from this is an unsupportable statement. Out of what's been leaked so far, much had already been suspected by many -- meaning that the major terrorists and foreign enemies almost certainly were already using methods to try to avoid such systems. There is little evidence to suggest the damage is really that significant.

Meanwhile, thirdly, authoritarian states get a confidence boost. “Washington ate the dirt this time,” wrote China’s Global Times, an outlet sometimes called the Fox News of China. The U.S. administration “has long been trying to play innocent victim of cyberattacks” but now turned out to be “the biggest villain,” said Xinhua, the state-run news agency. This argument, of course, is hypocrisy. The National Security Agency is not spying in order to round up Obama's political opposition, and Government Communications Headquarters is not listening to Internet traffic to help London's banks—both of which stand in sharp contrast to China's own practices. Nevertheless, Snowden's revelations make it easier for the world's authoritarian regimes to crush dissent at home.

I agree with the impact here, but it's not the fault of the Snowden leaks. This is the fault of the US (and others) being overaggressive in its surveillance activities. The way to avoid losing the moral high ground is to, you know, stay on the moral high ground. It's fairly ridiculous to argue that Snowden's leaks are to blame here. It's the NSA's actions that are to blame.

A fourth result: Internet governance is creaking. Diminishing America and Britain’s diplomatic and moral standing is threatening the multistakeholder approach, so far a guarantor for a free and open Internet. A patchwork of smaller, sovereign "Internets" is becoming more and more likely. As a result, the Internet could now become more authoritarian, not less.

Finally, and perhaps most significantly, American and British Internet and telecommunication companies are under economic pressure, set to lose disgruntled customers at home and large contracts abroad. This last damage multiplies all previous ones.

Ditto my comment above. This is blaming the messenger. The problem here is not the leaks, but rather the actions of the NSA in going overboard with surveillance. Rid tries to cut off this argument with the following:

Some may retort that it was the NSA and its allies who created this damage in the first place, not Snowden and his allies. But this argument is problematic: Spy agencies spy, all of them. Suggesting that all secrecy is bad is plainly naive. Instead there is a moral case to be made for open democracies to have the most capable intelligence agencies, operating lawfully with robust oversight mechanisms. No liberal mind can want the NSA to sit in Beijing or Moscow.

But that's not responding to the actual argument. While I'm sure some are arguing against any and all espionage, most of us are not. We're arguing against overly broad surveillance, often for no legitimate reason, with little oversight and no actual threat to deal with. We're not saying that "all secrecy is bad," but rather that there has been massive overreach here, and little benefit. That seems worth discussing, and the Snowden documents keep revealing just how bad that overreach really is. Rid is responding to a strawman here, rather than the actual argument most people are making.

As Julian Sanchez notes, Rid seems to be basing the entire article a belief that is unsupported: that terrorism is a threat to democracy, when the reality is that it's authoritarianism and surveillance that are the real threats to democracy. Yes, terrorism can do tremendous damage, but it's difficult to believe that terrorism alone harms the democratic process. A surveillance state is simply antithetical to democracy. Rid seems to not understand that, which is too bad, given his recognition of how much the claims about "cyberwar" are overhyped.

We've been pointing out that the various disclosures about NSA surveillance, and its ability to tap into various servers associated with US companies, should be very troubling to the US tech industry, because it will make it harder and harder to do business -- especially with those outside of the US. Of course, some are claiming that this will all blow over, and while people will make noise about it, they won't actually go anywhere else. And, of course, the latest Netcraft data suggests that there's been little movement so far:

Despite speculation that the recent PRISM revelations would result in a mass exodus from American data centers and web hosting companies, Netcraft has not yet seen any evidence of this. Within the most popular 10 thousand sites, Netcraft witnessed only 40 sites moving away from US-based hosting companies. Contrary to some people's expectations, 47 sites moved to the US, which actually resulted in a net migration to the US.

This trend is also reflected by the entire web server survey, where a net sum of 270 thousand sites moved to the US from other countries (in total, 3.9 million sites moved to the US, while 3.6 million moved from the US). Germany was the most popular departure country, with nearly 1.2 million sites moving from German hosting companies. This was followed by Canada, where 803 thousand sites hopped across the border to the US.

Of course, I think it's way too early to conclude much about this at this point for a variety of reasons. First, we're still learning about the extent of the surveillance, and some of the more damning revelations have really only just started to trickle out. Second, moving your hosting services is not generally something you just do overnight. It can take quite a bit of time. Third -- and this is a big one -- I'd argue the bigger concern is less about companies moving, but that the next generation of users will never agree to use US servers. And, finally (and perhaps most importantly), prior to these revelations, the market for more private and secure hosting and communications was fairly limited. Some have pointed out that even for those who wish to leave US services, it's not clear where to go.

But I am expecting that's going to change. One thing that these revelations have made clear is that current solutions are not as secure or private as people expected and that this is an issue that many, many people and companies are concerned about. As such, it seems quite likely that there will be investment and entrepreneurship focused on these areas over the next few years -- and I fully expect that a number of more secure and private solutions, who actively promote themselves on these features, will hit the market.

One of the key talking points against Bradley Manning was how his leaks "put people in danger" and we've even seen some of the defenders of his prosecution claim that people had lost lives because of them. In fact, Army Chief of Staff Mike Mullen had directly stated that Manning (and Wikileaks) "might already have on their hands the blood of some young soldier or that of an Afghan family." Guess what? That was all FUD. As Manning's sentencing hearing kicked off, a key government witness admitted that there were no deaths that were attributable to those leaks. That came straight from Brig. Gen. Robert Carr, who was in charge of the response to the leaks. Among other things, he also noted that since the names did not appear in Arabic, it was unlikely that our enemies would have figured out who they really were anyway.

The retired general added that some of these contacts could not be found, others had died before the WikiLeaks disclosures, and others had been insurgents rather than cooperators with coalition forces.

Carr acknowledged that none of the names of Iraqi and Afghan contacts appeared in the original Arabic.

To this point, Manning's military defenders, Maj. Thomas Hurley, asked: "We don't share an alphabet with either of those countries, do we, Sir?"

"No," Carr replied.

Hurley also prompted Carr to concede that Iraqi and Afghan nationals tend not to be "not as plugged in" as Westerners.

The report also notes that while, in the past, some have claimed that an Afghani man killed by the Taliban was a result of those leaks "the supposed informant the Taliban claimed to have executed was not in fact named in the leaked materials." In other words, all the talk of people dying because of his leaks? Not true. Yet why do we trust the government every time there's a leak when they insist that everyone's lives are at risk?

It's hardly a surprise these days that Chinese Internet companies routinely self-censor what appears on their services: the world knows there's not much it can do about what happens within China's borders. But here's a disturbing story about how that censorship has started spreading further afield.

It concerns the WeChat app from the Chinese company Tencent, which has started to gain users in countries like Singapore, Malaysia, Thailand and Vietnam. But as Tech In Asia now reports:

the Chinese name of the outspoken magazine caught up in a tense struggle of wills with the government -- Southern Weekend in English, nan fang zhou mo in Chinese -- is censored in Chinese on WeChat. But it's not just restricted to users in China (where the app is called Weixin), and typing that name in the Chinese language is now blocked globally.

Sending a message with "Southern Weekend" in Chinese produced the warning that it contained "restricted words":

We've tested it out going from users in China to Thailand (blocked), Thailand to China (blocked), and even Thailand to Singapore (blocked); the prohibited words are not sent at all. The name of the magazine can be sent in English.

Interestingly, just a day later the warning was gone, and Tencent claimed it was simply a "technical glitch":

A small number of WeChat international users were not able to send certain messages due to a technical glitch this Thursday. Immediate actions have been taken to rectify it.

But as Tech In Asia points out:

It's as clear as day in many screenshots. "The message [Southern Weekend] you sent contains restricted words. Please check it again."

Yes: Restricted words. That's no error message. It's very far from being: Ooops, our servers are a bit busy right now, please try again a few minutes later.

As the article notes, maybe the "technical glitch" referred to was accidentally turning on the censorship for the service outside China.

In any case, this is a clear straw in the wind. China's Internet companies are now so big and successful in their home market that it is only natural for them to look to expand overseas. I'm sure that at first they will be very reluctant to censor material there to avoid drawing the ire of digital rights groups and local governments; but at some point something will crop up that is sufficiently problematic for them as Chinese companies that they will feel compelled to act in order to safeguard their relations with the government in China, which will remain their priority.

Of course, the West can hardly claim the moral high ground here, since it, too, is censoring material. It's just that different governments take exception to different things, and react with differing degrees of severity against those who flout their laws. Unfortunately, the end-result of Chinese Net companies expanding overseas is likely to be double censorship – one imposed by local authorities, and the other flowing from China.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

We've talked plenty about the Streisand Effect for years, but every so often something happens that actually demonstrates the impact graphically with data. We saw this a couple years ago when Washington Redskins owner Dan Snyder tried to censor a satirical article about himself. Add to that this week's controversy over Twitter suspending the account of journalist Guy Adams, at the request of NBC Universal (after Twitter alerted NBC to some of Adams' tweets). Twitter has reinstated the account, but in the interim, there was an awful lot of discussion about Adams and what he had to say. Megan Garber, over at The Atlantic, has highlighted graphically how much more attention Adams got (via Topsy). Once again: seeking to stifle speech online is only likely to give that speech much, much, much more attention.