While we knew it was impossible for President Obama to truly rein in the massive executive powers that he helped expand (following on the massive expansions from previous administrations) concerning national surveillance and war -- we had still hoped that maybe his concern about a President Trump would let him do a few small things to limit some of the most egregious powers. Instead, it appears that President Obama is doing the opposite, and expanding his war powers, just as he's about to hand them to someone that he, himself, has loudly criticized as being unfit for the Presidency.
For years now, we've written about how the Obama administration has regularly rewritten the dictionary in order to pretend that the Authorization to Use Military Force (AUMF) hastily granted by Congress in the wake of 9/11 enabled him to go to war with basically anyone. If you don't recall, the AUMF granted the President the power to use "all necessary and appropriate force" to go after those who "planned, authorized, committed or aided the terrorist attacks that occurred on September 11, 2001." That's already fairly broad, but over the years basically our entire government has pretended that (1) the AUMF included the ability to also target "associated forces" (even though it does not) and (2) it allowed the President to simply lump in anyone he wanted as an "associated force" allowing him to bomb them without any Congressional authorization. This is how you get a war without end, in which the explicit authorization to go after Al Qaeda is now being used on a surprisingly long list of groups that didn't even exist in 2001.
And, just a few days ago, President Obama expanded the list yet again, allowing himself to go after yet another group: Shabab. Now, no one is trying to claim that Shabab, or ISIS or any other group that has been added to the list aren't out to do serious harm to the US. But, this seems to go way beyond the basic functions of the office of the President and the simple Constitutional requirement for Congress to declare war. As Trevor Timm notes at the Guardian, this is a big deal:
Council on Foreign Relations senior fellow Micah Zenko didn’t mince words in the Times when describing what the Obama administration is doing: “It’s crazy,” he said of the administration’s redefining the law out of existence. “This administration leaves the Trump administration with tremendously expanded capabilities and authorities.”
Make no mistake: Trump will have a free hand to use the law meant for the perpetrators of 9/11 to wage war around the world, fashioning it to different enemies at his command, and he will be able to point to precedent set by the Obama administration as he does it.
Per usual, all the White House’s decisions are being made under the veil of official secrecy. The only reason we know about it is not because the administration announced it, but because the New York Times reported it after unnamed officials leaked it to them.
Trump is now coming into office with ever expanding war powers, and they’re being served to him on a silver platter by the same people who told the American public two months ago that Trump was so unstable and thin-skinned that he couldn’t be trusted with the nuclear codes.
This isn't about which President or which party you support. It seems like we should all be concerned with the ever growing power of the executive branch in general, and especially its willingness to grant itself more powers to go around and kill people.
The space right above our planet's atmosphere is cluttered with human technology and space junk, and it's getting more crowded up there all the time. Sure, the vastness of the universe is practically infinite, but there are only a few Lagrange points, and artificial satellites have started to run into traffic problems -- including intentional satellite destruction that might not be quite innocuous. Wars over outer space might become a real thing in the not so distant future, if it's not happening already.
Is it possible to launch a satellite as an individual? Not just some weather balloon junk, but a cubesat or something that will actually orbit a few times... Yes, but it'll cost you over $100,000 to hitch a ride on a Soyuz mission. Korean artist, Hojun Song, successfully launched a 1-kg cubesat called OSSI-1 -- so if you have the resources, it can be done. And presumably, your satellite will have to be completely harmless, so you don't start an international incident. [url]
After you've finished checking out those links, take a look at our Daily Deals for cool gadgets and other awesome stuff.
Artificial intelligence is obviously pretty far from gaining sentience or even any kind of disturbingly smart general intelligence, but some of its advances are nonetheless pretty impressive (eg. beating human chess grandmasters, playing poker, driving cars, etc). Software controls more and more stuff that come in contact with people, so more people are starting to wonder when all of this smart technology might turn on us humans. It's not a completely idle line of thinking. Self-driving cars/trucks are legitimate safety hazards. Autonomous drones might prevent firefighters from doing their job. There are plenty of situations that are not entirely theoretical in which robots could potentially harm large numbers of people unintentionally (and possibly in a preventable fashion). Where should we draw the line? Asimov's 3 laws of robotics may be insufficient, so what kind of ethical coding should we adopt instead?
from the even-if-they-don't,-they-hardly-promote-peace dept
Last August, we wrote about the most egregious corporate sovereignty award (so far): $50 billion against Russia, under a treaty that it never even ratified, in favor of the major shareholders of the Yukos oil company. Of course, as everyone pointed out, being awarded $50 billion was one thing, collecting it, quite another. Most people probably assumed that it would be practically impossible to squeeze that money out of a recalcitrant Russia, but we now learn that some serious steps towards that goal have recently been taken, as reported by Der Spiegel (original in German). In Belgium, the bank accounts of the Russian embassy were frozen, as were those of Russia's EU and NATO missions, while in France, something similar happened, with Russian accounts blocked at 40 banks.
Understandably, this did not go down well with the Russian government. The country's deputy foreign minister warned, "whoever dares to do that must understand that it will lead to reprisals," something his boss, Sergei Lavrov echoed. Meanwhile, Lavrov's own boss, Vladimir Putin, was also well aware of the situation, and was quoted as saying: "we will defend our interests using legal means."
A story on France 24 reports that Russia has already threatened to retaliate against state-linked foreign firms operating in the country, so that's one way that things could escalate. But more seriously, the relations between Russia and EU nations are extremely strained over the conflict in eastern Ukraine; the last thing the situation needs is additional tension caused by arguments over a massive fine. Even if corporate sovereignty doesn't actually cause a war -- well, let's hope not -- the Yukos award may turn into a hindrance to resolving an existing conflict. That's yet another reason to get rid of the whole deeply-flawed system before it causes more serious damage.
from the and-for-not-giving-his-precious-nsa-your-data dept
Rep. Mike Rogers is just about out of Congress, but the NSA's biggest defender (despite his supposed role in "overseeing" the agency) is using his last days on Capitol Hill to keep pushing his favorite causes. Over the weekend, he complained that President Obama basically should have gone to "cyberwar" with North Korea over the Sony hack.
“Unfortunately, he’s laid out a little of the playbook,” Rogers said. “That press conference should have been here are the actions.” ...
Without discussing specifics, Rogers said the U.S. has the capability to cripple North Korea’s cyberattack capabilities, which have been rapidly improving over the last few years.
“I can tell you we have the capability to make this very difficult for them in the future,” he said.
And I can tell you that Mike Rogers is full of bluster with little basis. First off, there is still some fairly strong skepticism in the actual computer security field that North Korea was behind the hack. Launching an all out attack without more proof would seem premature. Second, Rogers is simply wrong or clueless. We don't have the capability to "cripple" anyone's "cyberattack capabilities" unless he means taking out the entire internet. There are always ways around that. Even the reports that we've seen that do blame North Korea don't seem to think the full attack came from North Korea, so doing something like taking the few internet connections in North Korea off the map wouldn't do much good if the actual attack came from, say, China or Eastern Europe or somewhere else.
Third, can we just get over this ridiculous idea that a hack of one company, which may or may not have been by actors working for a government, is an act of either "terrorism" or "war." It's not. It's a hack. Tons of companies get hacked every day. Some have good security and still get hacked. Some, like Sony, appear to have terrible security and get hacked very easily. It's not terrorism. It's not war. It's a hack. We shouldn't be talking about retaliation or destroying countries over a hack. We should be talking about better security. Jim Harper does a good job explaining why an overreaction is a bad idea:
The greatest risk in all this is that loose talk of terrorism and “cyberwar” lead nations closer to actual war. Having failed to secure its systems, Sony has certainly lost a lot of money and reputation, but for actual damage to life and limb, you ain’t seen nothing like real war. It is not within well-drawn boundaries of U.S. national security interests to avenge wrongs to U.S. subsidiaries of Japanese corporations. Governments in the United States should respond to the Sony hack with nothing more than ordinary policing and diplomacy.
But, no, not Mike Rogers. Instead, he's using this as his opportunity to push for his favorite bad law: giving the NSA more power to sift through your data:
Rogers, who is retiring from Congress in just a few days, made a final plug for his bill to facilitate cybersecurity information sharing between the private sector and National Security Agency (NSA). The measure passed the House, but stalled in the Senate, held up by privacy concerns.
It’s necessary, Rogers argued, if the U.S. wants to protect itself from similar attacks in the future. Because of laws on the books, the NSA is limited in its ability to protect private critical infrastructure networks.
“This isn’t about reading your email, it’s about reading malicious source code,” Rogers said.
He's talking, of course, about his beloved CISPA, which would effectively remove any liability from companies for sharing your private data with the NSA (and the rest of the government). But, as per usual with Rogers, he's wrong about nearly all of the details. There is nothing in CISPA that would have made it so the NSA could have "protected" Sony. Sony's problem here was Sony's terrible computer security. So, no, we don't need CISPA or other cybersecurity legislation to better protect the internet.
And is Mike Rogers really trying to argue that Sony's private intranet is "critical infrastructure"?
Finally, there's nothing in the law today that stops a company from sharing "malicious source code" with the government or others. We already have a good way for dealing with that that doesn't require a new law that gives the NSA more access to everyone's data.
Either way, it looks like Rogers is going out in typical fashion -- shooting his mouth off in favor of his friends and pet projects, without actually understanding or caring about the details. No wonder he's going into AM talk radio. He'll be a perfect fit.
from the US-still-tops-in-'sound-and-fury,'-trailing-the-pack-in-'significanc dept
If there's anything our government can do well, it's take a word loaded with tension and abuse it to the point of abstraction. First, we had "war." The word described the hellish events of the First and Second World War, along with armed, bloody conflicts dating back to the rebellious creation of the nation itself. Now, it's simply a term applied to any conflict with the weight of a self-serving bureaucracy propelling it. A "war" on drugs. A "war" on illiteracy. And so on.
The horrors endured by both sides of the Vietnam "conflict" were never afforded the gravity of the word "war." The same goes with every military intervention since then. We've been in Iraq and Afghanistan for years, but there's no "war" there -- at least nothing officially declared. There's only violence and death and occasional sharp bursts of more violence and death. There's a "war" on drugs in Afghanistan, but that's even more of an abject failure than our other long-running military efforts -- $7 billion spent and poppy production at an all-time high.
There's a "war" on terror in progress as well, but this brings us to another word robbed of any gravitas by constant abuse: "terror." Terrorism is what fuels our nation's security/surveillance state. But "terror" and "terrorism" -- words that once carried some weight -- are now abstractions. They're buzzwords pressed into service by the US government as a sales pitch for an illusion of security. And it all can be yours for less than a Fourth Amendment violation a day.
Which brings us to another set of loaded words that once were evocative but now have been stripped of their ability to move masses.
An emergency declared by President Jimmy Carter on the 10th day of the Iranian hostage crisis in 1979 remains in effect almost 35 years later.
A post-9/11 state of national emergency declared by President George W. Bush — and renewed six times by President Obama — forms the legal basis for much of the war on terror.
Tuesday, President Obama informed Congress he was extending another Bush-era emergency for another year, saying "widespread violence and atrocities" in the Democratic Republic of Congo "pose an unusual and extraordinary threat to the foreign policy of the United States."
Declaring a temporary state of emergency has it uses. It temporarily expands government powers in order to facilitate speedy responses. It de-gunks the system of its red tape residue and allows help to arrive when it's needed, rather than weeks after it would have any impact.
But this isn't the case here. Temporary expansions of power have morphed into the new status quo. Since 1976, the government has declared 53 "emergencies." Almost every single one still remains in effect.
Part of the problem is the office of the president. For thirty-plus years, the office has become accustomed to the extra powers granted with each flip of the "emergency" switch. States of emergency are extended. And extended again. Only one state of emergency has been allowed to lapse during the last decade. There is a curb to this power, but like the many other oversight positions its entrusted with, Congress seemingly has no interest in fulfilling its duty.
The 1976 law requires each house of Congress to meet within six months of an emergency to vote it up or down. That's never happened.
And so, "state of emergency" becomes shorthand for government abuse. It conjures up images of towns destroyed by national disasters or extreme threats from foreign nations, but in practice it's rarely anything more than a leading indicator of governmental power grabs. What can this nation's government do during a "state of emergency?" This very small sampling of "extra powers" is chilling.
Reshape the military, putting members of the armed forces under foreign command, conscripting veterans, overturning sentences issued by courts-martial and taking over weather satellites for military use.
Suspend environmental laws, including a law forbidding the dumping of toxic and infectious medical waste at sea.
Bypass federal contracting laws, allowing the government to buy and sell property without competitive bidding.
Allow unlimited secret patents for Army, Navy and Air Force scientists.
"Emergency" is the new normal. For thirty years this nation has "struggled" under multiple states of emergency. What should be a very limited, very short-term solution to unexpected or dangerous situations is now indistinguishable from everyday life. More fear is sold by government agencies and purchased -- via tax dollars -- by a public unable to prevent the checks from clearing. Like the boy who cried wolf, the government has stripped "emergency" of its galvanizing power. Hearing a "state of emergency" being declared by the president most likely won't move hearts reflexively to throats but will prompt a certain number of hands to make protective moves towards wallets and purse strings. And it will definitely move the average American closer to cynicism than patriotism.
When everything is an "emergency" that never ends, nothing is. President Obama says there's no need to declare a state of emergency over the worldwide spread of Ebola. He's likely right, but the words are meaningless. Declare it. Don't declare it. It makes no difference to anyone outside of those directly benefiting from (likely permanent) expansion of government powers.
What is the government going to do once it's used up all the evocative words? Where does it go next? Apocalypse? The government is inherently untrustworthy, and its inability to express itself without using buzzwords, hyperbole and the broadest of strokes isn't helping.
Voter apathy? Record lows in approval ratings? These are only symptoms. The disease is the government itself and its willingness to present everything as the Worst Ever in order to erode rights, expand power and appropriate public funding.
We've written before about how the NSA uses its own definitions of some fairly basic English words, in order to pretend to have the authority to do things it probably... doesn't really have authority to do. It's become clear that this powergrab-by-redefinition is not unique to the NSA when it comes to the executive branch of the government. Earlier this year, we also wrote about the stunning steady redefinition of words within the infamous "Authorization to Use Military Force" (AUMF) that was passed by Congress immediately after September 11, 2001. It officially let the President use "all necessary and appropriate force" against those who "planned, authorized, committed or aided the terrorist attacks that occurred on September 11, 2001." But, over time, the AUMF was being used to justify efforts against folks who had nothing to do with September 11th, leading to this neat sleight of hand in which the military started pretending that the AUMF also applied to "associated forces." That phrase appears nowhere in the AUMF, but it's a phrase that is regularly repeated and claimed by the administration and the military.
But, it goes beyond that. As Trevor Timm highlights over at The Guardian, pretty much the entire drone bombing (drones, by the way, are also apparently "authorized" by the AUMF) of Syria involves the administration conveniently redefining basic English to suit its purposes. Let's start with the authorization for the bombing itself:
In other words: the legal authority provided to the White House to strike al-Qaida and invade Iraq more than a dozen years ago now means that the US can wage war against a terrorist organization that’s decidedly not al-Qaida, in a country that is definitely not Iraq.
It's amazing what you can accomplish when you pretend words mean something entirely different than they do. Hell, if you can just make words mean whatever the hell you want them to mean, there's no such thing as a limitation on what you can do. It's all fair game. Who needs laws when the law is basically a mad libs for you to fill in what you want?
Moving on. The definitional jujitsu covers the people who were killed by the bombing as well. Civilians? What civilians?
[A]n “imminent” threat of violent attack against the United States does not require the United States to have clear evidence that a specific attack on U.S. persons will take place in the immediate future.
To translate: “imminent” can mean a lot of things … including “not imminent”.
This is pretty neat. Anything else you've got for us? How about "combat" or "ground troops"? They're not what you think they are either, because a malleable language can do anything:
As the New York Times’s Mark Landler detailed over the weekend, White House has “an extremely narrow definition of combat … a definition rejected by virtually every military expert.” According to the Obama administration, the 1600 “military advisers” that have steadily been flowing in Iraq fall outside this definition, despite the fact that “military advisers” can be: embedded with Iraqi troops; carry weapons; fire their weapons if fired upon; and call in airstrikes. In the bizarro dictionary of war employed by this White House, none of that qualifies as “combat”.
Yes, the English language changes over time and that's generally a good thing. But we're not talking about the way the word "decimate" once meant to lop off 10% and now means "destroy everything." This is a deliberate misrepresentation of things.
Hell, this seems to go further than Orwell even imagined with his authoritarian use of language and rewriting of history. In this case, rather than just saying "we were always at war with Eurasia," he could have just changed the definition of "we," "were," "always," "at," "war," "with," and "Eurasia," and it would have been that much more powerful.
- Some of the countries (out of a total of 17) whose militaries have fewer helicopters than Arizona law enforcement agencies (according to statistics gathered by the CIA and posted at GlobalFirePower.com)
The ACLU's extensive report on police militarization shows a nation at war with itself. The War on Terror -- a 13-year windmill joust that has generated an excess of military equipment -- has merged with the War on Drugs, an exercise in futility seven years removed from the half-century mark.
Actual military combat, utilizing enlisted soldiers, has given birth to the same equipment now routinely being deployed to fight the crime formerly policed by normal police officers. Cell tower spoofers, surveillance drones, Mine-Resistant Ambush-Protected personnel carriers (MRAPs) -- all of these were developed for use by the military. And all of these have now found homes in local law enforcement armories.
The requisition forms are littered with terrorism-related terms, but the reality of the situation is much more banal. Low-level drug dealers are being dealt with like enemy combatants. Law enforcement agencies claim with straight faces that they're falling behind in the arms and technology race, all the while acquiring the best weaponry and technology tax dollars can buy.
These are then handed over to SWAT teams, special police forces developed to take on truly dangerous situations like riots, active shooters, hostage situations and barricaded suspects. They are outfitted in military gear and sent out to perform the everyday task of serving search warrants.
These teams prefer to do this mundane task with a maximum amount of chaos and violence. Warrants are delivered with no-knock raids, ostensibly to give the police department the upper hand on the presumed-to-be-dangerous occupants. In reality, this is the sort of thing that happens far too frequently.
[B]efore 3:00am on a night in May of 2014, a team of SWAT officers armed with assault rifles burst into the room where the family was sleeping. Some of the kids’ toys were in the front yard, but the Habersham County and Cornelia police officers claimed they had no way of knowing children might be present. One of the officers threw a flashbang grenade into the room. It landed in Baby Bou Bou’s crib.
It took several hours before Alecia and Bounkahm, the baby’s parents, were able to see their son. The 19-month-old had been taken to an intensive burn unit and placed into a medically induced coma. When the flashbang grenade exploded, it blew a hole in 19-month-old Bou Bou’s face and chest. The chest wound was so deep it exposed his ribs. The blast covered Bou Bou’s body in third degree burns.
Three weeks later, it's still unclear whether the child will survive. The SWAT predicated its warrant on a $50 drug purchase from someone who didn't even live at that residence. No drugs or guns were found. No arrests were made.
Note that the police defended their actions by claiming they had "no way of knowing" if children might be present. But that lack of crucial knowledge had zero effect on its tactics. Officers didn't throw a flashbang grenade into the house because they were sure there were no children present. Officers threw a flashbang grenade into the house because that's what SWAT teams do when they serve no-knock warrants. The question of children was never raised, at least not until their actions had placed a child in a medical coma and now needed to be defended. A safer assumption would be that nearly every house being raided has a child in it. Most houses do.
This is how law enforcement's new toys get used: to take down lowball drug dealers. A large majority of warrants served are drug-related. The ACLU has the stats.
The problem is more troubling than mere mission creep. The new armor and weapons are begging to be used. These acquisitions, often obtained over the protests of the populace under the agency's "protection" (or just as often, without their knowledge), need to be justified. The terrorism threat cited in requisition forms just isn't going to present itself. And so, law enforcement agencies deploy these against the next best thing: the neighborhood drug dealer boogeyman.
The whole report is, by turns, fascinating, brutal and deeply concerning. Some claim the militarization of the police is a misconception, an illusion generated by a handful of vocal journalists. But the ACLU has the numbers that say otherwise.
Law enforcement knows this is the truth. The government's misguided generosity has allowed local law enforcement to stockpile weapons and armor, but hasn't given it any limitations or guidance. And the stated reason -- terrorism -- simply isn't common enough to justify a one-sided arms "race," no matter how far the definition of "terrorist" is stretched. So, the weapons and armor are used to carry out search warrants, bringing unnecessary amounts of chaos and violence to something police used to handle with an authoritative knock and possibly a scuffle or two if things went south. Now, it's de rigueur. The tools can't be allowed to gather dust and the War on Drugs can't risk any more casualties -- at least not on the part of the enforcers.
from the why,-we've-always-been-at-war-with-eurasia dept
Back in May, we noted the oddity of the charges in Bradley Manning's trial, in which he was accused of aiding three different "enemies," with the last one being classified. Specifically, he was accused of aiding Al-Qaida, Al-Qaida of the Arabian Peninsula (AQAP, which is different than AQ itself) and... mystery enemy. Back at the beginning of July, the government quietly dropped the charge against the classified enemy, so that's no longer in play in that case. That said, apparently this concept of classifying who we're at war with wasn't just limited to the Manning trial. ProPublica has the ridiculous and frightening tale of finding out that the answer to the simple question of who the US is at war with, is apparently classified as well.
At a hearing in May, Sen. Carl Levin, D-Mich., asked the Defense Department to provide him with a current list of Al Qaeda affiliates.
The Pentagon responded – but Levin’s office told ProPublica they aren’t allowed to share it. Kathleen Long, a spokeswoman for Levin, would say only that the department’s “answer included the information requested.”
The Pentagon also went on to tell ProPublica that revealing who we're actually at war with would do "serious damage to national security." The main reason? They think those groups would use the info as good publicity and allow them to recruit more. But that's ridiculous, since those groups are already being targeted by the US:
Jack Goldsmith, a professor at Harvard Law who served as a legal counsel during the Bush administration and has written on this question  at length, told ProPublica that the Pentagon’s reasoning for keeping the affiliates secret seems weak. “If the organizations are ‘inflated’ enough to be targeted with military force, why cannot they be mentioned publicly?” Goldsmith said. He added that there is “a countervailing very important interest in the public knowing who the government is fighting against in its name."
It really goes beyond that when you think about it. This lack of transparency out of some silly fear that these groups would use it to build up their own reputation is just wacky. It leaves open such massive loopholes for abuse by the government.
Every time we talk about things like this, people trot out the same old joke: it really means that "the public" is "the enemy." That, obviously, is an exaggeration, but the level of secrecy around all of these kinds of efforts -- in the mistaken belief that letting anyone know who you're fighting and what you're doing will somehow undermine the whole campaign -- is entirely antithetical to the kind of example we should be setting around the globe. And, of course, it's doubly ironic that the very same people who are defending this lack of transparency are the ones who trot out the "if you've done nothing wrong, you've got nothing to hide." The obvious response, then, is that we should be asking exactly what our government is trying to hide, because it sure sounds like they've done a lot of things wrong.
I don't think I've ever had so many people all recommend I watch the same thing as the number of folks who pointed me to Cory Doctorow's brilliant talk at the Chaos Communication Congress in Berlin last week. You can watch the 55 minute presentation below... or if you're a speed reader, you can check out the fantastic transcript put together by Joshua Wise, which I'll be quoting from:
The crux of his argument is pretty straightforward. The idea behind all these attempts to "crack down" on copyright infringement online, with things like DRM, rootkits, three strikes laws, SOPA and more, are really simply all forms of attacks on general purpose computing. That's because computers that can run any program screw up the kind of gatekeeper control some industries are used to, and create a litany of problems for those industries:
By 1996, it became clear to everyone in the halls of power that there was something important about to happen. We were about to have an information economy, whatever the hell that was. They assumed it meant an economy where we bought and sold information. Now, information technology makes things efficient, so imagine the markets that an information economy would have. You could buy a book for a day, you could sell the right to watch the movie for one Euro, and then you could rent out the pause button at one penny per second. You could sell movies for one price in one country, and another price in another, and so on, and so on; the fantasies of those days were a little like a boring science fiction adaptation of the Old Testament book of Numbers, a kind of tedious enumeration of every permutation of things people do with information and the ways we could charge them for it.
[[355.5]] But none of this would be possible unless we could control how people use their computers and the files we transfer to them. After all, it was well and good to talk about selling someone the 24 hour right to a video, or the right to move music onto an iPod, but not the right to move music from the iPod onto another device, but how the Hell could you do that once you'd given them the file? In order to do that, to make this work, you needed to figure out how to stop computers from running certain programs and inspecting certain files and processes. For example, you could encrypt the file, and then require the user to run a program that only unlocked the file under certain circumstances.
[[395.8]] But as they say on the Internet, "now you have two problems". You also, now, have to stop the user from saving the file while it's in the clear, and you have to stop the user from figuring out where the unlocking program stores its keys, because if the user finds the keys, she'll just decrypt the file and throw away that stupid player app.
[[416.6]] And now you have three problems [audience laughs], because now you have to stop the users who figure out how to render the file in the clear from sharing it with other users, and now you've got four! problems, because now you have to stop the users who figure out how to extract secrets from unlocking programs from telling other users how to do it too, and now you've got five! problems, because now you have to stop users who figure out how to extract secrets from unlocking programs from telling other users what the secrets were!
From there he goes on to put together a fantastic analogy of how a confusion over analogies, rather than (perhaps) outright cluelessness (or evilness) explains why bad copyright laws keep getting passed:
It's not that regulators don't understand information technology, because it should be possible to be a non-expert and still make a good law! M.P.s and Congressmen and so on are elected to represent districts and people, not disciplines and issues. We don't have a Member of Parliament for biochemistry, and we don't have a Senator from the great state of urban planning, and we don't have an M.E.P. from child welfare. (But perhaps we should.) And yet those people who are experts in policy and politics, not technical disciplines, nevertheless, often do manage to pass good rules that make sense, and that's because government relies on heuristics -- rules of thumbs about how to balance expert input from different sides of an issue.
[[686.3]] But information technology confounds these heuristics -- it kicks the crap out of them -- in one important way, and this is it. One important test of whether or not a regulation is fit for a purpose is first, of course, whether it will work, but second of all, whether or not in the course of doing its work, it will have lots of effects on everything else. If I wanted Congress to write, or Parliament to write, or the E.U. to regulate a wheel, it's unlikely I'd succeed. If I turned up and said "well, everyone knows that wheels are good and right, but have you noticed that every single bank robber has four wheels on his car when he drives away from the bank robbery? Can't we do something about this?", the answer would of course be "no". Because we don't know how to make a wheel that is still generally useful for legitimate wheel applications but useless to bad guys. And we can all see that the general benefits of wheels are so profound that we'd be foolish to risk them in a foolish errand to stop bank robberies by changing wheels. Even if there were an /epidemic/ of bank robberies, even if society were on the verge of collapse thanks to bank robberies, no-one would think that wheels were the right place to start solving our problems.
[[762.0]] But. If I were to show up in that same body to say that I had absolute proof that hands-free phones were making cars dangerous, and I said, "I would like you to pass a law that says it's illegal to put a hands-free phone in a car", the regulator might say "Yeah, I'd take your point, we'd do that". And we might disagree about whether or not this is a good idea, or whether or not my evidence made sense, but very few of us would say "well, once you take the hands-free phones out of the car, they stop being cars". We understand that we can keep cars cars even if we remove features from them. Cars are special purpose, at least in comparison to wheels, and all that the addition of a hands-free phone does is add one more feature to an already-specialized technology. In fact, there's that heuristic that we can apply here -- special-purpose technologies are complex. And you can remove features from them without doing fundamental disfiguring violence to their underlying utility.
[[816.5]] This rule of thumb serves regulators well, by and large, but it is rendered null and void by the general-purpose computer and the general-purpose network -- the PC and the Internet. Because if you think of computer software as a feature, that is a computer with spreadsheets running on it has a spreadsheet feature, and one that's running World of Warcraft has an MMORPG feature, then this heuristic leads you to think that you could reasonably say, "make me a computer that doesn't run spreadsheets", and that it would be no more of an attack on computing than "make me a car without a hands-free phone" is an attack on cars. And if you think of protocols and sites as features of the network, then saying "fix the Internet so that it doesn't run BitTorrent", or "fix the Internet so that thepiratebay.org no longer resolves", then it sounds a lot like "change the sound of busy signals", or "take that pizzeria on the corner off the phone network", and not like an attack on the fundamental principles of internetworking.
The end result, then, is that any attempt to pass these kinds of laws really results not in building a task-specific computing system or application, but in deliberately crippling a general purpose machine -- and that's kind of crazy for all sorts of reasons. Basically, it effectively means having to put spyware everywhere:
[[1090.5]] Because we don't know how to build the general purpose computer that is capable of running any program we can compile except for some program that we don't like, or that we prohibit by law, or that loses us money. The closest approximation that we have to this is a computer with spyware -- a computer on which remote parties set policies without the computer user's knowledge, over the objection of the computer's owner. And so it is that digital rights management always converges on malware.
[[1118.9]] There was, of course, this famous incident, a kind of gift to people who have this hypothesis, in which Sony loaded covert rootkit installers on 6 million audio CDs, which secretly executed programs that watched for attempts to read the sound files on CDs, and terminated them, and which also hid the rootkit's existence by causing the kernel to lie about which processes were running, and which files were present on the drive. But it's not the only example; just recently, Nintendo shipped the 3DS, which opportunistically updates its firmware, and does an integrity check to make sure that you haven't altered the old firmware in any way, and if it detects signs of tampering, it bricks itself.
[[1158.8]] Human rights activists have raised alarms over U-EFI, the new PC bootloader, which restricts your computer so it runs signed operating systems, noting that repressive governments will likely withhold signatures from OSes unless they have covert surveillance operations.
[[1175.5]] And on the network side, attempts to make a network that can't be used for copyright infringement always converges with the surveillance measures that we know from repressive governments. So, SOPA, the U.S. Stop Online Piracy Act, bans tools like DNSSec because they can be used to defeat DNS blocking measures. And it blocks tools like Tor, because they can be used to circumvent IP blocking measures. In fact, the proponents of SOPA, the Motion Picture Association of America, circulated a memo, citing research that SOPA would probably work, because it uses the same measures as are used in Syria, China, and Uzbekistan, and they argued that these measures are effective in those countries, and so they would work in America, too!
[audience laughs and applauds] Don't applaud me, applaud the MPAA!
But his point is much bigger than copyright. It's that the copyright fight is merely the canary in the coalmine to this kind of attack on general purpose computing in all sorts of other arenas as well. And those fights may be much bigger and more difficult than the copyright fight:
And it doesn't take a science fiction writer to understand why regulators might be nervous about the user-modifiable firmware on self-driving cars, or limiting interoperability for aviation controllers, or the kind of thing you could do with bio-scale assemblers and sequencers. Imagine what will happen the day that Monsanto determines that it's really... really... important to make sure that computers can't execute programs that cause specialized peripherals to output organisms that eat their lunch... literally. Regardless of whether you think these are real problems or merely hysterical fears, they are nevertheless the province of lobbies and interest groups that are far more influential than Hollywood and big content are on their best days, and every one of them will arrive at the same place -- "can't you just make us a general purpose computer that runs all the programs, except the ones that scare and anger us? Can't you just make us an Internet that transmits any message over any protocol between any two points, unless it upsets us?"
[[1576.3]] And personally, I can see that there will be programs that run on general purpose computers and peripherals that will even freak me out. So I can believe that people who advocate for limiting general purpose computers will find receptive audience for their positions. But just as we saw with the copyright wars, banning certain instructions, or protocols, or messages, will be wholly ineffective as a means of prevention and remedy; and as we saw in the copyright wars, all attempts at controlling PCs will converge on rootkits; all attempts at controlling the Internet will converge on surveillance and censorship, which is why all this stuff matters. Because we've spent the last 10+ years as a body sending our best players out to fight what we thought was the final boss at the end of the game, but it turns out it's just been the mini-boss at the end of the level, and the stakes are only going to get higher.
And this is an important fight. It's why each of the moves to fight back against attempts to censor and break computing systems is so important. Because the next round of fights is going to be bigger and more difficult. And while they'll simply never succeed in actually killing off the idea of the all-purpose general computer (you don't put that kind of revelation back in Pandora's box), the amount of collateral damage that can (and almost certainly will) be caused in the interim is significant and worrisome.
His point (and presentation) are fantastic, and kind of a flip side to something that I've discussed in the past. When people ask me why I talk about the music industry so much, I often note that it's the leading indicator for the type of disruption that's going to hit every single industry, even many that believe they're totally immune to this. My hope was that we could extract the good lessons from what's happening in the music industry -- the fact that the industry has grown tremendously, that a massive amount of new content is being produced, and that amazing new business models mean that many more people can make money from music today than ever before -- and look to apply some of those lessons to other industries before they freak out.
But Cory's speech, while perhaps the pessimistic flip side of that coin, highlights the key attack vector where all of these fights against disruption will be fought. They'll be attacks on the idea of general purpose computing. And, if we're hoping to ward off the worst of the worst, we can't just talk about the facts and data and success stories, but also need to be prepared to explain and educate about the nature of a general purpose computer, and the massive (and dangerous) unintended consequences from seeking to hold back general computing power to stop "apps we don't like."