Glyn Moody’s Techdirt Profile

glynmoody

About Glyn MoodyTechdirt Insider




Posted on Techdirt - 27 February 2015 @ 2:44pm

We Now Know The NSA And GCHQ Have Subverted Most (All?) Of The Digital World: So Why Can't We See Any Benefits?

from the less-is-more dept

As Mike pointed out recently, thanks to Snowden (and possibly other sources), we now know the NSA, with some help from GCHQ, has subverted just about every kind of digital electronic device where it is useful to do so -- the latest being hard drives and mobile phones. That's profoundly shocking when you consider what most non-paranoid observers thought the situation was as recently as a couple of years ago. However, given that's how things stand, there are a couple of interesting ramifications.

First, that the recent attempts by politicians to demonize strong encryption look like an attempt to cover up the fact that most digital systems are already vulnerable using one or more of the techniques that have been revealed over the last year or two. That is, the NSA and GCHQ can probably access most digital content stored or transmitted in any way -- either because the encryption itself or the end-points have been compromised. Even standalone strong encryption systems like PGP -- thought still to be immune to direct attacks -- can be circumvented by breaking into the systems on which they are used.

Perhaps the dark hints that encryption could be banned or backdoored are simply part of a cynical ploy to present such an appalling vision of what could happen, that we gladly accept anything less extreme without complaint. In fact, the authorities have no intention of attempting anything so stupid -- it would put all online business at risk -- because they don't need to: they already have methods to access everything anyway.

That being the case, there is another important question. If the NSA and other parties do have ways of turning practically every digital electronic device into a system for spying on its users, that essentially means there is no criminal organization in the world -- ranging from the so-called "terrorist" ones that are used to justify so much bad policy currently, to the "traditional" ones that represent the bulk of the real threat to society -- that is not vulnerable to being infiltrated and subverted by government agencies.

And yet we don't see this happen. Drug cartels thrive; people trafficking is surging; the smuggling of ivory and endangered animals is profitable as never before. Similarly, despite the constant and sophisticated monitoring of events across the Middle East, the rise of Islamic State evidently took the US and its allies completely by surprise. How is it that global criminality has not been brought to its knees, or that such massive geopolitical developments were not picked up well in advance -- and nipped in the bud?

One obvious explanation for this pattern is that just as the attackers of London, Boston, Paris and Copenhagen were all known to the authorities, so early tell-tale signs of the rise of Islamic State were detected, but remained drowned out by the sheer volume of similar and confounding information that was being gathered. Similarly, it is presumably easy to create huge stores of information on drug bosses or people smugglers -- but hard to find enough personnel to analyze and act on that data mountain.

Now that we have a better idea of the extraordinary reach of the global surveillance being carried out at all times, the failure of that activity to make us safer by countering criminal activity, at whatever scale, becomes all the more striking. It's time the intelligence agencies accepted that the "collect it all" approach is not just failing, but actually exactly wrong: what we need is not more surveillance, but much less of it and much better targeted.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

28 Comments | Leave a Comment..

Posted on Techdirt - 27 February 2015 @ 1:00am

After Open Source, Open Access, Open Data And The Rest, Here Comes The Open Jihad

from the massively-parallel-codevelopment dept

Even to those of us who are not experts in foreign policy, it is obvious that the security situation is deteriorating across a huge swathe of the Near East and Africa, as attacks in Afghanistan, Iraq, Syria, Yemen, Egypt, Libya, Nigeria, Cameroon and elsewhere multiply. Western analysts seem to be struggling to come up with a cogent explanation for this increasing success. That makes this short but illuminating post by John Robb particularly valuable. He describes what is happening across this vast area as the "open jihad." Here are its key characteristics:

Open jihad evolves (gets better) through massively parallel co-development. All of the groups in the open jihad, no matter how small (even down to individuals), can contribute. They do this by:

1. tinkering with tactics, strategies, and technologies that can be used to advance the open jihad.

2. testing the efficacy of these innovations by using them against the enemy. In other words, throwing them against the wall to see what sticks.

3. copying the innovations that work.
These are also some of the key features of open source -- hence the name "open jihad." Their appearance in the context of international violence is a reminder that they are not limited to the digital world, with things like open source, open access, open data and all the other "opens," but are a set of very general principles for producing extremely rapid innovation in any domain. That might provide a clue to governments struggling to deal with this growing threat to stability that they ought to try something similar, rather than resorting to traditional responses that are doomed to fail when dealing with a new kind of enemy.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

52 Comments | Leave a Comment..

Posted on Techdirt - 26 February 2015 @ 9:23am

Despite Lack Of Evidence It Will Help, Australia Still Planning To Bring In Data Retention, Still Not Clear If It Could Be Used Against Copyright Infringement

from the learning-the-hard-way dept

Last year, we noted that one danger of bringing in data retention in Australia is that stored metadata might end up being used for all kinds of purposes that have nothing to do with fighting "terrorism," its principal justification. One particular concern is that it could be used to hunt for people downloading files illegally. Several months later, the signals are still very mixed. On the one hand, we have the following, as reported by the Guardian:

Authorities are not interested in using the Abbott government's proposed data retention scheme to go after internet pirates and would be prevented from doing so by the commonwealth ombudsman, the assistant commissioner of the Australian federal police, Tim Morris, has said.

Morris also said any changes to the way metadata is collected and used would have to be approved by the ombudsman.

But that guarantee is less than watertight because of the following:
The ombudsman, Colin Neave, has told Guardian Australia his office would not play a formal oversight role in the scheme and would give advice only at the attorney general’s discretion.
The Greens senator Scott Ludlam, noted that the ombudsman's oversight provided only "weak" protection against function creep, and that the public could not therefore depend on Morris’s assurances that the scope of the scheme would not expand in the future.

Whether or not stored metadata will be used against copyright infringement may be in doubt, but it seems that the Australian government's intention to bring in data retention is not, despite the fact that when asked on multiple occasions for evidence the move was justified, it has been unable to provide any. That's not really surprising given the Danish experience that keeping this kind of data didn't help, and may actually have hindered police investigations. Sadly, it looks like Australia is determined to discover this fact the hard and expensive way.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

18 Comments | Leave a Comment..

Posted on Techdirt - 25 February 2015 @ 8:59pm

Should Open Source Intelligence Be Used For Policy Making?

from the transparent-and-verifiable dept

Last summer, we wrote about the rise of open journalism, whereby people take publicly-available information, typically on social networks, to extract important details that other, more official sources either overlook or try to hide. Since then, one of the pioneers of that approach, Eliot Higgins, has used crowdfunding to set up a site called "Bellingcat", dedicated to applying these techniques. Principal themes there include the shooting down of Malaysian Airlines Flight 17 (MH17), and the civil war in Syria.

Higgins recently published a post on the blog of the Policy Institute at King's College, London, in which he suggested that such open source intelligence (OSINT) could be used for formulating policy in situations where traditional sources of information are limited:

In recent years, content shared via social media from conflict war zones has allowed us to gain a far deeper understanding of the on-the-ground realities of specific conflicts than previously possible. This presents a real opportunity for providing robust evidence which can underpin foreign and security policymaking about emerging, or rapidly escalating, conflict zones.
He cites his own group's work on the shooting-down of the MH17 flight as an example, noting some of the advantages and challenges:
Our research on the Buk missile launcher demonstrates that not only is there a wealth of largely untapped information available online and especially on social media, but also that a relatively small team of analysts is able to derive a rich picture of a conflict zone. Clearly, research of this kind must be underpinned by an understanding of the way in which content is being produced, who is sharing it, and, crucially, how to verify it -- and these are methodological challenges which need to be addressed systematically.
That call for open source information to be used more widely has now been echoed by two researchers at the International Centre for Security Analysis, also at King's College -- not surprisingly, perhaps, since they too use this technique in their work:
There is a powerful case for incorporating OSINT approaches to evidence-based policymaking. In the first place, evidence produced by OSINT methods can be both robust and rigorous, not least because it can be underpinned by extensive datasets. And in the second, it has the potential to be both transparent and verifiable; all open source evidence is, by definition, based on data that is publicly (and often freely) available.
However, they note that so far the uptake of such methods to inform policy-making has been very limited. Here's why:
At the heart of the problem is the fact that OSINT approaches are still relatively 'young' and, all too often in our experience, lack the rigour and reliability needed to underpin effective policymaking.
To overcome those issues, they suggest that practitioners of OSINT should develop more reliable open intelligence tools and methods, and should communicate better the advantages of this approach. They also urge policy makers to take open source intelligence into consideration as an additional form of evidence, but given the conservatism and risk aversion in these circles, I imagine it will take some time before that happens.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

12 Comments | Leave a Comment..

Posted on Techdirt - 25 February 2015 @ 12:54am

Facebook's Updated Privacy Policy Breaches EU Law, Belgian Study Claims; Other Countries Investigating

from the must-try-harder dept

Europeans have a rather ambivalent attitude to Facebook. On the one hand, millions of them love using it. On the other, many people are worried about the huge stores of personal information it is building up on its users -- and what it does with it. This has led to various attempts by the Austrian Max Schrems to find out what Facebook knows about him -- and to establish whether its handling of his data is compliant with EU data protection laws. Separately from those efforts, the Belgian privacy commission has been investigating Facebook's privacy policy. It asked researchers at a pair of local universities to provide an analysis. Here's what they found, as reported by the Guardian:

A report commissioned by the Belgian privacy commission has found that Facebook is acting in violation of European law, despite updating its privacy policy.

Conducted by the Centre of Interdisciplinary Law and ICT at the University of Leuven in Belgium, the report claimed that Facebook's privacy policy update in January had only expanded older policy and practices, and found that it still violates European consumer protection law.
The report runs to over 60 pages (pdf). The key findings are as follows:
To be clear: the changes introduced in 2015 weren't all that drastic. Most of Facebook's "new" policies and terms are simply old practices made more explicit. Our analysis indicates, however, that Facebook is acting in violation of European law. First, Facebook places too much burden on its users. Users are expected to navigate Facebook's complex web of settings (which include "Privacy", "Apps", "Adds", "Followers", etc.) in search of possible opt-outs. Facebook's default settings related to behavioural profiling or Social Ads, for example, are particularly problematic. Moreover, users are offered no choice whatsoever with regard to their appearance in "Sponsored Stories" or the sharing of location data. Second, users do not receive adequate information. For instance, it isn't always clear what is meant by the use of images "for advertising purposes". Will profile pictures only be used for "Sponsored Stories" and "Social Adverts", or will it go beyond that? Who are the "third party companies", "service providers" and "other partners" mentioned in Facebook's data use policy? What are the precise implications of Facebooks' extensive data gathering through third-party websites, mobile applications, as well recently acquired companies such as WhatsApp and Instagram?
Unfortunately for Facebook, this is just the start of a much wider investigation across Europe:
The Belgian Privacy Commission is also part of a European task force, which includes data protection authorities from the Netherlands, Belgium and Germany. [Leuven University's] ICRI/CIR and [Vrije Universiteit Brussel's] iMinds-SMIT will continue to support the Privacy Commission in the context of its investigation and future updates to the report will also be shared with their German and Dutch colleagues.
The Guardian notes that other European groups are scrutinizing Facebook's privacy policy:
Facebook is already being investigated by the Dutch data protection authority, which asked Facebook to delay rollout of its new privacy policy, and is being probed by the Article 29 working party formed of data regulators from individual countries across Europe, including the UK’s Information Commissioner’s Office.
Looks like Facebook has a busy few years ahead of it -- and what applies to Facebook is also likely to apply to a host of other companies that offer online services based on gathering large amounts of personal data in Europe.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

7 Comments | Leave a Comment..

Posted on Techdirt - 24 February 2015 @ 1:41pm

Head Of UK Parliamentary Committee Overseeing Intelligence Agencies Resigns After Being Caught In Sting

from the a-question-of-trust dept

The UK government's response to Snowden's leaks has been twofold: that everything is legal, and that everything is subject to rigorous scrutiny. We now know that the first of these is not true, and the second is hardly credible either, given that the UK's main intelligence watchdog has only one full-time member. There's one other main oversight body, the UK's Intelligence and Security Committee of Parliament (ISC), which is tasked with examining:

the policy, administration and expenditure of the Security Service, Secret Intelligence Service (SIS), and the Government Communications Headquarters (GCHQ).
The ISC was criticized as part of a larger condemnation of intelligence oversight by another UK Parliament committee. The head of the ISC, Sir Malcolm Rifkind, was reported by the Guardian as dismissing those criticisms as "old hat," as if that somehow made them acceptable. Rifkind has now been caught up in a rather more serious row, which involves reporters from the UK's Channel 4 and The Telegraph newspaper posing as representatives of a Chinese company:
PMR, a communications agency based in Hong Kong was set up, backed by a fictitious Chinese businessman. PMR has plenty of money to spend and wants to hire influential British politicians to join its advisory board and get a foothold in the UK and Europe.
Here's what Channel 4 and the Telegraph allege happened in their meeting with Rifkind:
Sir Malcolm also claimed he could write to a minister on behalf of our company without saying exactly who he was representing

Sir Malcolm added that he could see any foreign ambassador in London if he wanted, so could provide 'access' that is 'useful'
Rifkind said that he was "self-employed" -- in fact, he is a Member of Parliament, and receives a salary of £67,000 per year -- and that his normal fee was "somewhere in the region of £5,000 to £8,000" for half a day's work. There's no suggestion that Rifkind made any reference during the sting to his role as head of the ISC, but that's not really the point. He was offering a Chinese company access to influential people purely because he would get paid to do so, and that is surely not the kind of person you would want to grant the high-level security clearance Rifkind enjoys.

Then there is the question of what happens when Rifkind leaves Parliament: as Techdirt noted back in 2012, politicians can earn huge amounts of money by going to work as lobbyists, drawing on their contacts to ease the path for legislation or contracts or whatever. According to the disgraced lobbyist Jack Abramoff, merely letting politicians know that a job as lobbyist was waiting for them if they wanted it can be enough to shift their loyalties. That would be hugely troubling if it concerned someone occupying such a sensitive position as Rifkind.

After initially being suspended from the Conservative party, pending a disciplinary review, Rifkind has now resigned as chairman of the ISC, and announced that he will not be a candidate for re-election in the UK's general election later this year. He probably decided to fall on his sword in an attempt to spare the UK government further embarrassment, but his move will do little to bolster the dwindling credibility of the ISC, or the repeated claim that there are no problems with oversight of UK intelligence services.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

19 Comments | Leave a Comment..

Posted on Techdirt - 24 February 2015 @ 1:11am

Digital Rights Group And ISPs Bring Legal Challenge Against New French Surveillance Law

from the just-the-beginning dept

As we've been reporting, seemingly hopeless legal challenges to UK surveillance have already notched up two wins, and revealed previously secret details about what has been going on. Now the French digital rights group La Quadrature du Net (LQDN) is taking the same approach in France:

Together with FFDN, a federation of community-driven non-profit ISPs, La Quadrature du Net is bringing a legal action before the French Council of State against a decree on administrative access to online communications metadata. Through this decree, it is a whole pillar of the legal basis for Internet surveillance that is being challenged. This appeal, which builds on the European Union Court of Justice's recent decision on data retention, comes as the French government is instrumentalizing last month's tragic events to further its securitarian agenda, with an upcoming bill on intelligence services.
LQDN is referring to the fact that in December 2014, the French government quietly passed an executive decree bringing in controversial surveillance measures that were passed by the French parliament a year before -- more details are given in LQDN's post. This is the first legal challenge carried out directly by La Quadrature du Net, but is unlikely to be the last:
Eventually, this legal challenge will make it possible not only to formally refer the issue to the Constitutional Council, since the [new surveillance law] never underwent a constitutionality check, but also to confront existing French Law with the [Court of Justice of the EU] and the [European Court of Human Rights]'s case laws.
In other words, even if the present challenge before the French Council of State fails, there are further legal avenues that can be explored afterwards, which makes the likelihood that at least one of them will be successful much higher.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

9 Comments | Leave a Comment..

Posted on Techdirt - 20 February 2015 @ 6:16am

Humiliating Admission By UK Government That Yet More Of Its Surveillance Was Unlawful

from the well,-not-*completely*-legal dept

A couple of weeks ago, we reported on a small but important defeat for the UK government when the Investigatory Powers Tribunal (IPT) ruled that intelligence sharing between the NSA and GCHQ was unlawful. Now, in a sign that the cracks in the UK's impenetrable silence on its surveillance activities are beginning to spread, the Guardian reports on the following surprising development:

The regime under which UK intelligence agencies, including MI5 and MI6, have been monitoring conversations between lawyers and their clients for the past five years is unlawful, the British government has admitted.
Here's why the UK government has suddenly started owning up to these misdeeds:
The admission that the regime surrounding state snooping on legally privileged communications has also failed to comply with the European convention on human rights comes in advance of a legal challenge, to be heard early next month, in which the security services are alleged to have unlawfully intercepted conversations between lawyers and their clients to provide the government with an advantage in court.
Remarkably, the confession has brought with it an unprecedented explanatory statement:
"In view of recent IPT judgments, we acknowledge that the policies adopted since [January] 2010 have not fully met the requirements of the ECHR, specifically article 8 (right to privacy). This includes a requirement that safeguards are made sufficiently public.

"It does not mean that there was any deliberate wrongdoing on their part of the security and intelligence agencies, which have always taken their obligations to protect legally privileged material extremely seriously. Nor does it mean that any of the agencies' activities have prejudiced or in any way resulted in an abuse of process in any civil or criminal proceedings."
This surprise admission shows once again the value of taking legal action against government surveillance, even when the odds of succeeding seem slim. Twice now the UK has revealed details purely as a result of challenges. Perhaps even more importantly, twice now the UK government's standard response to leaks -- that it wouldn't confirm or deny anything, but the British public could rest assured that whatever may have happened was completely legal -- has been shown to be false.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

29 Comments | Leave a Comment..

Posted on Techdirt - 20 February 2015 @ 1:05am

Cerf Warns Of A 'Lost Century' Caused By Bit Rot; Patents And Copyright Largely To Blame

from the and-he-should-know dept

According to his online biography, Vint Cerf is:

Vice president and Chief Internet Evangelist for Google. He is responsible for identifying new enabling technologies and applications on the Internet and other platforms for the company.
That suggests someone whose main job is to look forward, rather than back, and with a certain optimism too. But an article in the Guardian reports on a speech he gave in which he is not only concerned with the past of online technologies, rather than their future, but is also issuing an important warning about their fatal flaws:
Humanity's first steps into the digital world could be lost to future historians, Vint Cerf told the American Association for the Advancement of Science's annual meeting in San Jose, California, warning that we faced a "forgotten generation, or even a forgotten century" through what he called "bit rot", where old computer files become useless junk.
Of course, he's not the first person to raise that issue -- Techdirt wrote about this recently -- but Cerf's important contributions to the creation of the Internet, and his current role at Google, lend particular weight to his warning. That said, the Guardian article seems to miss the central reason all this is happening. It's not that it's really hard to create emulators to run old programs or open old files. The real issue is tucked away right at the end of the article, which quotes Cerf as saying:
"the rights of preservation might need to be incorporated into our thinking about things like copyright and patents and licensing. We're talking about preserving them for hundreds to thousands of years," said Cerf.
The main obstacles to creating software that can run old programs, read old file formats, or preserve old webpages, are patents and copyright. Patents stop people creating emulators, because clean-room implementations that avoid legal problems are just too difficult and expensive to carry out for academic archives to contemplate. At least patents expire relatively quickly, freeing up obsolete technology for reimplementation. Copyright, by contrast, keeps getting extended around the world, which means that libraries would probably be unwilling to make backup copies of digital artefacts unless the law was quite clear that they could -- and in many countries, it isn't.

Once again, we see that far from promoting and preserving culture, intellectual monopolies like patents and copyright represent massive impediments that may, as Cerf warns, result in vast swathes of our digital culture simply being lost forever.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

21 Comments | Leave a Comment..

Posted on Techdirt - 19 February 2015 @ 4:08am

If You Care About The Environment In Canada, You May Be Targeted As An 'Anti-Petroleum Extremist'

from the muzzling-dissent-again dept

As Techdirt has been warning for some time, one of the dangers with the flood of "anti-terrorist" laws and powers is that they are easily redirected against other groups for very different purposes. A story in the Globe and Mail provides another chilling reminder of how that works:

The RCMP [Royal Canadian Mounted Police] has labelled the "anti-petroleum" movement as a growing and violent threat to Canada's security, raising fears among environmentalists that they face increased surveillance, and possibly worse, under the Harper government's new terrorism legislation.
As the Globe and Mail article makes clear, environmentalists are now being considered as part of an "anti-petroleum" movement. That's not just some irrelevant rebranding: it means that new legislation supposedly targeting "terrorism" can be applied.
The legislation identifies "activity that undermines the security of Canada" as anything that interferes with the economic or financial stability of Canada or with the country's critical infrastructure, though it excludes lawful protest or dissent. And it allows the Canadian Security and Intelligence Service to take measures to reduce what it perceives to be threats to the security of Canada.
Clearly, that's an incredibly broad definition, and would apply to just about any environmental or social movement -- especially since even the most peaceful protests are often considered "illegal." That, in its turn would allow Canada's security agencies to collect information on these groups, and "disrupt" them. What's also troubling about the leaked RCMP "intelligence assessment" that forms the source for the Globe and Mail story is the very clear political position it seems to be taking on fossil fuels and climate change:
The report extolls the value of the oil and gas sector to the Canadian economy, and adds that many environmentalists "claim" that climate change is the most serious global environmental threat, and "claim" it is a direct consequence of human activity and is "reportedly" linked to the use of fossil fuels.
That sounds more like something that would come from the oil and gas industries' marketing departments, rather than from a country's impartial police force. However, as Techdirt has reported before, the current Canadian government has been muzzling other groups that dare to disagree with its policies, especially on climate change, for some time. Redefining environmentalists as anti-petroleum extremists is clearly part of the same repressive approach.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

42 Comments | Leave a Comment..

Posted on Techdirt - 19 February 2015 @ 1:01am

Is Arduino Heading Towards The First Open Hardware Fork?

from the adventure-continues dept

Although Arduino has figured a few times here on Techdirt in the DailyDirt section, it's not very well-known outside the world of open hardware, where it was one of the pioneers (its reference designs are distributed under a CC-BY-SA license, and all of its software under the GNU GPL or LGPL). One sad sign that Arduino has arrived is that there is currently a falling out between some of the founders (original in Italian), partly over the rising monetary stakes involved.

The Italian company set up by one founder, Gianluca Martino, has been the main supplier of Arduino products for years -- the open hardware license allows others to make them, too, but not to claim that they are "official." Originally called Smart Projects, it has now renamed itself Arduino Srl, and taken on a new CEO with the aim of growing sales and taking the company public in a few years' time. That hasn't gone down too well with perhaps the best-known of the founders, Massimo Banzi, who oversees the development of the whole Arduino project, and heads up the Swiss-based company Arduino Sa, a subsidiary of the main Arduino Llc, registered in Massachusetts.

Alongside the original Arduino site arduino.cc, Martino's company has now created arduino.org, with a similar color scheme, and the motto "the adventure continues." Both Martino and Banzi say they are discussing partnerships with other manufacturers -- Martino with Bosch and Panasonic, Banzi with Intel -- with a view to selling more Arduino boards around the world (original in Italian). Inevitably, perhaps, the two factions are fighting each other in lawsuits.

However those suits are decided, it seems possible that there will be some kind of fork of Arduino, with the two rival camps claiming to be the true heirs of the original project. That's common enough in the world of open source software, but this will probably be the first time it has happened in the open hardware field.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 18 February 2015 @ 9:31am

China To Require Real-Name Registration For Online Services And Bans On Parody Accounts

from the boring-but-not-necessarily-effective dept

China has been trying for some time to clamp down on the Internet, in an attempt to prevent it from being used in ways that threaten the authorities' control. Since the appointment of China's new leader, Xi Jinping, the situation has deteriorated -- China Digital Times speaks of the "new normal" of sharpened control. Here's yet another move to that end, as reported by Reuters:

China will ban from March 1 internet accounts that impersonate people or organizations, and enforce the requirement that people use real names when registering accounts online, its internet watchdog said on Wednesday.
The ban on parody accounts might seem strange, but is likely to have quite an impact on China's online culture:
The ban on impersonations includes accounts that purport to be government bodies, such as China's anti-corruption agency and news organizations like the People's Daily state newspaper, as well as accounts that impersonate foreign leaders, such as U.S. President Barack Obama and Russia's Vladimir Putin, the Cyberspace Administration of China (CAC) said on its website.

Many users of social media create parody accounts of prominent figures and institutions to poke fun at them.
However, once users have registered their real names, they will be permitted to use nicknames, as the new regulation explains:
Internet information service providers shall, according to the principle of "real name backstage, voluntary choice front stage”, demand Internet information service users to register accounts after undergoing real identity information authentication.

Internet information service users shall, when registering accounts, conclude an agreement with the Internet information service provider, and commit to respect the seven baselines of laws and regulations, the Socialist system, the national interest, citizens' lawful rights and interest, the public order, social moral customs and the veracity of information.
That comes from China Copyright and Media's complete translation of the new CAC regulation. Here are the rather stringent rules that apply when choosing an online nickname:
The Internet user account name registered and used by any body or individual may not contain the following elements:

(1) content violating the provisions of the Constitution, laws or regulations;

(2) content violating national security, leaking State secrets, subverting the national regime, or destroying national unity;

(3) content harming the honour and interests of the State, or harming the public interest;

(4) content inciting ethnic hatred or ethnic discrimination, or destroying ethnic unity;

(5) content destroying State religious policies, propagating heresy or feudal superstition;

(6) content disseminating rumours, disrupting social order, or destroying social stability;

(7) content disseminating obscenity, sex, gambling, violence, murder, terror or instigating crime;

(8) content defaming or slandering others, or infringing others’ lawful rights and interests;

(9) other content prohibited by laws and administrative regulations.
That's obviously a pretty comprehensive list, and might suggest that the Chinese Internet is doomed to become totally boring -- and completely censored. That may be the authorities' intention, but it's worth bearing in mind that this is not the first time that the Chinese government has attempted to impose real-name registration online.

A fascinating series of five articles on the Fei Chang Dao site details how similar campaigns to tame the online world have been introduced many times since 2003, evidently without much success. Although the current crackdown on Internet freedom certainly appears more serious than earlier ones, it remains to be seen whether the Chinese authorities manage to impose real-name registration on all services, or whether this will turn out to be just the latest in a long string of failures.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

15 Comments | Leave a Comment..

Posted on Techdirt - 18 February 2015 @ 12:58am

UK Police Forces Have Secret Facial Recognition Database Of 18 Million People, Many Innocent

from the false-positives dept

The UK already has a pretty awful reputation when it comes to surveillance, what with millions of CCTV cameras, DRIPA and two recent attempts to shove the Snooper's Charter through Parliament without scrutiny. So perhaps it should come as no surprise to discover that UK police forces have created a giant facial recognition database that includes hundreds of thousands of innocent people:

Police forces in England and Wales have uploaded up to 18 million "mugshots" to a facial recognition database -- despite a court ruling it could be unlawful.

They include photos of people never charged, or others cleared of an offence, and were uploaded without Home Office approval, [the BBC's] Newsnight has learned.
As BBC News notes, the photos of innocent people have been retained in contempt of an explicit order from the court to remove them:
It comes despite a ruling in 2012, when two people went to the High Court to force the Metropolitan Police to delete their photos from databases.

The judge warned forces should revise their policies in "months, not years".
Also worrying is this belief in the database's infallibility:
Andy Ramsay, identification manager at Leicestershire Police, told Newsnight the force now had a database with 100,000 custody photos.

He said searches of the database using facial recognition were 100% reliable in cases where there were clear images, and could be completed in seconds.
No non-trivial matching system is "100% reliable": there are always false positives that make detection of criminals harder, not easier. There is a danger that the UK police will start using this supposed infallibility as an argument in itself: since our system never makes mistakes, if it says you are guilty, you must be guilty. And there is another important issue, articulated here by David Davis, a former Conservative minister:
"It's quite understandable, police always want more powers, but I'm afraid the courts and parliament say there are limits," he said.

"You cannot treat innocent people the same way you treat guilty people."
What's worrying is that UK police forces don't seem to care what the courts say, as they strive to create their video surveillance database that does indeed treat everyone in exactly the same way: as potential criminals until the "100% reliable" system turns them into recognized criminals.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

23 Comments | Leave a Comment..

Posted on Techdirt - 17 February 2015 @ 3:43am

Russia Reaches The Censorship Endgame: Banning VPNs, Tor And Web Proxies

from the ghouls,-all-gathered-in-one-place dept

We have been tracking for some time the increasingly repressive measures that the Russian authorities have brought in to censor and control the Internet. Of course, Techdirt readers know that an easy way to circumvent both censorship and control is to use tools like VPNs and Tor. Unfortunately, the Russian authorities also know this, and are now calling for action against them, as TorrentFreak reports:

Speaking at Infoforum-2015, Russian MP Leonid Levin, who is deputy head of the Duma Committee on information politics, indicated that access to anonymization and circumvention tools such as TOR, VPNs and even web proxies, needs to be restricted.
Levin also called for Roskomnadzor, the state agency that oversees communications and the Internet, to be given more powers to intervene. If the views of Vadim Ampelonskogo, Roskomnadzor's chief press officer, are anything to go by, that is likely to have serious consequences for online freedom:
Describing the Tor network as a "den of criminals" and "ghouls, all gathered in one place", Ampelonskogo said Roskomnadzor would find a solution to block anonymous networks if it was supported by a relevant regulatory framework.
What's troubling about this latest call for even tighter control is that it was entirely predictable. Once governments start blocking sites and restricting freedom of speech online, people inevitably respond by using VPNs and Tor to circumvent these measures. And that means that if governments want their laws to be effective, at some point they will take direct action against circumvention tools. That's why it's particularly worrying that Western governments have started down this road: it implies that they, too, might one day try to ban VPNs and Tor.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

51 Comments | Leave a Comment..

Posted on Techdirt - 13 February 2015 @ 1:14am

UK Surveillance Consultation Suggests It Is End-Point Security, Not Encryption, That Cameron Wants To Subvert

from the Snowden-was-right,-again dept

A few weeks ago, we reported on David Cameron's apparent call to undermine all encryption in the UK. But as we noted then, it was not clear from his offhand remark what exactly he meant, or how he planned to implement the idea. A new consultation document on the legal framework of surveillance in the UK provides a clue, as spotted by The Guardian:

Britain's security services have acknowledged they have the worldwide capability to bypass the growing use of encryption by internet companies by attacking the computers themselves.

The Home Office release of the innocuously sounding "draft equipment interference code of practice" on Friday put into the public domain the rules and safeguards surrounding the use of computer hacking outside the UK by the security services for the first time.

The publication of the draft code follows David Cameron's speech last month in which he pledged to break into encryption and ensure there was no "safe space" for terrorists or serious criminals which could not be monitored online by the security services with a ministerial warrant, effectively spelling out how it might be done.
That certainly makes sense. As Edward Snowden said during an early Q&A:
Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.
The new consultation document from the UK's Home Office seems to confirm that GCHQ can also find ways around it. It is one of two draft "codes of practice" for the main UK law governing surveillance, the Regulation of Investigatory Powers Act 2000 (RIPA). Although it's welcome that more details about the legislative framework are being provided, the way that is being done is problematic, as Carly Nyst, legal director of Privacy International, points out in the Guardian article:
"GCHQ cannot legitimise their unlawful activities simply by publishing codes of conduct with no legislative force. In particular, the use by intelligence agencies of hacking -- an incredibly invasive and intrusive form of surveillance -- cannot be snuck in by the back door through the introduction of a code of conduct that has undergone neither parliamentary nor judicial scrutiny. It is surely no mistake that this code of conduct comes only days before GCHQ is due to argue the lawfulness of its hacking activities in court."
It is also striking that the codes of conduct were released on the same day that the UK's secretive Investigatory Powers Tribunal ruled that British intelligence services had broken the law, but that they were now in compliance because previously unknown policies had been made public. As Nyst speculates, it could be that the UK government is releasing more details of its spying in the form of these consultation documents in an attempt to head off future losses in the courts.

Whether or not that is the case, it certainly seems that the attempts by civil liberties groups to end or at least limit mass surveillance are already having an effect on the UK government, and forcing it to provide basic details of its hitherto completely-secret activities. That success is a strong incentive to continue fighting for more proportionality and meaningful oversight here.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

14 Comments | Leave a Comment..

Posted on Techdirt - 12 February 2015 @ 1:05am

Political Meltdown In Macedonia Shows Destabilizing Effect Of Massive Government Surveillance

from the what-a-mess dept

Techdirt writes a lot about surveillance and its potential dangers. But if you want to see the reality of abusive governmental spying, look no further than Macedonia, where a huge surveillance scandal is unfolding (original in German, found via @Netzpolitik):

In a press conference announced weeks ago, opposition leader Zoran Zaev accused Prime Minister Nikola Gruevski of being responsible for a massive wiretapping scandal. Those spied upon include government ministers, opposition politicians, journalists, entrepreneurs and many members of the judiciary and the security apparatus.

"More than 20,000 people in Macedonia have been monitored over the years," said Zaev. "We have evidence that there has been a comprehensive, illegal wiretap program, on the direct instructions of the head of intelligence Saso Mijalkov and Prime Minister Nikola Gruevski."
With targeted surveillance affecting 1% of the population, it is hard to believe that alongside immediately useful information about what political opponents and key figures in society were saying and doing, a certain amount of blackmail material wasn't collected by the government spies and squirrelled away for future use. According to the Deutschlandfunk story translated above, for his part, Gruevski alleges that Zaev threatened to release damaging material he had obtained unless elections were called immediately.

The whole situation is a mess, and at its heart lies uncontrolled, abusive surveillance, where the inevitable leaks of incriminating material have now destabilized the entire political system. Sadly, there's no obvious way out. As the article notes, the lack of press freedom or even an independent judiciary in Macedonia means that it will be very hard to get to the bottom of what is happening here, and then move on.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

13 Comments | Leave a Comment..

Posted on Techdirt - 11 February 2015 @ 9:26am

Millions Of Users Unaware That Facebook Is On The Internet -- Or Think It *Is* The Internet

from the that's-what-I-call-a-gatekeeper dept

Facebook figures often enough on Techdirt, and most people here know what they are getting and giving when they sign up. But according to a fascinating article on qz.com, that's not true for everyone around the world who uses Facebook:

It was in Indonesia three years ago that Helani Galpaya first noticed the anomaly.

Indonesians surveyed by Galpaya told her that they didn't use the internet. But in focus groups, they would talk enthusiastically about how much time they spent on Facebook. Galpaya, a researcher (and now CEO) with LIRNEasia, a think tank, called Rohan Samarajiva, her boss at the time, to tell him what she had discovered. "It seemed that in their minds, the Internet did not exist; only Facebook," he concluded.
Nor are Indonesian users alone in this view:
In Africa, Christoph Stork stumbled upon something similar. Looking at results from a survey on communications use for Research ICT Africa, Stork found what looked like an error. The number of people who had responded saying they used Facebook was much higher than those who said they used the internet. The discrepancy accounted for some 3% to 4% of mobile phone users, he says.
The rest of the article goes on to present more evidence that many people are unaware that Facebook is on the Internet, or believe that Facebook is the Internet, and to explore the consequences. For example, one survey shows that 56% of Indonesians who use Facebook but say they don't use the Internet never follow links out of Facebook, against 25% who are on Facebook but say they also use the Internet; for Nigeria, the figures are 69% and 21% respectively. That confirms the immense power of Facebook to act as a gatekeeper -- to people online, to information, and to the lucrative advertising that powers most of the Web.

Although you can hardly blame Facebook for people's misunderstanding of how the Internet works when they use the social network, one major project from the company is likely to make things worse. Here's what the significantly-named Internet.org app hopes to achieve:
Over 85% of the world’s population lives in areas with existing cellular coverage, yet only about 30% of the total population accesses the internet. Affordability and awareness are significant barriers to internet adoption for many and today we are introducing the Internet.org app to make the internet accessible to more people by providing a set of free basic services.

With this app, people can browse a set of useful health, employment and local information services without data charges. By providing free basic services via the app, we hope to bring more people online and help them discover valuable services they might not have otherwise.
The aim here is to provide low-cost access to the Internet for those who might not otherwise be able to afford it. In fact, Internet.org goes further: it provides totally free access to the Internet -- or rather, free access to a very small list of pre-selected sites, including, of course, Facebook.

The intention is laudable, but Internet.org is a classic demonstration of why we need net neutrality. Providing free services may look great in principle, but effectively discriminates against everything not on the list, especially startups with limited resources. We certainly need to work on providing very low-cost Internet access to everyone who wants it, but not by creating a set of privileged services. One other risk with Facebook's Internet.org app is that it will probably encourage yet more people to think that those free services are not on the Internet, or that they are Internet -- all of it.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

60 Comments | Leave a Comment..

Posted on Techdirt - 11 February 2015 @ 1:11am

Does Angela Merkel Want To Renegotiate The Corporate Sovereignty Chapter In EU-Canada Trade Agreement?

from the that-would-be-big dept

Techdirt hasn't written much recently about the trade agreement between the EU and Canada, generally known as CETA. That's because it is "finished" -- at least, in theory. It is now undergoing what is known as the "legal scrub" to prepare it for the final ratification on both sides. One story we did write concerned questions about the agreement's compatibility with EU law, largely because of the corporate sovereignty provisions in CETA. Things have been fairly quiet since then, which makes the following story in the Canadian edition of Huffington Post, on a related aspect, particularly intriguing:

German chancellor Angela Merkel will be in Ottawa for a visit on Monday, but she may not be bringing the news [Canadian Prime Minister] Stephen Harper wants to hear when it comes to the Canada-European Union Comprehensive Economic and Trade Agreement (CETA).

That's because the German government wants to reopen CETA and amend the investor-state dispute settlement [ISDS] mechanism.
No source is given for that claim, but the following explanation is offered:
Merkel likely does not have an ideological problem with bestowing corporations with the hammer of the investor-state provision, but the political reality is that her Christian Democrats have 311 seats in the Bundestag and need the support of the 193 Social Democrats in that legislature to maintain her 'grand coalition' government. Her minister of economy is a Social Democrat and that party is very clear in its opposition to investor-state. Last year, that party's convention passed a resolution against investor-state.
In other words, Merkel needs to keep her Social Democrat coalition partners happy if CETA and TTIP are to pass in the national vote that will be held at some point. That impacts CETA, because last month the same Social Democrat Minister of the Economy and Energy made a joint declaration with his French counterpart in which they said they wished to examine "all the options for changing" the ISDS chapter in CETA (original in French). The Huffington Post article also notes that what happens with CETA has big implications for TAFTA/TTIP:
Beyond the challenge of coalition politics for Merkel, she also needs to contend with an electorate that may not have paid too much attention to a 'free trade' agreement with Canada, but is very attentive -- and critical -- of the European Union's current negotiations with the United States on another 'free trade' deal called the Transatlantic Trade and Investment Partnership (TTIP). If Merkel agrees to a corporate rights provision in CETA, voters in Germany know that the same powers would be extended to U.S. corporations too.
If Merkel is indeed beginning to worry about the huge backlash in Germany against TTIP thanks to the corporate sovereignty provision it contains -- the main bone of contention for many people -- she knows that she must also deal with it in CETA, too. That would make a request to open up the ISDS section at least plausible, even if it would be pretty dramatic at this late stage, especially given statements by the Canadian Prime Minister that CETA's ISDS is non-negotiable. However, Harper has a general election coming up in October this year, and might prefer to accept CETA without corporate sovereignty rather than risk losing the political prize of a trade agreement with Europe altogether by refusing to renegotiate on this critical point.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 10 February 2015 @ 10:20am

Terrorized Into Irrationality: UK Police Demand Names of Charlie Hebdo *Supporters*

from the confused?-you-will-be dept

It's been sad to watch the Charlie Hebdo story turn from a massive outpouring of solidarity with the victims to an opportunistic exploitation of the strong feelings it produced to attack the very freedoms that solidarity was celebrating. Just how bad things have become can be gauged from this story in the Guardian:

A British police force has apologised after an officer told a newsagent to hand over details of customers who purchased copies of the French satirical magazine Charlie Hebdo in the wake of the Paris terror attacks.

Wiltshire police confirmed that one of their officers visited a newsagent in Corsham, Wiltshire, to ask for the names of four customers who ordered the commemorative "survivors' issue" of the magazine.
Demanding the names of people who bought that commemorative issue clearly makes no sense: they were trying to support Charlie Hebdo, not attack it in any way. And yet the continued terrorization of the public -- by the authorities, that is, not by the so-called "terrorists" -- has induced a kind of irrationality that has apparently now spread to the police. Here's the official "explanation" of what happened:
A police officer visited a local shop and post office in Corsham to make an assessment of community tensions and, if appropriate, encourage the newsagent's owner to be vigilant. During this conversation the officer requested information about subscribers to the Charlie Hebdo magazine.
This is clearly creating a problem where none exists, purely because fear has become the default condition for society, resulting in heavy-handed and unnecessary interventions of the kind described above. At least the police force concerned seems to recognize this here:
Wiltshire police would like to apologise to the members of public who may be affected by this. Information relating to this specific incident has been permanently and securely disposed of.
That's welcome, but it's worrying and symptomatic of the situation today that a police officer could demand these names without being aware of the absurdity of doing so.

Update: It seems that this was not an isolated event.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

25 Comments | Leave a Comment..

Posted on Techdirt - 10 February 2015 @ 9:15am

How The Great Firewall Of China Caused A DDOS Attack In France

from the global-village dept

Many people outside China know about the country's Great Firewall, but probably assume it will have little, if any, impact on their own online activities. However, a fascinating post on Benjamin Sonntag's blog explains how one of the servers of La Quadrature du Net, the Paris-based digital freedom association he co-founded, and for which his company provides free hosting, was hit by distributed denial of service attacks (DDOS) caused directly by the Great Firewall's policies.

His blog post provides all the technical details: it turned out that the vast majority of the attacks were coming from Chinese IP addresses. Here's what seems to have happened:

China is censoring its Internet, that's well known

to do this, this country censors (among others) DNS [Domain Name System] queries in its network (and also censoring as a side effect, the rare Japanese, Korean or Taiwanese queries going through China)

when it answers a DNS query to a censored website, it answers with "any incorrect IP address" instead.
That is, instead of letting Chinese Net users access "forbidden" content, the Great Firewall generally re-directs them to some random, presumably harmless, site. But that wasn't happening here:
we see spikes of requests to websites censored in China coming to IP addresses such as those of La Quadrature du Net. Other people had this same issue : http://furbo.org/2015/01/22/fear-china/

So, the end story is that we just saw censored websites requests coming to La Quadrature du Net's IP address from China, due to how the Chinese Internet censorship is working!
Rather than pushing limited traffic to lots of sites, the Great Firewall was sending lots of traffic to just a few. Among the possible explanations for this new behavior, Sonntag offers two that are equally worrying:
Maybe one of the system administrator of the great firewall of China is gaining some small and quick money selling DDOS, selling Internet attacks to the highest bidder (in bitcoin? ;) ) and using that censorship system as a weapon

Maybe China chose a precise list of targets to send censored traffic to, adding to this technical "useful" process (the censorship) a "nice" one (putting down foreign opponents' websites)... La Quadrature du Net, as a digital freedom association, seems to be too nice a target (among others of course).
Neither is good news for sites in the West. Whatever the real reason for this DDOS attack on La Quadrature, it certainly shows that the operation of the Great Firewall of China can have very direct effects outside that country. Another reason, perhaps, for those in the West to pay closer attention to China's increasingly harsh approach to online censorship.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

16 Comments | Leave a Comment..

More posts from Glyn Moody >>