Glyn Moody’s Techdirt Profile

glynmoody

About Glyn MoodyTechdirt Insider




Posted on Techdirt - 5 March 2015 @ 9:03pm

Why Online Attacks By Nations Are Problematic: Enemies Can Learn From Your Digital Weapons, Then Turn Improved Versions Against You

from the that's-awkward dept

Last month, we wrote about a great discussion between Edward Snowden and Bruce Schneier that explored how offensive and defensive operations by national intelligence agencies had changed as they moved online, becoming much more intertwined. A new Snowden leak published by The Intercept confirms that the situation is even more complex, because adversaries can learn from digital attacks directed against them to create even better weapons, which they then use to counterattack:

The NSA is specifically concerned that Iran's cyberweapons will become increasingly potent and sophisticated by virtue of learning from the attacks that have been launched against that country. "Iran’s destructive cyber attack against Saudi Aramco in August 2012, during which data was destroyed on tens of thousands of computers, was the first such attack NSA has observed from this adversary," the NSA document states. "Iran, having been a victim of a similar cyber attack against its own oil industry in April 2012, has demonstrated a clear ability to learn from the capabilities and actions of others."
That's because, unlike traditional physical weapons used against enemy infrastructure, digital versions are not generally destroyed during an attack. One of their big advantages is that once they have infiltrated and infected a target system, they can continue to carry out surveillance or attacks over a long time period. But that also means they may eventually be discovered -- especially if they leak out -- allowing them to be studied and improved in a way generally not possible with traditional weapons. Those new versions can then be directed elsewhere, including against the original attacker.

So intelligence agencies find themselves in a difficult position. The more they carry out attacks using digital weapons, and the more sophisticated those tools, the greater the likelihood that adversaries will detect them, adapt them and then turn them back against the country that deployed them. It's probably too much to hope that this may cause such weapons to be used more sparingly....

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

3 Comments | Leave a Comment..

Posted on Techdirt - 5 March 2015 @ 12:35pm

Why Even Justified Criticisms Of GNU Privacy Guard Miss The Point

from the friend-in-need dept

Recently, there was something of a scare around GNU Privacy Guard (GPG), a "free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP)." An article on Propublica revealed that GPG was essentially the work of one person, who was running out of money. Just at the moment when we needed properly-implemented strong crypto most, it looked like the project was on the verge of collapse. Fortunately, that same article also succeeded in raising people's awareness of the situation, and enough money was pledged as a result to secure the future of GNU Privacy Guard, at least for the immediate future.

Now GPG is under attack again, and from a surprising quarter. Moxie Marlinspike is the pseudonym of a well-known computer security researcher. You might expect him to be pretty supportive of what GPG is doing, and yet in a recent blog post he is anything but uplifted when he receives encrypted email using it:

When I receive a GPG encrypted email from a stranger, though, I immediately get the feeling that I don't want to read it. Sometimes I actually contemplate creating a filter for them so that they bypass my inbox entirely, but for now I sigh, unlock my key, start reading, and -- with a faint glimmer of hope – am typically disappointed.
Here's why:
Eventually I realized that when I receive a GPG encrypted email, it simply means that the email was written by someone who would voluntarily use GPG. I don't mean someone who cares about privacy, because I think we all care about privacy. There just seems to be something particular about people who try GPG and conclude that it's a realistic path to introducing private communication in their lives for casual correspondence with strangers.

Increasingly, it’s a club that I don’t want to belong to anymore.
The rest of his interesting post goes on to describe the flaws of GPG. Basically, it is extremely hard to use, not widely deployed, and has turned into impenetrable, backward-looking code -- all of which are entirely reasonable criticisms. Marlinspike concludes:
GPG isn't the thing that's going to take us to ubiquitous end to end encryption, and if it were, it'd be kind of a shame to finally get there with 1990's cryptography. If there’s any good news, it's that GPG’s minimal install base means we aren't locked in to this madness, and can start fresh with a different design philosophy. When we do, let's use GPG as a warning for our new experiments, and remember that "innovation is saying 'no' to 1000 things."

In the 1990s, I was excited about the future, and I dreamed of a world where everyone would install GPG. Now I'm still excited about the future, but I dream of a world where I can uninstall it.
Again, those are all good points. And yet for all GPG's faults, and for all its failings, it seems somewhat ungrateful to berate it in these terms. I suspect that it has saved a good many people living in countries with oppressive and brutal regimes from arrest or worse; it has doubtless helped journalists to receive crucial information they might not otherwise have been sent, and to keep their sources safe; and it certainly made Snowden's revelations possible -- at least once Glenn Greenwald finally worked out how to install it. To say that it could have been better, or that its unintuitive approach may have prevented more people from using it misses the point, which is that in its own idiosyncratic way it was there when people really needed it, and that it did the job asked of it -- and for that, we should be hugely grateful, even while hoping that something better will come along soon.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

33 Comments | Leave a Comment..

Posted on Techdirt - 5 March 2015 @ 3:59am

New Anti-Corruption Social Network In Russia Requires Numerous Personal Details To Join: What Could Possibly Go Wrong?

from the how-secure-is-that-database? dept

As the murder of the opposition politician Boris Nemtsov last week reminds us, the political situation in Russia is not just difficult, but extremely dangerous. Presumably hoping that technology might offer a relative safe way to cope with this situation, a Russian NGO has announced that it will be launching a nationwide social network dedicated to fighting bribery and corruption. You might expect that anonymity would be a crucial aspect, given the risks faced by those who choose to join. And yet, as this RT article explains, that's not the case (via @prfnv):

the new project will have one major difference from existing social networks -- a complete lack of anonymity. Membership will only be granted by invitation from existing members, and even when this condition is met, the institute that launches the project promises to open accounts only after verifying the identity of potential members in real life.

The users will have to provide a lot of details about themselves -- from name and date of birth, to place of work, e-mail and phone numbers. The people launching the project say that this is a necessary measure to prevent attempted slander, which they see as the main danger threatening their network.
That people could use the network to spread false accusations is certainly a risk, but hardly the main danger, which is surely that those accused of corruption may decide to settle things in the same way as Nemtsov's enemies. Creating a network of anti-corruption activists and lawyers will make its membership database extremely desirable for many nefarious actors, who would doubtless find things like place of work and phone numbers useful for future attempts to "dissuade" people from coming forward with information about bribe-taking. Let's just hope the new social network's security advisers are really good.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

20 Comments | Leave a Comment..

Posted on Techdirt - 5 March 2015 @ 12:56am

European Governments Seeking To Water Down EU's Proposed Data Protection Legislation

from the disappointing-development dept

A major reform of the EU data protection rules has been grinding through the system for over three years now, subject to some of the fiercest lobbying yet seen in Europe. The original European Commission proposal was amended and accepted by the European Parliament in 2014, but leaked documents obtained by the European digital rights group EDRi show that the Council of the EU, which is made up of the member state governments, is trying to sabotage the new rules (pdf):

Since 2012, the European Commission and the European Parliament both have produced a text that, while not being perfect, would greatly benefit citizens and businesses, establishing a common set of rules for the whole EU and guaranteeing high standards for personal data protection. Unfortunately, within the Council of the EU, Member State governments are working to undermine this reform process. For more than three years, the Council has not only failed to show support for this reform and negotiations, but is now proposing modifications to the text that would lower down the existing level of data protection in Europe guaranteed by the Directive 95/46 and even below the standards required to be in line with the EU treaties.
That's taken from a detailed analysis of the documents by EDRi, Access, Panoptykon Foundation, and Privacy International. It provides a very clear explanation of the five main areas where the Council of the EU is seeking to undermine much of the hard work done over the last two years. Here's a summary of the issues:
According to the leaked proposals, crucial privacy protections have been drastically undermined, including the right to be asked for consent, the right to know how your data are used and the right to object to your data being used, minimum standards of behaviour for companies exploiting individuals' data. In several places, the text would not likely pass judicial scrutiny under Europe’s human rights framework.
This is a really disappointing development, and one that might prove hard to undo, as EDRi explains:
The Council is trying to complete its work by the summer, before negotiating with the Parliament on a compromise. Unless something is done urgently, the Council will simply complete its agreement, at which stage only an absolute majority of the European Parliament would be the only way of saving Europe's data protection reform.
And so the saga of the EU's new data protection rules continues.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

3 Comments | Leave a Comment..

Posted on Techdirt - 4 March 2015 @ 1:00am

Data Retention Enthusiast Says Those Against The Idea Just Want Everything 'Free Of Charge, Free Of Responsibility'

from the dirty-pirates dept

Arguments over whether internet connection metadata should be retained for law enforcement purposes are raging around the world, but nowhere more heatedly than in Australia, where a new law bringing in data retention is currently being rammed through parliament. This has provoked widespread criticism of the move as unnecessary, intrusive and ill thought-out. Defenses have been thinner on the ground, which makes this column in the Australian newspaper The Age particularly interesting. The author, David Wroe, seems to think that the problem is a failure to explain what's really going on here:

Plans to force telcos to keep people's phone and internet metadata for at least two years haven't been explained as thoroughly as they probably should, with the consequence that many Australians remain confused and vulnerable to excessive claims that their privacy is being trampled upon.
Well, it's certainly true that the Australian Attorney General George Brandis, who is responsible for bringing in the data retention law, was very confused when he was asked to explain metadata in a TV interview. But rather than dispelling that confusion by pointing to explanations of what metadata can do, Wroe simply makes the following claim:
A data retention regime of two years, with proper precautions around how that data it is accessed by authorities, is reasonable, proportionate and necessary.
No support is provided for that statement. That's not really surprising, because all the evidence we have is that data retention simply doesn't help. In Germany, for example, police records show that blanket data retention had no effect on crime statistics:
The national crime statistics recently published by Germany's Federal Crime Agency reveal that after the policy of blanket telecommunications data retention was discontinued in Germany due to a Constitutional Court ruling on 3 March, 2010, registered crime continued to decline (2007: 6,284,661; 2008: 6,114,128; 2009: 6,054,330; 2010: 5,933,278) and the crime clearance rate was the highest ever recorded (56,0%). Indiscriminate and blanket telecommunications data retention had no statistically relevant effect on crime or crime clearance trends.
In Denmark, police found that retaining huge quantities of internet connection data actually made things harder for them:
"Session logging has caused serious practical problems," the ministry's staffers write in the report. "The implementation of session logging proved to be unusable to the police; this became clear the first time they tried to use [the data] as part of a criminal investigation."
Leaving aside this inconvenient fact that there is no evidence that data retention helps, here's one of the author's arguments in its favor:
It is absurd to allow a situation in which police might need to establish whether one criminal suspect phoned or emailed another suspect last year only to find the telco has already wiped those records.
Not really: we don't expect DNA or fingerprints from the scene of a crime to be preserved years later. We hope they may be available soon afterwards, and in the same way there's no reason why the police might not ask ISPs to provide information about recent online activity of a suspect. But it is not reasonable to expect everything to be kept for years, just because it's possible -- not least because this allows the authorities to engage in fishing expeditions and thus apply the Cardinal Richelieu approach. There's also no reason why the police should not be required to obtain a warrant before doing so, despite what Wroe says:
Some have called for warrants to be required for accessing metadata. This would be too unwieldy.
Warrants have worked well enough in the past, so why discard them now in the digital field? Because they might put a brake on the routine use of stored metadata by the authorities? That's a feature, not a bug: it would help to ensure that its use were truly proportionate, unlike the system proposed by the Australian government. Here's another attempt to defend data retention:
Arguments that retention is pointless because ill-doers can use encryption programs to hide their identities, or because the regime won't capture overseas data – meaning Gmail, Hotmail and other US-based services are exempt – are silly. Nothing in a free society is foolproof; something is better than nothing.
But when that "something" is such a marginal improvement on nothing, and comes at such great cost -- both financially, in terms of the burden on ISPs and taxpayers, and socially, through the damage to the privacy and freedom of the public -- then it is hardly rational to proceed purely because it is "better than nothing," especially in the absence of any more compelling reasons.

As this indicates, the author's arguments in favor of data retention are weak; but what is most striking is his attack on those who defend their right to privacy, and dare to challenge the badly-planned rush to impose mass surveillance on Australians:
At the heart of the anti-retention argument is an attitude that everything to do with the internet should be free: free of charge, allowing unlimited downloading of pirated content, and free of responsibility, meaning that nothing we do on the web should be discoverable later on.
In other words, anyone against massive, disproportionate surveillance is probably just some kind of dirty copyright thief.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

28 Comments | Leave a Comment..

Posted on Net Neutrality Special Edition - 3 March 2015 @ 6:10am

Nokia CEO: We Have To Get Rid Of Net Neutrality, Otherwise Self-Driving Cars Will Keep On Crashing Into Each Other

from the not-just-packet-collisions dept

It would be an understatement to say that net neutrality has been in the news quite a lot recently. One of the supposed arguments against it is that requiring all data packets to be treated equally within a connection will prevent companies from offering us a cornucopia of "specialized services." The main example cited is for medical applications -- the implication being that if net neutrality is required, people are going to die. Speaking at the Mobile World Congress that is currently underway, Nokia's CEO Rajeev Suri has come up with a novel variation on that theme, as reported by CNET (via @AdV007):

Suri emphasises that self-driving cars need to talk over wireless networks fast enough to make decisions with the split-second timing required on the roads. "You cannot prevent collisions if the data that can prevent them is still making its way through the network", said Suri, discussing Nokia's drive toward instantaneous low-latency communication across the network.
Yes, according to Suri, there are going to be terrible pile-ups on the roads unless we get rid of net neutrality. Leaving aside the fact that low-latency communications across the internet will come anyway -- if there's one thing that's certain in the world of digital technology, it's that everything gets faster and cheaper -- there's another problem with this argument.

Self-driving cars that are so reliant on such guaranteed, high-performance networks are hardly going to be very resilient in real-life situations -- and certainly not the kind of system that the public will want to entrust with the lives of themselves and their families. If self-driving cars are to be widely accepted, one of their key features must be the ability to work safely even with the flakiest of internet connections. Suri's attempt to use this emerging technology as a weapon against net neutrality instead undermines the argument for self-driving cars themselves.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

102 Comments | Leave a Comment..

Posted on Techdirt - 3 March 2015 @ 1:06am

Is America About To Experience The Billion-Dollar Pain Of Corporate Sovereignty First Hand?

from the not-your-parents'-ISDS dept

Readers of Techdirt have been hearing about corporate sovereignty -- the ability of foreign investors to sue governments directly in special courts over alleged losses, also known as Investor-State Dispute Settlement (ISDS) -- for a while now. For others who have yet to discover this particular feature of so-called trade agreements, Senator Elizabeth Warren has a good, approachable summary of the key issues in a Washington Post opinion piece. In fact, it was clearly so good that the White House Blog felt obliged to try to rebut its main arguments (there's also a great point-by-point response to that response by the Cato Institute's Simon Lester.). The White House Blogt post, written by Jeff Zients, Director of the National Economic Council, pretty much concedes that the criticisms of ISDS are valid, but would have us believe that everything has been fixed now:

ISDS has come under criticism because of some legitimate complaints about poorly written agreements. The U.S. shares some of those concerns, and agrees with the need for new, higher standards, stronger safeguards and better transparency provisions. Through TPP and other agreements, that is exactly what we are putting in place.
There are two massive problems with that assurance. First, the extreme secrecy of the TPP negotiations means that we have no idea just how strong those "safeguards" are. And secondly, in some sense it doesn't even matter: companies can use the mere threat of an ISDS action to cast a chill over future regulatory action. That's why the following comment is true but misses the point:
The reality is that ISDS does not and cannot require countries to change any law or regulation.
The ability to use ISDS to discourage governments from introducing inconvenient laws or regulations is no mere theoretical fear. As this important 2001 article in The Nation explains:
Carla Hills, the US Trade Representative who oversaw the NAFTA negotiations for Bush I and now heads her own trade-consulting firm, was among the very first to play this game of bump-and-run intimidation. Her corporate clients include big tobacco -- R.J. Reynolds and Philip Morris. Sixteen months after leaving office, Hills dispatched Julius Katz, her former chief deputy at USTR, to warn Ottawa to back off its proposed law to require plain packaging for cigarettes. If it didn't, Katz said, Canada would have to compensate his clients under NAFTA and the new legal doctrine he and Hills had helped create [ISDS]. "No US multinational tobacco manufacturer or its lobbyists are going to dictate health policy in this country," the Canadian health minister vowed. Canada backed off, nevertheless.
Nor was that an isolated incident:
A former government official in Ottawa told me: "I've seen the letters from the New York and DC law firms coming up to the Canadian government on virtually every new environmental regulation and proposition in the last five years. They involved dry-cleaning chemicals, pharmaceuticals, pesticides, patent law.Virtually all of the new initiatives were targeted and most of them never saw the light of day."
Zients goes on to say that corporate sovereignty chapters are needed because foreign courts can't be trusted to provide justice:
U.S. investors often face a heightened risk of bias or discrimination when abroad.
But Warren already answered that with several extremely powerful points:
Countries in the TPP are hardly emerging economies with weak legal systems. Australia and Japan have well-developed, well-respected legal systems, and multinational corporations navigate those systems every day, but ISDS would preempt their courts too. And to the extent there are countries that are riskier politically, market competition can solve the problem. Countries that respect property rights and the rule of law — such as the United States — should be more competitive, and if a company wants to invest in a country with a weak legal system, then it should buy political-risk insurance.
Zients also tries to argue that since the US hasn't suffered as a result of ISDS cases in the past, it'll be fine in the future:
There have only been 13 cases brought to judgment against the United States in the three decades since we’ve been party to these agreements. By contrast, during the same period of time in our domestic system, individual and companies have brought hundreds of thousands of challenges against Federal, state, and local governments in U.S. courts under U.S. law.

We have never lost an ISDS case because of the strong safeguards in the U.S. approach. And because we have continued to raise standards through each agreement, in recent years we have seen a drop in ISDS claims, despite increased levels of investment.
But that line of reasoning ignores why there have been so few cases in the past: because corporate sovereignty provisions were mainly included to protect US investments in developing countries with weaker legal systems. By definition, such nations are unlikely to have the resources to make many or significant investments in the US, and therefore have few opportunities to use the ISDS system. That is what will change dramatically with TAFTA/TTIP, as this analysis by Public Citizen explains:
TAFTA would vastly expand the investor-state threat, given the thousands of corporations doing business in both the United States and EU that would be newly empowered to attack public interest policies. More than 3,400 EU parent corporations own more than 24,200 subsidiaries in the United States, any one of which could provide the basis for an investor-state claim. This exposure to investor-state attacks far exceeds that associated with all other U.S. "free trade" agreement partners.
In fact, the US may be about to find out about the modern reality of billion-dollar corporate sovereignty lawsuits, thanks to the 21-year-old NAFTA agreement, and the controversial Keystone XL project, which President Obama recently vetoed. Here's Politico's explanation of how corporate sovereignty could enter the equation:
President Barack Obama may decide to kill Keystone XL for good, but that could be no easy task -- thanks in part to the North American Free Trade Agreement.

The 21-year-old free-trade pact allows foreign companies or governments to haul the U.S. in front of an international tribunal to face accusations of putting their investments at risk through regulations or other decisions. The CEO of Keystone developer TransCanada has raised the prospect as a potential last resort if Obama rejects the $8 billion project, although for now the company is focused on getting him to say yes.

Administration officials involved in reviewing the proposed Canada-to-Texas pipeline are aware of the potential for a NAFTA challenge and the importance of minimizing that risk in the event the president rejects Keystone.
So even though the President retains full powers to reject Keystone, it’s easy to see how the threat of a billion-dollar ISDS lawsuit might encourage him to approve it anyway. That would offer the perfect demonstration of how corporate sovereignty chapters can interfere with democratic decision-making -- at even the highest levels.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

41 Comments | Leave a Comment..

Posted on Techdirt - 2 March 2015 @ 3:52am

Surveillance Software Company Gamma Found To Have Violated Human Rights; Receives Unprecedented Slap On The Wrist

from the critical-decisions dept

As Techdirt has reported on the increasingly active world of commercial spyware, one name in particular has cropped up several times: Gamma, with its FinFisher suite of spyware products. In October last year, we reported that Privacy International had filed a criminal complaint against the company with the National Cyber Crime Unit of the UK's National Crime Agency. There's no update on that move, but it seems that a parallel action has had more success (pdf):

British-German surveillance company Gamma has been condemned by a human rights watchdog for its failure to adhere to human rights and due diligence standards, after a two year investigation into the company's sale of surveillance technology to Bahrain.
Here's what Privacy International says was happening in Bahrain:
The complaint alleged that Gamma sold its notorious FinFisher intrusion software product to Bahrain as early as 2009, after which time it was used by the Bahraini government to violate the human rights of three Bahraini nationals and human rights activists, Ala'a Shehabi, Husain Abdulla and Shehab Hashem.
You're probably wondering what the penalty is if you are found in breach of human rights in this way -- clearly a serious matter. Well, here it is:
The Organisation for Economic Cooperation and Development’s UK National Contact Point (“"CP") concluded today that Gamma International should make changes to its business practices in order to ensure that in the future it respects the human rights of those affected by the surveillance technologies it sells.
Yes, you are told to do better next time. However, looking at things more positively, Privacy International points out:
Today's decision is the first time that the OECD has found a companies selling surveillance technologies to be in violation of human rights guidelines, and one of the most critical decisions ever issued by the OECD. In it, the NCP sets out in strong terms that Gamma has no human rights policies and due diligence processes that would protect against the abusive use of its products.
In other words, just as with the recent court victories against the UK government over its surveillance activities, what's important here is not so much the punishment -- or lack of it -- as the fact that for the first time a company selling invasive surveillance tools was condemned in this way. At the very least, it puts such companies on notice that they are being watched and will be hauled up before these kind of bodies for public shaming. Well, it's a start.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

45 Comments | Leave a Comment..

Posted on Techdirt - 27 February 2015 @ 2:44pm

We Now Know The NSA And GCHQ Have Subverted Most (All?) Of The Digital World: So Why Can't We See Any Benefits?

from the less-is-more dept

As Mike pointed out recently, thanks to Snowden (and possibly other sources), we now know the NSA, with some help from GCHQ, has subverted just about every kind of digital electronic device where it is useful to do so -- the latest being hard drives and mobile phones. That's profoundly shocking when you consider what most non-paranoid observers thought the situation was as recently as a couple of years ago. However, given that's how things stand, there are a couple of interesting ramifications.

First, that the recent attempts by politicians to demonize strong encryption look like an attempt to cover up the fact that most digital systems are already vulnerable using one or more of the techniques that have been revealed over the last year or two. That is, the NSA and GCHQ can probably access most digital content stored or transmitted in any way -- either because the encryption itself or the end-points have been compromised. Even standalone strong encryption systems like PGP -- thought still to be immune to direct attacks -- can be circumvented by breaking into the systems on which they are used.

Perhaps the dark hints that encryption could be banned or backdoored are simply part of a cynical ploy to present such an appalling vision of what could happen, that we gladly accept anything less extreme without complaint. In fact, the authorities have no intention of attempting anything so stupid -- it would put all online business at risk -- because they don't need to: they already have methods to access everything anyway.

That being the case, there is another important question. If the NSA and other parties do have ways of turning practically every digital electronic device into a system for spying on its users, that essentially means there is no criminal organization in the world -- ranging from the so-called "terrorist" ones that are used to justify so much bad policy currently, to the "traditional" ones that represent the bulk of the real threat to society -- that is not vulnerable to being infiltrated and subverted by government agencies.

And yet we don't see this happen. Drug cartels thrive; people trafficking is surging; the smuggling of ivory and endangered animals is profitable as never before. Similarly, despite the constant and sophisticated monitoring of events across the Middle East, the rise of Islamic State evidently took the US and its allies completely by surprise. How is it that global criminality has not been brought to its knees, or that such massive geopolitical developments were not picked up well in advance -- and nipped in the bud?

One obvious explanation for this pattern is that just as the attackers of London, Boston, Paris and Copenhagen were all known to the authorities, so early tell-tale signs of the rise of Islamic State were detected, but remained drowned out by the sheer volume of similar and confounding information that was being gathered. Similarly, it is presumably easy to create huge stores of information on drug bosses or people smugglers -- but hard to find enough personnel to analyze and act on that data mountain.

Now that we have a better idea of the extraordinary reach of the global surveillance being carried out at all times, the failure of that activity to make us safer by countering criminal activity, at whatever scale, becomes all the more striking. It's time the intelligence agencies accepted that the "collect it all" approach is not just failing, but actually exactly wrong: what we need is not more surveillance, but much less of it and much better targeted.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

61 Comments | Leave a Comment..

Posted on Techdirt - 27 February 2015 @ 1:00am

After Open Source, Open Access, Open Data And The Rest, Here Comes The Open Jihad

from the massively-parallel-codevelopment dept

Even to those of us who are not experts in foreign policy, it is obvious that the security situation is deteriorating across a huge swathe of the Near East and Africa, as attacks in Afghanistan, Iraq, Syria, Yemen, Egypt, Libya, Nigeria, Cameroon and elsewhere multiply. Western analysts seem to be struggling to come up with a cogent explanation for this increasing success. That makes this short but illuminating post by John Robb particularly valuable. He describes what is happening across this vast area as the "open jihad." Here are its key characteristics:

Open jihad evolves (gets better) through massively parallel co-development. All of the groups in the open jihad, no matter how small (even down to individuals), can contribute. They do this by:

1. tinkering with tactics, strategies, and technologies that can be used to advance the open jihad.

2. testing the efficacy of these innovations by using them against the enemy. In other words, throwing them against the wall to see what sticks.

3. copying the innovations that work.
These are also some of the key features of open source -- hence the name "open jihad." Their appearance in the context of international violence is a reminder that they are not limited to the digital world, with things like open source, open access, open data and all the other "opens," but are a set of very general principles for producing extremely rapid innovation in any domain. That might provide a clue to governments struggling to deal with this growing threat to stability that they ought to try something similar, rather than resorting to traditional responses that are doomed to fail when dealing with a new kind of enemy.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

64 Comments | Leave a Comment..

Posted on Techdirt - 26 February 2015 @ 9:23am

Despite Lack Of Evidence It Will Help, Australia Still Planning To Bring In Data Retention, Still Not Clear If It Could Be Used Against Copyright Infringement

from the learning-the-hard-way dept

Last year, we noted that one danger of bringing in data retention in Australia is that stored metadata might end up being used for all kinds of purposes that have nothing to do with fighting "terrorism," its principal justification. One particular concern is that it could be used to hunt for people downloading files illegally. Several months later, the signals are still very mixed. On the one hand, we have the following, as reported by the Guardian:

Authorities are not interested in using the Abbott government's proposed data retention scheme to go after internet pirates and would be prevented from doing so by the commonwealth ombudsman, the assistant commissioner of the Australian federal police, Tim Morris, has said.

Morris also said any changes to the way metadata is collected and used would have to be approved by the ombudsman.

But that guarantee is less than watertight because of the following:
The ombudsman, Colin Neave, has told Guardian Australia his office would not play a formal oversight role in the scheme and would give advice only at the attorney general’s discretion.
The Greens senator Scott Ludlam, noted that the ombudsman's oversight provided only "weak" protection against function creep, and that the public could not therefore depend on Morris’s assurances that the scope of the scheme would not expand in the future.

Whether or not stored metadata will be used against copyright infringement may be in doubt, but it seems that the Australian government's intention to bring in data retention is not, despite the fact that when asked on multiple occasions for evidence the move was justified, it has been unable to provide any. That's not really surprising given the Danish experience that keeping this kind of data didn't help, and may actually have hindered police investigations. Sadly, it looks like Australia is determined to discover this fact the hard and expensive way.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

18 Comments | Leave a Comment..

Posted on Techdirt - 25 February 2015 @ 8:59pm

Should Open Source Intelligence Be Used For Policy Making?

from the transparent-and-verifiable dept

Last summer, we wrote about the rise of open journalism, whereby people take publicly-available information, typically on social networks, to extract important details that other, more official sources either overlook or try to hide. Since then, one of the pioneers of that approach, Eliot Higgins, has used crowdfunding to set up a site called "Bellingcat", dedicated to applying these techniques. Principal themes there include the shooting down of Malaysian Airlines Flight 17 (MH17), and the civil war in Syria.

Higgins recently published a post on the blog of the Policy Institute at King's College, London, in which he suggested that such open source intelligence (OSINT) could be used for formulating policy in situations where traditional sources of information are limited:

In recent years, content shared via social media from conflict war zones has allowed us to gain a far deeper understanding of the on-the-ground realities of specific conflicts than previously possible. This presents a real opportunity for providing robust evidence which can underpin foreign and security policymaking about emerging, or rapidly escalating, conflict zones.
He cites his own group's work on the shooting-down of the MH17 flight as an example, noting some of the advantages and challenges:
Our research on the Buk missile launcher demonstrates that not only is there a wealth of largely untapped information available online and especially on social media, but also that a relatively small team of analysts is able to derive a rich picture of a conflict zone. Clearly, research of this kind must be underpinned by an understanding of the way in which content is being produced, who is sharing it, and, crucially, how to verify it -- and these are methodological challenges which need to be addressed systematically.
That call for open source information to be used more widely has now been echoed by two researchers at the International Centre for Security Analysis, also at King's College -- not surprisingly, perhaps, since they too use this technique in their work:
There is a powerful case for incorporating OSINT approaches to evidence-based policymaking. In the first place, evidence produced by OSINT methods can be both robust and rigorous, not least because it can be underpinned by extensive datasets. And in the second, it has the potential to be both transparent and verifiable; all open source evidence is, by definition, based on data that is publicly (and often freely) available.
However, they note that so far the uptake of such methods to inform policy-making has been very limited. Here's why:
At the heart of the problem is the fact that OSINT approaches are still relatively 'young' and, all too often in our experience, lack the rigour and reliability needed to underpin effective policymaking.
To overcome those issues, they suggest that practitioners of OSINT should develop more reliable open intelligence tools and methods, and should communicate better the advantages of this approach. They also urge policy makers to take open source intelligence into consideration as an additional form of evidence, but given the conservatism and risk aversion in these circles, I imagine it will take some time before that happens.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

12 Comments | Leave a Comment..

Posted on Techdirt - 25 February 2015 @ 12:54am

Facebook's Updated Privacy Policy Breaches EU Law, Belgian Study Claims; Other Countries Investigating

from the must-try-harder dept

Europeans have a rather ambivalent attitude to Facebook. On the one hand, millions of them love using it. On the other, many people are worried about the huge stores of personal information it is building up on its users -- and what it does with it. This has led to various attempts by the Austrian Max Schrems to find out what Facebook knows about him -- and to establish whether its handling of his data is compliant with EU data protection laws. Separately from those efforts, the Belgian privacy commission has been investigating Facebook's privacy policy. It asked researchers at a pair of local universities to provide an analysis. Here's what they found, as reported by the Guardian:

A report commissioned by the Belgian privacy commission has found that Facebook is acting in violation of European law, despite updating its privacy policy.

Conducted by the Centre of Interdisciplinary Law and ICT at the University of Leuven in Belgium, the report claimed that Facebook's privacy policy update in January had only expanded older policy and practices, and found that it still violates European consumer protection law.
The report runs to over 60 pages (pdf). The key findings are as follows:
To be clear: the changes introduced in 2015 weren't all that drastic. Most of Facebook's "new" policies and terms are simply old practices made more explicit. Our analysis indicates, however, that Facebook is acting in violation of European law. First, Facebook places too much burden on its users. Users are expected to navigate Facebook's complex web of settings (which include "Privacy", "Apps", "Adds", "Followers", etc.) in search of possible opt-outs. Facebook's default settings related to behavioural profiling or Social Ads, for example, are particularly problematic. Moreover, users are offered no choice whatsoever with regard to their appearance in "Sponsored Stories" or the sharing of location data. Second, users do not receive adequate information. For instance, it isn't always clear what is meant by the use of images "for advertising purposes". Will profile pictures only be used for "Sponsored Stories" and "Social Adverts", or will it go beyond that? Who are the "third party companies", "service providers" and "other partners" mentioned in Facebook's data use policy? What are the precise implications of Facebooks' extensive data gathering through third-party websites, mobile applications, as well recently acquired companies such as WhatsApp and Instagram?
Unfortunately for Facebook, this is just the start of a much wider investigation across Europe:
The Belgian Privacy Commission is also part of a European task force, which includes data protection authorities from the Netherlands, Belgium and Germany. [Leuven University's] ICRI/CIR and [Vrije Universiteit Brussel's] iMinds-SMIT will continue to support the Privacy Commission in the context of its investigation and future updates to the report will also be shared with their German and Dutch colleagues.
The Guardian notes that other European groups are scrutinizing Facebook's privacy policy:
Facebook is already being investigated by the Dutch data protection authority, which asked Facebook to delay rollout of its new privacy policy, and is being probed by the Article 29 working party formed of data regulators from individual countries across Europe, including the UK’s Information Commissioner’s Office.
Looks like Facebook has a busy few years ahead of it -- and what applies to Facebook is also likely to apply to a host of other companies that offer online services based on gathering large amounts of personal data in Europe.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

7 Comments | Leave a Comment..

Posted on Techdirt - 24 February 2015 @ 1:41pm

Head Of UK Parliamentary Committee Overseeing Intelligence Agencies Resigns After Being Caught In Sting

from the a-question-of-trust dept

The UK government's response to Snowden's leaks has been twofold: that everything is legal, and that everything is subject to rigorous scrutiny. We now know that the first of these is not true, and the second is hardly credible either, given that the UK's main intelligence watchdog has only one full-time member. There's one other main oversight body, the UK's Intelligence and Security Committee of Parliament (ISC), which is tasked with examining:

the policy, administration and expenditure of the Security Service, Secret Intelligence Service (SIS), and the Government Communications Headquarters (GCHQ).
The ISC was criticized as part of a larger condemnation of intelligence oversight by another UK Parliament committee. The head of the ISC, Sir Malcolm Rifkind, was reported by the Guardian as dismissing those criticisms as "old hat," as if that somehow made them acceptable. Rifkind has now been caught up in a rather more serious row, which involves reporters from the UK's Channel 4 and The Telegraph newspaper posing as representatives of a Chinese company:
PMR, a communications agency based in Hong Kong was set up, backed by a fictitious Chinese businessman. PMR has plenty of money to spend and wants to hire influential British politicians to join its advisory board and get a foothold in the UK and Europe.
Here's what Channel 4 and the Telegraph allege happened in their meeting with Rifkind:
Sir Malcolm also claimed he could write to a minister on behalf of our company without saying exactly who he was representing

Sir Malcolm added that he could see any foreign ambassador in London if he wanted, so could provide 'access' that is 'useful'
Rifkind said that he was "self-employed" -- in fact, he is a Member of Parliament, and receives a salary of £67,000 per year -- and that his normal fee was "somewhere in the region of £5,000 to £8,000" for half a day's work. There's no suggestion that Rifkind made any reference during the sting to his role as head of the ISC, but that's not really the point. He was offering a Chinese company access to influential people purely because he would get paid to do so, and that is surely not the kind of person you would want to grant the high-level security clearance Rifkind enjoys.

Then there is the question of what happens when Rifkind leaves Parliament: as Techdirt noted back in 2012, politicians can earn huge amounts of money by going to work as lobbyists, drawing on their contacts to ease the path for legislation or contracts or whatever. According to the disgraced lobbyist Jack Abramoff, merely letting politicians know that a job as lobbyist was waiting for them if they wanted it can be enough to shift their loyalties. That would be hugely troubling if it concerned someone occupying such a sensitive position as Rifkind.

After initially being suspended from the Conservative party, pending a disciplinary review, Rifkind has now resigned as chairman of the ISC, and announced that he will not be a candidate for re-election in the UK's general election later this year. He probably decided to fall on his sword in an attempt to spare the UK government further embarrassment, but his move will do little to bolster the dwindling credibility of the ISC, or the repeated claim that there are no problems with oversight of UK intelligence services.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

19 Comments | Leave a Comment..

Posted on Techdirt - 24 February 2015 @ 1:11am

Digital Rights Group And ISPs Bring Legal Challenge Against New French Surveillance Law

from the just-the-beginning dept

As we've been reporting, seemingly hopeless legal challenges to UK surveillance have already notched up two wins, and revealed previously secret details about what has been going on. Now the French digital rights group La Quadrature du Net (LQDN) is taking the same approach in France:

Together with FFDN, a federation of community-driven non-profit ISPs, La Quadrature du Net is bringing a legal action before the French Council of State against a decree on administrative access to online communications metadata. Through this decree, it is a whole pillar of the legal basis for Internet surveillance that is being challenged. This appeal, which builds on the European Union Court of Justice's recent decision on data retention, comes as the French government is instrumentalizing last month's tragic events to further its securitarian agenda, with an upcoming bill on intelligence services.
LQDN is referring to the fact that in December 2014, the French government quietly passed an executive decree bringing in controversial surveillance measures that were passed by the French parliament a year before -- more details are given in LQDN's post. This is the first legal challenge carried out directly by La Quadrature du Net, but is unlikely to be the last:
Eventually, this legal challenge will make it possible not only to formally refer the issue to the Constitutional Council, since the [new surveillance law] never underwent a constitutionality check, but also to confront existing French Law with the [Court of Justice of the EU] and the [European Court of Human Rights]'s case laws.
In other words, even if the present challenge before the French Council of State fails, there are further legal avenues that can be explored afterwards, which makes the likelihood that at least one of them will be successful much higher.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

9 Comments | Leave a Comment..

Posted on Techdirt - 20 February 2015 @ 6:16am

Humiliating Admission By UK Government That Yet More Of Its Surveillance Was Unlawful

from the well,-not-*completely*-legal dept

A couple of weeks ago, we reported on a small but important defeat for the UK government when the Investigatory Powers Tribunal (IPT) ruled that intelligence sharing between the NSA and GCHQ was unlawful. Now, in a sign that the cracks in the UK's impenetrable silence on its surveillance activities are beginning to spread, the Guardian reports on the following surprising development:

The regime under which UK intelligence agencies, including MI5 and MI6, have been monitoring conversations between lawyers and their clients for the past five years is unlawful, the British government has admitted.
Here's why the UK government has suddenly started owning up to these misdeeds:
The admission that the regime surrounding state snooping on legally privileged communications has also failed to comply with the European convention on human rights comes in advance of a legal challenge, to be heard early next month, in which the security services are alleged to have unlawfully intercepted conversations between lawyers and their clients to provide the government with an advantage in court.
Remarkably, the confession has brought with it an unprecedented explanatory statement:
"In view of recent IPT judgments, we acknowledge that the policies adopted since [January] 2010 have not fully met the requirements of the ECHR, specifically article 8 (right to privacy). This includes a requirement that safeguards are made sufficiently public.

"It does not mean that there was any deliberate wrongdoing on their part of the security and intelligence agencies, which have always taken their obligations to protect legally privileged material extremely seriously. Nor does it mean that any of the agencies' activities have prejudiced or in any way resulted in an abuse of process in any civil or criminal proceedings."
This surprise admission shows once again the value of taking legal action against government surveillance, even when the odds of succeeding seem slim. Twice now the UK has revealed details purely as a result of challenges. Perhaps even more importantly, twice now the UK government's standard response to leaks -- that it wouldn't confirm or deny anything, but the British public could rest assured that whatever may have happened was completely legal -- has been shown to be false.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

29 Comments | Leave a Comment..

Posted on Techdirt - 20 February 2015 @ 1:05am

Cerf Warns Of A 'Lost Century' Caused By Bit Rot; Patents And Copyright Largely To Blame

from the and-he-should-know dept

According to his online biography, Vint Cerf is:

Vice president and Chief Internet Evangelist for Google. He is responsible for identifying new enabling technologies and applications on the Internet and other platforms for the company.
That suggests someone whose main job is to look forward, rather than back, and with a certain optimism too. But an article in the Guardian reports on a speech he gave in which he is not only concerned with the past of online technologies, rather than their future, but is also issuing an important warning about their fatal flaws:
Humanity's first steps into the digital world could be lost to future historians, Vint Cerf told the American Association for the Advancement of Science's annual meeting in San Jose, California, warning that we faced a "forgotten generation, or even a forgotten century" through what he called "bit rot", where old computer files become useless junk.
Of course, he's not the first person to raise that issue -- Techdirt wrote about this recently -- but Cerf's important contributions to the creation of the Internet, and his current role at Google, lend particular weight to his warning. That said, the Guardian article seems to miss the central reason all this is happening. It's not that it's really hard to create emulators to run old programs or open old files. The real issue is tucked away right at the end of the article, which quotes Cerf as saying:
"the rights of preservation might need to be incorporated into our thinking about things like copyright and patents and licensing. We're talking about preserving them for hundreds to thousands of years," said Cerf.
The main obstacles to creating software that can run old programs, read old file formats, or preserve old webpages, are patents and copyright. Patents stop people creating emulators, because clean-room implementations that avoid legal problems are just too difficult and expensive to carry out for academic archives to contemplate. At least patents expire relatively quickly, freeing up obsolete technology for reimplementation. Copyright, by contrast, keeps getting extended around the world, which means that libraries would probably be unwilling to make backup copies of digital artefacts unless the law was quite clear that they could -- and in many countries, it isn't.

Once again, we see that far from promoting and preserving culture, intellectual monopolies like patents and copyright represent massive impediments that may, as Cerf warns, result in vast swathes of our digital culture simply being lost forever.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

21 Comments | Leave a Comment..

Posted on Techdirt - 19 February 2015 @ 4:08am

If You Care About The Environment In Canada, You May Be Targeted As An 'Anti-Petroleum Extremist'

from the muzzling-dissent-again dept

As Techdirt has been warning for some time, one of the dangers with the flood of "anti-terrorist" laws and powers is that they are easily redirected against other groups for very different purposes. A story in the Globe and Mail provides another chilling reminder of how that works:

The RCMP [Royal Canadian Mounted Police] has labelled the "anti-petroleum" movement as a growing and violent threat to Canada's security, raising fears among environmentalists that they face increased surveillance, and possibly worse, under the Harper government's new terrorism legislation.
As the Globe and Mail article makes clear, environmentalists are now being considered as part of an "anti-petroleum" movement. That's not just some irrelevant rebranding: it means that new legislation supposedly targeting "terrorism" can be applied.
The legislation identifies "activity that undermines the security of Canada" as anything that interferes with the economic or financial stability of Canada or with the country's critical infrastructure, though it excludes lawful protest or dissent. And it allows the Canadian Security and Intelligence Service to take measures to reduce what it perceives to be threats to the security of Canada.
Clearly, that's an incredibly broad definition, and would apply to just about any environmental or social movement -- especially since even the most peaceful protests are often considered "illegal." That, in its turn would allow Canada's security agencies to collect information on these groups, and "disrupt" them. What's also troubling about the leaked RCMP "intelligence assessment" that forms the source for the Globe and Mail story is the very clear political position it seems to be taking on fossil fuels and climate change:
The report extolls the value of the oil and gas sector to the Canadian economy, and adds that many environmentalists "claim" that climate change is the most serious global environmental threat, and "claim" it is a direct consequence of human activity and is "reportedly" linked to the use of fossil fuels.
That sounds more like something that would come from the oil and gas industries' marketing departments, rather than from a country's impartial police force. However, as Techdirt has reported before, the current Canadian government has been muzzling other groups that dare to disagree with its policies, especially on climate change, for some time. Redefining environmentalists as anti-petroleum extremists is clearly part of the same repressive approach.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

43 Comments | Leave a Comment..

Posted on Techdirt - 19 February 2015 @ 1:01am

Is Arduino Heading Towards The First Open Hardware Fork?

from the adventure-continues dept

Although Arduino has figured a few times here on Techdirt in the DailyDirt section, it's not very well-known outside the world of open hardware, where it was one of the pioneers (its reference designs are distributed under a CC-BY-SA license, and all of its software under the GNU GPL or LGPL). One sad sign that Arduino has arrived is that there is currently a falling out between some of the founders (original in Italian), partly over the rising monetary stakes involved.

The Italian company set up by one founder, Gianluca Martino, has been the main supplier of Arduino products for years -- the open hardware license allows others to make them, too, but not to claim that they are "official." Originally called Smart Projects, it has now renamed itself Arduino Srl, and taken on a new CEO with the aim of growing sales and taking the company public in a few years' time. That hasn't gone down too well with perhaps the best-known of the founders, Massimo Banzi, who oversees the development of the whole Arduino project, and heads up the Swiss-based company Arduino Sa, a subsidiary of the main Arduino Llc, registered in Massachusetts.

Alongside the original Arduino site arduino.cc, Martino's company has now created arduino.org, with a similar color scheme, and the motto "the adventure continues." Both Martino and Banzi say they are discussing partnerships with other manufacturers -- Martino with Bosch and Panasonic, Banzi with Intel -- with a view to selling more Arduino boards around the world (original in Italian). Inevitably, perhaps, the two factions are fighting each other in lawsuits.

However those suits are decided, it seems possible that there will be some kind of fork of Arduino, with the two rival camps claiming to be the true heirs of the original project. That's common enough in the world of open source software, but this will probably be the first time it has happened in the open hardware field.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 18 February 2015 @ 9:31am

China To Require Real-Name Registration For Online Services And Bans On Parody Accounts

from the boring-but-not-necessarily-effective dept

China has been trying for some time to clamp down on the Internet, in an attempt to prevent it from being used in ways that threaten the authorities' control. Since the appointment of China's new leader, Xi Jinping, the situation has deteriorated -- China Digital Times speaks of the "new normal" of sharpened control. Here's yet another move to that end, as reported by Reuters:

China will ban from March 1 internet accounts that impersonate people or organizations, and enforce the requirement that people use real names when registering accounts online, its internet watchdog said on Wednesday.
The ban on parody accounts might seem strange, but is likely to have quite an impact on China's online culture:
The ban on impersonations includes accounts that purport to be government bodies, such as China's anti-corruption agency and news organizations like the People's Daily state newspaper, as well as accounts that impersonate foreign leaders, such as U.S. President Barack Obama and Russia's Vladimir Putin, the Cyberspace Administration of China (CAC) said on its website.

Many users of social media create parody accounts of prominent figures and institutions to poke fun at them.
However, once users have registered their real names, they will be permitted to use nicknames, as the new regulation explains:
Internet information service providers shall, according to the principle of "real name backstage, voluntary choice front stage”, demand Internet information service users to register accounts after undergoing real identity information authentication.

Internet information service users shall, when registering accounts, conclude an agreement with the Internet information service provider, and commit to respect the seven baselines of laws and regulations, the Socialist system, the national interest, citizens' lawful rights and interest, the public order, social moral customs and the veracity of information.
That comes from China Copyright and Media's complete translation of the new CAC regulation. Here are the rather stringent rules that apply when choosing an online nickname:
The Internet user account name registered and used by any body or individual may not contain the following elements:

(1) content violating the provisions of the Constitution, laws or regulations;

(2) content violating national security, leaking State secrets, subverting the national regime, or destroying national unity;

(3) content harming the honour and interests of the State, or harming the public interest;

(4) content inciting ethnic hatred or ethnic discrimination, or destroying ethnic unity;

(5) content destroying State religious policies, propagating heresy or feudal superstition;

(6) content disseminating rumours, disrupting social order, or destroying social stability;

(7) content disseminating obscenity, sex, gambling, violence, murder, terror or instigating crime;

(8) content defaming or slandering others, or infringing others’ lawful rights and interests;

(9) other content prohibited by laws and administrative regulations.
That's obviously a pretty comprehensive list, and might suggest that the Chinese Internet is doomed to become totally boring -- and completely censored. That may be the authorities' intention, but it's worth bearing in mind that this is not the first time that the Chinese government has attempted to impose real-name registration online.

A fascinating series of five articles on the Fei Chang Dao site details how similar campaigns to tame the online world have been introduced many times since 2003, evidently without much success. Although the current crackdown on Internet freedom certainly appears more serious than earlier ones, it remains to be seen whether the Chinese authorities manage to impose real-name registration on all services, or whether this will turn out to be just the latest in a long string of failures.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

15 Comments | Leave a Comment..

More posts from Glyn Moody >>