Archive | February, 2015

Free speech – a matter of terms and conditions?

This week we learned that Google is banning sexually explicit content from its blogging platform, Blogger. As a private company Google can have any rules, terms and conditions they want for their services. And they should and must have that right. Even so, this is problematic.

My Swedish blog is on Blogger. And I must ask myself — if Google introduce rules against sex and nudity, what will come next? Will it be OK to criticise or mock religion? Will it be OK to argue for legalisation of certain drugs? Will it be OK to use the blog to make information from “illegal” whistleblowers public?

In Bloggers terms and conditions Google states that you cannot blog on certain topics / in certain ways. Among other things they mention hate speech (a tricky definition, depending on who you ask), crude content (what about proof of war crimes?), copyright infringements (often used to curb inconvenient information) and illegal activities (a tricky one when governments are trying to keep their dirty little secrets under wraps by going after the messenger).

This is not just about Blogger / Google. Similar T&C can be found at most social networks, in agreements with internet service providers and others. This is problematic in several ways…

  • When a platform is dominant (like Google, Facebook and Twitter) their corporate policy against certain content can lead to a de facto censorship –as banned information will have difficulties reaching a wide audience by other channels.
  • It gets really scary when private companies value their relations with the government so high that they are willing to assist in going after people that officials have difficulties in blocking by legal means. (E.g. when Visa, MasterCard, PayPal and Bank of America decided to give the US government a hand in cutting the funding to Wikileaks.)
  • As a user, I’m uncomfortable with having moral (and other) standards decided for me by corporate lawyers and board members personal values and hang-ups. This will give rise to self-censorship and it will inhibit creativity. And such standard may often be overly anxious and uptight as the companies tries to please everybody.

But I’m not sure what to do about this. Saying that social net platforms should accept everything that’s legal doesn’t work — as this will vary from country to country and as many jurisdictions have absurd bans on free speech. And as a blogger your purpose often is to dispute what is deemed illegal.

In the words of HL Mencken…

The trouble with fighting for human freedom is that one spends most of one’s time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all.

Another idea might be to start alternatives to Facebook, Google & Co. A huge project, for sure. Without any guarantee for success. I fear most people simply don’t care.

This blog is a privately hosted WordPress blog, which is a solution when it comes to blogging. But the threat against free speech online goes far beyond just blogging.

This is a discussion to be continued.

On a final note: It’s puzzling that Google bans sexually explicit content from Blogger — when a simple Google picture search on such matters will produce the most esoteric results.

/ HAX

Read more: Engadget — Google’s banning sexually explicit content from its blogging platform »

1

Edward Snowden on the balance of power between the governing and the governed

We can devise means, through the application and sophistication of science, to remind governments that if they will not be responsible stewards of our rights, we the people will implement systems that provide for a means of not just enforcing our rights, but removing from governments the ability to interfere with those rights.

You can see the beginnings of this dynamic today in the statements of government officials complaining about the adoption of encryption by major technology providers. The idea here isn’t to fling ourselves into anarchy and do away with government, but to remind the government that there must always be a balance of power between the governing and the governed, and that as the progress of science increasingly empowers communities and individuals, there will be more and more areas of our lives where—if government insists on behaving poorly and with a callous disregard for the citizen—we can find ways to reduce or remove their powers on a new—and permanent—basis.

Our rights are not granted by governments. They are inherent to our nature. But it’s entirely the opposite for governments: their privileges are precisely equal to only those which we suffer them to enjoy.

Read more: Edward Snowden’s Libertarian Moment: We “will remove from governments the ability to interfere with [our] rights” »

0

When censorship meets mass surveillance

Censorship is nothing unique to old fashioned dictatorships. There are lots of things that you are not allowed to say in todays western democracies.

In many countries you are not allowed to deny certain historic events and certain war crimes in public. Some countries have laws against blasphemy. In some you can not make statements that may be perceived as supportive for certain ideologies or militant organisations. In a few countries you may not be overly positive about homosexuality in public. In others you may not be offensive on HBTQ matters. And most countries have laws against hate speech — that are especially troublesome, as they give certain groups and individuals special rights.

Until recently, the red line was drawn where you made a public speech, published a newspaper article or distributed a leaflet or a poster. But today it has become more complicated.

Should a tweet be considered a public statement? A Facebook post? An Instagram picture? An e-mail on a mailing list? A G+ post to your personal circle of friends?

To complicate things further, the Internet knows no boarders. What is legally published in one country can be read — and illegal — in another.

With mass surveillance you must assume that the government is picking up on everything you do on your computer, smartphone or tablet. If the government wants to know what you are up to, it will know. This might lead to operations like in France recently, where the authorities have been trawling social media for people who might have defended terrorism in one way or another.

There are even cases in Britain where personal SMS/text messages have  been enough for the police to knock on the door, asking people what they are up to.

Censorship and mass surveillance is a particularly bad combination. It will create a mental Panopticon.

/ HAX

1

Hot air from Washington on encryption (and a rather chaotic summit on extremism)

US president Barack Obama has been expected to present his policy on encryption for some time now. And, finally, he did. Kind of. Or not.

Ars Technica reports…

“I think the only concern is… our law enforcement is expected to stop every plot. Every attack. Any bomb on a plane. The first time that attack takes place, where it turns out we had a lead and couldn’t follow up on it, the public’s going to demand answers. This is a public conversation that we should be having,” Obama said in a Friday interview with Re/Code. “I lean probably further in the direction of strong encryption than some do inside law enforcement. But I am sympathetic to law enforcement, because I know the kind of pressure they’re under to keep us safe. And it’s not as black and white as it’s sometimes portrayed. Now, in fairness, I think those in favor of air tight encryption also want to be protected from terrorists.”

See the interview at Re/Code here. »

Another presidential quote…

“One of the interesting things about being in this job, is that it does give you a bird’s-eye view. You are smack dab in the middle of these tensions that exist. But, there are times where folks who see this through a civil liberties or privacy lens reject that there’s any tradeoffs involved. And, in fact, there are. And you’ve got to own the fact that it may be that we want to value privacy and civil liberties far more than we do the safety issues. But we can’t pretend that there are no tradeoffs whatsoever.”

The man is clearly stalling.

So what about the international security summit in Washington this week? Well, it seems to have changed in nature towards something more of a high level conference on extremism — to smooth over the fact that President Obama didn’t go to Paris after the terroris attacks. The BBC reports…

Still the planning seems a bit chaotic. Invitations to the summit went out to foreign embassies on 29 January, a State Department official told me.

At an event at the Atlantic Council in Washington on the following day, European officials said they still weren’t sure which minister would be appropriate to send to Washington.

Even those who are passionate about the goals of the summit – combating violent extremism – wonder about the optics – a term the Washington political class use to describe how an event is perceived.

In the end, it all boiled down to being a back drop for president Obama to deliver yet another very Kum Ba Yah speech.

The trip to Washington did however provide an opportunity for a plethora of meetings between EU and US politicians and security officials. Which is probably where all the interesting stuff went on. The stuff the general public is not supposed to know about — yet.

/ HAX

Links:
The Obama interview at Re/Code »
Ars Technica: Obama hedges position on encryption. It’s good. It’s bad. »
Slate: Tech Whiplash: Obama Endorses, Then Undermines, Encryption »
BBC: Extremism summit: Too little, too late, too chaotic? »
White House: Remarks by the President in Closing of the Summit on Countering Violent Extremism »
Breitbart: Extremists Attending Obama’s ‘Countering Extremism’ Summit »

0

Please support EDRi!

During the five years that I worked in the European Parliament – one organisation stood out when it came to protecting our digital rights (on issues like privacy, data protection, mass surveillance, web censorship etc.)

That organisation is EDRi – European Digital Rights.

EDRi is campaigning in a very hands on way, asking the hard questions at public hearings, serving the European Commission and the European Parliament with facts and helping members of parliament to fight and amend bad legislation.

It is essential that EDRi will be able to continue its work. They are often the last defence line when politicians endanger our free and open Internet.

Please follow these links to support EDRi:
Final push for our crowdsourcing campaign »
Support Digital Rights in Europe! »
Donation FAQ »

Tank you. Very Much.

/ HAX

1

The EU and a global ban on encryption

Will encryption become illegal? Will governments demand “golden keys” to commonly used encryption? If governments will go after encryption, will they make a difference between encryption used in Internet “base traffic” and encryption used by people to protect their mail and hard drives? What about apps? Nobody seems to know. All we do know is that governments would like to have access to all our communications.

Even if they have tried to keep it under wraps EU member states would like to circumvent encryption. In a leaked dokument from the informal meeting with EU justice and home affairs ministers the other week (PDF), we have it in writing…

“Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible. The Commission should be invited to explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the relevant national authorities to communications (i.e. share encryption keys). “

So, we pretty much know what the EU stance will be at the Global Security Summit, in the US nest week.

Interestingly, the European Parliament seems to have an opposite position. In its resolution on mass surveillance of March 2014, the Parliament states that…

[The EP] calls on the Commission to […] ensure a high level of security of telecommunication networks and services, including by way of requiring state-of-the-art end-to-end encryption of communications.

[The EP] calls for the EU to take the lead in […] rerouting of Internet traffic or full end-to-end encryption of all Internet traffic so as to avoid the current risks associated with unnecessary routing of traffic through the territory of countries that do not meet basic standards on fundamental rights, data protection and privacy.

[The EP] calls for the promotion of … encrypting communication in general, including email and SMS communication.

Apparently the European Parliament takes a very different stand, compared to EU member states.

And the Council of Europe (a parlament-like assembly with representatives from most European countries, including non-EU states) makes its position clear in a report…

“The assembly is deeply worried about threats to internet security by the practice of certain intelligence agencies […] of seeking out systematically, using and even creating “back doors” […] which could easily be exploited also by terrorists and cyber-terrorists or other criminals. […] The creation of “back doors” or any other techniques to weaken or circumvent security measures or exploit their existing weaknesses should be strictly prohibited.”

Again, this is a clear standpoint, the very opposite to that of EU member states.

To continue, we have a study from the European Parliament’s Science and Technology Options Assessment unit stating…

“The only way for citizens to counteract surveillance and prevent breach of privacy consists in guaranteeing uncorrupted end-to-end encryption of content and transport channel in all their communications.”

“The EU should invest in resilient open source implementations of different encryption specifications that can be verified and validated for correctness … providing users with unbreakable cryptographic protection. … The EU should invest in making users aware […] how [they] can reduce their digital footprint by following behavioural rules and applying encryption and anonymising principles.”

To put it simply: EU member states would love to have a ban on encryption or a “golden key”. Other relevant European institutions take an opposite standpoint — valuing and defending encryption.

But it will be the EU member states (and the EU Counter-Terrorism Coordinator) who are present at the Global Security Summit in Washington the coming week. And they will try to make their position global policy.

There is a way to get an encryption ban / golden key out of the summits agenda. That is to make this a public issue, to get the media involved and for people to speak out against this madness.

What we do right now will define our future.

/ HAX

Links:
• Not this again! Europe mustn’t backtrack on its support of encryption and rejection of surveillance »
• Next Week, World Leaders Will Meet to Talk About How Much They Hate Encryption »
• Council of the European Union (EU member states) PDF »
• Council of Europe (PDF) »
• UK Surveillance Consultation Suggests It Is End-Point Security, Not Encryption, That Cameron Wants To Subvert »
• In two weeks time, world leaders may decide to undermine encryption »

0

Big Brotherism at the EU summit this week

Thursday and Friday EU leaders will get together for yet another summit. There are burning issues such as Ukraine and Greece on the agenda — but also a couple of surveillance topics to watch closely.

One is EU PNR – a register on our intra-EU air travel. The idea is to collect various data about us and our travel habits, to be saved for five years.

The European Parliament has tried to block EU PNR, as it does not meet its standards when it comes to privacy and data protection. Just a few days ago the majority position was that you should not retain personal data about all air passengers in the EU — only when it comes to “a smaller target list of suspects”.

But in Strasbourg today, the Parliament adopted an notably vague resolution. From the press release

MEPs pledge to work “towards the finalisation of an EU PNR directive by the end of the year” and encourage member states to make progress on the Data Protection Package, so that negotiations on both proposals can take place in parallel. They aim to ensure that data collection and sharing is based on a coherent data protection framework offering legally-binding personal data protection standards across the EU.

This can — or should — be read as a signal to the summit to go ahead with EU PNR. The Parliaments has just indicated that it will co-operate. This is just the kind of resolution normally adopted when EU member states applies arm twisting to the peoples elected representatives. Now, the Parliament has committed to deliver this year.

Then we have the matter of encryption. Still there is nothing from the US administration — expected to put forward its new policy on encryption any day now. But in the UK we have demands from Prime Minister Cameron, that national security agencies must be able to access all of citizens telecommunications.

This surely must be on the EU summit agenda this week. The risk, however, is if topics like Ukraine and Greece drags out — EU leaders will just rubber stamp all other prepared dossiers, like this one.

If there will be a move to sidestep encryption (and everything points in that direction) next Thursdays Global Security Summit in the US will be the time and the place. But first, EU leaders ought to coordinate.

The third point on my watch list is the role of Internet service providers and social platforms. It has been very quiet since the informal meeting with EU justice and interior ministers in Riga a week and a half ago. There it was decided to deepen cooperation with the Internet industry “and to strengthen the commitment of social media platforms in order to reduce illegal content online”.

Will this be taken to the next level by EU leaders this week? Or is regulation already being prepared in the opaque European Commission administration?

Eyes and ears, please. The EU summit kicks off tomorrow.

/ HAX

1

The real impact of surveillance

Job-seekers under surveillance can lose income needed to survive if their online activity fails to match up to job search demands. People interested in campaigning hestiate over getting involved with movements for social justice when the police count activism as akin to domestic terrorism.

It’s clear that surveillance affects a broad group of people, with real painful consequences for their lives. We’ve seen journalists being monitored, lawyers having their client confidentiality broken, victims of police misconduct being spied on and environmental campaigns infiltrated. These people are not criminals, and yet when we have a system of mass surveillance, they become targets for increasingly intrusive powers.

We also know that state surveillance stigmatises certain groups of the population, it targets communities and networks. Innocent people who share similarities with suspects, (similar Skype chat user names, nearby places of worship, physical location) fall under intense scrutiny, like having their private web cam chats examined. Mass surveillance disproportionally affects marginalized groups and fosters mistrust.

Read more at Open Rights Group: The real impact of surveillance »

0