Tag: Internet

The New SOPA: Now With Slightly Less Awfulness!

On Thursday, the House Judiciary Committee is slated to take up the misleadingly named Stop Online Piracy Act, an Internet censorship bill that will do little to actually stop piracy. In response to an outpouring of opposition from cybersecurity professionals, First Amendment scholars, technology entrepreneurs, and ordinary Internet users, the bill’s sponsors have cooked up an amended version that trims or softens a few of the most egregious provisions of the original proposal, bringing it closer to its Senate counterpart, PROTECT-IP. But the fundamental problem with SOPA has never been these details; it’s the core idea. The core idea is still to create an Internet blacklist, which means everything I say in this video still holds true:

Let’s review the main changes. Three new clarifying clauses have been added up front: the first two make clear that SOPA is not meant to create an affirmative obligation for site owners to monitor user content (good!) or mandate the implementation of technologies as a condition of compliance with the law (also good!). But the underlying incentives created by the statute push strongly in that direction whether or not it’s a formal requirement: What else do we imagine sites threatened under this law because of user-uploaded content or links will do to escape liability? A third clause says the bill shouldn’t be construed in a way that would impair the security or integrity of the network—which is a bit like slapping a label on a cake stipulating that it shouldn’t be construed to make you fat. These are all nice sentiments, but they remind me of the old philosophers’ joke: “You’ve obviously misinterpreted my theory; I didn’t intend for it to have any counterexamples!”

The big changes in the section establishing court-ordered blocking of supposed “rogue” sites appear to be intended to respond to the objections of cybersecurity professionals and network engineers, who pointed out that requiring falsification of Domain Name System records to redirect users from banned domains would interfere with a major government-supported initiative to secure the Internet against such hijacking. The updated language explicitly disavows the idea of redirection, removes a hard five-day deadline for compliance, and (crucially) says that any DNS operator (like your ISP) has fully satisfied its obligations under the statute if it simply fails to respond to DNS queries for blacklisted sites.

This is bad for transparency, in both the engineering and democratic senses of that term, insofar as it makes a government block indistinguishable from a technical failure, but it does, in a sense, address the direct conflict with DNSSEC. But as network engineers point out, a well-designed application implementing DNSSEC isn’t just going to give up when it doesn’t get a valid, cryptographically signed reply: it’s going to try other DNS servers (including servers outside US jurisdiction) until it finds one that answers.

There are two possibilities here. The first is that application designers don’t design their software properly to implement DNSSEC for fear of liability under the statute’s anti-circumvention provisions, which would be a Very Bad Thing. The second is that they’re assured they won’t be held liable for good design, in which case this whole elaborate censorship process—which was never going to be particularly effective against people who actually want to find pirated content—becomes a truly farcical pantomime, in which nobody running reasonably up-to-date clients even notices the nominal “blocking,” beyond a few seconds delay in resolving the “blocked” site. Now, if we’ve got to have an Internet censorship law, a completely impotent one is surely the best kind, but it becomes a bit mysterious what the point of all this is, beyond providing civil libertarians with a chuckle at the vast amount of money Hollywood has wasted ramming this thing through.

The other big change is to the private right of action, which previously would have allowed any copyright holder to unilaterally compel payment processors and ad networks to cut off sites that it merely accuses of infringement, or enabling infringement, or (in a baffling specimen of tortured language) taking “deliberate actions to avoid confirming a high probability” that the site would be used for infringement. That last little hate crime against English is mercifully absent from the revised SOPA, and it makes clear that only foreign sites are covered, and a judge is now required to actually issue an order before intermediaries are obligated to sever ties.

Which ultimately goes to show that the original proposal was so profoundly wretched that you can improve it a great deal, and still have a very bad idea. This is still, as many legal scholars have correctly observed, censorship by slightly circuitous economic means. The involvement of a judge should (knock on wood) weed out the most obviously frivolous complaints, but it still makes it far too easy for U.S. corporations to effectively destroy foreign Internet sites based on a one-sided proceeding in U.S. courts.

These changes are somewhat heartening insofar as they evince some legislative interest in addressing the legitimate concerns that have been raised thus far. But the problem with SOPA and PROTECT-IP isn’t that they need to be tweaked in order to get the details of an Internet censorship system right. There is no “right” way to do Internet censorship, and the best version of a bad idea remains a bad idea.

The Lives of Others 2.0

Tattoo it on your forearm—or better, that of your favorite legislator—for easy reference in the next debate over wiretapping: government surveillance is a security breach—by definition and by design. The latest evidence of this comes from Germany, where there’s growing furor over a hacker group’s allegations that government-designed Trojan Horse spyware is not only insecure, but packed with functions that exceed the limits of German law:

On Saturday, the CCC (the hacker group) announced that it had been given hard drives containing “state spying software,” which had allegedly been used by German investigators to carry out surveillance of Internet communication. The organization had analyzed the software and found it to be full of defects. They also found that it transmitted information via a server located in the United States. As well as its surveillance functions, it could be used to plant files on an individual’s computer. It was also not sufficiently protected, so that third parties with the necessary technical skills could hijack the Trojan horse’s functions for their own ends. The software possibly violated German law, the organization said.

Back in 2004–2005, software designed to facilitate police wiretaps was exploited by unknown parties to intercept the communications of dozens of top political officials in Greece. And just last year, we saw an attack on Google’s e-mail system targeting Chinese dissidents, which some sources have claimed was carried out by compromising a backend interface designed for law enforcement.

Any communications architecture that is designed to facilitate outsider access to communications—for all the most noble reasons—is necessarily more vulnerable to malicious interception as a result. That’s why technologists have looked with justified skepticism on periodic calls from intelligence agencies to redesign data networks for their convenience. At least in this case, the vulnerability is limited to specific target computers on which the malware has been installed. Increasingly, governments want their spyware installed at the switches—making for a more attractive target, and more catastrophic harm in the event of a successful attack.

Welcoming a New Common Noun: ‘the Mubarak’

Officials in London are looking everywhere but the mirror for places to affix blame for the recent riots. Beyond the immediate-term answer, individual rioters themselves, the target of choice seems to be “social media.” Prime Minister David Cameron is considering banning Facebook, Twitter, and Blackberry Messenger to disable people from organizing themselves or reporting the locations and activity of the police.

Nevermind substantive grievance. Nevermind speech rights. We’ve got scapegoats to find!

[Events like this are nothing but a vessel into which analysts pour their ideological preconceptions, so here’s a sip of mine: Just like a spoiled child doesn’t grow up to be a gracious and kind adult, a population sugar-fed on entitlements doesn’t become a meek and thankful underclass. Also: people don’t like it when the police kill unarmed citizens. Which brings us to some domestic U.S. ineptitude…]

Two-and-a-half years ago, a (San Francisco) Bay Area Rapid Transit (BART) police officer shot and killed an unarmed man on a station platform in full view of a train full of riders (video). Sentenced to just two years for involuntary manslaughter, he was paroled in June. This week, upon learning of planned protests of the killing that may have disrupted service, BART officials cut off cell phone service in select stations, hoping to thwart the demonstrators.

[Update: A correspondent notes that the BART protest was in relation to another, more recent killing.]

The Electronic Frontier Foundation rightly criticized the tactic in a post called “BART Pulls a Mubarak in San Francisco.” It’s the same technique that deposed Eqyptian dictator Hosni Mubarak used to try to prevent the uprising that toppled him.

What’s true in Egypt is true in the U.K. is true in the United States. People will use the new communications infrastructures—cell phone networks, social media platforms, and such—to express grievance and to organize.

Western government officials may think that our lands are an idyll compared to the exotic savagery of the Middle East. In fact, we have people being killed by inept law enforcement in the U.S. and the U.K. just like they have people being killed by government thugs in the Middle East. What seems like a difference in kind is a difference in degree—and it’s no difference at all to the dead.

Among the prescriptions that flow from the London riots and BART’s communications censorship are the intense need for greater professionalism and reform of police practices. Wrongful killings precipitate (rightful) protest and (wrongful) violence and looting. Public policies in the area of entitlements and immigration that deny people a stake in their societies need a serious reassessment.

But we also need to keep in mind the propensity of government officials—in all governments—to seek control of communications infrastructure when it serves their goals. From the perspective of the free-speaking citizen, centralization of communications infrastructure is a key weakness. It gives fearful government authorities a place to go when they want to attack the public’s ability to organize and speak.

The Internet itself is a distributed, packet-switched network that generally resists censorship and manipulation. Internet service, however, is relatively centralized, with a small number of providers giving most Americans the bulk of their access. In the name of “net neutrality,” the U.S. government is working to bring Internet service providers under a regulatory umbrella that it could later use for censorship or protest suppression. Platforms like Facebook and Twitter are also relatively centralized. It is an important security to have many of them, and to have them insulated from government control. The best insulation is full decentralization, which is why I’m interested in the work of the Freedom Box Foundation and open source social networks like Diaspora.

The history of communications freedom is still being written. Here’s to hoping that “a Mubarak” is always a failure to control people through their access to media.

Finns Begin a Quixotic Quest for Prevention

In the aftermath of the Oslo terror attack, Finnish police—yes, Finnish—plan to increase their surveillance of the Internet:

Deputy police commissioner Robin Lardot said his forces will play closer attention to fragmented pieces of information—known as ‘weak signals’—in case they connect to a credible terrorist threat.

That is not the way forward. As I explored in a series of posts and a podcast after the Fort Hood shooting here in the United States, random violence (terrorist or otherwise) is not predictable and not “findable” in advance—not if a free society is to remain free, anyway. That’s bad news, but it’s important to understand.

In the days since the attack, many commentators have poured a lot of energy into interpretation of Oslo and U.S. media treatment of it while the assumption of an al Qaeda link melted before evidence that it was a nationalist, anti-immigrant, anti-Islamic “cultural conservative.” Such commentary and interpretation is riveting to people who are looking to vindicate or decimate one ideology or another, but it doesn’t matter much in terms of security against future terrorism.

As former FBI agent (and current ACLU policy counsel) Mike German advises, any ideology can become a target of the government if the national security bureaucracy comes to use political opinion or activism as a proxy or precursor for crime and terrorism. Rather than blending crime control with mind control, the only thing to do is to watch ever-searchingly for genuine criminal planning and violence, and remember the Oslo dead as Lt. General Cone did Fort Hood’s: “The … community shares your sorrow as we move forward together in a spirit of resiliency.”

Bacon, Duct Tape, and the Free Market

It’s hard to imagine how we would get through life without necessities like bacon and duct tape. But have you ever thought about how the free market gives you so much for so little?

Here’s a video that should be mandatory viewing in Washington. Too bad politicians didn’t watch it before imposing government-run health care.

And since we’re contemplating the big-picture issue of whether markets are better than statism, here’s some very sobering polling data from EurActiv:

A recent survey has found deep pessimism among European Commission staff on a wide range of issues, including the course of European integration over the past decade and the likelihood of success of the EU’s strategy for economic growth. Some 63% partially or totally agreed that “the European model has entered into a lasting crisis.”

This is remarkable. Even the statist über-bureaucrats of the European Commission realize the big-government house of cards is collapsing, yet politicians in Washington still want to make America more like Europe.

FTC Advert: Cut Our Budget!

An insert that ran in the Washington Times this week didn’t say directly that the Federal Trade Commission’s budget should be cut. But a few short steps get you there.

The FTC-produced insert—a 16-page, color brochure appearing in a number of papers—is titled: “Living Life Online.” It’s aimed at teaching children how to use the Internet, with articles titled: “Sharing Well With Others” and “Minding Your Manners.” An ad on the back points kids to an FTC Web site about advertising called Admongo.gov, and little smart-phone insets contain factoids like:

DID YOU KNOW? Teens text 50 messages a day on average, five times more than the typical adult (who sends or receives 10 text messages a day).

Well, I have some factoids to share, too:

DID YOU KNOW? The U.S. Constitution provides for a federal government of limited, enumerated powers (and teaching kids about the Internet is not one of them).

Here’s another:

DID YOU KNOW? The federal government has had massive deficit spending in recent years, of $459 billion in FY2008, $1.4 trillion in FY2009, $1.3 trillion in FY2010, and $1.5 trillion in FY2011 (which is a huge damper on economic recovery).

It’s time to make serious budget cuts, and a government agency that seeks to replace parenting with government propagandizing to children is a great opportunity to do that.

Cato’s Downsizing Government project has been making its way through the major agencies, but don’t overlook the little ones. President Obama’s budget called for the FTC to spend $321 million in fiscal 2012. Zeroing that out would save a bunch, not only in direct expenses but in the dead-weight loss to the economy and consumer welfare symbolized by the FTC’s awful “Man Restraining Trade” statues.