Friday, 10 August 2012

Cyberwars: The State Of Play

There are four main things we digital rights activists are worried about: security, privacy, censorship, access to information, and internet freedom. Today I'm going to talk about how access to information is being threatened by people who ignore the facts or distort the news to suit themselves. It's not always the government or the big bad corporations. Sometimes, we're the problem.

Let's talk about our much-vaunted Western freedom for a moment, shall we? Actually, am I the only one to notice that the hawkish politicians haven't been blathering about "the free world" for some time now? That's because it ain't quite so free any more and it happened on our watch — and that's because we weren't paying attention. Let's take a look at the state of play.


We've had some interesting security stories come up in the past week; Gizmodo and Reuters. Each of these stories illustrates the fact that it's up to us to take more care of our things instead of letting the government legislate it for us. Government-manufactured malware is being used in cyberwarfare, so we need to keep our security software up-to-date or we're going to either get fried or hacked as collateral damage. Meanwhile, hackers have been busy wreaking havoc on a personal and professional level.

Gizmodo hacking

On Sunday 6th August Mat Honan of Gizmodo was hacked. The hacker gained access to his iCloud account, reset the password and sent the confirmation message about the reset to the trash, then wiped his iPhone, iPad, and MacBook Air. Then, to add insult to injury, they took over his Twitter account and got into his Gizmodo Twitter account, posting offensive tweets and making a huge fool of him. He's in the process of picking up the pieces and his openness about what went wrong and how to avoid it happening again is a treasure trove of information to the rest of us.

Here are the basics: if you have Gmail, use the 2-step authentication. I've had people try to hack me, so I'm very conscious of online safety. The result is, the best they could manage was to lock me out of my Yahoo account for three days because they'd tried to guess my password too many times. That would have kept the hacker out because his Gmail account was used for his Twitter account, which had links to his other accounts... you get the idea. Secondly, be aware that Apple can and does drop the ball when it comes to tech support. They failed to verify the identity of the person calling them for Mat's passwords, etc., and that's how they destroyed his data.

Reuters hacking

On Friday 3rd August, Reuters' news blogging platform was hacked and a false post was made on a Reuters journalist's account. It emerged later on that a vulnerabilty in WordPress was to blame. Basically, they hadn't updated the software. It's a no-brainer: update the software to apply the vulnerability patches! It'll happen again sooner or later because there's always some chump who thinks it won't happen to them. It will, trust me. WordPress is one of my specialities and website maintenance is a service I provide. Later on, hackers broke into the Reuters Twitter account and renamed it from @ReutersTECH to @ReutersME. Could this be an iVulnerability? An iBooBoo? I could be wrong, but without information that's the best guess I can make. That, and the possibility of a failure to properly secure his email account with 2-step verification and a hard-to-guess password.


So how exactly would legislation fix that? President Obama had a plan to penalise essential service providers for failing to implement proper security precautions but the bill got hijacked by senators playing partisan politics. They added amendments to it that would have compromised our privacy, so the Internet Freedom Movement took part in a mass contact campaign and, with the aid of more senators adding unrelated amendments, pulled it down. At the end of the day, it's our responsibility to hold the administrators of the public infrastructure services to account for their conduct, and it's their responsibility to ensure that best practice is followed. We don't need laws, we need responsible people to take charge.


The right to personal privacy is baked into the legal codes of our respective nations, depending on where you live, but this right is being slowly nibbled away in the name of security and protecting us from criminals. Actually, we need to protect ourselves and report criminals to demonstrate that we don't need to be nannied by the state. It doesn't help that, although warrantless wiretapping in the USA is illegal, you can't sue the state for violating your rights. That case is going to be taken higher: it seems ridiculous to me that the government can't be penalised for flipping off the Constitution.


Requiring warrants for all law enforcement requests shouldn't be that big a deal, but when there's money involved via the trade in wiretapping services, it is. Oh, and the number of countries around the world that are under surveillance or experiencing censorship is increasing. Britain will be joining it soon enough if the contentious Communications Data bill gets passed. I got an email from the Home Office today telling me they'll give me what they can, but no state secrets or anything like that. I replied that I don't want state secrets, I just don't want to have anyone in this country's private online activities under surveillance without a warrant and I certainly don't want G4S to run our law enforcement services.

Social Networks

Social networks such as Facebook have cookies that allow them to follow you around online in order to serve ads to you based on your search history. It's actually handy having them, but when they want to expand their services to kids to serve ads to them, too, it's time to be nervous. It doesn't help that many under thirteens are already using them with or without the aid and knowledge of their parents. Meanwhile, stories of dark profiles for potential users hint at the breadth of information they can gather on people via their users. Stories of FB accounts being watched for uncomplimentary comments or simply liking the wrong page that result in people being fired from their jobs and fusking for nude photos in private Photobucket albums abound. I've said it before and I'll say it again, don't post it private if you don't want it public. It will become public, trust me on this. All it takes is for one person in your private circle to post it in public and it's all over.


Censorship, both covert and overt is making itself felt. Put it this way, when you're afraid to say anything in case your boss finds out, something is wrong in the world. I'm not that bothered about some ignorant fools, scummy racists, or digusting deviants, but freedom of speech for us begins where theirs ends, and it's a slippery slope at best. That's why it's important to defend it; we all benefit. If you let them take down the ignorant racist perves, the bar drops, and they'll come after you next.


The threat of being fired for liking or commenting on social networks is likely having a chilling effect on speech there because you never know who's watching. A trend for DDoSing websites that governments don't like is emerging, with WikiLeaks, Demonoid, and security website KrebsOnSecurity all reporting unnatural surges in traffic. Meanchile, hacking websites and social media accounts to post misleading messages, sock puppet pundits writing op-eds on topics as diverse as food safety, municipal economies, and IPR, are working to skew media reports to their advantage or to influence evidence presented in court. When your own government is willing to throw you to the wolves, public opinion is all you've got and if that goes, you're sunk. We need to keep an eye on this and not be too quick to accept what we're told by the mainstream media. Look for original documents such as court cases or the particulars of cases where possible.


Shutting down websites for infringement is censorship because the message they send is, "There are other ways to access content and the service we provide is better." Changing their business models messes with the distribution contracts the content providers have with broadcasters because they're based on exclusivity, so the rightsholders groups have been howling for the blood of infringers instead of cutting deals with them, or out-performing them with rival services that actually address the market. Demonoid is the latest torrent site to be shut down "as a gift to the US Government," according to a report on TorrentFreak. Authorities in Mexico are preparing criminal charges against the tracker for infringement.

Net Neutrality

I'm a big advocate for net neutrality and blog about it often. Here's the deal: the internet began as a messaging system for communications between geeks. As the network grew, so did possibilities. People wanted to send pictures, then videos, then different formats emerged, then applications. It was never envisaged to be what it's become. Now that it's global and ordinary bods like me are able to communicate with ordinary bods in America, Canada, Australia, and India, to name but a few of the countries my online friends come from. The good news is that our governments have been working on transparency and open access to information on research and essential services. The bad news is they want open access to our personal data.

As a result of all the rampant sharing, the legacy content industries are losing the grip they used to have over distribution and it's freaking them out. They know they need to change to keep up with the times, but they're trying to get our ISPs to help them bring their exclusive distribution business model to the internet. The only way to make that work without competitors crashing the party is mass surveillance with our ISPs being willing to rat on us if we share torrents or engage in any kind of unauthorised distribution. They want to own the internet, basically, even though it's not theirs and was never meant to be used in this way. The last thing they want is net neutrality; it would transfer the balance of power to us. Net neutrality is about not giving priority to types of information, e.g. videos over emails. I personally tend to extend that definition to include digital rights, and that's what I'm fighting for. There's work to be done if we want to get reform, and I can't do it by myself. Take part in the Internet Freedom Movement's campaigns as and when they come up.

Internet freedom

Meanwhile, the freedoms we do have are allowing the proliferation of anti-MPAA videos by the likes of Political Prostitution. Hopefully, this will be the start of a slew of direct action campaigns that bring public attention to these issues and get the changes we need made — such as keeping former RIAA lobbyists from sitting on copyright infringement trials. Conflict of interest, much?

Intellectual Property Rights

If you want the freedoms listed above, they start with breaking the distribution monopolies provided by intellectual property rights laws. Copyright infringement is the battleground and right now we've got a lad from Sheffield, Richard O'Dwyer, who is the subject of a malicious extradition attempt at the behest of the MPAA that might actually fail in the light of a new ruling in America. There's not much point in extraditing him if streaming and linking is legal, is there? I'd advise against putting TV Shack back up again, though. Meanwhile, Olympics coverage is being spoiled for Americans, particularly their troops abroad, because of broadcasting contractual arrangements. Internet streaming services are available, if you're interested.

The Centre for Copyright and New Business Models in the Creative Economy, run by a consortium of UK universities led by the University of Glasgow, is an initiative to examine issues associated with digitisation with a view to finding out how best to support relationships between the arts and technology. This is hopefully an exciting project that will bridge the gap between creative industries and the digital environment. We don't need an extended IPR regime, and hopefully their research will prove that. I'm going to contact them to find out more about what they're doing.


Maximalists like to defend their positions by making out that you can't make money without "strong protections," but that's twaddle. In the 1900's, Germany experienced an explosion of creativity while Great Britain fell behind because there was no copyright. These days, Microsoft's contentious ways are alienating users and partners alike and patent trolling is stifling innovation. Bogus DMCA takedowns spoiled the Curiosity landing on Mars, as reported by Florian Rohrweck and Lon Seidman on Google Plus. The comments on both threads are most informative. Scripps was named as one of the offenders; apparently their web crawler reported it by mistake. God forbid that Google should name the people responsible for issuing these takedowns, "It makes us look bad!" whines Larry Crane on Tape Op. He needs to get over himself; we need to know who issued the takedowns because sometimes they are bogus and we need to report that.


Kim Dotcom has been giving evidence in court about the dramatic (and brutal) dawn raid on his home that even the police are admitting was over-the-top. The FBI were also involved and it's all looking very shoddy. The police wouldn't even let the heavily pregnant Mona Dotcom call an ambulance when she feared she was having contractions. Her twins were later born safely. Apparently, a serving officer was acting as a bodyguard and the raid police knew it. There was simply no need for that amount of force and the warrants weren't even legal. Wikipedia is keeping a record of the goings-on. Ultimately, Kim's fate will determine the future of internet freedom. If the MPAA win this, we'll have Hell to pay for infractions from now till doomsday. If they lose, we can start the great pushback that will end their stranglehold on the IPR debate. I'll be watching this and will report on further developments.


We want to stay safe online; own what we buy and be free to use, share or resell it without restrictions; access to accurate information; and the freedom to view what's available online as long as it's legal. I've been campaigning for digital rights since January and I've celebrated victories over SOPA/PIPA, CISPA, and ACTA. The Cybersecurity Act 2012 may be brought in via executive order but this is an election year so President Obama needs to think twice about a possible power grab.

We've got the opportunity to make a difference, faciliated by the internet. We can do this, but we can't do it alone. It's easy to blame the politicians who vote such laws in, but if we made more of an effort to engage with the political movements that act in the public interest, we'd have had all the changes we want by now. I can't say this enough: if you don't get involved, you won't get what you want.

No comments:

Post a Comment