On Friday Laurie Penny wrote a piece in the Guardian’s Comment is Free: David Cameron’s internet porn filter is the start of censorship creep. The gist is that under the guise of protecting children, Cameron’s government is intent on controlling adults.
For example, she wrote:
The category of “obscene content”, for instance, which is blocked even on the lowest setting of BT’s opt-in filtering system, covers “sites with information about illegal manipulation of electronic devices [and] distribution of software” – in other words, filesharing and music downloads, debate over which has been going on in parliament for years. It looks as if that debate has just been bypassed entirely, by way of scare stories about five-year-olds and fisting videos. Whatever your opinion on downloading music and cartoons for free, doing so is neither obscene nor pornographic.
But we should not be surprised. Filtering has always been used as a disguise for censorship – and not just by governments. For example, I recently emailed Alexander Hanff, a well-known privacy expert and advocate, for his views on the GDPR (specifically for an article I was writing at the time). He replied, but with this surprising comment:
‘Nothing to do with me, guv,’ I quickly replied. Well, he looked into it, and to cut a long story short (you can read the full version on his blog: Gmail scanning becomes censorship), he came to the conclusion that Google is effectively using ‘privacy’ as a trip for its spam block.
Alexander gives several reasons why this email could not be considered spam by any half-decent filter: it was clearly a reply; it included his PGP key; and it included both a delivery and a read receipt. His conclusion:
What makes this even more ironic, is the email content was all about an EU Regulation of which Google would be one of the corporations it impacts most – an email about privacy, scanned by a filter which goes against privacy and run by a company that has declared war on privacy because this single, fundamental right interferes with their illegitimate and unethical revenue model.
Alexander’s conclusion is that this was incompetence, ironic incompetence, bordering on censorship. But it’s a fine line – and personally, I’m not so sure. Google’s filters are essential to its business model. It cannot afford to get them wrong. And its revenue record demonstrates that it doesn’t get it far wrong. A little tweak here, and a little tweak there, and Cameron’s ability to censor anything he wants becomes a simple reality.
And as far as I can see, Google is already testing out its model. In this instance it was an inoffensive email to a journalist about the GDPR. But filtering and blocking emails to journalists is a worrying trend with worrying potential.
Censorship. It’s an emotive word. And always wrong, right? Wrong.
You see, people confuse censorship with choice. And when it’s really a question of choice, it cannot be wrong. Consider the recent ‘censorship’ of hard core self-published books by organizations like WH Smith and Amazon. Amos Kepler wrote (14 October 2013):
My books have been banned by WHSmith… If anything, the books being controversial is one more important reason to sell them and feature them. Censorship and oppression of free expression are never okay!
My books have been banned by WHSmith
SM Johnson wrote (13 October 3013):
Well. It seems one of my books has been censored by Amazon… This is one of those “big bads” that NEEDS to be publicized. If we ever needed a shit-storm about anything, it’s THIS.
Erotica Authors – Amazon Censorship Alert
But this isn’t censorship, this is choice. It is the choice of the publisher (in this instance WH Smith and Amazon) to sell or provide what they choose (or in this case, not sell what they don’t choose). We would not describe Harrods’ disinclination to sell Happy Shopper beans as censorship of baked beans requiring a shit-storm of protest — so why should we do so about WH Smith and Amazon? After all, you can still get Happy Shopper beans from Happy Shopper — and you can still get hard core from hard core shops.
Censorship is different. It is the removal of choice. It does not say, you cannot have this from us; it says no-one can have this from anyone, at all, period — and with censorship, WH Smith and Amazon would have no choice over what they wish to sell or not sell. There’s a big difference.
WH Smith and Amazon are not censoring these books; they do not have the ability to do so (the books will be available elsewhere, even if only from the authors’ own websites). WH Smith and Amazon are choosing not to make them available from their sites. And it is their right to make that choice.
Censorship is when an organization prevents all access to information or ideas or art that would otherwise be available. Governments can do it. ISPs can do it. Bookshops cannot.
So if we go back to our first paragraph, censorship is always wrong, right? Right! But choice is not; and we should not confuse the two. Claiming that a bookseller’s decision not to sell a particular book is censorship weakens the argument against genuine, serious censorship. Genuine censorship is not merely wrong, it is dangerous. Bookshops deciding not to sell hard core is not censorship.
A little while back I did a report on a major analysis by a major security firm on a major malware campaign. The security firm mentioned the name of a major security group situate in a major world economy. The malware campaign seemed to originate from this major world economy and primarily target one other specific country. The security group’s name repeatedly appeared in the code of the malware being investigated. All of this is fact.
A few days later I asked a separate security firm, whom I knew to be also investigating the same malware campaign, for their thoughts. We’d rather not comment, was the reply, since this is already causing problems.
Well, this major analysis report now seems to have disappeared from the major security firm’s website.
Why would that be?
I hardly think that legal threats from the major security group would be enough – after all, the major security firm was merely presenting facts. The major security group’s name really does appear in the malware code, repeatedly. Anyway, the analysis report went to great lengths to say, paraphrased, “we are in no way suggesting that [major security group] is implicated by this – there could be many innocent reasons for the name to appear.”
But the report has disappeared. There’s still an entry in the major security firm’s blog that describes the malware campaign. But the major security group’s name doesn’t appear. A link points to the report, but just goes to the home page. The report itself seems to have disappeared.
Why would that be?
There are two reasons I can think of. The first is that the major security firm now accepts that the inclusion of the major security group’s name is coincidental and unrelated to reality. But then why not just say so, rather than removing the whole report?
The other is government pressure. The whole malware campaign reeks of state-sponsored cyber espionage. And if that’s the case, I can fully understand said major world economy applying government-level pressure against said major security firm to bury any implied suggestion of cyber espionage against the target country.
So this morning I received this email. “I am Mr Thing, Corporate Communication Manager of Major Security Group. I had earlier also sent you the mail but I did not got any response from your end.” He hadn’t, but we’ll let that pass. “There is an article on your website which says… I want to clarify you that the claims in the report were totally false and imaginative.” I don’t think so – they were a report of a matter of fact. And it’s not my website – it is the website of the magazine I was writing for. Out of loyalty to that magazine, and courtesy to the major security firm that has buckled under pressure and removed the report, I mention no names. But I should point out to Mr Thing that had I published my report on this website, it would remain in full with his email appended in full, and the major security firm’s major analysis of the major malware campaign appended to that.
Mr Thing also added, “So, I want you to remove the link from your website as it is defamatory, libellous, ethnically objectionable.” I would say to Mr Thing, corporate communications manager of major security group in major world economy, I take a very dim view of being accused of writing things that are defamatory, libelous and ethnically objectionable. In fact, I consider that to be defamatory.
Where do these people get off thinking they can suppress fact and rewrite history?
It’s worth repeating. The law is an ass.
A fundamental purpose of law is to protect the individual. Sadly, this purpose has long since been appropriated by big business – the purpose of the law is now to pander for business at the expense of the citizen through the collusion of politicians.
The result is that the law has become ridiculous.
In the past it used to be an unwritten rule in the UK that parliament would not pass unenforceable laws. The reason is that a law that cannot be enforced makes the law look an ass. Worse, it makes parliament look as big an ass as the law that cannot be enforced.
Here’s an example. Parliament has created the laws that made the courts attempt to block The Pirate Bay (TPB) at the behest of the music industry (and film and video and video gaming etcetera). Parliament has become the pimp of the music industry (ironic, really, since neither prostitution nor the employment of prostitutes is illegal – because it is unenforceable – but pimping is illegal).
But back to The Pirate Bay. The courts have been forced by the alliance of parliament and the music industry to order the ISPs to block TPB. But blocking TPB is so unenforceable it is absurd; confirming that the law and parliament has become a collective ass.
The easiest way to get round the block is to use a proxy service. You go to a site in a country that doesn’t operate a block, and that website redirects you to TPB. A quick search on Google turned up at least 150 TPB proxies.
But you don’t even need to look for them. There’s a Chrome add-on and an Android app that will do it for you automatically.
If you don’t use Chrome and don’t have Android you could use TOR, which will both provide anonymity and bypass the block. Or use a VPN. Both of these require some effort and a little knowledge.
So you could simply switch to the Opera browser and turn on Turbo mode. Turbo mode is designed for users with slow connections. It speeds things up by going via Opera’s own servers. But since you are going to Opera rather than TPB, you don’t get blocked when you go through Opera Turbo to get to TPB.
This is TPB via Opera Turbo from the UK today. Note that although I asked for thepiratebay.se (Sweden), I automatically got redirected to TPB’s latest home at dotSX. TPB moved from Sweden to “Sint Maarten, a tiny island in the northeast Caribbean located 190 miles east of Puerto Rico,” a few days ago (TorrentFreak). This follows the latest court case in Sweden against TPB by the music industry. Incidentally, TPB also has an Icelandic domain. The music industry case in Sweden is trying to get the Icelandic domain closed because it is registered to a man of Swedish nationality. I salute Marius Olafsson of Iceland’s domain registry ISNIC, who told TorrentFreak: “ISNIC will legally fight attempts to use the domain name registry system to police/censor the net. We believe that to be ineffective, wrong and dangerous to the stability of the DNS as a whole.”
Or you could simply use the Google cache. Chrome direct:
The long and the short of it is that the UK blockade of The Pirate Bay (or any other website) is unenforceable.
Only about 30% of the UK electorate bothered to vote in last Thursday’s local elections. Pompous political spinners try to tell us that it’s mid-term and people are more concerned with national rather than local issues. I give them an alternative – the people are totally disillusioned with politics and politicians and the whole political process because the law and parliament has become an ass in the pocket of big business.
And that’s a tragedy.
Lisa Vaas, a journalist I respect, has an interesting post on NakedSecurity. It discusses the problem of revenge porn sites, and the distress and harm they can cause.
In particular, it highlights the cases of Holly Jacobs and a separate class action by 17 women against one particular site, and GoDaddy for hosting the site. Lisa is right in that something must be done about revenge porn – nobody has the right to inflict pain on any other person. But what to do is the problem.
Lisa supports the action against GoDaddy:
The notion of GoDaddy being taken to task hardly seems confused. It seems appropriate, the hosting provider being an accessory to the alleged crimes and having profited off them, to boot.
This is an understandable but dangerous reaction. ISPs and hosting companies must not become tasked with censoring what they host unless it is clearly and plainly illegal (and even then the alleged criminal site should have clear legal recourse to appeal and be reinstated if it is not illegal).
If GoDaddy is found liable for the content of the websites it hosts, where will it stop? There’s a conceptually similar case in Belgium, where the music rights group SABAM is suing ISPs for lost revenue through illegal music downloads, and also demanding a general 3.4% tax levy on users to pay for illegal downloads.
If cases like these succeed, then ISPs will become afraid of legal action against them whenever a hosted site publishes material that might offend or upset powerful vested interests: ISPs will err on the side of bland to protect their revenue, and freedom and liberty will take a serious hit. ISPs must be protected conduits, like snail mail, and not be responsible for what they carry.
Lisa is right that something needs to be done about revenge porn sites – but the target must be the people who post the material, not the sites themselves and most certainly not the ISPs and hosting companies.
One of the things that worries me is the steady stream of inflated or unprovable statistics showing how dire the cyber threat has become. I am not alone in this concern. Ross Anderson and his team at the Cambridge University Computer Lab famously objected to statistics prepared by Detica for the Cabinet Office. On being invited by the Ministry of Defence to come up with their own defensible statistics, they produced a report showing that, statistically, government would achieve much better security by catching the crooks than by applying increasingly more expensive and sophisticated security systems.
But government doesn’t want to do that. As far as government is concerned, security is achieved by control. Having control of the internet and control over the internet’s users will provide the security they want (and the megalomaniac satisfaction they crave).
It is made worse by a huge security industry that can only survive if we buy its products. And the more afraid we are, the more money we will spend and the richer they will get.
So the poor bloody user is caught in an inescapable pincer: both the government and industry want us to be afraid – and horrific statistics and hyped up warnings created by industry and spread by government will do just that.
Here’s an announcement that came out the other day from NCC. Headline: “Hacking attempts to exceed one billion in the final quarter of 2012”. That’s pretty scary.
Rob Cotton, CEO of NCC Group, comments later in the announcement,
We’ve had copious initiatives and plans announced in the last quarter from bodies and governments aimed at addressing this issue, but the urgency just doesn’t seem to correlate with the growing threat… but these initiatives alone are not going to solve the problem. Public and private sector must work together, strategically and tactically, if we are going to be able to realistically defend against a billion hacks a quarter.”
Notice two things: government initiatives (including, I assume, the Communications Bill and GCHQ’s Incident Response Scheme and the Digital Economy Act and RIPA and Baroness Howe’s internet censorship – and that’s just in the UK) are not yet enough to tackle the hacking that has suddenly morphed from ‘attempts’ to “a billion [actual] hacks a quarter”.
A hack is generally speaking the unauthorised access of a computer. According to Mr Cotton, we are currently suffering from more than 333,000,000 every month (or more than 10,000,000 every day). Clearly the government must pass more laws and we must spend more money with the security industry so that we don’t suffer another 10 million hacks tomorrow.
It is only at the very end of the announcement we find the rider, “Stats do not necessarily indicate successful access, just unauthorised attempts.” On this basis, the quoted figure will include automated port scans. (I remember watching such scans click up on my PC at one every few seconds and being stopped by a very early version of ZoneAlarm – say, 5 per minute or 300 per hour or 7200 per day or around or 216,000 per month or around 648,000 per quarter – just for little me and all stopped by my little free firewall.) Add to this every spam email that carries a link to an exploit kit – which can be described as a hacking attempt – and suddenly the one billion figure seems rather conservative but not particularly frightening.
But this is what government and those parts of the security industry close to government do. Its called FUD marketing – they get what they want by disseminating fear, uncertainty and doubt; and they do that by huge, poorly defined and not often defended, scary figures and statistics. If you think we’re being manipulated, it’s because we are.
Isn’t censorship a wonderful thing? While my friends were exercising at the local sports centre in Newton Abbot, I decided to sit things out and carry on working in the gallery. Out came my trusty tablet to connect with the centre’s BT hotspot – and I scanned the news.
This headline caught my eye: New MegaUpload will deflect copyright liability and become raid-proof.
I assumed it would be a move to the cloud – just as I understand The Pirate Bay has or will be doing. But I had to check, so I clicked the link. What I got was this:
Domain Blocked: feed.torrentfreak.com
The domain you are trying to access
has been blocked by the network
If you feel this is in error, please contact email@example.com
Why on earth would someone block a legitimate news site? So that’s what I wrote to firstname.lastname@example.org.
This is the reply I got from Jonathon:
This site is obviously blocked under torrents, due to its relation to torrenting and the provision of links to torrent sites and torrent programs. Unfortunately we cannot allow such p2p communication over the network as it is a public service, and these types of communications can massively impact the network for other users.
Let’s be clear – TorrentFreak is a highly regarded news site that provides news on a popular, legal, and pretty damn good and technically advanced computing concept. TorrentFreak does not provide a torrent service, so you won’t get ‘p2p communication over the network‘ from TorrentFreak. If you search through its archives you will find links to some sites and some software – but even there it would be a whole lot simpler to use Google.
Why, then, doesn’t WiFiSpark block Google? Doesn’t stand up does it? This is simple censorship, either because they’ve got crap censorship software that blocks any site with the word ‘torrent’, or because someone has leant on them, or because they think they are the arbiters of right and wrong. And that’s the danger in censorship: some idiot gets to play god with morality and invariably gets it wrong.
The great weakness in democracy is that whenever you ask the people what they want, they choose something other than what they’re going to get. The great strength is it doesn’t matter: you can always ignore them, go round them or go over them. Whichever route you choose, those damn people will have what we give them.
So, in the UK, the government always chooses self-regulation over legislation. Getting internet censorship legislation voted through the two houses will be difficult; but persuading the ISPs to voluntarily enforce that censorship, step by step, will be easy. The UK simply ignores democracy.
The EU goes round the people. Ask the people and they’ll throw it out, like ACTA. So the EU gets round democracy by sidestepping it; like the private deal being discussed by the Clean IT project between the ISPs and the law enforcement and intelligence services. This way there’s no pesky parliament interfering, and no awkward judges to satisfy.
But both of these approaches are too lily-livered for the macho American presidency. Obama’s approach is to drive straight over democracy and sod the people. If the judges declare his NDAA unconstitutional, so what? He’ll have it anyway. And if Congress rejects his Cybersecurity Bill, who cares? He’ll force it through on an executive order regardless of the people.
Democracy. Pah! Who needs it.
A terrorist is someone who advocates terrorism. Terrorism is the use of violence and threats to intimidate. A bit like some of our police do all too often.
Anonymous has responded by urging the public to shoot the police – with their phones. “We ask you to videotape and record the police during their daily duties. If you see an officer issuing a parking ticket, record him. If you see an officer holding a victim at gun point, record him. If you see an officer harassing a fellow protester, record him.”
For this our governments define Anonymous as cyberterrorists. Have you ever thought that’s a bit over the top?
Well, the problem is that Anonymous – and especially Anonymous+WikiLeaks – is far more dangerous than a real-life terrorist. Terrorist bombs do not topple governments; but the truth does. You can shoot a man holding a bomb; you cannot (easily) shoot a man holding the truth. But if you label the man with the truth a terrorist, then you can shoot him. And if you label the truth terrorism, then you can hide it.
In Europe there is a secretive project called Clean IT, funded by the EU (that is, by us), but designed to be without political control. Its stated purpose is to prevent the terrorist use of the internet, and it is driven by law enforcement and security agencies. It says it wants to do this “without affecting our online freedom”. That’s what it says. A secret internal document leaked by EDRi says otherwise.
But before we look at the document, remember that as far as these law enforcement and security agencies are concerned, terrorist includes Anonymous. By extension, that includes anyone who supports Anonymous. And by extension, that means anyone of us who may have ever voiced support for or agreement with any Anonymous action. It’s a short hop to realise that this argument, the prevention of terrorism, can be used against anyone.
So, to the document. It is called Clean IT Project – detailed recommendations document for best practices and permanent dialogue. And it is headed, on every page, ‘confidential’ and ‘not for publication’:
But we needn’t worry because the whole project is designed to prevent terrorism – just like RIPA, used by Moray Council in Scotland to monitor the ‘underage sale of tobacco’, is an anti-terrorist law. So how does Clean IT define terrorism? It doesn’t.
Is there any guidance? Well, yes there is…
Have a closer look at this. ‘Unwanted by local society’ even if it ‘is fully legal’ and ‘in line with terms and conditions of the relevant service provider’. And who is to decide whether it is unwanted by local society? Why, the LEAs and security agencies of course. The next section is reproduced in full. Look closely for any mention of the courts or court orders or legal process or legal redress. Look and weep for what they secretly want to do: the Clean IT project will be used against anyone and anything the authorities do not like.
Yes, you’re right, they’re all aging fuddy-duddies. But that’s not the answer. You can choose from any of the following correct answers:
- they’re all multi-millionaires
- they’ve all written an open letter to prime minister David Cameron
- they all want to remodel the internet to suit themselves
Their letter includes this:
Illegal activity online must be pushed to the margins…
The simplest way to ensure this would be to implement swiftly the long overdue measures in the Digital Economy Act 2010; and to ensure broadband providers, search engines and online advertisers play their part in protecting consumers and creators from illegal sites.
Let’s look at this.
implement swiftly the long overdue measures in the Digital Economy Act 2010
That is, start the three strikes graduated response to frighten UK citizens into doing what we want: which is to support a broken business model in order to carry on making our fortunes even bigger.
ensure broadband providers, search engines and online advertisers play their part
That is, get ISPs to block sites we don’t like; get search engines to censor links we don’t like; and prevent advertisers advertising things we don’t like.
The problem here is this. Those things they don’t like are mostly (but far from entirely) already illegal. We have laws (even without the Digital Economy Act) that can be used against illegal things. But what these people want is to become the arbiters of the law – they wish to tell the courts what is illegal rather than have the courts decide. And they don’t care how many innocent people are hurt or disrupted in the process.
Yesterday, TorrentFreak published an overview of the rightsholders’ leaked strategy. On cyberlockers, for example, they want sites that do not comply with their own infringing-content removal criteria, to be shut down. Megaupload is a good example. It didn’t remove infringing copyright fast enough for the rightsholders – so in conjunction with the FBI it was taken down. Who cares about the thousands of legal users with thousands of legally stored documents? Certainly not the rightsholders.
Frankly, if it wasn’t so serious it would be hilarious. Daltrey made a fortune by talking about his generation. That generation was young and dynamic and rebellious. Now he has abandoned the young and the rebellious in favour of the rich and staid. Cowell has put his name to the statement, “To continue to create world-beating creative content…” This is Simon Cowell. The same Simon Cowell who has sucked creativity out of the music industry by concentrating on pre-packaged, good-looking pretty boys and girls who can do nothing but recycle cover versions of old music. Creativity? All of these people want to stamp out creativity and concentrate increasing their own – nobody else’s – fortunes.
You and me and the internet generation are the enemy; and you and me must be made to conform to an internet made in their own image.