The law is an ass

It’s worth repeating. The law is an ass. 

A fundamental purpose of law is to protect the individual. Sadly, this purpose has long since been appropriated by big business – the purpose of the law is now to pander for business at the expense of the citizen through the collusion of politicians.

The result is that the law has become ridiculous.

In the past it used to be an unwritten rule in the UK that parliament would not pass unenforceable laws. The reason is that a law that cannot be enforced makes the law look an ass. Worse, it makes parliament look as big an ass as the law that cannot be enforced.

Here’s an example. Parliament has created the laws that made the courts attempt to block The Pirate Bay (TPB) at the behest of the music industry (and film and video and video gaming etcetera). Parliament has become the pimp of the music industry (ironic, really, since neither prostitution nor the employment of prostitutes is illegal – because it is unenforceable – but pimping is illegal).

But back to The Pirate Bay. The courts have been forced by the alliance of parliament and the music industry to order the ISPs to block TPB. But blocking TPB is so unenforceable it is absurd; confirming that the law and parliament has become a collective ass.

The easiest way to get round the block is to use a proxy service. You go to a site in a country that doesn’t operate a block, and that website redirects you to TPB. A quick search on Google turned up at least 150 TPB proxies.

But you don’t even need to look for them. There’s a Chrome add-on and an Android app that will do it for you automatically.

If you don’t use Chrome and don’t have Android you could use TOR, which will both provide anonymity and bypass the block. Or use a VPN. Both of these require some effort and a little knowledge.

So you could simply switch to the Opera browser and turn on Turbo mode. Turbo mode is designed for users with slow connections. It speeds things up by going via Opera’s own servers. But since you are going to Opera rather than TPB, you don’t get blocked when you go through Opera Turbo to get to TPB.

The Pirate Bay, via Turbo Opera, from the UK

This is TPB via Opera Turbo from the UK today. Note that although I asked for thepiratebay.se (Sweden), I automatically got redirected to TPB’s latest home at dotSX. TPB moved from Sweden to “Sint Maarten, a tiny island in the northeast Caribbean located 190 miles east of Puerto Rico,” a few days ago (TorrentFreak). This follows the latest court case in Sweden against TPB by the music industry. Incidentally, TPB also has an Icelandic domain. The music industry case in Sweden is trying to get the Icelandic domain closed because it is registered to a man of Swedish nationality. I salute Marius Olafsson of Iceland’s domain registry ISNIC, who told TorrentFreak: “ISNIC will legally fight attempts to use the domain name registry system to police/censor the net. We believe that to be ineffective, wrong and dangerous to the stability of the DNS as a whole.”

Or you could simply use the Google cache. Chrome direct:

The Pirate Bay direct – as blocked by UK ISPs

Google’s cache:

The Pirate Bay via Google cache from the UK

The long and the short of it is that the UK blockade of The Pirate Bay (or any other website) is unenforceable.

Only about 30% of the UK electorate bothered to vote in last Thursday’s local elections. Pompous political spinners try to tell us that it’s mid-term and people are more concerned with national rather than local issues. I give them an alternative – the people are totally disillusioned with politics and politicians and the whole political process because the law and parliament has become an ass in the pocket of big business.

And that’s a tragedy.

Protect your local ISP

Lisa Vaas, a journalist I respect, has an interesting post on NakedSecurity. It discusses the problem of revenge porn sites, and the distress and harm they can cause.

In particular, it highlights the cases of Holly Jacobs and a separate class action by 17 women against one particular site, and GoDaddy for hosting the site. Lisa is right in that something must be done about revenge porn – nobody has the right to inflict pain on any other person. But what to do is the problem.

Lisa supports the action against GoDaddy:

The notion of GoDaddy being taken to task hardly seems confused. It seems appropriate, the hosting provider being an accessory to the alleged crimes and having profited off them, to boot.

This is an understandable but dangerous reaction. ISPs and hosting companies must not become tasked with censoring what they host unless it is clearly and plainly illegal (and even then the alleged criminal site should have clear legal recourse to appeal and be reinstated if it is not illegal).

If GoDaddy is found liable for the content of the websites it hosts, where will it stop? There’s a conceptually similar case in Belgium, where the music rights group SABAM is suing ISPs for lost revenue through illegal music downloads, and also demanding a general 3.4% tax levy on users to pay for illegal downloads.

If cases like these succeed, then ISPs will become afraid of legal action against them whenever a hosted site publishes material that might offend or upset powerful vested interests: ISPs will err on the side of bland to protect their revenue, and freedom and liberty will take a serious hit. ISPs must be protected conduits, like snail mail, and not be responsible for what they carry.

Lisa is right that something needs to be done about revenge porn sites – but the target must be the people who post the material, not the sites themselves and most certainly not the ISPs and hosting companies.

FUD marketing: a stick generated by the industry and wielded by governments

One of the things that worries me is the steady stream of inflated or unprovable statistics showing how dire the cyber threat has become. I am not alone in this concern. Ross Anderson and his team at the Cambridge University Computer Lab famously objected to statistics prepared by Detica for the Cabinet Office. On being invited by the Ministry of Defence to come up with their own defensible statistics, they produced a report showing that, statistically, government would achieve much better security by catching the crooks than by applying increasingly more expensive and sophisticated security systems.

But government doesn’t want to do that. As far as government is concerned, security is achieved by control. Having control of the internet and control over the internet’s users will provide the security they want (and the megalomaniac satisfaction they crave).

It is made worse by a huge security industry that can only survive if we buy its products. And the more afraid we are, the more money we will spend and the richer they will get.

So the poor bloody user is caught in an inescapable pincer: both the government and industry want us to be afraid – and horrific statistics and hyped up warnings created by industry and spread by government will do just that.

Here’s an announcement that came out the other day from NCC. Headline: “Hacking attempts to exceed one billion in the final quarter of 2012”. That’s pretty scary.

Rob Cotton, CEO of NCC Group, comments later in the announcement,

We’ve had copious initiatives and plans announced in the last quarter from bodies and governments aimed at addressing this issue, but the urgency just doesn’t seem to correlate with the growing threat… but these initiatives alone are not going to solve the problem. Public and private sector must work together, strategically and tactically, if we are going to be able to realistically defend against a billion hacks a quarter.”

Notice two things: government initiatives (including, I assume, the Communications Bill and GCHQ’s Incident Response Scheme and the Digital Economy Act and RIPA and Baroness Howe’s internet censorship – and that’s just in the UK) are not yet enough to tackle the hacking that has suddenly morphed from ‘attempts’ to “a billion [actual] hacks a quarter”.

A hack is generally speaking the unauthorised access of a computer. According to Mr Cotton, we are currently suffering from more than 333,000,000 every month (or more than 10,000,000 every day). Clearly the government must pass more laws and we must spend more money with the security industry so that we don’t suffer another 10 million hacks tomorrow.

It is only at the very end of the announcement we find the rider, “Stats do not necessarily indicate successful access, just unauthorised attempts.” On this basis, the quoted figure will include automated port scans. (I remember watching such scans click up on my PC at one every few seconds and being stopped by a very early version of ZoneAlarm – say, 5 per minute or 300 per hour or 7200 per day or around or 216,000 per month or around 648,000 per quarter – just for little me and all stopped by my little free firewall.) Add to this every spam email that carries a link to an exploit kit – which can be described as a hacking attempt – and suddenly the one billion figure seems rather conservative but not particularly frightening.

But this is what government and those parts of the security industry close to government do. Its called FUD marketing – they get what they want by disseminating fear, uncertainty and doubt; and they do that by huge, poorly defined and not often defended, scary figures and statistics. If you think we’re being manipulated, it’s because we are.