My news stories today:
Flaming Hack: What does ‘Flame’ mean for the rest of us?
We’ve all heard about Flame, the ‘mother of all cyberweapons’, the attack tool that takes cyberwarfare to a new level. But what does it actually mean for the rest of us?
30 May 2012
Neelie Kroes Promises champagne connection – for the wealthy
Neelie Kroes, European Commissioner for the Digital Agenda, has promised a champagne connection for those who can afford it.
30 May 2012
Assange’s appeal fails: extradition lawful – everything left to play for
By a majority of 5 to 2 (Lord Mance and Lady Hale dissented) the UK supreme court has this morning ruled that Julian Assange’s extradition to Sweden is lawful, “and his appeal against extradition is accordingly dismissed.” Assange was not present in court.
30 May 2012
My recent news stories…
Security: do as I say, not as I do
While the role of the CISO is increasingly recognized – usually reporting directly to the board and sometimes sitting on the board – the problems it faces is highlighted by a new Cryptzone survey: security policy doesn’t apply to senior management.
25 May 2012
The rightsholders’ war of attrition against the internet
Google’s Transparency Report now provides a new section on copyright, “disclosing the number of requests… to remove Google Search results because they allegedly link to infringing content.”
25 May 2012
TheWikiBoat’s OpNewSon fires today
TheWikiBoat, a new hacking group that uses techniques and tools similar to Anonymous, but for the lulz rather than the principle, plans to launch its first major operation, #OpNewSon, today.
25 May 2012
Google describes the winning hack at Pwnium
Each year the CanSecWest conference runs the pwn2own hacking contest against leading browsers: Chrome, Firefox, IE and Safari. This year Google withdrew its sponsorship and set up its own Chrome specific contest: Pwnium, an extension of the Chromium Security Rewards program.
24 May 2012
Clueful – an app to describe app behavior
Earlier this year social networking company Path was hauled over the coals by both users and Apple for automatically uploading users’ iPhone address books. This, says Apple, is “in violation of our guidelines.”
24 May 2012
FCC’s net neutrality rules may be tested by VoIP
Bad blood in a local dispute in Georgia leads to request for the FCC to proceed “with corrective action as required or as deemed necessary… to protect the national and global interest of the public and the internet application industry alike.”
24 May 2012
Long-standing secret meetings between Canadian telcos and government on C-30
Michael Geist, a law professor at the University of Ottawa specializing in internet and e-commerce law, has discovered secret talks between Canadian telcos and the government on internet surveillance.
23 May 2012
McAfee Q1 Threats Report
The latest quarterly McAfee threats report shows cyber threats increasing across the board: PC, Mac, mobile malware; botnets and hacktivism are all on the rise.
23 May 2012
Monday Mail Mayhem: Anonymous dumps 1.7GB from the DoJ
Monday Mail Mayhem was this week launched by Anonymous starting with the Pirate Bay dump of a 1.7GB database stolen from the Department of Justice, and the release of the traditional Anonymous video announcement.
23 May 2012
“However,” writes Maira Sutton of the EFF, “it was also disappointingly clear how much of [a] disconnect there is between what these state leaders practice, and what they preach.”
It is, sadly, the leaders of the free world (ie, our leaders) that behave in the hypocritical manner highlighted by the EFF. Maira was commenting on the Freedom Online Conference in the Hague, hosted by the Dutch Minister of Foreign Affairs, Uri Rosenthal.
Two of the state leaders present were the EU’s Commissioner for the Digital Agenda, Neelie Kroes, and US Secretary of State Hillary Clinton. Kroes has repeatedly voiced her support for net neutrality, but on 7 December she said in Brussels: “Meanwhile, I have been clear that, as concerns net neutrality, a commitment to an open internet should not kill off the opportunity for innovative business models and service offers.” This is a contradiction: net neutrality and innovative business models and service offers are incompatible. This particular example explains both the cause and effect of political hypocrisy. What politicians say is aimed at the voters; what they do is designed for business. So the EU’s Digital Agenda will pretend and claim support for net neutrality, but will deliver the opposite for business. The art of politics is reconciling the irreconcilable.
The EFF sees similar in the words and actions of Hilary Clinton. In the Hague, Clinton complained about repressive regimes. “They aim to impose a system, cemented in a global code, that expands control over Internet resources, institutions and content and centralizes that control in the hands of the government…”
But, says the EFF:
While she continued to assail oppressive regimes of Syria, Iran, and China for human rights violations and stifling press freedom, she ignores the way the U.S. has and continues to take shamelessly draconian measures in trying to suppress the revelations published by WikiLeaks…
Clinton has not yet recognized the devastation the SOPA and PIPA bills would cause to the State Department’s own Internet Freedom Initiative in the name of upholding copyright. If these bills aren’t part of a system that “expands control over Internet resources, institutions and content, and centralizes that control in the hands of the government,” who knows what is.
iFreedom Conference: State Leaders on the Future of Free Expression Online
We should not be surprised. The contradiction (pleasing both the voter and business) shows in one particular definition from Robert Kahn:
FBI: an organization which rose to power under a cross-dressing nance who tapped phones, blackmailed members of Congress, arranged the murder of black leaders, hated Jews and liberals, suggested to Martin Luther King Jr. that he kill himself, violated state and federal laws and the Constitution, and defends our civil liberties.
From the New Devil’s Dictionary
Hard on the heels of my complaint that Peter Hustinx’ Opinion is obscure (The European Data Protection Supervisor is like Cnut facing down a tide of bureaucratic encroachment into our privacy), and that there is no open debate on net neutrality in Europe (Does Neelie’s Compact for the Internet signal the end of net neutrality in Europe?), the EDPS publishes a new Opinion that is the best introduction to the concept and issues I have yet come across.
Net neutrality refers to an ongoing debate on whether Internet service providers (‘ISPs’) should be allowed to limit, filter, or block Internet access or otherwise affect its performance. The concept of net neutrality builds on the view that information on the Internet should be transmitted impartially, without regard to content, destination or source, and that users should be able to decide what applications, services and hardware they want to use. This means that ISPs cannot, at their own choice, prioritise or slow down access to certain applications or services such as Peer to Peer (‘P2P’), etc.
Opinion of the European Data Protection Supervisor on net neutrality, traffic management and the protection of privacy and personal data
The paper includes an excellent introduction to the arguments for and against allowing ISPs to analyse the packets they deliver for their customers, relating the IP headers to the name and address on a snail mail envelope (which must be read), and the payload to the confidential data inside the letter (which should be read only under the strictest of conditions). He explains why ISPs are monitoring communications, where they are obligated to do so (for security purposes), where they are in my opinion doing so illegally and my certainty doing so immorally (as in deep packet inspection), and the subsequent dangers of the potential commercialisation of users’ private communications. He concludes
ISPs’ increasing reliance on monitoring and inspection techniques impinges upon the neutrality of the Internet and the confidentiality of communications. This raises serious issues relating to the protection of users’ privacy and personal data.
I thoroughly recommend this document to all users of the internet – and I beseech our political leaders to not merely read it, but actually heed it.
Sadly, of course, they will no more take my advice than they will that of M. Hustinx. Politics is a game of quid pro quo, or in the modern idiom, you scratch my back… Governments can print money; ISPs want some. ISPs control the internet; governments want some. So government will allow the ISPs what they want in return for a hand on the lever of control. And as always, it is the poor bloody user that will pay the price.
In America, the communications authority (Federal Communications Commission) is fighting to uphold the internet rights of the people by adopting three protections for broadband users:
This Report and Order establishes protections for broadband service to preserve and reinforce Internet freedom and openness. The Commission adopts three basic protections that are grounded in broadly accepted Internet norms, as well as our own prior decisions. First, transparency: fixed and mobile broadband providers must disclose the network management practices, performance characteristics, and commercial terms of their broadband services. Second, no blocking: fixed broadband providers may not block lawful content, applications, services, or non-harmful devices; mobile broadband providers may not block lawful Web sites, or block applications that compete with their voice or video telephony services. Third, no unreasonable discrimination: fixed broadband providers may not unreasonably discriminate in transmitting lawful network traffic. These rules, applied with the complementary principle of reasonable network management, ensure that the freedom and openness that have enabled the Internet to flourish as an engine for creativity and commerce will continue.
Federal Register Volume 76, Number 185 (Friday, September 23, 2011)
The industry is objecting. Verizon has challenged this. Actually. it’s Verizon’s second challenge: the first was thrown out by the courts because Verizon challenged before the FCC published. Kinda jumped the gun a bit there – but indicative of the US telecoms’ attitude towards net neutrality. They don’t want it.
Here in the UK, it seems to be the industry trying to protect the people’s internet rights, with the authority (ie, Jeremy Hunt, MP; Secretary of State for Culture) doing the attack.
On copyright infringement Mr Hunt said that if voluntary agreements are not made to make it more difficult to access sites that ignore the law then he would consider other options including creating a cross-industry body to identify and take action against infringing sites as well as streamlining the court process…
…Other issues in the speech included broadband competitiveness, mobile spectrum, the e-commerce directive and media plurality and regulation.
ISPA News 30/09/11
It is the industry that casts itself as the defender of the people:
Nicholas Lansman, ISPA Secretary General said, “ISPA believes that there should be a measured and balanced approach to online copyright infringement and there should be less focus on enforcement and more on developing attractive new business models, educating users, and modernising copyright laws.”
But don’t be fooled. What is missing in this debate, and in the UK and Europe in general, is any serious and open discussion between government, the people and the industry about net neutrality. And it’s important to all of us. The industry wants to be able to limit our bandwidth whenever they want in order to provide increased bandwidth on demand to their bigger customers.
Now I don’t believe that anyone can object to paying for what they get. If I pay for only 5Gb per month, then that is all I should get. But if I need unlimited bandwidth and pay for unlimited bandwidth, then I should get unlimited bandwidth. I should not have my bandwidth squeezed so that the ISP can give it to a more important customer cloaked under some obscure misnomer called ‘fair use’.
The question, then, is why is this issue not more openly and more vehemently discussed in the UK and Europe? In America, there is a strong case for using the Constitution to defend net neutrality. We have no such defence in the UK/Europe. Net neutrality is a phrase you won’t hear from many politicians this side of the pond. And that’s simply because it is already a dead duck. There is a tacit agreement between the industry and government that net neutrality will not be enforced. So they don’t talk about it, and we don’t know about it.
Neelie Kroes has made another speech: Taking care of the Internet.
It’s another act of political ambiguity full of high-sounding phrases that mean nothing. Even the title is ambiguous: taking care as in nurturing, or taking care as in solving a problem? She has this vision of the internet, her ‘Internet Essentials’. She calls it her ‘Compact for the internet’:
One Internet that is
Architecturally sound, inspiring
It’s nothing more than a contorted sound bite, and when policy is forced into suiting a sound bite we do not get good governance. (Being mono-lingual I can only guess at the effort that has to go into producing multi-lingual sound bite anagrams – or do we have different policies to suit different languages?)
But basically it is the traditional eurocrat speech: I’m good, I believe in freedom, but I may have to exercise control for the benefit of everyone. One paragraph, a single sentence, stands out as being full of platitudinal menace:
Ultimately, different actors have different fields of expertise and responsibility: that must be respected, and due weight must be given accordingly.
That sounds to me like the nail in the coffin of net neutrality.
I yesterday had the pleasure to meet around 35 Chief Executive Officers (CEOs) from leading firms with an interest in broadband and the Internet.
Neelie Kroes: Working with businesses to deliver the internet revolution
This is exactly why Neelie Kroes and Viviane Reding are so concerned about women’s representation at the highest levels:
I’ve blogged before about getting Every Woman Digital. I continue to find it troubling that women are under-represented in the ICT sector at every level, and particularly in decision-making positions. And the situation doesn’t seem to be getting better.
Every woman digital – plugging the ICT skills gap
This is a real problem. Women are under-represented from engineers to executives, and it’s a great shame and a great waste of talent. I have no answers, although I don’t believe in ‘positive discrimination’: discrimination is discrimination whether it’s positive or negative, and should be shunned. But this picture shows the size of the problem.
It’s just a pity that in the rest of her blog, Ms Kroes goes on to repeat the same sort of double-speak that we have come to expect from Europe.
I was clear that whatever needed to be done should be in full respect of competition rules. On net neutrality, I remain convinced that we should maintain a robust, best-efforts internet with access for all, and that we also need to allow new business models under fair conditions. BEREC is currently analysing the current situation very thoroughly and we will study the results carefully.
Working with businesses to deliver the internet revolution
‘Access to all’ does not net neutrality make. And “we also need to allow new business models under fair conditions” is simply code for allowing ISPs to charge more for heavy users. I have strong concerns that net neutrality is doomed if the EC gets its way. It’s a shame that the EC isn’t as concerned about business net neutrality as it is about business gender neutrality.
Last week I looked forward to Neelie’s blog on her attendance at this year’s Bilderberg Conference. She hasn’t yet had time to pen this; so I thought, as a professional ghost writer, I’d offer to do it for her.
As we end the first year of the Digital Agenda in Europe, it’s time to look forward to the next. It’s been an exciting and inspiring year: we have succeeded in promising much and delivering nothing beyond our own plans for the internet.
Last weekend I was honoured to be summoned by Bilderberg. This is where the great leaders of the world, from the US, the EU and the Banks, set down the agenda for the future. And I’m proud to report that we, the EU, are right up there with them. Our Digital Agenda is bang on course. Our use of the copyright principle is working. We need to support the rightsholders – it shows that we care about business and brings in more tax euros (and dollars for our American friends and pounds for the UK) than we could ever get from other means of distribution.
It does mean, of course, that we need to have tighter control of the internet, so we all decided to push forward on worldwide (or at least the-world-that-matters) adoption of ACTA – and I was able to confirm to our friends that the EU will act on this. Even Boy George agreed, with the UK’s Home Office declaring its intention to filter the internet; and its Digital Economy Act already providing more than half of what we want with ACTA.
So, as I return from Switzerland, I am filled with hope and excitement for the future. By the next Bilderberg Conference, if I am lucky enough to get the summons again, I am convinced that I shall be able to report on great progress for the Digital Agenda: enactment and enforcement of ACTA, effective internet censorship able to block terrorist and pedophile and money laundering sites like WikiLeaks, and an end to the dangerous state of net neutrality. We have exciting and testing times ahead – but with your help and support I know we shall succeed.
Luis Corrons has started his new blog, Libertarian Security, with an excellent post: Freedom vs Security. He paints a worrying picture, especially where government intervention is concerned:
Governments even go as far as saying that any limitations on people’s liberties aren’t actually that, but they are giving citizens more liberty by protecting their security. This is nonsense. However, anybody that listens to 100 99 percent (let’s keep the hope alive) of politicians, however democratic they may seem, will see that their strategy is always similar: They all try to justify themselves by stating that they restrict our liberties to give us more freedom.
All this will eventually change the Internet as we currently know it… for worse at least when it comes to freedom of speech. In a few years’ time, besides protecting ourselves against cyber-attacks we will also have to look for mechanisms that guarantee our rights against government abuse of power.
Freedom vs Security
Apart from recommending Luis’ blog, and hoping that he can find the time for many more posts, I really want to add a further illustration of the sort of political double-talk gobbledygook that emanates from our ‘leaders’. It concerns net neutrality, something most thinking people believe to be essential for future freedom. Well, Neelie Kroes, Vice-President of the European Commission for the Digital Agenda, also believes in net neutrality – and that’s incredibly reassuring. How do we know? Because she has told us:
“I am determined to ensure that citizens and businesses in the EU can enjoy the benefits of an open and neutral internet…”
Digital Agenda: Commission underlines commitment to ensure open internet principles applied in practice
But it’s worth actually considering what she really means. What is ‘net neutrality’ to Neelie Kroes?
Bear in mind that new European rules came into force on 25 May. “Member States’ telecoms regulatory authorities [must] promote the ability of internet users “to access and distribute information or run applications and services of their choice” (Article 8(§4)g of the telecoms Framework Directive 2002/21/EC, as amended by Directive 2009/140/EC).” She went on to add
Other rules directly relevant to net neutrality that enter into force on 25 May as part of new EU telecoms rules include requirements concerning:
- transparency (e.g. any restrictions limiting access to services or applications, connection speeds)
- quality of service (regulators can set minimum quality levels) and
- the ability to switch operator (within one working day).
Transparency. This means that where the telecoms providers are not neutral, they have to say what they are providing, and that, in EU terms, will make them neutral.
Quality of service. Important though it is, WTF has this to do with net neutrality?
Switch. I would like to know what relevance the ability to rapidly switch providers has to net neutrality.
All of this is exactly what Luis Corrons warns about. Our political leaders are intent on removing net neutrality while persuading us that they are protecting it. And the tragedy is that too many of us will believe them, and allow them.