A stil-existing policy and strategy

“We knew we couldn’t make it illegal to be either against the war or black, but by getting the public to associate the hippies with marijuana and blacks with heroin, and then criminalizing both heavily, we could disrupt those communities. We could arrest their leaders, raid their homes, break up their meetings, and vilify them night after night on the evening news. Did we know we were lying about the drugs? Of course we did.” John Ehrlichman, domestic policy chief for President Nixon

How United Kingdom neuters itself

Not limited to, but including, the following forthcoming possible steps:

Ban public institutions from practising ethical investment: Seems small and obscure, but it’s essentially the end of direct democracy and free choice. Let’s consider that the current government gets its way and British councils, universities and other bodies are no longer allowed to avoid investing in arms dealers, products created in illegally occupied settlements, can’t avoid unethical environmental practices, industry linked to sweat shops or other dubious practices. It goes against international law and there are a load of work-arounds that would conceivably render the law unusable. It wouldn’t stand up to EU law, but we’ll get to that. Opponents would have to prove that that organisations were purposefully enacting a boycott when they inevitably start using more covert methods. Covert behaviour can be outlawed though, if we…

Pass the Investigatory Powers Bill: Massively decrease the amount of trust that data can truly be secured in the UK. Technology giants and startups, financial services, and any company expecting reasonable standards in protecting customer data or intellectual property will start to migrate operations to other countries. This actually penalises companies as much as individuals, and the open source solutions further complicate things. Expect less investment in storing data in UK netorks, and less corporate backing for speeding up Britain’s still slogging internet speeds as a result. Britain becomes an information economy backwater. The rules also won’t stand up to EU scrutiny, but that’s okay, because we can always…

Allow the UK to remove itself from the European Union: The UK thus becomes far less significant to other countries for trade, investment or job creation. Who wants to set up shop in a country that won’t let them bring in their core staff or allow a workforce to truly represent the continent of markets just across the Narrow Sea? This isn’t pre-WWII, any more. On the one hand, it makes Old Blighty less valuable to its special friend the United States after it leaves the EU. On the other hand, UK becomes more vulnerable to the increasingly bellicose U.S. as it wouldn’t have a close ties to Europe to fall back on. Internally, the country will have more “sovereignty” to restrict travel, increase the cost of everything and lower its record for human rights, free speech, health care and education, though. Now comes the inevitable brain drain; the foreign expat community (skilled immigrants) has to leave while locally produced professionals begin to eye countries with more liberal regulations and tolerant visa requirements. Meanwhile, unemployment maintains the same pace in Britain as a great number of Brits now living in the EU have to return home and look for new jobs. We’ll have major internal troubles, but that will soon boil over when…

Scotland gets its reason to split: Both the IPBill and EU Referendum are giving the progressive bit of the UK up north a reason to have another referendum of its own which would, in all likelihood, succeed. An independent Scotland can easily stay in the EU, and its departure would revive aspirations for departure in Northern Ireland as well, which also leans toward EU membership.

If and when these things turn into reality, England and Wales will form the core of the New Little Britain. A mean, xenophobic, angry, paranoid and isolated little Britain. We’ll have to look back at the last general election and declare UKiP the defacto winner. End of rant.

Rebooted snooper’s charter

At some point today, the British government will be releasing its new investigatory powers bill.

If passed, both internet and phone companies would be required to store communications data of all their customers for 12-month periods. Here we’re talking about the meta data. All the data about who you talk to, where you go, what you’re looking at. This is Theresa May’s Christmas wish list.

It comes along with what David Cameron wants to see under the Crimbo Tree: handicapped encryption. The Investigatory Powers Bill would ban companies from offering secure encryption.

UK has entered a dark period, a kind of dystopian silly season. It’s one in which traumatised refugees fleeding carnage are painted as villians, migrants seeking honest work are subjected to mistrust and the country subjects own citizens to a kind of scrutiny, suspicion and panopticon monitoring system that seems more suitable in a prison system.

The Investigatory Powers Bill is a piece of Tory mastabarbatory, sado-masochistic fiction passed off as a bill up for vote in Parliament.

If you thought the “Dark Web” was dodgy, wait until you see how feeble the regular one will be when any hacker with more knowledge than your typical TalkTalk sysadmin techie starts plugging away at the back-doors that would have to be installed in UK versions of software for it to work. The economy would be in absolute ruin as financial companies, who realise the importance of unbreakable crypto, quickly decamp for safet shores and transaction orders from British IPs are looked on with more suspicion from abroad. I can’t imagine too many tech companies currently fond of calling UK home will want to really invest that much more here when this comes into law when far more reasonable policymakers exist in other parts of Europe, as well.

As an aside: Welcome to the end of free speech, privacy rights… and such. I’m not terribly worried that this bill particular will pass, but I’m really concerned that people who come up with these kinds of solutions can be considered electable. Because that means that eventually, these are the kinds of laws that will happen.

 

Cameron’s technophobic Little Britain

You would think that a nation that prides itself on being an information, financial and technology hub would be a bit more with it when it comes to how data security works. But then if you did think such a thing, you wouldn’t be thinking of the UK, where our prime minister last week reminded people he doesn’t like encryption, doesn’t really get how it works and wants to handicap its usefulness, ASAP. For the technical specs behind David Cameron’s flawed plan, read:

What’s would it entail:

  1. Dave’s regulation would require all companies that encrypt communications through their services to give the government a backstage pass to the whole show. You’re bank, your Google account, your online shopping, are examples.
  2. It would mean products sold by Apple and other developers would have to make sure the government could always have some mechanism to bypass these products’ security.
  3. It would mean outlawing open source software ranging from Veracrypt (formerly Truecrypt) to Tor to GPG, and somehow blocking access to them in the UK.
  4. And it would mean that whatever data security was available in UK, would be highly dodgy. You can’t make a back door key that only works for the “good guys”. As soon as someone has access to it, so will others they never intended. Remember how UK’s data-sharing partnerships work with the United States, Canada, Australia and New Zealand. No, just remember how it works with the U.S., and how poor America is at stopping leaks. No, just think about how bad UK is at keeping control of its classified information. Do you really want to leave these folks in charge of your spare key? Would you leave your house key under the doormat? No? How about access to your bank account, then?
  5. The policy puts United Kingdom on a trajectory toward laws more like those in Russia, Pakistan, Ethiopia, and other such bastions of free speech and democracy. It puts the UK on a collision course with the United Nations, whose stance is unambiguously clear: encryption is a human right.

It boggles the mind how advisors have let any of this ridiculousness tumble out of Cameron’s mouth in public, and worth quoting former Pirate Party UK leader, Loz Kaye, at length on it:

“Firms like Apple for example have been very clear that they are committed to strong encryption because after all that’s what users want. So it’s very unclear what exactly it is that the British government is suggesting. They’ve talked about the cooperation with social media sites, such as Facebook and Twitter, but are they really suggesting that they are going to ban Apple products, for example, in the UK? Would people visiting the UK from overseas and have to leave their smartphones at the airport? Obviously, this is completely ill-thought-out. It’s just more bluster from David Cameron who seems actually incapable of responding to the terrorist threat in a real way that is going to make any difference. Certainly the tech companies won’t want to play ball and they will start to see that British Isles as a place which is anti-internet, anti-tech and not a place to do business.”

How to counter it:

Encryption is fundamental to the free flow of information: It’s the freedom to ensure you’re talking to the people you intend to, and just them. But a march on Westminster isn’t going to cut it. The direct action to take against policies on encryption is to encrypt more data.


 

UPDATE: See Keys Under the Doormat,  a report by leading cryptographers and computer scientists published on the 7th and obviously using my analogy from the image at the top of this post.

Arguing That You Don’t Care About The Right To Privacy Because You Have Nothing To Hide Is No Different Than Saying You Don’t Care About Free Speech Because You Have Nothing To Say

How to be a suspected terrorist in a few clicks

I stopped by an”After Snowden” panel talk last week at the London School of Economics.  There are quite a few of these popping up these days. There’s this notion that we’re now in something that can be classified as a post-Snowden world, and such notions are ripe for academia plunder. This one stood out somewhat in that both the panel and audience contained a decent representation of folks at least mildly sympathetic to the data-snarfing projects, at least those run by The Good Guys™.

On the whole, it was a decent conversation, but what was interesting was this emerging faux consensus by all sides that states need spies and spies need regulation and oversight. It’s fake because only one side probably believed that oversight is presently in sorry shape. It’s the watchdogs who seem more eager to push surveillance technology well beyond the realm of rounding up a few Bad Guys®.

When a technology or ability is introduced, it’s use only expands.. It doesn’t retract or stay within limits. It finds new gaps or markets to fill.

Expansion of powers happens (retraction, not so much)…

This is why I find certain attitudes around the subject troubling. At the LSE talk Sir David Omand, a former Director of GCHQ, assured the audience that “if they knew the culture” inside his old SigInt agency, they wouldn’t lose any sleep over mass data collection. Such assurances were echoed in the Telegraphy by once-MI6 chief, Sir John Sawers. Omand also stated what Sawers said: “We cannot have no go areas in our communities where the police cannot go, because that just allows space room for the evil-doers to ply their trades.”

Two assertions are false…

  1. We have demonstrative evidence that blind trust can’t be given to automated, mass-intelligence gathering. It will be abused.
  2. There are as many “no go areas” on the internet as Fox News claimed their were in Britain; there aren’t any. It wasn’t mass-surveillance that brought down the online drug market Silk Road, but actual solid undercover and investigative practices.

A fascinating aside: Omand subscribes to the idea that if individuals are allowed to encrypt their communications, spies will be forced to be less ethical in how they monitor people.  “Intelligence agencies are not going to give up trying to get the bad guys. They will have to get closer to the bad guys. I predict we will see more close access work.” All of this translates to: “You’re a bad guy if you’re encrypting.” It’s a bit like the excuse that starts with “she was asking for it because…”

There does exist a well-thought framework around all this that seems to never make it into any of these debates. Visit Necessary and Proportionate Dot Org and scroll down to “The Principles.” It was finalised May, 2014 and since then most advocates of the status quo like to pretend it doesn’t exist so they can continue saying their critics present no viable alternatives. It would be great if this was brought up more often to counter that assertion.

It’s the encryption, stupid…

Putting myths aside, there’s a government PR attack on encryption that’s emerging in the UK, the U.S. and elsewhere abroad. This isn’t about the technology’s criminal segment of users. It is about being able to evaluate larger swaths of the general population who are growing more sceptical about their own government’s activities.

The plan remains to capture “the whole haystack” of communications data, ostensibly to find those few terrorist needles. From a technical perspective, this is a horrible way of discovering needles. But it’s an excellent way of producing statistical data about populations, creating segments, and maybe later pulling out records on people who you want to intimidate. Strong encryption gets in the way of efficiently copying all that data in a cost effective manner. The government sees this as a procurement issue. Basic human rights is kind of an afterthought.

Omand described concern over mass surveillance as a “moral panic” of the citizenry that wasn’t really warranted. In fact, the panic attacks seem to be coming from halls of government. As a result, some very odd and unworkable potential laws are emerging.

What a panic looks like…

These are examples of people in power having a freak out. When a government sets out on a project to copy all of everyone’s communication, the correct adjective is paranoid.

Oldies don’t get tech…

It’s a generalisation I don’t quite agree with (more so as I get older) but the idea that old folks don’t understand how technology works does find its case studies in Congress and Parliament. Remember that no one in UK’s own supposed intelligence oversight process really understood how GCHQ worked or what it’s Tempora monitoring system did until the Guardian decided to tell everyone. The lack of understanding extends to those judging whether such programs should be legal (after they’re under way, of course).

There’s this idea that Western spies are somehow able to break the internet in ways their adversaries can’t That you can put a back door in encryption that only British or Americans (and the odd Canadian or Kiwi) will be able to access. Even if that were true (it’s not), it still doesn’t protect people from their own governments.

Unchecked domestic spying always leads to creepy things… always…

Technology is wonderfully easy to break. A 7-year-old girl hacked a public Wi-Fi network in 10 minutes using information found online. Anyone can DIY their own data snooping device if they want. And even supposed “experts” get caught by the most basic hacks out there.

Technology is advancing at a dreamy speed and new ways of connecting it to more people are popping out of everywhere. Broadband is growing, more mobiles can do niftier things online, we’ve got satellites, re-purposed weather balloons, drones, mesh-nets, and peer-to-peer connectivity putting internet access in more remote regions. Fabulous.

All these things need strong encryption or their users will be at unparalleled risk. Give a small, persecuted ethnic minority in Country X access to the internet that comes with serious security holes attached and you’re giving the group interested in wiping them out an access point to get on with it.

Yet when we see panic about technology illustrated in popular culture, it’s usually something like The Terminator or the latest version of it, Ex Machina. These films kind of echo the old “Watch the Skies” films of the 1940s and 50s, when aliens from other worlds always seemed to arrive with intentions fairly in line with the Red Scare propaganda of the day. I’ll leave the threats posed by strong AI to Stephen Hawking and his friends. More urgently, humans with a bit of power are a greater threat to humans.

We’re entering a world where governments want to consider it criminal for you to speak privately with someone else, and the technology to do just that is also getting easier to use. You can be on the Tor Network or within a VPN connection within three clicks, give or take. That’s about how much activity it could take to put you on a watch list should the trend continue.

Welcome back to the struggle, newly liberated Democrat voters

It’s been a tough eight or so years for progressive causes in the U.S. As soon as Obama moved into the White House, it suddenly became difficult to find Democratic voters who would rock the boat in significant numbers on actual progressive issues, I guess because it would be seen as criticizing their own guy. Well, that’s done now.

Obama’s on the way out, and the Republicans have taken over the House, Senate and majority of governorships. This is fantastic. Far too long, the majority of Democrats and their organising groups such as MoveOn have been weak in the knees on issues like the economy, climate, foreign policy, mass surveillance and everything else that’s continued to go to seed regardless of which party is running things. These were issues we heard from Democrat voters all the time about when Republicans were in control, and as they take over again, we’ll be getting our allies back. Fantastic news!