ACTA Without an Audience

[Originally published in the Vanuatu Daily Post’s Weekender Edition.]

News has leaked out in dribs and drabs over the last several months about a US-led drive to negotiate an international treaty called the Anti-Counterfeiting Trade Agreement, or ACTA. Conducted under a veil of secrecy, these negotiations have been the source of considerable speculation and not a little alarm among advocates of online freedom.

Part of the reason for the alarm is the utter lack of publicly verifiable information concerning the content of the treaty. When US organisations attempted to gain access to a copy of the draft, their government withheld them, citing national security, of all things.

Intellectual Property expert professor Michael Geist writes, “The United States has drafted the chapter under enormous secrecy, with selected groups granted access under strict non-disclosure agreements and other countries (including Canada) given physical, watermarked copies designed to guard against leaks.”

In spite of their best efforts, however, details of the online enforcement aspects of the treaty leaked out last week, following a negotiating round in Seoul, South Korea.

The details don’t look good.

Continue reading

On Privacy

Slashdot recently reported the release of document analysing privacy issues in a number of major browsers. One of the findings was that the Flash plugin on all platforms and browsers was terribly insecure. One of the commenters had this to say:

“Privacy issues aside, I’ve never had any trouble with Flash.”

To which I replied:

I like your logic: Aside from a single tile, the space shuttle Columbia’s last mission went flawlessly.

Seriously, though: you’ve underlined the single greatest problem in computer security today – what we don’t see can hurt us. I’ve written about this at greater length elsewhere, but to put it simply, privacy is the battleground of our decade.

The struggle to come to terms with privacy will manifest itself in the legal, moral and ethical arenas, but it arises now because of technology and the cavalier approach that the vast majority of people take to it.

The ramifications of our ability to transmit, access and synthesise vast amounts of data using technology are consistently underestimated by people because of the simple fact that, as far as they’re concerned, they are sitting in the relative privacy of their own room with nothing but the computer screen as an intermediary.

On the consumer side of things, this creates what Schneier calls a Market for Lemons in which the substance of the product becomes less valuable than its appearance. As long as we have the illusion of security, we don’t worry about the lack of real protection.

On the institutional side, we see countless petty abuses of people’s privacy. There is nothing stopping a low-level employee from watching this data simply out of prurient interest. In fact, this kind of abuse happens almost every time comprehensive surveillance is conducted. In a famous example, low-level staffers in the US National Security Agency would regularly listen in on romantic conversations between soldiers serving in Iraq and their wives at home. The practice became so common that some even created ‘Greatest Hits’ compilations of their favourites and shared them with other staffers.

They would never have done so[*] had the people in question been in the room, but because the experience is intermediated by an impersonal computer screen, which can inflict no retribution on them, their worst instincts get the better of them.

When discussing software in the 21st Century, we cannot ever treat privacy as just one incidental aspect of a greater system. Privacy defines the system. Starting an argument by throwing it aside in the first subordinate clause gives little weight to any argument that follows.

[*] On consideration, that’s not strictly true. History shows that surveillance societies are perfectly practicable even without significant automation. The East German Stasi are but one example. The critical factor in such cases is of course that the state sanctioned, encouraged, even required this behaviour of its citizens. So let me modulate my statement to say:

They would never have taken this unsanctioned action had they had any sense that they were being subjected to similar – or any – scrutiny.

Perspectives on Privacy

[This week’s Communications column for the Vanuatu Independent.]

This week, the Australian government moved closer to implementing its controversial Internet Content Filter. The ICF represents the Rudd government’s latest attempt to curtail access to illegal or ‘unwanted’ online materials by requiring that all Australian Internet providers implement this filtering system. News sources report that the government has released the technical specification of its pilot implementation.

I’ve written before about the technical, ethical and legal problems surrounding this plan. I maintain that the system is ineffective and inappropriate, foisting a law enforcement role on the nation’s ISPs, and threatening free speech without providing sufficient protection from the very content it seeks to block.

With Internet deregulation on the horizon in Vanuatu, it seems timely to take a look at some of the basic issues underlying the debate.

Continue reading

The Soft Computer

Let’s forget about technology for a moment. Let’s quit thinking about contraptions that rattle more than they hum, often alarmingly. Let’s not talk about technology at all.

Let’s talk about people instead.

‘What a piece of work is a man!’ says Hamlet. ‘How noble in reason! How infinite in faculty! In form and moving how express and admirable! In action how like an angel! In apprehension how like a god!’

This speech has always puzzled me, because many of the human beings I know may qualify as a ‘piece of work’, but lack somewhat in the expressive, admirable, angelic and god-like categories. It only follows, therefore, that if humans are less than angelic in their actions, the things they do with technology might likewise be flawed.
Continue reading

#@)(!*^ing Encryption

A few words about the title: The first seven letters are written using a very simple code, or cypher. Each of the letters in the original word is replaced by the non-alphabetical character to which it is closest on a US keyboard. The process of hiding a message by substituting other letters, numbers or symbols is known as encryption. When the code is reversed, the title reads ‘Explaining Encryption’.

But it also looks like swearing, doesn’t it? In fact, the use of characters like this to denote swearing is a simple (dare we say crude?) kind of encryption. A child too innocent to know such words derives no meaning from the random collection of characters. Someone well versed in the ways of the world, though, can add up the number of characters and quickly deduce what was intended.

On and off over the last two months, we’ve been looking at various aspects of online security. This week, we’re going to consider what steps we can take to make the information we send over the Internet secure from prying eyes.

We’ll also consider why it is that no one uses these measures, and why most of us won’t any time soon.

Continue reading

Idea: Personal Navajo

Instead of exposing the painful ritual of public/private key exchange, software developers should instead be using metaphors of human trust and service.

A ‘translator’ service,  for example. The user ‘invents’ an imaginary language, then decides who among her friends is allowed to speak it with her. She then instructs her ‘translator’ (e.g. her own personal Navajo) to convey messages between herself and her friend’s translator.

(Only the personal Navajos actually need to speak this ‘language’ of course. As far as the two correspondents are concerned, the only change is that they’re sending the message via the ‘translator’ rather than directly, but even that is a wafer-thin bit of functionality once the channel is established and the communications process automated.)

Quick encryption, well understood, and easy to implement. Most importantly, you don’t have to explain encryption, public and private keys,  or any other security gobbledygook to someone who really doesn’t want – and shouldn’t need – to hear it.

Update: Of course, the greatest weakness to this idea is if Microsoft were to create an implementation of this and name it Bob.

The Coconut Wireless

Last week’s column introduced a broad but important topic about current trends in technology. Over the next few weeks, we’ll take some time to look in more detail about the issues of privacy and access to information. What are the current trends? How are they going to affect us here in Vanuatu? What can we do to mitigate the worst effects and maximise the best of them?

Before we go into detail, though, it’s important to establish a bit of context. We’ve already described how people often make the wrong assumptions about the level of privacy they enjoy when using computers and the Internet. But let’s look at this issue in more practical terms.

Everyone in Vanuatu knows what ‘Coconut Wireless’ means. It refers to the lively rumours that spread via word of mouth concerning anything – or anyone – of interest to people as they idle away their spare time. In small doses, it’s generally unreliable, but when information is amalgamated from numerous sources, an assiduous listener can gather a good deal of interesting (sometimes deliciously scurrilous) and surprisingly accurate information.
Continue reading

Privacy and Paper Walls

Every time I get on a plane, I find myself wondering if the crew feels the same about the aircraft I’m in as I do about computers. Does the pilot mutter, “If only they knew…” under his breath after the in-flight announcement? Does the technician who handles the pre-flight checklist give the thumbs up while saying a silent prayer?

Happily, the answer is no. If planes worked the way computers do, nobody would ever fly again.
Continue reading