We’re all under surveillance – where to go from here?




Since the seemingly never-ending series of revelations about mass surveillance of citizens in the Western democracies by their governments (or indirectly by their partners through data exchange) has begun I’ve been trying to wrap my head around the implications – what it means for us as citizens.

One thing I can say for certain is an emotional one: It feels like our own democratically elected governments have — each in their own countries — kicked a leg out from under the table of democracy.

Wobbly metaphors aside, what we see is democratic governments installing the means of totalitarianism. Not with the same intention, I guess and hope, but maybe oblivious to the dangers inherent in their course of actions. Once the tools for mass surveillance are in place, there’s nothing structurally protecting us from a totalitarian state in the affected countries. It was one of the ground rules I learned in my political science studies: Never build tools that are only good in the hands of a “good” government. Build in strong safeguards against abuse by “bad” governments. And even without any abuse of power, we already know about the negative effects of mass surveillance.

I’m not one to say intelligence services should be abolished, I think they serve some important functions. But they must be under incredibly strict, tough supervision, and very limited in scope, with bullet-proof safeguards in place against abuse of power. This system of oversight seems to have failed at scale.

One of the little thought games I like to play when evaluation a seemingly complex issue is to change some of the variables involved to get other perspectives: invert the scenario or players; exaggerate/extrapolate; diminish it/dial it down; a system breakdown; shift motivations of the players and/or the players; etc. Often times, mentally going through these scenarios and comparing them with the as-is situation can help understand better what’s going on and what’s desirable.

So let’s go through some of these mutations, and see what comes up.


Instead of intelligence services spying on citizens without warrants or real oversight and reporting to the government, the same services spy on politicians — around the clock, in their offices and at home — and report to the public. Why not start with five percent of communications initially, ramping up to 20 percent over time.

Dialing it up / extrapolation

Increase the amount of surveillance, and increased ability to read encrypted communications. Oh wait: That’s already a reality.

Dialing it down

Decrease the amount of surveillance. Maybe restrict it to cases of actual suspicion, based on police work. (I find it hard to find anything bad about this scenario. In fact, until recently that was how the system supposedly worked, and is meant to work.)

System breakdown

At the peak of performance of the surveillance machinery, something goes horribly wrong. Data is exposed, stolen, the system breached or undermined, that kind of thing. All the data and analysis is openly available, including the tools to collect it: The backdoors built into our software, the keys to the available encryption, the passwords and saved communications and the network analysis that shows social networks of people. Leaving more or less every person with access to digital communications (all the two billion or so, and counting) immensely vulnerable to abuse of the worst kinds. Dissidents tracked down by abusive governments, journalists silenced, individuals blackmailed or robbed. You get the drift.

But hey, when has a massive central system ever failed? After all, it’s not like someone could just burn a DVD of data or a take a memory stick full of stuff and walk out of a secure facility and expose top secret data.

Oh wait – how did we learn about all of this again?

Shift motivations and/or players

A new party emerges and gets the popular vote running on a populist, anti-democratic agenda. Think Tea Party to the power of 10, or neo nazis, or fascists of any sort, whatever. Only, this time they have the most powerful mass surveillance apparatus of all times at their disposal. History tells us that this kind of stuff happens. I think we can all agree that’s not desirable?

So what now?

So where does that leave us? Frankly, I don’t know. There have been calls for engineers to take responsibility and for more political oversight, among many others. Maybe there’s a constitutional course of action, kind of a political equivalent of negligence or abuse of power to hold the government or individual politicians responsible? Maybe introducing term limits like in the US in Germany, too, and maybe in leading positions inside the intelligence community as well?

I have no idea. But I’m pretty sure that just leaning back, shaking heads and becoming cynical won’t cut it. Not if our democracy and freedom is at stake. (End of melodrama.)

On this note, if you would excuse me. I have a demo to go to.

ITU won’t control the internet


Park dino

Today is a good day for the internet.


“Failure to sign agreement at ITU conference stops governments having greater powers to control phone calls and data”, is the Guardian’s headline, announcing that the ITU summit failed to move more control over the internet to a global government body that would have bypassed a lot of the multi-stakeholder input and checks we currently have. The efforts to claim control were headed by Russia, China and the United Arab Emirates, all states with comparatively tight control over the internet, each in their own way.

Just some impressions as described in the Guardian article:

“The internet has given the world unimaginable economic and social benefit during these past 24 years. All without UN regulation. We candidly cannot support an ITU Treaty that is inconsistent with the multi-stakeholder model of internet governance.”

— Terry Kramer, head of the US delegation

[Head of consulting firm dot-nxt] McCarthy, who has published ITU planning documents that would otherwise have been kept out of sight on dot-nxt’s website, criticised the conduct of the meeting: “attendees were stunned to find a conference style and approach stuck in the 1970s,” he said. “(…) meetings ran until the early hours of the morning, and “consensus by exhaustion” was the only fall-back position.”

It was a close thing. But there we go. Phew. Thanks to all the initiatives that sprung up in public as well as in the backchannels to drag this thing into light, and make sure it didn’t go through as initially planned.

Full article over at The Guardian.

Clay Shirky: Why SOPA is a bad idea


In this recent TED talk, Clay Shirky makes a spot on, scary, fantastic argument why SOPA, PIPA and their brethren bills are so terribly damaging. Plus, he puts the bills into their historical context – I for one really hadn’t noticed how directly they align with former content industry initiatives like the DMCA and others. There’s a strong vector at work here, and it’s a hurtful one.

Must watch!

On the other hand, what we’re seeing here is a coming-of-age moment for the “other side” – the internet community at large, the free culture & open source communities, the technology companies.

With a Web-wide protest on Wednesday that includes a 24-hour shutdown of the English-language Wikipedia, the legislative battle over two Internet piracy bills has reached an extraordinary moment — a political coming of age for a relatively young and disorganized industry that has largely steered clear of lobbying and other political games in Washington.

So while you’re at it, have a look at this New York Times article: A Political Coming of Age for the Tech Industry.

The Wikileaks Process


I’ve been racking my brain over the last few days since the whole Wikileaks / Cablegate story began escalating. I’ve been trying, in short, to find my own take and standpoint on Wikileaks and the reaction to their recent publication of embassy cables. I’ve discussed it over and over with friends who have either a journalistic or a web background, and been reading a lot. And only now, and very slowly, am I even able to articulate a clearer, emerging position.

So bear with me while I try to sort out my own thinking. And believe me, it needs sorting out, as this whole situation touches on so many issues from media to political theory, from democracy to internet regulation. Yes, it’s that big, and anyone giving you a simple answer to any question here is full of it. This is not the time for simple answers, or even simple questions.

First of all, as a disclaimer: I can only speculate on Julian Assange’s motives or character. I never met him, so I’ll try to keep speculation to a minimum. That said, right on into the eclectic heap that these arguments represent.

Transparency vs Private Negotiations Transparency is good for democracy, and for mankind. However, not everything can (or should) be made transparent. Just like private conversations of citizens or individuals need to be protected from government (or corporate, for that matter) snooping, negotiations inside or between governments need some protection, too. In Clay Shirky’s words:

(…) human systems can’t stand pure transparency. For negotiation to work, people’s stated positions have to change, but change is seen, almost universally, as weakness. People trying to come to consensus must be able to privately voice opinions they would publicly abjure, and may later abandon. Wikileaks plainly damages those abilities.

That doesn’t mean a free pass for backdoor deals, or that governments shouldn’t be held accountable – not at all. It means that in order to truly deliberate, everybody on the table needs to be able to voice their opinions without fear of repression or (in a media-driven age and context) publication. No space to do this means no open-minded, frank negotiations. Instead we’d get just another media theater, and truly that’s not what we need.

Who to blame? On a pure who-to-point-a-finger-at level – and that includes legal and moral finger pointing – we need to ask ourselves: who do we want to blame, and for what? The arguments bounced around are manifold, and they range from weakening the state to treason (on Wikileaks’ side) to intransparency, bullying or abusing power (on several governments’ side). The blame game is, of course, a game that only knows losers: If we decide to go down that path (and it seems like that decision was made awhile ago) then we all lose. Was Wikileaks wrong in publishing the cables? Was it the US government’s fault not to share the information voluntarily? Or maybe a single member of the US army is to blame? Are we to blame for being like Faust, who wants to know everything, and Assange is just like Mephisto, offering us the secret knowledge? This cycle of questions leads nowhere.

I am curious, though, to see where the legal discussions surrounding Assange’s prosecution and arrest will lead us – that might be a different story altogether. (Keep in mind that Assange as an Australian citizen and Wikileaks are not beholden to the US government, nor is the US government accountable to non-US citizens, yet all of them are wrapped into layers and layers of international law.)

Is Assange right or wrong, and who takes the bullets? A sister to the blame question, but with a slightly different focus: Was it “right” (whatever that means) that Assange sought out and published the cables? I think this question really missed the point: it just doesn’t matter at this point, it’s moot.

I’m wondering: who will take the bullets, who will end up owning the risks and costs associated with the whole mess? On a direct line of action-and-reaction, Bradley Manning, the US Army soldier who gave Wikileaks the leaked data, might be the most direct casualty (if that term fits here) of the leaks. Potentially there’s some political fall-out within the embassies and in diplomatic circles. More indirectly, though: could the leaked cables lead to major political fall-out regarding North Korea or Iran? (Not that this necessarily matters if critical information was withheld from the public.) What will happen to the supporters of Wikileaks, those inside and outside the core team that may, or may not, agree with Assange’s course of action?

We don’t know yet what will happen to Assange after his arrest. But I’d wager that he won’t (and can’t) take the bullets for all the others who are now out there, involved in many different ways, in a conflict that is complex at best, devastating at worst. And that is played out with no open, reliable ground rules at all.

Has Assange ruined Wikileaks? Has he ruined Wikileaks, and if so, is this maybe his right as the founder? (And I’m saying this without any idea how many people are involved directly or losely.) The whistleblower platform has, it seems, become important way beyond one person. Or has he become, more than ever, Wikileaks, now that some members are distancing themselves from the platform? It seems, though, that Wikileaks is taking a lot of hits about this affair; or maybe this is the whole point of Wikileaks: to create, or highlight, pain points of sorts, and pushing over the edge is an inherent part of the platform? I’m really undecided on this one.

Due process is key for democracies An absolute core point is that no matter how you twist and turn it, due process is key for democratic governments. In a democratic society there are clear rules (including, but not limited to laws). I strongly urge you to read Clay Shirky’s thoughts on this:

I am conflicted about the right balance between the visibility required for counter-democracy and the need for private speech among international actors. Here’s what I’m not conflicted about: When authorities can’t get what they want by working within the law, the right answer is not to work outside the law. The right answer is that they can’t get what they want.

That’s really it: as the government, you have to work inside the law, the system, your mandate. Never ever may a US senator lean on private corporations to circumvent the rule of law, like Joe Lieberman did when he pressured Amazon to remove Wikileaks from their hosting service. Any action like this damages democracy and trust in the democratic so badly it’s hard to imagine that it can be reversed. (Although I hope and guess that eventually it will.) It certainly legitimizes those undemocratic, repressive regimes that the US usually fights, and that the internet usually helps bring more freedom to.

This kind of mafia-style bullying just adds more oil to the fire, and to increase the gaps between even the moderates on both sides of the aisle. If you’re not for us, you’re against us? This time, both sides play it. (Or maybe there are more than two sides here? It seems like it.) The tone is growing more and more hostile the more the conflict escalates. I condemn parts of Assange’s actions, parts of the US government’s actions. Either way, I get (rhetorical) flac because I cannot, and do not want to, side with one side only. There simply doesn’t seem to be a right or wrong – both sides, I’d wager, are behaving grossly wrong and unethical at this point.

The conflict escalates As things unfold, the conflict is escalating quickly. After the initial political fall-out, and the US gov’t leaning on Amazon and (probably) other companies – resulting in Amazon not hosting Wikileaks, neither PayPal nor VISA or Mastercard accepting donations on their behalf – now new players are entering the equation. Anonymous, the global hacker group, have been running attacks on a number of sites including PayPal.

And this is still fairly early in the game: Expect more to come over the next few weeks. Will Sweden extradite Assange to the US? If so, what will they do with him? What’s going to happen on a global political stage regarding those cables, North Korea, Iran? How many lines will the executive branches of the US and European countries over-step?

The bigger picture: What happens to Internet regulation? What I’m most concerned about at this point is: what will happen six months from now? So far, the internet is regulated through some legal layers, but mostly through private/industry and technical agreements. It looks to me like this is going to change, quickly, and not to the better. Years of multi-stakeholder negotiations (think IGF and all) might be in vain now, if the US government pushed ahead in the same style they’ve shown so far in this conflict.

RWW’s take on Wikileaks and the open web:

The ability for Internet companies and Internet users to be able to create and share without government intervention is not just a mark of free society. The tech industry pays a lot of lip service to the “open Internet,” arguing that it is the very thing that has fostered innovation in and growth of the industry. The filters, monitors, blocks, and blacklists associated with repressive governments, so the argument goes, serve not just to prevent access to information but to stifle creativity and entrepreneurship. No matter how one justifies the actions of Amazon and the like – Terms of Service or otherwise – the events this past week have not simply demonstrated the spinelessness of certain companies to stand up to government and public pressure; they have pointed to some of the weak links in the “open Internet,” those points of control that are particularly important (and seemingly particularly vulnerable).

We’ll know very soon, I’m afraid, if our relying on US-based companies for all we do on the web will turn out to be a mistake, and if the web can stay free for all. My fear is, and I can’t stress this enough, that the web will be “collatoral damage” in this conflict, getting tracked and supervised and simply an un-free place.

Let’s hope it won’t.

However, there is an upside, too. In the wake of Wikileaks, at least we have a great, inspired even, debate on the role of traditional media:

Wikileaks has ignited a debate about the rights and responsibilities attached to freeing information.It has illustrated that Governments, however well intentioned, do not have the best judgement in terms of what it is right for citizens to know. It has shown that the established media no longer necessarily gets to make that call either, and forces us all to think about the consequences of that shift. These questions are more pressing even than the constant din about finding new business models to sustain purpose. Finally we are talking about purpose first. How many news organisations now feel differently about how to host and serve content across the web in the wake of Amazon using its commercial prerogative to kick Wikileaks off its servers? How many correspondents and editors would balk at ruining long term relationships with the State Department to publish classified material of the leaked cables-type? (…) Journalism is not just an intermediary in this, it is part of this. Journalists need to know what they think about the mission of Wikileaks and others like it, and they need to know where they would stand if the data dropped onto their desks and the government pressured them to be silent.

Phew. Curious to hear your thoughts.

Petition Against Internet Censorship in Germany (FTW!)


In Germany, some odd stuff has been happening lately. It’s a fairly complex topic, and the whole discussion is happening in German, so I’ll keep it really short: Top-level politician Ursula von der Leyen (Federal Minister for Family Affairs, Senior Citizens, Women and Youth) is trying to introduce large-scale censorship in Germany, thinly disguised as an anti child pornography (CP) measure. It’s symbolic (if not fake) politics at its best: No chance to solve the problems at hand, but guaranteed to do a lot of damage. A nasty mix.

So you can imagine how happy I was when a petition to the parliament to prevent this law was put up on the German Bundestag’s e-petition site and got more than 10.000 supporters – within hardly 12 hours. Now there’s about a month until we need to get 50.000 supporters, then the parliament would be forced to listen to the petitioners. Given the surge of support in the little time, I’m confident this will work out.

CP is a heinous crime, and should be fought effectively wherever possible. But what she plans is ridiculous, ineffective, and dangerous: A blacklist of domain names, secret and without any oversight whatsoever, to be filtered by ISPs on a “voluntary basis”. Whereas “voluntary” means choosing between agreeing or being outed as a supporter of crimes against children.

Needless to say, IP filtering is too easy to circumvent to prevent any crime, or even the access to this kind of content. It’s completely ineffective & inefficient. What’s worse, this seems to happen instead of cracking down on the criminals who run the CP rings. (Some recent studies have shown that most CP rings are based in Western countries like the U.S., Sweden and Germany with strong laws to fight CP, and that the police isn’t really maxing out these laws yet. In other words: A test by Childcare showed that it’s actually fairly easy to shut down CP providers without any kind of filtering. This needs to be the first step.)

The opposition to these plans have been acting under the common tag Zensursula, a pun on the word censorship (“Zensur”) and the ministers first name (“Ursula”). Experts of all fields agree that these plans are complete crap. Even the Minister of Justice criticizes von der Leyen’s plans as probably anti-constitutional.

Putting these domain filters into place – with no oversight by judges, parliament or any independent jury – is the most dangerous thing I’ve seen in the German political sphere in a long time. Ursula von der Leyen is now trying to put her project on a legal basis. (What’s even worse, she gives contradictory, if not misleading information about the extent of her plans.)

It’s important that the politicians learn about this issue. I sincerely believe that the support for this whole internet filtering idea act on the best intentions. But a lot of them simply & clearly don’t have the technical background to understand what’s going on. How we could end up in this weird situation I simply cannot grasp. (Hello, staff, how about a decent briefing for your boss?) But now it’s important to stop this craziness.

Also, it’s clear that once these censorship tools are put in place, it won’t stay about CP for long. Others, most notably the Intellectual Property interest groups, will try to get in on the game, too. Dieter Gorny, the spokesperson of the German music industry has already expressed their support of the plans as a good first step towards better protection of intellectual property, read: he looks forward to also filtering supposedly pirated music. This is blunt, insensitive, and of course he’s not in any position to demand internet censorship to protect his industry’s interest on the expense of basic democratic rights like free, unlimited and uncensored internet access.

If you speak German, Netzpolitik is the best source for info on the topic. If you’re eligible to vote in Germany, you can sign the petition against censorship.

So this turned out much longer than intended. But yes, it’s that important. And that insane.

CCC Freedom Stick, Olympics Special Edition


It’s been around for awhile, but CCC‘s Freedom Stick, a memory stick loaded with powerful privacy software, is now also available in an Olympics Special edition: CCC – China – Privacy Emergency Response Team, extra easy to use for non-technical users. It consists mainly of a TOR anonymizer plus mobile FireFox.

Freedom Stick, image courtesy of CCC Image: CCC

Who’s it for? “Especially for people with little experience it is important to have simple solutions to break through walls. For this reason we present the FreedomStick.” And by walls, they refer to the Great Firewall.

Using TOR and mobile FireFox, your connection will be quite a bit slower. But that seems like a pretty fair price to pay for not leaving any traces online.

The software and a tutorial is available here. (If you’d like to support a non-profit while preserving your privacy, German privacy fighters FoeBud sell a memory stick loaded with the software for fundraising, it’s available for €20.)