Tagrights

Speaking about responsible IoT & user rights

S

Happy to announce that I’ll be speaking at not one, but two excellent conferences this fall about a topic I care deeply about: A responsible IoT and users’ rights. In other words, how we can make sure the Internet of Things works for everyone?

Das ist Netzpolitik!
On 1 September 2017 I’ll be speaking at Netzpolitik‘s annual conference Das ist Netzpolitik! (program), in German, about tensions inherent in the power dynamics of IoT as well as the regulatory environment: Das Internet der Dinge: Rechte, Regulierung und Spannungsfelder.

Underexposed
On 9 November 2017, also in Berlin, I’ll be at SimplySecure‘s conference Underexposed (program). My talk there is called The Internet of Sneaky Things. I’ll be exploring how IoT security, funding and business models, centralization and data mining, and some larger challenges around the language we use to consider the impact of data-driven systems combined all form a substantial challenge for all things related to IoT. But it’s not all bleak. There are measures we can—and through ThingsCon, we do—take.

I’m very much looking forward to both events, and to chatting with the other participants there. These are some great communities. If you’re there, please don’t be shy, so come and say hi!

For IoT, we need a holistic understanding of security

F

Like the internet, IoT is a big horizontal layer of technologies and practices. It has touch points across industries (like healthcare, automotive, consumer goods, infrastructure) and regulatory areas. That’s what makes it so hard to discuss, to regulate, and to make secure.

More importantly, security has a pretty clear meaning in IT. But I’d argue that for the Internet of Things we need a more holistic concept of security than for traditional IT—one that includes aspects like data protection, privacy, user rights. A more human rights-style that goes beyond pure security and extends protection into adjacent but equally important areas.

Otherwise even the most technologically secure systems won’t serve the purpose of protecting users from negative consequences.

These defenders of the net can’t possibly be for real, but they’re lawyering up

T

PrismOpenDiscussion Photo by Bruce Sterling (all rights reserved)

 

A crypto kiddie with a knack for picking unfortunate metaphors; a nervous leak platform provider; a French net activist; and a Pirate Party member of EU parliament from Iceland.

What connects the four? They were all part of a panel at Share Conference/Republika on Tito’s ship Galeb in Rijeka, Croatia, discussing the implications of government surveillance.

Boy, what a discussion. It ranged from brilliant into bizarre tin foil hat territory and back several times over. Most noteworthy, though, was this: The discussion ended with the unveiling of Share Defense, a new policy think tank:

SHARE Defense is a part of Share Foundation established with a goal to fight for the public’s interest in every critical battle affecting digital rights within the fields of privacy, free speech, government transparency and efficiency, surveillance and human rights and to promote the positive values of openness, decentralization, and free access to the exchange of knowledge, information and technology. In long term our goal is to fight to obtain sustainability of free and decentralized Internet and implement standards of human rights in digital environment.
Blending the expertise of lawyers, policy analysts, activists, artists, and technologists, SHARE Defense protects the rights of Internet citizens within its mission to stop the oppression, censorship and surveillance of future generations. As a policy think-tank, SHARE Defense is conducting research and proposing new policy approaches to the issues in intersection of law and technology. As a watchdog organization, SHARE Defense, through analysis of proposed and current regulations and laws as well as practice, critically monitors the activities of governments and provides policy support to any social, technological and regulatory change that could affect our digital rights and liberties. As a legal team, SHARE Defense is conducting strategic litigation in order to defend powerless Internet users, online media and entrepreneurs with a goal to improve legal practise, expand application of existing human rights standards and establish legal certainty and predictability in digital environment.

Share Defense already has a first publication out, too, together with the EFF: A visualization of Google’s transparency report.

 

Unveiling of Share Defense

 

It sure is an interesting time in the evolution of civil rights in the digital sphere and at the intersection of the digital and physical spheres.

Personally, I like the approach that EFF and Share Defense choose, too: To lawyer up and fight for legal protection rather than by trying to out-crypto government snooping of dubious legality.

For one, we can never expect the majority of the population to become great cryptographers. But more importantly, citizens should not have to try to defend themselves against governments except in moments of state crisis – rather governments exist to protect the citizens they represent and who they are elected by. For a sustainable defense of civil rights, a legal approach seems to me to be the most promising.

So as for the four misfits mentioned above? Bruce Sterling summed it up nicely:

A spy apparatus that can’t officially exist being attacked by people who can’t possibly be for real.

They can’t possibly be for real, but they’re lawyering up and institutionalizing like there’s no tomorrow.

Petition Against Internet Censorship in Germany (FTW!)

P

In Germany, some odd stuff has been happening lately. It’s a fairly complex topic, and the whole discussion is happening in German, so I’ll keep it really short: Top-level politician Ursula von der Leyen (Federal Minister for Family Affairs, Senior Citizens, Women and Youth) is trying to introduce large-scale censorship in Germany, thinly disguised as an anti child pornography (CP) measure. It’s symbolic (if not fake) politics at its best: No chance to solve the problems at hand, but guaranteed to do a lot of damage. A nasty mix.

So you can imagine how happy I was when a petition to the parliament to prevent this law was put up on the German Bundestag’s e-petition site and got more than 10.000 supporters – within hardly 12 hours. Now there’s about a month until we need to get 50.000 supporters, then the parliament would be forced to listen to the petitioners. Given the surge of support in the little time, I’m confident this will work out.

CP is a heinous crime, and should be fought effectively wherever possible. But what she plans is ridiculous, ineffective, and dangerous: A blacklist of domain names, secret and without any oversight whatsoever, to be filtered by ISPs on a “voluntary basis”. Whereas “voluntary” means choosing between agreeing or being outed as a supporter of crimes against children.

Needless to say, IP filtering is too easy to circumvent to prevent any crime, or even the access to this kind of content. It’s completely ineffective & inefficient. What’s worse, this seems to happen instead of cracking down on the criminals who run the CP rings. (Some recent studies have shown that most CP rings are based in Western countries like the U.S., Sweden and Germany with strong laws to fight CP, and that the police isn’t really maxing out these laws yet. In other words: A test by Childcare showed that it’s actually fairly easy to shut down CP providers without any kind of filtering. This needs to be the first step.)

The opposition to these plans have been acting under the common tag Zensursula, a pun on the word censorship (“Zensur”) and the ministers first name (“Ursula”). Experts of all fields agree that these plans are complete crap. Even the Minister of Justice criticizes von der Leyen’s plans as probably anti-constitutional.

Putting these domain filters into place – with no oversight by judges, parliament or any independent jury – is the most dangerous thing I’ve seen in the German political sphere in a long time. Ursula von der Leyen is now trying to put her project on a legal basis. (What’s even worse, she gives contradictory, if not misleading information about the extent of her plans.)

It’s important that the politicians learn about this issue. I sincerely believe that the support for this whole internet filtering idea act on the best intentions. But a lot of them simply & clearly don’t have the technical background to understand what’s going on. How we could end up in this weird situation I simply cannot grasp. (Hello, staff, how about a decent briefing for your boss?) But now it’s important to stop this craziness.

Also, it’s clear that once these censorship tools are put in place, it won’t stay about CP for long. Others, most notably the Intellectual Property interest groups, will try to get in on the game, too. Dieter Gorny, the spokesperson of the German music industry has already expressed their support of the plans as a good first step towards better protection of intellectual property, read: he looks forward to also filtering supposedly pirated music. This is blunt, insensitive, and of course he’s not in any position to demand internet censorship to protect his industry’s interest on the expense of basic democratic rights like free, unlimited and uncensored internet access.

If you speak German, Netzpolitik is the best source for info on the topic. If you’re eligible to vote in Germany, you can sign the petition against censorship.

So this turned out much longer than intended. But yes, it’s that important. And that insane.