censorship, Core Internet Values, Internet, News, Social Media

IETF Draft on Media Without Censorship (Censorfree)

Internet-Drafts are working documents of the Internet Engineering Task Force, its areas, and its working groups, for review after which it may be introduced as an RFC for comments. Johan Pouwelse has introduced an “Internet Draft” at the Internet Engineering Task Force which describes some scenarios in which one can imagine that the ability of an authoritarian regime to censor news is reuced. The Censorfree objective is to standardize the protocols for micro-blogging on smart phones with a focus on security and censorship resistance.

All RFCs are first published as Internet-Drafts (I-Ds). A well-formed RFC starts with a well-formed Internet-Draft. Please see the Internet-Drafts page on the IETF site for policy and submission guidelines, as it is authoritative regarding Internet-Drafts.

Core Internet Values, Internet

Vint Cerf asks the world to keep the Internet open

The Internet stands at a crossroads. Built from the bottom up, powered by the people, it has become a powerful economic engine and a positive social force. But its success has generated a worrying backlash. Around the world, repressive regimes are putting in place or proposing measures that restrict free expression and affect fundamental rights. The number of governments that censor Internet content has grown to 40 today from about four in 2002. And this number is still growing, threatening to take away the Internet as you and I have known it.

…The benefits of the open and accessible Internet are nearly incalculable and their loss would wreak significant social and economic damage. Against this background, a new front in the battle for the Internet is opening at the International Telecommunications Union, a United Nations organization that counts 193 countries as its members.

At present, the I.T.U. focuses on telecommunication networks and on radio frequency allocations rather than the Internet per se. Some members are aiming to expand the agency’s treaty scope to include Internet regulation. Each of the 193 members gets a vote, no matter its record on fundamental rights — and a simple majority suffices to effect change. Negotiations are held largely among governments, with very limited access for civil society or other observers.

…The Net prospered precisely because governments — for the most part — allowed the Internet to grow organically, with civil society, academia, private sector and voluntary standards bodies collaborating on development, operation and governance. In contrast, the I.T.U. creates significant barriers to civil society participation. A specialized agency of the United Nations, it grew out of the International Telegraph Union, which was established in 1865.

… Last June, then-Prime Minister Vladimir Putin stated the goal of Russia and its allies as “establishing international control over the Internet” through the I.T.U. And in September 2011, China, Russia, Tajikistan and Uzbekistan submitted a proposal for an “International Code of Conduct for Information Security” to the U.N. General Assembly, with the goal of establishing government-led “international norms and rules standardizing the behavior of countries concerning information and cyberspace.” Word of a few other proposals from inside the I.T.U. have surfaced.

Several authoritarian regimes reportedly would ban anonymity from the Web, which would make it easier to find and arrest dissidents. Others have suggested moving the privately run system that manages domain names and Internet addresses to the United Nations. Such proposals raise the prospect of policies that enable government controls but greatly diminish the “permissionless innovation” that underlies extraordinary Internet-based economic growth to say nothing of trampling human rights. Some countries have expressed sympathy for these proposals. They are concerned about the outsized role they perceive that the United States plays in the direction and development of Internet policy. Some believe the status quo favors the interests of large, global Internet companies.

...we need to prevent a fundamental shift in how the Internet is governed. I encourage you to take action now: Insist that the debate about Internet governance be transparent and open to all stakeholders.

Civil Liberties, Core Internet Values, IGF, Internet, NetNeutrality, News, security, surveillance

United Kingdom: Phone and email records to be stored in new spy plan

United Kingdom:  Details of every phone call and text message, email traffic and websites visited online are to be stored in a series of vast databases under new Government anti-terror plans.

Landline and mobile phone companies and broadband providers will be ordered to store the data for a year and make it available to the security services under the scheme.

The databases would not record the contents of calls, texts or emails but the numbers or email addresses of who they are sent and received by.

For the first time, the security services will have widespread access to information about who has been communicating with each other on social networking sites such as Facebook.

Direct messages between subscribers to websites such as Twitter would also be stored, as well as communications between players in online video games.

The Home Office is understood to have begun negotiations with internet companies in the last two months over the plan, which could be officially announced as early as May.

It is certain to cause controversy over civil liberties – but also raise concerns over the security of the records.

Access to such information would be highly prized by hackers and could be exploited to send spam email and texts. Details of which websites people visit could also be exploited for commercial gain.

The plan has been drawn up on the advice of MI5, the home security service, MI6, which operates abroad, and GCHQ, the Government’s “listening post” responsible for monitoring communications.

Rather than the Government holding the information centrally, companies including BT, Sky, Virgin Media, Vodafone and O2 would have to keep the records themselves.

Under the scheme the security services would be granted “real time” access to phone and internet records of people they want to put under surveillance, as well as the ability to reconstruct their movements through the information stored in the databases.

The system would track “who, when and where” of each message, allowing extremely close surveillance.

Mobile phone records of calls and texts show within yards where a call was made or a message was sent, while emails and internet browsing histories can be matched to a computer’s “IP address”, which can be used to locate where it was sent.

The scheme is a revised version of a plan drawn up by the Labour government which would have created a central database of all the information…

Labour shelved the project – known as the Intercept Modernisation Programme – in November 2009 after a consultation showed it had little public support…

But the security services have now won a battle to have the scheme revived because of their concern over the ability of terrorists to avoid conventional surveillance through modern technology.

They can make use of phone tapping but their ability to monitor email traffic and text messages is limited.

They are known to have lobbied Theresa May, the Home Secretary, strongly for the scheme. Their move comes ahead of the London Olympics, which they fear will be a major target for terror attacks, and amid a climate of concern about terrorists’ use of the internet.

… Sources said ministers are planning to allocate legislative time to the new spy programme, called the Communications Capabilities Development Programme (CCDP), in the Queen’s Speech in May.

But last night privacy campaigners warned the scheme was too open to abuse and could be used for “fishing trips” by spies.

Jim Killock, executive director of the Open Rights Group, a civil liberties campaign organisation, said: “This would be a systematic effort to spy on all of our digital communications.

“The Conservatives and Liberal Democrats started their government with a big pledge to roll back the surveillance state.

No state in history has been able to gather the level of information proposed – it’s a way of collecting everything about who we talk to just in case something turns up.”

There were also concerns about the ability of phone and Internet companies to keep the information secure.

And the huge databases could also be used by Internet service providers, particularly to work out which advertising to target at users.

Broadband firms including BT came up with a scheme almost three years ago to target advertising, but it did not get off the ground.

However, if companies were able to exploit the information they will be compelled to keep for the CCDP, they would be much more capable of delivering advertising to computers and even mobile phones based on users’ past behaviour.

Gus Hosein, of Privacy International, said: “This will be ripe for hacking. Every hacker, every malicious threat, every foreign government is going to want access to this.

“And if communications providers have a government mandate to start collecting this information they will be incredibly tempted to start monitoring this data themselves so they can compete with Google and Facebook.”

… from the Telegraph

Core Internet Values, DNS, DNSSEC, IGF, News

World War 3 ? Who should control the Internet (if the idea of control is right)?

These are subjectively highlighted excerpts from the well researched Vanity Fair May 2012 article “In the Battles of SOPA and PIPA, who should Control the Internet”  Michael Joseph Gross, reposted here with a comment, some pictures and a mischievous cartoon.

ITU Secretary General, Dr Hamadoun Touré.
ITU Secretary General, Dr Hamadoun Touré.

This year, in the month of December, Diplomats from 193 countries will converge at the World Trade Center, Dubai to renegotiate a United Nations treaty called the International Telecommunications Regulations. The sprawling document, which governs telephone, television, and radio networks, may be extended to cover the Internet, [would raise] questions about who should control it, and how. Arrayed on one side will be representatives from the United States and other major Western powers, advocating what many call “Internet freedom,” a plastic concept that has been defined by Secretary of State Hillary Clinton as the right to use the Internet to “express one’s views,” to “peacefully assemble,” and to “seek or share” information. The U.S. and most of its allies basically want to keep Internet governance the way it is: run by a small group of technical nonprofit and volunteer organizations, most of them based in the United States.

On the other side will be representatives from countries where governments want to place restrictions on how people use the Internet. These include Russia, China, Brazil, India, Iran, and a host of others. All of them have implemented or experimented with more intrusive monitoring of online activities than the U.S. is publicly known to practice. A number of countries have openly called for the creation of a “new global body” to oversee online policy. At the very least, they’d like to give the United Nations a great deal more control over the Internet.

Just an ineresting movie for our Leaders to watch.

Mediating these forces in Dubai will be Hamadoun Touré,  Charming and wily, Secretary-General of the U.N.’s International Telecommunication Union. Noting that Internet users in America represent only a tenth of the total, he says, “When an invention becomes used by billions across the world, it no longer remains the sole property of one nation, however powerful that nation might be. There should be a mechanism where many countries have an opportunity to have a say.”

[ Comment by Sivasubramanian M, as individual comments: Dr Toure does not say that ITU wants to take over Internet Governance. But the ‘unintended’ consequences of Dr Toure’s  “UN for Internet” master plan would be a situation where ITU would govern Internet Technical Standards and the Names and Numbers space. The overall design could result in a situation where the ITU would be the umbrella for the World Governments to negotiate Internet Policies that would determine imaginative models whereby the ITU Business interests would make Internet users pay to breathe online. ITU could control the information space and information ‘security’ totally and completely to take the World’s Communication Users, Business Corporations and the World’s Politicians to an era not unlike that of the J Edgar Hoover era of unspoken, plenipotentiary control over eight American Presidents, extremely difficult to balance. Our World’s Politicians and Public Administrators who propose invasive controls might not quite realize what they themselves are getting into 🙂 ]

There is a war under way for control of the Internet, and every day brings word of new clashes on a shifting and widening battlefront. Governments, corporations, criminals, anarchists—they all have their own war aims.

… The War for the Internet was inevitable—a time bomb built into its creation. The war grows out of tensions that came to a head as the Internet grew to serve populations far beyond those for which it was designed. Originally built to supplement the analog interactions among American soldiers and scientists who knew one another off­-line, the Internet was established on a bedrock of trust: trust that people were who they said they were, and trust that information would be handled according to existing social and legal norms. That foundation of trust crumbled as the Internet expanded. The system is now approaching a state of crisis on four main fronts.

The first is sovereignty: by definition, a boundary-less system flouts geography and challenges the power of nation-states. The second is piracy and intellectual property: information wants to be free, as the hoary saying goes, but rights-holders want to be paid and protected. The third is privacy: online anonymity allows for creativity and political dissent, but it also gives cover to disruptive and criminal behavior—and much of what Internet users believe they do anonymously online can be tracked and tied to people’s real-world identities. The fourth is security: free access to an open Internet makes users vulnerable to various kinds of hacking, including corporate and government espionage, personal surveillance, the hijacking of Web traffic, and remote manipulation of computer-controlled military and industrial processes.

There is no agreement about how any of these problems should be solved. There isn’t even agreement on how to define the basic terms of debate. “Internet freedom,” for instance, is the avowed objective not only of the U.S. secretary of state but also of Wiki­Leaks, which published hundreds of thousands of classified State Department diplomatic cables.

One way to think about the War for the Internet is to cast it as a polar conflict: Order versus Disorder, Control versus Chaos…

A conflict with two sides is a picture we’re used to—and although in this case it’s simplistic, it’s a way to get a handle on what the stakes are. But the story of the War for the Internet, as it’s usually told, leaves out the characters who have the best chance to resolve the conflict in a reasonable way. Think of these people as the forces of Organized Chaos. They are more farsighted than the forces of Order and Disorder. They tend to know more about the Internet as both a technical and social artifact. And they are pragmatists. They are like a Resistance group that hopes to influence the battle and to shape a fitful peace. The Resistance includes people such as Vint Cerf, who helped design the Internet in the first place; Jeff Moss, a hacker of immense powers who has been trying to get Order and Disorder to talk to each other; Joshua Corman, a cyber-security analyst who spends his off-hours keeping tabs on the activities of hackers operating under the name of Anonymous; and Dan Kaminsky, one of the world’s top experts on the Internet’s central feature, the Domain Name System.

Although they may feel a certain kinship with one another, they are not an organized group. Their main point of agreement is that the Internet has changed the world forever, in ways we are only beginning to understand. They know that Order is impossible and that Disorder is unacceptable. They understand that the world is a messy place whose social arrangements come and go. But they are united in the conviction that what must be preserved and promoted at all costs is what the forces of Order and Disorder, in their very different ways, are both intent on undermining: the integrity of the Internet itself as a reliable, independent, and open structure.

II. Free-for-All

image from http://www.bartnagel.com/newarchive/photos/cerfVint_5x_3020.jpg
Vint Cerf, internet pioneer and cocreator, TCP/IP

… Vint Cerf is frequently referred to as the father of the Internet. … Most of the Internet’s problems, Cerf believes, stem from the issue of state sovereignty. The Internet was designed to ignore national boundaries. It was designed this way, Cerf says, because “it was intended to deal with a military problem”: how could soldiers exchange messages without letting their enemies know where they were? Cerf and others solved that problem by building a decentralized network that routed mes­sages from place to place using addresses that had nothing to do with physical locations. This was something new. International telephone transmissions were marked with country codes that named their origins and end points and had to pass through central switches in the countries at both ends. Radio transmissions, similarly, had to hop from the fixed points of towers. On the Internet, by contrast, traffic skittered from place to place on a network whose shape could be in constant flux. The Internet had no center at all, with one exception. The sole centralized feature of the Internet was the Domain Name System.

The United States created that system, which lives on root servers, and Americans maintained it even as the Internet started spreading. The first thing your computer does when you type a Web site or e-mail address into your browser is to ask a local D.N.S. server for the numerical IP address of that destination. Because the D.N.S. servers are the first stop, the D.N.S. is not just the Internet’s address book. It’s also the corner post office. Whoever runs the D.N.S. system can potentially control whether your browser requests get to the proper place and thus control where you can and can’t go online. …

Clinton … set out to turn the D.N.S. over to the private sector. The result was ICANN, a nonprofit body whose advisory committees include representatives of more than 100 countries and scores of corporations. Technically, ICANN remains under the Commerce Department’s authority, but other governments have a meaningful say in the group’s decisions. For instance, Xiaodong Lee, one of China’s Internet czars, is icann’s vice president for Asia. The creation of ICANN signaled that the Internet would be something akin to global patrimony, not an online version of American soil.

This shift helped set the Internet free. But the more the global economy came to depend on the Internet, the harder it was for governments to tame or limit it. This, too, was intentional. To ensure a surge of e-commerce, the administration systematically pushed aside or revised whatever might stand in the way, including taxes, tariffs, regulations, and intellectual-property standards. Grabbing with both hands for the Internet economy meant letting go of old ideals of governance.

Whole new problems eventually arose as markets and communications moved online, and as all these online exchanges were preserved digitally and became searchable. Who owned all this data? Who should have access to it? Corporations such as Microsoft, Google, and Facebook began butting heads with the government. They also began butting heads with their own customers.

Corporate ambitions are a huge issue, but “the real War for the Net,” Cerf believes, “is governments who want to control it, and that includes our own government. If you think about protecting the population and observing our conventional freedoms, the two are real­ly very much in tension.” Cerf cites the debate over the U.S.A. Patriot Act, enacted in 2001, which greatly expanded the U.S. government’s domestic-surveillance authority. He also cites efforts by Middle Eastern governments to control online communications, particularly as the Arab Spring began to unfold, in 2011. And then there’s the vast example of China, whose Great Firewall puts severe limits on what Chinese users can view online.

On the Internet, what constitutes a “government” anyway? When Google announced in 2010 that it had fallen victim to Chinese hackers, it chose to publicize the fact that the Gmail accounts of Chinese political dissidents had been compromised. Congressional staffers asked company officials at the time about rumors that Google’s data losses were in fact far more extensive. They recall tense conversations with Google executives, who in effect asserted executive privilege. One Hill aide recalls, “Clearly these people are used to having their way with everybody, which pissed us off. Because they are not a state within a state, even though they practically claim sovereignty.”

III. The Dark Tangent

Jeff Moss image from http://www.heise.de
Jeff Moss, founder of the Black Hat, DEF CON and Vice President and Chief Security Officer of ICANN

… In 1992, a very young man named Jeff Moss, whose hacker name is the Dark Tangent, organized “Def Con”… He now sits on the U.S. government’s Homeland Security Advisory Committee, and he serves as the chief security officer for ICANN. Where Vint Cerf argues that sovereignty lies at the heart of the War for the Internet, Moss—who as a hacker cut his teeth gaining access to systems and information that belonged to others—argues that the heart of the matter may be intellectual property.

… When social-media sites such as Twitter and Facebook merged those two functions—turning the common person’s scrapbook into a cash cow for corporations—they sparked the Internet’s next evolutionary adaptation. The consumer and the citizen now combined to form a complicated new species, most of whose members experienced the change as extremely empowering—even as they were also becoming extremely vulnerable. …

Privacy advocates sounded alarms about the problem, but the 2009 Green Revolution protests in Iran were a major turning point. The ease with which the Iranian government spied on its own citizens—using techniques that anyone could deploy, with free and open-source software—showed the fundamental insecurity of all unencrypted data (which is almost all data) on the Internet. Iranian-government authorities were able to read citizens’ e-mails, diagram their social networks, and keep watch on almost anything else they wanted to observe. The spectacle of that violation, Moss says, underscored for everyone that the character of the Internet had fundamentally changed. It had evolved from, as he puts it, a place “to put pictures of your cat” to a place where “your liberty’s at stake.”

Even so, the most influential Web sites, such as Google, Facebook, and Twitter, balked at adapting to the new reality they’d helped bring into existence. No communications on any of those sites were fully encrypted yet. Without mockery, Moss recites their arguments in a plain tone, strained only by mild weariness: “It’s too expensive. We never designed it to be all encrypted. And, you know, the Net is not a private place anyway. It’s not really our problem.” His response, in the same tone, is that, since these corporations built their empires by encouraging everybody to share everything, they have a responsibility to provide security.

During that violent week in 2009, Iran also blocked its citizens’ access to popular dissident Web sites. Government authorities hijacked the Internet’s address book—using a technique called D.N.S. blocking—so that when people tried to organize via Facebook or Twitter, they got sent elsewhere. Today, as chief security officer for ICANN, Moss is implementing a set of technical changes that will eventually make it more difficult for anyone to engage in D.N.S. blocking—difficult, but not impossible. “I’m curious if it’s fixable,” Moss admits. “Everybody always calls it rebuilding the airplane in flight. We can’t stop and reboot the Internet.”

Technical constraints are complicated by politics. Not everyone approves of the changes Moss promotes. This winter, Congress considered two bills designed to stop online piracy. The Protect Intellectual Property Act (pipa) and the Stop Online Piracy Act (sopa) could have allowed the U.S. government to mandate D.N.S. blocking—the technique that Iran had used… But a ferocious Web revolt, incited, in part, by Internet giants such as Reddit, Google, and Wikipedia, invoked the specter of censorship. The legislation was effectively killed.

According to Moss, people who want more government control of the Internet are saying, “Well, we’ll just do this. We’ll just do that.” He says, “It’s like, You just don’t do that with the Internet. Don’t have the legislator who doesn’t understand how anything works make the decisions. The biggest fear is that you’ll have governments around the world legislating technical standards. And then everything comes crashing down.

Besides, he goes on, “the more government tries to regulate, the more people will try to build an Internet that is uncensorable and unfilterable and unblockable” …

Even Moss, who participates in the highest-level discussions about global Internet policy, finds himself unable to keep up with all of the efforts to control the Internet that are happening right now. …

IV. The Summer of Lulz

… Aaron Barr, the former C.E.O. of the cyber-security firm HBGary Federal, had plotted to discredit WikiLeaks by faking documents to make the group look unreliable. Then Barr investigated the Anonymous hackers who were supporting WikiLeaks, and boasted to the Financial Times that he had “collected information on their core leaders, including many of their real names.” In retaliation, Anonymous hackers annihilated Barr’s Web site, spilled HBGary’s archive of 71,000 e-mails onto the Web, raided Barr’s Twitter account, and remotely deleted everything from his iPad. ”

After the HBGary hack last February, the public image of Anonymous went split-screen. On the one hand, Anonymous operations supported the Arab Spring (and, later, Occupy Wall Street). On the other hand, a group of hackers … launched a series of attacks that trashed all standards of privacy and security. The attacks, known as “the summer of lulz,” were, on the whole, as pathologically anarchic as something the Joker might have done. …

Reporters generally refer to Anonymous as a “group” or, somewhat more accurately, as “a loose collective.” Anonymous, Corman explains, is not real­ly a group, and it is a “collective” only insofar as there is some overlap among the individuals who perform the deeds attributed to Anonymous. … Hacking by Anonymous generally expresses a hunger for the complete transparency of governments and corporations. Anonymous hackers often oppose surveillance and promote self-government. Beyond these principles, there is little consensus.

Joshua Corman image from http://pabi.csoandy.com
Joshua Corman, Director of Security Intelligence of Akamai Technologies

Joshua Corman, is director of security for a firm called Akamai. Together with Jericho, known to the outside world as Brian Martin, a Denver cyber-security consultant, Corman started tracking Anonymous last year. …

Corman believes that the …. the terrifying part … is that the Web gives individuals immense power without instilling the “compassion, humility, wisdom, or restraint to wield that power responsibly.”

… Like everyone who understands the decentralized structure of the Internet, Joshua Corman is skeptical of government attempts to control it. Corman believes that the spread of “hacktivism,” which first made mainstream headlines when Anonymous attacked the Church of Scientology in 2008, demonstrates that “those who can best wield this new magic are not nations. They’re not politicians. The youngest citizens of the Net don’t even recognize allegiance to a country or to a political party. Their allegiance is to a hive. In some ways this is very exciting. In other ways this is terrifying.” The terrifying part, for Corman, is that the Web gives individuals immense power without instilling the “compassion, humility, wisdom, or restraint to wield that power responsibly.”

… The media has mainly served the purposes of Anonymous. “The stories are: Insert high-value target here; something bad happens; attribute it to Anonymous. And people are eating that up.”… “The media is a player in this drama. They’re not observing or describing. They’re being played.”

And they’re being played by all parties. The bust of Anonymous and LulzSec in March was hailed even by many leading cyber-­security bloggers as “the end of Anon.” The idea that any faction of Anonymous has a “head” that could be chopped off, as the F.B.I. claimed, suggests either a fundamental lack of understanding of the phenomenon or a willful misrepresentation of it. …  In other words: as an instrument of disruption, Anonymous may be too resilient ever to be killed.

V. Organized Chaos

A new telecom treaty is unlikely to result in either side achieving total victory. At the very least, however, the negotiation in Dubai will move countries to put their cards on the table and declare just how much control they want to assert over Internet governance.

The Net has given more individuals more power in a shorter period of time than any new technology in history. And unlike many other world-changing technologies, there is no institutional barrier to access. This has made it, on balance, mostly destructive of institutional authority, especially that of nation-states. National sovereignty encompasses many powers, but one of its core elements has been a monopoly on the control of overwhelming force. Now that hackers are able to penetrate any and all computer networks, including military ones, that monopoly no longer exists. Nation-states, not surprisingly, resist the erosion of their power and seek ways to reclaim it.

a cartoon from http://www.epinula.com/wp-content/uploads/2012/03/bigbrother_cartoon
ITU seeks nothing more than a “light touch” on the Internet’s operations.

Hamadoun Touré, who will be running the show in Dubai, says he seeks nothing more than a “light touch” on the Internet’s operations. He in fact chuckled when he uttered those words in the course of an interview.

At least three big issues are very likely to be on the table in Dubai, and there’s nothing light about them. One is taxation—a “per click” levy on international Internet traffic. Western countries and business organizations oppose such a tax, as you would expect. China and many Third World countries favor it, saying the funds would help build the Internet in developing countries.

A second issue is data privacy and cyber-security. Authoritarian governments want to tie people’s real names and identities to online activity, and they want international law to permit national encryption standards to allow government surveillance.

The third issue is Internet management. Last year, Russia, China, and some pliant allies jointly proposed a U.N. General Assembly resolution (which failed) suggesting the creation of a global information-­security “code of conduct” and—as if declaring open season on ICANN and the other non-­governmental groups currently in charge—asserting that “policy authority for Internet-related public issues is the sovereign right of states.”

All of these proposals amount to a wish list by the most extreme elements of the forces of Order. The forces of Disorder have no official voice at the negotiations—obviously they’re not invited …

In the War for the Internet, is there a middle way? The forces of Organized Chaos are not an organized group, don’t call themselves by any name, and disagree on many points.

Dan Kaminsky image from http://www.popularmechanics.com/cm/popularmechanics/images/wx/dan-kaminsky-470-b-1008.jpg
Dan Kaminsky, American Security Researcher and trusted Security Expert for DNSSEC for the root

The commitment that unanimously binds them is to make the Internet as reliable as possible. One leading apostle of reliability is Dan Kaminsky, a security analyst and D.N.S. expert and the head of a new stealth start-up. He is a close friend of Jeff Moss’s—and, like Moss, a self-appointed ambassador to Washington. He sometimes opens meetings on the Hill by saying, “There are bad guys on the Internet. Unfortunately, you’re helping them.” He is a serial entrepreneur whose current mission is to augment passwords with other ways for Internet users to prove their identities that are more robust, easier to use, and harder to crack. “The only thing everyone agrees on,” says Kaminsky, “is that the Internet is making everyone money now and it’s got to keep working.”

As they devise new systems of authentication, Kaminsky and others are working to be sure that these authentication systems preserve the qualities of privacy and online anonymity—even though anonymity has contributed to, if not created, almost every problem at issue in the War for the Internet. The task at hand is finding some way to square the circle: a way to have both anonymity and authentication—and therefore both generative chaos and the capacity for control—without absolute insistence on either. It is a neat philosophical trick: Sun Tzu meets John Locke meets Adam Smith meets Michel Foucault.

No one can say exactly how these sorts of standards would be defined and applied, or who would be their custodians. World governance doesn’t work. It has been pursued for eons by hardheaded pragmatists and woolly-brained eccentrics. Time and again it has been defeated by the vagaries of human nature and the opportunistic conflict of competing interests. In the case of the Internet, the number of interested parties runs into the billions, and they come from divergent cultures and pursue irreconcilable objectives. As Vint Cerf points out, this basic reality seeps through every aspect of the War for the Internet. Around the world and across generations, people have different tolerances for civility, incivility, and invasion of privacy. “I think it will be very hard to resolve this in a way that’s globally acceptable,” he says.

Freedom in human society, by definition, includes some concept of bound­a­ries. Freedom on the Internet has, thus far, lacked any real concept of boundaries. But boundaries are being invented. It seems certain that nations, corporations, or both will create more zones on the Internet where all who enter will have to prove their real-world identities. Google and Facebook are already moving in this direction. The most heavy-handed suggestions entail a virtual passport or ID, which could include biometric data.

Some see stringent, universal, and mandatory authentication of identity as a commonsense solution to a number of the Internet’s biggest problems. ….

The forces of Organized Chaos reject this argument. Vint Cerf says, “When I hear senators and congressmen complaining about anonymous speech, I want to stop them and say, you should read your own history. The anonymous tracts that objected to British rule and rules had a great deal to do with the American Revolution. Weren’t you paying attention in civics?”

Given the radically decentralized nature of the Internet, the most important thing that anyone can do is to try to make the center hold—but not too tightly. That means protecting the Domain Name System, the Internet’s sole central feature, from government control while keeping governments involved in maintaining it. The point is: there is no single “safe pair of hands,” whatever the forces of Order might say. Any safe pair of hands is a dangerous pair of hands.

At the same time, the security of the D.N.S. itself needs to be radically upgraded, to obstruct hijacking and surveillance… Finally, “network neutrality” must be preserved. Net neutrality is almost as plastic a concept as Internet freedom, but to the forces of Organized Chaos, it means maintaining the telecommunications infrastructure as a level playing field. The Internet is open to everyone; service providers can’t discriminate; all applications and content moves at the same speed.

To accomplish any of these things, governments will need to create formal mechanisms to give the people who know the most about the Internet—including computer engineers and hackers—a meaningful voice in making policy.Basic Internet literacy is now as critical to good governance as basic knowledge about economics or public health …

Beyond this core agenda, the forces of Organized Chaos, by and large, think that the Internet should be allowed to evolve on its own, the way human societies always have. The forces of Organized Chaos have a pretty good sense of how it will evolve

Read the Michael Joseph Gross’s entire article in Vanity Fair

Civil Liberties, Core Internet Values, Future of Internet, IGF, Internet, News, privacy, technology

A document from 39 years ago: Western Concern for Privacy in the age of Computers

Common Concerns

[ This was in 1973, 39 years ago, when “when computers ran on steam and the internet was still largely mechanical”. I was led to this document from a message posted by Karl Auerbach in the At Large mailing list today ]

Most of the advanced industrial nations of Western Europe and North America share concerns about the social impact of computer-based personal data systems. Although there are minor differences in the focus and intensity of their concerns, it is clear that there is nothing peculiarly American about the feeling that the struggle of individual versus computer is a fixed feature of modern life. The discussions that have taken place in most of the industrial nations revolve around themes that are familiar to American students of the problem: loss of individuality, loss of control over information, the possibility of linking data banks to create dossiers, rigid decision making by powerful, centralized bureaucracies. Even though there is little evidence that any of these adverse social effects of computer-based record keeping have occurred on a noticeable scale, they have been discussed seriously since the late sixties, and the discussions have prompted official action by many governments as well as by international organizations.

western concern for privacy in the 70sConcern about the effects of computer-based record keeping on personal privacy appears to be related to some common characteristics of life in industrialized societies. In the first place, industrial societies are urban societies. The social milieu of the village that allowed for the exchange of personal information through face-to-face relationships has been replaced by the comparative impersonality of urban living. …

Concern about the effects of computer-based record keeping appears to have deep roots in the public opinion of each country, deeper roots than could exist if the issues were manufactured and merchandised by a coterie of specialists, or reflected only the views of a self-sustaining group of professional Cassandras. The fragility of computer-based systems may account for some of the concern… There are few computer systems designed to deal with the disruption that deliberately lost or mutilated punched cards in a billing system-to give a simple example-would cause. Thus, the very vulnerability of automated personal data systems, systems without which no modern society could function, may make careful attention to the human element transcend national boundaries.

The Response in Individual Nations


On October 7, 1970, the West German State of Hesse adopted the world’s first legislative act directed specifically toward regulating automated data processing. This “Data Protection Act” applies to the official files of the government of Hesse; wholly private files are specifically exempted from control. The Act established a Data Protection Commissioner under the authority of the State parliament whose duty it is to assure that the State’s files are obtained, transmitted, and stored in such a way that they cannot be altered, examined, or destroyed by unauthorized persons…

Thus, the Data Protection Act of Hesse seems designed more to protect the integrity of State data and State government than to protect the interests of the people of the State…


When strong opposition to the 1969 census erupted in Sweden, public mistrust centered not so much on the familiar features of the census itself as on the fact that, for the first time, much of the data gathering would be done in a form specifically designed to facilitate automated data processing. Impressed by the possibility that opposition might be so severe as to invalidate the entire census, the government added the task of studying the problems of computerized record keeping to the work of an official commission already studying policies with respect to the confidentiality of official records.

After a notably thorough survey of personal data holdings in both public and private systems, the commission issued a report containing draft legislation for a comprehensive statute for the regulation of computer-based personal data systems in Sweden.2 The aim of the act is specifically the protection of personal privacy. Its key provisions are these:

  • Establishment of an independent “Data Inspectorate,” charged with the responsibility for executing and enforcing the provisions of the Data Law.
  • No automated data system containing personal data may be set up without a license from the Data Inspectorate.
  • Data subjects have the right to be informed about all uses made of the data about them, and no new use of the data may be made without the consent of the subject.
  • Data subjects have the right of access without charge to all data about them, and if the data are found to be incorrect, incomplete, or otherwise faulty, they must either be corrected to the subject’s satisfaction, or a statement of rebuttal from the subject must be filed along with the data.
  • The Data Inspectorate will act as ombudsman in all matters regarding automated personal data systems.

The Data Law has been passed by the Swedish Parliament and will become effective on July 1, 1973. A transition period of one year will be allowed to implement all the provisions of the law.


Article 9 of the French Civil Code states plainly, “Everyone has the right to have his private life respected. 3 As legal scholars in all countries have noted, however, it is very difficult to define the precise limits of privacy in every case that comes before a court, and in spite of such explicit protection, the privacy of the French, both inside and outside of automated personal data systems, seems in practice no better defended than that of most other people…

One other development on the French scene deserves mention. The 1972 annual report of the Supreme Court of Appeals went considerably out of its way, after reviewing a case of literary invasion of privacy, to comment on the subject of computers and privacy:

… The progress of automation burdens society in each country with the menace of a computer which would centralize the information that each individual is obliged to furnish in the course of his life to the civil authorities, to his employer, his banker, his insurance company, to Internal Revenue, to Social Security, to the census, to university administrations, and, in addition, the data, correct or not, which is received about him by the various services of the police. When one thinks about the uses that might be made of that mass of data by the public powers, of the indiscretions of which that data might be the origin, and of the errors of which the subjects might be the victims, one becomes aware that there lies a very important problem, not only for the private life of everyone, but even for his very liberty.

It appears to us that this eventuality, an extremely probable one, ought to be made the object of consideration of the public power, . . .and that this consideration should take its place among the measures of precaution and of safeguard which should not lack for attention.7

To sum up, the situation in France is complex. The subject of computers and privacy has been given serious attention by a relatively small group of experts, but that group has an influence in government far out of proportion to its numbers. The attitude of the present government is strongly colored by another aspect of the privacy problem: It has been caught in a wiretap scandal, and its defensiveness in that regard appears to be influencing its actions on the computer front. The official report of the present working group is due before the end of 1973, but it does not seem realistic to expect that there will be any definitive action in France before, perhaps, mid-1974.


Britain is unique among the countries reviewed in having recently completed a thorough study of the entire subject of privacy.8 Although the committee in charge of the study, the Younger Committee, was restricted in its terms of reference to private, rather than public, organizations that might threaten privacy, the committee’s report is a model of clarity and concern. In brief, the Committee found that both the customs of society and the Common law had evolved defenses against the traditional intrusions of nosey neighbors, unwelcome visitors, door-to-door salesmen, and the like. Against the new threats of technological intrusions-wiretaps, surveillance cameras, and, of course, computerized data banks-the Committee recognized that the traditional defenses are inadequate. To help deal with the threat of the computer, the Committee recommended specific safeguards to be applied to automated personal data systems, although it left the method of application up to the government to decide. The main features of the safeguards are:

  1. Information should be regarded as held for a specific purpose and not to be used, without appropriate authorization, for other purposes
  2. Access to information should be confined to those authorized to have it for the purpose for which it was supplied.
  3. The amount of information collected and held should be the minimum necessary for the achievement of the specified purpose.
  4. In computerized systems handling information for statistical purposes, adequate provision should be made in their design and programs for separating identities from the rest of the data.
  5. There should be arrangements whereby the subject could be told about the information held concerning him.
  6. The level of security to be achieved by a system should be specified in advance by the user and should include precautions against the deliberate abuse or misuse of information.
  7. A monitoring system should be provided to facilitate the detection of any violation of the security system.
  8. In the design of information systems, periods should be specified beyond which the information should not be retained.
  9. Data held should be accurate. There should be machinery for the correction of inaccuracy and the updating of information.
  10. Care should betaken in coding value judgments.9


In its report, published in late 1972,11 the Canadian Task Force concluded that computer invasion of privacy is still far short of posing a social crisis. However, the rapidly rising volume of computerized personal data and the equally rapidly rising public expectation of a right to deeper and more secure privacy threaten to converge at the crisis level. To forestall that crisis, the Task Force recommends that a commissioner or ombudsman be established in a suitable administrative setting, that carefully prepared test cases on cogent issues be brought before the courts, and that the operation of government data systems be made to serve as a national model.

from http://aspe.hhs.gov/datacncl/1973privacy/appenb.htm