Light Blue Touchpaper

The Telegraph and Guardian reported yesterday that the government plans to install deep packet inspection kit at ISPs, a move considered and then apparently rejected by the previous government (our Database State report last year found their Interception Modernisation Programme to be almost certainly illegal). An article in the New York Times on comparable FBI/NSA proposals makes you wonder whether policy is being coordinated between Britain and America.

In each case, the police and spooks argue that they used to have easy access to traffic data — records of who called whom and when — so now people communicate using facebook, gmail and second life rather than with phones, they should be allowed to harvest data about who wrote on your wall, what emails appeared on your gmail inbox page, and who stood next to you in second life. This data will be collected on everybody and will be available to investigators who want to map suspects’ social networks. A lot of people opposed this, including the Lib Dems, who promised to “end the storage of internet and email records without good reason” and wrote this into the Coalition Agreement. The Coalition seems set to reinterpret this now that the media are distracted by the spending review.

We were round this track before with the debate over key escrow in the 1990s. Back then, colleagues and I wrote of the risks and costs of insisting that communications services be wiretap-ready. One lesson from the period was that the agencies clung to their old business model rather than embracing all the new opportunities; they tried to remain Bletchley Park in the age of Google. Yet GCHQ people I’ve heard recently are still stuck in the pre-computer age, having learned nothing and forgotten nothing. As for the police, they can’t really cope with the forensics for the PCs, phones and other devices that fall into their hands anyway. This doesn’t bode well, either for civil liberties or for national security.

The book “Digital Activism Decoded: The New Mechanics of Change” is one of the first on the topic of digital activism. It discusses how digital technologies as diverse as the Internet, USB thumb-drives, and mobile phones, are changing the nature of contemporary activism.

Each of the chapters offers a different perspective on the field. For example, Brannon Cullum investigates the use of mobile phones (e.g. SMS, voice and photo messaging) in activism, a technology often overlooked but increasingly important in countries with low ratios of personal computer ownership and poor Internet connectivity. Dave Karpf considers how to measure the success of digital activism campaigns, given the huge variety of (potentially misleading) metrics available such as page impression and number of followers on Twitter. The editor, Mary Joyce, then ties each of these threads together, identifying the common factors between the disparate techniques for digital activism, and discussing future directions.

My chapter “Destructive Activism: The Double-Edged Sword of Digital Tactics” shows how the positive activism techniques promoted throughout the rest of the book can also be used for harm. Just as digital tools can facilitate communication and create information, they can also be used to block and destroy. I give some examples where these events have occurred, and how the technology to carry out these actions came to be created and deployed. Of course, activism is by its very nature controversial, and so is where to draw the line between positive and negative actions. So my chapter concludes with a discussion of the ethical frameworks used when considering the merits of activism tactics.

Digital Activism Decoded, published by iDebate Press, is now available for download, and can be pre-ordered from Amazon UK or Amazon US (available June 30th now).

Update (2010-06-17): Amazon now have the book in stock at both their UK and US stores.

It used to be simple to explain how browsing works. You type a link into the browser, the browser asks a DNS server at your ISP to translate the human-friendly hostname into the IP address of the web server, and then the browser contacts the server with an HTTP request requesting the page that you want to view.

It’s not quite that simple any more — which is rather bad news for the National Enquirer, the US tabloid which decided, three years or so ago, following a brush with the UK libel laws, that it would not publish a UK edition, or allow visits to its website from the UK. Unfortunately, the Enquirer’s blocking is no longer working as effectively as it used to.

(more…)

Last night’s Panorama looked at the issue of unlawful filesharing and the proposals within the Digital Economy Bill that the UK Government thinks will deal with it.

The Open Rights Group has criticised the programme for spending too long examing the differences of opinion among music makers, and too little time talking about rights — perhaps that’s an inevitable side effect for fronting the programme with Jo Whiley, a Radio One DJ. This probably increased the audience amongst the under-30s who do a great deal of the file sharing; and for whom this may be the first time that they’ve had the bill’s proposals explained to them. So lose some, win some!

The programme had a number of stunts : they slowed down the broadband of a student household (not only was their MP3 going to take 13 weeks to download, they found they couldn’t effectively look at their email). They got a digital forensics expert to look at a family’s computers, finding copies of LimeWire (tricky stuff forensics!) and portraying this as a smoking gun for unlawfulness. The same expert camped outside the student house and piggybacked on their WiFi (apparently by employing a default password on their broadband router to authorise themselves to have access).

You can also see yours truly:

demonstrating an anonymity network (it was in fact Tor, but I’d done a little tweaking to ensure that its standard discouragement of file sharing activity didn’t have any impact) : and showing that a Bit Torrent tracker stopped recording me as being in Cambridge, but placed me at the Tor exit node in Germany instead.

I argued that as soon as large numbers of people were getting in trouble for file sharing because they were traceable — then they wouldn’t stop file sharing, but they would stop being traceable.

All in all, within the limitations of a 30-minute prime-time main-channel show, I think the Panorama team provided a good introduction to a complex topic. You can judge for yourself (from within the UK) for the next 7 days on the BBC iPlayer, or in three parts on YouTube (I’m two minutes into part 3, at least until a web blocking injunction bars your access to what might well be an infringement of copyright).

As I mentioned a few days ago, the security services have some concerns about the Digital Economy Bill:

If evading blocking systems becomes a mainstream activity (and there’s said to be 6-7 million illegal file sharers in the UK) then it will be used, almost automatically, by subversive groups — preventing the spooks from examining the traffic patterns and comprehending the threat.

There seems to be some confusion about quite what is worrying the security services. Last October, The Times reported that “both the security services and police are concerned about the plans, believing that threatening to cut off pirates will increase the likelihood that they will escape detection by turning to encryption”, and this meme that the concern is encryption has been repeated ever since.

However, I think that Patrick Foster, the Times media correspondent, got hold of the wrong end of the stick. The issue isn’t encryption but traffic analysis.

(more…)

For the past few months the Digital Economy Bill (DEB) has been quietly making its way through the House of Lords. As is the way of these things, large numbers of amendments have been proposed, their lordships have had a series of mini-debates on each set of issues, and the Government have been busily amending the Bill in an attempt to fix all the things that they didn’t think through properly.

The main thrust of the DEB’s approach to dealing with unlawful file sharing of copyright material has been a “three strikes” policy. That is, should you be detected to be sharing some popular beat combo’s music without permission, then on the first two occasions you’d receive an admonishing letter, and on the third time then you would be subject to “technical measures” (ie: very slow Internet speeds) or disconnection, the latter doubtless annoying the rest of your family as they would be unable to visit DirectGov / keep up their social life / catch-up TV shows / do their homework / avoid being sacked from their work-from-home job!

However, the Government are concerned that this won’t be enough, and that unlawful sharing of copyright material might occur in new ways in future. So in clause 17 of the DEB they set out a scheme for amendment (in ways that would be decided as future circumstances required) of the Copyright, Designs and Patents Act 1988 through secondary legislation.

It is unusual to grant such open ended powers to amend primary legislation, because Parliament would be presented with an unamendable statutory instrument and invited to vote for it — no such SI has been defeated in the House of Lords since 2000, and the time before that was in 1968.

There was an outcry over the breadth of clause 17, and so the Government set out amendments to restrict it — but last week peers voted for an opposition amendment (120A) to have an alternative arrangement altogether, a regime of High Court injunctions that would force ISPs to block websites.

This is such a dumb (and dangerous) idea that it has all the characteristics of a wrecking amendment, added to the Bill just to eat up parliamentary time so that the whole Bill will fall at the dissolution for the upcoming election.

(more…)

WikiLeaks have decided to save other people some bandwidth and make some of my powerpoint slides available on their site. Since they usually publish censored or confidential information, they’re presumably completely unaware of how these slides have been available to the public from two different websites since the day of the talk.

Remarkably similar slides (I’m often lazy!) were also presented in talks I have given this year to INEX (the Irish Internet Exchange Point) [slides here], to EuroBSDCon [slides here] and the BCS (Herts branch) [slides here].

These talks have been covered various technical aspects of the blocking of child sexual abuse images for sites that appear on the IWF list. I’ve been mentioning the blocking of Wikipedia just over a year ago, and the blocking of archive.org up to last February. However, I’ve also thrown in a couple of slides about some more recent research, yet to be published, which explores a different way of determining what is on the IWF list. That seems to have been what has interested WikiLeaks.
(more…)

A new paper, Olson’s Paradox Revisited: An Empirical Analysis of File-Sharing Behaviour in P2P Communities, finds a positive correlation between the size of a BitTorrent file-sharing community and the amount of content shared, despite a reduced individual propensity to share in larger groups, and deduces from this that file-sharing communities provide a pure (non-rival) public good. Forcing users to upload results in a smaller caatalogue; but private networks provide both more and better content, as do networks aimed at specialised communities.

George Danezis and I produced a theoretical model of this five years ago in The Economics of Censorship Resistance. It’s nice to see that the data, now collected, bear us out

There’s been much interest today in a report that Shishir Nagaraja and I wrote on Chinese surveillance of the Tibetan movement. In September last year, Shishir spent some time cleaning out Chinese malware from the computers of the Dalai Lama’s private office in Dharamsala, and what we learned was somewhat disturbing.

Later, colleagues from the University of Toronto followed through by hacking into one of the control servers Shishir identified (something we couldn’t do here because of the Computer Misuse Act); their report relates how the attackers had controlled malware on hundreds of other PCs, many in government agencies of countries such as India, Vietnam and the Phillippines, but also in US firms such as AP and Deloittes.

The story broke today in the New York Times; see also coverage in the Telegraph, the BBC, CNN, the Times of India, AP, InfoWorld, Wired and the Wall Street Journal.

The EFF and the Tor Project have been accepted into Google Summer of Code. This programme offers students a stipend for contributing to open source software over a 3 month period. Google Summer of Code has been running since 2005 and the Tor project has been a participant since 2007.

We are looking for talented and motivated students to work on a number of projects to improve Tor, and related applications. Students are also welcome to come up with their own ideas. Applications must be submitted by 3 April 2009. For further information, and details on how to apply, see the Tor blog.