Ron Deibert, Director of the Citizen Lab, speaks with Amanda Lang about why government access to our digital data is a threat to liberal democracy.
Categories
Tag: Internet
Tech giants, chastened by Heartbleed, finally agree to fund OpenSSL:
OpenSSL’s bare-bones operations are in stark contrast to some other open source projects that receive sponsorship from corporations relying on their code. Chief among them is probably the Linux operating system kernel, which has a foundation with multiple employees and funding from HP, IBM, Red Hat, Intel, Oracle, Google, Cisco, and many other companies. Workers at some of these firms spend large amounts of their employers’ time writing code for the Linux kernel, benefiting everyone who uses it.
That’s never been the case with OpenSSL, but the Linux Foundation wants to change that. The foundation today is announcing a three-year initiative with at least $3.9 million to help under-funded open source projects—with OpenSSL coming first. Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Qualcomm, Rackspace, and VMware have all pledged to commit at least $100,000 a year for at least three years to the “Core Infrastructure Initiative,” Linux Foundation Executive Director Jim Zemlin told Ars.
To be clear, the money will go to multiple open source projects—OpenSSL will get a portion of the funding but likely nowhere close to the entire $3.9 million. The initiative will identify important open source projects that need help in addition to OpenSSL.
This is really excellent news: the large companies and organizations that rely on open-source critical infrastructure projects need to (ideally) contribute back through either code contributions of financial support. Hopefully we’ll not just see money but efforts to improve and develop the code of these projects, projects which often are the hidden veins that enable contemporary Internet experiences.
If you’re interested in why it’s so hard to patch a huge portion of the Internet in secret, and what forced the (relatively) early public disclosure of Heartbleed, then this is a good article to read.
Categories
2014.3.24
There is a notable distinction between forms of privatization of military and bureaucratic state functions and examples of Internet governance privatization. Whereas the outsourcing of law enforcement functions or bureaucratic tasks normally involves financial compensation to the private entity delegated these functions, a unique feature in Internet governance is the expectation that some private entities, whether information intermediaries, or financial and transactional intermediaries, should be compelled to carry out law enforcement functions traditionally performed by the state without compensation and often with additional expense and possibly even liability exposure.
Laura DeNardis. The Global War for Internet Governance.
Signs point to fallout from NSA spying that lead to “multi-stakeholder” model.
This is incredibly huge news. However, given the incredible influence of the Government Advisor Council and relative denigration of the Non-Commercial Users Constituency the shift to multistakeholder governance is going to be fraught with sweet words to distract people from the real politik that has largely consumed Internet governance.
The book that was waiting in my mailbox when I got home!
Categories
A Story of Restoring the Internet
Categories
2013.12.19
…according to a former NSA employee, by 1995 the agency had installed sniffer software to collect various kinds of traffic at nine major Internet exchange points (IXPs). Terry Thompson, the NSA deputy director, also acknowledged in 2001 that the agency has taken to hiring technicians away from the private companies that run much of the World Wide Web, such as Cisco systems, and employing them to reverse engineer various communications technologies in order to locate vulnerabilities that the agency can exploit. This poached taken much be invaluable in sorting through the packetized and multiplexed flows of digital data.
Patrick Radden Keefe, Chatter: Dispatches from the Secret World of Global Eavesdropping
Ars Technica has a good piece on how cyberstalkers and bullies operate, with reporting based on studies (circa 2006, admittedly) and some anecdotal evidence. In effect, the mechanisms to stalk and bully online are often easy to use, reasonably accessible, and capable of significant intrusion into people’s lives. However, what struck me most poignantly was the concluding section of the article:
In this particular case, going to law enforcement wasn’t going to be much of an option. The woman said she had gotten rid of the BlackBerry, so there was no way to perform forensics on it to gather evidence. The same was true of her father’s computer, which the technician had wiped clean.
That’s a common problem in dealing with these sorts of cases, Southworth said. “Some victims just want their device clean and just want the stalking to stop. But if you clean off the device, you’re destroying the evidence.” And for victims who are trying to deal with an abusive relationship, trying to do anything to remove malware from a phone or computer could put the victim in danger. “Even looking for the spyware can raise the risk,” Southworth said, because the software could alert the attacker of the attempt and trigger violence.
And even when software is removed, the persistence of such stalkers usually means that they won’t stop their behavior—they’ll just take different approaches. That, paradoxically, is an upside for law enforcement, Southworth said. “They don’t stop, so if she wants law enforcement to get involved,” she said referring to the victim, “there’s likely another form of stalking going on for them to catch him with.”
People who haven’t experienced stalking, or the fear of stalking, may not appreciate the emotional desire to just make it stop. Such desires are often based on an attempt to feel ‘safe’ again, often when doing simple things like buying groceries, waiting for a bus, or just going home. As such, wanting to remove the suspicious tracking systems – instead of leaving them there, and maintaining the fear, in the hopes of a criminal arrest – will often take priority over ‘catching’ the perpetrator. But, at the same time, there is often a fear that the very act of ‘making the surveillance stop’ could lead to physical consequences. It’s a lose-lose experience, where any decision merely modifies the ‘kind’ of fear instead of terminating the experience of fear itself.
Moreover, removing suspected surveillance-ware may not alleviate the fear of being monitored: most technical systems (effectively) operate like magic for the majority of the computer-using population. How the surveillance-ware was even installed, or if it was all purged, or if it could infect a person’s computer systems again, will often pervade how a person uses computers. In light of specific concerns (surveillance) that are imprecisely directed (i.e. is my phone, my computer, or other device infected and, if so, would I even know?) a person may simply avoid some actions or actively engage in deceptions to ‘throw off’ someone who might be watching.
In effect, concerns of possible but undetected surveillance are often accompanied by heightened privacy and security efforts. These efforts might be more or less effective (or even needed!), and taking such efforts will almost certainly diminish a person’s ‘normal’ uses of services (e.g. Facebook) that their (not-stalked/bullied) friends and colleagues get to enjoy. Moreover, the experience of having to use such privacy and security techniques is representative of the scarring left by online stalking and bullying: ‘normality’ becomes defined as a defensive posture online based on (often) physical fears. No one’s ‘normal’ should be predominantly defined by fear.
It’s this broader emotional fear that is challenging to address, both in terms of law (i.e. getting the data needed to pursue a meaningful conviction or punishment) and personal mental health (i.e. learning to ‘trust’ systems that aren’t really understood and that have previously compromised a person’s life possibilities).
In Canada, the federal government has recently introduced legislation ostensibly meant to crack down on cyberbullying linked to the unauthorized sharing of a person’s intimate images. While criminalizing the sharing of such images may be a helpful addition to the Criminal Code for certain kinds of cases, doing so doesn’t address the broader challenges linked to cyberstalking and cyberbullying. Addressing these challenges requires something else – though I don’t know what – that meaningfully responds to the societal issues associated with online stalking and bullying in a more holistic manner, a manner that frees people from the persistent fear of being a victim despite going to either law enforcement or removing the stalking-ware.
Excited Pixels 