Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

December 30 2013

2013 in Review: A Fireside Chat with EFF's Jillian York and Eva Galperin

Graphic by 7iber (CC BY-NC-ND 2.0)

Graphic by 7iber (CC BY-NC-ND 2.0)

Jillian York and Eva Galperin are both longtime Advox contributors that work for the Electronic Frontier Foundation, a leading US organization defending human rights in the digital age. They conducted a “year in review” exercise this week, looking at the state of digital rights in 2013 and making predictions for the new year. Not surprisingly, they found themselves focusing on the threat of surveillance in a post-Arab Spring world.

Jillian York: After the Arab Spring, I wasn't really sure how subsequent years could get crazier on the Internet freedom front. And then they did.

Eva Galperin: So was this the “worst year for Internet freedom” to date?

JY: For people who thought that the Arab Spring was going to be a positive turning point, I think 2013 was a pretty tough year. We've seen plenty of evidence of how the Arab Spring influenced countries in the MENA region. What do you think its impact was in other parts of the world?

EG: It has definitely had an influence in Russia and other post-Soviet states. For example, in Turkmenistan the government has seen the Arab Spring as a sign that they should ramp up Internet surveillance. And it doesn't help that the equipment is getting cheaper and surveillance is getting easier as more people all over the world lead more of their lives online.

JY: Surveillance is getting cheaper, and yet there are only a few countries that produce the kind of equipment we're talking about, right?

EG: A lot of the equipment is made in the West, but companies in the US and Europe are facing increasing competition from Chinese companies like Huawei and ZTE. As activists, we can put pressure on companies like BlueCoat or Cisco or even Teliasonera, but there isn't a lot we can do to influence the policies of Chinese companies.

JY: Right — although I wonder how much the contracts in the West for those companies might influence their choices?

EG: Actually, Huawei officially said this year they were not interested in the US market anymore. I don't want to sound too defeatist, but if the best defense Western companies can come up with for selling surveillance capabilities to authoritarian regimes is “if we don't do it, Chinese companies will,” they've pretty much ceded the moral high ground.  Since everyone is talking about state surveillance these days, do you think that we've made any progress in calling out Western companies this year?

JY: Yes and no. I think we've made a lot of progress with online service providers and social media companies – even if we don't think their statements have been strong enough, many of the leading companies came together and took a stand against the NSA's mass spying. But when it comes to surveillance equipment providers, I think there's so much more we can do. In fact, I'm making that a New Year’s resolution: Find a way to target investors.

On the slip side, there was the launch of the 13 Principles on the Application of Human Rights to Communications Surveillance – this document, developed by a coalition (of which EFF was a leading member) and signed by over 300 organizations around the world felt like a powerful step towards a more transparent, rights-protective online environment. So there's some good news.

EG: Indeed! And this could have a lasting impact in years to come. Speaking of strong activism efforts – you watch MENA pretty closely. What great activism have you seen come out of the region this year?

JY: There have been some strong actions around the case of Egyptian blogger and activist Alaa Abd El Fattah — he is facing charges under Egypt’s new “anti-protest” law, which prohibits public demonstration without prior authorization from government officials. When he was arrested last month in Egypt, his allies created a “rolling press release” in a Google Doc that they sent to journalists and organizations — this is still being updated all the time.  It is pretty genius — a great way to keep people informed of the latest news on his case.

Alaa Abd El Fattah. Photo by Alaa (CC BY-SA 2.5)

Alaa Abd El Fattah. Photo by Alaa (CC BY-SA 2.5)

And in Jordan, people have done great work opposing online censorship that has come out of the Press and Publications Law — over 300 sites have been blocked under new amendments to the law that introduce restrictive content and registration rules for websites. Last year, activists responded by driving a coffin around town, calling it a “funeral for the Internet.”

What about in the places that you watch? I know you keep a close eye on Vietnam, what's happening there?

EG: Vietnam is in the midst of a years-long crackdown on bloggers. This year, we saw high-profile bloggers like Le Quoc Quan (also a human rights lawyer) jailed and convicted. There were also cases where bloggers were lumped together and convicted a dozen at a time. And people like Dinh Nhat Uy were jailed for making anti-government Facebook posts.

They're pretty brazen about charging people for unrelated crimes. Charges of tax evasion, which is what got convicted, are pretty common.

This is also a common tactic in China and Russia. Blogger and opposition leader Alexey Navalny was convicted of embezzlement and sentenced to five years in jail in Russia this summer.

JY: Speaking of Russia, this summer it seemed Russia was “on top” so to speak — between Snowden and Putin's success vis-a-vis Syria — but Russia really is cracking down on activists, is it not?

EG: Not only is Russia cracking down on the political opposition, but they've come down hard on free speech on the Internet. Last year, the Duma passed an Internet censorship law that was ostensibly aimed at protecting children but has been used to silence the opposition. Protecting minors from “extremism” “homosexual propaganda” and information about the sale of drugs all have been leading excuses in Russia for censoring the Internet. I think the homophobia angle is relatively new and unusually strong there.

What trends do you expect to see continue into 2014?

JY: Heh – well, one unfortunate one that merits a mention is journalists being charged under terrorism statutes. I counted four just this year. On a more positive note, I think the growth of the digital rights “scene” is amazing. We're not alone in this fight — there are so many allies in every corner of the globe…but that also means we have to be strident in standing up for ALL of our rights, and not compromise.

EG: I have been really impressed by the sheer number of new organizations springing up all over the world.  I hope this means we'll see a continuing trend towards a more comprehensive, less US-centric Internet freedom movement.

JY: Yes, I hope for the same. Well, Eva – have a happy new year, and I'll see you on the other side.

EG: Back at you! Let’s hope it’s a good one.

December 12 2013

Der Kampf um Freiheit und Grundrechte im Netz muss jetzt beginnen

Das Jahr 2013 wird das Jahr bleiben, in dem das Internet erwachsen wurde. Der Überwachungsskandal, der zuerst durch den Namen PRISM bekannt wurde, hat im Netz alles verändert. Im Rückblick wird deutlich werden, dass sich dadurch mit dem Internet die Welt verändert hat.

Eine eigene, vielsagende Begriffsdynamik hat sich entwickelt: Was zunächst Spähaffäre hieß, dauerte irgendwann zu lange und war zu tiefgreifend, um noch eine Affäre sein zu können. Der klassische Skandal weist zwar situative Spitzen auf, hat aber mehr Stehvermögen als die kurzlebige Affäre und viel mehr Eskalationspotenzial.

Im Herbst 2013 ließ sich PRISM noch als Spähskandal bezeichnen. Aber auch die zäheste, langlebigste Interpretation des Begriffs „Skandal“ kommt irgendwann an ihr Ende – wogegen die Radikalüberwachung der digitalen Welt weitergeht. 2013 ist also das Jahr, in dem anhaltende Grundrechtsbrüche und die Abschaffung jeder Privatsphäre zum Alltag wurden. Das ist nichts weniger als eine fortwährende Katastrophe, denn es bedeutet die Aushöhlung des Rechtsstaates, der demokratischen Kontrolle und damit auch der Demokratie.

Die Erschütterung der digitalen Sphäre­ durch die Spähkatastrophe 2013 ff. muss zur vorläufigen Neubewertung vieler Wirkungen des digitalen Fortschritts führen. Inzwischen ist zum Beispiel klar, dass durchschnittliche Plattformen und soziale Netzwerke von Facebook bis Google ihre Daten en gros und en détail zur Auswertung an staatliche Ermittlungsbehörden weiterreichen.

Tendenz zum globalen Albtraum

Es wäre fatal, neue Tools und Features nicht unter diesem Gesichtspunkt zu betrachten. Die Gesellschaft mit allen ihren Beziehungen und Prozessen verschiebt sich immer weiter in die digitale Sphäre. Und dort erwartet sie ein umfassendes Überwachungsszenario. Das Erwachsenwerden des Internet ist ein Ernüchterungsszenario mit der Tendenz zum globalen Albtraum.

Als wesentliche Erkenntnis aus dem Jahr 2013 bleibt, dass Geheimdienste früher Aufklärung gegen andere Mächte betrieben. Im 21. Jahrhundert betreiben sie Aufklärung gegen Bürger, im Zweifel sogar gegen die eigenen Bürger. Es ist ein gefährlicher Trugschluss zu glauben, dass lediglich ein paar Generäle bei der NSA durchgedreht sind. Tatsächlich besteht zwischen westlichen Geheimdiensten eine derart enge Kooperation, dass sie sich in ihrem gemeinschaftlichen Vorgehen kaum sinnvoll entwirren lassen.

Beispielhaft dafür steht die Verwirrung, als im Sommer 2013 herauskam, dass auch der Bundesnachrichtendienst Instrumente wie PRISM benutzt hatte. Zunächst wurde dies bestritten, dann bestätigt, dann sollte es sich um ein ganz anderes PRISM-Programm handeln, schließlich wurde bestätigt, dass es sich doch um genau das fragliche PRISM gehandelt habe, das aber ganz anders eingesetzt worden sei.

Aus Kooperationen werden Abhängigkeiten

In einer Überwachungslandschaft, in der die eine Hand im Zweifel ihre Aktionen vor der anderen Hand geheim hält, werden aus Kooperationen schnell Abhängigkeiten. Faktisch hat sich deshalb eine weltweite Überwachungsmaschinerie herausgebildet, das haben die Enthüllungen von Edward Snowden zweifelsfrei bewiesen.

Und daraus wiederum lässt sich das eigentliche Problem ableiten. Es handelt sich – natürlich – um ein politisches Problem: Große Teile der Politik in den meisten westlichen Staaten sind mit unterschiedlichen Begründungen davon überzeugt, dass ein Kontrollstaat ein erstrebenswertes Ziel ist. Dass umfassende staatliche Kontrolle die Gesellschaft besser macht. Kontrolle durch den Staat richtet sich immer auf die eigenen Bürger, der Kampf gegen äußere Bedrohungen ist allenfalls ein Begleiteffekt.

Ein Milliardenmarkt ohne demokratische Kontrolle

Der Kontrollstaat aber ist kein erstrebenswertes Ziel – sondern ein Schritt hin zu einem modernen Totalitarismus. Unter Innenpolitikern aller Parteien in Deutschland existiert ein Narrativ, das in den Vereinigten Staaten und Großbritannien sogar die Öffentlichkeit beherrscht: Mehr Überwachung ergibt mehr Sicherheit.

Diese Gleichung ist so simpel und scheinbar einleuchtend wie falsch und gefährlich. Sie wurde entwickelt und verbreitet von einer Sicherheitsindustrie, einer bedrohlichen Verschmelzung von Unternehmen und Apparaten. Abgesehen von einer proklamativen und absichtlich emotionalisierten Rechtfertigungskampagne – Hilfe, die Terroristen kommen! – ist der bevorzugte Wirkungsort dieser Industrie im Geheimen.

Es handelt sich um einen Milliardenmarkt, der für seine Expansion am allerwenigsten gebrauchen kann, was die Grundvoraussetzung für den Rechtsstaat ist: demokratische Kontrolle und Bewertung durch die Öffentlichkeit. Spätestens seit 2013 ist klar, dass hinter der ausufernden Überwachung des Internet handfeste wirtschaftliche Interessen stehen.

Jeder ist überwachbar

Das Ergebnis ist nicht bloß die Totalüberwachung der digitalen Sphäre und damit die ständigen Grundrechts- und Menschenrechtsbrüche im Internet. Vielmehr ist zum Verständnis der Tragweite notwendig, Wirkung und Struktur der digitalen Vernetzung zu begreifen. Das Internet geht nicht mehr weg, wenn man das Laptop zuklappt.

Im Gegenteil, selbst die Daten der Leute, die aus Unwissenheit glauben, sich aus der digitalen Welt herauszuhalten, sind überwachbar. Reise- und Verkehrsdaten, Konsumdaten wie Einkaufsverhalten mit EC- oder Kreditkarten, Patienten­akten der Krankenversicherung, Bestellverhalten, Überweisungsdaten und Finanztransaktionen, jegliche Kommunikation per Telefon und Fax (selbst Papierbriefe werden fotografiert) – alles das und noch unendlich viel mehr funktioniert nur durch und mit der digitalen Vernetzung und ist damit auswertbar.

Für eine hemmungslose Überwachungsmaschinerie, die wirklich überhaupt gar keine rote Linie akzeptiert, die die totale Kontrolle zum Leitbild erhoben hat, gibt es in der westlichen Welt niemanden, der nicht im Netz ist. Und damit überwachbar ist.

Die Verschmelzung der digitalen Welt mit der nicht-digitalen kündigt sich seit längerer Zeit an. Bis 2013 war dabei nicht klar, welche Seite der anderen letztlich ihre Regeln aufdrängen wird. Edward Snowden hat gezeigt, dass dieses Ringen im Punkt der Grundrechte längst entschieden ist. Und zwar als geplante und verwirklichte Dystopie der Totalüberwachung durch das Internet.

Genau deshalb muss 2014 das Jahr werden, in dem der Kampf beginnt. Der Kampf für Freiheit und Grundrechte, die längst selbstverständlich schienen – es aber im Netz nicht sind.

Sascha Lobo, Foto: Reto Klar

Foto: Reto Klar

Sascha Lobo, Jahrgang 1975, ist Autor, Strategieberater und hält Fach- und Publikumsvorträge. Er beschäftigt sich mit den Auswirkungen des Internet auf Gesellschaft, Wirtschaft, Politik und Kultur. Auf Spiegel Online erscheint wöchentlich seine Kolumne „Mensch-Maschine“ über die digitale Welt. Zuletzt erschien sein Buch „Internet – Segen oder Fluch“, geschrieben gemeinsam mit Kathrin Passig.

Dieser Text ist im Rahmen des Heftes „Das Netz – Jahresrückblick Netzpolitik 2013-2014“ erschienen. Sie können es für 14,90 EUR bei iRights.media bestellen. „Das Netz – Jahresrückblick Netzpolitik 2013-2014“ gibt es auch als E-Book, zum Beispiel über die Affiliate-Links bei Amazon und beim Apple iBook-Store, oder bei Beam.

December 11 2013

Gigantisch, unkontrolliert, mörderisch

Die Enthüllungen Edward Snowdens haben gezeigt, dass Internetaktivitäten praktisch unkontrolliert von Geheimdiensten überwacht werden. Die Informationen werden unter anderem zur gezielten Ermordung politischer Gegner eingesetzt. Diese Aushebelung sämtlicher demokratischer Grundsätze darf nicht weitergehen.

Ohne Zweifel wird das Jahr 2013 im Rückblick untrennbar nicht nur mit den Enthüllungen Edward Snowdens verbunden bleiben, sondern auch mit den politischen und technischen Reaktionen darauf. Wir erfuhren über Monate häppchenweise die Namen der geheimdienstlichen Operationen und Programme und ihre Zielsetzung.

Selbst einigen der Facebook-Abhängigen ist nun bewusst geworden, dass das Programm Xkeyscore bewirkt, dass sie neben der Werbevermarktung ihrer Daten einen Zweit-Account bei der NSA dazugebucht haben, über den ebenfalls E-Mail-Inhalte, Webseitennutzung und der Facebook-Chat ausgewertet werden. Der Unterschied zur kommerziellen Auswertung ist nur, dass die Geheimdienste die Informationen untereinander ohne direkte Bezahlung weitergeben – im Falle Xkeyscore an die spionierenden Freunde aus Australien, Neuseeland, Kanada und Großbritannien.

Kolossale technische Kapazitäten

Ins Bewusstsein gerückt sind neben der Rasterfahndung die kolossalen technischen Kapazitäten, mit denen die Dienste den Daten zu Leibe rücken. Um beim Beispiel Xkeyscore zu bleiben: Auf eigens betriebenen siebenhundert Servern werden pro Monat 41 Milliarden Datensätze aufgezeichnet, also im Schnitt zwischen ein und zwei Milliarden pro Tag – allein in diesem Programm. Angesichts der Nutzungszahlen von Facebook, wonach alle zwanzig Minuten drei Millionen Nachrichten innerhalb der Plattform versendet werden, sammelt der Verbund der Geheimdienste also einen nennenswerten Anteil und gleichzeitig eine aktuelle Abbildung der Kommunikation, der Interessen, der Handlungen.

Eine dritte Ebene, die mit einem Schlag ganz neu diskutiert werden musste, ist die parlamentarische Kontrolle sowie die US-Geheimgerichte, von deren Existenz nur wenige überhaupt Kenntnis hatten. Die einst als Kontrollmechanismen konzipierten Instanzen müssen heute als das erkannt werden, was sie sind: Chimären, die weder technisch noch faktisch auf Augenhöhe prüfen können, was die Dienste treiben.

Die Opfer der Überwachung

Worüber neben den technischen Details weniger gesprochen wird, sind die Opfer dieser extensiven Datensammlungen. Der gemeine Netznutzer in Europa oder Nord- und Südamerika geht nicht mit Schweißperlen auf der Stirn ins Bett, weil seine Alltagsäußerungen tagsüber in den Datenbanken abgespeichert worden sind oder ihm ein ausländischer Geheimdienst direkt auf den Fersen sein könnte. Das sieht für jemanden jenseits der sicheren Zonen der westlichen Welt anders aus, wie die Snowden-Papiere ebenfalls ans Licht brachten: Die Aufzeichnung einer Nachricht im Netz bedeutet für einige Menschen den Tod durch US-amerikanische Drohnen­schläge.

Die wirklich dunkle, allzu gern verschwiegene Seite der Kommunikationsaufzeichnung, aber auch des gezielten Hackings von Zielpersonen ist das seit Oktober durch die Washington Post bekannt gewordene Mitwirken der NSA an zielgerichteten Tötungen in Pakistan. Aus den Snowden-Dokumenten dringt nun nicht mehr nur die Dreistigkeit ­einer offenbar nach Allwissen strebenden, entfesselten Behörde und ihrer Partner an die Öffentlichkeit, sondern auch das aktive Unterstützen von völkerrechtlich höchst fragwürdigen militärischen Mordoperationen in nie erklärten Kriegen.

In der politischen Sphäre gab erst das im Vergleich dazu seltsam unbedeutend wirkende Ausspionieren der Mobilkommunikation der Bundeskanzlerin den Ausschlag für eine breitere Diskussion in Deutschland. Dennoch blieben konkrete politische Folgen hierzulande aus. Die Bundesregierung ließ uns noch am 14. August 2013 wissen: „Der BND arbeitet seit über 50 Jahren erfolgreich mit der NSA zusammen.“

Wir dürfen die Informationssammelei nicht dulden

Wir können nach dem Snowden-Jahr 2013 nicht zur Tagesordnung übergehen, wenn wir nicht in einer durch und durch anderen Gesellschaft leben wollen, als in der, in deren Geist die Menschenrechtskonvention, die EU-Charta oder das Grundgesetz entworfen wurden – aus den Lehren der Geschichte. Bloß weil uns eine abgeschottete Clique kontrollfreier, bestens ausgestatteter Geheimdienstler mit ihren gut verdienenden kommerziellen Vertragspartnern weismachen wollen, die ganze Informationssammelei diene der Sicherheit, müssen wir ihr Tun nicht dulden. Denn unser Privileg ist es, noch in einer Gesellschaft zu leben, in der die Menschen über die Regeln zur technischen Nutzung der Netze mitentscheiden können.

­Das wird jedoch nur von Erfolg gekrönt sein, wenn wir als Bürger und auch als Konsumenten die Fakten aus den Snowden-Dokumenten nicht nur zur Kenntnis nehmen, sondern unser Verhalten daran orientieren. Niemand zwingt uns zum Bereitstellen eines NSA-Zweit-Accounts, wir könnten auch anders. Wir müssen nur wollen.

Constanze Kurz

Foto: H. Kahl

Constanze Kurz ist promovierte Informatikerin, Sachbuchautorin und arbeitet an der Hochschule für Technik und Wirtschaft Berlin am Forschungszentrum „Kultur und Informatik“. Ihre Forschungsschwerpunkte sind Überwachungstechnologien, Ethik in der Informatik sowie Wahlcomputer. Sie ist ehrenamtliche Sprecherin des Chaos Computer Clubs.

Dieser Text ist im Rahmen des Heftes „Das Netz – Jahresrückblick Netzpolitik 2013-2014“ erschienen. Sie können es für 14,90 EUR bei iRights.media bestellen. „Das Netz – Jahresrückblick Netzpolitik 2013-2014“ gibt es auch als E-Book, zum Beispiel über die Affiliate-Links bei Amazon und beim Apple iBook-Store, oder bei Beam.

Reposted bydarksideofthemoonmadgyvermarrohSirenensangstraycatBloodredswanbauernline

Four short links: 11 December 2013

  1. Meet Jack, or What The Government Could Do With All That Location Data (ACLU) — sham slidedeck which helps laypeople see how our data exhaust can be used against us to keep us safe.
  2. PirateBay Moves Domains — different ccTLDs have different policies and operate in different jurisdictions, because ICANN gives them broad discretion to operate the country code domains. However, post-Snowden, governments are turning on the US’s stewardship of critical Internet bodies, so look for governments (i.e., law enforcement) to be meddling a lot more in DNS, IP addresses, routing, and other things which thus far have been (to good effect) fairly neutrally managed.
  3. 3D Printed Room (PopSci) — printed from sand, 11 tons, fully structural, full of the boggle. (via John Hagel)
  4. Things Real People Don’t Say About Advertising — awesome tumblr, great post. (via Keith Bolland)

December 09 2013

Four short links: 9 December 2013

  1. Reform Government Surveillance — hard not to view this as a demarcation dispute. “Ruthlessly collecting every detail of online behaviour is something we do clandestinely for advertising purposes, it shouldn’t be corrupted because of your obsession over national security!”
  2. Brian Abelson — Data Scientist at the New York Times, blogging what he finds. He tackles questions like what makes a news app “successful” and how might we measure it. Found via this engaging interview at the quease-makingly named Content Strategist.
  3. StageXL — Flash-like 2D package for Dart.
  4. BayesDBlets users query the probable implications of their data as easily as a SQL database lets them query the data itself. Using the built-in Bayesian Query Language (BQL), users with no statistics training can solve basic data science problems, such as detecting predictive relationships between variables, inferring missing values, simulating probable observations, and identifying statistically similar database entries. Open source.

December 05 2013

Controversy Smolders Over Japan's State Secrecy Bill

Image by twitter user @281_ for anti-state-secrecy-protection bill.

Image by twitter user @281_ for anti-state-secrecy-protection bill.

Japan’s proposed State Secrecy bill continues to stoke controversy after its passage in the Lower House last week. The proposed law would introduce harsh new punishments for leaking national secrets related to defense, diplomacy, counter-terrorism, and counter-espionage.

National security is one of the most important agenda items for the ruling Liberal Democratic Party. The bill, in relation to an already-enacted law that launched Japan's version of the NSA, is considered very important for the party's success.

During a key plenary session and even days after its approval, people opposing the bill rallied in front of the Diet (Japan's House of Parliament), shouting “stop the secrecy bill! The evil bill should be discarded!” This is unusual in Japan — although the Japanese constitution affords citizens the right to assemble, most people will not join public rallies.

Shigeru Ishiba, Secretary-General of the Liberal Democratic Party, found the noise unpleasant, and casually referred to demonstrators as “terrorists” on his blog [ja]:

単なる絶叫戦術はテロ行為とその本質においてあまり変わらない

It seems to me that the tactic of simply shouting at the top of their lungs is not much different from an act of terrorism, in essence.

Taken out of context, Ishiba's comment might sound outrageous, but it's easy for people see protests as hindering political progress, whatever that progress might mean. Later, Ishiba posted an apology and correction [ja] to withdraw the above remark:

整然と行われるデモや集会は、いかなる主張であっても民主主義にとって望ましいものです。 一方で、一般の人々に畏怖の念を与え、市民の平穏を妨げるような大音量で自己の主張を述べるような手法は、本来あるべき民主主義とは相容れないものであるように思います。「一般市民に畏怖の念を与えるような手法」に民主主義とは相容れないテロとの共通性を感じて、「テロと本質的に変わらない」と記しましたが、この部分を撤回し、「本来あるべき民主主義の手法とは異なるように思います」と改めます。

Protests and gatherings held in an orderly nature, are desirable for democracy, regardless of what they stand for. On the other hand, I think protests, which are loud enough to bother neighboring citizens’ peace of mind, and leave citizens in awe by blatantly expressing what they stand for, run counter to authentic democracy. I had written on my blog that such acts are not much different from terrorism because I felt there was something similar about these tactics of scaring and leaving citizens in awe with an act of terrorism, but here I withdraw this part of the sentence, and rewrite it as “different from tactics in the original form of democracy.”

Such remarks have evidently done nothing to turn down the volume of protesters. If anything, it seems to be getting louder. On December 5 and 6, angry protesters marched in Hibiya park at a gathering dubbed “drums of fury” [ja].

A coalition of artists, film-makers, editors and publishers opposing the State Secrecy Protection Bill have gathered over 4,400 endorsements for an appeal [ja] against the bill. Their Facebook page [ja], founded on December 1, 2013, has already reached 8,270 Likes.

In a statement, they called for support from people who engage in acts of expression:

「表現人の会」では、声明の趣旨に賛同いただける方を広く募集しています。
条件は、「声明に賛同する」ことと、「あなた自身が、何らかの表現者」であること。プロ・アマ・経歴・国籍は問いません。

We are calling for people to support our appeal [against the Secrecy Bill]. Anyone engaged in any type of work that involves expressing yourself, regardless of nationality, professional or non-professional work history in expression, is eligible to support our appeal.

Patriotic conservative blogger gintoki commented on the issue, suggesting [ja] that people against the bill are predominantly leftists.

マスコミのみならず、ジャーナリストに弁護士、それに賛同する者達が集まってデモを行う・・・
その集団の後ろには労組系や左派系と思しき団体の幟が林立し、まるで反原発デモか、沖縄の反米・反基地運動かと見間違うほどだが、マスコミが彼らの事を左派系団体だとか、労組系を中心にした…などというその団体の本質的な部分について触れて報道する事は少ない

It is not only the mass media, lawyers, journalists, and people who support them and are coming together and protesting [against the bill] [...] This group appears to look like a protest rally before an anti-nuclear power plant, or and anti-US base in Okinawa, with multiple banners of unionists and left-looking groups behind them. However, no mass media described them as left-wing groups or unionist groups. Very few reports touch on the fundamental part of the protesting groups.

Until recently, acts of protest were considered some what rebellious and often times protesters were labeled as “professional activists”, “commies” or “leftists”. But since the Fukushima nuclear disaster of 2011, more people have started to take action and we have seen many first-time demonstrators. Yet those who oppose the secrecy bill seem to stretch beyond Japan's so-called left.

A wide range of organizations have expressed opposition to the proposed law. Seven doctors and dentists released a statement [ja] opposing the bill that won the support of roughly 200 doctors and dentists:

私たち医師・歯科医師が「特定秘密の取扱者」になった場合、日常診療において患者さんから得る病歴・薬物歴・精神疾患歴・家族歴などのプライバシーを、国に強制的に提供させられることになるかもしれません。特定秘密に指定されれば、強制も秘密になります。これは医療者の守秘義務に大きく反し、たいへん危険な人権侵害に加担することになってしまいます。

We, doctors and dentists, may have to be obliged to provide the government with private information of patients such as illness history, record of medication, mental health history, family history that we keep from daily consultation, if we are assigned as people who deal with ‘special secret'. Once special secret is designated, we would have to keep the fact that it is enforcement. Such an act would be far from our duty of confidentiality as medical workers, and would assist human rights violation.

The Directors’ Guild of Japan [ja], Writers’ Guild of Japan [ja], and Japan Writers’ Guild [ja] also put out a joint statement against the bill.

To sound the alarm internationally, Japan Computer Access for Empowerment (JCAFE) released an urgent appeal on December 1, saying that the proposed law is dangerous in the following ways:

We think the law is problematic because:

  • The scope of “specific secrets” is broad and vague, and how exactly “specific secret” will be designated remains unclear. Especially, there is no regulation which forbids specification of the disadvantageous information for the government.
  • The government can permanently designate any information it wants to hide from the public as specific secrets.
  • Any independent third-party bodies will not established that have the power to screen information to determine whether it merits being classified as a specific secret. Even the Diet or courts can not check.
  • The bill includes serious threats to whistle-blowers and even journalists reporting on secrets. Government officials who, in good faith, release confidential information on violations of the law, or wrongdoing by public bodies, should be protected against legal sanctions.
  • Anyone who asks central government employees to offer specific secrets could be subject to punishment on the grounds that they abetted the leakage of secrets. This withers too much the coverage act by all the press containing community media, independent media, and foreign media with the intimidation by punishments.
  • The “aptitude evaluation system” is a privacy infringement not only to public servants and the private citizens that have accepted commissions for government contracts but also to their families, friends, and even their romantic partners.

We call upon all members of the House of Councilors to scrap the bill.

The House of Councilors is expected to vote on the bill on the afternoon of December 6.

November 26 2013

Will Tunisia's ATT Ring in a New Era of Mass Surveillance?

Stylized photo of surveillance cameras. Image by Corey Burger via Flickr (CC BY-SA 2.0)

Stylized photo of surveillance cameras. Image by Corey Burger via Flickr (CC BY-SA 2.0)

Tunisian activists fear that mass surveillance and Internet censorship may return to their country following the creation of a new “investigative” telecommunications agency. On November 6, the Tunisian government announced the establishment the Technical Telecommunication Agency (known by its French acronym ATT or A2T) by decree. Article 2 decree n° 2013-4506 [fr] summarizes the mandate of the agency:

The Technical Telecommunications Agency provides technical support to judicial investigations into ICT-related crimes. It is thus tasked with the following missions:

- Receiving and treating orders stemming from the judicial authority to investigate and record ICT-related crimes in accordance with the applicable legislation.

- Coordinating with the different public telecommunication network operators, access networks and all concerned telecommunication service providers in all of its listed missions in accordance with the applicable legislation.

- Exploiting national monitoring systems of telecommunication traffic in accordance with international human rights treaties and personal data protection laws.

ATT members still have yet to be appointed and the agency has not begun its activities. But it has already raised eyebrows among activists and bloggers who say decree n° 2013-4506 lacks necessary mechanisms for protecting user rights.

Article 5 of the decree states that the annual report on the ATT's activities will be “secret, unpublished and only sent to the government.” Activist Skander Ben Hamda called the ATT decree ‘dishonest‘:

This agency is similar to dozens of other agencies around the world established under the pretense of fighting cyber-crime or counter-terrorism which transform the State into a massive-surveillance State. The decree establishing this agency is dishonest: total absence of civil society and lack of transparency.

On Twitter, Tunisian Pirate Party member Raed compared the ATT to the US National Security Agency:

In a statement [ar] issued on November 20, Tunisia's Ministry of Information and Telecommunications Technology said that the creation of the agency aims to “protect the [country’s] national cyberspace from crimes.” The statement continued: ”A set of guarantees on ATT’s activities have been made in order to consolidate respect for human rights, personal data protection, freedom of expression on the Internet and the right to access information.”

But this did not quell activists’ fears. In an interview with Global Voices, Internet freedom activist Dhouha Ben Youssef said, “The first problem is already in the form, the creation of this agency is made through a decree – not a law that must be voted by the National Constituent Assembly. Thus [there is] not even a debate.”

Unlike laws, decrees are issued by the government and do not require the parliament’s approval.

“Secondly, the introduction of the decree is based on a set of obsolete and repressive laws from the Ben Ali era,” Ben Youssef added.

“Hello darling, your beloved 404 [error] is back.” Tunisian netizens used the term “Ammar 404″ to refer to Internet censorship and surveillance under Ben Ali. Cartoon by Z.

The 2001 Telecommunication Code and the 2004 Privacy Law, were among the laws invoked by the government to establish the ATT. These two laws have deficiencies which make users vulnerable to judicial prosecution and state surveillance. Article 86 of the telecommunication code stipulates that anyone convicted of “harming others or disrupting their lives through public communication networks’’ may face up to two years in prison. This particular article was used many times under Ben Ali to prosecute and convict bloggers and users.

Also concerning is the fact that Tunisia's data protection authority (INDPD) remains weak under the2004 Privacy Law. Among other deficiencies, the law allows state authorities to collect and process personal data without obtaining the consent of the INDPD.

The autonomy and neutrality of the new agency has also been called into question.

Under Decree Article 4, the agency’s general director shall be appointed by the ICT ministry. A Tunisian Pirate Party statement [ar] charged that Article 4 “strips neutrality and objectivity” from the agency’s work and “makes spying on the opposition possible.”

The Ministry has said that a “follow-up” committee will be appointed within the ATT, with the intention of ensuring “good exploitation of national systems monitoring the telecommunication traffic in respect of personal data protection and public freedoms.” Yet just like the agency itself, this committee will be led by the ATT's general director.

The follow-up committee will be comprised by five government representatives appointed from the ministries of Human Rights and Transitional Justice, Interior, National Defense, ICT and Justice. A judge will act as the committee’s vice president and the two remaining members will be selected from the country’s data protection authority (INDPD) and the High Commission for Human Rights and Fundamental Freedoms, a government institution.

With the establishment of the ATT, the storied Tunisian Internet Agency (ATI) will no longer be involved cybercrime investigations. ATI head Moez Chakchouk tweeted:

Indeed, amidst Tunisia's post-revolution legal and institutional vacuum the ATI often stepped in to assist judiciary investigations of cybercrime. ‘We don’t have any constraints but we try to help the court solve some cases, keeping a minimum surveillance,” Chakchouk said during the Freedom Online Conference in Tunis last June.

Tunisian activists have already launched the Stop #A2T campaign. “There is still time to get civil society and netizens involved,” said Ben Youseff. She suggested that the ATT board include a civil society representative. “By adding a representative at the A2T board, we'll be watching the watchers.”

November 22 2013

Protesters, Journalists Speak Out Against Japan's National Secrecy Bill

Protest against Japan's Secrecy Law

Screenshot from the live stream of the protest against the Secret Information Protection Act on November 21, 2013. Demonstrators chant, “No to secrecy law, protect the constitution.”

Thousands of people marched in Hibiya Park in Tokyo in protest of a bill that stiffens penalties for leaking classified information that could jeopardize national security. The bill has been lambasted by critics who fear it could hinder freedom of the press and the right to information.

Representatives from human rights groups, labor unions, the Japanese Communist party, and concerned citizens joined the protest on November 21. According to the organizer [ja], 7,000 people participated in the march to demand the withdrawal of the bill.

The bill would introduce harsher punishments for leaking national secrets in related to defense, diplomacy, counter-terrorism, and counter-espionage, but it remains unclear how the so-called Secret Information Protection Act would define what is a “national secret”.

The day before the march, a group of journalists organized a press conference in Tokyo to publicly object to the bill. Journalist and critic Soichiro Tahara spoke [ja] at the gathering:

私たちが普段やっている取材では、オフレコ取材、共謀、教唆などあたりまえ。この法律で“不当な取材”とされたら10年の懲役刑を喰らう。これでは報道は萎縮してしまう。これは危険きわまりない法律で、とんでもない

The job of journalists like us commonly involves off-the-record news gathering…If the bill is put into force, our job of reporting could be considered an act of inappropriate reportage, and we could face ten years in prison. This would make journalists wither. A bill like this is nothing but dangerous, and truly absurd.

Journalists criticize Secret Information Protection Act

Journalists criticize the Secret Information Protection Act at a press conference held in Tokyo on November 20, 2013. Image captured by Labornet Japan

Article 19, a London-based organization concerned with freedom of expression, also condemns the bill:

ARTICLE 19 urges the Japanese National Diet (Japanese Parliament) to reject the pending Special Secret Protection Bill. The bill violates international standards on freedom of expression and the right to information.

On the Internet, a number of users mentioned the bill. According to social media analytics, more than 370,000 tweets mentioned the bill during the week of the protest. Users published their messages under the hashtag “Demolish the Secrecy Act”(#秘密保護法をブッ潰せ) to express their sentiments against the proposed law.

Aside from the danger that the bill poses for access to information and freedom of expression, a pseudonymous lawyer known as “K” pointed out in an article [ja] on Weekly Playboy that foreign spies might not be subject to the penalties of leaking information:

このままでは日本ばかりが外国の機密を守る義務が生じて、日本の機密は他国に奪われ放題という悲惨な状態に陥ってしまうと思います……

I think, ultimately, the law would only obligate Japan to protect secret information potentially designated as such by foreign countries, while Japan's national secrets can be spied on and obtained by other countries, which would be a terrible situation.

November 20 2013

Four short links: 20 November 2013

  1. Innovation and the Coming Shape of Social Transformation (Techonomy) — great interview with Tim O’Reilly and Max Levchin. in electronics and in our devices, we’re getting more and more a sense of how to fix things, where they break. And yet as a culture, what we have chosen to do is to make those devices more disposable, not last forever. And why do you think it will be different with people? To me one of the real risks is, yes, we get this technology of life extension, and it’s reserved for a very few, very rich people, and everybody else becomes more disposable.
  2. Attending a Conference via a Telepresence Robot (IEEE) — interesting idea, and I look forward to giving it a try. The mark of success for the idea, alas, is two bots facing each other having a conversation.
  3. Drone Imagery for OpenStreetMap — 100 acres of 4cm/pixel imagery, in less than an hour.
  4. LG Smart TV Phones Home with Shows and Played Files — welcome to the Internet of Manufacturer Malware.

November 19 2013

Ecuadorean Activists Say No to Cybercafe Surveillance

Cybercafe, Ecuador. Photo by Romsrini via Flickr (CC BY-NC-ND 2.0)

Cybercafe, Ecuador. Photo by Romsrini via Flickr (CC BY-NC-ND 2.0)

Links are to Spanish-language pages unless otherwise noted.

Do you use cybercafés to communicate with your family and friends, or for work or school? If you do and you find yourself in Ecuador, under a proposed amendment to the Comprehensive Organic Criminal Code (Código Orgánico Integral Penal or COIP), you may be captured on video while doing so. This new provision, along with new requirements for ISP data collection, has unleashed controversy across the Ecuadorian blogosphere. Its outcome could determine the fate of open Internet access in the country.

The proposed law is part of a growing trend among governments around the world to restrict the privacy of Internet users and the free exchange of information, first with anti-piracy laws and then with laws to fight cybercrime—measures that free speech activists fear are actually designed to increase surveillance of citizens by their governments. Examples of this trend are popping up in many countries in Latin America.

On a surprising note, similar processes have been used to pass this kind of law in two neighboring Latin American countries of Peru and Ecuador. In both cases, cybercrime-related bills included articles that had not been discussed previously by members of the national congress or assembly, as is the custom. In Peru the law has actually been promulgated, while in Ecuador the executive branch has yet to rule on it.

It is in this climate of anticipation that a few important steps have been taken in the tug-of-war over whether to approve or reject the bill. The bone of contention is article 474 of COIP, which mandates that all ISPs store user data (telephone numbers, IP addresses, etc.) and that cybercafé owners install video surveillance cameras to record customers using their services.

According to Alfredo Velazco of the Usuarios Digitales (Digital Users) association, the provision set out in article 474 appears to have originated in Ecuador's criminal investigations department, which also showed an interest in reducing anonymity on the Internet. In an article for the website Gkillcity, Velazco indicated that one of the problems is assembly members’ limited knowledge of digital culture:

Legisladores de excelente sueldo, que cuentan con asesores que ganan miles y comités de expertos, pero que ignoran ciertos temas digitales. El problema no es ignorar, pero son “ignorantes digitales” por ignorar voces e iniciativas dispuestas a brindar apoyo por ciudadanos desde la red. Los asambleístas deben legislar en función de garantizar los derechos de los ciudadanos también en plataformas digitales y, en este caso particular, de más 10 millones de usuarios ecuatorianos conectados.

Legislators with generous salaries, who have advisors earning thousands and committees of experts, but who ignore certain digital issues. The problem is not ignorance itself, but that they are “digitally ignorant” because they disregard voices and initiatives aimed at providing support to citizens through the Internet. Members of the Assembly should legislate to guarantee the rights of citizens on digital platforms as well, and in this particular case, that means the more than 10 million users connected in Ecuador.

As US-based digital rights group Access points out [en], one of the consequences of the legislation could be an increase in the cost of Internet access, thereby widening the digital divide for communities with limited resources and subjecting the poor to greater surveillance:

In addition to the deep human rights concerns, Article 474 also poses significant economic costs. Many of Ecuador’s internet users connect through cyber cafes, often small businesses in the room of a private home. Section 2 of the Article provides that those suppliers and distributors of information also must record the user identification, date and time of connection, as well as record their activities on video, again, for a minimum of six months.

The high costs of this provision — from purchasing video recording equipment to storing all user data for at least six months — may prove to be prohibitively expensive for many of these cybercafes, forcing them to go out of business. This would certainly diminish Ecuador's already low Internet penetration rate of 27.2%.

Además de las profundas preocupaciones de derechos humanos, el artículo 474 también representa costos económicos significativos. Muchos de los usuarios de Internet en el Ecuador se conectan a través de cibercafés, a menudo pequeños negocios en una habitación de una casa particular. La sección 2 de este artículo dispone que los proveedores y distribuidores de información también deben registrar la identificación del usuario, fecha y hora de conexión, así como grabar sus actividades en vídeo, una vez más, por un mínimo de seis meses.

Los altos costos de esta disposición – desde la compra de equipos de vídeo de grabación para almacenar todos los datos de usuarios de al menos seis meses – puede llegar a ser costosamente prohibitivo para muchos de estos cibercafés, lo que les obligaría a cerrar. Sin duda, esto disminuiría la ya baja tasa de penetración de Internet en Ecuador, del 27,2%.

Civil society organizations such as Usuarios Digitales, Apertura Radical and Asociación de Software Libre del Ecuador have adopted various strategies with citizens and state institutions, principally the National Assembly, to try to exert pressure on the executive to get it to veto article 474 of COIP. The upshot of this has been the creation of a large coalition called #InternetLibre, rallying other organizations at the national level in a concerted effort to defend the digital rights of citizens on several fronts.

In fact, members of the Assembly from different groups welcomed representatives of #InternetLibre and listened to their points of view and proposals regarding article 474 of COIP and others in the bill. It is worth mentioning that some members of the Assembly favour eliminating the article and others only support amendments to it.

On November 5, #InternetLibre also held a meeting with representatives of different coalitions and Internet freedom activists. The meeting garnered substantial tweets in the Ecuadorian cybersphere under the hashtag #InternetLibre. Journalist Bethany Horne summarized it for Alt1040:

Ayer 5 de noviembre, usando el hashtag #InternetLibre, más de cuarenta personas reunidas en Quito hablaron de las posibles consecuencias de un artículo incluido en el nuevo Código Integral Penal, aprobado hace poco por la Asamblea Nacional que va pronto a consideración final por el Presidente de la República, Rafael Correa. Entre los asistentes estuvieron miembros de la Asociación de Software Libre de Ecuador, el gremio de software AESOFT, la empresa Thoughtworks, docentes de varias universidades, abogados y los emprendedores de ECStartups.

Yesterday on November 5, using the hashtag #InternetLibre, more than 40 people gathered in Quito to discuss the potential consequences of an article included in the new Comprehensive Criminal Code, recently approved by the National Assembly and soon to be submitted for consideration to the President, Rafael Correa. Among the attendees were members of the Asociación de Software Libre de Ecuador, the AESOFT software guild, Thoughtworks, and the faculty of several universities as well as lawyers and entrepreneurs from ECStartups.

Some of the opinions expressed on Twitter that day were:

There is little awareness that article 474 of #COIP will bring a level of absolute surveillance to our society #Ecuador #InternetLibre
— Valeria Betancourt (@valeriabet) November 5, 2013

Let's do some activism! Find out more about COIP, stay on top of it and talk about how this is going to affect us on a daily basis #internetlibre
— Jesica Madrid (@jesicamadrid) November 5, 2013

Possible consequence of #COIP: to avoid having to store more ISP data, mobile service providers might even limit GB for navigation #InternetLibre
— Daniela Peralvo (@danielaperalvo) November 5, 2013

Meeting with President and advisers has more weight than delivering a letter
http://t.co/XLjwmXDGAj #InternetLibre #COIP
— Usuarios Digitales (@usuariosdigital) November 5, 2013

To conclude this post, we decided to talk briefly to Alfredo Velazco, activist and member of the association Usuarios Digitales, about what the next moves by #InternetLibre will be and what expectations there are about amending or eliminating article 474. This was his answer:

Basicamente hacer lobby entre los profesionales del sector que sean citados por entes estatales, ya que no han hecho llamamiento o acercamiento a la sociedad civil vía #InternetLibre, pese incluso a que les hemos escrito para dialogar. Adicionalmente tambien contacto con el Presidente, quien en ultima instancia tiene opcion a vetar ciertos articulos del Codigo Penal. Continuar con la campaña hasta tener un compromiso de las autoridades encargadas. Nuestra expectativa es la eliminación del artículo, no su modificación.

Basically to lobby professionals in the field who are mentioned by state bodies, who have not called on or approached civil society via #InternetLibre, despite our having written to them to begin a dialogue. In addition, contact with the President, who ultimately has a veto option over certain articles of the criminal code. To continue the campaign until we have a commitment from the appropriate authorities. We want the article eliminated, not modified.

Post originally published on the blog Globalizado by Juan Arellano.

 

November 13 2013

Mexican Voter Data for Sale at Buscardatos.com

Elecciones en Baja, California, MX. Foto de Nathan Gibbs via Flickr (CC BY-NC-SA 2.0)

Elections in Baja, California, MX. Photo by Nathan Gibbs via Flickr (CC BY-NC-SA 2.0)

Mexican newspaper Reforma reported [es] that the website buscardatos.com apparently has been harvesting information from the database of the Mexican Federal Electoral Institute (IFE) [es], the body responsible for organizing elections. This has left ample private citizen data accessible on the Internet.

On the webpage, users could access a citizen's voter password, an 18-digit code found in the voting credentials, as well as home addresses simply by searching a voter's last name. Citizen data could also be obtained through other identification records like the Unique Population Registry Code (CURP) or the Federal Taxpayers Registry (RFC), as seen in the screenshot below.

buscadatos.com

Screenshot of buscadatos.com

The answer from Mexican authorities 

Following Reforma's November 6 article, the Institute for Access to Information, a body of the Mexican Federal Public Administration responsible for guaranteeing the right to accessing public government information and the protection of personal data, condemned the potentially unlawful treatment in a statement [es]. The body also indicated that it would open an investigation and agreed to file a complaint with the Attorney General's office against those responsible. The IFE filed a complaint as well.

Hosting for Buscardatos.com

We consulted the City Network hosting service, where buscardatos.com is hosted, and asked those responsible for its administration why the website remained online and the nature of their relationship with the site.

One of their system engineers explained, “this site in particular is not violating the terms of use nor the Swedish law and we have no reason to shut it down,” stressing that they were affiliated with neither the website nor its proprietor.

He also noted that in order for City Network to act on a violation of this sort, the company would have to receive a judicial order from local Mexican authorities.

Server problems 

The website buscardatos.com partially stopped working on the morning of November 8. The search functions have been disabled, since according to a message from its administrators, they are experiencing server problems and the searches will not be available until further notice.

Protection of personal data in Mexico 

In Mexico there are mechanisms like those offered by the Federal Law of Transparency and Access to Public Government Information [es], which establishes a guarantee for the protection of personal data in the hands of the government. Additionally, the Federal Law on the Protection of Personal Data Held by Individuals [es] mandates that anyone handling personal data is obligated to safeguard the privacy of that data, in order to ensure that the owners of that data can access and delete the information at any time or legally contest the way their personal data is handled by third parties.

One case among many? 

Statements from the IFAI and IFE followed Reforma's article and referred exclusively to the case discussed in the paper; yet this is not the only visible case online. There is also a site [es] that reports the sale of the Federal Electoral Institute database, which had been updated until 2012, an incident that authorities have not yet addressed.

November 12 2013

Four short links: 13 November 2013

  1. ISS Enjoys Malware — Kaspersky reveals ISS had XP malware infestation before they shifted to Linux. The Gravity movie would have had more registry editing sessions if the producers had cared about FACTUAL ACCURACY.
  2. Big Data Approach to Computational Creativity (Arxiv) — although the “results” are a little weak (methodology for assessing creativity not described, and this sadly subjective line “professional chefs at various hotels, restaurants, and culinary schools have indicated that the system helps them explore new vistas in food”), the process and mechanism are fantastic. Bayesian surprise, crowdsourced tagged recipes, dictionaries of volatile compounds, and more. (via MIT Technology Review)
  3. Go at 4 — recapping four years of Go language growth.
  4. Las Vegas Street Lights to Record Conversations (Daily Mail) — The wireless, LED lighting, computer-operated lights are not only capable of illuminating streets, they can also play music, interact with pedestrians and are equipped with video screens, which can display police alerts, weather alerts and traffic information. The high tech lights can also stream live video of activity in the surrounding area. Technology vendor is Intellistreets. LV says, Right now our intention is not to have any cameras or recording devices. Love that “right now”. Can’t wait for malware to infest it.

Cyber Stewards Network and Local Activists Investigate FinFisher in Mexico

Map of FinFisher products detected worldwide. Created by John Scott Railton and the Citizen Lab.

Map of FinFisher products detected worldwide. Created by John Scott Railton and the Citizen Lab.

The original version of this post appeared on Citizen Lab's Cyber Stewards site.

While the Mexican government has long been suspected of purchasing surveillance equipment, the frequency of these purchases and the level of public funds allocated to them are rapidly increasing. Last February,  the New York Times published an investigative report on USD 355 million in expeditures by the Mexican Ministry of Defense for sophisticated surveillance equipment. Six months prior to the Times investigation, Carmen Artistegui, a renowned investigative journalist in Mexico, published a report documenting five contracts from the National Secretary of Defense for the purchase of surveillance technologies. All five contracts were confidential and granted to a single company headquartered in the state of Jalisco called Security Tracking Devices, Inc.

In March of 2013, the University of Toronto’s Citizen Lab published “You Only Click Twice: FinFisher’s Global Proliferation,” in which researchers conducted a global Internet scan for command-and-control servers of FinFisher surveillance software. Citizen Lab found FinFisher servers hosted by two Mexican Internet service providers: Iusacell, a small service provider, and UniNet, one of the largest ISPs in Mexico.

It was clear that the findings revealed potential legal violations. As part of my work investigating surveillance in the Northern Triangle for Citizen Lab's Cyber Stewards project, I shared this research with human rights groups and technology collectives in Mexico.

The findings were widely distributed via social networks and later translated by the online activist group YoSoyRed. Shortly thereafter, Mexican magazine Proceso published an investigative report on the harassment of human rights defenders online. The report  asked Iusacell  and UniNet to explain the presence of FinFisher on their servers. Neither of the ISPs responded to any of the magazine’s questions.

I connected with human rights activists in Mexico City and we worked together to raise awareness about civil society efforts in other countries that have resulted in legal action against the use of surveillance technology by repressive regimes, including cases against Amesys in France and Finfisher in Pakistan. A coalition of human rights lawyers and international experts, including Citizen Lab, ISOC Mexico, Privacy International, and other organizations, discussed the possibility of taking legal action to reveal the identity of those parties responsible for the purchase and deployment of FinFisher software in Mexico. At the time, however, we did not have enough information to present a strong case.

In May of 2013 Citizen Lab published “For Their Eyes Only: The Commercialization of Digital Spying,” which once again implicated Mexican ISPs in deploying FinFisher surveillance software. Two Mexico City-based human rights non-governmental organizations, Propuesta Cívica and ContingenteMx, requested a verification procedure regarding FinFisher’s presence in Mexico with the Instituto Federal de Acceso a la Información y Protección de Datos Inicio (Federal Institute for Access to Information and Data Protection or IFAI), Mexico’s privacy authority. Their filing cited Citizen Lab’s FinFisher research.

“For Their Eyes Only,” report by Citizen Lab.

IFAI is legally mandated to protect citizen data and investigate possible personal data violations by private sector entities, as provided by the Federal Law on Personal Data Protection Held by Private Parties. It is also mandated to impose sanctions if a law has been breached. IFAI has the ability to launch a procedure either on its own initiative or at the request of affected parties. If, after preliminary findings, the IFAI determines that there is sufficient evidence to proclaim that a data breach has taken place, a formal investigation and possible sanctions will follow.

IFAI subsequently opened an official preliminary inquiry asking ISPs whether they were hosting FinFisher servers and what measures they were taking to protect the data of their clients. At the same time, Federal Deputy Juan Pablo Adame proposed a resolution before the Mexican Senate and Congress encouraging IFAI to investigate the use of FinFisher with reference to Citizen Lab’s findings and the requests submitted by civil society to investigate the deployment of FinFisher (registered as IFAI/SPDP/DGV/544/2013 and IFAI/SPDP/DGV/545/2013). The Permanent Assembly approved Adame’s motion, thereby imposing an obligation on the data protection authority to answer all questions submitted by the government.

After the Congress and Senate passed a joint resolution, IFAI announced that it required further information from ISPs and government agencies with powers to acquire surveillance technologies before deciding whether it would open a verification process for Iusacell and UniNet. UniNet denied responsibility for any programs that clients run on their servers, while Iusacell made no comment.

Purchase of FinFisher confirmed by authorities

On July 6, following the Congressional resolution and an IFAI public statement announcing the inquiry, YoSoyRed published a leaked contract and other documents implicating the Mexican Federal Government in the purchase of FinFisher software. The Procuraduría General de la Nación (Office of the Prosecutor or PGR) purchased the surveillance tool from Obses, a security contractor, for up to USD 15.5 million. José Ramirez Becerril, a representative from Obses, unveiled details about the equipment provided to PGN and claimed that other Mexican governmental institutions purchased the software as well. Mexican authorities confirmed that the equipment was purchased directly rather than through the governmental bid system that usually characterizes defence contracts so as not to  “alert organized crime.”

The media heavily scrutinized the leaked FinFisher contracts. The press, however, was more concerned about the amount of public funds allocated to purchasing these technologies than about the technologies themselves. In circumventing the public bid procedure, FinFisher and another surveillance tool called Hunter Punta Tracking/Locsys were sold at an inflated price to Mexican authorities during the Felipe Calderon administration. In response, authorities indicated they would prosecute culpable individuals who conduct illegal surveillance activities. To date, no criminal complaint has been filed, despite strict provisions that prohibit the interception of communications unless authorized by a federal judge and a warrant. The full content of the contracts has not yet been made public.

As the scandal unfolded, Congress offered help to activists on the ground demand greater transparency and accountability. On July 11, the Mexican Senate and Congress passed a joint resolution in which they demanded a full investigation and disclosure of any contracts between the Secretary of Interior, the PGR, and any other relevant institution. They were asked to send a full report about the purchase of surveillance and hacking systems capable of monitoring mobile phones, electronic communications, chats, and geolocation data from Obses, Gamma Group, Intellego, and EMC Computer Systems, and its affiliates. Congress also called for laws to regulate and restrict purchases of surveillance equipment, extensively quoting the Citizen Lab report in their request. The commercial entities named have not yet responded. IFAI also informed Congress that they would continue the investigation.

Iusacell and UniNet continued to deny hosting FinFisher servers. Iusacell indicated that the servers were located in Malaysia. Further evidence indicates otherwise: Wikileaks’ and La Jornada’s Spyfiles 3 publication revealed that FinFisher developers visited and were active in Mexico.

All Mexicans enjoy a constitutional right to privacy according to the recently amended Article 16 of the Mexican Constitution and the Federal Law on the Protection of Personal Data held by Private Parties, a general privacy framework. IFAI’s mandate ensures full monitoring powers and verification of compliance with these laws. If IFAI fails to open a full investigation, criminal and constitutional complaints can follow and any failure to investigate will be challenged under the basis of flagrancy. Technical assistance is often necessary to test devices and find examples  of infected individuals to support any legal course of action.

IFAI’s investigation is currently ongoing. The Citizen Lab and Cyber Stewards Network will continue supporting the case and helping both the Mexican authorities and the citizens to understand how surveillance systems operates so that they can evaluate whether those employing them are breaking the law.

Renata Avila is a researcher with Cyber Stewards, an international network of South-based cybersecurity scholars, advocates and practitioners facilitated by the University of Toronto's Citizen Lab.

 

Relevant resources:

Mexican Government Purchased FinFisher Spyware, Daily Dot

Mexico: Advocates demand a full investigation of FinFisher spyware, Global Voices Advocacy

Propuesta Cívica y Contingente Mexicano presentan denuncia ante la Procuraduría General de la Nación por presunto espionaje a teléfonos móviles, Animal Politico

Mexico, en alerta por riesgo de espionaje digital, El Economista

Statement of support from Jacob Appelbaum, ContingenteMX

Privacy International solicita al IFAI que inicie investgación sobre FinFisher, ContingenteMX

November 06 2013

Four short links: 6 November 2013

  1. Apple Transparency Report (PDF) — contains a warrant canary, the statement Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge an order if served on us which will of course be removed if one of the secret orders is received. Bravo, Apple, for implementing a clever hack to route around excessive secrecy. (via Boing Boing)
  2. You’re Probably Polluting Your Statistics More Than You Think — it is insanely easy to find phantom correlations in random data without obviously being foolish. Anyone who thinks it’s possible to draw truthful conclusions from data analysis without really learning statistics needs to read this. (via Stijn Debrouwere)
  3. CyPhy Funded (Quartz) — the second act of iRobot co-founder Helen Greiner, maker of the famed Roomba robot vacuum cleaner. She terrified ETech long ago—the audience were expecting Roomba cuteness and got a keynote about military deathbots. It would appear she’s still in the deathbot niche, not so much with the cute. Remember this when you build your OpenCV-powered recoil-resistant load-bearing-hoverbot and think it’ll only ever be used for the intended purpose of launching fertiliser pellets into third world hemp farms.
  4. User-Agent String History — a light-hearted illustration of why the formal semantic value of free-text fields is driven to zero in the face of actual use.

November 01 2013

Russian Internet Surveillance: Meet the New Boss, Same as the Old Boss

Nikolai Nikiforov, Russia's young Minister of Communications. Nikiforov's appointment in 2012 was supposed to usher in a new era of effective internet policy.

Nikolai Nikiforov, Russia's young Minister of Communications. Nikiforov's appointment in 2012 was supposed to usher in a new era of effective internet policy.

In the latest news from Russia's slow but inexorable march to tighter control over the Internet, the Russian security apparatus is now expanding its surveillance requirements for Russian ISPs. The newspaper Kommersant recently published an article [ru] detailing a complaint made by Vympelkom (the owner of the mobile network Beeline) to the Ministry of Communications about a new decree that is due to come into force next year. The decree (PDF found here [ru]), which was jointly developed by the Ministry and the FSB (Federal Security Service), will require ISPs to monitor all Internet traffic, including IP addresses, telephone numbers, and usernames. Not only that — the traffic will have to be stored for 12 hours after collection. Vympelkom argues that the decree runs contrary to several articles of the Russian Constitution, including the rights to privacy and due process.

Some bloggers were rightly scandalized by the news. Journalist and blogger Matvei Ganapolsky argued [ru] that the new regulations will be used to target members of the opposition, and that any arguments to the contrary will be explained away with the needs of the War on Terror. Ganapolsky also conspiratorially noted that the recent Volgograd suicide bombing coincides with the news of the new law:

Россия устроена так, что предложение подобного приказа удивительным образом совпадает со взрывом автобуса в Волгограде. И если я сейчас начну возражать, то тут же выпрыгнет господин Бастрыкин. И он скажет, что если бы могли читать всё это раньше, то теракта, возможно, не было бы, террористку засекли бы.

Russia is made in such a way that the suggestion of this decree miraculously coincides with a bus exploding in Volgograd. And if I start complaining, then Mr. Bastrykin (head of the Investigative Committee) will appear. And he will say that if only they could monitor it all before, then maybe there would be no bombing, the terrorist would have been caught.

Of course, as some bloggers cynically pointed out, the FSB already monitors the Internet, and already requires ISPs to place duplicating “black boxes” on their servers, routing all internet traffic through FSB offices in real time. ISPs are also already required to keep track of IP addresses and user IDs. These regulations already in place, called SORM –the System for Operative Investigative Activities — are just as bad in violating the Constitution as the new decree, argues [ru] exasperated LiveJournal blogger Daniil Lazoukov. Lazoukov also wondered why Vympelkom didn't protest when the surveillance system was first implemented in 2008.

According to Echo Moskvy blogger Eldar Murtazin [ru], an analyst at the Mobile Research Group, the explanation lies in the game-changing requirement that ISPs store all internet data for 12 hours. Currently the FSB simply does not have the resources or the technology to effectively monitor all Internet traffic in real time, especially because the volume of data has grown “exponentially” over the years. The 12 hour clause will allow the security apparatus a buffer, essentially outsourcing initial data collection and storage to the ISPs. The FSB would then be able to request any part of this data, provided they did it within the 12 hour window. This, in turn, says Murtazin, means that a large part of the cost of monitoring the Internet will be shifted to the ISPs, which is what they are really up in arms about.

Regardless of whether Murtazin is correct in ascribing purely pecuniary motives to Russia's ISP, the new SORM, while certainly similar to the old SORM, promises to be more effective at monitoring the Internet. The difference, to Habrahabr user shifttstas [ru], is in the spirit and the scope — the current SORM, while it does provide a small stream of data to the FSB for analysis, isn't concerned with “mass surveillance.” With the new SORM, everyone is a target.

It remains to be seen if the new regulations will change the experience of the average Russian Internet user, but the trend is clear. More control, less freedom.

October 31 2013

Four short links: 31 October 2013

  1. Insect-Inspired Collision-Resistant Robot — clever hack to make it stable despite bouncing off things.
  2. The Battle for Power on the Internet (Bruce Schneier) — the state of cyberspace. [M]ost of the time, a new technology benefits the nimble first. [...] In other words, there will be an increasing time period during which nimble distributed powers can make use of new technologies before slow institutional powers can make better use of those technologies.
  3. Cisco’s H.264 Good News (Brendan Eich) — Cisco is paying the license fees for a particular implementation of H.264 to be used in open source software, enabling it to be the basis of web streaming video across all browsers (even the open source ones). It’s not as ideal a solution as it might sound.
  4. Principal Component Analysis for DummiesThis post will give a very broad overview of PCA, describing eigenvectors and eigenvalues (which you need to know about to understand it) and showing how you can reduce the dimensions of data using PCA. As I said it’s a neat tool to use in information theory, and even though the maths is a bit complicated, you only need to get a broad idea of what’s going on to be able to use it effectively.

October 28 2013

Argentina and the New Surveillance Tech: Watching Your Every Move

SIBIOS from ADC on Vimeo.

Digital technology, in conjunction with contributions from a human team, allows for the implementation of an advanced, international-level system that secures the unchangeable identity of individuals. Now you are your own person.

In Argentina, a government database holding the pictures and fingerprints of its citizen will soon allow officials to identify citizens based on their DNA, their iris information, and the way they walk. The government-made promotional video (above) explains SIBIOS, the Federal System of Biometric Identification, and now airs on huge LCDs at selected border control stations. It was recently re-released with English subtitles.

The video moves from technical details and dubious philosophical assertions to bold claims about what technology can do. With visual references creepily reminiscent of Michael Radford’s 1984, the video is actually a significant glimpse into both a political practice and a human rights issue. On one hand, the Argentine case shows how policies can advance unscathed by criticism when they are presented as technological updates of standard practices. Indeed, the new database just takes the national ID registration scheme to a new level. But on the other, the video highlights how the fundamental right to privacy is absent from this policy arena.

This needs to change.

The Snowden leaks may have been a first step in that direction. They have produced outrage among Latin American presidents, rendering offers of asylum, harsh words at the UN Security Council and the General Assembly and vows to take action “to create the conditions to prevent cyberspace from being used as a weapon of war, through espionage, sabotage and attacks against systems and infrastructure of other count.” Yet privacy and surveillance practices are in Latin America are deeply troubling.

Apart from Argentina’s biometric data retention scheme, the country also suffers from a chronic lack of control over its intelligence agencies. Every now and then, the accounts of public officials, politicians and journalists are hacked and scandal erupts. These abuses are the result of an an Intelligence Law which parliamentary oversight mechanisms simply doesn’t work.

In Brazil, during a demonstration a few months ago, the Intelligence agency set a special team to monitor activities on social networks including the Whatsapp mobile application (not really a social network).

And in Colombia, the Departamento Administrativo de Seguridad (DAS) was found not only snooping on the communications of journalists but also threatening them. They even developed a manual for this initiative.

These are just a few examples of the kinds of problems one may find in Latin America when looking past the outrage that political leaders have expressed in global fora. So the challenges of building a strong politics of rights around privacy issues are considerable. We face an urgent need to overcome old political practices that have become more risky. And for that to happen, a robust vision of privacy must enter the political debate.

Yet major obstacles lie ahead. First, changing social mores are defying the common understanding of the public and private divide. What used to be private is now shared on social networks. How does this fact affect the perception of privacy in citizens with already weak commitments to this fundamental right? Second, the counter-narrative usually invoked to thwart privacy arguments is related to crime-fighting, which is –according to polls– one of the main concerns of Latin American citizens. How can we make privacy an argument capable of defying practices and policies which –as ineffective as they may be– are seen as concrete steps in fighting rising crime rates? Finally, the risks involved in some of the most problematic practices are seen as merely hypothetical: after all, we all live in democratic regimes and most citizens have not felt the full effect of privacy-invasive policies.

Overall, governments have the upper hand provided by habit and fear. This can only change through activism based on careful research, capable of uncovering the actual practices of the states. While we move towards that goal, the issue of privacy needs to become an increasing part of our public debate. Doing so demands innovative ideas, new narratives to overcome the security argument and a fierce commitment to the basic idea that freedom demands that our conversations are really, truly private.

Ramiro Álvarez Ugarte is a senior attorney at the Asociación por los Derechos Civiles (Association for Civil Rights) in Buenos Aires, Argentina.

October 21 2013

Four short links: 21 October 2013

  1. Google’s Iron Grip on Android (Ars Technica) — While Google will never go the entire way and completely close Android, the company seems to be doing everything it can to give itself leverage over the existing open source project. And the company’s main method here is to bring more and more apps under the closed source “Google” umbrella.
  2. How to Live Without Being Tracked (Fast Company) — this seems appropriate: she assumes that every phone call she makes and every email she sends will be searchable by the general public at some point in the future. Full of surprises, like To identify tires, which can come in handy if they’re recalled, tire manufacturers insert an RFID tag with a unique code that can be read from about 20 feet away by an RFID reader..
  3. method.acComplete 50 challenges. Each challenge is a small, design related task. They cover theory and practice of one specific design subject. Challenges are progressively more difficult, and completing them gives you access to more intricate challenges.
  4. IBM Watson’s Cancer Moonshot (Venture Beat) — IBM is ready to make a big a bet on Watson, as it did in the 1970s when it invested in the emergence of the mainframe. Watson heralds the emergence of “thinking machines,” which learn by doing and already trump today’s knowledge retrieval machines. I for one welcome the opportunity to be a false negative.

Ecuador's New Penal Code Would Violate Internet Privacy

National Assembly of Ecuador. Photo by Presidencia de la República del Ecuador on Flickr, under a Creative Commons license (CC BY-NC-SA 2.0)

National Assembly of Ecuador. Photo by Presidencia de la República del Ecuador on Flickr, under a Creative Commons license (CC BY-NC-SA 2.0)

All links lead to Spanish-language pages unless otherwise noted.

The Ecuadorian National Assembly recently approved the Código Orgánico Integral Penal (Organic Penal Code, or COIP), which has raised concerns within civil society organizations. Certain articles of the COIP threaten “the inviolability, storage, and subsequent analysis of information that citizens generate on the Internet, and on any other telecommunications platforms like landline or cellular telephones.”

The new code combines various previous issues of concern, such as the proposal that slander on social media networks could be penalized in Ecuador [en], which—although it ultimately was not included in the COIP draft—and paints a generally bleak picture of the intentions and the future of the Internet in this South American country.

Organizations Usuarios Digitales (Digital Users), Apertura Radical (Radical Openness), and Asociación de Software Libre del Ecuador (Free Software Association of Ecuador) have explained that the way the law is proposed, all telecommunications services, “like ISP, Internet cafes, WiFi zones, businesses that rent phones or allow Internet access, study centers that offer Internet access, and even people who loan their telephone or Internet connection” will have to store the data and connection traffic of the users, despite the risks that this entails.

Unbelievable!!! RT @alfredovelazco @MauroAndinoR Article 474 #COIP: cybercafes must videorecord users and their navigation http://t.co/X3L3XrcVL3

— Rosa María Torres (@rosamariatorres) October 15, 2013

The issue is generating interest in the traditional media, due to its potential impact on the ways in which Ecuadorians use the Internet. And the public has also started to worry:

@gabrielaespais Presumption of suspicion as a premise, violation of the privacy of online communications #Ecuador #COIP http://t.co/t9pmeLNSWc

— Valeria Betancourt (@valeriabet) October 10, 2013

We Ecuadorians are criminals until proven otherwise #COIP. Are we making progress, Homeland?

— María Eugenia Garcés (@meugegarces) October 18, 2013

“I could not return to this country (Ecuador) because I would not be able to access the Internet” #Stallman [software freedom activist] on the Penal Code article: http://t.co/bX3e6Tpy2y

— Radios Libres (@RadiosLibres) October 18, 2013

The aforementioned organizations are taking on the task of raising awareness about the issue, in order to try to put some pressure on the government so that it vetoes the Organic Penal Code's Article 474, which violates citizens’ right to privacy in their Internet communications.

The “Open Letter to President Rafael Correa and Assembly Members on Internet Privacy and the Draft of the Integral Organic Penal Code,” published on citizen media and various blogs, states, among other things, the following:

Instamos a la Asamblea Nacional y al Gobierno de Ecuador a compatibilizar la Ley propuesta con los estándares internacionales de derechos humanos a fin de precautelar con el mayor rigor la privacidad, la libertad de expresión y la libertad de asociación, en la perspectiva de fortalecer el sistema democrático acorde a los Principios Internacionales sobre la Aplicación de los Derechos Humanos a la Vigilancia de las Comunicaciones [1].

Solicitamos, por tanto, que no se aprueben artículos del Proyecto del Código Orgánico Integral Penal que vulneran los derechos ciudadanos y nos ponen en indefensión frente al almacenamiento indiscriminado y posterior análisis de nuestra información.

We urge the National Assembly and the Government of Ecuador to make the proposed law compatible with international human rights standards, in order to safeguard privacy, freedom of expression, and freedom of association with the greatest rigor, in the context of strengthening the democratic system in accordance with the International Principles on the Application of Human Rights to Communications Surveillance [1] [en].

Therefore, we request that the articles of the Draft of the Integral Organic Penal Code which violate citizens’ rights and leave us defenseless against indiscriminate storage and subsequent analysis of our data are not approved.

Given that President Correa threatened to resign when a group of ruling-party Assembly members promoted the decriminalization of abortion in cases of rape, in a proposal of the Integral Organic Penal Code debated in the Assembly, it seems unlikely that he will recant and veto Article 474 of COIP.

October 14 2013

Internet and Statecraft: Brazil and the Future of Internet Governance

After cancelling her October visit to DC, Brazilian president Dilma Rouseff addressed the United Nations General Assembly on September 24th during the High Level Meeting for the Rule of Law. The UNGA is the main deliberative, policymaking, and representative organ of the United Nations and comprises all 193 Members of the United NationsBrazilians welcomed their president’s decision to cancel her October trip and address US Internet surveillance in a public, global forum.

Marco Civil campaign image by Access. (CC BY 2.0)

Marco Civil campaign image by Access. (CC BY 2.0)

President Rouseff noted that illegally intercepting communications, information, and data cannot be sustained among friendly nations.  In saying this, she was not simply speaking in the manufactured outrage so typical of politics. She was instead speaking from a very different experience fighting against the dictatorship in Brazil in her youth. In dictatorships, surveillance is an essential tool that protects the regime. This is what makes the right to privacy a pillar for freedom of expression, freedom of opinion, and fundamental to democracy. That’s the sad irony of the US government’s relentless push to monitor the Internet, including domestic metadata. It’s the kind of thing that dictatorships do. The only thing different is the intent.

I’m well aware that nation-states spy on each other[1]. Most of us who have spent time in international relations know this. But it’s usually a matter of spying on each other’s governments (or in some cases, businesses) and not on ordinary citizens. (I am a Brazilian citizen living in the US, so I can only assume the NSA monitors my Skype calls home – and, for that matter, my Amazon purchases). We may have simply been naive in believing this was because of principle, when instead it was merely a matter of cost. Now that the transaction costs are low enough, however, anyone may become fair game.

However, Brazil is not a small country, and Rouseff is not a fearful president. She looked directly at President Obama while affirming, categorically, that without respect, there is no basis for the relationship among nations. She was also very specific in her stance, demanding a multilateral mechanism to ensure core principles for the world wide web. In an act that may invite deeper governance influence for Brazil at the UN and its International Telecommunication Union (ITU) – the international organization that is trying to extend its authority over digital networks –  Rouseff  called out five essential affirmations for digital rights on the Internet:

  1. “Freedom of expression, privacy of the individual and respect for human rights.”
  2. “Open, multilateral and democratic governance, carried out with transparency by stimulating collective creativity and the participation of society, Governments, and the private sector.”
  3. “Universality that ensures the social and human development and the construction of inclusive and non-discriminatory societies.”
  4. “Cultural diversity, without the imposition of beliefs, customs and values.”
  5. “Neutrality of the network, guided only by technical and ethical criteria, rendering it   inadmissible to restrict it for political, commercial, religious or any other purposes.”

These principles were applauded by international civil society and mirror the national debate of the Brazilian Constitution for the Internet, locally known as the Marco Civil. The Marco Civil would be a domestic groundbreaker, guaranteeing civil rights in the use of the Internet. Internationally, Marco Civil would be for the highest benchmark for “open” Internet legislation ever to be enacted. Rouseff recently expressed her support for Marco Civil and has ordered it to be processed in the Congress under a 90-day fast track review (45 in the House and 45 days in the Senate).

In thinking that national sovereignty includes the right to live a private life within one’s own borders, Rouseff is not alone. But Brazil is uniquely able to push back at the infrastructure level to encode this principle into the network itself. The country first connected to the Internet in 1990, and connectivity is now available in most areas through a variety of technologies. We constitute more than 94 million of Internet users, and are 2nd worldwide in number of Facebook users. Brazil now wants to provide internet connection beyond its borders and build more Internet exchange points in an effort to have more control over its communication infrastructure, a core economic element that also allows for better control over what happens to the privacy of its nationals.

As reported by Bill Woodcock for Aljazeera America last Tuesday, Rouseff also announced measures to increase domestic Internet bandwidth production, increase international Internet connectivity, encourage domestic content production, and encourage use of domestically produced network equipment. However, some of these measures are not new nor an immediate response to Snowden’s revelations. Brazil has been in investing in ICTs for some time, including massive government investments on broadband connectivity with the Brazilian 2010 Broadband Plan – which is late on its deliverables but still is underway. Ultimately, this move suggests that rather than relying on US cables, US companies, and US state policy, Brazil aims to achieve a leading role on Internet governance by providing core Internet infrastructure to the country and by connecting the country with other countries in the Global South.

That is to say, the Brazilian government may take one of the classic principles of the Internet and apply it to statecraft: interpret the surveillance as damage, and route around it. Brazil is one of the few countries that can simply lay new cables over which the US has no control, and impose privacy by default in those systems. See for instance, the BRICS cable. By the time it is completed, the BRICS Cable will be the third longest undersea telecommunications cable in the world, covering a distance of 34,000km.

For all the rhetoric of a stateless cyberspace, the raw physicality of the network makes it vulnerable to statecraft. Until now, that statecraft has been dominated by a state that places a prime on certain priorities at the expense of civil liberties. But there is nothing in the network that prevents a state with other priorities from joining the fray.

Does this mean that by creating its own infrastructure, Brazil wants to have more control over the Internet?  This is the question we all should have in the back of our minds while the infrastructure is being laid. Brazilian civil society should also demand a series of checks and balances, so we are not surprised later with intelligence programs that the Brazilian government might impose. This need for transparency and accountability is even more pressing now with the 2014 World Cup approaching – Brazil has deployed a massive technology infrastructure to surveil the games and proximal events in the name of security. It will be interesting to see if, how, and when this setup is dismantled. This ICT infrastructure may be able to help or hurt the open Internet depending on its design and its use. Again, we all should watch and see if the distributed design is the mode of this enterprise and if Brazil is really part of the group of countries that support in action, not just in words, the future of and open and free Internet.

Reposted bycheg00 cheg00
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.
Get rid of the ads (sfw)

Don't be the product, buy the product!

Schweinderl