Seizing personal data without reasonable suspicion

Tim Hardy looks at the recent news that UKBA are using anti-terrorism laws to seize personal data of individuals travelling via air.

How would you feel if the police stopped you on a whim, took your phone, your laptop, your digital camera, your MP3 player, your USB sticks and your memory cards then copied everything on them?

How would you feel if they told you they were going to keep all your photographs, your documents, your address book, your financial data, your browsing history, your emails, your chat logs, your electronic diary, your music and recordings and anything else they liked for at least six years - indeed maybe they’d keep them until you reached the age of a hundred in case they might prove useful one day?

How would you feel if they then demanded all of your passwords and threatened you with years in jail if you refused to hand them over?

Welcome to Britain.

These are the rights granted to the police at the border controls of this country.

Within the UK, police officers are authorized to seize phones and download information only after making an arrest. The border control officers have no such limitations.

Anyone entering or leaving the UK faces this possible treatment under port powers contained in Schedule 7 to the Terrorism Act 2000. No prior authorization is needed to stop you and there does not need to be any suspicion. Your data can be kept even if you are not arrested and the police can find no evidence of any crime.

Each year around half a million people are stopped as they enter or leave the UK for screening questions which last for a few seconds or minutes. Nearly 70,000 are examined for longer periods. Less than 0.03% of those questioned for longer are arrested.

The Office for Security and Counter-Terrorism advises that there are no national records kept of data downloads taken and that downloads are conducted at the examining officer’s discretion on a case-by-case basis but that they occur “in a substantial number of cases.”

Noting the arguments for allowing stops without suspicion, David Anderson QC, the independent reviewer of terrorism laws, warned in 2012 and again in 2013

“.. despite having made the necessary enquiries, I have not been able to identify from the police any case of a Schedule 7 examination leading directly to arrest followed by conviction in which the initial stop was not prompted by intelligence of some kind.”

In spite of this the police still have the legal power to act on a hunch or a whim.

Whistleblower Edward Snowden memorably described the NSA and GCHQ spying apparatus as “turnkey totalitarianism”. When asked why the British seem so complacent about this, the academic, journalist and author John Naughton noted

“Britain has no recent historical experience of being invaded, and so the culture has no clear understanding of the consequences of intensive surveillance technology and records falling into the “wrong” hands.”

The retention of data for as long as the state feels it might be useful, should alarm everyone. Everyone should have something to hide. Just because we live in a nominally democratic society right now doesn’t mean it will always be that way. Russia, ironically the first country to decriminalise homosexuality, is fast criminalising it again. Right now you would have good reason to feel worried if the Russian state was holding copies of your mobile telephone and computer data if that included evidence of your sexuality.

Within the UK, there is a growing litany of abuse by police officers being exposed. This is alleged to include spying on the friends and families of victims of police brutality, seemingly with the intent to discredit. How happy are you that your most intimate messages and photographs could be in the hands of people who have shown themselves only too willing to leak sensitive information to the press?

David Anderson has warned in his latest annual report on terror legislation in the UK:

“The fact that such powers are useful does not automatically mean that they are proportionate. It is ultimately for Parliament, prompted if necessary by the courts, to strike the appropriate balance. Even if a no-suspicion power to stop and examine is thought acceptable, it might for example be possible to require some level of suspicion before a phone can be downloaded or a person can be taken into detention... by analogy with the proposal that reasonable suspicion should be required before a strip search is conducted.”

The comparison to a strip search is a good one. As the boundaries between the physical and the digital dissolve and more of our most intimate moments and experiences occur in places that overlap both spheres, the cold scientific language of “data” and “downloads” becomes insufficient to describe the sense of violation such behaviour by the state can cause.

Borders are strange places. We accept perhaps that we may be subject to invasive procedures when we cross but at the very least we expect that there must be reasonable suspicion for the degrading experience of a strip or cavity search. In the same way, we must demand that at the very least that our personal data be considered inviolable unless there are very clear grounds for this invasion. Privacy is a right we should not surrender easily, yet without our paying attention the state signed it away for all people trying to enter or leave the country.

There are many grounds for concern about these laws and the reluctance of the government to consult on the issues raised by David Anderson in his review of them. That the data of innocent people stopped without a warrant and without clear grounds for suspicion can be kept effectively forever is wrong.

Due to an ambiguity over whether the existing act provides sufficient legal authority for this copying of personal data, the government has proposed an amendment inserting a new paragraph 11A into Schedule 7, headed “Power to make and retain copies” as part of The Anti-Social Behaviour, Crime and Policing Bill passing through Parliament at the moment.

Although the government’s intention is simply to protect itself from legal challenges, this is potentially an opportunity to have stricter controls over these extensive powers written into the law.

The Bill has just entered the report stage. MPs now have the chance to introduce proposals for change. Unfortunately there seems to be little government will to make any changes to a bill that gives way too much authority to the police with too little accountability and too few safeguards. Little wonder given how few people seem to be aware of these sweeping powers.



Image: X-ray-washbag by jimmedia CC BY-NC-SA 2.0

Immoral panic

Wendy M Grossman puts forward her argument against David Cameron's proposals to censor pornographic material on the internet.

"The Internet perceives censorship as damage, and routes around it," John Gilmore famously said. I've quoted that aphorism as often as anybody, but it's only really true if by "Internet" you mean "the collection of people who use the Internet". Otherwise, you're giving a mass of computers, cables, and software programs both sentience and agency.

On his home page, where Gilmore has the quote pegged to an article that appeared in Time in 1993, he provides context that people usually forget:

In its original form, it meant that the Usenet software (which moves messages around in discussion newsgroups) was resistant to censorship because, if a node drops certain messages because it doesn't like their subject, the messages find their way past that node anyway by some other route. This is also a reference to the packet-routing protocols that the Internet uses to direct packets around any broken wires or fiber connections or routers. (They don't redirect around selective censorship, but they do recover if an entire node is shut down to censor it.)

The meaning of the phrase has grown through the years. Internet users have proven it time after time, by personally and publicly replicating information that is threatened with destruction or censorship. If you now consider the Net to be not only the wires and machines, but the people and their social structures who use the machines, it is more true than ever.

The problem is that censorship - especially in the form of a blunt instrument aimed at a class of material rather than a specific piece - can also cause lots of damage, most of which will hit targets other than those intended. People who can route around it will; those who cannot will have to live in Sconthorpe.

When, on Monday, UK Prime Minister David Cameron announced his clutch of anti-pornography measures, including nationwide filtering by default, the creation of a blacklist of search engine terms, and the outlawing of possession of "extreme" pornography, for some of us it felt like 1996 all over again. As net.wars noted in 2011, the Internet is not television; there is no easy button to push. It's also not a newspaper, where the editor could at any time stop publishing topless photos on page 3 - a campaign that Cameron has refused to back.

The problems with Cameron's proposals are quickly summarized. First, under the rubric of protecting children he conflates removing illegal material (child abuse images) and blocking material that is legal, however distasteful. Second, a blacklist of "abhorrent" search engine terms will inevitably set off an arms race (blacklist installed; pedophiles create new codes), increasing the likelihood of "stumbling upon" (as happened in the mid-1990s with newsgroups). In any case, search engines are the wrong targets here. Average Internet users are still learning to care enough about protecting their privacy to avoid being tracked, but the tiny minority of obsessives who wish to share pictures of child abuse already have. Finally, if consumers are not opting for filtering on their broadband it's not because of a dastardly plot by ISPs. Let's be clear: this is not just about blocking pornography, and not just because historically, filtering has always led to overblocking. The list of options revealed to the Open Rights Group shows clearly that filtering will not be limited to pornography. The level of safety implied by that list is one that technical experts will tell you ISPs can't deliver - and a false sense of safety carries its own risks.

None of this is new. For the most complete takedown see Lilian Edwards at Pangloss. As Edwards notes, even police experts known for their long-standing interest in protecting children like Jim Gamble have poured scorn on the proposals. Charles Arthur at the Guardian, outlines the effort Internet companies put into removing and denying access to child abuse images and studies the much more complex issues around legal material. I also had a lengthy discussions with the BBC World Service (starts about 40 minutes in), where my host seemed to be genuinely struggling with understanding how to protect his children in the age of the Internet.

In 1996, when the social medium du jour was Usenet, everyone blamed ISPs for making the wrong sort of newsgroups available, and ISPs that opposed censorship on principles became targets of media attacks. The result of that was the formation of the Internet Watch Foundation. Today, helped out by public distaste for large corporations that pay little or no British tax, the same kinds of accusations are being levelled at the search engines, primarily Google. Accidentally matching people with things they were not looking for is not how Google makes its money, nor is linking to material that puts the company in disrepute.

Cameron may not get the votes he wants out of this either, no matter how happy he's made the Daily Mail right now. As Charles Arthur also writes, porn is popular. Maybe, as a commenter to that article wrote, more popular than Cameron. Especially with families whose benefits are being cut.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted irregularly during the week at the net.wars Pinboard - or follow on Twitter.

Image: The cookies of the internet by Kalexanderson CC BY-NC-SA 2.0

The Impending Fate of Bradley Manning

As Manning awaits his fate at the hands of Judge Denise Lind, Naomi Colvin reflects upon his case.

Today, Bradley Manning will be sitting in a court room in Fort Meade, with one member of his defence team and a military prosecutor, waiting for Judge Denise Lind to deliver her verdict. That Manning faces a lengthy prison sentence for acts of conscience has never been in doubt. In February, he plead guilty to ten “lesser included offences” that leave him liable to a prison sentence of up to twenty years.

What Lind will decide this week is how many of the other 12 charges the prosecution has been pursuing will stick. These include charges under the Computer Fraud and Abuse Act, charges of theft of government property and, most seriously, the capital charge of “aiding the enemy,” which Amnesty International this month called “a travesty of justice.” 

The stakes are extremely high. If found guilty on the most serious charges he faces, Manning will spend the rest of his life in prison with no possibility of parole. But that's not all: should he be found guilty on that last charge, a precedent will have been set that equates leaking information to news media with handing it to “the enemy,” and leaves those doing so liable to charge under the Espionage Act. The ramifications for journalism are obvious and chilling. 

Rather like what intelligence whistleblowers in the UK face under the Official Secrets Act, the US military justice system applies a strict liability regime. As such, discussion of motivation, harm and the public interest has been precluded from discussion of Manning's guilt or innocence. In fact, that highly unusual move of pre-emptively pleading guilty to 10 charges was one of the few means open to Manning to get his side of the story on the record. While it's worth reading in full, this is what Manning said about some of the material he released:

I believed that if the general public, especially the American public, had access to the information contained within the CIDNE-I [Iraq] and CIDNE-A [Afghanistan] tables this could spark a domestic debate on the role of the military and our foreign policy in general as well as it
related to Iraq and Afghanistan...“I also believed the detailed analysis of the data over a long period of time by different sectors of society might cause society to reevaluate the need or even the desire to engage in counterterrorism and counterinsurgency operations that ignore the complex dynamics of the people living in the effected environment everyday...” The case Manning makes in his February statement is very consistent with the few other sources we have from him, not least the chat logs that led to his arrest, in which he spoke about wanting to provoke “worldwide discussion, debates and reforms”

There can be no doubt that those releases had the impact Manning hoped for. Tunisian activists testify to the State Department cables being a contributory factor in the revolution there and the momentum generated by WikiLeaks is part of that momentous 2011 narrative that leads through the Arab Spring, to Wisconsin, Southern Europe, Israel, India and then back to the English speaking world with Occupy. 

Given Manning's determination to inform the public about the nature of military action in Iraq and Afghanistan, it is also extremely fitting that the material he released played a role in the official withdrawal of US troops from Iraq, when their immunity from prosecution was not renewed.

As we approach the phase of the court martial when prosecution and defence argue about what kind of sentence is appropriate, discussion of the actual impact of Manning's disclosures – that is, an overwhelmingly positive impact in accord with the public interest aims he articulated– will likely continue to be sidelined. What certainly will be be discussed is the degree to which the US Government's dire predictions about the potential for harm were valid. 

Despite its prominence in official narratives about the leaks, whether observers will be allowed to follow this discussion remains to be seen. In a trial that has taken place largely obscured from public view,  the debate over actual harm is one of the most classified and secretive topics of all. Portions of this phase of the trial may well be held in closed session with Manning denied from seeing the full evidence against him.

Criticism of proceedings at Fort Meade is not hard to find, even from within the US establishment. Former State Department spokesperson P.J Crowley, who labelled the gross mistreatment of Manning in pretrial detention as “ridiculous and counterproductive”, has already made a similar argument about the decision to continue the prosecution of Manning beyond what he admitted to back in February. Insofar as the example of Manning's pretrial treatment and over-prosecution has not deterred Edward Snowden from coming forward and has, indeed, given him a solid argument for seeking asylum, we are fortunate that that has proven to be the case.

Naomi Colvin is a London-based writer and activist. She has been involved with the Occupy movement in London since the beginning of October 2011. She can be found on Twitter @auerfeld

Image: We are Bradley Manning by cool revolution CC BY-NC-SA 2.0

Are UK Freedom of Speech Laws Obscene?

Calum Grant looks at the limits of free speech in Britain today.

While most writers fear that the worst consequences of publishing a work of fiction are scathing reviews - or worse still no reviews at all - one doesn't seriously consider being forced to pay hefty fines or sentenced to jail time. However, as recently as 1960 a publishers legal defence team felt compelled to call no less than thirty five expert witnesses to avoid exactly this fate for their client. They were tasked with trying to demonstrate the literary merits of a novel in order not to be prosecuted for obscenity – a draconian law that is still on the books and enforced to this day. 

The book in question was D. H. Lawrence's 'Lady Chatterley's Lover', and the law it was being prosecuted under was the Obscene Publications Act of 1959. Obscenity laws had been in force for over two hundred years at the time, but in recognising the problematic nature of such laws in the wake of the social liberalisation of post war Britain the Labour opposition MP Rory Jenkins introduced a bill to update them to attempt to accommodate such changes. 

The trial was seen as a test case of Section 4 of the Act, which stipulated a permissible defence should be granted to works that were 'in the interests of science, literature, art or learning, or other objects of general concern.' While those ignorant of the contents of Lawrence's book may now be rather curious to learn of its contents, given that they lead to such seemingly extreme action, one should first of all ask what grounds should a liberal democracy require an obscenity law in the first instance? 

The UK is a nation which is ever quick to recognise and point out its proud tradition of freedom of speech, and it being a central tenet necessary in the make up of our democracy and society. Such sentiments, however, ignore that such freedoms were only codified in law as recently as 1998, over 200 years behind our American cousins, and even then under various conditions and caveats. These include Blasphemy still being illegal up until 2008, Section 5 of the Public Order Act of 1986 being used to effectively make causing insult a crime, the infamous introduction of the Racial and Religious Hatred Act of 2006 which outlaws using language which could incite hatred toward a group or person on the bass of their religion, and of the course the aforementioned Public Obscenity Act of 1959.

The need for Obscenity laws historically in Britain arose in order to convict Edmund Curll, for publication of 'Venus in the Cloister' in 1724. This was the '50 Shades of Gray' of its day, following a discourse between two nuns in which the elder is informing and instructing the younger in the ways of numerous acts nuns then as now promise no to partake in. Curll's conviction set a precedent in English law, which eventually culminated in the Public Obscenity act of 1857. The more authoritative social structure of the time may have led people not to so readily question where the line was drawn on whether something meets the requirements to be labelled obscene, indeed the act itself didn't see the need to define it and left the interpretation open to the courts to decide.

And decide they did, in a land mark case that gave rise to the 'Hinklin test', which is still used to this day to determine whether something is or is not obscene. The case of Regina vs. Hicklin concerned the publication of a pamphlet outlining some lines of questioning Priests were subjecting women to in confession. The outcome resulted in setting the legal precedent that defined obscenity, being materials which 'deprave and corrupt those whose minds and open to such immoral influences'. While such a definition may have been appropriate for the social standards of the day one wonders the exact extent of depravity which is acceptable to probe, and whose minds were its authors were considering as being more susceptible to wicked reprogramming.

One recent example of an individual being prosecuted under the Act took place in 2008, for a blog post on a fantasy pornography website. Given the depths of depravity to be found in such places it is fascinating wondering how this one post on the site, amidst thousands of sites just like it made it to court. The Internet Watch Foundation however brought this particular work of fiction, involving the kidnap and murder of the pop group Girls Aloud,to the attention of police. The prosecution's argument hinged on how easily accessible such material was to vulnerable people, especially younger fans of the group. One must gawk at how inept they expected such peoples internet searches to be, and the foolish propensity they'd need to follow through in trawling such pages to get to the story. It's relatively safe to say such material cannot be readily dredged up except by those seeking to find them. The case was dismissed on lack of evidence by the prosecution.

The Act which masquerades as being a hindrance to the obscene materials must surely be called out for what it is: a crude form of censorship. The idea that something is so lewd it needs to be taken out of the public sphere to protect our weak and malleable minds is so regressive it would be comical, were it not the case that this Act is still on the books and being enforced. What's more, an obscenity law attacks citizen's liberty and agency to decide for themselves what they find offensive and unacceptable, and is intrinsically patriarchal by the nature of the way the courts must enforce any such rulings.

The number of cases the act is being used to prosecute has thankfully been in steady decline for the past twenty years, though it was used to ban the last book on these shores as recently as 1991 – a decision which was later overturned. It does however remains the case that authors, bloggers, artists and web users can't rule out prosecution attempts being brought against under it while it is still at the disposal of the crown prosecution.

Calum Grant is a freelance writer based in London. He has a background in physics and biology research, and science and mathematics teaching. 

Image: See No Evil by Tim Ellis CC BY-NC 2.0

Porn blocking - a survivor's perspective

[TW] Milena Popova reviews David Cameron's measures on internet censorship, from a personal perspective.

I am a survivor: when I was a teenager, I was sexually abused by an uncle. So when David Cameron proposes a raft of measures which amount to censorship of the internet, all in the name of protecting "our children and their innocence", I find that deeply offensive.

I am not going to tell you about the potential harmful side effects of these measures, or why none of them are actually going to workOther people can do this far better than me.

Instead, I want to move on this debate. I want to tell you about some of the factors in my environment that made my abuse possible, because maybe that will give Mr Cameron some idea of the real issues he needs to tackle if he wants to protect children [1].

Like many kids today, I grew up in an environment where parents were deeply uncomfortable talking about bodies, or sex and sexuality. When I got my first period, my mother gave the most boring textbook in the universe to read. It covered basic anatomy and mechanics of sex, but I must admit I didn't get very far into it. A year or so later she arranged for me to have a chat with her gynaecologist, who was a friend of the family. What I would have learned from that chat, had I not had access to other materials on sex and relationships, was that oral sex is dirty and horrible and not something one should ever engage in. What I actually learned from the whole experience was that my parents were not willing to discuss issues of sex and sexuality with me. So when the abuse happened, when I would have needed to discuss those things with them and get help, I didn't feel able to do so.

Now, I appreciate the argument that simply saying "leave child protection exclusively to parents" is middle class privilege. However many parents, middle class and otherwise, would greatly benefit from some help and advice on how to approach difficult issues like sex, sexuality and relationships with their children, and how to create a safe space where children can raise concerns and ask questions without fear of being judged or getting into trouble.

Like many girls today, I also grew up in an environment where a woman's sense of self-worth was directly proportional to how liked she was by others, particularly men. That translated into being conditioned to be less confrontational, always having to be polite, being told I needed to keep the peace regardless of personal cost. This is not a great way to learn to establish and enforce personal boundaries. When the man who harassed me on the way to school told me it wasn't very nice to swear at him, I felt guilty.

Here's the thing: You know what the most insidious part of our culture is that sends precisely those hugely damaging messages to girls and women? No, it's not porn. It's romantic comedies. The idea that behaviour which amounts to stalking and sexual assault is romantic is deeply ingrained in the genre; and trust me - many more kids have access to romantic comedies from a much earlier age than they do to porn. If you want to talk about normalising the idea of violence against women, it's there that I'd start, not at rape porn. Of course this doesn't mean I want to ban romantic comedies. However, helping both parents at teachers look critically at the damaging parts of our mainstream culture and discuss them with children would protect many more children than filtering pornography.

Like many kids today, I received sex education that was patchy, focused on the mechanics and on avoiding pregnancy and STIs. Oh, and some of it was distinctly anti-abortion - talk about personal boundaries and bodily autonomy elsewhere. At no point was pleasure discussed. At no point did we ever talk about consent. At not point did a teacher make me feel like I could ask questions, express concerns or confide in them. I knew all about the mechanics of sex. I had a very good idea of what was happening to me when I was being abused. I had no idea how to stop it.

This is the biggest bone I have to pick with the government on this subject. David Cameron has the audacity to tell us that the solution to children viewing pornography is both "about access and (...) about education". Yet the kind of education he means is not sex and relationships education - it's education about "online safety". At the same time his Education Secretary can't even utter the words "sex and relationship education" without sniggering like a 12-year-old behind the bike sheds. His party (and the LibDems) almost unanimously voted against an amendment to the Children and Families Bill which would have created a statutory provision for sex and relationship education in the national curriculum.

Pornography (extreme or otherwise) and images of child sexual abuse (vile though they are) played absolutely no role in my abuse. I am not going to argue that they play no role at all in anyone's abuse, or that without the proper context they can't be damaging to children and young people. What David Cameron is doing, however, is lulling us all into a false sense of security while actively working against measures which would genuinely protect children and young people. This is not a man who is well-intentioned and ill-advised. This is a man who is deeply cynical and hypocritical; a man - and a government - incapable of doing the right thing, and only capable of doing the easy, wrong thing which will gain them votes. This is a man who should hang his head in shame.

As an abuse survivor, I find the measures outlined by the Prime Minister today objectionable, offensive and disgusting. As an abuse survivor, I demand that this government face the facts and either admit that they have no intention whatsoever of protecting children or actually put measures on the table which will do so. As an abuse survivor, I hold my head high today - but I don't think David Cameron should.


[1] While I do believe children need protection from some things, I find the talk of protecting their "innocence" deeply squicky and disturbing. Kids do not become guilty once they find out about sex.


Image: white picked fence by Kevin Harber CC BY-NC-ND 2.0

Automate and chill

Wendy M Grossman looks at why storing communication data is an invasion of privacy, even if it does not come into contact with human eyes.

Is it an invasion of privacy if your intimate communications are stored and scanned by an automated system but not seen by a human? Here I want to nail down why the answer is yes.

This question - and much else - came up at Wednesday evening's debate between the QC Geoffrey Robinson, the investigative journalist Duncan Campbell, and David Omand, former head of GCHQ and security and intelligence coordinator for the Cabinet Office (2002 to 2005). We were in Chatham House, home of the Rule keeping backroom deals between the "great and good" secret, but not of it: we were encouraged to tweet (except there was no wifi and many mobile phones didn't work in that basement …but whatever).

The person who brought it up on Wednesday was David Omand in response to a questioner who suggested that given today's tools "man's fallible temptation to delve" might take over, nullifying any rules created to regulate access to the collected piles of data.

"We could almost advance the argument that we're safer with computers because they're not conscious," Omand said. "They don't actually read the stuff. If there were a human - or a thousand humans - reading it they might be tempted." In the Guardian, last month he similarly wrote:

This involves computers searching through a mass of material, of course, and that might include your and my emails and data on our web traffic, but it is only the legally requested material that ever gets seen by a human being. These computers are not conscious beings: they will only select that which they are lawfully programmed to select. To describe this process as monitoring all our communications or "the surveillance state" or a "snooper's charter" is wholly misleading and a perverse reading of the situation.

So Omand's contention is that computers can't be tempted to break rules because they don't get curious and can't be bribed ("Free electricity"), blackmailed ("I'll tell other machines you're having an affair with that Galaxy Note II"), or socially engineered ("Nude pics of Anna Robotova - click here!"). He is also claiming that the piles of data do not matter until or unless human assessment is involved - and apparently assuming that such involvement will always be legal.

The first obvious response is the most general: clearly Europe fundamentally disagrees or it wouldn't have put such effort into enshrining the data protection principles into law. That law does not distinguish between machine and human access; it assumes that all processing, no matter how automated, has a human ultimately in charge.

The claim that automatic scanning is less invasive is a justification, not a fact. The focus on content is a decoy. Easily accepted, because most people readily imagine the unpleasant consequences if something they've just written were read by the wrong person: the note asking for help fixing your boss's mistake; the explicit note to a lover; financial figures; 250,000 diplomatic cables... It is much harder to feel that same punch to the gut with respect to analyzing metadata - yet the consequences of the latter may be much worse. One explicit email can be explained; the fact that your mobile phones are seen together at the same hotel every Wednesday afternoon can change your life. The ACLU's Jay Stanley uses the term "reverberations" to express the fact that the privacy issue is less about who or what sees the data than about what happens to you as a result. As he writes , knowing we are being watched - by whatever - chills our behavior..

Present limitations of natural language processing and artificial intelligence mean that machines presently suck at content analysis. Traffic data, however, is perfect for machines. So when Obama - or Omand - says "no human is reading the content", they're glossing over the real game here: Big Data is today's industry buzzword. This tactic of diversion is very like the UK government's repeated insistence in the mid-2000s that the ID card was no threat because citizens would not be forced to *carry* it. As campaigners understood, the real game was the underlying database.

As long as you have humans in the loop deciding what queries are run, the "temptation to delve" still applies - remember, that perfectly functioning, omniscient, black-box, tamper-proof Machine on Person of Interestis fictional. The human using and programming the machine will always be a target for bribery, blackmail, or deception and the machine or its databases can be hacked, corrupted, or bug-ridden.

And: you'd better hope there are humans in the loop because otherwise you've got machines making intimate decisions about people's lives. It is no consolation that no human has read your email if automated processing adds your name to the no-fly list, falsely accuses you, wrecks your credit score, or decides you're fit for work and denies your benefits claim. The bad news is that too many of those humans blindly trust the machine, as Danielle Citron and others have established, because it's a safe way not to get fired.

Ultimately, behind every great machine stands a human with a finger on the panic button. It's sophistry to pretend otherwise.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

Image: Silicon Valley Art by Scott Johnson CC BY-NC-ND 2.0

Privacy and anonymity: necessary requirements for free speech?

Should we be pitting privacy and freedom of expression against each other, or should be embrace the principles embedded within the two to protect us all? Stephen Blythe explores the issue.

The rights to privacy and freedom of expression are firmly established in International law as fundamental human rights. Whilst the language varies, many jurisdictions incorporate some form of protection within their domestic legal systems. In the UK, this is achieved by virtue of the Human Rights Act 1998, filtered down from the European Convention on Human Rights.

Traditionally, these two categories of rights have been seen to be naturally at odds with each other, with a balancing act required to ensure that people are able to enjoy respect for their private lives, whilst also allowing the press the freedom to publish details that are in the public interest. This is a well documented area, and most of us will be familiar with the saying about the importance of ensuring that information published is 'in the public interest rather than what is interesting to the public'. However, there is more in common between the rights of privacy and freedom of expression than it may at first appear. This is especially true if we expand outward to consider more than simply those situations involving the media.

The proliferation of the Internet and connected platforms, with its absorption into the everyday life, has altered the considerations relating to freedom of privacy. With an unprecedented ability for both Government and Commercial bodies to collect and analyse data about ordinary people on such a massive scale, it would be fair to say that the attitudes towards privacy are in the throes of a significant - if albeit uncertain - shift.  The revelations of the past few years detailing the extent to which information is being gathered (both on and offline) without consent has confirmed (and arguably surpassed) the prophetic concerns outlined by pre-eminent legal scholar and activist Lawrence Lessig in 1999. - 'Code and Other Laws of Cyberspace' More than ever, ensuring that we have an effective right of privacy is something being highlighted, debated, and implemented. Whilst once PGP encryption keys were simply the hallmark of the over-paranoid geek, encryption now comes as standard on major operating systems; web-services increasingly force the use of SSL by default; and people are taking extra steps to ensure the security and integrity of their digital lives. 

Whilst the push towards technologies such as Truecrypt, and subscription VPN services for mainstream use gives effective peace of mind for users concerned about their personal communications, it naturally also protects those who engage in activities that fall into the spheres of illegality or immorality. 

It should come as no real surprise that the darkest parts of the web are to be found on the secure Tor network - where for the right price, one can buy anything from child pornography and weapons, to American citizenship. This very dilemma is that which those who call for a balance between privacy and expression are traditionally caught up in: to what extent do we tolerate the invasions of privacy of the few for the wider benefit of society? However, interference with that which is private is no longer solely the concern of those in the public eye anymore. 

In an infinitely connected world where the NSA, GCHQ, or any other body are actively logging the activities of the majority rather than the minority, the weight of the considerations shift substantially. The old notions of privacy as vanguarded by the institutional press are no longer the operative circumstance, and it is because of this that we must consider the fundamental principles of what the rights to privacy and freedom of expression actually entail. Whilst out-with the scope of this article, it is worthy of mention that in many parts of the world, privacy and anonymity are necessary requirements for free speech to exist at all; it is the case that often one cannot speak their mind freely without protection from those whom they are speaking out against. 

It is true that the same capability of one person to encrypt their hard-disk that contains financial information is the same that allows a child pornographer to shield their crimes from the immediate ramifications of the law, but it is important that we fight to protect the over-arching right to privacy. Proponents for the protection of the freedom of expression have for decades insisted on the tenet that such a right must include being able to communicate ideas that we may find offensive, or reprehensible. To argue for free speech, one must defend the right for the freedom of all to speak, and not just those whose views we agree with. To argue for the right to privacy of one, we must argue for the right to privacy of us all.

In the face of mass surveillance, technology that increases the protection of privacy is under a significant threat from those with an interest in restricting its use; we must fight to ensure that this does not happen. Instead of pitting privacy and freedom of expression against each other, as has been the case for so long, we must embrace the principles contained within both of these fundamental rights to enable the protection of all of us, lest we lose them completely.

Stephen Blythe is an internet law geek with an LLM on the way, and Digital Marketing Manager for tech firm Amor Group. You can find him on Twitter, and Google+

Image: Don't stray from the path by Dave Cournoyer CC BY-NC-SA 2.0

Take back the Net

Would decentralising the technology we use result in defeating any attempts by the government to control and monitor us?

"They stole our revolution. Now we're stealing it back," wrote Danny O'Brien and Dave Green every week in Need to Know (Now) for five years in the 1990s.

Now we may well wish they really had. In the years since, the Net become increasingly centralized: email (Gmail, Hotmail, major ISPs), social connections (Facebook, Twitter, Google+), content provision (Amazon, Apple, Netflix), ecommerce (eBay, Amazon), and mobile access software (Google, Apple, Microsoft). The Internet started with the idea of empowering the "little guy"; but the choices we make increasingly favor whales.

The usual objection to this situation is that a world of monopoly or oligopoly suppliers is inevitably more expensive for consumers. But a less often-considered problem is that centralization enables the kind of mass surveillance that Snowden's revelations have described over the last few weeks.

There are several kinds of responses to Bruce Schneier's Internet surveillance state. Legal challenges are proliferating. Privacy International and Liberty have both filed complaints against the UK government in the Investigatory Powers Tribunal. Within the US, EPIC is challenging the NSA and FBI in the Supreme Court. Germany may investigate, and two French groups, the French Human Rights League and the International Federation for Human Rights, have filed a complaint in a Paris civil court hoping to push French prosecutors to do likewise. Doubtless there will be plenty more to come.

In the meantime, as others have pointed out, European Internet companies have a market opportunity if they can offer ways to protect and keep user data under the aegis of EU law. If these revelations had to come at all they couldn't have come at a better time in terms of the debate over data protection reform.

But what about the technical possibilities? The Internet is still open enough for us collectively to be able to change tack: let's make all that wiretapping a whole lot harder.

"Disintermediation" was one of the buzzwords of the early 1990s. The Net was going to eliminate middlemen by allowing us all to deal with each other directly. Even at the time I thought what would happen instead was the rise of a new set of intermediaries, some of which would be familiar names (banks, legacy telcos, Hollywood studios) and some newcomers (Verisign, Paypal, Amazon, eBay, Apple). The dangers of relying too much on a few large service providers were understood. Technical risks included the problems of central points of failure (for example, ICANN), stagnation, and closure to new opportunities if the Internet's technologies hardened into a static form the way the world's legacy telephone networks had. The broader risk most commonly discussed was censorship. A big concern was the expected death of small ISPs as dial-up gave way to broadband. Today, the landscape is dominated by many fewer, much larger ISPs whose fixed connections are far more trackable and controllable. We thought a lot about encryption as a protector of privacy and, I now think, not enough about the unprecedented potential for endemic wiretapping that would be enabled by an increasingly centralized Internet.

The closure of computers and other devices that Jonathan Zittrain warned about in The Future of the Internet - and How to Stop It and Cory Doctorow has called the war on general-purpose computing is only one piece of the problem that confronts us now. It will not matter – or at least, it will not matter enough – if your computer is general purpose if everything you do on it is intermediated by a third party whose goals have nothing to do with yours. If you buy all your ebooks from Amazon, stream all your TV and movie watching from Netflix, do all your music listening through iTunes, and manage all your communications through Gmail and Facebook, how much difference does it make that you're running Linux? General-purpose computing only gives you access to alternatives if the alternatives still exist; and a small handful of suppliers will provide intimate pictures of large swathes of the population.

Today's younger generation, burdened by debt at a young age and imagining themselves overwhelmed by their Baby Boomer parents' extravagant hoards of possessions seem to be willing to contemplate lives with less ownership and more subscription or rental without fully thinking through the level of control this approach grants to third parties who will happily charge you for every extra time you watch a movie or read a book and retain the data to track your inner intellectual life.

Yet we keep making these choices. For example: everyone wants all their devices to sync up neatly so their data is always available. But why must it be via someone else's cloud? We have the technology to support private clouds for families, individuals, groups of friends, or clubs, just as we have the technology to make it reasonably straightforward for moderately sophisticated home users and small businesses to run their own mail servers. The history of file-sharing has shown the way a particular technology can be progressively decentralized to defeat attempts at control and monitoring. Surely what was worth doing to gain access to recorded music would be worth doing to protect digital rights.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

Image: UFO clouds by photophilde CCBY-SA 2.0

Repealing the Internet

As the issue of internet security saturates the news headlines, Wendy M Grossman explores the idea of whether or not repealing the internet is a viable option...

One of this week's weaker moments was Robert Samuelson's op-ed in the Washington Post wishing he could "repeal the Internet" because the technology's many upsides are, in his view, outweighed by the downsides of various forms of cyber attacks.

A colleague of Samuelson's does a necessary and sufficient job of dissecting the piece, pointing out the real threats, many of which either predate, or have nothing to do with, the Internet. It remains for me to take issue with his language: what led everyone to adopt the Internet was not a proclamation or a law, so "repeal" isn't even semantically possible. Samuelson means "recall", which is about as logical as suggesting that the smart thing to do with someone who uses his literacy to write silly things would be to stuff him back into his mother's womb. But the likelihood is that he doesn't really mean any of it; this is the journalism of provocation in search of attention – that is, hits and advertising clicks.

It's still true, however, that much of the process of developing the technologies that enable the Internet was at least somewhat subversive. The truth of this was on show on Monday night, when Google's London plex substation hosted an evening of British computing history, a perfectly formed answer to all those Americans who think the US invented the Internet. The evening featured Vint Cerf, Roger Scantlebury, Peter Wilkinson, and Peter Kirstein. In the 1960s and 1970s, when all this stuff was being invented, Scantlebury and Wilkinson were at the National Physical Laboratory alongside Donald Davies, the man who gave us data packets. Cerf, now at Google, was at SRI; Kirstein was and is at UCL, which was the site of the first ARPAnet node outside the United States.

The evening also featured a short documentary on the first computer really built to run a business, Lyons tea shops' LEO (I reviewed the book about this system, by Georgina Ferry, 10 years ago for New Scientist). Plus, presentations from the director of the National Museum of Computing at Bletchley Park and the brains behind a new British computer history exhibit going up at the Science Museum some time next year. It's excellent to see all this work being recognized; as Scantlebury and Wilkinson pointed out recently in the Guardian, the success of the Web and the attention consequently paid to its inventor has tended to overshadow the early networking efforts without which…

Mostly, though, this was a vastly entertaining bunch of guys reminiscing. Many of their stories revolved around all the subterfuges the various nascent networking efforts had to adopt in order to get around one or another set of rules. And so many of them, serving so many different agendas. UNIX was developed at Bell Labs and then given away because at the time AT&T was barred from entering the computer market. The first non-US ARPA node was at UCL in part because NPL was not allowed to engage in wide-area networking (so instead, it built a fancy local area network and experimented on that). And BT stuck with analog switching for so long because of unemployment: the analog switches were built in Liverpool and Nottingham.

One of the more salient questions asked of Cerf was what he would do differently if he'd had the benefit of hindsight. Would he build in better security? Content control? Charging?

Now, the received wisdom is that the Internet pioneers were so idealistically focused on sharing information across a network used by a small, homogeneous population that they didn't see security as an issue. Cerf's response to the contrary: yes, they would have liked to have incorporated security, but the necessary technology didn't exist yet. TCP/IP was being finalized in 1974, and Whit Diffie and Martin Hellman didn't publish their groundbreaking paper proposing public key cryptography until 1976. Of course, Cerf added, we now know that GCHQ had already had that same idea, so the technology existed – but was classified. What an expensive narrow miss: if ever there were a case where government secrecy cost billions that would be it. At the time, 30 years after World War II, encryption was still seen as a military technology. Twenty years later, this is what the early 1990s crypto wars were about. You can see the thinking for yourself in a recently declassified NSA internal newsletter (PDF), whose best entertainment is its smugly dismissive trip report on the 1992 Eurocrypt conference (some of the panelists the writer dubs "philosophers", whose presentations he ignored in favor of reading material he found more interesting, have since won Turing medals).

Cerf would also have chosen a larger address space (128-bit instead of 32-bit). Re charging, the germ of today's battle s over network neutrality: "I think we got it right. Everybody pays for access and then do what they want. I love that model."

The design of the Internet is very like the US Constitution, which one might have celebrated last week: both are subject to interpretation by later users. Either can be exploited for good or ill. The big thing to do in both cases if we don't like where they've landed us is to use their principles to make better decisions going forward.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

Image: Old Technology by Daniel Hedrick CC BY-NC 2.0

Shiver me timbers! Is the torrent site blockade working or have those pesky pirates circumnavigated their way around it?

Are blocking orders for Torrent sites in the UK working? James Brandes investigates the matter.

Following the high profile blocks of torrent sites in the UK such as The Pirate Bay, KickAssTorrents, Fenopy & H33t, several UK internet service providers have also surreptitiously stymied access to a number of torrent site proxies. The blocking orders are designed to thwart online pirates and were requested by the British Phonographic Industry (BPI) and their members.

 In order to keep ahead of the curve, it’s perhaps unsurprising that the music industry and UK ISPs have failed to disclose which proxies have been blocked. But is the blocking policy working? I remain far from convinced. I’d argue that not only does it make anti-piracy campaigns harder to coordinate as new proxy services/alternative domain names are constantly appearing in the wild, but it raises important questions concerning censorship and secrecy of the BPI.

 So before I go any further, how many Pirate Bay Proxies/alternative URLs do you think I’ve encountered in the last 4 weeks? 10? 15? 20? The answer is 247 but I’m sure it’s a lot more! Thus far, UK ISPs and the music industry have blocked alternative sites such as,,, &

 Yet, my analysis indicates that a massive proportion of the sites found during research are not blocked in the UK and they include, piratebayalternative,, pirateflix, piraattilahti,, tpb.torrenticity,,, & But what about other torrent sites? The same is true (albeit to a lesser degree) for KickAssTorrents, H33T, & Fenopy. Here’s a small selection of proxy services/alternative sites which aren’t blocked in the UK:,,,,,,,, &

 So is this wack-a-mole policy working? No. It’s plainly evident that every single time a site is blocked at the ISP level, new URLs take their place. This has further ramifications for content owners and their agents.

 As an anti-piracy agent, I can report that this is making life more difficult particularly with regards to DMCA submissions to Google. But why? During an anti-piracy project, I send Notices to Google to remove infringing results that appear via their search engine. In the past, this may have included results for The Pirate Bay, KickAssTorrents, & H33T. The major problem now is that whilst infringing search results for the aforementioned torrent sites have been removed by Google, new infringing search results appear constantly as a consequence of these sites being forced to use proxies & alternative URLs. Predictably, this creates far more work for content owners (particularly for small independent labels who are not members of the BPI) and their agents. For example, I’d estimate that well over 5 million additional search results have been removed from Google as a result of sites using alternative URLs. Just check the following Google Transparency for piratebayalternative and you’ll see why I’ve reached this conclusion! So it’s certainly fair to say that the blocking policy is perhaps backfiring badly.

 But what about Virtual Private Networks (VPN)? To put it simply, a Virtual Private Network re-routes all your internet traffic, encrypts it and changes your IP Address. You can change your geographical location and thus circumvent ISP blocks with the click of a button. Consequently, the ISP blocks in the UK are completely ineffectual if one is to use this method. Just try it – you’ll be able to access any of the aforementioned torrent sites with no difficulty whatsoever!

 So not only is the blocking policy fundamentally failing but it raises important censorship questions. Whilst the above torrent sites do arguably help to facilitate the sharing of unlicensed films, TV, music & porn, it must also be borne in mind that they provide the capability to share free, public domain content. This shouldn’t be forgotten.

 Whilst it’s fair for content owners and their agents to remove/block infringing content and commence litigation against uncooperative sites, web blocking with minimal oversight is in my opinion a dangerous, draconian policy that will ultimately fail.



Image: Abandoned wall by mathmoi CC BY-NC-SA 2.0

Featured Article

Schmidt Happens

Wendy M. Grossman responds to "loopy" statements made by Google Executive Chairman Eric Schmidt in regards to censorship and encryption.

ORGZine: the Digital Rights magazine written for and by Open Rights Group supporters and engaged experts expressing their personal views

People who have written us are: campaigners, inventors, legal professionals , artists, writers, curators and publishers, technology experts, volunteers, think tanks, MPs, journalists and ORG supporters.

ORG Events