July 2018 - cypherpunks-legacy

EDRI-gram newsletter - Number 5.11, 6 June 2007
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 5.11, 6 June 2007 ============================================================ Contents ============================================================ 1. CSS protection used in DVDs is "ineffective" 2. RFID Expert Group - Kick Off 3. The European Parliament voted for stronger data protection 4. IPRED2 on the DROIPEN table 5. The French Ministry of Interior has a new interception platform 6. Legislation banning "hacking tools" in Germany 7. French State Council allows tracing P2P users 8. Slovenian intelligence agency scandal 9. Italian Government criticized by Free Software Association 10. Launch of Creative Commons Switzerland 11. Germany is preparing the G8 meeting by searching NGOs servers 12. Agenda 13. About ============================================================ 1. CSS protection used in DVDs is "ineffective" ============================================================ In an unanimous decision on 25 May 2007, the Helsinki District Court ruled that Content Scrambling System (CSS) used in DVD movies is "ineffective". The decision is the first in Europe to interpret new copyright law amendments, based on EU Copyright Directive of 2001, that bans the circumvention of "effective technological measures". According to both Finnish copyright law and the above-mentioned directive, only such protection measure is effective, "which achieves the protection objective." The background of the case was that after the copyright law amendment was accepted in 2005, a group of Finnish computer hobbyists and activists opened a website where they posted information on how to circumvent CSS. They appeared in a police station and claimed to have potentially infringed copyright law. Most of the activists thought that either the police did not investigate the case in the first place or the prosecutor dropped it if it went any further. To the surprise of many, the case ended in the Helsinki District Court. Defendants were Mikko Rauhala who opened the website and a poster who published his own implementation of a source code circumventing CSS. According to the court, CSS no longer achieves its protection objective. The court relied on two expert witnesses and said that "since a Norwegian hacker succeeded in circumventing CSS protection used in DVDs in 1999, end-users have been able to get with ease tens of similar circumventing software from the Internet even free of charge. Some operating systems come with this kind of software pre-installed." Thus, the court concluded that "CSS protection can no longer be held 'effective' as defined in law." All charges were dismissed. The defendant's counsel Mikko Vdlimdki explains for EDRI-gram that he "first proposed to the court an interpretation where a protection measure is ineffective when technical experts can circumvent it. The court did not buy that one. Instead, it adopted my secondary proposal where the efficiency test is based on the ability of random end-users to circumvent." He explains that "this should not affect DVD Copy Control Association CCA (DVD CCA - the California group that licenses CSS to DVD player manufacturers in Europe and Asia), or the movies studios. My understanding is that DVD CCA is interested in their player manufacturing monopoly and license income from Asia, not random Linux users who buy DVDs." A DVD CCA spokesman has confirmed that they are aware of the decision, but they "do know that in the US, courts have ruled CSS to be effective, viable protection." Vdlimdki also explained why this decision is important in the European context : "Relevant sections of the Finnish copyright law are copied verbatim from the directive. I think any European court with common sense would end up in the same interpretation." The defendant Mikko Rauhala is also happy about the judgement: "It seems that one can apply bad law with common sense, which was unfortunately absent during the preparation of the law". However, the prosecutor announced she would appeal the decision and might ask the Finnish Copyright Council for an opinion on the interpretation of "effective". The Helsinki Court of Appeal is not expected to rule until 2008. Finnish court rules CSS protection used in DVDs "ineffective" (25.05.2007) http://www.turre.com/blog/?p=102 English translation of the judgment http://www.turre.com/css_helsinki_district_court.pdf Keep on hacking: a Finnish court says technological measures are no longer "effective" when circumventing applications are widely available on the Internet (25.05.2007) http://www.valimaki.com/docs/finnish_css.pdf Case Could Signal Weakening Of Digital Rights Management In Europe (4.06.2007) http://www.ip-watch.org/weblog/index.php?p=639&res=1024_ff&print=0 ============================================================ 2. RFID Expert Group - Kick Off ============================================================ Following the public consultations on RFID last year, the European Commission announced the creation of an RFID Expert Group to assist in drafting the future RFID strategy. The group's kick-off meeting was held in Brussles last week. EDRi was invited to participate in the group. The Group has been established for two years and includes representatives from the industry, standardisation bodies and the civil society. The EU data protection authorities participate as observers. In the past years digital rights organisations have continuously expressed their strong concerns regarding the implications the usage of RFID may have on privacy. The public consultation on RFID confirmed that these concerns were shared by a majority of the respondents and that safeguards were needed to ensure the protection of personal data and privacy. RFID technology may be used to collect information on directly or indirectly identified persons or to track and trace people's movements in the workspace and in public areas. Therefore privacy and security will be the first topics the group will work on. Input from the group will be taken into account by the European Commission when preparing a Recommendation on RFID usage, which is planned to be issued by the end of 2007. The work of the group will then broaden its scope and deal with the move towards the "Internet of Things". Giving every day objects a representation on the Internet and building "smart" environments that react to the presence or movements of people and things have been subjects of research in the last years. Ambient Intelligence, Ubiquitous Computing, Pervasive Computing and Smart Objects are keywords for the research specialists that often name Mark Weiser's article "The Computer for the 21st Century" as the starting point for these ideas. Privacy, environmental issues and the dangers stemming from the accumulation of electromagnetic fields will certainly be among the issues that have to be discussed with regards to this topic. As a member of the RFID Expert Group, EDRi will promote the implementation of privacy-friendly technologies and stress that the reliable protection of privacy and personal data is a key issue for the acceptance of this technology. Mark Weiser already wrote back in 1991 with regards to Ubiquitous Computing: "If designed into systems from the outset, these techniques can ensure that private data does not become public. A well-implemented version of ubiquitous computing could even afford better privacy protection than exists today." Sixteen years later this statement must still remain the guideline for RFID applications. Key technologies that are said to have the potential to become a new motor of growth and jobs need to be concordant with and to protect the societal standards of the society. In times of mandatory data retention, as communication traffic data has to be stored for up to two years, it is important to ensure that only an absolute minimum of data which can be linked to a certain personis stored. Otherwise any movement in an RFID-enabled "smart" environment could feed into a behaviour-profile of a potential future surveillance society. The RFID Expert Group will make it their mission to discuss these and related issues and to work out possible solutions and necessary regulatory measures over the next two years; EDRi will contribute to this mission. EDRI-gram: EU study on RFID tags shows major privacy concerns (25.10.2006) http://www.edri.org/edrigram/number4.20/rfid EDRI-gram: Stakeholder group to advise on EU RFID strategy (28.03.2007) http://www.edri.org/edrigram/number5.6/eu-rfid-strategy Results of the Public Online Consultation on Future RFID policy - "The RFID Revolution: Your voice on the Challenges, Opportunities and Threats" http://ec.europa.eu/information_society/policy/rfid/doc/rfidswp_en.pdf Radio Frequency Identification (RFID) in Europe: steps towards a policy framework http://ec.europa.eu/information_society/policy/rfid/doc/rfid_en.pdf Mark Weiser, The Computer for the 21st Century, Scientific American Feb.,1991 http://www.ubiq.com/hypertext/weiser/SciAmDraft3.html (contribution by EDRI-member Andreas Krisch) ============================================================ 3. The European Parliament voted for stronger data protection ============================================================ On 21 May 2007, the European Parliament (EP) voted for the reinstallation of the data protection principles in the legislation that allows the police forces in Europe to share data. The European Council, which is the one deciding in police and judicial matters, had formally asked the EP for its opinion on this issue as, lately, concern has been expressed on the lack of proper protection of personal data processed in the framework of police and judicial co-operation in criminal matters. Such a concern has been expressed also by the European Data Protection Supervisor (EDPS), Peter Hustinx who, at the end of May, advised the Council against adopting the Commission's new Council Framework Decision proposal as he considered the proposal did not provide appropriate data protection. The MEPs, consulted by the German Presidency, voted in favour of amendments that would provide stronger data protection. The German Presidency proposed that the legislation should only apply to data shared between European police forces and not to data held by national police forces and the decision of whether it should be applied nationally will be discussed in three years time by EC. The proposal is that the police should not send data to other forces that do not have a proper level of data protection in place. The EP has reinstated an amendment that would prevent the police from sending data to third countries that don't have adequate data protection. If the amendment is voted by the Council, a national harmonisation of police data protection rules might be forced especially to strengthen the Europe's co-operation to face US data snooping programmes like PNR and Swift. Germany's action might also allow new EP amendments that deal with the other concerns expressed by EDPS last month, to be accepted by the Council at its meeting this month. Hopefully the European Council will take into consideration the MEPs' vote and will take decisions to allow data sharing between police forces in Europe only with the respect of civil liberties. Europe votes to restrict police data sharing (23.05.2007) http://www.theregister.co.uk/2007/05/23/europarl_on_3rdpillar/ EDRI-gram: EDPS advises against new data protection framework decision (9.05.2007) http://www.edri.org/edrigram/number5.9/edps-framework-decision ============================================================ 4. IPRED2 on the DROIPEN table ============================================================ The Second Intellectual Property Rights Enforcement Directive (IPRED2) is now going through the Justice and Home Affairs route. On 4 June, it passed it's first port of call at the Council's Working Group on Substantive Criminal Law (DROIPEN) - the first step on the road to the decision of EU's Council of Ministers. DROIPEN's job is to prepare the Council's first reading on the directive. The national government representatives might come up with a proposal that all Member States agree on, or else they will identify issues that the Ministers of Justice will have to vote on. According to information kindly shared by some Member States representatives following DROIPEN's work, the state of play in general is as follows. Many delegations feel they need more information in order to prepare this legislation properly. There is a general reluctance towards this directive because of the competence issue, so the Council wants to wait for the ECJ ship pollution verdict before moving on. Some delegations have expressed views the directive is the wrong tool to solve the problem and they don't see criminal sanctions as a way forward. Further, since criminal sanctions are already in place in many countries there is no need to rush. Still time should be used to prepare negotiations, but for now, the only thing that could be said to have been decided is not to take any action in any direction. It is now up to the Portuguese Presidency to negotiate what to do next. One question on the table is if DROIPEN should approach the Article 36 Committee (CATS) to have an expert opinion on some issues before involving COREPER 2 (Committee of the Permanent Representatives). The general forecast is that there will be no Council decision before late fall, and it is likely that issues not resolved in COREPER2 will end up in JHA Council votes with a North-South dividing outcome. Meanwhile, outside of Brussels, Member States are working to prepare their positions on IPRED2. The United Kingdom's Intellectual Property Office (IPO) is currently collecting comments from British citizens and companies on the directive. A comprehensive policy paper was submitted by a coalition from FFII/EFF/EBLIDA/BEUC to the UK IPO. The policy is available to be passed on to the Justice Ministry in your own country. For general interest AIPPI has already in 2002 compiled information on criminal law sanctions with regard to the infringement of intellectual property rights. This might give you a starting point in addressing the issue at the national level or comparing the situation with other relevant countries from Europe. Movement on IPRED2 in Brussels and Beyond (4.06.2007) http://www.copycrime.eu/blog/movement-ipred2-brussels-and-beyond Backroom Changes May Be Coming for IPRED2 (16.05.2007) http://www.copycrime.eu/blog/backroom-changes-may-be-coming-ipred2 FFII/EFF/EBLIDA/BEUC coalition report on the proposal as amended in Strasbourg by the European Parliament at its first reading on Wednesday, 25 April, 2007 (25.04.2007) http://action.ffii.org/ipred2/Report_on_EP_vote EDRI-gram: IPRED2 voted in first reading by the European Parliament (25.04.2007) http://www.edri.org/edrigram/number5.8/ipred2 AIPPI report: "Question Q169 - Criminal law sanctions with regard to the infringement of intellectual property rights" http://www.aippi.org/reports/q169/gr_q169_index.htm (Thanks to Erik Josefsson - Electronic Frontier Foundation) ============================================================ 5. The French Ministry of Interior has a new interception platform ============================================================ On 2 May 2007 a new technical platform for the interception of traffic data in all types of communication systems was discretly put into operation by the French Ministry of Interior, covering communication data related to text messages, mobile or Internet. The security services are now in the position of knowing who has contacted whom, when and where and, by a simple click, they can obtain from the telephone operators the list of all calls from and to a subscriber. They can obtain the subscription documents of the respective person with address and bank information and can also require all the Internet sites or forum addresses the respective person has accessed. The authorised services may require such kind of information from Uclat (Coordination unit of the anti-terror fight) that manages the technical centre located in the new headquarters of the security services of the national police of Levallois-Perret (Hauts-de-Seine), under the supervision of IGPN (The General Inspection of the National Police). This comes as a direct result of the Sarkozy law adopted on 23 January 2006 in an emergency procedure, to prevent terrorist acts, after being found constitutional by the French Constitutional Council. The text of the law states that Internet Service Providers, Internet cafes, hosting providers and operators must communicate the traffic data, called numbers, IP addresses to specialised services in case of investigations related to suspect terrorist activities. The law has created serious concerns to the public freedom advocates as well as to the magistrates as the procedure doesn't need the involvement of judges and ignores guarantees related to public freedoms. Since the entering into operation of the new technical platform on 2 May, the centre has already dealt with 300 requests per week made mostly by DST (Direction de la surveillance du territoire) and RG (Renseignement Generaux). According to an estimation, the platform should be able to address about 20 000 requests per year. The French justice system is, in its turn, creating its own national platform that will be finalised by the end of 2008 - beginning of 2009 to intercept SMSs and record phonecalls, not only for terrorism cases. Although France is not in the worst position in Europe as concerning data interceptions being surpassed by Italy, the Netherlands or Germany, the tendency is obviously towards an increase of the control by the authorities. The anti-terrorism spies mails and text messages as well (only in French, 28.05.2007) http://www.lefigaro.fr/france/20070528.WWW000000165_lantiterrorisme_espionn… EDRI-gram: IRIS protest against delay French government (20.10.2004) http://www.edri.org/edrigram/number2.20/IRIS EDRI-gram: France adopts anti-terrorism law (18.01.2006) http://www.edri.org/edrigram/number4.1/frenchlaw EDRI-gram: French anti-terrorism law not anti-constitutional (2.02.2006) http://www.edri.org/edrigram/number4.2/frenchlaw ============================================================ 6. Legislation banning "hacking tools" in Germany ============================================================ The laws on computer crimes have become stricter in Germany where the creation, use or distribution of so-called "hacking tools" have been banned. On 23 May 2007, the Committee on Legal Affairs of the Bundestag (the lower chamber of Germany's Federal Parliament) approved a controversial government bill meant to improve criminal prosecution of computer crimes. The Criminal Code has been modified so as to make illegal for the unauthorized users to access secure data by bypassing the computer security protection system. The "deliberate acquisition of data by tapping into a non-public transmission of data or by way of reading radiation leaked by a data processing system" is now considered a crime. The German law defines hacking as penetrating a computer security system and gaining access to secure data, without necessarily stealing data and any individual or group that intentionally creates, spreads or purchases hacker tools designed for illegal purposes is considered an offender. Under the present Criminal Code, the offenders could face fines and up to 10 years imprisonment for major offences. These measures have been criticised being considered as counterproductive by several groups, including EDRI-member Chaos Computer Club, which drew the attention to the so-called "white hat" hackers who work for security companies. By this present legislation, these experts could be in the position of not being allowed to work with software developers in creating secure products. "It's a win-lose law in favour for the bad guys," wrote a hacker, known by the pseudonym van Hauser. Chaos Computer Club also expressed the concern that this legislation will allow the German Government to install spyware on suspected criminals' computers without their knowledge. The critics argue that the legislation does not make any difference between a password cracker and a password recovery tool for instance. "Forbidding this software is about as helpful as forbidding the sale and production of hammers because sometimes they also cause damage," said Chaos Computer Club spokesman Andy M|ller-Maguhn to Ars Technica who also stated that under the new law, the police will be able to more easily access information on suspects. Germany declares hacking tools 'verboten' (31.05.2007) http://www.out-law.com//default.aspx?page=8103 Green light for tightening of anti-hacker legislation (24.05.2007) http://www.heise.de/english/newsticker/news/90163 Germany leads the way with tough anti-hacking law (25.05.2007) http://www.computerworlduk.com/management/security/cybercrime/news/index.cf… ============================================================ 7. French State Council allows tracing P2P users ============================================================ The State Council of France validated on 23 May 2007 the automatic tracing of illegal downloading in P2P networks. This decision cancelled the 18th October 2005 CNIL (Commission nationale de l'informatique et des libertis) decision that rejected the introduction of surveillance devices proposed by Sacem and other 3 author and producer associations asking for the automatic tracing of infringements of the intellectual property code. The State Council believes that such devices are acceptable considering the extent of the piracy phenomenon in France. The number of downloaded files decreased by half in 2006 as compared to 2005 but according to GfK institute this is probably due to the evolution from a quantitative type of downloading to a qualitative one. GfK institute has also reached the conclusion that the illegal downloading in P2P networks have not caused the decrease in the sales of cultural products but actually "quite the contrary, downloading is really perceived by half of the Internet users as a promotion vector for artistes." The State Council's decision was to the liking of the associations the request of which was rejected by CNIL in 2005. SCPP (Sociiti civile des producteurs phonographiques), one of these associations, stated that CNIL's rejection of their request had "not allowed them to take measures to prevent and repress music piracy that were however taken by most states of the European Union". In their opinion "France is one of the countries where Internet piracy is the most developed and where, therefore, the legal music market develops more slowly". CNIL reaction to the State Council decision came after two days by stating that its intention is that of +ensuring a fair balance between the copyright protection and the protection of the right to private life of Internet users". CNIL also stated having already authorized Sell (Syndicat des iditeurs de logiciels de loisirs) to develop an automatic surveillance system for the downloading of video games in P2P networks. In comparison with the systems proposed by the music associations, this system was approved because it puts less burden on the ISPs and it involves "only the users that are responsible with the first sharing in a network of a work or having shared a not yet commercialized work". The surveillance devices are ready and a request of tenders has been launched. CNIL will meet the author associations among which Sacem and SCPP as well as ISPs and the discussions will last for several weeks.All parties have expressed their willingness to collaborate. Peer-to-peer: The State Council says yes to the pirate chase (only in French, 23.05.2007) http://www.zdnet.fr/actualites/internet/0,39020774,39369675,00.htm Surveillance of P2P networks: CNIL acknowledges the decision of the State Council (only in French, 25.05.2007) http://www.cnil.fr/index.php?id=2221&news[uid]=464&cHash=57a0f43bbe Peer-to-peer: half downloaded files less in 2006 (only in French, 18.01.2007) http://www.zdnet.fr/actualites/internet/0,39020774,39366341,00.htm Peer to peer : CNIL does not authorise the devices presented bu the author and music producer associations (only in French, 25.10.2005) http://www.cnil.fr/index.php?id=1881 ============================================================ 8. Slovenian intelligence agency scandal ============================================================ The Slovenian intelligence agency (SOVA) is monitoring telecommunications in the Balkans in cooperation with German BND (Bundesnachrichtendienst) and UK's MI5. Some believe that the recently disclosed secret location in the Slovenian capital could be a part of Echelon. The Slovenian intelligence agency is currently a part of a political scandal which has revealed some secret locations and methods that SOVA was using for intelligence purposes. Moreover, international credibility in SOVA and its agents is compromised, as the Slovenian press managed to obtain classified information regarding SOVA's secret financing, its company of straw and its international cooperation with other intelligence agencies. Most likely, the information leaked from the parliamentary committee for monitoring the secret services activtiy. The latest disclosure reveals SOVA's secret location for monitoring international telecommunications in Ljubljana near Telekom Slovenije (Slovenian Telco) and Siol (the major Slovenian ISP) headquarters, as well as near the Slovenian Internet Exchange (SIX) and Ljubljana Stock Exchange (LJSE) buildings. The Slovenian media is reporting that the above mentioned location was also used by German BND (Bundesnachrichtendienst) and UK's MI5, especially to monitor telecommunications in the Balkans. Miso Alkalaj, an IT expert from Jozef Stefan Institute said he would not be surprised if the location was a part of Echelon. An interesting fact is that residents of the block of flats where SOVA has its secret location, knew that conspiratorial activities were taking place there. Apart from that, elder residents are able to tell that the former communist intelligence agency used the same flat to wiretap telephone conversations. The other disclosure reveals that Slovenian intelligence agency SOVA established a webhosting company WEBS, which is presumably a company of straw that SOVA needed for its intelligence activities. Having in view the recent events regarding the Slovenian intelligence agency, it becomes interesting that SOVA's headquarters are located in Stegne, an industrial area of Ljubljana, where among others, Telekom Slovenije (Slovenian Telco) has its operational services. Intention or coincidence? Telekom Slovenije indirectly admits SOVA's wiretapping (only in Slovenian, 1.06.2007) http://dnevnik.si/novice/slovenija/249095/ Director of SOVA takes action after disclosure of wrath of foreign intelligence agencies (only in Slovenian, 30.05.2007) http://dnevnik.si/novice/slovenija/248654/ (Contribution by Aljaz Marn, EDRI-observer, Slovenia) ============================================================ 9. Italian Government criticized by the Free Software Association ============================================================ After filing a case to the Regional Administrative Tribunal of Lazio against the Italian Ministry of Work for launching a call for tenders where only Microsoft software was considered as eligible, Italian NGO Assoli (Associazione Software Libero) is criticizing again its Government. The problem arose when the Government - specifically the Ministry for University and Research, headed by Mr.Fabio Mussi (Left democrats) and the Ministry for Innovation in the Public Administration, headed by Mr. Luigi Nicolais (Left democrats) - announced an official agreement with Microsoft Italia whose main goals are "education/training, technology transfer and facilitation of research projects". AsSoLi publicly objected to the agreement by which Microsoft commits to invest only 737,000 euros - 0.0007% of the total turnover of the company for 2006, according to AsSoLi's calculations - in three years, to be subdivided among three research centres. Moreover, AsSoLi notices that, according to the agreement, the investment will not take the form of cash, but will rather be performed "through (the work of) third parties, on the basis of specific needs for hardware products, software, technical support services and training activities". On the other hand, continues AsSoLi, the agreement does not specify what would be the financial burden for the Italian Public Administration. In reaction to what it considered a waste of public money, AsSoLi officially committed to make available to the Italian Government, for a period of five years, training activities, training material, technological solutions and software, either directly or delegating Italian companies specialised in Free Software, for a value of about 10.000.000 euros per year - a total value of 50.000.000 euros. AsSoLi stresses the fact that their offer is absolutely serious. Moreover, AsSoLi conducted a study on the Microsoft Research Center located in Trento (Northern Italy). According to the study, Microsoft invested only 250.000 euros in research activities on their own products, with the Italian Public Administration paying more than 1.800.000 euros. The study was sent to hundreds of representatives of national and local institutions. AsSoLi also announced the forthcoming release of a second study, providing a more thorough assessment of the financial elements in the first analysis. The Italian Government, through its spokesman Mr. Alfonso Lelio, has recently answered AsSoLi's criticisms, stressing that the agreement with Microsoft does not mean that the Government is not interested in investing in Free Software, or is not already doing so, as the Government claims is the case with the latest budget law, where 10.000.000 euros for 2007-2009 are allocated to "Information Society" projects, with an explicit priority to those that "develop or use" Free Software. AsSoLi - Associazione Software Libero http://www.softwarelibero.it/ EDRI-Gram 5.72, "Free software needs to be considered in Italian public acquisitions" (12.04.2007) http://www.edri.org/edrigram/number5.7/free-software-italy AsSoLi offers EUR 10,000,000 to the Italian Government (Italian only, 8.05.2007) http://www.softwarelibero.org/lassociazione-il-software-libero-offre-50-000… Text of the proposed agreement with the Italian Government (Italian only, 8.05.2007) http://www.softwarelibero.org/progetti/proposta_governo Study by AsSoLi on the Microsoft Research Center in Trento (Italian only, 18.05.2007) http://softwarelibero.it/riflessione-politiche-innovazione-ict Answer of the Italian Government to AsSoLi's criticisms (Italian only, 29.05.2007) http://www.lastampa.it/_web/CMSTP/tmplrubriche/giornalisti/grubrica.asp?ID_… (contribution by Andrea Glorioso - Italian consultant on digital policies) ============================================================ 10. Launch of Creative Commons Switzerland ============================================================ On 26 May 2007 the Swiss version of Creative Commons licenses were launched in Zurich at a ceremony held as the finishing highlight of this year's Tweakfest, Switzerland's Festival for Media, Culture, and Digital Lifestyle. The launch was hosted by Digitale Allmend, a Swiss NGO focused on access to digital information and creativity. Openlaw and Digitale Allmend are co-leading the Swiss Creative Commons project in a joint effort. With Switzerland, the Creative Commons licenses are now offered in localized versions in a total of 37 countries around the world. John Buckman, Creative Commons board member and founder of magnatune.com, gave the keynote address, explaining how he developed his website as a successful example of a Creative Commons based business. There was live audio and visual performances by DJ Soult and VJ Set from Pixelpunx.ch who released a number of works under the new Swiss Creative Commons licenses that evening. Urs Gehrig from Openlaw explained the system: "The Creative Commons licensing system simplifies the exchange of cultural goods such as music, video, text and other creative media." "We see the porting of Creative Commons licences to Switzerland as an important step - firstly because the swiss cultural movement will be able to contribute a variety of interesting works to a global creative community and secondly in achieving a more balanced choice for creators when deciding how their works is distributed and accessible." was the declaration of Martin Feuz from Digitale Allmend. During the launch, Creative Commons Switzerland announced several upcoming projects that plan to use the Swiss Creative Commons licenses, including netlabels (starfrosch.ch, sonicsquirrel.net) two online cultural TV channels (kulturtv.ch and rebell.tv) or a video art website (lenarmy.ch). Creative Commons Switzerland http://www.creativecommons.ch/ Digitale Allmend - News and videos from CC Switzerland launch (only in German) http://blog.allmend.ch/ Openlaw http://www.openlaw.ch Tweakfest http://www.tweakfest.ch ============================================================ 11. Germany is preparing the G8 meeting by searching NGOs servers ============================================================ The German government decided to prepare the G8 meeting that will take place during 6-8 June in Heiligendamm, a Baltic seaside resort, by increasing the number of searches and seizures to NGOs and anti-globalization movements offices and servers. During the entire month of May the Federal Prosecutor gave order to the Police in Hamburg, Berlin and other states to search private homes, offices, libraries, social centres or other locations were there were located servers of the anti-globalisation opponents, without making any arrests. The searches and seizures were explained by the German authorities by the possibility to create a terrorist organization by the altermondialist German chapter of the association Attac, a group founded in France to campaign for a global tax on speculative capital movements to finance development aid. The association between terrorism and altermondialism was considered as "scandalous" by the co-president of the Attac France, Aurilie Trouvi, taking into consideration the objectives of the association: democratisation of the international institutions, fight against poverty or the preservation of the natural resources. She rhetorical asked: "Do freedom of expression and democracy stop were the interests of the richest eight countries begin?" Peter Wahl from Attac Germany has underlined the obvious political purpose of this operation: "to discredit the democratic actions that contest the G8 summit. It is an excessive measure that is incompatible with the rule of law." Another measure that the German Government took was the temporary suspension of the Schengen Agreement until 10 June. Every persons travelling to Germany until that date will have to pass the identity and security controls. The German authorities have also banned any demonstration near the resort where the G8 summit will take place. Searches against the alter movements on Germany (only in France, 17.05.2007) http://www.france.attac.org/spip.php?article7093 The police authority Rostock - not the demonstrators - are severely damaging the reputation of the Federal Republic of Germany (17.05.2007) http://www.statewatch.org/news/2007/may/germany-g8-protests.pdf Germany: Police raid G8 activists (5.2007) http://www.statewatch.org/news/2007/may/02germany-g8-raids.htm Despite Germany's Tight Controls, Violence (3.06.2007) http://www.ipsnews.net/news.asp?idnews=38015 ============================================================ 12. Agenda ============================================================ 8 May - 22 July 2007, Austria Annual decentralized community event around free software lectures, panel discussions, workshops, fairs and socialising http://www.linuxwochen.at 11-15 June 2007, Geneva, Switzerland Provisional Committee on Proposals Related to a WIPO Development Agenda: Fourth Session http://www.wipo.int/meetings/en/details.jsp?meeting_id=11927 11-12 June 2007, Strasbourg, France Council of Europe - Octopus Interface 2007 - Cooperation against Cybercrime http://www.coe.int/t/e/legal_affairs/legal_co-operation/combating_economic_… 12 June 2007, Berlin, Germany German Federal Commissioner for Data Protection and Freedom of Information - Symposium "Data Protection in Europe" http://www.bfdi.bund.de/cln_029/nn_533554/DE/Oeffentlichkeitsarbeit/Termine… 14 June 2007, Paris, France ENISA/EEMA European eIdentity conference - Next Generation Electronic Identity - eID beyond PKI http://enisa.europa.eu/pages/eID/eID_ws2007.htm 15-17 June 2007, Dubrovnik, Croatia Creative Commons iSummit 2007 http://wiki.icommons.org/index.php/ISummit_2007 17-22 June 2007 Seville, Spain 19th Annual FIRST Conference, "Private Lives and Corporate Risk" http://www.first.org/conference/2007/ 18-22 June 2007, Geneva, Switzerland Second Special Session of the Standing Committee on Copyright and Related Rights (SCCR) http://www.wipo.int/meetings/en/details.jsp?meeting_id=12744 28 June 2007, London, UK First London CC-Salon organized by Free Culture London and the Open Rights Group http://wiki.creativecommons.org/London_Salon 8-12 August 2007, near Berlin, Germany Chaos Communication Camp 2007 "In Fairy Dust We Trust!" http://events.ccc.de/camp/2007/ 5-11 September 2007 Ars Electronica Festival - Festival for Art, Technology and Society http://www.aec.at/en/festival2007/index.asp ============================================================ 13. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 25 members from 16 European countries. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Tor 0.2.2.16-alpha is out
by Roger Dingledine 06 Jul '18

06 Jul '18

Tor 0.2.2.16-alpha fixes a variety of old stream fairness bugs (most evident at exit relays), and also continues to resolve all the little bugs that have been filling up trac lately. https://www.torproject.org/download.html.en Packages will be appearing over the next few days or weeks (except on Windows, which apparently doesn't build -- stay tuned for an 0.2.2.17-alpha in that case). Changes in version 0.2.2.16-alpha - 2010-09-17 o Major bugfixes (stream-level fairness): - When receiving a circuit-level SENDME for a blocked circuit, try to package cells fairly from all the streams that had previously been blocked on that circuit. Previously, we had started with the oldest stream, and allowed each stream to potentially exhaust the circuit's package window. This gave older streams on any given circuit priority over newer ones. Fixes bug 1937. Detected originally by Camilo Viecco. This bug was introduced before the first Tor release, in svn commit r152: it is the new winner of the longest-lived bug prize. - When the exit relay got a circuit-level sendme cell, it started reading on the exit streams, even if had 500 cells queued in the circuit queue already, so the circuit queue just grew and grew in some cases. We fix this by not re-enabling reading on receipt of a sendme cell when the cell queue is blocked. Fixes bug 1653. Bugfix on 0.2.0.1-alpha. Detected by Mashael AlSabah. Original patch by "yetonetime". - Newly created streams were allowed to read cells onto circuits, even if the circuit's cell queue was blocked and waiting to drain. This created potential unfairness, as older streams would be blocked, but newer streams would gladly fill the queue completely. We add code to detect this situation and prevent any stream from getting more than one free cell. Bugfix on 0.2.0.1-alpha. Partially fixes bug 1298. o Minor features: - Update to the September 1 2010 Maxmind GeoLite Country database. - Warn when CookieAuthFileGroupReadable is set but CookieAuthFile is not. This would lead to a cookie that is still not group readable. Closes bug 1843. Suggested by katmagic. - When logging a rate-limited warning, we now mention how many messages got suppressed since the last warning. - Add new "perconnbwrate" and "perconnbwburst" consensus params to do individual connection-level rate limiting of clients. The torrc config options with the same names trump the consensus params, if both are present. Replaces the old "bwconnrate" and "bwconnburst" consensus params which were broken from 0.2.2.7-alpha through 0.2.2.14-alpha. Closes bug 1947. - When a router changes IP address or port, authorities now launch a new reachability test for it. Implements ticket 1899. - Make the formerly ugly "2 unknown, 7 missing key, 0 good, 0 bad, 2 no signature, 4 required" messages about consensus signatures easier to read, and make sure they get logged at the same severity as the messages explaining which keys are which. Fixes bug 1290. - Don't warn when we have a consensus that we can't verify because of missing certificates, unless those certificates are ones that we have been trying and failing to download. Fixes bug 1145. - If you configure your bridge with a known identity fingerprint, and the bridge authority is unreachable (as it is in at least one country now), fall back to directly requesting the descriptor from the bridge. Finishes the feature started in 0.2.0.10-alpha; closes bug 1138. - When building with --enable-gcc-warnings on OpenBSD, disable warnings in system headers. This makes --enable-gcc-warnings pass on OpenBSD 4.8. o Minor bugfixes (on 0.2.1.x and earlier): - Authorities will now attempt to download consensuses if their own efforts to make a live consensus have failed. This change means authorities that restart will fetch a valid consensus, and it means authorities that didn't agree with the current consensus will still fetch and serve it if it has enough signatures. Bugfix on 0.2.0.9-alpha; fixes bug 1300. - Ensure DNS requests launched by "RESOLVE" commands from the controller respect the __LeaveStreamsUnattached setconf options. The same goes for requests launched via DNSPort or transparent proxying. Bugfix on 0.2.0.1-alpha; fixes bug 1525. - Allow handshaking OR connections to take a full KeepalivePeriod seconds to handshake. Previously, we would close them after IDLE_OR_CONN_TIMEOUT (180) seconds, the same timeout as if they were open. Bugfix on 0.2.1.26; fixes bug 1840. Thanks to mingw-san for analysis help. - Rate-limit "Failed to hand off onionskin" warnings. - Never relay a cell for a circuit we have already destroyed. Between marking a circuit as closeable and finally closing it, it may have been possible for a few queued cells to get relayed, even though they would have been immediately dropped by the next OR in the circuit. Fixes bug 1184; bugfix on 0.2.0.1-alpha. - Never queue a cell for a circuit that's already been marked for close. - Never vote for a server as "Running" if we have a descriptor for it claiming to be hibernating, and that descriptor was published more recently than our last contact with the server. Bugfix on 0.2.0.3-alpha; fixes bug 911. - Squash a compile warning on OpenBSD. Reported by Tas; fixes bug 1848. o Minor bugfixes (on 0.2.2.x): - Fix a regression introduced in 0.2.2.7-alpha that marked relays down if a directory fetch fails and you've configured either bridges or EntryNodes. The intent was to mark the relay as down _unless_ you're using bridges or EntryNodes, since if you are then you could quickly run out of entry points. - Fix the Windows directory-listing code. A bug introduced in 0.2.2.14-alpha could make Windows directory servers forget to load some of their cached v2 networkstatus files. - Really allow clients to use relays as bridges. Fixes bug 1776; bugfix on 0.2.2.15-alpha. - Demote a warn to info that happens when the CellStatistics option was just enabled. Bugfix on 0.2.2.15-alpha; fixes bug 1921. Reported by Moritz Bartl. - On Windows, build correctly either with or without Unicode support. This is necessary so that Tor can support fringe platforms like Windows 98 (which has no Unicode), or Windows CE (which has no non-Unicode). Bugfix on 0.2.2.14-alpha; fixes bug 1797. o Testing - Add a unit test for cross-platform directory-listing code. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: Random chaff [was: more work for Grobbages]
by grarpamp 06 Jul '18

06 Jul '18

I was thinking solely of taps capable of observing user1, user2... usern. If user1 injects 1.21 MB of data on one side, and 1.21 MB of data pops out the other side at injection time + network delay, the users are made. Regardless of whether the observer can see inside the network/crypto or operate in the network. And especially if the net or users are quiet at that time. But if there's chaff present, chaff that is only known to be chaff by the network, or minimally by the recipient and generator, then the game becomes harder. User1 and user2's pipes are always independantly full of cap = ( chaff + wheat). Chaff is requested from the network by the user's node to fill the cap during idle times. The cap could be optional random dynamic, perhaps shrink after some time of no wheat nearing the cap so as to not be needless waste. Users's nodes make [close?] peers just for traffic generation. Tagged and controlled out of band. Involve the client's knowledge that its socks or hidden service ports are generating n kbit/sec of wheat. Middle node link traffic could be similarly managed, albeit without socks/hs knowledge, just bandwidth. Any intelligent cell based clocking or committed rate management within seem very hard when riding on the public internet. So it would just be shoving bits into a hungry mouth until a gag message comes back. Maybe the problem with this idea is that the chaff generation system might not be able to react fast enough when the real wheat travels the pipes. So a 1.21 MB injection might still create some sort of observable ripple at start and end times. The only way it might not is if the pipes are oversubscribed _and_ packet lossy by design, not just having the usual TCP congestion managed slowness. But that would be terrible bad for most user facing applications and stacks. Maybe it is the ripples that need hidden or randomized instead of just filling pipes. > If it turns out that correlation attacks are far more difficult > than the research community thinks It seems safe to presume that near global passive adversaries exist. And certainly ones cabaple of covering various regions. And that offline processing of the mesh of flow information from them is probably within current capabilities. I'm actually amazed we're not seeing canaries kicking off all over the place. Particularly ones involving exits. The advice to run a relay while using the client seems sound due to whatever free chaff it brings. Who knows. Thanks for the links to the anonbib and wiki. I want to read more in the some free time. *********************************************************************** To unsubscribe, send an e-mail to majordomo(a)torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Tor 0.2.2.16-alpha is out
by Roger Dingledine 06 Jul '18

06 Jul '18

Tor 0.2.2.16-alpha fixes a variety of old stream fairness bugs (most evident at exit relays), and also continues to resolve all the little bugs that have been filling up trac lately. https://www.torproject.org/download.html.en Packages will be appearing over the next few days or weeks (except on Windows, which apparently doesn't build -- stay tuned for an 0.2.2.17-alpha in that case). Changes in version 0.2.2.16-alpha - 2010-09-17 o Major bugfixes (stream-level fairness): - When receiving a circuit-level SENDME for a blocked circuit, try to package cells fairly from all the streams that had previously been blocked on that circuit. Previously, we had started with the oldest stream, and allowed each stream to potentially exhaust the circuit's package window. This gave older streams on any given circuit priority over newer ones. Fixes bug 1937. Detected originally by Camilo Viecco. This bug was introduced before the first Tor release, in svn commit r152: it is the new winner of the longest-lived bug prize. - When the exit relay got a circuit-level sendme cell, it started reading on the exit streams, even if had 500 cells queued in the circuit queue already, so the circuit queue just grew and grew in some cases. We fix this by not re-enabling reading on receipt of a sendme cell when the cell queue is blocked. Fixes bug 1653. Bugfix on 0.2.0.1-alpha. Detected by Mashael AlSabah. Original patch by "yetonetime". - Newly created streams were allowed to read cells onto circuits, even if the circuit's cell queue was blocked and waiting to drain. This created potential unfairness, as older streams would be blocked, but newer streams would gladly fill the queue completely. We add code to detect this situation and prevent any stream from getting more than one free cell. Bugfix on 0.2.0.1-alpha. Partially fixes bug 1298. o Minor features: - Update to the September 1 2010 Maxmind GeoLite Country database. - Warn when CookieAuthFileGroupReadable is set but CookieAuthFile is not. This would lead to a cookie that is still not group readable. Closes bug 1843. Suggested by katmagic. - When logging a rate-limited warning, we now mention how many messages got suppressed since the last warning. - Add new "perconnbwrate" and "perconnbwburst" consensus params to do individual connection-level rate limiting of clients. The torrc config options with the same names trump the consensus params, if both are present. Replaces the old "bwconnrate" and "bwconnburst" consensus params which were broken from 0.2.2.7-alpha through 0.2.2.14-alpha. Closes bug 1947. - When a router changes IP address or port, authorities now launch a new reachability test for it. Implements ticket 1899. - Make the formerly ugly "2 unknown, 7 missing key, 0 good, 0 bad, 2 no signature, 4 required" messages about consensus signatures easier to read, and make sure they get logged at the same severity as the messages explaining which keys are which. Fixes bug 1290. - Don't warn when we have a consensus that we can't verify because of missing certificates, unless those certificates are ones that we have been trying and failing to download. Fixes bug 1145. - If you configure your bridge with a known identity fingerprint, and the bridge authority is unreachable (as it is in at least one country now), fall back to directly requesting the descriptor from the bridge. Finishes the feature started in 0.2.0.10-alpha; closes bug 1138. - When building with --enable-gcc-warnings on OpenBSD, disable warnings in system headers. This makes --enable-gcc-warnings pass on OpenBSD 4.8. o Minor bugfixes (on 0.2.1.x and earlier): - Authorities will now attempt to download consensuses if their own efforts to make a live consensus have failed. This change means authorities that restart will fetch a valid consensus, and it means authorities that didn't agree with the current consensus will still fetch and serve it if it has enough signatures. Bugfix on 0.2.0.9-alpha; fixes bug 1300. - Ensure DNS requests launched by "RESOLVE" commands from the controller respect the __LeaveStreamsUnattached setconf options. The same goes for requests launched via DNSPort or transparent proxying. Bugfix on 0.2.0.1-alpha; fixes bug 1525. - Allow handshaking OR connections to take a full KeepalivePeriod seconds to handshake. Previously, we would close them after IDLE_OR_CONN_TIMEOUT (180) seconds, the same timeout as if they were open. Bugfix on 0.2.1.26; fixes bug 1840. Thanks to mingw-san for analysis help. - Rate-limit "Failed to hand off onionskin" warnings. - Never relay a cell for a circuit we have already destroyed. Between marking a circuit as closeable and finally closing it, it may have been possible for a few queued cells to get relayed, even though they would have been immediately dropped by the next OR in the circuit. Fixes bug 1184; bugfix on 0.2.0.1-alpha. - Never queue a cell for a circuit that's already been marked for close. - Never vote for a server as "Running" if we have a descriptor for it claiming to be hibernating, and that descriptor was published more recently than our last contact with the server. Bugfix on 0.2.0.3-alpha; fixes bug 911. - Squash a compile warning on OpenBSD. Reported by Tas; fixes bug 1848. o Minor bugfixes (on 0.2.2.x): - Fix a regression introduced in 0.2.2.7-alpha that marked relays down if a directory fetch fails and you've configured either bridges or EntryNodes. The intent was to mark the relay as down _unless_ you're using bridges or EntryNodes, since if you are then you could quickly run out of entry points. - Fix the Windows directory-listing code. A bug introduced in 0.2.2.14-alpha could make Windows directory servers forget to load some of their cached v2 networkstatus files. - Really allow clients to use relays as bridges. Fixes bug 1776; bugfix on 0.2.2.15-alpha. - Demote a warn to info that happens when the CellStatistics option was just enabled. Bugfix on 0.2.2.15-alpha; fixes bug 1921. Reported by Moritz Bartl. - On Windows, build correctly either with or without Unicode support. This is necessary so that Tor can support fringe platforms like Windows 98 (which has no Unicode), or Windows CE (which has no non-Unicode). Bugfix on 0.2.2.14-alpha; fixes bug 1797. o Testing - Add a unit test for cross-platform directory-listing code. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[silk] World Cyberwar And the Inevitability of Radical Transparency
by Udhay Shankar N 06 Jul '18

06 Jul '18

I see nothing "inevitable" about this (see John Walker's take [2] for an opposing viewpoint), but I respect David's viewpoint, and obviously he's devoted a few decades to thinking about this. Udhay [1] http://www.fourmilab.ch/documents/digital-imprimatur/ __________________________________________________________ http://www.metroactive.com/features/transparent-society.html World Cyberwar And the Inevitability of Radical Transparency How WikiLeaks ignited the first international cyber war and how pro-business laws enacted to promote the growth of Silicon Valley's digital media and technology companies inadvertently nurtured transformation activists shaking up and toppling governments around the world. July 6, 2011 - by David Brin ARE WE heading into an era when light will shine upon everyone, even the mighty? Will the benefits of such an age outweigh the inevitable costs? Recent events that powerfully illustrate these trade-offs range from the WikiLeaks Affairbpublishing a quarter million documents purloined from the United States governmentbto the tech-empowered Arab Spring that followed to the battle being waged on our own streets between law enforcement agencies and citizens who record their activities. Perhaps I come to this topic pre-jaded. In The Transparent Society (1997), I forecast that traditional notions of secrecy would crumble in the early 21st century. For many reasonsbtechnical, social and politicalb"leaks" would grow into tsunamis that carve a radically different world. My 1989 novel Earth portrayed near-future events like massive dumps of military and diplomatic secrets that rattle governments powerless to keep up with amateur cunning and changing values. Prescience aside, this sea change will drive outcomes far more complex than outdated nostrums of left or right. Multiple trends seem to pull in opposing directions. For example, ever since 9/11 and the Patriot Act, many Americans have perceived us entering a nearly Orwellian era, in which the state probes, pokes and scrutinizes us from every angle, and allows corporationsbfrom banks to Google and Facebookbto do the same. Dana Priest and William Arkin, in the Washington Post, fret that we've become a "monitored nation" and world. "(T)he United States is assembling a vast domestic intelligence apparatus to collect information about Americans, using the FBI, local police, state homeland security offices and military criminal investigators. The system ... collects, stores and analyzes information about thousands of U.S. citizens and residents, many of whom have not been accused of any wrongdoing." Is China the future? American companies like Cisco are right now bidding to take part in a project to span the city of Chongqing with 500,000 cameras in an integrated surveillance system. Find that both impressive and chilling? Well, democratic Britain has an even larger camera network. In the future, what separates free and unfree nations won't be the presence of surveillance, but whether citizens are fully empowered to look back. Never before have so many people been empowered with practical tools of transparency. Beyond access to instantly searchable information from around the world, nearly all of us now carry in our pockets a device that can take still photographs and video, then transmit the images anywhere. Will the growing power of elites to peer down at usbsurveillancebultimately be trumped by a rapidly augmenting ability of citizens to look back at those in powerbor "sousveillance"? This issue is being wrangled right now, on our streets. Far more ominous than the WikiLeaks affair is a trend of police officers waging unofficial war against camera-toting citizens, arresting bystanders for digitally recording cops in action. Obsolete wire-tapping and privacy laws are contorted to justify seizure and destruction of recordings made even in public places. We can sympathize with officers doing a harsh, underappreciated job, resenting the addition of one more source of stressbrelentless scrutiny. I appreciate not only the skill and professionalism that helped reduce crime in the United States but also the daily fight for self-control that each officer must wage, under conditions that might send any of us into uncontrollable rage. We all carry hormonal and psychological baggage from the Stone Age ... and from 5,000 years of urban life, when the king's thugs never thought twice before pounding the heads of punks. But times and rules change. We're more demanding now. In fact, most officers are adapting well to our new standards, clenching their teeth and calling "sir" even the most outrageously abusive drunks. I'm proud to know some of these folks and I grasp their worry that some street-corner putz might record a momentary, but career threatening lapse. Yet, how can the assertion that cops deserve "privacy" stand up against our far greater need for accountability? Shall we surrender the only protection that citizens ever had against abusive powerbthe truth? We won't allow it. More to the point, technology won't allow it. For, like Moore's Law, the cameras get smaller, cheaper, more numerous and more mobile every year. When all of this equilibrates, juries, review boards and citizens will make allowances for good people, caught making rare mistakes. We'll have to, if we want our cities patrolled. Ironically, that broad perspective will only evolve once we're convinced we really are seeing it all. That our enhanced vision protects us. If the odds seem to favor citizen-power at street level, others want to apply principles of transparent accountabilitybor sousveillancebto higher echelons of power Clearly a panoply of transparency activists out there, including the folks behind WikiLeaks, think it possible to restore balance in favor of people, by applying copious amounts of light. And, just as clearly, those in high places wince at being scrutinized. (Human nature yet again.) For example, months ago, the U.S. Department of Justice launched a criminal probe of WikiLeaks. Did Julian Assange commit crimes by revealing those secret cables? Are the world's powers shaken to their core, withholding vengeance only because Assange holds "poison pill" revelations in reserve? We've seen a maelstrom of indignant fury with all sides claiming the moral high ground. Banks and credit companies that reject doing business with WikiLeaks have been punished by leaderless networks of online activistsbwho are in turn attacked by "patriotic hackers." Meanwhile, similar cycles of sabotage or theft, followed by retaliation, are seen when hackers from China or the former Soviet bloc invade Western computer systems, compromising either intellectual property or stores of personal identities, or destabilize systems like Facebook and Google that empower citizen movements in other countries. Accusations fly amid a growing cast of intermeshed characters. Is this the full-tilt outbreak of cyber war, with nations and corporations waging battle through deniable proxies? (Frederik Pohl forecast such a dismal cycle in his prophetic novel The Cool War.) We may yet miss the old days, when uniformed soldiers were accountable to national flags. Refocusing back on the WikiLeaks Affair, with every news organization re-publishing his info-spills, is Assange right to call himself a frontline journalist? Because someone else actually snooped the documents in question, and WikiLeaks merely passed them along, is Assange protected by Western constitutional traditions and free speech? David Brin THE MAN WITH THE POISON PILL: Are the world's powers shaken to their core because WikiLeaks' Julian Assange is holding some bigger revelations in reserve? Transparency Pays "Do not revile the king even in your thoughts, or curse the rich in your bedroom, because a bird in the sky may carry your words, and a bird on the wing may report what you say."bEcclesiastes 10:20 An overall trend toward greater openness will be essential to our survival as individuals, nations, and even as a species. We have bet our lives, and our children's, on the continued success of a civilization that provides our material needs better than any other. One that has inarguably fostered greater levels of lawful peacebboth per capita and for billions worldwidebthan any predecessor. It also engendered both social mobility and repudiation of prejudice to a degree thatbif woefully unfinishedbno prior society ever matched. Nor could any combination of others equal our rate of discovery and new learning. Even the way we are self-critical and unsatisfiedbangrily rejecting braggart paragraphs like the one above and focusing instead on further improvementsbeven that reflex is consistent with a civilization that has real potential. One that would have stunned our ancestors. Underlying all of this is the positive-sum notion that a competitive society doesn't have to be strewn with ruined losers. In some kinds of games, one player might win more than othersbe.g., getting richbbut the outcome leaves everybody way ahead, even the "defeated." That may sound absurdly sunny. Cheating abounds and capitalism always teeters toward the old pit of feudalism. Still, enlightenment civilization's major decision-making componentsb markets, democracy, science and justicebreally have delivered positive-sum outcomes a lot of the time. We are living proof. Here's the key point: All four of those human problem-solving arenasbmarkets, democracy, science and justicebflourish only in light, when all parties get to see. When darkness prevails, they wither and die. Specifically: Open markets depend on maximizing the number of knowing buyers, sellers and competitors. (Adam Smith despised the secret conniving of oligarchs and blamed thembnot socialistsbfor market failures.) Democracy only functions well when vigorously engaged in by knowing and curious citizens. Our third and fourth pillarsbscience and justicebcannot function in darkness at all. These four backbone components count on the same, core innovationbreciprocal accountabilitybto foster creative competition and to check our natural human penchant for cheating. If 4,000 years of history demonstrate one thing, it is that you will cheat, if there isn't plenty of light to stop you. Yes, I'm talking about you. And me. The obvious conclusion? Anyone who demands extended secrecy should face a burden of proof. (See Note 1 below) Now, let's be clear. The Enlightenment is about pragmatism, and no purist dogma is ever 100 percent right, even transparency. For example, one topic calling for negotiated compromise is personal privacy. And few claim that a military can function entirely in the open. Not yet, at least. (See Note 2) The WikiLeaks Case exposes several more areas where limits to transparency are open to intense debate. So here's the question: To what extent do governments have a need or right to keep secrets from citizens? And who should decide when government leaders have crossed the line? My answer is default openness, with a steadily rising burden of proof for institutional secrecyba pragmatic but unswerving movement toward a world of accountability and light. Nevertheless, it is a burden of proof that can be met! Not all secrecybeven government secrecybis automatically evil. WikiLeaks founder Julian Assange prescribes a different answer: zero tolerance. Immediate and radical transparency. Moreover, the decision to reveal government secrets can be made ad hoc and peremptorily by an individual. One who never voted for or againstbor paid taxes tobthe government in question. (See Note 3) David Brin THE WORLD IS WATCHING: The successful revolt in Tunisia was fueled by a protest movement that knew about the power of hand-held media, like cell phone cameras. The Trend Forward Of course, our Enlightenment experiment is about much more than markets, science, democracy and justice. These institutions fail without spirited citizen involvement. Laws against racism would be futile without the inner changes of heart that millions have performed, in two short generations. Deep underneath their bickering, republicans and democrats share a mental reflexbSuspicion of Authority (SOA)bthat goes back generations, differing mostly over which elite they see looming as a potential Big Brother, even while making excuses for the elites they prefer. In a sense we all want more transparency and light ... to shine on groups that we dislike. Do average citizens really matter? They may seem feeble compared to influential elites: power brokers of government, wealth, celebrity, criminality, corporations and academia. But this changes when individuals band together in new-style nongovernmental organizations on the front lines of the transparency fight. Take Peter Gabriel's Project Witness. PW buys up last year's video equipment, in cheap lots, then hands crateloads of cameras to activists, in places where fighting for democracy can take prodigious courage, spreading accountability at the local level where it affects lives, a few hundred at a time. Drawing attention to ten thousand small struggles, they show how a little added light can save or empower the next Nelson Mandela. (See www.Witness.org for details.) Some efforts that are rebelliously pro-freedom can't exactly be called "pro-transparency." A decade ago, the fad among hackers was encryptionbpromoting a quaint notion that the scales of justice can be balanced in all directions, if everyone were somehow kept blind to each others' identities. Some Assange allies, like Jacob Appelbaum, distribute a system called Tor that empowers dissidents living in oppressive states to communicate with messages that are cleverly enciphered and rerouted. While the cypherpunks' dream of crypto-empowered world paradise is impractical on many levels, it has proved useful to whistle blowers. See http://www.readersupportednews.org/off-site-news-section/368-wikileaks/4402… What these and other endeavors share is a pragmatic approach to spreading liberty and accountability. If all the world's people become habitual defenders of freedom and accountability in the local realms that affect them most, where individual action can be effective, then, as Alexis de Toqueville showed two centuries ago, those habits will propel us along the spectrum of progress, whatever happens on the Olympian heights of pompous presidents and tycoons. Indeed, steps toward new-era transparency are even taking place at the highest levels. The Obama administration claims to have cut away at the Everest-high pile of classified documents left by its predecessors and to have tightened rules for who can declare something secret, and when. Meanwhile, even in Switzerland, Alpine haven for elite confidentiality, changes may be afoot. A Swiss-based banking consortium has proposed new codes under which financiers' compensation packages should be more transparent to investors. Are these steps toward transparency sincere? Will they be enough, when people in developing nations demand a return of lucre stolen by their ex-dictators? See: http://www.smh.com.au/business/bank-body-urges-pay-shakeup-20101228-1999r.h… Leak to History We aren't the first generation in this struggle. Today's inventors of freedom-friendly toolsbfrom anonymizers and re-routers that evade censorship to sniffer-correlators that help average folk peer past elite veilsbseem blithely ignorant of just how old and difficult the problem has been. These self-styled paladins of a new era should recall that our principal weapon in defending freedom and hope predates the Internet by more than 200 years. It has roots in 18th-century pamphleteers, in the constitutional deliberations of Philadelphia and (yes) even in the old-fashioned nations that still make up the foundation of our Enlightenment. A foundation that some of the folks at WikiLeaksbin their righteous self-congratulationbtend to ignore, even though they count on it for their very lives. Indeed, what is the worldwide blog community, other than a vast expansion of the sensor web that we all had, in our tribes and villages of old, when gossip revealed even the peccadilloes of the chiefs? Notable among the tattles spilled by WikiLeaks were Sarah Palin's hacked email messages, a banned report on assassinations and torture enacted by Kenyan police, the confidential membership list of a British neo-fascist party and tens of thousands of classified documents related to the war in Afghanistan. A year ago, the website stirred up an international furor by publishing emails purportedly showing scientific collusion among global-warming experts. An aside. Was the last revelation an attempt to "spread the love" and prove non-leftist evenhandedness? Or a manifestation of Assange's eagerness to spill whatever would get him headlines? We may never know. But carelessness in that casebfailing to investigate his source or understand the contextbput in question Assange's long-standing claim to be a "journalist." Indeed, one major drawback of splurge-type leak sites is their susceptibility to be used as unwitting proxies in battles among hidden giants. WikiLeaks' first major media breakthrough came in April 2010. At a press conference in Washington, Assange unveiled a 2007 combat video from the view of an American Apache helicopter in Iraq, repeatedly opening fire on a group of people on the ground, including some in a van that approached and began helping the wounded. The soldiers' giggling, game-boy background commentary was deeply disturbing. But the event that catapulted WikiLeaks into the forefront of international attention, making Assange a 2010 finalist for Time magazine's "Person of the Year," was the page-by-page release of more than 250,000 State Department "cables" and other documents, allegedly swiped by a U.S. Army private, giving the world an unprecedented view of the chatter and candid views of American diplomats. When WikiLeaks tweeted that "The coming months will see a new world, where global history is redefined," we saw the extent of its preening confidence and pro-transparency ambition. Nor were U.S. government secrets to be anything more than an appetizer. Promised soon? Tens of thousands of documents from a major U.S. banking firm, then material from pharmaceutical corporations, finance and energy companies. Again, the deep justification is undeniable. We'll soon face a rising flood of technological breakthroughs that could either benefit us all or else do jagged harm to humanity and the world. With hard decisions and tipping points coming ever-faster, we'll do betterband possibly even survivebif each crisis-choice is debated openly. (See Note 4) Essential precursors for WikiLeaks go way back. But for legal guidance, most observers have been zeroing in on the Pentagon Papers affair, when Daniel Ellsberg released documents showing how the U.S. government lied or manipulated perceptions during the Vietnam War. Assange is relying on precedents from that era to stay free and in business. Unlike Britain, whose Official Secrets Act gives the state power to pre-censor journalists or penalize them for publishing forbidden information, the United States Government (USG) has less legal standing to go after leakers. Even the 1917 Espionage Act, passed in a xenophobic rush during World War I, only decrees punishment for unauthorized possession of national defense information if it is thereupon given to "any person not entitled to receive it," and if the provider has reason to believe it "could be used to the injury of the United States or to the advantage of any foreign nation." As interpreted by courts during the Pentagon Papers era, this law leaves a pretty generous out for journalists who passively receive such secrets and then publish them. The government bears an appropriately steep burden of proof to show not only that there was substantial "injury" or foreign "advantage," but that the journalist also had strong reason to expect this. Note that this is a separate matter from prosecuting the individual who gathered and leaked the information, in the first place. Any person who either invaded a USG database to access files or who violated a position of trust in order to remove them, has broken a number of other laws, for which penalties can be severe. In the current case, U.S. Army Private Bradley Manning awaits court martial for swiping the State Department and Pentagon files that made Assange an international figure. Although somebe.g., Berkeley city councilmembersbhave called Manning a hero and a martyr, few expect Manning to evade punishment. Assange is another matter. The gaps that currently make it hard to prosecute him include provisions under Section 230 of the 1996 Communications Decency Act that offer a safe harbor for online "middle parties," protecting them from liability for passing along most kinds of material they receive from an initial content provider. In fact, current law cuts both ways. The same regulations also protect those companies who have acted to cut off, or hem-in, WikiLeaks. As Nancy Scola put it, on the Personal Democracy Forum: "Section 230 is one of the fundamental reason why the United States is a friendlier nation to the Internet and to building Internet businesses than so many others are. But the flip side of 230 is that companies are also given protections for taking down from their services content that they find objectionable. And when it comes to Wikileaks, we're arguably seeing companies that have been given so much freedom by Section 230 running and hiding behind its protections when the heat is on." Initially, the Pentagon acknowledged that no person or vital national interest appeared to have been harmed by WikiLeaks. This reassurance came into question in December with a W-leaked list of overseas sites potentially both vulnerable to terrorist attack and of critical importance to the United States. This seems to undermine any claim that the documents were vetted to reduce potential for harm. Yet, this affair is rich in irony. For example, is it totally coincidence that the recent Arab Spring movement spread across North Africa and the Middle East just after WikiLeaks spilled all those State Department cables? Confidential memos that revealed how deeply our foreign service officers and diplomats despised the dictators they had to deal with? One net effect was to mute any anti-American theme among the young democracy activists. Geopolitically, this unintended result may outweigh all the harm that Assange thought he was doing to the U.S. government! We need to remember the big picture: that if doses of transparency are sometimes discomfiting or inconvenient to the leaders and agencies of a clumsy-but-well-meaning democracy, those same doses are often downright lethal to our enemiesbelites of criminality or fanaticism or obstinate despotism. Ultimately, if we are led by smart people, they should see that the historical role of the United Statesband its best interestsbwill be served by adapting quickly to a worldwide secular trend toward more light. In fact, abetting this trend should be a central strategic goal for America and its allies, since this trend leads to victory for our type of civilization. Geeks Strike Back What about all that talk of "cyber-war"? The cyber-activist community lined up en masse to defend Julian Assange. For example, Anonymous, a leaderless group of activist hackers, has avowed credit for denial of service attacks on Mastercard, in revenge for that company cutting off payment flows to WikiLeaks. Attacks have also targeted PayPal, Amazon, VISA and other companies. When Post-Finance, the Swiss national postal bank, froze Assange's account because he falsely claimed local residency on his deposit forms, this drew vigorous assaults by hacker activists, or hacktivists. (Hypocrisy alert: When has such a lapse ever before bothered Swiss bankers?) "Corrutpt governments of the world," began a recent message on the Anonymous group's YouTube site. "To move to censor content on the Internet based on your own prejudice is, at best, laughably impossible, at worst, morally reprehensible." In a few short weeks, simply by appealing for volunteers, the Anonymous group recruited more than 9,000 computer owners in the United States and 3,000 in Britain to download the software to incorporate their machines into the network that attacks WikiLeaks' enemies. See http://www.guardian.co.uk/media/2010/dec/11/wikileaks-backlash-cyber-war Via a supportive online "tweet," Electronic Frontier Foundation co-founder John Perry Barlow told the Anonymous hackers, "The first serious info war is now engaged. The field of battle is WikiLeaks. You are the troops." See http://articles.latimes.com/2010/dec/10/business/la-fi-cyber-disobedience-2… http://articles.latimes.com/2010/dec/10/business/la-fi-cyber-disobedience-2… Resistance Is Feudal In The Transparent Society, I profiled members of this loose international community, whose mixture of brilliant skill, individualism and light-weight transcendentalism seems to hark back at least to the Freemasons, or perhaps the Jesuits, if there is any useful precedent at all. Evidently, they are the purest products of a Western Enlightenment that they alternately revere and spurn with dripping contempt. A force to be collectively reckoned with, they also tend toward utter confidence in their superior spycraft, as well as blithe assurance that history is on their side. However, there are drawbacks to the notion of cyberpunks as combatants. Their proposed "army" combines all the worst traits of a militant underground and a chaotic schoolyard. The Anonymous network, for example, operates as a collective in which control devolves to whichever members just happen to be signed in, at any particular moment. At present, that model works, because the tasks are simplebto shuttle some encrypted files around, to share and coordinate some hack-attack programs among a few thousand volunteers ... or perhaps a few tens of thousands of bystanders who have inadvertently let themselves be hijacked in a botnet. Fine, so far. But this model will break down when it is discovered that the National Security Agencybthrough several hundred feigned identitiesbcan sign in and simply vote itself control, whenever it so chooses. Or take the pathetic case of Bradley Manning, the bored, low-level nerd-in-uniform who let his daydreaming ennui get the best of him in dusty Iraq. When Manning impulsively decided to copy those documents off SIPRNet, he took all sorts of precautions to keep the theft from being noticed and to encrypt the documents' transmission to WikiLeaks. Then he bragged about it to a supposedly trustworthy hacker confidante, who promptly sold him out. There is an endearing air of naivete in all the bellicose "war" talk, coming from hacker-nerds whose principal experience with combat is World of Warcraft. Few have studied the history of revolutionary movements and methods in detail, the ancient techniques used by rebels and secret police in deadly cat-and-mouse games stretching back from the KGB and Gestapo, through czarist Russia, Ching and Tang China, Babylon and across 4,000 years of recorded history. Like bribery, blackmail, co-opting, threats to loved-ones ... and quiet disappearance. Few of these age-old methods will be inconvenienced by geeky methods like cryptography. If things truly were as dire as some hackers romantically claim, if our civilization is already like those other despotisms and if these would-be freedom fighters really are our last-best hopebthen one can wish they would preen less and study-up history more. For all our sakes. Sensible Steps Ultimately though, even the WikiLeaks model is untenable. For all of the hacker chic, such quasi-institutions are lead by a few identifiable people. If the cyber-mythos is correct, it represents at-best an intermediate phase on our path to a universally empowered, all-knowing citizenry. A path better served by pragmatic, incrementalist reformers. Take an endeavor loosely led by Peter Sunde, one of the founders of the anti-copyright Pirate Bay website. Techie activists hope to construct an alternative, decentralized, peer-to-peer (P2P) system that would continue to use today's Internet infrastructure but bypass the internet "phone book" maintained by the Internet Corporation for Assigned Names and Numbers. As the only semblance of an Internet governing body, ICANN has one slim authoritybover the 286 "dot" domains (.com, .net etc.), but even that narrow power offends the anti-authority spirit of young netizen anarchists like Sunde. (See Note 5) If their plan works, according to Paul Marks of The New Scientist, "a sort of shadow Internet could form, one in which legal action against counterfeiters and copyright scofflaws would be nearly impossible." Some other options are already simmering, and these seem even harder to prevent, at least in a minimally free society. For example, if the forces of net neutrality lose every coming regulatory and legislative fight, leaving both the old web and "Internet 2" firmly in the grasp of major corporate and state interests, this will only propel alternative, peer-to-peer systems to abandon standard pipes and fiber, taking flight to rooftop transceivers and nodes that are completely citizen-owned or which use cell phone networks. And if every advanced nation bans such P2P systems? Then they will flourish in the developing world, giving those rising countries a competitive advantage. These are a few samples of the innovations that loom on the horizon. In them we see, distilled, a core difference between two kinds of transparency activists: pragmatic techno-incrementalists and the hacker-idealists. One hacktivist told me: "Governments and corporatists can plug every hole, but new leaks will pop open. Information wants to be free, and nothing will avail the federal mastodons and company sloths, or prevent new hemorrhages till they bleed to death." To net-mystics, that is more than just an assertion, to be tested by unfolding events, but a catechism of faith, like in old-timey religions, or the communist teleology that few of them have read. We transparency pragmatists know better. History shows that light can fail. It has failed, far more often than not. Ask Pericles. Ask the Gracchi, the Florentines and the Weimar liberals. For light and openness to cleanse this civilization and make it succeed, we'll need practical innovations and negotiated compromises, sometimes taking one step sideways, or even backward, for every three steps forward. It may be polemically unsatisfying to purists, but the general, overall, forward trend is worth fighting for. Even compromising for. How were racism and sexism reduced and driven largely into ill-repute, during our lifetimes? Partly through the self-reforming of millions of individual hearts ... but also through new laws, passed by growing citizen consensus, utilizing those enlightenment processes of science, justice and democratic government. And to whatever extent humanity is now finally heeding our duty as planetary managers, don't we owe a lot to government-funded research and wave after wave of environmental laws? More practically speaking, what chance will Project Witness, or Transparency International, or citizen camera-wielders, or the Chinese local democracy activists have, if the general background tone of international morality and law ceases to be led by Western Enlightenment nations? In part, the libretto sung by Assange and his supporters seems more libertarian than socialist ... or else perhaps its anti-government rhetoric harkens back to quaint traditions of anarcho-socialism. Either way, in their gleeful adoption of the wild and open Internet as a model for a low governance utopia, aren't they forgetting where the Internet came from? Or the full context of their struggle? Consider: These fellows are heroes only if you assume that freedom for individuals, accountability for the mighty, fair competition, steady progress, social mobility, flattened power hierarchies and honest-open discourse are all ultimately desirable things. I happen to agree. Only remember, these traits were never highly rated in most human societies, where obedience, ritual, type-purity and conformity were far more highly valuedband where "innovation" was often a dirty word. In other words, Assange, and the hacktivists and their supporters are only heroes under the light cast by a narrow, individualist culture that still has all the historicalbeven biologicalbodds stacked against it. Any other society would have, by now, simply taken their heads and been done with it. Raised by that same culture, I want Assange and his supporters to keep their heads! I want WikiLeaks ...or something better...or many better things ...to stay in business. Because the over-reaction that some of the hacktivists seem bent on provoking will do no good for the overall cause. The hope, expressed somewhat more aggressively by "Valkyrie Ice" in h+ Magazine, is that "It really doesn't matter whether Wikileaks is stopped or not. It's just the opening salvo in the final war between unaccountable elitism, and accountable equality, and there is only one real possible outcome, though there may be many partial victories for those who seek to remain unaccountable. It may take decades, but the future will belong to Transparency." See http://www.hplusmagazine.com/editors-blog/wikileaks-war-between-secrecy-and… I hope the optimists prove right. Nevertheless, look around the world today. The Enlightenment is still hard beset by forces that would undermine or ruin it, either from the outside or within. Forces bent on restoring those olderband possibly more inherently humanbways of operating. Need for Nations Here is where we pragmatist pushers-of-transparency differ from the romantics. Across the last 300 years, flags and nations and governments mattered. They have been clumsy, blunt instruments, but the nations that livedbeven crudelybby Enlightenment codes propelled a great experiment in human living that departed from the old ways. Furthermore, the nations that express general fealty to rights and accountability and justice and science are still "rebels" in a world where human nature keeps conspiring to drag us down again, into feudalism. We have to watch these public organs carefully. Our hired watchdogs can all-too easily become wolves. If you tell me that you want to spread transparency and accountability throughout all Western governments, I am with you! You say you want to change the Constitution? Well, we'd all love to see your plan. More generally, at this critical juncture in history, with existential threats looming on every horizonbalong with a glimmering promise that we may instead become a wise and decent star-traveling speciesbthe matter is more critical than ever. We cannot afford anymore the all-too-human tendency for leaders to decide our fate in secret. Not even "for our own good." Reciprocal Accountability remains our only real hope. And to whatever extent that WikiLeaks has helped push health-inducing transparency forward, I am guardedly grateful. While I find the whole event over-rated and a bit yawn-worthy, more a stunt than a model for truly sustainable openness, the effects ought to be salutary. But I have a larger goal that I hope you'll share: To achieve lasting victory for this new way of life. A way of life that may stymie, finally and forever, the old feudal temptations that have always erupted to quash freedom. A way of life that may take my sane, rich and happy grandchildrenband the sane/rich/happy grandchildren of today's poorest AIDS victim in Zimbabwebto the stars. Clearly, in order to get there, we will need a wide range of new toolsband some of the old ones, too. And that means Western governments will remain key instruments for quite some time. If watched, if fine-tuned and kept honest, they will continue to play a role as we cross the danger gap, ultimately reaching a place that is good and just and filled with light. Portions of this article were excerpted from a book in-progress. David Brin's bestselling novels, such as Earth and Kiln People, have been translated into more than 20 languages. The Postman was loosely Kevin Costnerized in 1998. The Transparent Society won the nonfiction Freedom of Speech Award of the American Library Association. His next novel, Existence, portrays the minefield of dangers ahead, and our potential to survive. NOTES #1 May I pause to lay down a couple of background fundamentals that should be obvious to anyone? Basics that ought to inform all of our arguments about transparency? * The greatest human talent is self-delusion. (Often propped-up by another, our penchant for self-righteousness.) Across recorded history, delusional leaders were responsible for countless horrific errors of statecraft, though it was common folk who suffered. Yet, ruling castes always made it their top priority to limit criticism, the only thing that might have corrected their mistakes. This dire contradiction propelled much of the tragedy of the last 4,000 years. (http://www.davidbrin.com/addiction.htm) * The one palliative that has ever been found to correct this human fault has been Reciprocal Accountability (RA). This entirely new invention of the Western Enlightenment is the key ingredient of Democracy, Markets, Science and egalitarian Justice. We may not, as individuals, be able to penetrate our own favorite delusions, but others will gladly point them out for us! And we happily return the favor, by pointing out our adversaries' mistakes. That is the simple basis of RA... and it can only happen in a general atmosphere of freedom. (See Note 4) It can only happen where most of the people know most of what is going on, most of the time. It's easy to see why Reciprocal Accountability took so long to emerge. (Though Pericles tried it, in Athens.) RA may help a society to thrive economically, to gain social mobility, liberty, fairness and the rapid advancement of knowledge. But it is also highly inconvenient to elites! In fact, it acts to separate the good of society from the good of the ruling caste. This will prove a critical distinction, as we dissect the WikiLeaks imbroglio. Reciprocal Accountability is the pragmatic reason for the First Amendment, entirely independent of morality and sacred "rights." Another way to put this is with an aphorism and acronym CITOKATE: Criticism Is the Only Known Antidote to Error. #2 This matter takes up several chapters of The Transparent Societyband soon I'll comment on something closely related: the Great Big TSA Mess. #3 This distinction is an important, if quirky one, in the light of basic justiceba topic about which Assange lectures us, incessantly. A democratically elected government can be viewed as the property of its voting, taxpaying citizens. It is the right and responsibility of those citizens to ensure that their government is suitably accountable and just. But, given that they own the government, what right does an outsider have to steal the property of that government and to diminish the government's value as a useful tool of that owner-citizenry? I do not have a pat answer to this quandary. Indeed, since Daniel Ellsberg was a citizen-owner, having voted and paid taxes, was he inherently more vested and rightful in diminishing the government's current stature, in an investment in its future improvement? I point it out because it reduces the issue to one of tort/harm. Assange argues that the only "other" that he has harmed is the separate entity of the U.S. government. But there is some level where the link between that institution and its owners cannot be ignored. It is relevant. In abstract, those United States citizens are the putative injured parties and Assange is answerable to them. He bears some burden of proving that he has not done them actionable harm. #4 Indeed, perhaps unintentionally, the late author of thriller novels, Michael Crichton, implicitly supported the argument for general transparency in an ironic way. Examining all of his plots, one finds a single common element that underlay every disastrous misapplication of technology that he railed against. A prevailing fetish for secrecy that insulated his villains from inspection, criticism, accountability or reproach. The often ridiculous errors made by those villains would not and could not have happened, if general transparency and light had prevailed. An interesting illustration from the world of fiction. #5 I wonder where Assange would stand, on this issue, if he had been born an aristocrat. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[Freedombox-discuss] Moxie Marlinspike talk: Changing Threats To Privacy: From TIA To Google
by Rob van der Hoeven 06 Jul '18

06 Jul '18

Came across a great talk by Moxie Marlinspike at Defcon 18. Changing Threats To Privacy: From TIA To Google download: https://media.defcon.org/dc-18/video/DEF%20CON%2018%20Hacking% 20Conference%20Presentation%20By%20-%20Moxie%20Marlinspike%20-% 20Changing%20Threats%20To%20Privacy%20From%20TIA%20to%20Google%20-% 20Video.m4v Enjoy, Rob. http://freedomboxblog.nl _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss(a)lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Cato TechKnowledge: The Feds Want To Write Your Software
by Wayne Crews 06 Jul '18

06 Jul '18

The Feds Want To Write Your Software Issue #15 August 6, 2001 by D. T. Armentano In Ayn Rand's famous 1957 novel, Atlas Shrugged, unconstrained politicians end up destroying the U.S. economy by regulating (among other things) invention and product innovation. In that vision, new products that would revolutionize an industry-and put less efficient competitors out of business-have to be controlled and even suppressed by government so that no company has an "unfair" advantage and everyone has an equal chance to compete. Critics savaged Rand's thesis arguing that she had portrayed regulators as political lunatics. The critics opined smugly that this sort of innovation regulation could never happen here. Well, tell that to Microsoft. For almost a decade, Microsoft has battled federal and state antitrust authorities over its right to freely innovate in the marketplace by integrating its Web browser, Internet Explorer, with its proprietary Windows operating system. Microsoft claimed that consumers wanted integrated functionality because it was easier and cheaper to use, while the feds maintained that competitors (such as Netscape) were put at a competitive disadvantage by integration and could be injured by it. After a contentious trial and a recent appellate court decision, the basic antitrust issues are still unresolved. The current innovation controversy is over Microsoft's soon-to-be introduced operating system, Windows XP, which has features that will steer consumers to Microsoft's own proprietary products and allegedly injure rivals such as America Online and Eastman Kodak, among others. The Senate Judiciary Committee has already scheduled hearings in September to consider, as committee member Charles Schumer (D-N.Y.) recently put it, whether the design of Windows XP could cause "great harm to consumers, as well as competing companies." Never mind that no one (including the government's expert witnesses at the antitrust trial) produced a shred of evidence that any of Microsoft's previous innovations injured consumers. And never mind that the antitrust laws are not intended to protect competitors from consumer-friendly innovation, and that to do so would betray any alleged consumer-protection mission. Never even mind that no law in the U.S. mandates that a firm must structure its innovation to make competitive life easier for its rivals. Put aside all of that and consider the following: Do you really want the likes of Sen. Schumer and Senate Judiciary Committee chairman Herb Kohl (D-Wis.) writing your future computer software? There are several reasons why the answer to that question must be an emphatic "no." The first is that the new Microsoft XP operating system is Microsoft's property; Microsoft invented it, owns it, and has a moral as well as legal right to it. That right allows Microsoft to determine what the software will do and who will use (license) it and on what terms. Any government regulation of a company's right to use its own property in a peaceful manner-and trade with consumers is entirely peaceful-is an illegitimate taking and a violation of the company's property rights. Second, political control over product innovation is monstrously inefficient, as Ayn Rand illustrated in her novel. Sen. Schumer is concerned about AOL and Kodak only because those firms (and jobs and votes) are in his political district demanding "protection" from Microsoft's newest innovation. The implication is that any time competitors feel threatened by a rival's innovation, the politicians will hold hearings and threaten to regulate the offending innovator. Under those terms, future productivity and growth in the U.S. economy will be held hostage to pandering politicians and politically connected corporations seeking shelter from the process of creative destruction-to advance an absurd politically correct notion of competition. Microsoft's representatives have already been invited to appear before the Judiciary Committee hearings in the fall. As Ayn Rand would say, the government needs Microsoft's expertise and cooperation to help lend credibility to the regulation of Windows XP, a "sanction of the victim" so to speak. To assert its rights, Microsoft should boycott the hearings and deny the feds any legitimate sanction. Let's get the true nature of the "hearings" out in the open. Innovation regulation is a counterproductive and immoral high-tech intrusion. Those about to be targeted need not cooperate. D. T. Armentano (ArmentaD(a)irene.net) is professor emeritus in economics at the University of Hartford (Connecticut) and an adjunct scholar at the Cato Institute. He is the author of Antitrust and Monopoly (Independent Institute, 1998) and Antitrust: The Case for Repeal (Mises Institute, 1999). To subscribe, or to see a list of all previous TechKnowledge articles, visit http://www.cato.org/tech/tk-index.html (Additional Cato analyses of the Microsoft case include Robert Levy, "Microsoft Redux: Anatomy of a Baseless Lawsuit," September 30, 1999, http://www.cato.org/pubs/pas/pa352.pdf ; and Robert Levy and Alan Reynolds, "Microsoft's Appealing Case," November 9, 2000, http://www.cato.org/pubs/pas/pa385.pdf. ************************************************************************** Subscribe to Freematt's Alerts: Pro-Individual Rights Issues Send a blank message to: freematt(a)coil.com with the words subscribe FA on the subject line. List is private and moderated (7-30 messages per week) Matthew Gaylor, (614) 313-5722 ICQ: 106212065 Archived at http://groups.yahoo.com/group/fa/ **************************************************************************

1 0

EDRI-gram newsletter - Number 5.11, 6 June 2007
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 5.11, 6 June 2007 ============================================================ Contents ============================================================ 1. CSS protection used in DVDs is "ineffective" 2. RFID Expert Group - Kick Off 3. The European Parliament voted for stronger data protection 4. IPRED2 on the DROIPEN table 5. The French Ministry of Interior has a new interception platform 6. Legislation banning "hacking tools" in Germany 7. French State Council allows tracing P2P users 8. Slovenian intelligence agency scandal 9. Italian Government criticized by Free Software Association 10. Launch of Creative Commons Switzerland 11. Germany is preparing the G8 meeting by searching NGOs servers 12. Agenda 13. About ============================================================ 1. CSS protection used in DVDs is "ineffective" ============================================================ In an unanimous decision on 25 May 2007, the Helsinki District Court ruled that Content Scrambling System (CSS) used in DVD movies is "ineffective". The decision is the first in Europe to interpret new copyright law amendments, based on EU Copyright Directive of 2001, that bans the circumvention of "effective technological measures". According to both Finnish copyright law and the above-mentioned directive, only such protection measure is effective, "which achieves the protection objective." The background of the case was that after the copyright law amendment was accepted in 2005, a group of Finnish computer hobbyists and activists opened a website where they posted information on how to circumvent CSS. They appeared in a police station and claimed to have potentially infringed copyright law. Most of the activists thought that either the police did not investigate the case in the first place or the prosecutor dropped it if it went any further. To the surprise of many, the case ended in the Helsinki District Court. Defendants were Mikko Rauhala who opened the website and a poster who published his own implementation of a source code circumventing CSS. According to the court, CSS no longer achieves its protection objective. The court relied on two expert witnesses and said that "since a Norwegian hacker succeeded in circumventing CSS protection used in DVDs in 1999, end-users have been able to get with ease tens of similar circumventing software from the Internet even free of charge. Some operating systems come with this kind of software pre-installed." Thus, the court concluded that "CSS protection can no longer be held 'effective' as defined in law." All charges were dismissed. The defendant's counsel Mikko Vdlimdki explains for EDRI-gram that he "first proposed to the court an interpretation where a protection measure is ineffective when technical experts can circumvent it. The court did not buy that one. Instead, it adopted my secondary proposal where the efficiency test is based on the ability of random end-users to circumvent." He explains that "this should not affect DVD Copy Control Association CCA (DVD CCA - the California group that licenses CSS to DVD player manufacturers in Europe and Asia), or the movies studios. My understanding is that DVD CCA is interested in their player manufacturing monopoly and license income from Asia, not random Linux users who buy DVDs." A DVD CCA spokesman has confirmed that they are aware of the decision, but they "do know that in the US, courts have ruled CSS to be effective, viable protection." Vdlimdki also explained why this decision is important in the European context : "Relevant sections of the Finnish copyright law are copied verbatim from the directive. I think any European court with common sense would end up in the same interpretation." The defendant Mikko Rauhala is also happy about the judgement: "It seems that one can apply bad law with common sense, which was unfortunately absent during the preparation of the law". However, the prosecutor announced she would appeal the decision and might ask the Finnish Copyright Council for an opinion on the interpretation of "effective". The Helsinki Court of Appeal is not expected to rule until 2008. Finnish court rules CSS protection used in DVDs "ineffective" (25.05.2007) http://www.turre.com/blog/?p=102 English translation of the judgment http://www.turre.com/css_helsinki_district_court.pdf Keep on hacking: a Finnish court says technological measures are no longer "effective" when circumventing applications are widely available on the Internet (25.05.2007) http://www.valimaki.com/docs/finnish_css.pdf Case Could Signal Weakening Of Digital Rights Management In Europe (4.06.2007) http://www.ip-watch.org/weblog/index.php?p=639&res=1024_ff&print=0 ============================================================ 2. RFID Expert Group - Kick Off ============================================================ Following the public consultations on RFID last year, the European Commission announced the creation of an RFID Expert Group to assist in drafting the future RFID strategy. The group's kick-off meeting was held in Brussles last week. EDRi was invited to participate in the group. The Group has been established for two years and includes representatives from the industry, standardisation bodies and the civil society. The EU data protection authorities participate as observers. In the past years digital rights organisations have continuously expressed their strong concerns regarding the implications the usage of RFID may have on privacy. The public consultation on RFID confirmed that these concerns were shared by a majority of the respondents and that safeguards were needed to ensure the protection of personal data and privacy. RFID technology may be used to collect information on directly or indirectly identified persons or to track and trace people's movements in the workspace and in public areas. Therefore privacy and security will be the first topics the group will work on. Input from the group will be taken into account by the European Commission when preparing a Recommendation on RFID usage, which is planned to be issued by the end of 2007. The work of the group will then broaden its scope and deal with the move towards the "Internet of Things". Giving every day objects a representation on the Internet and building "smart" environments that react to the presence or movements of people and things have been subjects of research in the last years. Ambient Intelligence, Ubiquitous Computing, Pervasive Computing and Smart Objects are keywords for the research specialists that often name Mark Weiser's article "The Computer for the 21st Century" as the starting point for these ideas. Privacy, environmental issues and the dangers stemming from the accumulation of electromagnetic fields will certainly be among the issues that have to be discussed with regards to this topic. As a member of the RFID Expert Group, EDRi will promote the implementation of privacy-friendly technologies and stress that the reliable protection of privacy and personal data is a key issue for the acceptance of this technology. Mark Weiser already wrote back in 1991 with regards to Ubiquitous Computing: "If designed into systems from the outset, these techniques can ensure that private data does not become public. A well-implemented version of ubiquitous computing could even afford better privacy protection than exists today." Sixteen years later this statement must still remain the guideline for RFID applications. Key technologies that are said to have the potential to become a new motor of growth and jobs need to be concordant with and to protect the societal standards of the society. In times of mandatory data retention, as communication traffic data has to be stored for up to two years, it is important to ensure that only an absolute minimum of data which can be linked to a certain personis stored. Otherwise any movement in an RFID-enabled "smart" environment could feed into a behaviour-profile of a potential future surveillance society. The RFID Expert Group will make it their mission to discuss these and related issues and to work out possible solutions and necessary regulatory measures over the next two years; EDRi will contribute to this mission. EDRI-gram: EU study on RFID tags shows major privacy concerns (25.10.2006) http://www.edri.org/edrigram/number4.20/rfid EDRI-gram: Stakeholder group to advise on EU RFID strategy (28.03.2007) http://www.edri.org/edrigram/number5.6/eu-rfid-strategy Results of the Public Online Consultation on Future RFID policy - "The RFID Revolution: Your voice on the Challenges, Opportunities and Threats" http://ec.europa.eu/information_society/policy/rfid/doc/rfidswp_en.pdf Radio Frequency Identification (RFID) in Europe: steps towards a policy framework http://ec.europa.eu/information_society/policy/rfid/doc/rfid_en.pdf Mark Weiser, The Computer for the 21st Century, Scientific American Feb.,1991 http://www.ubiq.com/hypertext/weiser/SciAmDraft3.html (contribution by EDRI-member Andreas Krisch) ============================================================ 3. The European Parliament voted for stronger data protection ============================================================ On 21 May 2007, the European Parliament (EP) voted for the reinstallation of the data protection principles in the legislation that allows the police forces in Europe to share data. The European Council, which is the one deciding in police and judicial matters, had formally asked the EP for its opinion on this issue as, lately, concern has been expressed on the lack of proper protection of personal data processed in the framework of police and judicial co-operation in criminal matters. Such a concern has been expressed also by the European Data Protection Supervisor (EDPS), Peter Hustinx who, at the end of May, advised the Council against adopting the Commission's new Council Framework Decision proposal as he considered the proposal did not provide appropriate data protection. The MEPs, consulted by the German Presidency, voted in favour of amendments that would provide stronger data protection. The German Presidency proposed that the legislation should only apply to data shared between European police forces and not to data held by national police forces and the decision of whether it should be applied nationally will be discussed in three years time by EC. The proposal is that the police should not send data to other forces that do not have a proper level of data protection in place. The EP has reinstated an amendment that would prevent the police from sending data to third countries that don't have adequate data protection. If the amendment is voted by the Council, a national harmonisation of police data protection rules might be forced especially to strengthen the Europe's co-operation to face US data snooping programmes like PNR and Swift. Germany's action might also allow new EP amendments that deal with the other concerns expressed by EDPS last month, to be accepted by the Council at its meeting this month. Hopefully the European Council will take into consideration the MEPs' vote and will take decisions to allow data sharing between police forces in Europe only with the respect of civil liberties. Europe votes to restrict police data sharing (23.05.2007) http://www.theregister.co.uk/2007/05/23/europarl_on_3rdpillar/ EDRI-gram: EDPS advises against new data protection framework decision (9.05.2007) http://www.edri.org/edrigram/number5.9/edps-framework-decision ============================================================ 4. IPRED2 on the DROIPEN table ============================================================ The Second Intellectual Property Rights Enforcement Directive (IPRED2) is now going through the Justice and Home Affairs route. On 4 June, it passed it's first port of call at the Council's Working Group on Substantive Criminal Law (DROIPEN) - the first step on the road to the decision of EU's Council of Ministers. DROIPEN's job is to prepare the Council's first reading on the directive. The national government representatives might come up with a proposal that all Member States agree on, or else they will identify issues that the Ministers of Justice will have to vote on. According to information kindly shared by some Member States representatives following DROIPEN's work, the state of play in general is as follows. Many delegations feel they need more information in order to prepare this legislation properly. There is a general reluctance towards this directive because of the competence issue, so the Council wants to wait for the ECJ ship pollution verdict before moving on. Some delegations have expressed views the directive is the wrong tool to solve the problem and they don't see criminal sanctions as a way forward. Further, since criminal sanctions are already in place in many countries there is no need to rush. Still time should be used to prepare negotiations, but for now, the only thing that could be said to have been decided is not to take any action in any direction. It is now up to the Portuguese Presidency to negotiate what to do next. One question on the table is if DROIPEN should approach the Article 36 Committee (CATS) to have an expert opinion on some issues before involving COREPER 2 (Committee of the Permanent Representatives). The general forecast is that there will be no Council decision before late fall, and it is likely that issues not resolved in COREPER2 will end up in JHA Council votes with a North-South dividing outcome. Meanwhile, outside of Brussels, Member States are working to prepare their positions on IPRED2. The United Kingdom's Intellectual Property Office (IPO) is currently collecting comments from British citizens and companies on the directive. A comprehensive policy paper was submitted by a coalition from FFII/EFF/EBLIDA/BEUC to the UK IPO. The policy is available to be passed on to the Justice Ministry in your own country. For general interest AIPPI has already in 2002 compiled information on criminal law sanctions with regard to the infringement of intellectual property rights. This might give you a starting point in addressing the issue at the national level or comparing the situation with other relevant countries from Europe. Movement on IPRED2 in Brussels and Beyond (4.06.2007) http://www.copycrime.eu/blog/movement-ipred2-brussels-and-beyond Backroom Changes May Be Coming for IPRED2 (16.05.2007) http://www.copycrime.eu/blog/backroom-changes-may-be-coming-ipred2 FFII/EFF/EBLIDA/BEUC coalition report on the proposal as amended in Strasbourg by the European Parliament at its first reading on Wednesday, 25 April, 2007 (25.04.2007) http://action.ffii.org/ipred2/Report_on_EP_vote EDRI-gram: IPRED2 voted in first reading by the European Parliament (25.04.2007) http://www.edri.org/edrigram/number5.8/ipred2 AIPPI report: "Question Q169 - Criminal law sanctions with regard to the infringement of intellectual property rights" http://www.aippi.org/reports/q169/gr_q169_index.htm (Thanks to Erik Josefsson - Electronic Frontier Foundation) ============================================================ 5. The French Ministry of Interior has a new interception platform ============================================================ On 2 May 2007 a new technical platform for the interception of traffic data in all types of communication systems was discretly put into operation by the French Ministry of Interior, covering communication data related to text messages, mobile or Internet. The security services are now in the position of knowing who has contacted whom, when and where and, by a simple click, they can obtain from the telephone operators the list of all calls from and to a subscriber. They can obtain the subscription documents of the respective person with address and bank information and can also require all the Internet sites or forum addresses the respective person has accessed. The authorised services may require such kind of information from Uclat (Coordination unit of the anti-terror fight) that manages the technical centre located in the new headquarters of the security services of the national police of Levallois-Perret (Hauts-de-Seine), under the supervision of IGPN (The General Inspection of the National Police). This comes as a direct result of the Sarkozy law adopted on 23 January 2006 in an emergency procedure, to prevent terrorist acts, after being found constitutional by the French Constitutional Council. The text of the law states that Internet Service Providers, Internet cafes, hosting providers and operators must communicate the traffic data, called numbers, IP addresses to specialised services in case of investigations related to suspect terrorist activities. The law has created serious concerns to the public freedom advocates as well as to the magistrates as the procedure doesn't need the involvement of judges and ignores guarantees related to public freedoms. Since the entering into operation of the new technical platform on 2 May, the centre has already dealt with 300 requests per week made mostly by DST (Direction de la surveillance du territoire) and RG (Renseignement Generaux). According to an estimation, the platform should be able to address about 20 000 requests per year. The French justice system is, in its turn, creating its own national platform that will be finalised by the end of 2008 - beginning of 2009 to intercept SMSs and record phonecalls, not only for terrorism cases. Although France is not in the worst position in Europe as concerning data interceptions being surpassed by Italy, the Netherlands or Germany, the tendency is obviously towards an increase of the control by the authorities. The anti-terrorism spies mails and text messages as well (only in French, 28.05.2007) http://www.lefigaro.fr/france/20070528.WWW000000165_lantiterrorisme_espionn… EDRI-gram: IRIS protest against delay French government (20.10.2004) http://www.edri.org/edrigram/number2.20/IRIS EDRI-gram: France adopts anti-terrorism law (18.01.2006) http://www.edri.org/edrigram/number4.1/frenchlaw EDRI-gram: French anti-terrorism law not anti-constitutional (2.02.2006) http://www.edri.org/edrigram/number4.2/frenchlaw ============================================================ 6. Legislation banning "hacking tools" in Germany ============================================================ The laws on computer crimes have become stricter in Germany where the creation, use or distribution of so-called "hacking tools" have been banned. On 23 May 2007, the Committee on Legal Affairs of the Bundestag (the lower chamber of Germany's Federal Parliament) approved a controversial government bill meant to improve criminal prosecution of computer crimes. The Criminal Code has been modified so as to make illegal for the unauthorized users to access secure data by bypassing the computer security protection system. The "deliberate acquisition of data by tapping into a non-public transmission of data or by way of reading radiation leaked by a data processing system" is now considered a crime. The German law defines hacking as penetrating a computer security system and gaining access to secure data, without necessarily stealing data and any individual or group that intentionally creates, spreads or purchases hacker tools designed for illegal purposes is considered an offender. Under the present Criminal Code, the offenders could face fines and up to 10 years imprisonment for major offences. These measures have been criticised being considered as counterproductive by several groups, including EDRI-member Chaos Computer Club, which drew the attention to the so-called "white hat" hackers who work for security companies. By this present legislation, these experts could be in the position of not being allowed to work with software developers in creating secure products. "It's a win-lose law in favour for the bad guys," wrote a hacker, known by the pseudonym van Hauser. Chaos Computer Club also expressed the concern that this legislation will allow the German Government to install spyware on suspected criminals' computers without their knowledge. The critics argue that the legislation does not make any difference between a password cracker and a password recovery tool for instance. "Forbidding this software is about as helpful as forbidding the sale and production of hammers because sometimes they also cause damage," said Chaos Computer Club spokesman Andy M|ller-Maguhn to Ars Technica who also stated that under the new law, the police will be able to more easily access information on suspects. Germany declares hacking tools 'verboten' (31.05.2007) http://www.out-law.com//default.aspx?page=8103 Green light for tightening of anti-hacker legislation (24.05.2007) http://www.heise.de/english/newsticker/news/90163 Germany leads the way with tough anti-hacking law (25.05.2007) http://www.computerworlduk.com/management/security/cybercrime/news/index.cf… ============================================================ 7. French State Council allows tracing P2P users ============================================================ The State Council of France validated on 23 May 2007 the automatic tracing of illegal downloading in P2P networks. This decision cancelled the 18th October 2005 CNIL (Commission nationale de l'informatique et des libertis) decision that rejected the introduction of surveillance devices proposed by Sacem and other 3 author and producer associations asking for the automatic tracing of infringements of the intellectual property code. The State Council believes that such devices are acceptable considering the extent of the piracy phenomenon in France. The number of downloaded files decreased by half in 2006 as compared to 2005 but according to GfK institute this is probably due to the evolution from a quantitative type of downloading to a qualitative one. GfK institute has also reached the conclusion that the illegal downloading in P2P networks have not caused the decrease in the sales of cultural products but actually "quite the contrary, downloading is really perceived by half of the Internet users as a promotion vector for artistes." The State Council's decision was to the liking of the associations the request of which was rejected by CNIL in 2005. SCPP (Sociiti civile des producteurs phonographiques), one of these associations, stated that CNIL's rejection of their request had "not allowed them to take measures to prevent and repress music piracy that were however taken by most states of the European Union". In their opinion "France is one of the countries where Internet piracy is the most developed and where, therefore, the legal music market develops more slowly". CNIL reaction to the State Council decision came after two days by stating that its intention is that of +ensuring a fair balance between the copyright protection and the protection of the right to private life of Internet users". CNIL also stated having already authorized Sell (Syndicat des iditeurs de logiciels de loisirs) to develop an automatic surveillance system for the downloading of video games in P2P networks. In comparison with the systems proposed by the music associations, this system was approved because it puts less burden on the ISPs and it involves "only the users that are responsible with the first sharing in a network of a work or having shared a not yet commercialized work". The surveillance devices are ready and a request of tenders has been launched. CNIL will meet the author associations among which Sacem and SCPP as well as ISPs and the discussions will last for several weeks.All parties have expressed their willingness to collaborate. Peer-to-peer: The State Council says yes to the pirate chase (only in French, 23.05.2007) http://www.zdnet.fr/actualites/internet/0,39020774,39369675,00.htm Surveillance of P2P networks: CNIL acknowledges the decision of the State Council (only in French, 25.05.2007) http://www.cnil.fr/index.php?id=2221&news[uid]=464&cHash=57a0f43bbe Peer-to-peer: half downloaded files less in 2006 (only in French, 18.01.2007) http://www.zdnet.fr/actualites/internet/0,39020774,39366341,00.htm Peer to peer : CNIL does not authorise the devices presented bu the author and music producer associations (only in French, 25.10.2005) http://www.cnil.fr/index.php?id=1881 ============================================================ 8. Slovenian intelligence agency scandal ============================================================ The Slovenian intelligence agency (SOVA) is monitoring telecommunications in the Balkans in cooperation with German BND (Bundesnachrichtendienst) and UK's MI5. Some believe that the recently disclosed secret location in the Slovenian capital could be a part of Echelon. The Slovenian intelligence agency is currently a part of a political scandal which has revealed some secret locations and methods that SOVA was using for intelligence purposes. Moreover, international credibility in SOVA and its agents is compromised, as the Slovenian press managed to obtain classified information regarding SOVA's secret financing, its company of straw and its international cooperation with other intelligence agencies. Most likely, the information leaked from the parliamentary committee for monitoring the secret services activtiy. The latest disclosure reveals SOVA's secret location for monitoring international telecommunications in Ljubljana near Telekom Slovenije (Slovenian Telco) and Siol (the major Slovenian ISP) headquarters, as well as near the Slovenian Internet Exchange (SIX) and Ljubljana Stock Exchange (LJSE) buildings. The Slovenian media is reporting that the above mentioned location was also used by German BND (Bundesnachrichtendienst) and UK's MI5, especially to monitor telecommunications in the Balkans. Miso Alkalaj, an IT expert from Jozef Stefan Institute said he would not be surprised if the location was a part of Echelon. An interesting fact is that residents of the block of flats where SOVA has its secret location, knew that conspiratorial activities were taking place there. Apart from that, elder residents are able to tell that the former communist intelligence agency used the same flat to wiretap telephone conversations. The other disclosure reveals that Slovenian intelligence agency SOVA established a webhosting company WEBS, which is presumably a company of straw that SOVA needed for its intelligence activities. Having in view the recent events regarding the Slovenian intelligence agency, it becomes interesting that SOVA's headquarters are located in Stegne, an industrial area of Ljubljana, where among others, Telekom Slovenije (Slovenian Telco) has its operational services. Intention or coincidence? Telekom Slovenije indirectly admits SOVA's wiretapping (only in Slovenian, 1.06.2007) http://dnevnik.si/novice/slovenija/249095/ Director of SOVA takes action after disclosure of wrath of foreign intelligence agencies (only in Slovenian, 30.05.2007) http://dnevnik.si/novice/slovenija/248654/ (Contribution by Aljaz Marn, EDRI-observer, Slovenia) ============================================================ 9. Italian Government criticized by the Free Software Association ============================================================ After filing a case to the Regional Administrative Tribunal of Lazio against the Italian Ministry of Work for launching a call for tenders where only Microsoft software was considered as eligible, Italian NGO Assoli (Associazione Software Libero) is criticizing again its Government. The problem arose when the Government - specifically the Ministry for University and Research, headed by Mr.Fabio Mussi (Left democrats) and the Ministry for Innovation in the Public Administration, headed by Mr. Luigi Nicolais (Left democrats) - announced an official agreement with Microsoft Italia whose main goals are "education/training, technology transfer and facilitation of research projects". AsSoLi publicly objected to the agreement by which Microsoft commits to invest only 737,000 euros - 0.0007% of the total turnover of the company for 2006, according to AsSoLi's calculations - in three years, to be subdivided among three research centres. Moreover, AsSoLi notices that, according to the agreement, the investment will not take the form of cash, but will rather be performed "through (the work of) third parties, on the basis of specific needs for hardware products, software, technical support services and training activities". On the other hand, continues AsSoLi, the agreement does not specify what would be the financial burden for the Italian Public Administration. In reaction to what it considered a waste of public money, AsSoLi officially committed to make available to the Italian Government, for a period of five years, training activities, training material, technological solutions and software, either directly or delegating Italian companies specialised in Free Software, for a value of about 10.000.000 euros per year - a total value of 50.000.000 euros. AsSoLi stresses the fact that their offer is absolutely serious. Moreover, AsSoLi conducted a study on the Microsoft Research Center located in Trento (Northern Italy). According to the study, Microsoft invested only 250.000 euros in research activities on their own products, with the Italian Public Administration paying more than 1.800.000 euros. The study was sent to hundreds of representatives of national and local institutions. AsSoLi also announced the forthcoming release of a second study, providing a more thorough assessment of the financial elements in the first analysis. The Italian Government, through its spokesman Mr. Alfonso Lelio, has recently answered AsSoLi's criticisms, stressing that the agreement with Microsoft does not mean that the Government is not interested in investing in Free Software, or is not already doing so, as the Government claims is the case with the latest budget law, where 10.000.000 euros for 2007-2009 are allocated to "Information Society" projects, with an explicit priority to those that "develop or use" Free Software. AsSoLi - Associazione Software Libero http://www.softwarelibero.it/ EDRI-Gram 5.72, "Free software needs to be considered in Italian public acquisitions" (12.04.2007) http://www.edri.org/edrigram/number5.7/free-software-italy AsSoLi offers EUR 10,000,000 to the Italian Government (Italian only, 8.05.2007) http://www.softwarelibero.org/lassociazione-il-software-libero-offre-50-000… Text of the proposed agreement with the Italian Government (Italian only, 8.05.2007) http://www.softwarelibero.org/progetti/proposta_governo Study by AsSoLi on the Microsoft Research Center in Trento (Italian only, 18.05.2007) http://softwarelibero.it/riflessione-politiche-innovazione-ict Answer of the Italian Government to AsSoLi's criticisms (Italian only, 29.05.2007) http://www.lastampa.it/_web/CMSTP/tmplrubriche/giornalisti/grubrica.asp?ID_… (contribution by Andrea Glorioso - Italian consultant on digital policies) ============================================================ 10. Launch of Creative Commons Switzerland ============================================================ On 26 May 2007 the Swiss version of Creative Commons licenses were launched in Zurich at a ceremony held as the finishing highlight of this year's Tweakfest, Switzerland's Festival for Media, Culture, and Digital Lifestyle. The launch was hosted by Digitale Allmend, a Swiss NGO focused on access to digital information and creativity. Openlaw and Digitale Allmend are co-leading the Swiss Creative Commons project in a joint effort. With Switzerland, the Creative Commons licenses are now offered in localized versions in a total of 37 countries around the world. John Buckman, Creative Commons board member and founder of magnatune.com, gave the keynote address, explaining how he developed his website as a successful example of a Creative Commons based business. There was live audio and visual performances by DJ Soult and VJ Set from Pixelpunx.ch who released a number of works under the new Swiss Creative Commons licenses that evening. Urs Gehrig from Openlaw explained the system: "The Creative Commons licensing system simplifies the exchange of cultural goods such as music, video, text and other creative media." "We see the porting of Creative Commons licences to Switzerland as an important step - firstly because the swiss cultural movement will be able to contribute a variety of interesting works to a global creative community and secondly in achieving a more balanced choice for creators when deciding how their works is distributed and accessible." was the declaration of Martin Feuz from Digitale Allmend. During the launch, Creative Commons Switzerland announced several upcoming projects that plan to use the Swiss Creative Commons licenses, including netlabels (starfrosch.ch, sonicsquirrel.net) two online cultural TV channels (kulturtv.ch and rebell.tv) or a video art website (lenarmy.ch). Creative Commons Switzerland http://www.creativecommons.ch/ Digitale Allmend - News and videos from CC Switzerland launch (only in German) http://blog.allmend.ch/ Openlaw http://www.openlaw.ch Tweakfest http://www.tweakfest.ch ============================================================ 11. Germany is preparing the G8 meeting by searching NGOs servers ============================================================ The German government decided to prepare the G8 meeting that will take place during 6-8 June in Heiligendamm, a Baltic seaside resort, by increasing the number of searches and seizures to NGOs and anti-globalization movements offices and servers. During the entire month of May the Federal Prosecutor gave order to the Police in Hamburg, Berlin and other states to search private homes, offices, libraries, social centres or other locations were there were located servers of the anti-globalisation opponents, without making any arrests. The searches and seizures were explained by the German authorities by the possibility to create a terrorist organization by the altermondialist German chapter of the association Attac, a group founded in France to campaign for a global tax on speculative capital movements to finance development aid. The association between terrorism and altermondialism was considered as "scandalous" by the co-president of the Attac France, Aurilie Trouvi, taking into consideration the objectives of the association: democratisation of the international institutions, fight against poverty or the preservation of the natural resources. She rhetorical asked: "Do freedom of expression and democracy stop were the interests of the richest eight countries begin?" Peter Wahl from Attac Germany has underlined the obvious political purpose of this operation: "to discredit the democratic actions that contest the G8 summit. It is an excessive measure that is incompatible with the rule of law." Another measure that the German Government took was the temporary suspension of the Schengen Agreement until 10 June. Every persons travelling to Germany until that date will have to pass the identity and security controls. The German authorities have also banned any demonstration near the resort where the G8 summit will take place. Searches against the alter movements on Germany (only in France, 17.05.2007) http://www.france.attac.org/spip.php?article7093 The police authority Rostock - not the demonstrators - are severely damaging the reputation of the Federal Republic of Germany (17.05.2007) http://www.statewatch.org/news/2007/may/germany-g8-protests.pdf Germany: Police raid G8 activists (5.2007) http://www.statewatch.org/news/2007/may/02germany-g8-raids.htm Despite Germany's Tight Controls, Violence (3.06.2007) http://www.ipsnews.net/news.asp?idnews=38015 ============================================================ 12. Agenda ============================================================ 8 May - 22 July 2007, Austria Annual decentralized community event around free software lectures, panel discussions, workshops, fairs and socialising http://www.linuxwochen.at 11-15 June 2007, Geneva, Switzerland Provisional Committee on Proposals Related to a WIPO Development Agenda: Fourth Session http://www.wipo.int/meetings/en/details.jsp?meeting_id=11927 11-12 June 2007, Strasbourg, France Council of Europe - Octopus Interface 2007 - Cooperation against Cybercrime http://www.coe.int/t/e/legal_affairs/legal_co-operation/combating_economic_… 12 June 2007, Berlin, Germany German Federal Commissioner for Data Protection and Freedom of Information - Symposium "Data Protection in Europe" http://www.bfdi.bund.de/cln_029/nn_533554/DE/Oeffentlichkeitsarbeit/Termine… 14 June 2007, Paris, France ENISA/EEMA European eIdentity conference - Next Generation Electronic Identity - eID beyond PKI http://enisa.europa.eu/pages/eID/eID_ws2007.htm 15-17 June 2007, Dubrovnik, Croatia Creative Commons iSummit 2007 http://wiki.icommons.org/index.php/ISummit_2007 17-22 June 2007 Seville, Spain 19th Annual FIRST Conference, "Private Lives and Corporate Risk" http://www.first.org/conference/2007/ 18-22 June 2007, Geneva, Switzerland Second Special Session of the Standing Committee on Copyright and Related Rights (SCCR) http://www.wipo.int/meetings/en/details.jsp?meeting_id=12744 28 June 2007, London, UK First London CC-Salon organized by Free Culture London and the Open Rights Group http://wiki.creativecommons.org/London_Salon 8-12 August 2007, near Berlin, Germany Chaos Communication Camp 2007 "In Fairy Dust We Trust!" http://events.ccc.de/camp/2007/ 5-11 September 2007 Ars Electronica Festival - Festival for Art, Technology and Society http://www.aec.at/en/festival2007/index.asp ============================================================ 13. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 25 members from 16 European countries. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[silk] World Cyberwar And the Inevitability of Radical Transparency
by Udhay Shankar N 06 Jul '18

06 Jul '18

I see nothing "inevitable" about this (see John Walker's take [2] for an opposing viewpoint), but I respect David's viewpoint, and obviously he's devoted a few decades to thinking about this. Udhay [1] http://www.fourmilab.ch/documents/digital-imprimatur/ __________________________________________________________ http://www.metroactive.com/features/transparent-society.html World Cyberwar And the Inevitability of Radical Transparency How WikiLeaks ignited the first international cyber war and how pro-business laws enacted to promote the growth of Silicon Valley's digital media and technology companies inadvertently nurtured transformation activists shaking up and toppling governments around the world. July 6, 2011 - by David Brin ARE WE heading into an era when light will shine upon everyone, even the mighty? Will the benefits of such an age outweigh the inevitable costs? Recent events that powerfully illustrate these trade-offs range from the WikiLeaks Affairbpublishing a quarter million documents purloined from the United States governmentbto the tech-empowered Arab Spring that followed to the battle being waged on our own streets between law enforcement agencies and citizens who record their activities. Perhaps I come to this topic pre-jaded. In The Transparent Society (1997), I forecast that traditional notions of secrecy would crumble in the early 21st century. For many reasonsbtechnical, social and politicalb"leaks" would grow into tsunamis that carve a radically different world. My 1989 novel Earth portrayed near-future events like massive dumps of military and diplomatic secrets that rattle governments powerless to keep up with amateur cunning and changing values. Prescience aside, this sea change will drive outcomes far more complex than outdated nostrums of left or right. Multiple trends seem to pull in opposing directions. For example, ever since 9/11 and the Patriot Act, many Americans have perceived us entering a nearly Orwellian era, in which the state probes, pokes and scrutinizes us from every angle, and allows corporationsbfrom banks to Google and Facebookbto do the same. Dana Priest and William Arkin, in the Washington Post, fret that we've become a "monitored nation" and world. "(T)he United States is assembling a vast domestic intelligence apparatus to collect information about Americans, using the FBI, local police, state homeland security offices and military criminal investigators. The system ... collects, stores and analyzes information about thousands of U.S. citizens and residents, many of whom have not been accused of any wrongdoing." Is China the future? American companies like Cisco are right now bidding to take part in a project to span the city of Chongqing with 500,000 cameras in an integrated surveillance system. Find that both impressive and chilling? Well, democratic Britain has an even larger camera network. In the future, what separates free and unfree nations won't be the presence of surveillance, but whether citizens are fully empowered to look back. Never before have so many people been empowered with practical tools of transparency. Beyond access to instantly searchable information from around the world, nearly all of us now carry in our pockets a device that can take still photographs and video, then transmit the images anywhere. Will the growing power of elites to peer down at usbsurveillancebultimately be trumped by a rapidly augmenting ability of citizens to look back at those in powerbor "sousveillance"? This issue is being wrangled right now, on our streets. Far more ominous than the WikiLeaks affair is a trend of police officers waging unofficial war against camera-toting citizens, arresting bystanders for digitally recording cops in action. Obsolete wire-tapping and privacy laws are contorted to justify seizure and destruction of recordings made even in public places. We can sympathize with officers doing a harsh, underappreciated job, resenting the addition of one more source of stressbrelentless scrutiny. I appreciate not only the skill and professionalism that helped reduce crime in the United States but also the daily fight for self-control that each officer must wage, under conditions that might send any of us into uncontrollable rage. We all carry hormonal and psychological baggage from the Stone Age ... and from 5,000 years of urban life, when the king's thugs never thought twice before pounding the heads of punks. But times and rules change. We're more demanding now. In fact, most officers are adapting well to our new standards, clenching their teeth and calling "sir" even the most outrageously abusive drunks. I'm proud to know some of these folks and I grasp their worry that some street-corner putz might record a momentary, but career threatening lapse. Yet, how can the assertion that cops deserve "privacy" stand up against our far greater need for accountability? Shall we surrender the only protection that citizens ever had against abusive powerbthe truth? We won't allow it. More to the point, technology won't allow it. For, like Moore's Law, the cameras get smaller, cheaper, more numerous and more mobile every year. When all of this equilibrates, juries, review boards and citizens will make allowances for good people, caught making rare mistakes. We'll have to, if we want our cities patrolled. Ironically, that broad perspective will only evolve once we're convinced we really are seeing it all. That our enhanced vision protects us. If the odds seem to favor citizen-power at street level, others want to apply principles of transparent accountabilitybor sousveillancebto higher echelons of power Clearly a panoply of transparency activists out there, including the folks behind WikiLeaks, think it possible to restore balance in favor of people, by applying copious amounts of light. And, just as clearly, those in high places wince at being scrutinized. (Human nature yet again.) For example, months ago, the U.S. Department of Justice launched a criminal probe of WikiLeaks. Did Julian Assange commit crimes by revealing those secret cables? Are the world's powers shaken to their core, withholding vengeance only because Assange holds "poison pill" revelations in reserve? We've seen a maelstrom of indignant fury with all sides claiming the moral high ground. Banks and credit companies that reject doing business with WikiLeaks have been punished by leaderless networks of online activistsbwho are in turn attacked by "patriotic hackers." Meanwhile, similar cycles of sabotage or theft, followed by retaliation, are seen when hackers from China or the former Soviet bloc invade Western computer systems, compromising either intellectual property or stores of personal identities, or destabilize systems like Facebook and Google that empower citizen movements in other countries. Accusations fly amid a growing cast of intermeshed characters. Is this the full-tilt outbreak of cyber war, with nations and corporations waging battle through deniable proxies? (Frederik Pohl forecast such a dismal cycle in his prophetic novel The Cool War.) We may yet miss the old days, when uniformed soldiers were accountable to national flags. Refocusing back on the WikiLeaks Affair, with every news organization re-publishing his info-spills, is Assange right to call himself a frontline journalist? Because someone else actually snooped the documents in question, and WikiLeaks merely passed them along, is Assange protected by Western constitutional traditions and free speech? David Brin THE MAN WITH THE POISON PILL: Are the world's powers shaken to their core because WikiLeaks' Julian Assange is holding some bigger revelations in reserve? Transparency Pays "Do not revile the king even in your thoughts, or curse the rich in your bedroom, because a bird in the sky may carry your words, and a bird on the wing may report what you say."bEcclesiastes 10:20 An overall trend toward greater openness will be essential to our survival as individuals, nations, and even as a species. We have bet our lives, and our children's, on the continued success of a civilization that provides our material needs better than any other. One that has inarguably fostered greater levels of lawful peacebboth per capita and for billions worldwidebthan any predecessor. It also engendered both social mobility and repudiation of prejudice to a degree thatbif woefully unfinishedbno prior society ever matched. Nor could any combination of others equal our rate of discovery and new learning. Even the way we are self-critical and unsatisfiedbangrily rejecting braggart paragraphs like the one above and focusing instead on further improvementsbeven that reflex is consistent with a civilization that has real potential. One that would have stunned our ancestors. Underlying all of this is the positive-sum notion that a competitive society doesn't have to be strewn with ruined losers. In some kinds of games, one player might win more than othersbe.g., getting richbbut the outcome leaves everybody way ahead, even the "defeated." That may sound absurdly sunny. Cheating abounds and capitalism always teeters toward the old pit of feudalism. Still, enlightenment civilization's major decision-making componentsb markets, democracy, science and justicebreally have delivered positive-sum outcomes a lot of the time. We are living proof. Here's the key point: All four of those human problem-solving arenasbmarkets, democracy, science and justicebflourish only in light, when all parties get to see. When darkness prevails, they wither and die. Specifically: Open markets depend on maximizing the number of knowing buyers, sellers and competitors. (Adam Smith despised the secret conniving of oligarchs and blamed thembnot socialistsbfor market failures.) Democracy only functions well when vigorously engaged in by knowing and curious citizens. Our third and fourth pillarsbscience and justicebcannot function in darkness at all. These four backbone components count on the same, core innovationbreciprocal accountabilitybto foster creative competition and to check our natural human penchant for cheating. If 4,000 years of history demonstrate one thing, it is that you will cheat, if there isn't plenty of light to stop you. Yes, I'm talking about you. And me. The obvious conclusion? Anyone who demands extended secrecy should face a burden of proof. (See Note 1 below) Now, let's be clear. The Enlightenment is about pragmatism, and no purist dogma is ever 100 percent right, even transparency. For example, one topic calling for negotiated compromise is personal privacy. And few claim that a military can function entirely in the open. Not yet, at least. (See Note 2) The WikiLeaks Case exposes several more areas where limits to transparency are open to intense debate. So here's the question: To what extent do governments have a need or right to keep secrets from citizens? And who should decide when government leaders have crossed the line? My answer is default openness, with a steadily rising burden of proof for institutional secrecyba pragmatic but unswerving movement toward a world of accountability and light. Nevertheless, it is a burden of proof that can be met! Not all secrecybeven government secrecybis automatically evil. WikiLeaks founder Julian Assange prescribes a different answer: zero tolerance. Immediate and radical transparency. Moreover, the decision to reveal government secrets can be made ad hoc and peremptorily by an individual. One who never voted for or againstbor paid taxes tobthe government in question. (See Note 3) David Brin THE WORLD IS WATCHING: The successful revolt in Tunisia was fueled by a protest movement that knew about the power of hand-held media, like cell phone cameras. The Trend Forward Of course, our Enlightenment experiment is about much more than markets, science, democracy and justice. These institutions fail without spirited citizen involvement. Laws against racism would be futile without the inner changes of heart that millions have performed, in two short generations. Deep underneath their bickering, republicans and democrats share a mental reflexbSuspicion of Authority (SOA)bthat goes back generations, differing mostly over which elite they see looming as a potential Big Brother, even while making excuses for the elites they prefer. In a sense we all want more transparency and light ... to shine on groups that we dislike. Do average citizens really matter? They may seem feeble compared to influential elites: power brokers of government, wealth, celebrity, criminality, corporations and academia. But this changes when individuals band together in new-style nongovernmental organizations on the front lines of the transparency fight. Take Peter Gabriel's Project Witness. PW buys up last year's video equipment, in cheap lots, then hands crateloads of cameras to activists, in places where fighting for democracy can take prodigious courage, spreading accountability at the local level where it affects lives, a few hundred at a time. Drawing attention to ten thousand small struggles, they show how a little added light can save or empower the next Nelson Mandela. (See www.Witness.org for details.) Some efforts that are rebelliously pro-freedom can't exactly be called "pro-transparency." A decade ago, the fad among hackers was encryptionbpromoting a quaint notion that the scales of justice can be balanced in all directions, if everyone were somehow kept blind to each others' identities. Some Assange allies, like Jacob Appelbaum, distribute a system called Tor that empowers dissidents living in oppressive states to communicate with messages that are cleverly enciphered and rerouted. While the cypherpunks' dream of crypto-empowered world paradise is impractical on many levels, it has proved useful to whistle blowers. See http://www.readersupportednews.org/off-site-news-section/368-wikileaks/4402… What these and other endeavors share is a pragmatic approach to spreading liberty and accountability. If all the world's people become habitual defenders of freedom and accountability in the local realms that affect them most, where individual action can be effective, then, as Alexis de Toqueville showed two centuries ago, those habits will propel us along the spectrum of progress, whatever happens on the Olympian heights of pompous presidents and tycoons. Indeed, steps toward new-era transparency are even taking place at the highest levels. The Obama administration claims to have cut away at the Everest-high pile of classified documents left by its predecessors and to have tightened rules for who can declare something secret, and when. Meanwhile, even in Switzerland, Alpine haven for elite confidentiality, changes may be afoot. A Swiss-based banking consortium has proposed new codes under which financiers' compensation packages should be more transparent to investors. Are these steps toward transparency sincere? Will they be enough, when people in developing nations demand a return of lucre stolen by their ex-dictators? See: http://www.smh.com.au/business/bank-body-urges-pay-shakeup-20101228-1999r.h… Leak to History We aren't the first generation in this struggle. Today's inventors of freedom-friendly toolsbfrom anonymizers and re-routers that evade censorship to sniffer-correlators that help average folk peer past elite veilsbseem blithely ignorant of just how old and difficult the problem has been. These self-styled paladins of a new era should recall that our principal weapon in defending freedom and hope predates the Internet by more than 200 years. It has roots in 18th-century pamphleteers, in the constitutional deliberations of Philadelphia and (yes) even in the old-fashioned nations that still make up the foundation of our Enlightenment. A foundation that some of the folks at WikiLeaksbin their righteous self-congratulationbtend to ignore, even though they count on it for their very lives. Indeed, what is the worldwide blog community, other than a vast expansion of the sensor web that we all had, in our tribes and villages of old, when gossip revealed even the peccadilloes of the chiefs? Notable among the tattles spilled by WikiLeaks were Sarah Palin's hacked email messages, a banned report on assassinations and torture enacted by Kenyan police, the confidential membership list of a British neo-fascist party and tens of thousands of classified documents related to the war in Afghanistan. A year ago, the website stirred up an international furor by publishing emails purportedly showing scientific collusion among global-warming experts. An aside. Was the last revelation an attempt to "spread the love" and prove non-leftist evenhandedness? Or a manifestation of Assange's eagerness to spill whatever would get him headlines? We may never know. But carelessness in that casebfailing to investigate his source or understand the contextbput in question Assange's long-standing claim to be a "journalist." Indeed, one major drawback of splurge-type leak sites is their susceptibility to be used as unwitting proxies in battles among hidden giants. WikiLeaks' first major media breakthrough came in April 2010. At a press conference in Washington, Assange unveiled a 2007 combat video from the view of an American Apache helicopter in Iraq, repeatedly opening fire on a group of people on the ground, including some in a van that approached and began helping the wounded. The soldiers' giggling, game-boy background commentary was deeply disturbing. But the event that catapulted WikiLeaks into the forefront of international attention, making Assange a 2010 finalist for Time magazine's "Person of the Year," was the page-by-page release of more than 250,000 State Department "cables" and other documents, allegedly swiped by a U.S. Army private, giving the world an unprecedented view of the chatter and candid views of American diplomats. When WikiLeaks tweeted that "The coming months will see a new world, where global history is redefined," we saw the extent of its preening confidence and pro-transparency ambition. Nor were U.S. government secrets to be anything more than an appetizer. Promised soon? Tens of thousands of documents from a major U.S. banking firm, then material from pharmaceutical corporations, finance and energy companies. Again, the deep justification is undeniable. We'll soon face a rising flood of technological breakthroughs that could either benefit us all or else do jagged harm to humanity and the world. With hard decisions and tipping points coming ever-faster, we'll do betterband possibly even survivebif each crisis-choice is debated openly. (See Note 4) Essential precursors for WikiLeaks go way back. But for legal guidance, most observers have been zeroing in on the Pentagon Papers affair, when Daniel Ellsberg released documents showing how the U.S. government lied or manipulated perceptions during the Vietnam War. Assange is relying on precedents from that era to stay free and in business. Unlike Britain, whose Official Secrets Act gives the state power to pre-censor journalists or penalize them for publishing forbidden information, the United States Government (USG) has less legal standing to go after leakers. Even the 1917 Espionage Act, passed in a xenophobic rush during World War I, only decrees punishment for unauthorized possession of national defense information if it is thereupon given to "any person not entitled to receive it," and if the provider has reason to believe it "could be used to the injury of the United States or to the advantage of any foreign nation." As interpreted by courts during the Pentagon Papers era, this law leaves a pretty generous out for journalists who passively receive such secrets and then publish them. The government bears an appropriately steep burden of proof to show not only that there was substantial "injury" or foreign "advantage," but that the journalist also had strong reason to expect this. Note that this is a separate matter from prosecuting the individual who gathered and leaked the information, in the first place. Any person who either invaded a USG database to access files or who violated a position of trust in order to remove them, has broken a number of other laws, for which penalties can be severe. In the current case, U.S. Army Private Bradley Manning awaits court martial for swiping the State Department and Pentagon files that made Assange an international figure. Although somebe.g., Berkeley city councilmembersbhave called Manning a hero and a martyr, few expect Manning to evade punishment. Assange is another matter. The gaps that currently make it hard to prosecute him include provisions under Section 230 of the 1996 Communications Decency Act that offer a safe harbor for online "middle parties," protecting them from liability for passing along most kinds of material they receive from an initial content provider. In fact, current law cuts both ways. The same regulations also protect those companies who have acted to cut off, or hem-in, WikiLeaks. As Nancy Scola put it, on the Personal Democracy Forum: "Section 230 is one of the fundamental reason why the United States is a friendlier nation to the Internet and to building Internet businesses than so many others are. But the flip side of 230 is that companies are also given protections for taking down from their services content that they find objectionable. And when it comes to Wikileaks, we're arguably seeing companies that have been given so much freedom by Section 230 running and hiding behind its protections when the heat is on." Initially, the Pentagon acknowledged that no person or vital national interest appeared to have been harmed by WikiLeaks. This reassurance came into question in December with a W-leaked list of overseas sites potentially both vulnerable to terrorist attack and of critical importance to the United States. This seems to undermine any claim that the documents were vetted to reduce potential for harm. Yet, this affair is rich in irony. For example, is it totally coincidence that the recent Arab Spring movement spread across North Africa and the Middle East just after WikiLeaks spilled all those State Department cables? Confidential memos that revealed how deeply our foreign service officers and diplomats despised the dictators they had to deal with? One net effect was to mute any anti-American theme among the young democracy activists. Geopolitically, this unintended result may outweigh all the harm that Assange thought he was doing to the U.S. government! We need to remember the big picture: that if doses of transparency are sometimes discomfiting or inconvenient to the leaders and agencies of a clumsy-but-well-meaning democracy, those same doses are often downright lethal to our enemiesbelites of criminality or fanaticism or obstinate despotism. Ultimately, if we are led by smart people, they should see that the historical role of the United Statesband its best interestsbwill be served by adapting quickly to a worldwide secular trend toward more light. In fact, abetting this trend should be a central strategic goal for America and its allies, since this trend leads to victory for our type of civilization. Geeks Strike Back What about all that talk of "cyber-war"? The cyber-activist community lined up en masse to defend Julian Assange. For example, Anonymous, a leaderless group of activist hackers, has avowed credit for denial of service attacks on Mastercard, in revenge for that company cutting off payment flows to WikiLeaks. Attacks have also targeted PayPal, Amazon, VISA and other companies. When Post-Finance, the Swiss national postal bank, froze Assange's account because he falsely claimed local residency on his deposit forms, this drew vigorous assaults by hacker activists, or hacktivists. (Hypocrisy alert: When has such a lapse ever before bothered Swiss bankers?) "Corrutpt governments of the world," began a recent message on the Anonymous group's YouTube site. "To move to censor content on the Internet based on your own prejudice is, at best, laughably impossible, at worst, morally reprehensible." In a few short weeks, simply by appealing for volunteers, the Anonymous group recruited more than 9,000 computer owners in the United States and 3,000 in Britain to download the software to incorporate their machines into the network that attacks WikiLeaks' enemies. See http://www.guardian.co.uk/media/2010/dec/11/wikileaks-backlash-cyber-war Via a supportive online "tweet," Electronic Frontier Foundation co-founder John Perry Barlow told the Anonymous hackers, "The first serious info war is now engaged. The field of battle is WikiLeaks. You are the troops." See http://articles.latimes.com/2010/dec/10/business/la-fi-cyber-disobedience-2… http://articles.latimes.com/2010/dec/10/business/la-fi-cyber-disobedience-2… Resistance Is Feudal In The Transparent Society, I profiled members of this loose international community, whose mixture of brilliant skill, individualism and light-weight transcendentalism seems to hark back at least to the Freemasons, or perhaps the Jesuits, if there is any useful precedent at all. Evidently, they are the purest products of a Western Enlightenment that they alternately revere and spurn with dripping contempt. A force to be collectively reckoned with, they also tend toward utter confidence in their superior spycraft, as well as blithe assurance that history is on their side. However, there are drawbacks to the notion of cyberpunks as combatants. Their proposed "army" combines all the worst traits of a militant underground and a chaotic schoolyard. The Anonymous network, for example, operates as a collective in which control devolves to whichever members just happen to be signed in, at any particular moment. At present, that model works, because the tasks are simplebto shuttle some encrypted files around, to share and coordinate some hack-attack programs among a few thousand volunteers ... or perhaps a few tens of thousands of bystanders who have inadvertently let themselves be hijacked in a botnet. Fine, so far. But this model will break down when it is discovered that the National Security Agencybthrough several hundred feigned identitiesbcan sign in and simply vote itself control, whenever it so chooses. Or take the pathetic case of Bradley Manning, the bored, low-level nerd-in-uniform who let his daydreaming ennui get the best of him in dusty Iraq. When Manning impulsively decided to copy those documents off SIPRNet, he took all sorts of precautions to keep the theft from being noticed and to encrypt the documents' transmission to WikiLeaks. Then he bragged about it to a supposedly trustworthy hacker confidante, who promptly sold him out. There is an endearing air of naivete in all the bellicose "war" talk, coming from hacker-nerds whose principal experience with combat is World of Warcraft. Few have studied the history of revolutionary movements and methods in detail, the ancient techniques used by rebels and secret police in deadly cat-and-mouse games stretching back from the KGB and Gestapo, through czarist Russia, Ching and Tang China, Babylon and across 4,000 years of recorded history. Like bribery, blackmail, co-opting, threats to loved-ones ... and quiet disappearance. Few of these age-old methods will be inconvenienced by geeky methods like cryptography. If things truly were as dire as some hackers romantically claim, if our civilization is already like those other despotisms and if these would-be freedom fighters really are our last-best hopebthen one can wish they would preen less and study-up history more. For all our sakes. Sensible Steps Ultimately though, even the WikiLeaks model is untenable. For all of the hacker chic, such quasi-institutions are lead by a few identifiable people. If the cyber-mythos is correct, it represents at-best an intermediate phase on our path to a universally empowered, all-knowing citizenry. A path better served by pragmatic, incrementalist reformers. Take an endeavor loosely led by Peter Sunde, one of the founders of the anti-copyright Pirate Bay website. Techie activists hope to construct an alternative, decentralized, peer-to-peer (P2P) system that would continue to use today's Internet infrastructure but bypass the internet "phone book" maintained by the Internet Corporation for Assigned Names and Numbers. As the only semblance of an Internet governing body, ICANN has one slim authoritybover the 286 "dot" domains (.com, .net etc.), but even that narrow power offends the anti-authority spirit of young netizen anarchists like Sunde. (See Note 5) If their plan works, according to Paul Marks of The New Scientist, "a sort of shadow Internet could form, one in which legal action against counterfeiters and copyright scofflaws would be nearly impossible." Some other options are already simmering, and these seem even harder to prevent, at least in a minimally free society. For example, if the forces of net neutrality lose every coming regulatory and legislative fight, leaving both the old web and "Internet 2" firmly in the grasp of major corporate and state interests, this will only propel alternative, peer-to-peer systems to abandon standard pipes and fiber, taking flight to rooftop transceivers and nodes that are completely citizen-owned or which use cell phone networks. And if every advanced nation bans such P2P systems? Then they will flourish in the developing world, giving those rising countries a competitive advantage. These are a few samples of the innovations that loom on the horizon. In them we see, distilled, a core difference between two kinds of transparency activists: pragmatic techno-incrementalists and the hacker-idealists. One hacktivist told me: "Governments and corporatists can plug every hole, but new leaks will pop open. Information wants to be free, and nothing will avail the federal mastodons and company sloths, or prevent new hemorrhages till they bleed to death." To net-mystics, that is more than just an assertion, to be tested by unfolding events, but a catechism of faith, like in old-timey religions, or the communist teleology that few of them have read. We transparency pragmatists know better. History shows that light can fail. It has failed, far more often than not. Ask Pericles. Ask the Gracchi, the Florentines and the Weimar liberals. For light and openness to cleanse this civilization and make it succeed, we'll need practical innovations and negotiated compromises, sometimes taking one step sideways, or even backward, for every three steps forward. It may be polemically unsatisfying to purists, but the general, overall, forward trend is worth fighting for. Even compromising for. How were racism and sexism reduced and driven largely into ill-repute, during our lifetimes? Partly through the self-reforming of millions of individual hearts ... but also through new laws, passed by growing citizen consensus, utilizing those enlightenment processes of science, justice and democratic government. And to whatever extent humanity is now finally heeding our duty as planetary managers, don't we owe a lot to government-funded research and wave after wave of environmental laws? More practically speaking, what chance will Project Witness, or Transparency International, or citizen camera-wielders, or the Chinese local democracy activists have, if the general background tone of international morality and law ceases to be led by Western Enlightenment nations? In part, the libretto sung by Assange and his supporters seems more libertarian than socialist ... or else perhaps its anti-government rhetoric harkens back to quaint traditions of anarcho-socialism. Either way, in their gleeful adoption of the wild and open Internet as a model for a low governance utopia, aren't they forgetting where the Internet came from? Or the full context of their struggle? Consider: These fellows are heroes only if you assume that freedom for individuals, accountability for the mighty, fair competition, steady progress, social mobility, flattened power hierarchies and honest-open discourse are all ultimately desirable things. I happen to agree. Only remember, these traits were never highly rated in most human societies, where obedience, ritual, type-purity and conformity were far more highly valuedband where "innovation" was often a dirty word. In other words, Assange, and the hacktivists and their supporters are only heroes under the light cast by a narrow, individualist culture that still has all the historicalbeven biologicalbodds stacked against it. Any other society would have, by now, simply taken their heads and been done with it. Raised by that same culture, I want Assange and his supporters to keep their heads! I want WikiLeaks ...or something better...or many better things ...to stay in business. Because the over-reaction that some of the hacktivists seem bent on provoking will do no good for the overall cause. The hope, expressed somewhat more aggressively by "Valkyrie Ice" in h+ Magazine, is that "It really doesn't matter whether Wikileaks is stopped or not. It's just the opening salvo in the final war between unaccountable elitism, and accountable equality, and there is only one real possible outcome, though there may be many partial victories for those who seek to remain unaccountable. It may take decades, but the future will belong to Transparency." See http://www.hplusmagazine.com/editors-blog/wikileaks-war-between-secrecy-and… I hope the optimists prove right. Nevertheless, look around the world today. The Enlightenment is still hard beset by forces that would undermine or ruin it, either from the outside or within. Forces bent on restoring those olderband possibly more inherently humanbways of operating. Need for Nations Here is where we pragmatist pushers-of-transparency differ from the romantics. Across the last 300 years, flags and nations and governments mattered. They have been clumsy, blunt instruments, but the nations that livedbeven crudelybby Enlightenment codes propelled a great experiment in human living that departed from the old ways. Furthermore, the nations that express general fealty to rights and accountability and justice and science are still "rebels" in a world where human nature keeps conspiring to drag us down again, into feudalism. We have to watch these public organs carefully. Our hired watchdogs can all-too easily become wolves. If you tell me that you want to spread transparency and accountability throughout all Western governments, I am with you! You say you want to change the Constitution? Well, we'd all love to see your plan. More generally, at this critical juncture in history, with existential threats looming on every horizonbalong with a glimmering promise that we may instead become a wise and decent star-traveling speciesbthe matter is more critical than ever. We cannot afford anymore the all-too-human tendency for leaders to decide our fate in secret. Not even "for our own good." Reciprocal Accountability remains our only real hope. And to whatever extent that WikiLeaks has helped push health-inducing transparency forward, I am guardedly grateful. While I find the whole event over-rated and a bit yawn-worthy, more a stunt than a model for truly sustainable openness, the effects ought to be salutary. But I have a larger goal that I hope you'll share: To achieve lasting victory for this new way of life. A way of life that may stymie, finally and forever, the old feudal temptations that have always erupted to quash freedom. A way of life that may take my sane, rich and happy grandchildrenband the sane/rich/happy grandchildren of today's poorest AIDS victim in Zimbabwebto the stars. Clearly, in order to get there, we will need a wide range of new toolsband some of the old ones, too. And that means Western governments will remain key instruments for quite some time. If watched, if fine-tuned and kept honest, they will continue to play a role as we cross the danger gap, ultimately reaching a place that is good and just and filled with light. Portions of this article were excerpted from a book in-progress. David Brin's bestselling novels, such as Earth and Kiln People, have been translated into more than 20 languages. The Postman was loosely Kevin Costnerized in 1998. The Transparent Society won the nonfiction Freedom of Speech Award of the American Library Association. His next novel, Existence, portrays the minefield of dangers ahead, and our potential to survive. NOTES #1 May I pause to lay down a couple of background fundamentals that should be obvious to anyone? Basics that ought to inform all of our arguments about transparency? * The greatest human talent is self-delusion. (Often propped-up by another, our penchant for self-righteousness.) Across recorded history, delusional leaders were responsible for countless horrific errors of statecraft, though it was common folk who suffered. Yet, ruling castes always made it their top priority to limit criticism, the only thing that might have corrected their mistakes. This dire contradiction propelled much of the tragedy of the last 4,000 years. (http://www.davidbrin.com/addiction.htm) * The one palliative that has ever been found to correct this human fault has been Reciprocal Accountability (RA). This entirely new invention of the Western Enlightenment is the key ingredient of Democracy, Markets, Science and egalitarian Justice. We may not, as individuals, be able to penetrate our own favorite delusions, but others will gladly point them out for us! And we happily return the favor, by pointing out our adversaries' mistakes. That is the simple basis of RA... and it can only happen in a general atmosphere of freedom. (See Note 4) It can only happen where most of the people know most of what is going on, most of the time. It's easy to see why Reciprocal Accountability took so long to emerge. (Though Pericles tried it, in Athens.) RA may help a society to thrive economically, to gain social mobility, liberty, fairness and the rapid advancement of knowledge. But it is also highly inconvenient to elites! In fact, it acts to separate the good of society from the good of the ruling caste. This will prove a critical distinction, as we dissect the WikiLeaks imbroglio. Reciprocal Accountability is the pragmatic reason for the First Amendment, entirely independent of morality and sacred "rights." Another way to put this is with an aphorism and acronym CITOKATE: Criticism Is the Only Known Antidote to Error. #2 This matter takes up several chapters of The Transparent Societyband soon I'll comment on something closely related: the Great Big TSA Mess. #3 This distinction is an important, if quirky one, in the light of basic justiceba topic about which Assange lectures us, incessantly. A democratically elected government can be viewed as the property of its voting, taxpaying citizens. It is the right and responsibility of those citizens to ensure that their government is suitably accountable and just. But, given that they own the government, what right does an outsider have to steal the property of that government and to diminish the government's value as a useful tool of that owner-citizenry? I do not have a pat answer to this quandary. Indeed, since Daniel Ellsberg was a citizen-owner, having voted and paid taxes, was he inherently more vested and rightful in diminishing the government's current stature, in an investment in its future improvement? I point it out because it reduces the issue to one of tort/harm. Assange argues that the only "other" that he has harmed is the separate entity of the U.S. government. But there is some level where the link between that institution and its owners cannot be ignored. It is relevant. In abstract, those United States citizens are the putative injured parties and Assange is answerable to them. He bears some burden of proving that he has not done them actionable harm. #4 Indeed, perhaps unintentionally, the late author of thriller novels, Michael Crichton, implicitly supported the argument for general transparency in an ironic way. Examining all of his plots, one finds a single common element that underlay every disastrous misapplication of technology that he railed against. A prevailing fetish for secrecy that insulated his villains from inspection, criticism, accountability or reproach. The often ridiculous errors made by those villains would not and could not have happened, if general transparency and light had prevailed. An interesting illustration from the world of fiction. #5 I wonder where Assange would stand, on this issue, if he had been born an aristocrat. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[Freedombox-discuss] Moxie Marlinspike talk: Changing Threats To Privacy: From TIA To Google
by Rob van der Hoeven 06 Jul '18

06 Jul '18

Came across a great talk by Moxie Marlinspike at Defcon 18. Changing Threats To Privacy: From TIA To Google download: https://media.defcon.org/dc-18/video/DEF%20CON%2018%20Hacking% 20Conference%20Presentation%20By%20-%20Moxie%20Marlinspike%20-% 20Changing%20Threats%20To%20Privacy%20From%20TIA%20to%20Google%20-% 20Video.m4v Enjoy, Rob. http://freedomboxblog.nl _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss(a)lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0