Anonymous a "stateless" terror organization?

According to the Wall Street Journal the NSA is seriously considering labeling Anonymous a stateless organization. The Atlantic has some good discussion about this topic as well. I think this is something we should all be seriously concerned about. This has the serious problem of becoming something beyond scope like the War on Drugs or the War on Terror. These both allow the US to pursue military objectives in countries across the world for various different reasons. The War on Drugs mostly impacts the US, Mexico and large chunk of South America while the War on Terror allows the US to do the same in the US, nearly all of the Middle East and parts of Asia such as Pakistan and Afghanistan.

Now the US government is afraid that Anonymous was going to eventually target the US electric grid. This seems out of the scope of Anonymous for a few reasons, one they outline as that people’s lives depend on the electric grid. Additionally, there’s serious problems since Anonymous is much more dispersed than some of the other organizations that the US has focused on it will be difficult to determine something that was actually caused by Anonymous or something that some one claims was conducted by Anonymous.

It is likely that someone could claim to be a part of Anonymous and that they did an attack against something as serious as an electric grid but it will be difficult to prove that they did. Especially when there is a great deal of IP spoofing (this is a way of making a computer think your IP address (where you are on the physical internet connection this comes from your internet service provider) is a different IP address) going on and people will claim to be part of a group when they aren’t.  I think that this will open a large can of worms.

Additionally, it brings up other concerns one that may impact me directly, will the NSA start looking at bloggers that are sympathetic to the ideas of Anonymous, using the web as a protest tool. If so then I’ve been overly sympathetic. That’s not all though, during the SOPA/PIPA protests Anonymous sent out tweets with links that turned people into Low Orbit Ion Cannon (a software program) that commits Distributed Denial of Service attacks (brings down a web page). Essentially, even without being a part of Anonymous you become part simply by clicking a link on Twitter.

Are these people now linked with Anonymous and liable for any action the group does? These are serious questions that really need to be addressed if an announcement is made that Anonymous is a “stateless” organization. This also makes it very important to understand what protesting on the internet is allowed and what is not allowed. Sure Anonymous does steal information, but the information they steal seems to be fairly unsecured and not encrypted. It’s time to have a real talk about all this means.

The Government Strikes Back

The internet had thought it won a great victory with the black out of some seriously major websites, however it was a short lived victory as the Fed and its allies the vicious RIAA and MPAA have regrouped and launched a stunning counter attack destroying a rebel outpost on Hoth… errr Actually, The US government has shut down MegaUpload.com and arrested several employees for copyright infringement. You may remember MegaUpload for recently being involved in a dispute with Universal over a YouTube video. Where Universal issued false DMCA take down notices which required YouTube to take down the video. However, this video wasn’t infringing and MegaUpload sued Universal for the false claims. The interesting thing about this video is that it’s about all the legal ways you can use MegaUpload. The video is essentially an attempt by the company to show that there are legitimate uses for their services which, I’m assuming, was an attempt to get them into the safe harbor provisions of the DMCA.

To me, this action really shows that the US government doesn’t need SOPA to pass for it to censor the internet. It already has the ability to do so. SOPA would just put a rubber stamp approval on the actions that the government is already taking. This should be a wake up call. Yes, we had one with the joke of hearings for SOPA previously, however this is a slap in the face of the internet. It’s basically saying, sure we heard you, but you know what? you don’t matter.

Sure it might not be as easy as it would have been with SOPA passing and it’s not breaking the internet the way that SOPA would, but it’s still happening. As much as I hate Maddox, he’s right in his post about SOPA. We really have been pretty complacent, myself included. Yes, I’ve written a bunch, signed petitions and emailed my senators and congressmen multiple times, but big deal. Right now this is a hot button topic, but this isn’t going to go away. No one spoke up about the NDAA because it didn’t impact your ability to read Reddit or surf wikipedia. That law is as bad or worse than SOPA depending on what you think of freedom and civil liberties.

When I got home last night and saw that MegaUpload had been shut down, I was miserable. It made me feel completely impotent. That I was unable to impact the way the US government acts in any meaningful way. At this point, I’m not really sure what to do about this. If any other government would be doing this the US would be up in arms (perhaps literally) and would put a stop to it. Our government is doing this in our name and it’s horribly depressing that I can’t do anything to stop it.

Maddox is right. SOPA only failed because we were paying attention and we were able to get the tech giants behind us on it. SOPA will rear its ugly head again and we might be sleeping. The empire has struck back and we need to decide what we are going to do about it. Are we going to get some ewoks and take it down or are we going to keep signing petitions?

Anonymous has decided to fight back and has launched a large number of attacks on internet websites. As citizens that are deeply concerned with the MegaUpload action we need to ask ourselves, is this an appropriate response? Is this a way of protesting and assembling in an online space? Should anonymous be locked up for doing this? I think that this is a type of protest. Anonymous is as frustrated as I am and have decided to do something in response. It’s obvious that they felt like this is a direct attack on the internet in response to the SOPA protests and the “abuse of power” the internet displayed in taking down websites to protest SOPA.

It also begs the question, what will these website attacks actually accomplish?

What are some of your thoughts on this?

Update 1: I just saw that some 9,000 Hackers have joined Anonymous

Update 2: Apparently Anonymous is using a link that directs users to a Low Orbit Ion Canon DDoS tool that uses the users computer to attack a website. This is an interesting tactic as it will make it very difficult for agents to determine who was malicious and those that were  ignorant of what they were doing. Thus making the tool a more effective protest tool. It will be interesting to see what the ramifications of this new tactic are. I think it will be used again in the future and will make it as “easy” as signing a petition to join a DDoS without having to do the hard work of setting up the LOIC on your computer. Interesting.

What is the right to assemble online?

Sorry for the long delay in posts. I’ve been a little busy and I’ve had some trouble coming up with topics as well. So, if there are any topics you’d like to see written about feel free to shoot me a message.

In the US we have an amendment to our constitution which ensures our right to assemble. This amendment is important because it allows us to protest governmental action and activities we do not like. We do not always like the way that this right is being expressed, such as the Westboro Baptist Church protesting fallen soldiers, gay suicides and a range of other things. It also protests our right to counter protest the WBC.

In the case of a protest over a company, it’s possible to protest in front of their headquarters or in front of individual branches such as Bank of America. In many ways these tactics are effective because it drives media attention do to it’s location. If someone is protesting a bank in small town America, such as my home town, Grove City, PA no one is going to care. You might get a piece written about it in the Allied but it’s unlikely to attract the attention of the Pittsburgh Post Gazette which is only 60 miles south. Even if some how it did make the news in Pittsburgh, it’s unlikely to remain in the news, which that’s something a protest in Pittsburgh would actually be able to do.

Why does this matter? Well, for a company like Amazon.com much of it’s physical locations are in small town America. They don’t have large presences in many major cities. How do you effectively protest a large internet based company? How do you protest a company when the people that want to do the protesting are scattered throughout the world?

In the past I’ve written about LulzSec and Anonymous, these groups still operate and have had some interesting ideas about how to protest. The first is what is called a Denial of Service (DoS) attack, where a company’s website is overwhelmed with requests for access to the site and it kills the server. This would be the physical equivalent of creating a lined of linked arms across the doorway to the company’s headquarters or branch. Typically, these sort of attacks don’t last very long because IT departments have become very good at finding the sources of these attacks and stopping them.

It is not possible to respond by moving across the street to continue protesting where people to see you. It is also not possible to post ads in the area as a form of protest. However, it is possible to buy ads on Google or other such sites that will display something if you type Bank of America, however, I’m not sure if this is effective or not.

Another type of protest employed is the internet petition. I’ve signed plenty of them, but it’s fairly obvious that these are as worth as much as the paper their printed on (which is to say none). These really just make you feel better, without much work.

At this point, I think that when it has come to massive protests online, Reddit has created the blueprint. Redditors have worked extremely hard to protest SOPA. This has included call your senator day, getting websites to agree to an internet blackout day, where sites will completely black out all content. This is a representation of the impact of censorship that SOPA will enact.

However, this type of protest isn’t really possible for all types of government or private business action. While the denial of service attacks aren’t very effective, they do raise awareness and have lead to other types of attacks, such as hacking and the release of data that users thought was secure. Despite the fact that it is theft of data, these actions have done more to change company behavior than any other type of internet based protests.

Is that the future of assembly online? I don’t know. It’s easy to block websites that act as a rallying point, so it will be important for people to actually meet to do their protesting as protesting on the internet doesn’t really have the same impact, unless something big gets leaked. We do need to define what is acceptable as a society for online protesting. DoS might be a way to allow protests.

Data protection, anonymity and copyright

I talk a great deal on this blog about data issues, privacy and ownership, anonymity and copyright, however is there a clear connection between them? Should we care about who has access to our data, who we are and control over our access to data?

I think that these issues are so connected that we need to do something about how they are managed at a federal level. Currently, it’s rather easy for governments to request data from internet sites. Some times they require warrants or court orders other times the companies simply hand over the data. Savvy users understand how their data is collected and used by companies. I’ll be the first to admit that I’m learning about this as I’m going. It’s not easy because some times it’s really inconvenient to really protect your data. The more sites that are connected together the more likely one of your accounts are to be hacked. Linking sites also creates other problems. Specifically Facebook and Google. Twitter isn’t as bad, but it easily could be.

Why are Facebook and Google bad though? First Facebook is the worst by far. Both Zuckerbergs have made statements proclaiming privacy a bad thing.We can see this erosion with the creation of Facebook’s OpenGraph and seamless information sharing. We’ve all see the increase in the amount of information that our friends are sharing. Such as Spotify and articles they’ve read. Which now no longer click through, but end up going to some app from that company. All of this information is being stored and sold to customers with your name on it. Effectively you’ve lost your ability to view websites freely without it being stored on multiple servers by multiple companies at the same time.
Google comes in a close second with their privacy problems. They aren’t any better with Google+ as they require names at this time. We also don’t know what Google does with the information that you give them when you link accounts together. By giving access to Google when you sign into another website Google is learning more about you which will likely be used to adjust your filter bubble.

Without anonymity or at least pseudonymity it’s significantly more difficult to control access to your data. Putting a buffer between you and the people that are interested in learning about you as a person can protect you from a lot of bad people. However, whenever there are discussions about anonymity or pseudonyms some one almost always makes the argument that it will increase the safety for child molesters or terrorists.

The Copyright industry is one of the most vocal advocates of this tactic. In fact, this is one of the arguments being used for SOPA. They argue that if you don’t have anything to hide then you have nothing to worry about. Well, I don’t buy that argument. People have privacy fences for a reason around their yard. Why not do the same thing for your data? Being anonymous doesn’t mean your bad, it just means your being safe.

Anonymity makes it more difficult for copyright holders to come after people who download movies without buying the movie. They want to know if your downloading it regardless of the fact that you might actually own the movie in some other physical medium and are using the digital copy as a back up. They also don’t really care if you go out and buy the movie after watching it. In fact the Swiss government came out and said that buying a movie or song after downloading is extremely common.

Based on these three points, I believe that everyone should be pushing leaders to increase the ability for users to be anonymous on the internet. This will protect users data from identity theft, allow users better control over their data and decrease the impact of the filter bubble. We must accept the fact that people may use the freedom in unethical ways. However, this doesn’t mean that it’s unethical for people to be anonymous online and doesn’t mean that they are unethical. It means that we need to define clear laws and procedures to deal with unethical or illegal activities in these systems. Without these guidelines we are likely to have no control over our data.

Pseudonymity and Anonymity

There are so many different things going on right now that I don’t even know where to start. There’s tons going on with patents, software patents and copyright, there’s been many things going on with internet freedom and Anonymity/Pseudonymity that I’m not sure where to even start. However, you have to start somewhere. So I’ll start with this: Randi Zuckerberg said pseudonyms should go away. What’s the big deal with that?

Well, Google and Facebook both require real names on their website. There are a few links that have commented on why this is a big deal. Tom from Myspace thinks it’s a bad idea, he has a friend that is an expert in social media privacy policies, Danah Boyd, and she claims that forcing real names is an abuse of power, Tech Dirt agrees withBoyd’s assessment indicating that there’s a great amount of danger in moving away from pseudonyms. The Atlantic also notes how different with normal speech tying all actions to a single person online has become.

One of the common reasons for banning pseudonyms, which Zuckerberg argues, is that it changes online behavior. It basically forces users to comply with offline social norms. Norms that the person may actually be attempting to escape for whatever reason. Boyd also argues that Google + originally had a cultural norm without “Real names.” She pulls in Lessig’s Code book that I’ve mentioned on here a few times to support her claim. It’s a really important point she’s making. Cultural norms are established by early adopters. The early adopters of Google + didn’t go with real names. They liked their nicknames.

While Zuckerberg claims that it’s the users fault and their pseudonyms that cause the problem, others claim that the person who owns the website needs to control this. Basically by creating cultural norms that prohibit the ability to be an asshole/troll online. So when my friend bpost over at KBMOD talks about avoiding feeding the trolls, he’s either reinforcing or preventing trolling behavior. A set stance by the moderators of KBMOD should be established to control trolling behavior.

De Spiegel notes that the actions of governments and corporations amount to a war on anonymity on the web.
Which has lead to the arrest of many members of Anonymous and other hacking groups like that. This war has a few benefits like the recent ring of 72 child pornographers that were caught. Unfortunately for most users the days of freedom to untag your photos may be passed. Researchers at Carnegie Mellon have developed off the shelf products to analysis people freely from pictures pulled from facebook. To me, this is really scary, as we have no control over the privacy settings of our friends. If I’m drinking a tasty beer in a picture it could have employment ramifications. Two years ago a teacher was fired for having pictures of beer while in Europe. This is one example there are many others. While, third parties will likely create applications to determine who is whom in a given facebook picture, Germany is suing facebook over their ability to do say, and are saying it’s illegal.

So, what’s all of this mean? There’s been a lot of people talking about this and why should people care? Well, personally I have made a choice to use my real name. Well, it’s still a nickname, but I made a choice to do that. However, since I was aware of the choice when I set my handle as my last name I am conscience of what I should and should not say on the public record online. The first three Google searches for “Kapsar” are for me. Sadly, none of them is for my blog. Thus my online activity easily follows me.

That being said, I fully support the right and the ability of people to use any different name or no name online. It’s the right thing to do morally, and for freedom of speech.

In my next post I’ll discuss some of the speech issues a little bit more. Many of the people I’ve linked too have commented on these issues as well.

EFF’s Tor challenge and Internet Freedom

First of all, no I didn’t participate in the Tor challenge. I don’t feel I can use my computer in this way while I’m doing a lot of work on it for school. However, I think the idea is excellent. I didn’t explain what TOR is did I? Well here’s the EFF website about Tor. TL;DR: basically it provides a way for You, to hide your actual IP address. You have to install a piece of software to access the network. Once you access the network you’re data will bounce around and come out an exit point, which is your “final” IP address. This final address will take the brunt of any legal or illegal activity being conducted on the TOR network. The EFF suggest that you do not run an exit relay out of your home and the Tor project has some recommendations on running an exit point. However, it should be safe to run a middle relay to allow traffic to flow through your home address. The data that flows between middle nodes is encrypted. See the picture below.

EFF representation of the Tor network: from Tor Project

Why is this technology important? This helps with freedom of speech. The US constitution allows free speech and this is an important tool in allowing freedom of speech. Of course like any proxy website, or VPN it can be used for other purposes, as can the ideas of free speech. We may not like what it is being used for, what is being said or why, but it’s still legal. One thing that is noted repeatedly on both the EFF and Tor page is the risk of DCMA take downs and law enforcement attention. Both of these have a chilling affect on freedom of speech.

It seems to me that copyright control and protection may seriously damage a project like this. If all the exit nodes are shut down because of copyright take down notices we lose a valuable tool in preserving our freedom of speech as well as an assumed right to use the internet in the way we feel is best.

Another concern I have about this technology is the obvious potential use by hackers. This tool is going to be used by hackers. It would be foolish for them not to. This of course puts this technology at odds with the wishes of the government to control copyright infringement and prevent hacking of businesses and government agencies. I seriously hope that the US government, and the EU, gives protection to the exit nodes from legal repercussions from hackers using these networks. Used in the right way Tor could be a modern Underground Railroad for dissenters in countries like Libya, Yemen, and Saudi Arabia.

LulzSec, Anonymous, ICE, FBI and users Part IV

Get caught up on this series Part I, Part II and Part III.

Well, it goes to show how quickly the internet works. LulzSec calls it quit, see NY Times article. However, in my opinion this doesn’t change a whole lot about what I said in my previous posts. There will be another group that decides to do the same sort of thing. I’m sure the individual members of LulzSec will be active with groups like Anonymous and perhaps join up with some other hacking group out there.

At any rate, it’s important to discuss the overall structure of the internet. While many users believe the internet should be free and anonymous and all those things. It’s starting to become apparent that this is not going to be the case. With major US ISPs deciding to go after pirating directly, it seems that deep packet analysis is going to be the way of the future. Wait, what is deep packet analysis? Well, when you send information across the internet it’s broken up into smaller pieces and sent to the end point through many different routes. This ensures that the data all makes it to the other side in the fastest manner possible. Initially, it was difficult to determine what this information was. Now there are many different suppliers that allow ISPs to figure out what these packets of data are. This gets to the root of the Net Neutrality debate. I haven’t talked about that yet, which I’ll do later this week I believe.

Anyway, since the ISPs know what you’re sending, you’re already less anonymous there. They know where you live, who you are and how you are paying your bills. They know a lot of other information about you too. Next, the EFF has shown that based on your browser and plugins that it is likely your browser configuration makes it unique like a finger print (article). On top of that you have a lot of  “Cookies” based on the websites you’ve visited. These are useful to you and to commercial websites. It stores personal information and allows you to get your recommended books list from Amazon. This means that over time, you’ve accumulated a great deal of identifying information on your computer that is accessible through your browser. Using your browser it is easy to identify you and your online habits. However, the EU just implemented a law about requiring consent for websites to use cookies (BBC article).

Sadly, these are not the only structures that we need to be aware of. Many companies like Google are required by the US government to have a backdoor for them to execute warrants and do general snooping of the email systems. I’m sure Facebook is also required to do this, but I haven’t directly heard this yet. This has caused at least one acknowledged case of hacking by a Chinese group on Google (article). With these backdoors there is only so much an individual user can do to protect themselves. In cases like this, the strongest password in the world wouldn’t have protected your emails.

Groups like Anonymous, LulzSec and Ninja Hackers are trying to increase the amount of freedom and anonymity users have on the internet. The Government and businesses are trying to decrease it. The US government does want to initiate a national level internet ID, which basically would tie all your information together. While easy for users, it could be very high risk for them as well. The difference in how these groups feel that the internet should be operating is the root cause of the “Softwar.”  This will not stop, and we, the users, will be stuck between these two sides, unless we force our government to decide one way or the other.

Additional Reading:
Lawrence Lessig Code 2.0. Many of the ideas I got for this post are discussed in this book, which I’m currently reading, you can download it for free legally here.