Privacy, Government, and Business

This week there were two big moments for privacy. First, was a ruling by a court that Apple had to unlock in some manner, call it decrypt or creating a backdoor into this specific phone. Second, was the fact that Apple, and now Google, has given the state a big middle finger saying “No!” These are important because of the gravity of both of these. The FBI is using “The All Writs Act” something from the 18th century and definitely not written to support dealing with difficult technological issues on technology that would appear to be magic to the author’s of the act. This is definitely stretching this law to its limits and likely beyond what is realistic, but it sets a precedence which is dangerous. The second part is important as both of these companies have been working with the government to provide data to them in the past.

While both of these companies are standing up to the government is great, it’s not enough. With a limited number of powerful players, it’s only a matter of time before they lose to the government or be threatened in some way that will require them to play ball with the government. On the other hand, smaller companies won’t have the money to fight the government, so even if you want to support a smaller company with privacy as its core values, there is no guarantee that they will be able to follow through. Furthermore, if the government forces the company to re-write its operating system, like Apple effectively has to do, the company might go bankrupt. With a precedence set by the Apple decision, a small phone company like Silent Circle and their Blackphone, would be forced to capitulate unless they were able to show that this was unduly burdensome.

The other issues with this case is that businesses are only fighting for what is “right” here because it will help them improve their bottom line. Of course, they are also fighting for their own personal privacy as an employee of the company and consumer of its products, but the goal is to improve profitability. Across the world it has been shown that privacy and protection from agencies like the NSA (US) and GCHQ (UK) is something that people are willing to pay for. Apple learned this from Blackberry during the Arab Spring – they emulated the encryption of the Blackberry Messenger with their iMessage application. This help transition some of the last hold-outs to Apple and eventually spurred other similar apps.

I believe it is likely that the Electric Frontier Foundation will be a strong advocate for Apple, so if you want to support Apple in their battle with the government I recommend donating to the EFF, especially if you don’t support Apple for its other business practices. I know I will.

New FCC Rules and competition

A friend retweeted the Tweet below today and it got me thinking about the broader context of the FCC rules that past last Thursday

Two things struck me about this tweet. First, it’s disappointing that the author doesn’t understand Title II better considering he co-founded the EFF. Second, that Title II as implemented was designed to do nothing about ISP competition. As I wrote on KBMOD this week, Net Neutrality has no provision for “Unbundling” which would promote competition amongst ISPs at the local level. Unbudling, according to Wikipedia, is a regulation that requires existing line owners (such as Comcast) to open up their lines to anyone that wants to sell cable, internet, or telephony access. Unbundling, under a much more restrictive Title II, is the only reason that AOL was successful as a business model. Since this provision of Title II was forborne, Title II will not, in fact, be for promoting competition in ISPs at all.

Instead, the FCC, at least in my opinion, looked at the Internet as a general purpose platform technology. They were looking to ensure competition ON the technology not between technology carriers. For example, the FCC wants to see as much competition as possible between companies like Netflix, Amazon Prime Video, Hulu, and Comcast’s Xfinity service. However, they want to make sure that Comcast cannot foreclose on the video delivery service by leveraging their existing monopoly in telecommunications. What that means is that Comcast could create rules or an environment where Netflix cannot compete and Comcast customers MUST use the Xfinity service because alternatives didn’t function well (Foreclosure is the thing that got Microsoft with Web browsers).

The FCC did enact a rule that will impact competition at the local level though. It’s a limited rule because it impacts only Tennessee and North Carolina. It is preempting state law by stating that it is legal for municipalities to develop their own broadband networks. Broadband build out is prohibitively expensive for an entrepreneur to set up a network, however if they had a backing of a municipality that is willing to share the risk and the reward, it might be possible for an entrepreneur to build out their own broadband network on a limited scale. Municipalities aren’t the ideal solution to this, it would be significantly more preferable if other businesses moved into areas and built new broadband networks, however unless they have a massive amount of money, like Google, it’s unlikely to happen. A bridge between is a public-private partnership where private enterprise, which has the telecommunications expertise, partners with a municipality, which has the demand and financial support, to build a network.

With the ruling on municipal broadband being so limited, it’s not going to make much of an initial impact, however it’s likely that other municipalities will try to jump on that bandwagon and overrule laws at the state level (as a note I’m not going to argue if this is something they have the authority to do, I’m just looking at the potential impact of the rule).

Phone Encryption

It’s been announced that both iOS and Android are going to have fully encryptable phones which will be a huge boon for our 4th amendment rights. As well as to protect us from more mundane things like theft or simply losing your phone. Our phones these days contain as much or more personal information as our computers do these days. The average person doesn’t have any sort of two step authentication on their personal accounts on their phones. In most case people do have some sort of password protection to get into the phone, but once in it’s fairly easy to get into many applications.

For end users there’s nothing better than having a stronger security measures as in many cases companies poorly manage their security. This can be highlighted from the past week of exploits and those celebrity pictures. Encrypting phones might not prevented the celebrity leak, but in many cases it could. It’s believed that some of the hacks of Paris Hilton years ago came from hacking her phone through a BlueTooth connection, so a fully encrypted phone may have protected her from that hack.

All these things are good, however, the Washington Post has decided that this encryption is a risk to public safety because it will help criminals. This is the exact same argument that people make against BitCoin and full disk encryption. BitCoin ended up spawning SilkRoad, which has been shut down and it’s more likely that more crime is committed with dollars rather than Bitcoin. Full Disk Encryption has been used by both criminals and the more technical savvy. With the recent changes where the government can simply take your laptop at boarder crossings without any sort of warrant. Which means anyone at anytime that could have been flagged by the NSA could have their computer searched at will.

It’s more likely that encryption will protect an average person from an arbitrary search than protect a criminal. It’s likely that without everyone being encrypted, having your computer or phone encrypted would have been a huge red flag, however, with these recent changes that can’t happen. Meaning the average person will be safer as well as the fully legal with nothing to hide security conscious individuals.

The Washington Post, FBI, and other agencies are wrong. Fully encryption on our phones protects our privacy, improves our fourth amendment, and give us more control over our own devices. If the FBI and the US government is successful in creating a backdoor the encryption will be worthless and the put us more at risk as we’ll have a false sense of security.

Crowd Source Legislation

Crowd sourcing, is a name for a group of people taking part in something from all over the place. One of the first initiatives like this is open source software, a more recent version is Crowd source funding for businesses. These started as initiatives to give micro loans in Africa and other developing countries. More recently, websites like Kickstarter have allowed everyday people to help get new ventures starting (I plan on writing more about this later).

So what’s the deal with the legislation? Well, essentially, this is building upon the momentum Reddit and other websites generated during the SOPA/PIPA protests. Members have decided to create something like an internet bill of rights. The idea is the create a better balance between content holders, private companies, governments and users. In China there’s a great deal of censorship and Google and Twitter have both announced censorship based on the location of the user. This type of censorship would have killed the Arab spring before it happened.

OK? but that’s not going to effect me in the US. Well, we don’t know that. Yes, we have provisions against free speech, but that’s against governments censoring speech. It’s difficult to know what a private company will censor when this speech is in a quasipublic/private space. Facebook routinely censors groups and speech on their site. Additionally, look at what’s happening with MegaUpload.com and their users. There was legitimate use on the website and the Department of Justice doesn’t care. The EFF and the hosting company are working to find the legitimate data held on the site.

One of the goals of the act would be to reduce the ability of sites to censor speech. It’s clear that this is an important goal of the act. Additionally, there are programs, like TOR, that have been developed to allow people behind censorship to circumvent it (See my post about how TOR works). However, there could be penalties for people that use TOR in the US to help people circumvent the censorship. These types of ideas are what the goal of FIA is.

If you’re interested in taking your anger at SOPA/PIPA into a new direction and potentially become more involved in our government check it out here: http://www.reddit.com/r/fia/

But that’s US based stuff. Yes, sure it is. It seems like most of the users interested are from the US. Many of the users involved would like to see this become a treaty instead of just a law. In that case involvement from many different countries would be ideal and requested. Additionally, there is no reason why this type of legislation should be restricted to the US. These ideas are universal.

SOPA hearing today

For all of those interested in protecting the Internet today is the last day to try to prevent congress from passing SOPA. This law, would censor the internet. There have been a lot of people talking about this law on both sides of the argument. Chris Dodd president of the RIAA is pushing heavily for this law. He argues that if China has the same ability to control content in China, then the US should have the exact same authority. In a previous blog I argue that this is the biggest killer to internet innovation. Effectively this would create a Great FireWall of the US.

Opponents of the law have started a censorship the internet campaign. I tweeted one of these yesterday. Effectively it blocked out parts of your writing in simulation of the final impact of the law. In addition to these campaigns a few other big hitters have come out against the law, including the Writers’ Guild of America. This group understands that copyright laws shouldn’t dictate the future of the internet and it’s openness. In addition yesterday the EFF posted an open letter from internet leaders arguing that SOPA would crush innovation. I strongly suggest reading this letter. It’s written by the people that created things like IPv6. These people know what they are talking about.

We users have had a blessing in disguise with the MegaUpload and Universal Music Company DMCA Take down issue. Effectively, they took down legal songs using a copyright provisions in addition to taking down videos ABOUT the discussion.

So what are some of the key problems with this bill? It requires DNS level blocking. Which could potentially break the internet. It takes down entire domains if there is a single alleged copyrighted material online. It can block payment to sites through requiring Master Card and Visa to shut down payment for the site. All of these have to happen within Five DAYS. Nothing gets done in five days in any business.

There are additional problems with these laws and our foreign policy. Recently Hilary Clinton gave an extensive speech on net freedom and how repressive regimes are censoring the internet and killing free speech. So, our international rhetoric is completely out of line with what we’re doing internally. Furthermore, this is going to create problems with the Organization for Economic Cooperation and Development (OECD) has decided to institute a policy framework which is effectively the opposite that everything SOPA stands for. Finally, this has a negative impact with the #NoDisconnect policy that the EU has recently pushed for.

If you want to keep up to date with the comments being discussed in the hearing today. Follow @EFFLive as they are tweeting comments from congressional leaders about the problems with this law. Additionally, please contact your congressional leaders today (scroll down to the bottom) about this issue.

Watch Live Stream Here: http://www.keepthewebopen.com/sopa

Additional Reading:
Internet Blacklist vs. Constitution – EFF
SOPA and Educators – EFF
Recent SOPA amendments – TechDirt
DC Decided to Regulate Hollywood to prevent innovation – TechDirt

Owning your data

Yesterday Facebook and the FTC came to an agreement on privacy settings. This will require Facebook to undergo privacy audits twice a year by a third party firm. In Europe Facebook users are already able to download their data as I mentioned in a previous post. I think we’re living in an age where users will need to be well educated on the impact of the privacy policies of websites on the users personal data. However, how can we do this? I personally never look at the privacy policy on a website. Why? Because I don’t really trust them. Effectively, just by going to the website I agree to these policies and effectively whatever is stated in the privacy information I’m bound to. However, I have to go to the website before I can read it, thus creating a catch-22.

If I did disagree with something written in the privacy policy, I’ve already agreed to accept their terms and if they said “we’re going to steal all your cookies and sell them for profit” and I object to that it’s too late. They already did it.

This puts us users in a bind. We enjoy the benefits of cookies. We don’t have to always remember our passwords, we automatically get logged into our favorite websites. Personal settings pop up as soon as we log in. There are plenty of benefits from using cookies. We lose all of these as soon as we use services like Incognito from Google Chrome. Some of my readers have commented that they have switched to using an Incognito window, but it’s much more of a pain to log into Facebook and they have actually started using the service less. In terms of Facebook to compensate I use TweetDeck which pulls my news feed from both twitter and Facebook. However, it doesn’t get everything including messages from friends, which is annoying, but not the end of the world.

To deal with these privacy issues, the EU is proposing a pan-European standard for privacy policies that a website has to get approved. Companies like Facebook are actively fighting against this rule. I think that this is a great step. I know a lot of people don’t like new government regulations. However, in this case the public is woefully uninformed and find getting informed on these topics cumbersome. A lot of money is being made off of people’s ignorance. Now, many people would say that’s their fault for not properly investigating this topic.

There are a few resources out there to help with getting a better understanding of how to protect yourself. The EFF has an entire section of their website devoted to privacy issues. The ACLU has a Technology and Liberty section which includes topics like privacy.

So why should we care about this? If you aren’t doing anything wrong you don’t have anything to worry about. I’m sorry, but this is a really naive way of looking at privacy issues. Some of you readers out there have fences in your back yard. Many of them are called privacy fences, if you aren’t doing anything wrong why do you have a fence? Others will have a safe to store valuables and important documents, why do you need a safe, if you aren’t doing anything wrong you shouldn’t need a safe.

Putting this into a physical context highlights the absurdity of the not doing anything wrong argument. It also highlights the differences between privacy in the physical world and in the digital world. It’s really easy to understand how to increase your privacy at home build a fence, better curtains better locks, bars on your windows etc.. Fixing privacy on your computer is much more difficult. Security experts have tried to make things as simple as possible by using names like Virus scanner, Firewall etc.  Most people don’t really know how to use these properly.

Adding a Firewall to your computer can make using it difficult and clunky. Services that you use frequently suddenly stop working correctly and it’s not always obvious why at first. There needs to be a movement within security companies to make everything as simple as possible for the broader population. There should be advanced settings for the people who really want to control their data. Basically we need the firewall to turn into a fence for most people but with settings to turn it into the Berlin Wall if an advanced user wants it.

All users need to understand the risks, just like they need to understand risks of burglary, they shouldn’t need to be a security expert though.

Other potential resources (I have no idea if they are any good, I just searched for privacy resources)
http://www.privacyresources.org/
http://epic.org/privacy/privacy_resources_faq.html
https://www.privacyinternational.org/article/ephr-privacy-resources