Rick Falkvinge

Prenumerera på innehåll Falkvinge on Liberty
Webbadress: https://falkvinge.net
Uppdaterad: 11 min 9 sek sedan

Right on the Money: Bitcoin hits $3,000, or 1000x my entry point six years ago

11 juni, 2017 - 20:17

Bitcoin: In 2011, I went all-in into bitcoin. As I described in a blog post at the time, I took all my savings and my entire credit line and put it into the fledgling currency, once I had realized its disruptiveness, and I did so at about $3 valuation (to simplify events a bit). People mocked me relentlessly.

I tend to be good at predicting events five years out that the large majority considers unforeseeable black swans. I’ve done so twice now for particular high-profile events: once when founding the Pirate Party – which was a “career ending decision” according to some colleagues, until I had succeeded wildly in what I had set out to do, sending people to the European Parliament on basically no budget using a novel set of leadership techniques. The other time was when I predicted the massive breakthrough of cryptocurrency in 2011, and said I predicted bitcoin to increase in value hundredfold-to-thousandfold over the next three to four years. (Do note that the actual breakthrough has not happened yet.)

Coindesk's price index broke $3,000 today, June 11 2017.

In both these cases, people basically said I was mad, even though I made no secret of going all-in into bitcoin — I’m not the “haha, I got rich five years ago with my secret method” type of person. Rather, I announced to the entire world that I was going all in, and being very specific about my reasons, giving anybody who wanted the ability to copy my actions. (A lot of people did; I get people coming up to me today saying I got them into bitcoin with these posts. Good for us, good for all of us.)

A key to these kinds of high-risk decisions, of course, is to trust your own intelligence and judgment when you know you’re going against the grain and against common wisdom. If you try to do something halfway, it’s the equivalent of taking the average between two sidewalks and walking in the middle of the road. I quickly lost count of how many times various well-meaning people told me to “sell and collect profits and come out ahead” – but that simply wasn’t the analysis I had made. Most people didn’t even try to be well-meaning, but instead had fun at and mocked my decision to go all-in outright.

To illustrate this, this is the highest-voted comment — not a random comment, but the highest-voted comment — from the Reddit thread six years ago when I announced I was going all in. Particularly note that this is a comment made by, and voted to the top, by bitcoin enthusiasts.

“I can’t even begin to comprehend the depths of the stupidity of that kind of reasoning”. To be fair to the commenter, it took a little over five years to get there, and not my estimated three to four years.

It’s quite funny in hindsight, actually, that even the people who were most devoted to the technology expressed themselves like this at the time.

In any case, as a followup to the original post, I just wanted to highlight that it reached the target I predicted. I was, as people say, right on the money.

Or maybe I should say that bitcoin reached the first target I predicted. Today, I refrain from making predictions for bitcoin until scaling is properly resolved with good engineering, and the obstructing company Blockstream has been kicked out of the community; the currency really has no future until this event has taken place as Blockstream has negated all the utility I originally pointed out through insanely tone-deaf non-business, but cryptocurrency as a whole remains extremely disruptive, be it the first-mover variant (bitcoin) or a second-mover variant.

If you love Blockstream and/or Bitcoin Core, but started doing so after I went all-in, I would urge you to consider the rational possibility that my analysis holds water this time too.

(Oh, and the market cap total for cryptocurrency just hit a hundred billion US dollars. And it’s still just the beginning. When cryptocurrency is ready, it won’t make sense to measure it in US Dollars any longer.)

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

Why politicians don’t, and can’t, understand the Internet

7 juni, 2017 - 20:00

Politicians do not understand the Internet. It is not so much that the politicians in power today in their 60s weren’t born with it, even if that’s also true. It’s more that politicians as a profession are institutionally incapable of understanding it, just because it functions without – even despite – political interference.

Businesspeople are not much better in this regard. Where politicians understand power in terms of what they can regulate, businesspeople understand power in terms of ownership. But the Internet is neither; it cannot be owned nor regulated. As pointed out succinctly by Searls and Weinberger, the Internet is an agreement. It is a technical agreement between billions of people how to get a packet of data from point A to point B, where no point is worth more than any other.

In this, the Internet is best understood like a language, shared by billions. While there are certainly those who try to describe languages with authority, and publish dictionaries that some follow to the letter, at the end of the day, users of a language speak however they want, regardless of any attempts to correct them or make them do otherwise. In this, a language is an agreement between millions or billions of people, and no regulation is going to change the agreement; no governmental threat of force against any person or group of persons is going to change the meaning of a word, and no user of a language has more power over it than any other user, except by voluntary following from other users of the language, voluntary being the key word.

To understand how this contrasts utterly and completely with the worldview of a politician, we need to look at some specific present-day cases where they have been, and are, involved. Let’s take autonomous cars, autonomous delivery drones, and Hyperloop constructions.

In each of these cases, long-term planning is required to first relax the present regulations enough to allow for trials of autonomous vehicles (on road, in air, and on new rail), land zoning may be required for air and rail, investments must happen in cooperation with banking or rich companies, after which trials can proceed, and political committees can evaluate the results against some sort of safety criteria established by experts which is added to the value systems of the politicians in charge. Once the results are evaluated, the politicians may allow – allow! – mass market adoption of the new, disruptive technology. This is the worldview of a politician, this is how everything they know has come into being.

Now, compare this with the Internet, where no politicians at all were involved in its coming into being, with the possible exception of Al Gore. Politicians who are used to cooperating with state-owned, state-controlled, or at the very least state-subsidized media are finding themselves circumvented by something they didn’t allow, something that just emerged.

This is why I’m getting questions from most politicians, when I claim fiber is a necessity, why “this download speed is not enough”. For users of a language, it’s not enough to be able to listen; you must also be able to talk. One of the fantastic things about the Internet’s good connections is that download is on equal footing with upload — nobody’s a consumer, everybody’s an equal participant. Politicians absolutely do not get this, and therefore, good connections (where upload speed is equal to download speed) are still rare, even in 2017.

Everything exists only on the edges. There is no center point. There is no bottleneck. From a regulation standpoint, there is no chokepoint which can be regulated. “The Internet interprets censorship as [technical] damage to the network and routes around it.” In this context, “censorship” is any undesired regulation.

I could think of only one Internet regulation necessary at the moment, and that’s net neutrality. Still, even that is regulation only necessary to patch up previous bad regulation – a lack of competition in the telecommunications market – and one needs to be very careful to avoid so-called regulatory capture, where telco insiders take over the agency regulating them through a selection of means. (Wouldn’t it be better if you just had a selection of two dozen service providers? Bad actors like Comcast would be dumped like a bad habit.)

It’s therefore important to realize that the need for net neutrality regulation is a consequence of the telecommunications industry having been created through the political regulatory process described above. Where there are internet service providers who are not also telecom providers, where internet entrepreneurs leapfrogged the entire telecom industry and don’t have last-century luggage, the concept of net neutrality is an absolute no-brainer. (“It’s the whole service and the entire point of the service, why would we want to sell a substandard service?”.) In contrast, the telecom industry will be utterly disintegrated by the Internet — who would want to pay by the minute for 9.6 kilobits-per-second of bandwidth that can only be used with one mediocre voice application, when you have 100 general-purpose flatrate megabits-per-second in the wall? — and so, the telecom industry has every strategic incentive to delay and prevent the utility of the Internet.

Privacy remains your own responsibility, especially in the face of clueless politicians.

Syndicated Article
This article was previously published at Private Internet Access.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

Danish ISPs stop providing copyright industry with subscriber identities

6 juni, 2017 - 20:00

Copyright Monopoly: Denmark’s ISPs are collectively putting their foot down and will no longer surrender identifying subscriber information to the copyright industry’s lawyer armies. This follows a ruling in neighboring Norway, where the Supreme Court ruled that ISP Telenor is under no obligation to surrender subscriber identities, observing that the infraction of the copyright distribution monopoly is not nearly a serious enough issue to breach telecommunications privacy. This has the potential to end a long time of copyright industry free reign in Denmark, and will likely create a long series of court cases.

Denmark has long been an ugly stepchild when it comes to civil liberties online, giving the copyright industry basically everything they want in their efforts to prop up a crumbling distribution monopoly at the expense of any and all liberties. Denmark was the first country to re-introduce governmental censorship just to censor The Pirate Bay off the net, it was where the copyright industry’s plan was devised to use horrifying child abuse imagery as a battering ram against net neutrality, with the end goal of censoring any and all sites they felt threatened their established analog-era business.

Partially as a result of this, some of the more innovative legal defenses also popped up in Denmark first, among them the open wireless defense, which states that you can’t be held liable for something that happened on your open wireless network. When the first case of this type was ruled on by a court, extortion letters in Denmark from the copyright industry and their troll lawyer armies dried up overnight.

Regardless, the extortion attempts have continued against people sharing knowledge and culture with each other — which, in the eyes of public perception, is not and should not be a crime. This is one of the areas where public perception of justice collides hardest with the old analog world which insists on maintaining its analog privileges at any cost to society and the digital generation’s liberties.

And so, in the past year alone, the demands on Denmark’s ISPs to identify subscribers have risen by 250 per cent, according to Danish ITWatch.

On April 26, the Supreme Court in neighboring Norway ruled that the telecoms provider Telenor is not under any obligation to surrender identifying information to the copyright industry, justifying its ruling that simple sharing of culture and knowledge was not nearly aggravating enough to breach the telecommunications privacy.

Last week, after this ruling in the neighboring country, the Danish Internet Service Providers are collectively putting their foot down and not giving the copyright industry’s trolls who engage in so-called “speculative invoicing” — an action that would be prison-time criminal in any other industry — any more time of day. The ISP have decided that their customers are more important to them than obeying the tantrums of an obsolete distribution industry on its last legs.

What’s really puzzling is how ISPs could even consider it any other way; at any other time or in any other place — not standing up for your customers, and taking their enemies’ side instead, is simply not very good business.

Regardless, the ISPs will still have your identity and may be compelled by a court of law to surrender it, which is why a no-log VPN (or a no-log ISP, if you can find one) remains a very good defense.

Syndicated Article
This article was previously published at Private Internet Access.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

Is it prudent to ask if Britain’s nuke subs, which also run Windows XP, have also been hit by ransomware?

20 maj, 2017 - 20:00

Old World: Britain’s hospitals have been brought to a standstill because of ransomware infecting obsolete and unpatched Windows XP systems. The same obsolete operating system is powering Britain’s nuclear weapons arsenal. Is it prudent to ask if the British nuclear weapons submarines have been patched against this ransomware, or even hit by it?

As reported in January of last year, Britain’s nuclear submarines still run Windows XP. This is the outdated Microsoft operating system that was vulnerable to ransomware, and which is the reason that practically Britain’s entire healthcare is currently nonfunctional and at a standstill: they ran Windows XP, they did not upgrade, and they did not patch.

(A security patch for this vulnerability has been out since March. Getting hit in May is therefore inexcusable.)

I would argue that hospitals and nuclear weapons platforms are both “mission critical” for a government. It can be safely argued that one is more dangerous than the other, but in terms of how important to society it is to upgrade them and keep them current, they are playing in roughly the same division.

In other words, seeing how Britain has failed to patch its Windows XP systems in mission-critical hospitals, I do not have faith that they have patched all other mission-critical systems – specifically including their nuclear weapons platforms.

Of course, this would all be classified and nobody would ever admit to something like this happening, except possibly fifty years later. But we do know that Britain’s nuclear submarines run Windows XP, and that they had a contract for support which expired in July of last year, and which had an option to extend to July of this year. We also know that Microsoft has issued the security patch whether you are on support or not, so a support contract makes no difference in this case.

We’ve observed that the NSA has a catastrophic conflict between its mission and its methods: it cannot keep a nation safe by simultaneously keeping it unsafe (refusing to fix vulnerabilities).

We’ve also observed that NSA tools will leak to whomever may want them.

We’ve also observed that mission-critical systems routinely go unpatched.

We’ve observed that military systems are supposed to be kept separate from the Internet, but that this is frequently ignored. Besides, the same is largely true for mission-critical medical systems. Yes, those at the now-brought-to-standstill hospitals.

Let’s reword this to drive the point home. How likely is it that the United States NSA, through its persistent interest in keeping us unsafe, has managed to hand control of Britain’s nuclear weapons platforms to unknown ransomware authors, perhaps in Russia or Uzbekistan?

Of course, this is just speculation; it is not even hypothesis level. There would be no way for a civilian of knowing whether the subs are vulnerable, or worse, hit.

But given what has already happened, it is not rather relevant speculation that forces a few inconvenient questions?

Photo of the British HMS Vanguard submarine provided by the UK Government.

Syndicated Article
This article was previously published at Private Internet Access.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

The six worst hypocrisies of the copyright industry in the last decade

12 maj, 2017 - 20:00

Copyright Monopoly: The copyright industry keeps pounding a simplistic message to legislators – that copyright law is simple and that nobody honest could ever break it, and that it’s easy to “tell right from wrong”. But when you look at the deeds of the copyright industry instead of their words, they don’t seem very eager to follow their own rules themselves – if nothing else, demonstrating in deed that those rules are outdated, silly, or both.

The copyright industry has been pushing for tougher penalties since at least 1905, and against access for the public to culture and knowledge since at least 1849, when they opposed public libraries in the UK. The message from this industry has been remarkably consistent. However, the actions of this industry are as consistently hypocritical as that lobbying message. Here are some of the worst recent examples:

Number six: The movie studios themselves are torrenting at a large scale all the time.

The news site TorrentFreak used a service that matched torrent swarms to the public IP addresses of the big movie studios, and found that basically every movie studio – not to mention every company in the copyright industry – is engaging in large scale piracy themselves. While this is presumably individual employees using company resources, and not official actions of the company, it’s still impossible for the IT sysadmins of these companies to not notice.

Here’s what TorrentFreak found Paramount Studios sharing. Credit: TorrentFreak.

Yes, this is the very behavior they argued that people should have their Internet access revoked for, that they engage in themselves on a large scale from their very headquarter offices.

Number five: Voddler, an early competitor to today’s Netflix, used a video player client that itself violated copyright.

Voddler, called Spotify-for-video at its heyday and frequently mentioned as a poster child in political debates about the copyright distribution monopolies, always pounded on the table saying how copyright was extremely important for blah, blah, and blah. Apparently, that importance only concerned Hollywood’s copyright, and not that of people who couldn’t defend themselves in a court of law.

(This was before Netflix had really shifted to what it is today, and video-on-demand over the Internet was not associated with the company Netflix at all.)

When Voddler put together its video player client, it did so by assembling code from the XBox Media Center – XBMC – and other free-software video repositories like ffmpeg and mplayer. However, these repositories were licensed under the free-software GNU Public License (GPL), which meant that anybody may use and reuse the code – but only under certain conditions. Specifically, any reuse must provide the same freedom-to-reuse in their turn, the freedom that they were offered to get there.

Voddler did not do this. They published something resembling a piece of source code for their client (equivalent to a Netflix player), but nobody was ever able to compile it, which makes whatever-it-was clearly not meet the licensing terms of the GPL.

The free-software community was outraged, Voddler got hacked and took its offerings down “for maintenance”, and tried to relaunch but never recovered from doing one thing and saying another entirely.

Number four: The lobbyist material to push the European Parliament to vote for ACTA, a draconian copyright-and-more treaty, was itself pirated.

ACTA was a global treaty designed to give the copyright industry a lot more power, pretty much like SOPA/PIPA was in the United States. It had been ratified across the globe, with only one major body still needed to approve it: the European Parliament. Predictably, the copyright industry went into overdrive in every committee meeting to have the Members of European Parliament give them stronger protectionist measures. This poster was used:

The pro-ACTA poster used in the European Parliament, itself a pirate copy.

The problem with this is that the poster contains artwork which wasn’t licensed, making the high-profile pro-copyright campaign in the very European Parliament a blatant copyright violation. Multiple people traced the origins of that photo; Jéremie Zimmermann of LQDN found it to be a publicity photo which was permitted to use only under certain conditions which were not met, and an unnamed Danish reporter even tracked down the shipping line, their image repository, and the individual photographer to find out if it had been licensed. It hadn’t.

Number three: Pirating the music for a famous anti-piracy video ad.

One of the most famous, and also most parodied, anti-piracy ads of all time used its music without permission to do so. In other words, it was a widely distributed pirate copy of that music, all while trying to push the message that downloading is “stealing” (which is itself a blatant lie, at least according to the US Supreme Court, which can be said to have some authority on that particular matter).

You would if you could.

The music for this ad was created in 2006 by the Dutch composer Melchior Rietveldt, and it was to be used exclusively at a local film festival. To his surprise, he discovered it was also used on an anti-piracy ad on a Harry Potter DVD the following year – and in thousands, if not millions, of other places, which went completely against the licensed rights.

In another twist on this story, when Rietveldt demanded royalties for the illegal use of his composition, the local copyright industry (represented by Jochem Gerrits) demanded that the composer signed up under Gerrits’ own label if he wanted to see a single cent, and Gerrits would also personally take one-third of the already-owed fees and fines in exchange for allowing Rietveldt to receive anything at all. The “offer” appeared to be business-as-usual in the copyright industry; anywhere else, we’d call it corruption and racketeering, if not outright fraud.

Number two: The logo of the French official anti-piracy authority was pirated.

Around 2008, the copyright industry was heavily pushing the concept of “three strikes” – that your entire household should be cut off from the Internet, sending you into exile from modern society, on three accusations – accusations – of sharing music and movies outside the monopolized channels. From collective punishment to presumption of innocence, this violated a whole truckload of principles of due process. Nevertheless, the copyright industry pushed ahead and managed to get it installed in one European country – France – before the European Parliament outlawed the practice completely as part of the so-called Telecoms Package.

The French authority responsible for cutting off citizens from the Internet when they had violated the monopolized distribution channels was called Hadopi, which in French tradition is an acronym for something like High Authority for Pretending We Are Very Important. When the authority for protecting copyright and standing tall for these monopolies was unveiled, amid pomp and trumpets, it turned out that their very logo was a pirate copy.

Specifically, they had used a font which had been exclusively licensed only to France Telecom, and which nobody else therefore had the right to use. This included the French Government and their authorities, such as the caught-with-the-hand-in-the-cookie-jar Hadopi.

So according to this very authority, its act of overt piracy should lead to the French Government having its Internet access revoked. You get one guess on whether that happened, or whether the copyright industry considers copyright law only to apply to the low common plebs and not to themselves.

Number one: Sony willfully planting pirated remote-control malware on millions of computers to “protect the concept of property rights”.

In 2005, computers had this thing called “autoplay” for CDs inserted into them: in order to be user-friendly, they would automatically run any code named Autoplay. Windows computers would also always run with Administrator privileges when any random user was logged in. This was not a very good combination.

Sony used this to distribute music CDs that were actually mixed-mode CDs — they contained both a small data track and the music they claimed to hold. And the small data track, when inserted into any Windows CD, immediately installed remote-control malware that let Sony control how the computer was used, from there on out. Specifically, it would refuse to do certain things with the Sony music that was inserted in the drive, for no obvious reason. It would also steal data from the computer and send that data to Sony.

This was the first time a major copyright studio willfully distributed a rootkit — a malicious remote-control program running invisibly with root privileges — with the objective to willfully infect its customers. It infected millions of computers. Sony distributed over 20 million CDs with the deliberate malware.

When they were held to answer for this, they first denied any wrongdoing whatsoever, claiming “we are doing this to protect the legitimacy of property rights” (!!), and later feigned ignorance: “The customers probably don’t know what a rootkit is anyway, so why should they care about it?”. Under immense public pressure, they published a removal program, which only made the problem worse.

At the end of this story, Sony was sentenced in a class-action lawsuit to distribute promotional material for its upcoming catalog as remedy for having willfully infected millions of computers, sending themselves data from those computers, and giving themselves administrative access to them.

Bruce Schneier has one of the best writeups on Sony’s malicious behavior, and also notes that Sony pirated GPL-licensed code when writing their malicious rootkit, as the icing on the cake of this story.

In summary, the copyright industry has been consistent experts at one single thing in the past decade: demonstrating in action that copyright law either shouldn’t be followed at all, or that the law only applies selectively to those who can’t afford to have protectionist law written on request to serve their interests.

Syndicated Article
This article was previously published at Private Internet Access.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

De-spamming service “Unroll” selling your inbox to Uber shows the importance of information hygiene, yet again

3 maj, 2017 - 20:00

Privacy: It was a perfect service: sorting your mail and not just removing all spam for you, but also unsubscribing you from all of that spam garbage going forward. It kept your inbox perfectly clean. But behind the curtains, it also sold your inbox to the highest bidder.

Sometimes, you’re maliciously signed up to tens of thousands of mailing lists because somebody was annoyed with something you said, somewhere. The cost of doing so is low and it causes a ton of headache as you’re getting hundreds of spam per minute. Fortunately, most of those are double-opt-in confirmation mails — “click this link to confirm the subscription” — but maybe five percent are not, and those malicious signups will continue to clobber your inbox with noise.

Enter Unroll, which was the solution for this scenario: you gave it access to your mailbox, and it would not only detect and remove such unwanted spam, but also unsubscribe you from those tens of thousands of malicious subscriptions. Except, as it turns out, they also kept every single one of your mails, including those with passwords and other sensitive information, and sold them to the highest bidder.

It was just a short passage in an otherwise fascinating portrait of the Uber CEO made by New York Times:

So, the service Unroll was bought by Slice Intelligence. This is the first red flag: even if the service you signed up for were honest, their buyer may not be. (According to a quoted person below, Slice Intelligence bought Unroll specifically because they had access to tons of private mailboxes.)

This highlights the importance of information hygiene.

Information hygiene means that you’re aware not of what somebody claims to do with your data, but that you understand what they are able to do. For example, if a service promises to sort your email for you, then it necessarily must also be able to read all that email, for the action of sorting requires observation – and consequently, they are also able to sell your private mails to others. This is an ability they hold regardless of what they promise to do, or more relevantly, appear to promise to do.

The act of sorting requires observation. Therefore, any service sorting your data must also be able to read all your data.

In a blog post about the revelation that they sell inbox data, Unroll CEO states that “it was heartbreaking to see that some of our users were upset to learn about how we monetize our free service”. The comments are, predictably, furious: the top comment states that “this is a one-strike-I-leave-the-service kind of thing”.

That same top comment also states that it’s a big deal to give somebody access to their inbox. Doing so should always, always, be done with the awareness that they will at least read all of it (if nothing else, to determine which mails to read closer, to perform the promised service), and that any information, once read, cannot be unread – but can be processed, aggregated, sold, et cetera.

If you are providing your inbox to somebody else, and want privacy, you need to encrypt your mails, just like you’re encrypting your Internet connection to prevent others from eavesdropping on it.

At Hacker News, a person named Karl Katzke elaborates further:

I worked for a company that nearly acquired unroll.me. At the time, which was over three years ago, they had kept a copy of every single email of yours that you sent or received while a part of their service. Those emails were kept in a series of poorly secured S3 buckets. A large part of Slice buying unroll.me was for access to those email archives. Specifically, they wanted to look for keyword trends and for receipts from online purchases.

The founders of unroll.me were pretty dishonest, which is a large part of why the company I worked for declined to purchase the company. As an example, one of the problems was how the founders had valued and then diluted equity shares that employees held. To make a long story short, there weren’t any circumstances in which employees who held options or an equity stake would see any money.

I hope you weren’t emailed any legal documents or passwords written in the clear.

Take a moment to absorb that, and add to the fact that they had a useful service that many subscribed to, combined with that sloppiness (not to say bordering on malice) with people’s private data – and sprinkle the CEO’s “heartbrokedness” when users learned how they made money on top.

Last but not least, Unroll tries to deflect blame here by saying they’re only selling “anonymized” data. It must be remembered, that anonymization is hard. As in, really really really hard. Most data can be de-anonymized; strong anonymization is basically as hard as strong encryption, and most people doing anonymization are happy amateurs who do not understand the scope and difficulty of the task.

Privacy remains your own responsibility.

Syndicated Article
This article has previously been published at Private Internet Access.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

Blockstream having patents in Segwit makes all the weird pieces of the last three years fall perfectly into place

1 maj, 2017 - 08:22

Activism: Based on Blockstream’s behavior in the Bitcoin community, I have become absolutely certain that Segwit contains patents that Blockstream and/or their owners have planned to use offensively. I base this not on having read the actual patents, for they can be kept secret for quite some time; I base this on observing Blockstream’s behavior, and having seen the exact same behavior many times before in the past 20 years from entities that all went bankrupt.

In a previous part of my career, I was making telecom standards. This meant meeting with lots of representatives from other companies somewhere on the globe once a month and negotiating what would go into the standard that we would all later follow.

I was a representative of Microsoft. I would meet with people from Nokia, Ericsson, AT&T, and many other corporate names you’d recognize instantly, in small groups to negotiate standards going forward.

One thing that was quite clear in these negotiations was that everybody was trying to get as much as possible of their own patent portfolio into the industry standard, while still trying to maintain a façade of arguing purely on technical merits. Some were good at it. Some were not very good at it at all.

One of the dead-sure telltale signs of the latter was that somebody would argue that feature X should use mechanism Y (where they had undisclosed patent encumbrance) based on a technical argument that made no sense. When us technical experts in the room pointed out how the argument made no sense, they would repeat that feature X should absolutely use mechanism Y, but now based on a completely new rationale, which didn’t make any sense either.

The real reason they were pushing so hard for mechanism Y, of course, was that they had patents covering mechanism Y and wanted their patented technology to go into the industry standard, but they were unable to make a coherent argument that withstood technical scrutiny for why it was the preferable solution at hand, with or without such encumbrance.

In other word, classic goalpost moving.

As a technical team made up of many people from different companies, there would come a time when our patience ran out with assuming good faith for the fake technical rationale presented to get something patented into the standard, as we knew it was made up on the spot but sort of had to play along — but only up to a point, if the party losing the technical argument didn’t give in, didn’t play their part of the game we all knew was happening.

But there’s more to Blockstream’s behavior than just moving technical goalposts.

As I later came into politics, I saw this pattern much clearer – it was in basically every decision in politics. We called it “high reasons and low reasons”. The “high”, or “noble”, reason would be the one you presented to the world for wanting X as policy. The “low” reason, meanwhile, was the one that made you give a damn in the first place about it. These were often not connected at all.

You could spot these “high-vs-low reason” conflicts in the tiny details. For example, somebody would argue for new invasive surveillance to combat terrorism, or so they would say. And then you read a little closer, and the bill text actually says “terrorism and other crimes“, an important part which nobody paid attention to. Two years after passing, it turns out that the new surveillance powers were used 98% to fight ordinary teenagers sharing music and movies with each other, and that the original bill sponsor was heavily in bed with the copyright industry.

So the exact same pattern of having one overt and one covert reason was present in politics as well, unsurprisingly. But there’s also another pattern here, one that we shall return to: “We want this feature because of X, or because of any other reason”.

But first, let’s compress the last three years of dialogue between Blockstream and the non-Blockstream bitcoin community:

[BS] We’re developing Lightning as a Layer-2 solution! It will require some really cool additional features!
[com] Ok, sounds good, but we need to scale on-chain soon too.
[BS] We’ve come up with this Segwit package to enable the Lightning Network. It’s kind of a hack, but it solves malleability and quadratic hashing. It has a small scaling bonus as well, but it’s not really intended as a scaling solution, so we don’t like it being talked of as such.
[com] Sure, let’s do that and also increase the blocksize limit.
[BS] We hear that you want to increase the block size.
[com] Yes. A 20 megabyte limit would be appropriate at this time.
[BS] We propose two megabytes, for a later increase to four and eight.
[com] That’s ridiculous, but alright, as long as we’re scaling exponentially.
[BS] Actually, we changed our mind. We’re not increasing the blocksize limit at all.
[com] Fine, we’ll all switch to Bitcoin Classic instead.
[BS] Hello Miners! Will you sign this agreement to only run Core software in exchange for us promising a two-megabyte non-witness-data hardfork?
[miners] Well, maybe, but only if the CEO of Blockstream signs.
[Adam] *signs as CEO of Blockstream*
[miners] Okay. Let’s see how much honor you have.
[Adam] *revokes signature immediately to sign as “Individual”*
[miners] That’s dishonorable, but we’re not going to be dishonorable just because you are.
[BS] Actually, we changed our mind, we’re not going to deliver a two-megabyte hardfork to you either.
[com] Looking more closely at Segwit, it’s a really ugly hack. It’s dead in the water. Give it up.
[BS] Segwit will get 95% support! We have talked to ALL the best companies!
[com] There is already 20% in opposition to Segwit. It’s impossible for it to achieve 95%.
[BS] Segwit is THE SCALING solution! It is an ACTUAL blocksize increase!
[com] We need a compromise to end this stalemate.
[BS] Segwit WAS and IS the compromise! There must be no blocksize limit increase! Segwit is the blocksize increase!

//falkvinge.net/wp-content/uploads/2017/04/movinggoalposts2.mp4

This is just a short excerpt. I could go on and on, showing how Blockstream said that node count was completely negligible when Bitcoin Classic nodes started to pick up and how hashrate was the only valid measure, and how Blockstream is now talking – no, yelling – the exact opposite, when Bitcoin Unlimited is at 40%+ of hashrate.

This pattern is utterly typical for somebody hiding encumbrance in what they’re trying to achieve – for if Segwit locks in, it’s in bitcoin for eternity because of the way the chain is permanent, whether those parts of the chain are used by a particular actor or not.

There’s even more to it. It’s also typical for an actor who’s deflecting like this to try to invoke external enemies. Warhawks in governments have done the same over and over when they want to go to war: be aggressive about a narrative, call out anybody who challenges the narrative as a traitor and a saboteur, and beat the drums of war. It’s tribal, but it works. In this case, Blockstream have singled out two individuals as “enemies”, and people who want to be part of the community are encouraged to be aggressive against them. It’s practically straight out of scenes of the movie 1984.

All to get patents into bitcoin, regardless of whether you burn it and its community to the ground in the process.

That’s the only way their behavior makes sense, and it makes utter and complete sense in that way. I want to emphasize again that I have not read any of the Blockstream patent applications, and it would be pointless to do so as they can be kept secret for something like 18 months, so I wouldn’t have access to the full set anyway. But based on Blockstream’s behavior, I can say with dead certainty that I’ve seen this exact behavior many times in the past, and it’s always when somebody has a dual set of reasons – one for presentation and palate and another that drives the actual course of action.

With that said, Blockstream has something called a “Defensive Patent Pledge”. It’s a piece of legal text that basically says that they will only use their patents for defensive action, or for any other action.

Did you get that last part?

That’s a construction which is eerily similar to “terrorism and other crimes”, where that “and other crimes” creates a superset of “terrorism”, and therefore even makes the first part completely superfluous.

Politican says: “Terrorism and other crimes.”
The public hears: “Terrorism.”
What it really means: “Any crime including jaywalking.”

The Blockstream patent pledge has exactly this pattern: Blockstream will only use their patents defensively, or in any other way that Blockstream sees fitting.

Blockstream says: “For defense only, or any other reason.”
The public hears: “For defense only.”
What it really means: “For any reason whatsoever.”

Let’s assume good faith here for a moment, and that Greg Maxwell and Adam Back of Blockstream really don’t have any intention to use patents offensively, and that they’re underwriting the patent pledge with all their personal credibility.

It’s still not worth anything.

In the event that Blockstream goes bankrupt, all the assets – including these patents – will go to a liquidator, whose job it is to make the most money out of the assets on the table, and they are not bound by any promise that the pre-bankruptcy management gave.

Moreover, the owners of Blockstream may — and I predict will — replace the management, in which case the personal promises from the individuals that have been replaced have no weight whatsoever on the new management. If a company makes a statement to its intentions, it is also free to make the opposite statement at a future date, and is likely to do so when other people are speaking for the company.

This leads us to ask who the owners of Blockstream are: who would have something to gain from pulling the owner card and replacing such a management?

Ah.

The owners of Blockstream are the classic financial institutions, specifically AXA, that have everything to lose from cryptocurrency gaining ground.

And they have bought (“invested in”) a company, which has an opportunity to get patents into the bitcoin blockchain, thereby being able to either outright ban people from using it, or collect a heavy rent from anybody and everybody who uses it.

The conclusion is unescapable here: Blockstream’s constant goalpost shifting has had the underlying goal to have Blockstream’s owners effectively own bitcoin through patent encumbrance.

As horrifying as that statement is, it’s the only way – the only way – that the actions of the past three years make perfect sense.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

Bitcoin’s Unlimited Potential Lies in an Apolitical Core

30 april, 2017 - 21:00

Bitcoin – Nozomi Hayase: The ongoing Bitcoin block size debate has accelerated into a kind of civil war. From threats of a 51% attack to online trolls and controversy over the allegation of covert AsicBoost usage, disagreements on scaling solutions have created a toxic environment in the community. With a divide created by slogans of bigger or smaller blocks with Bitcoin Unlimited vs. Core memes, the ecosystem growing around this technology has started to resemble the craziness of party politics.

Guest Article
This is an article by Nozomi Hayase, a writer who has been covering issues of freedom of speech, transparency and decentralized movements.

We have seen a failure of national politics. From the 2008 financial meltdown and bank bailouts to cycles of austerity, unprecedented levels of corruption spawned a global crisis of legitimacy of institutions and governments. This only seems to have gotten worse.

In the US, at the center of financial and political power, the populace has been trapped by a corporate sponsored political charade, with a rigged presidential primary and election of the lesser of two evils. More and more, people are beginning to wake up to the broken promises and failed policies of their leaders, creating conflicts and instability in regions around the world. While solutions provided in the electoral arena have repeatedly shown to be ineffective, Bitcoin presented an alternative -a departure from this system of politics.

Politics as Systems of Power

So what is politics? What are the characteristics of governance designed by it? The Oxford Dictionary defines politics as “activities associated with the governance of a country or area, especially the debate between parties having power.” Politics is inherently associated with power and is a means to organize society through leaders gaining control over the majority.

Western liberal democracy is politically engineered governance. Its fundamental feature is centralization. Rules made from the top are enforced and changes in the system require permission from those who are in positions of authority.

Historian Howard Zinn (1970) noted how:

“In modern times, when social control rests on ‘the consent of the governed’, force is kept in abeyance for emergencies, and everyday control is exercised by a set of rules, a fabric of values passed on from one generation to another by the priests and teachers of the society.” (p. 6)

This command-control style of governance works in hierarchies and is antithetical to democratic values. The integrity of the system depends on success of rulers to foster obedience of those in the network and prevent people from dissenting. For this, managing perception and public opinion through mass media becomes necessary and the system operates under the appearance of democracy, making force of control covert and invisible.

In Democracy INC: The Press and Law in the Corporate Rationalization of the Public Sphere, professor of journalism David S. Allen (2005) described the role of professionals in facilitating this managed democracy. He noted how the creation of expert knowledge is essential in this machination. Science has become a methodology to back professional legitimacy, as “individuals began to regard professional judgments, often supported by scientific data as unquestionable” (p. 54).

The Creed of Objectivity

Professionals with expert knowledge perform the role of trusted third parties who are supposed to represent the interests of citizens and make decisions on their behalf. Here, the knowledge produced in social science, such as economics, political science and psychology are often used to maintain the status quo of power structures. From Alan Greenspan to Ben Bernanke and now Janet Yellen, economists who are appointed by the US President as chair of the Federal Reserve get to decide monetary policy for the country and exercise influence through central banks around the world. What validates their expert knowledge is an epistemological foundation called the creed of objectivity.

Social science has incorporated empirical and positivist methodology of natural science and claimed the ability to form knowledge in a similar way as physical science. With this, researchers assert neutrality as if he or she transcends race, class or any personal bias. Yet, they are embedded within cultural values and their purported value-free objectivity is not actually possible. One’s subjective agendas and personal views do not magically disappear by simply claiming it to be so.

Without transparency that ensures disclosure of researchers’ bias, this creed of objectivity becomes a cloak that hides their motivations. This stance of objectivity closes off any feedback and the assertions that are not tested are promoted as universally applicable truth. Money in this representative democracy becomes political money, legitimatized by state authority and tied to monetary policies of investment banks and corporations that run government behind the scenes.

Replacing Politics with Math

Now, a breakthrough of computer science has found a way to crack this closed logic of control. Bitcoin opens a path for changing the world without taking power. The whitepaper published under the pseudonym Satoshi Nakamoto put forward a vision of a “peer-to-peer version of electronic cash”, based on cryptographic proof, rather than relying on a trusted third party. The underpinning of this innovation was a science of asymmetrical security that provides a strong armory against violence, exploitation and extreme selfishness through a mechanism of consensus.

Richard Feynman, a theoretical physicist once said that scientific integrity is learning to not fool ourselves. He noted, “The first principle is that you must not fool yourself—and you are the easiest person to fool”. In natural science, researchers are given honest feedback from the real world and nature through observation, repeated testing and experiments. On the other hand, social scientists explore dimensions more divorced from physical reality, and in their claim of neutrality, they can become blind to their own bias. This would influence the outcome of their studies and they more easily distort facts with personal opinions and emotions.

This creed of objectivity in social science has shown itself to be vulnerable to tendencies toward deception, while math is a property that is impervious to manipulation. Math cannot be fooled, as it does not respond to lies and threats. Computer science relies on solid data, rigorous testing and peer-review. This gives each person an opportunity to engage in honest work to overcome self-deception and build strong security, even as strong as the laws in the physical world.

Cypherpunks; Scientists with a Moral Code

In the existing model of governance, inherent weakness of the creed of objectivity made the system vulnerable to tyranny of the few. Economic incentives set up by a professional class made the right to free speech exclusive for the beneficiaries of this managed democracy, suppressing any views that challenge this authority. Those privileged in the system call these perspectives subjective, relegating them to mere opinion. This doctrine of false objectivity that has been predominant in academia has conditioned researchers to remain impartial. This turned the populace into passive observers, preventing them from fully connecting with their passion and values.

In the foundation of Bitcoin development, there lies a particular philosophy that revolts against this restriction of free speech imposed by central authority. In the paper The Moral Character of Cryptographic Work published in 2015, eminent computer scientist Phillip Rogaway brought forward the moral obligation of cryptographers and their importance, especially in the post-Snowden era. In this, he described a group that emerged in the late 1980’s who saw the potential of cryptography in shifting power relations between the individual and the state. These are the cypherpunks who held a belief that “cryptography can be a key tool for protecting individual autonomy threatened by power”.

In an interview with Trace Mayer, applied cryptographer and inventor of Hashcash, Adam Back who was cited in Satoshi’s whitepaper, talked about the “positive social implications arising from cryptography”. He described the ethos of cypherpunks as writing code to bring the rights we enjoy offline into the online world. The idea is that lobbying politicians and promoting issues through the press would be a slow uphill battle. So, instead of engaging in legal and political systems, Back noted that they could simply “deploy technology and help people do what they consider to be their legal right” and society would later adjust itself to reflect these values. The cypherpunks, with their adamant claim of subjective domains, apply real objective knowledge that comes from math to bring change.

Solidifying Technology’s Core

As the forced network effect of petrodollar hegemony begins to loosen, the empire fuels aggression, with more wars and sanctions. While this system of representation weakens, the logic of control from the old world began infiltrating the Bitcoin ecosystem. Regulators try to reach cryptocurrency through exchanges, and by enforcing KYC (Know Your Costumer) create a fertile soil for government surveillance and privacy erosion. Centralization creeps in through industrial mining and patents on hardware, with a trend toward state and corporate backed monopolies. All the while, established media keep writing obituaries on Bitcoin, wishing to declare the death of this new money they can’t understand.

Politics that spread through the crypto-community have been hijacking discussions on technical development. With PR, name-calling and smear campaigns, a vocal minority engages in social engineering, distracting developers who are engineering security. This drama that some perceive as Bitcoin’s existential threat brings a crisis, yet at the same time is giving us all an opportunity to solidify our commitment to this technology’s fundamentals.

Bitcoin as a premise of stateless money has brought many people together. These are free market enthusiasts, traders, libertarians, engineers, venture capitalists, anarchists and artists. Bitcoin is a disruptive technology that has large political implications. Yet, for it to manifest its true potential, we must not forget its roots in its apolitical nature –solid science. This apolitical nature is not a bug, but a feature. This is what makes Bitcoin stateless money, censorship resistant, unseizable and permissionless.

Imagination from Computer Science

Legal scholar and inventor of bit-gold Nick Szabo once noted: “Computer science gives you far more leverage to change the world than any other study in our age.” Social issues and questions of democracy have been a philosophical quandary that are generally tackled politically. They were not considered to be the purview of science. Yet now, imagination from computer science has come forward to help us work on solving these problems.

Our commitment to decentralization keeps this consensus algorithm running across the global network and allows all to participate in this scientific endeavor of Proof of Work – to show the world that equality, fraternity and freedom are not just ideals, but unshakable universal truths.

So, let us call a ceasefire in this political battle and engage with the honest work of collaborative efforts of writing code. By moving from a system of power to a consensus of equal peers, together we can find solutions to overcome challenges. From this secure foundation provided by this technology’s core, unlimited potential can be unleashed, which creates divergent currencies to carry the wishes and desires of many communities. Where politicians and leaders have failed, Bitcoin succeeds. Our surrender to this scientific process opens a door for development of protocol and gives innovation a chance for humanity to save itself from the mess we have created.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

What Australia can learn from Europe’s failure with Data Retention

24 april, 2017 - 20:00

Australia: This month, Australia’s law mandating telecommunications data retention went into effect. It is clear that Australia learned absolutely nothing from Europe’s abysmal 10-year failure with this exact law before it was finally struck down by courts as utterly incompatible with human rights at the core of its idea. Here’s how Australia can fail a little faster on this horrendous concept by realizing it’s just not inexcusable, it doesn’t even work.

In the wake of the 2004 Madrid bombings, a handful of hawks saw their opportunity to pass unprecedented mass surveillance legislation, where people could be retroactively wiretapped – something that was only possible if everybody was continuously wiretapped, all the time, so it could be retroactively reviewed. Now, actual wiretapping would not have flown, so they went with the politically-new word “metadata”, which didn’t sound nearly as bad but was conceivably much worse because it was machine-sortable: Everybody’s communications metadata would be stored for a long time with the sole objective of using it against them.

It was just four people – as little as four people out of five hundred million – who were ultimately driving this disaster into being in Europe, much through deception and Potemkin façades. In Sweden, the concept was driven pretty much only by the then-minister-of-Justice Thomas Bodström, and skilled activists at the time traced how he couldn’t get the Swedish Parliament to approve anything like it (for good reason), so he went for the infamous legislative “Brussels Boomerang” instead: make it a federal law at the EU level, and tie the hands of the Swedish Parliament to do it regardless of their opinion. There were three other like-minded people from other states, and that was all it took for the proposal to gain momentum at the Brussels level.

On December 14, 2005, the European Parliament approved a mandate for all states to implement “telecommunications data retention”, or as it would be more accurately described, “preemptive ongoing wiretapping of everybody in case we decide we want it later”. The purpose is to combat “terrorism and other crimes”. That little “and other crimes” turned out to include basically everything, up to and including jaywalking – and in practice, it would be almost exclusively used to hunt ordinary people sharing music and movies outside of the monopolized copyright channels.

So all of a sudden, everybody’s activity was recorded – along with timestamps and their precise geographical position – whenever they did the most minute form of communication. It was a mass tracker.

The problem is that surveillance of innocents in case they should become suspects later is fundamentally incompatible with a democracy.

However, this one didn’t go over well in Europe, even with a decision from the federal European parliament. A full one-third of European states – nine out of 27 – refused to implement the preemptive surveillance of innocents, seeing it for what it was. In other states like Germany, it was implemented and immediately struck down by their constitutional court, for good reasons.

In pushing for acceptance, there was no shortage of Potemkin façades and misdirection from politicians. An example of the talking points used:

“Telecom companies have always recorded this”: No, they haven’t. In fact, they have been absolutely, positively banned from recording any of this, except – except for what was absolutely needed for billing purposes. Data retention switched bulk collection of everything from “absolutely forbidden” to “mandatory”, and that’s not the small change they wanted to pretend it was.

“It’s not government surveillance, it’s the telecoms recording your activity”: As if conscripting a corporation into a most unwilling agent of the government made it not the government’s action any more. This is a particularly disgusting way to deflect responsibility for your actions.

“It’s necessary to prevent terrorism”: Except it was absolutely useless for this, and used in practice only to punish ordinary file-sharing people.

On the other side of the fence, you had a few diligent politicians like Malte Spitz in Germany, who used his own data to show people just how horrible the tracking was – he made a YouTube video showing that he could essentially be followed block by block as he was going about his daily business, and also held a TED Talk about it.

Activists also kept pushing, relentlessly, providing actual data that politicians didn’t want to exist. The German AK Vorrat – loosely translated as “working group, data retention” – was one of the more visible ones, and who pointed out that the collected data had only hade a difference in 0.006 percent of criminal cases.

Zero point zero zero six per cent.

In most countries, that’s the equivalent of hiring two or three extra investigative police officers, but at the cost of ordinary police pay instead of the data retention’s cost of about a billion dollars per year (or much more). In other words, the data retention is not even effective in the best of cases – neither for police operations nor for cost-efficiency. You could have solved something like 1,000 times more additional crimes for the same amount of money, just by hiring regular investigating police officers doing ordinary honest police work instead of treating everybody as a suspect.

Now, fortunately, it wasn’t just activists pushing back. Since the governments had audaciously told the telecoms operators to foot the entire bill for this, they were not happy and had a real financial interest in scuttling this construct. That, in the end, is what caused the data retention’s undoing.

It was billions of dollars of cost for the telcos that was the ultimate driver to end data retention. It was the human rights principles that gave those telcos the right of way in court.

Because the telcos challenged the mandate to retain data – the most customer-focused ones flat out refused to comply, saying “take us to court”. The government didn’t, but took them to their own authorities instead (the US FCC equivalent), at which point the telcos took those authorities to court.

And won.

Once the courts had ruled that telcos were no longer required to store all metadata, and importantly, absorb all the cost for doing so, data retention was dead in practice. But it would take another couple of years to really drive the point home.

The legal escalation went all the way to the European Court of Justice (ECJ), which is the European equivalent of a Supreme Court. This escalation took a decade in total, but on April 8, 2014, the European Court of Justice ruled that the Data Retention Directive – the EU “federal law” – so utterly incompatible with human rights, that the court didn’t just declare it not in effect from that date; the ECJ ruled that it had never been in effect, annulling it retroactively and effectively erasing it from existence as a mark of shame. The court couldn’t have put its foot down any harder.

Most politicians in European states at the time noted that while they were now not mandated to preemptively violate every citizen’s privacy, there was not yet any ruling banning them at a federal level from doing so, and they sought to tweak details in their “safeguards” to keep the constructs. This missed the point of the ECJ entirely:

The problem isn’t that the data isn’t properly secured, or who has access to it and when. The problem is that surveillance of innocents in case they should become suspects later is fundamentally incompatible with a democracy. It is the core idea that is broken and unacceptable, not the details of implementation.

This disconnect baffled the courts entirely, as their key point had been made perfectly clear in the 2014 ruling: such a construct is incompatible with a democracy. Why did politicians persist in pretending it was a matter of implementation details, and not the core idea? More importantly, why was this still happening in individual states, even though there was no more federal directive mandating it?

Hawk politicians in those individual states were arguing that while the European states were no longer required to have data retention at the federal level, they were also not forbidden from having it as a state initiative, and continued it on the state level that had been initiated by the federal law now shredded by the ECJ. This position at the state level could only have come from somebody who didn’t read the fuming verdict from the European Court of Justice in 2014, as it tore up the Data Retention Directive by its roots and lit it ritually ablaze expressed in the strongest anger that judicial language is capable of expressing.

So in the judicial equivalent of “didn’t you morons hear us the first time”, the ECJ finally ruled in December of 2016 that all European states are utterly forbidden from mandating data retention from its telecommunications providers. This gave the telcos who had been objecting all along wind in their sails, and most of them deleted all the collected data on the same day to trumpet fanfares and advertising. Meanwhile, the politicians who had been advocating these violations of human rights muttered increasingly incoherently, and have not been heard from again so far, six months later.

In conclusion, while Europe had its turn with the hated Data Retention, it would take the courts twelve years to undo it. Let us at least hope that others can learn from this mistake and not have to do all of it all over again.

Privacy remains your own responsibility, as always.

Syndicated Article
This article was previously published at Private Internet Access.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

With laptops banned onboard aircraft, your data is no longer yours if you fly

23 april, 2017 - 20:00

Privacy: New US regulations ban laptops on board some aircraft, requiring laptops to be in checked luggage. One of the first things you learn in information security is that if an adversary has had physical access to your computer, then it is not your computer anymore. This effectively means that the US three-letter agencies are taking themselves the right to compromise any computer from any traveler on these flights.

According to the United States Ministry of Peace Department of Homeland Security, which bills the ban as a “change to carry-on items” that affect “ten out of the more than 250 airports that serve the United States internationally”, there is a “security enhancement” because explosives can now be built into “consumer items”, and therefore laptops must now be banned from carry-on luggage and instead checked in.

When looking at this justification, the DHS notably fails to describe how it would be any safer flying with such alleged explosives in checked luggage rather than carry-on luggage onboard the same aircraft. In other words, the justification is utter nonsense, and so, there must be a different reason they issue this edict that they’re not writing about.

“The aviation security enhancements will include requiring that all personal electronic devices larger than a cell phone or smart phone be placed in checked baggage at 10 airports where flights are departing for the United States.”

When Microsoft (finally) trained every single one of their employees in security in the big so-called “security push” around the turn of the century, there were about a dozen insights that they really hammered home, again and again. One of the most important ones related to this was the simple insight of “if an adversary has had physical access to your computer, then it’s not your computer anymore”.

After all, if somebody has had physical access to the machine itself, then they will have been able to do everything from installing hardware keyloggers to booting the machine from USB and possibly get root access to some part of the filesystem – even on a fully encrypted GNU/Linux system, there is a small bootstrap portion that is unencrypted, and which can be compromised with assorted malware if somebody has physical access. They could conceivably even have replaced the entire processor or motherboard with hostile versions.

This is a much more probable reason for requiring all exploitable electronics to be outside of passengers’ field of view.

Remember that both the NSA and the CIA have a history of routinely pwning devices, even from the factory, or intercepting them while being shipped from the factory. (There was one incident where this was revealed last year, after the courier’s package tracking page showed how a new keyboard shipped to a Tor developer had taken a detour around the entire country, with a remarkable two-day stop – marked “delivered” – at a known NSA infiltration facility.)

Now imagine that the laptops and other large computing devices of these travelers — remember that the Tor developer in question was an American citizen! — that these devices will be required to be surrendered to the TSA, the CIA, the NSA, the TLA, and the WTF for several hours while inflight. It’s just not your device anymore when you get it back from the aircraft’s luggage hold – if it was ever there.

If your laptop has been checked in and has been in the TSA’s control, it can no longer be considered your laptop. Any further login to the compromised laptop will compromise your encrypted data, too.

The choice of the ten particular airports is also interesting. It’s the key airports of Dubai, Turkey, Egypt, Saudi Arabia, Kuwait… all predominantly Muslim countries. Some have pointed this out as racial profiling, but there are signs it may be something else entirely and more worrying.

For example, the Intercept presents the measure as a “muslim laptop ban”. The might or might not be an accurate framing, but the worrying part is that this is a best case scenario. More likely, it is a so-called “political test balloon” to check for how much protesting erupts, and to put it bluntly, if they get away with it. If they do, then this can be a precursor to a much wider ban on in-flight laptops – or, as you would more correctly have it, a much wider access for three-letter agencies to people’s laptops and data.

Syndicated Article
This article was previously posted at Private Internet Access.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

Airport: “We’re tracking every single footstep you take and can connect it to your mail address, but your privacy is safe because we say so”

15 april, 2017 - 20:00

Netherlands: A sign on the revolving entrance to a European airport, one sign among many, says “the airport employs wi-fi and bluetooth tracking; your privacy is ensured”. The vast majority of people have no idea what this is, and just see it as one sign among many like “no smoking”. But this cryptic term is an indoor mass real-time positioning for every individual in the area at the sub-footstep level, and the airport knows who many of the individuals are.

When your mobile phone has wifi activated, it transmits a network identity signal – a MAC address – continuously in asking its environment for which Wi-Fi networks are available in the area, looking for known networks to connect to. It is possible to use a network of wi-fi base stations in a limited area to pinpoint the exact physical location of your phone in that physical area – by comparing the signal strength of your phone’s identity ping from multiple stations receiving it, and knowing where those stations are, your phone’s location can be calculated in microseconds with sub-footstep accuracy. And as your phone keps pinging its environment to search for wi-fi networks, the end effect is that your movements are tracked basically down to the footstep level in physical space and the second level on the timeline.

We know this because it caught some rare attention when the sub-footstep individual realtime tracking was rolled out citywide in a mid-size town in Europe, and was cracked down on by that state’s Privacy Board (thankfully).

Let’s take that again: sub-footstep-level identified realtime tracking has already been in place in major cities at the city level.

That’s why it’s positively infuriating to see this vague statement on an airport door, and knowing what it means, but also knowing that it has been deliberately worded to make 99% of people even reading it not understand what it means. And most people won’t even read it.

“This terminal uses a Wi-Fi and Bluetooth-based tracking system. Your privacy is ensured.” Also, war is peace, freedom is slavery, and ignorance is strength. My privacy is “ensured”? Am I supposed to be grateful because you’re not yet demanding a blood sample?

Your privacy is ensured “because we say so”, apparently.

It gets worse. Your phone is continuously broadcasting its MAC address, right? But the airport has no way of knowing which MAC address belongs to which person, right? So even though this is bad, the airport doesn’t know how you moved, when, and where, and how fast, and with whom… right?

Except, the tracking is done with a Wi-Fi network, remember? Which you can and will connect to, because it broadcasts the name “Free Airport Wi-Fi”. And the only thing you need to provide this network in order to get free and fast net access, thereby connecting with the very MAC address which has been tracked, is your email address.

…and suddenly the airport can connect your physical movements to your email address, and therefore most likely to your identity. It now has the ability to know how you moved through the airport, where you ate, whom you met with, for how long, the list that goes on, a list that shouldn’t be there. The only safeguard against it not doing so and using it against you is a vague “trust us”.

It’s not a random small countryside airport, either. It is Amsterdam-Schiphol, which is the 12th largest airport in the world, and the third largest in Europe after London-Heathrow and Paris-Charles-de-Gaulle.

Your privacy remains your own responsibility.

Syndicated Article
This article has previously been published at Private Internet Access.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

Would U.S. Congress find it acceptable that their phonecalls were recorded, sold, and published?

10 april, 2017 - 20:00

Repression: The United States Congress has decided that Internet Service Providers shall be Common Carriers but without the obligations of a Common Carrier. Specifically, which was the shocker recently – telephone secrets don’t apply as they do with other telecommunications providers, and ISPs are also free to modify anything they like without liability for it. This was an unexpected development of the FCC upgrading the Internet to a so-called Title II Utility. But what would happen if we took this to its conclusion and started publishing Congress’ intercepted phone calls, as they have decided can be done with Internet traffic?

The United States Congress decided that Internet Service Providers can not just monitor and sell your Internet traffic, but also modify it, which has been met with a justified storm of criticism. Some of the blowback states that “this has been the case for a long time and up until recently”, and this Congress decision merely “restores” things to how they were before – and this is where it gets interesting: what happened “recently” – more specifically on June 12, 2015 – and which Congress seemed fit to reverse, was that the FCC ruled the Internet to be a so-called Title II Utility: a utility on par with the telephone network. This FCC ruling turned the Internet Service Providers into so-called Common Carriers.

When you’re communicating on the telephone network, the telco can’t record and sell your conversations. Privacy laws prevent this.

What makes it reasonable, then, that a voice call which is technically transmitted over the Internet can be recorded and sold? Where just the method of transmission is different?

Here’s the kicker in this context – most telco voicecalls are already transmitted over the Internet. It’s simply much cheaper for telcos to use the simple Internet TCP/IP network for transmission than their own expensive and complicated SS7 network, so this migration has been silently going on for the past two decades.

This leads us to the following question:

Since Congress’ telephone calls are most likely transmitted over the Internet, would they find it acceptable that those telephone calls were recorded, sold, and published, as they have just decided?

Of course, they would go ballistic. They would feel… betrayed. Violated. Just as we feel, because we understand the decision they made, and they don’t.

It is hard to overstate the technical illiteracy of today’s lawmakers. They are basically behaving like a drunken elephant trumpeting about in a porcelain factory.

To give you one concrete example of this, the UK Home Secretary went on record saying there has to be people who understand the necessary hashtags to prevent hate speech from getting published on the Internet.

Yes, you read that right. The. Necessary. Hashtags. And this is the person ultimately responsible for these issues. Would you trust their decisions to be well informed?

When working in the European Parliament, I observed lawmakers get their email printed for them by their secretary and handed to them as papers on their desk. These are the people making federal law about the Internet.

Today’s lawmakers are basically behaving like a drunken elephant trumpeting about in a porcelain factory.

As a side note, this was observed as early as 2006, when the protests against the (first) raid against The Pirate Bay had signs saying “give us back our servers, or we’ll take your fax machine”.

Going back to the question how lawmakers would react if their phonecalls were published, they would probably press charges for wiretapping, revealing that they just created two laws that are completely in conflict with each other, and highlighting what we’ve already concluded: the expectation of privacy comes from making a phonecall, and not from a deep understanding about how that phonecall is going to be transmitted at the technical level – whether it’s routed through the expensive telco SS7 networks (not okay to eavesdrop) or the inexpensive TCP/IP networks (okay to eavesdrop, modify, and sell, now).

This is where we’re getting to the heart of the issue: Lawmakers don’t understand Analog Equivalent Rights.

They don’t understand that it’s completely reasonable for our children to have at least the same minimum of civil liberties as our parents had, as it translates to their everyday environment. This obviously includes an expectation of privacy when holding a private conversation, regardless of the transmission technology used under the hood.

Privacy remains your own responsibility.

Syndicated Article
This article has previously appeared at Private Internet Access.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!