Rick Falkvinge

Prenumerera på innehåll Falkvinge on Liberty
Webbadress: https://falkvinge.net
Uppdaterad: 51 min 57 sek sedan

Paywalls drive mass surveillance and give the NSA the advantage

17 november, 2017 - 19:00

Copyright Monopoly: Putting network specifications behind subscription paywalls gives the NSA and other surveillance agencies a decisive advantage against the freedom of the Internet. That is the inescapable conclusion of the recent KRACK vulnerability.

There’s been a lot of debate about paywalls lately – not the least about whether so-called “journalism” of mainstream media is supposed to survive, as it consumes much more resources than the amateurs who are often (but not always) doing a better job at actual journalism. However, paywalls are controversial in more contexts than just mainstream legacy media – they’re also highly controversial with Elsevier’s lockup of research papers (more in piece on this a little later), locking up building codes and similar that laws refer to (do you need to pay to read the law?), and for technical specifications that concern security.

In short, there has never been a better case to be made for the old slogan that “information wants to be free”. That’s free as in flight, as in uncaged, as in unrestricted; not the twisted typical commercial “free” which means something more like “have-our-great-offer-completely-free just-pay-this-small-sum-first some-restrictions-apply not-valid-or-legal-in-all-states”.

In the case of the KRACK vulnerability, which was based on an IEEE standard locked up behind a corporate-level subscription paywall, we can trivially observe two things:

1) Ordinary open source coders did not see the specification, because of the paywall, and therefore did not discover the vulnerability in it.

2) For surveillance agencies like the NSA, who have unlimited budget for all intents and purposes, paywalls do not exist. (In the rare case where they can’t or don’t want to pay, they can walk in and take the documents anyway.)

As a result, the NSA and other surveillance agencies had ready access to the KRACK vulnerability for 13 years, which is how long it had been sitting behind that IEEE paywall in plain-but-commercial sight.

Therefore, from this one clear example and the logic it highlights, we can observe that paywalls drive mass surveillance, as they are tilting the playing field heavily in the favor of the surveillance agencies.

Privacy remains your own responsibility.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

What if new Google management decided that a search should cost $20, take eight hours, and be deliberately unreliable? (Bitcoin.)

17 november, 2017 - 08:04

Bitcoin: Toy with the following idea: with people used to Google searches having been free, instant and reliable for years, a new Google management decides that a “price market” should develop for searches, with Google prices suddenly costing upwards of 20 dollars, taking hours to complete, and being notoriously unreliable. Does this sound like a good scenario? Does this sound like a recipe for winning? It’s what has happened to Bitcoin — the old bitcoin — under the new management of Blockstream (who keep insisting, against all evidence to the contrary, that they’re not “in charge” of bitcoin).

Nobody I know shows off bitcoin (Bitcoin Legacy) to their friends anymore. It’s painfully embarrassing. Nobody I know uses bitcoin for anything anymore, for the reason that transactions take hours to complete, cost upward of $20 (my last two transactions cost $30 and $70, respectively), and have been made unreliable by design, through something called RBF.

When I got into bitcoin in 2011, transactions were free, reliable, and instant. Not free as in “very cheap”, but actually free. The vast majority of transactions did not pay a transaction fee, and this was also Satoshi Nakamoto’s original intention, according to email archives. It makes sense: you want to be able to write code that optimizes your money across addresses and databases without paying a lot of transaction fees in the process just for moving your own data around. It was extremely useful, it was amazingly cool to show off

Around 2014, a couple of people hijacked Bitcoin, for all intents and purposes, stripped the original known coder (Gavin Andresen) of his coding access privileges, and set out in a new direction. Bitcoin transactions should cost money, they decided, a lot of money, because the network wasn’t sustainable otherwise (nevermind that it had worked just fine up until that point with subcent optional transactions, and was planned to do so for another 140 years). The company was called Blockstream, and they were met with such fierce opposition from the community, they literally had to start deleting every post off the bitcoin forums (bitcointalk, Reddit’s /r/bitcoin, and the mailing list) that challenged the narrative that it was utterly moronic to deliberately congest the network to make it slow, unreliable, and expensive.

Yes, it just so happened that the people who formed this Blockstream company also were the ones controlling all the discussion platforms. Slowly, over years of influx of new users, people would only see Blockstream’s message of how good it is that transactions are expensive, slow, and unreliable.

It was around this point that new forums, such as bitcoin.com and Reddit’s /r/btc, slowly started to pop up and get attention — become a refuge, of sorts.

But the Blockstream fanboys were undeterred. “Look at how bitcoin rises in value!”, they would say. “Who cares about transaction fees! It’s a store of value, because the price goes up!” (This narrative also completely ignores what a economic store of value is, nota bene: it’s a predictable stable store.)

This, of course, is the equivalent of “Who cares about if Google is the slightest bit useful under the new management! Who cares if anybody uses Google anymore! Look how the stock keeps going up!”

The Blockstream fanboys would further point at bitcoin’s new uselessness as a sign of its success, believe it or not, drawing the analogy “nobody goes to that restaurant anymore, because it’s too crowded”, with the subtext that a crowded restaurant must be successful. But this is not success; this is utter failure to scale exponentially when you’re an Internet startup, and it spells dooooooooooom.

And so here we are in 2017, with a bitcoin that nobody I know uses for anything practical (last time I used it for something was about six weeks ago, when I bought a burger with bitcoin, which cost me about $2.50 in transaction fees, just as much as the burger itself; at least I didn’t have to wait eight to ten hours for the burger). What’s new on the scene in 2017 is something called a US Dollar Tether.

You see, you can’t buy big quantities of bitcoin — which is more or less “Blockstream stock” at this point — directly, not in amounts of millions of US Dollars. So this thing called Tether popped up, where a company named Tether claimed to issue US Dollar Tether, where one Tether was supposed to be good for exactly one US dollar. Today, the bitcoin price (the price of something that is unreliable, slow, and expensive, and which nobody uses anymore for anything remotely practical) isn’t driven up by people buying it for US Dollars anymore, but by institutions buying it for large amounts of Tether, which is “kind-of-dollars-but-not-really-but-we-still-pretend-so”.

The company Tether insists that they have backing; every Tether has a US Dollar backing it. There has been no proof to this. There have just been regular conjurings-up of new batches of ten, twenty, thirty million Tethers — not US Dollars, but Tethers — that are spent pushing up the bitcoin price as though the Tethers were dollars, and this happens basically every time the Blockstream PR machine happens to need a little boost. Maybe the Tethers are backed by dollars on a one-to-one ratio, as is asserted and refused to be proven. Maybe they aren’t. Sure as hell doesn’t look like they are.

This whole story reeks of a lot of people going to a lot of prison in a few years.

As to the people innocently claiming that it’s “cheap” with a $1 or $20 transaction fee to store data in the precious secure blockchain, I have this to say: get the fuck out of business, because you don’t have a clue as to how it works. If you’re deliberately saying that you have “costs that deserve to be met”, when there’s Google who offers people to search the entirety of humanity’s documents in milliseconds for free, you’re so mediocre you should sit down and bow your head in shame. Are your costs higher than the cost of searching the entirety of humanity’s documentation? In milliseconds? No? No they’re not. It’s you who suck at business. You’re so mediocre you’re not just hurting yourself but people around you, too. Get out.

Bitcoin needs to get back to instant, free, and reliable transactions.

Not “cheap”. Most of the transactions need to be free. All other dotcoms can do it, and therefore, bitcoin can too.

I remember the bitcoin I fell in love with in 2011. I remember the very few times a popup showed up when I tried to send money, saying “this particular transaction requires a fee”, as in requires a fee at all. It was a really rare event that this dialog showed up. The suggested fee would always be a sub-cent amount.

This is the promise of Bitcoin Cash, the bitcoin fork of August of this year. It’s about bitcoin being useful again. It’s about unwinding this idiotic bullshit new Google management that says it’s good if searches cost $20, are unreliable, and take eight to ten hours to complete, because it isn’t good, and I’m appalled that I have to write that out in cleartext to all the Blockstream fanboys insisting otherwise.

The promise of Bitcoin Cash is to bring transactions back to being instant, almost free, and reliable. To really succeed, it has to rewind a little further still — it needs the vast majority of transactions to be actually free, like the vast majority of Google searches are. But I have hope we’ll get there, too.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

A suggested definition for “Bitcoin to the Moon”

3 november, 2017 - 22:52

Bitcoin: “Bitcoin to the Moon” has long been a common saying, but nobody knows what it really means. I propose it is time to define “bitcoin to the Moon” to mean the most literal interpretation possible.

In the bitcoin community — and I mean that in the most inclusive sense, in all communities that call themselves the bitcoin community, regardless of whether they are the Judean People’s Front or the People’s Front of Judea — there is a saying of “bitcoin to the moon”, meaning it will rise above the normally-scaled financial charts so high it will touch the moon.

With bitcoin starting out at $0.10 or so and now, with all forks included, approaching $10,000, people are starting to ask exactly what “the moon” is, seeing how bitcoin as an asset (and crypto in general) defies all previous investments and asset classes. Have we reached the Moon already? What value is it, precisely? What number value lies beyond the Moon? There is no hard definition of this.

A friend of mine on Facebook suggested in a comment on a post, half-jokingly, that the measure could be literal.

I suggest we make it so.

I suggest that we make “Bitcoin to the Moon” mean just that in the most literal sense possible. “Bitcoin to the Moon” is the point in time, when one bitcoin will buy you a return ticket to and from the moon as a tourist. Give this another ten years of SpaceX and bitcoin development in parallel, and this is not inconceivable at all.

It is exciting to live in the future, isn’t it?

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

The recent catastrophic Wi-Fi vulnerability was in plain sight for 13 years behind a corporate paywall

29 oktober, 2017 - 19:00

Global: The recent Wi-Fi “KRACK” vulnerability, which allowed anyone to get onto a secure network (and which was quickly patched by reputable vendors), had been in plain sight behind a corporate-level paywall for 13 years. This raises a number of relevant, interesting, and uncomfortable questions.

When last week’s KRACK wi-fi vulnerabity hit, I saw a series of tweets from Emin Gür Sirer, who’s mostly tweeting on bitcoin topics but seemed to know something many didn’t about this particular Wi-Fi vulnerability: it had been in plain sight, but behind paywalls with corporate level fees, for thirteen years. That’s how long it took open source to catch up with the destructiveness of a paywall.

In this case, close scrutiny of the protocol would have (and in fact, did) uncovered the nonce reuse issues, but didn't happen for 13 years.

— Emin Gün Sirer (@el33th4xor) October 16, 2017

Apparently, WPA2 was based on IEEE standards, which are locked up behind subscription fees that are so steep that open source activists and coders are just locked out from looking at them. This, in turn, meant that this vulnerability was in plain sight for anybody who could afford to look at it for almost a decade and a half. There are so many issues and followup questions on this, it deserves at least two more articles on the same topic, just for headlines to cover one important point at a time (yes, that’s necessary today).

This also means that one of two things were true: one, those who could afford to look at it didn’t bother to look at it, or two, those who would bother to look at it and understand it couldn’t afford to do so. Both are problematic. (There’s also a third option, even more problematic, below – when an actor who can both afford and understand it keeps the research to themselves as a zero-day sploit.)

The first obvious point is that security doesn’t work if it’s not out in the open. If this wasn’t the final nail in the coffin for security through obscurity – where paywalls are definitely included in the obscurity concept – then I don’t know what would be.

The second point is that this isn’t the only standard we rely on for security that is based on locked-up evidence of security. As has been shown, it may be that each component of the security stack passed its unit test, but the integration tests clearly were insufficient. In other words, it doesn’t matter if all proofs of security come out right, if you’re not sure you’ve proven the whole system to be secure (as opposed to just individual pieces of it). We can expect several more severe vulnerabilities to be in plain sight behind corporate paywalls.

The third point, which is going to be expanded in the first followup article, is that while ordinary activists and coders were locked out of reviewing these documents, the NSA and the like had no shortage of budget to pay for subscriptions to these specifications. Thus, the IEEE’s paywall was lopsiding the security field toward mass surveillance, away from security.

The fourth point, which also merits expansion, is that if something as severe as this was unread for thirteen years because it was behind a paywall — what does that say about legacy media’s current infatuation with paywalls to protect their “genuine journalism”?

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

Pirates enter another parliament: Congratulations to the Czech Pirate Party!

21 oktober, 2017 - 15:51

Czech Republic: The Czech Pirate Party is entering Parliament at an estimated 9.7% with half the votes counted. The Czech pirates have fought long and hard, and overcome frustrating setbacks like missing the parliamentary threshold by just 0.2% in the last election. Congratulations to Ivan Bartoš, Mikuláš Ferjenčík, Jakub Michálek, and the entire Czech team!

The Czech Pirate Party is the fourth to reach a national or federal parliament, after Sweden, Germany, and Iceland. The party leader, Ivan Bartoš, has been hanging in there for as far back as I can remember the movement – I can’t recall if we first met at the international meeting in Friedrichshafen in 2011 or in Prague in 2012. I’ve met with numerous other passionate Czech pirates over the years, whose hard work finally paid off in the elections closing today.

This is the ninth election for the Czech Pirates, who have been doing well in some local elections earlier, and even have a Pirate Mayor in the city of Mariánské Lázně. However, this is the Czech Pirates’ first entry into legislation on a nationwide poll, and as it stands with half the votes counted, it seems Europe and the Czech Republic is about to gain just-over-fifteen new pirate legislators.

Some media will probably focus on the fact that another dark horse came out of nowhere and got about 30% of the votes in this Czech election, but make no mistake, the Pirates are in this for the long game and is the bigger difference in this election. (Disclaimer: The names I mention here are just people I happen to have met personally.) Go, go, go!

Congratulations to the entire Czech team on your hard work and huge success — and for some, your new job!

The photo is from this election campaign video.

UPDATE 1: The final score appears to be close to 10.79%, which makes the Czech Pirates the third largest party, ahead of such parties as the Social Democrats (7.27%), Christian Democratic Union (5.80%), and Greens (1.46%). It also means the Pirates are getting a full 22 seats, tentatively indicating that all fourteen districts’ list-toppers and some of the list-seconds have a new job. At this time (20:07 on Saturday), the list of new MPs is not yet presented by the Czech Election Authority.

It is noteworthy that the Czech Pirates scored a full 17.59% in Prague, the capital.

UPDATE 2 – these are the 22 elected Pirates in the Czech Parliament, in order of the applied D’Hondt election logic:

Dana Balcarová, Lukáš Bartoň, Ivan Bartoš, Lukáš Černohorský, František Elfmark, Mikuláš Ferjenčík, Radek Holomčík, Martin Jiránek, Lukáš Kolářík, František Kopřiva, Lenka Kozlová, Jan Lipavský, Tomáš Martínek, Jakub Michálek, Mikuláš Peksa, Vojtěch Pikal, Ondřej Polanský, Jan Pošvář, Ondřej Profant, Olga Richterová, Petr Třešňák, and Tomáš Vymazal. Congratulations again!

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

British government announces 15 years in prison for reading banned literature

20 oktober, 2017 - 19:00

Repression: British lawmakers have announced 15 years in prison for taking part of banned literature. However, the threat of prison only covers new story formats that lawmakers think don’t deserve the same kind of protection as old-fashioned books: it’s only people who watch video on the Internet who will be put in prison, and only when they watch something that promotes terrorism, whatever that means this week.

The BBC reports that people reading banned books will face 15 years in prison.

Except, it’s not books; were it books, lawmakers would understand the value of open debate and art, and would never dream of putting people in prison for reading. No, it’s the new “moving pictures” format, video, which British lawmakers have learned from experts that it’s only used for violence-promoting dangers-to-society like the Texas Chainsaw Massacre.

And it’s not just in the violence-glorifying video format, it’s also on the horrible Internet, which British lawmakers have learned can’t be any good; at best the Internet is a luxury that can be taken away from citizens when they’ve been misbehaving.

So the title of this story is a little off: it’s not honorable books that are being banned, it’s this horrible thing called the Internet and the worst of the worst, video on the Internet, and only when it promotes terrorism, which is basically anything a government doesn’t like on a particular Wednesday afternoon.

This, again, shows why we need to think in terms of Analog Equivalent Rights: the notion that our children must have the same rights in their digital environment, as our parents had in their analog environment. Correction: our children should have at least the same rights. This shouldn’t even be controversial.

Lawmakers would never dream of banning books, any books, much less put people in prison for reading one. They understand what a book is, they’ve seen what happens to societies that ban and burn books, they grew up with stories (books!) about dystopias where you could go to prison for reading the wrong book.

It is obvious to the net generation that reading text on the Internet is no different from reading a book.

It is obvious to people born after 1970 that watching video can be just as educational as reading, be it current affairs debate, formal education, political commentary, or anything else; it is no different education-wise than reading a book.

Therefore, putting people in prison for watching video on the Internet is conceptually no different from putting people in prison for reading a book the government doesn’t like. But the offline-born politicians don’t understand this, and are putting society as a whole at risk through digital book burning.

As to the government’s definition of terrorism, it has lost all meaning: remember that a peaceful protests are formally classified as “Low-level terrorism” in government training material. Yes, that’s a peaceful assembly to petition a grievance about policy, exactly that is considered terrorism. That’s why new special police units handle both — kind of like in those old stories, where police were dispatched for your protection if you read the wrong book.

As for viewing actual “terror content”, like bomb-making instructions — such instructions can be found in any high school chemistry book, if one were to look for the word “exothermic reaction”, which you learn to calculate with precision early in high school chemistry.

Privacy and freedom of speech remain your own responsibility.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

Reminder: In government training material, “terrorism” includes peacefully disagreeing with administration policy in public

16 oktober, 2017 - 21:00

Global: Governments are still using “terrorism” as a scareword to get any insane law passed – like Britain’s digital book-burning law. But with its other hand, those same governments are expanding the definition of terrorism way beyond what the public could possibly imagine: the government’s own training material says that peaceful street protests in disagreement with administration policies are examples of terrorism.

“Terrorism” is still a fnord. If you look up the word “fnord” in a somewhat modern lexicon, you’ll come across an explanation that says it’s a word, any word, that makes people break out in a fearful sweat everytime it’s mentioned on the news and agree to any insane laws. “Communism” filled the same role in the early 1950s in the United States, and it’s an actual studied phenomenon in manipulation of public opinion.

Fnord.

When we hear a fnord, like Terrorism (or Communism), we’re supposed to fill in the blanks with our most fearful images, regardless of what the word actually means. When the British Home Secretary says people will be imprisoned for fifteen years for “repeatedly watching terrorist material”, we’re supposed to interpret that as Middle Eastern jihadists promoting cutting people’s heads off with a dull knife for being too happy, or something equally reprehensible.

And so, the public agrees to insane laws that target “terrorism”, all while the government has a completely different definition of what these laws cover.

It is in these moments that is it crucial to remember that street protests are labeled “low-level terrorism” in actual government training material. Yes, you read that right: the word “terrorism”, according to the government, includes peacefully disagreeing in public with administration policies.

Among the multiple-choice questions included in its Level 1 Antiterrorism Awareness training course, the [Department of Defense] asks the following: “Which of the following is an example of low-level terrorist activity?” To answer correctly, the examinee must select “protests.”

Yes, you’re reading this right: watching training material on how to organize a peaceful street demonstration to make a political point falls completely within the definition of what’s punishable by fifteen years in prison according to the new British law. It may not be enforced that way, but it’s still what the law says when connected to the government’s own training material – and so it can be enforced that way, should it prove expedient.

So next time you hear “terrorism”, remember that it includes the flower-haired woman doing the V sign in the middle of a peaceful petition for redress of grievance.

Privacy remains your own responsibility.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

Why does Britain want to put the public in prison for fact-checking claims in the mainstream media?

15 oktober, 2017 - 19:00

Corruption: British Home Secretary Amber Rudd has announced a fifteen-year prison sentence for watching terrorist propaganda, whatever that means this week. There is an exception for academics and journalists with “legitimate reason” to watch the material firsthand. But this also means the general public is going to be banned, under threat of a long prison sentence, from fact-checking such stories in the mainstream media.

In the last post about Britain’s announced law putting people in prison for “repeatedly watching terrorist content”, which amounts to putting people in prison for reading banned literature, there is a catch that deserves particular attention.

There is an exception to the announced law, where you may have a “legitimate reason” to watch such “terrorist content”, and therefore should not have to be in prison for fifteen years for doing so. The announced legislation still doesn’t sound sensible in the slightest, but at least you can detect that somebody with a bit of sense had a small amount of say to mitigate the worst effects of this digital book burning law.

But there’s a catch.

The exception where you may be allowed to watch such material firsthand only applies if you’re an academic or journalist. Only then is it even considered whether you have a “legitimate reason” to view such material, whatever reason the government considers legitimate on a particular day. It is also noteworthy that the definition of “academic” and “journalist” is highly debatable; for example, most governments consider only full-time professional reporters to be journalists, even though serious bloggers — who do not have a boss breathing down on them with pressure to get a story out quickly — can and have produced higher quality stories than your average paid reporter.

However, for the general public, there is never a right to view the material firsthand. This also means there is never a right for the public to verify claims made by academics or journalists by checking against their firsthand sources, even though these sources are as available to the public today as they are to journalists.

Let’s take that again, because this is the consequence of these laws: the general public will be put in prison for fifteen years for verifying claims made by the mainstream media, by checking the claims against the primary sources.

This leads us to the inescapable question:

Why does Britain want to put the public in prison for verifying claims made in the mainstream media?

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

Big Canadian ISP is actually asking the Canadian Government for Internet censorship

11 oktober, 2017 - 19:00

Uncategorized: Bell Canada, one of Canada’s major ISPs, is requesting the Canadian government to create a governmental censorship regime, blacklisting resources that Canadians shall not be reading. According to Bell Canada, this is necessary to “prevent people from leaving regulated television and turning to piracy instead”. It is not explained how leaving the regulated TV system, or forcing new services onto the market by turning to unlicensed distribution, is a bad thing in itself.

Bell Canada, one of Canada’s major ISPs, is outright requesting the Canadian government to give them a blacklist of resources that its citizens shall not be allowed to read — a textbook example of governmental censorship. It is doing this in the “fight against piracy”, without realizing that the so-called cure may be many times worse than the problem.

Several ISPs have come under fire by the copyright industry in the past decade for not voluntarily preventing access to sites that allow people to manufacture their own copies of music, movies, and games outside of the licensed distribution channels, sites such as The Pirate Bay. Even though such constant barrage is a bother to ISPs, it is fundamentally of little difference from people who are annoyed by politics they don’t agree with, and react with trying to de-platform their opponents instead of improving their own message, just like the copyright industry appears hellbent on preventing the present time from occurring instead of offering a service people want to buy.

In this, it is understandable if a company tries to take an easy way out and ask the government for some sort of authoritarian list of what’s allowed and what isn’t, essentially in an attempt to get the copyright industry to stop bothering them. But understandable in this context should not be confused with excusable, for two reasons:

First, censorship is never the answer to anything, and in particular not to people manufacturing their own copies, because it is overreaching, ineffective, and counterproductive; and second, because we know the copyright industry will never stop asking for more: they discovered in 1905 that throwing constant tantrums simply works, and have done so ever since. (In 1905, the tantrum was against the self-playing piano, which was supposed to be “an end to a vivid, songful humanity”.)

In particular, it is quite noteworthy that Bell Canada is asking for censorship to prevent people leaving scheduled television programming:

“People are actually leaving the regulated [TV] system, not just because they want to watch Netflix but because they want to watch free content,” Rob Malcolmson, Bell’s senior VP of regulatory affairs, told federal politicians last week. He was speaking at a government hearing in Ottawa on NAFTA negotiations. — Canadian Broadcasting Corporation

In summary, this is wrong on basically every conceivable level.

It is utterly horrifying to see an Internet Service Provider, which is supposed to be the last line of defense for free speech and information, actually outright demanding governmental censorship — and this for something as fickle as people having grown tired of scheduled television programming once they discover they don’t need to watch passive entertainment on somebody else’s schedule anymore.

Privacy remains your own responsibility — as does your Freedoms of Speech and Information, in the face of events like these.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

Why shouldn’t copyright monopoly law apply on the Internet?

2 oktober, 2017 - 19:00

Copyright Monopoly: Every so often, you hear copyright industry lobbyists ask “why copyright law shouldn’t apply on the Internet”, suggesting that the Internet is a lawless land with regard to people sharing what they like. They have a point, but not the point they think: Our laws have checks and balances that prevent enforcement against sharing culture and knowledge in the offline world, and there’s no reason why these check-and-balance laws shouldn’t apply online too.

Every so often, you will hear people from the copyright industry pull the cliché, “why shouldn’t copyright law apply on the Internet!?”, with the understanding that laws apply everywhere in society, and so obviously copyright law should apply on the Internet too.

This question is misleading and false. If the offline laws applied fully online, which they don’t, then copyright law could not be enforced at all against ordinary file sharers — and that would be a good thing.

In the offline world, there are many laws that provide checks and balances against each other. It’s important that these checks and balances carry over to the digital world, and today, they don’t — the checks and balances haven’t been carried over at all.

For example, you’re technically not allowed to send a copy of some creative work under copyright monopoly in the mail — but nobody is allowed to open your mail to check if you did. You’re not allowed to play a song to your friend in a phonecall (yes, really), but nobody is allowed to listen in to your phonecall to determine if you do.

In this way, the copyright industry executives have a point; the offline laws regarding copyright don’t fully apply online. If they did, no file sharing would ever be punished, ever, because privacy is considered more important than noncommercial copyright infringement in the offline law book.

In our transition to digital, very important liberties have been lost — such as the important right to send a private letter.

Our children can still send an analog letter the way our parents did, but they don’t have nearly the same rights when performing the equivalent action in their digital environment — and there’s really no reason for that other than copyright industry lobbying. (I predict that’s going to be regarded as one of the greatest failures of our generation: our failure to carry the civil liberties of our parents over to our children.)

Let’s take a look at the analog letter. It has a couple of properties we associate with proper law and order: it is untracked, it is anonymous (or can be, that’s entirely up to the sender), the carrying courier has immunity from liability, and it is never opened in transit (except in the case of prior individual suspicion of a serious crime — note the words prior, individual, and serious).

This letter can even contain a copy of something: sheet music, a poem, something that makes sending the letter a copyright infringement. It would not matter, and precisely that is the point — the rights above would still apply: the letter would still be untracked, anonymous, unopened, carried without liability. It would still reach its recipient unopened and untracked.

This is what we call Analog Equivalent Rights — the idea that a civil liberty that existed in the analog world should also exist in the digital world, in its equivalent action, completely regardless of whether that means somebody needs to make money in a different way, or not at all. It isn’t rocket science. It should not even be controversial to say that our children should have at least the same amount of civil liberties in their environment as our parents had in theirs.

In other words, privacy law completely trumps copyright law offline, as far as private noncommercial copies are concerned, and there’s no reason it should not do so online as well. The laws should apply online exactly as they do offline.

So the next time you hear this argument, respond with a “yes, all the laws should apply on the Internet. Especially the laws that say we can send an anonymous package to somebody with a copied film or cassette, without the letter being opened in transit, the courier being responsible for carrying the package, or the letter being traced to its sender — even if it is a copyright infringement. That’s what the laws look like outside of the Internet, and there’s absolutely no reason they shouldn’t apply on the Internet as well!”.

They will typically respond something like, “But then we can’t make money!”, or possibly with some nonsense like “then the artists won’t create”. It doesn’t matter.

At that point it’s just a matter of driving the point home; “A business exists for the purpose of making money within existing laws. If you can’t do so, you don’t get to dismantle civil liberties just because you don’t know how to run a business.”

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

With the World Wide Web Consortium captured by the copyright industry, who will step up to lead web development next?

27 september, 2017 - 19:00

The World Wide Web Consortium (W3C), which used to develop standards for the Web, has been captured by the copyright industry. In a doubly controversial vote, the W3C decided that media companies and not the user should be in control, ending their longstanding commitment to openness and the Internet’s core values. The open question is what new body web developers will choose to follow for future generations of standards.

This week, the World Wide Web Consortium (W3C) formally adopted Digital Restriction Measures (DRM) as part of the Web, thereby ending a policy of “the user is in control of their experience” and replacing it with “the copyright industry is in control”. The standard in question is called EME — Encrypted Media Extensions — and was pushed by all the pre-internet giants with vested pre-internet interests and Netflix.

Why is this bad? For all the reasons.

The W3C is — was — the body that defined standards for the World Wide Web, which browser developers implemented in turn into web browsers like Firefox, Chromium, Opera, and Safari. Having a third party publish the standards meant that no one browser team is in charge of standards development at the same time as they are making a browser, thereby encouraging interoperability between different browsers.

Now, having Digital Restriction Measures (DRM) as part of the Web means a number of very bad things, both principal, technical, and legal. First and foremost, on the principle level, the control of the experience has always been with the user. You don’t like a particular website’s color scheme? Turn it off. You don’t like ads? Turn them off. You’re blind? Have the page read out loud to you instead of displayed. The page scripts are annoying? Disable their scripts. The notion that the information is served, complete with a suggested layout, but with yourself as final arbiter as to how the website is allowed to show on your screen, has always been front row center to the development of the Web. Until this week, that is.

It’s important to realize that this encryption is not to the benefit of the user, like https is, but to the benefit of the copyright industry. In Cory Doctorow’s words, when somebody gives you a locked piece of data without the key, that lock is never there for your benefit.

From a technical perspective, this means that attacks delivered over the web — which are most of them today — can now be delivered in a standardized encrypted format, which means virus and malware checkers can’t intercept and prevent infection the way they can today.

From a legal perspective, it’s even worse, because it’s now illegal to research and prevent such attacks that are delivered over a channel protected by Digital Restriction Measures (DRM) in some of the biggest economies, like the United States and Europe. All other related research that seeks to circumvent the copyright industry’s control to the benefit of the user is also illegal, like providing accessibility to blind people (no, the standards don’t require it).

So why all this fuss just for a delivery channel of movies, in practice, which everybody gets from their favorite “unofficial sources” anyway?

Because there’s nothing limiting this delivery channel to just a movie. In theory, the entire web experience could be encrypted using new layers of technology. Yes, that includes mandatory advertising. Mandatory. Advertising. Yes, on your screen. The principal shift here, to put the media companies in control instead of the user, is the most important one with far-reaching ramifications.

When the RIAA calls a decision “a victory for common sense”, you know you’ve got it exactly wrong, W3C. — John Sullivan, FSF

This happened in a doubly controversial vote. Doubly because first, up until today, standards were never decided by vote, but by consensus, a threshold quite far above simple majority; and second, the vote passed by a mere 58%.

To quote John Sullivan, director of the Free Software Foundation, who tweeted at the W3C: “When the RIAA calls a decision ‘a victory for common sense’, you know you’ve got it exactly wrong, W3C.”

This is a textbook example of Regulatory Capture, this which just happened. The W3C was captured by the copyright industry.

Regulatory Capture is a term describing a form of government failure that occurs when a regulatory agency, created to act in the public interest, instead advances the commercial or political concerns of special interest groups that dominate the industry or sector it is charged with regulating. When regulatory capture occurs, the interests of firms or political groups are prioritized over the interests of the public, leading to a net loss to society as a whole. Government agencies suffering regulatory capture are called “captured agencies”. (Quote from Wikipedia.)

Seeing this regulatory capture firsthand, taking place against its formal objections, the Electronic Frontier Foundation immediately resigned from the World Wide Web Consortium.

The concept of regulatory capture is not an easy nut to crack. During the drafting of the U.S. Constitution, the Founding Fathers complained about this problem, which they called factions, and discussed how they could prevent the capture of regulatory bodies by those who would be regulated by it. In the end, it was one of the problems the Founding Fathers didn’t solve in creating the United States of America, and so it remains unsolved.

Except maybe not in this case, because the W3C has no formal authority. Its recommendations are — were — followed only based on trust in having done the right thing up until this week. It was a leader in the truest sense; somebody who others voluntarily chose to take advice from. The W3C was a standards body, but nobody is coerced into following their standards.

Therefore, the field is now open for a new publisher of web standards, one that doesn’t bend the knee to the copyright industry, and more importantly, a standards body that continues to put the user in control of their own computer and experience.

For once the developers see where the path goes when you put the copyright industry in charge of the experience, they will balk at that and do something else.

Failing that, there’s the next level of safety valve, the users themselves, which are likely to reject such an experience and lack of control altogether — just remember how Adblock started out as a niche plugin for Firefox, then gradually spread to a plugin for all browsers, and are now working its way into the mainline browser distributions. When many enough users say that they’ve had enough of something, that also counts for something.

In any case, the field is now open for somebody to step up to the plate and take charge of the future of web standards, with users front row center where they belong. The EFF themselves, perhaps?

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

Call to Action: Write to the European Parliament’s Legal Affairs Committee on the upcoming copyright vote

24 september, 2017 - 20:00

Activism: On October 10, an important committee in the European Parliament will vote on future copyright law. It hangs in the balance, and ordinary people like you and I contacting Members of the European Parliament can really make a difference, like you’ll remember we did with ACTA five years ago and won. You don’t have to contact your representative; such a thing only exists in the US and UK. Rather, you should write a friendly mail to all of them.

The European Union is revising copyright legislation.

As usual, the copyright industry — indeed the entire Industrial Protectionism (IP) industry — has managed to get all sorts of absurd things into the future of copyright law. Even if you don’t live in Europe, this concerns you, for a harshening in these monopolies in a major economy tends to be contagious to other places in the world. The European Parliament will vote some time in the coming year, but the next and important vote is on October 10 in the Legal Affairs committee, JURI, which is responsible for matters such as these.

At the same time, there are some good proposals in the mix, put there by people of the net generation among the Members of the European Parliament (MEPs).

Christian Engström, MEP 2009-2014, writes: “The outcome of the votes in JURI [Legal Affairs committee] hangs in the balance, and several important issues are too close to call. If there are enough emails from ordinary citizens that demonstrate that there are people out there who care, we have a good chance of achieving at least some improvements to copyright. But if nobody shows an interest, there is an overwhelming risk that the copyright lobby will win, and will introduce further restrictions and even more absurdities into copyright on the internet. Right now, you as an individual can make an actual and real difference.”

There are two really bad proposals: a mandatory upload filtering, effectively censorship, and a link tax which makes it impossible to link to oldmedia articles (articles 13 and 11).

At the same time, there are also three really good proposals: mandatory freedom of panorama (nobody can own a view), freedom to remix, and freedom to datamine for everybody.

Read more over at Christian Engström, who has links in turn about what these different proposals mean, and pick one or two subjects you’re passionate about. Then, write to JURI, the Legal Affairs committee: this mailing (“mailto”) link will create a mail to all 46 delegates of JURI for you, where you can express your points.

As Christian writes: be polite, be your own words, and be brief like a Facebook comment where you make a point.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

Your phone can now be turned into an ultrasound sonar tracker against you and others

22 september, 2017 - 19:00

Global: New research shows how a mobile phone can be turned into a passive indoor ultrasound sonar, locating people with high precision indoors using multi-target echolocation, and is even able to discern a rough selection of activities. It does this by overlaying imperceptible ultrasound sonar pings into played-back music, measuring the reflections coming back to the phone’s microphone. The privacy implications are staggering.

By emitting inaudible ultrasound pings as part of normal music playback, a phone can be turned into a passive sonar device, researchers from the University of Washington show in a new paper. It can track multiple individuals at an indoor precision of 8 centimeters (3 inches), and detect different types of activity by the people in its detection zone — even through barriers, all using a normal smartphone.

People with military technology background will recognize this as next-generation passive covert radar systems, radar systems which don’t transmit, but which detect objects in the sky from changes to reflection patterns from everpresent civilian transmitters such as radio and TV towers. The primary advantage of passive covert radars is that they can’t be detected, as they only contain very sensitive receivers, no transmitters. This phone research appear to be using the same kind of technology, except it is also used as a transmitter of ultrasound pings; however, it would be trivial to separate the transmitter of pings from the receiver of the reflected patterns.

“We achieve this by transforming a smartphone into an active sonar system that emits a combination of a sonar pulse and music and listens to the reflections off of humans in the environment. Our implementation, CovertBand, monitors minute changes to these reflections to track multiple people concurrently and to recognize different types of motion, leaking information about where people are in addition to what they may be doing.”

The researchers are straightforward about the privacy threat that this technology poses: “There are privacy leaks possible with today’s devices that go beyond the ability to simply record conversations in the home. For example, what if an attacker could remotely co-opt your television to track you as you move around, without you knowing? Further, what if that attacker could figure out what you were doing in addition to where you were? Could they even figure out if you were doing something with another person?”

The researchers have tested five different indoor environment and over thirty different moving individuals, and show that even under ideal conditions, the people typically could not detect the tracking.

“We evaluated CovertBand by running experiments in five homes in the Seattle area, showing that we can localize both single and multiple individuals through barriers. These tests show CovertBand can track walking subjects with a mean tracking error of 18 cm and subjects moving at a fixed position with an accuracy of 8 cm at up to 6 m in line-of-sight and 3 m through barriers.”

It’s conceivable that malicious apps with access to the speakers and microphone will be able to use this. It’s also conceivable that apps already are. Among many smartphone devices, the researchers also implemented their CovertBand demonstrator on a 42-inch SHARP television set.

“Even in ideal scenarios, listeners were unlikely to detect a CovertBand attack.”

Your privacy remains your own responsibility.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

Hardware maker: Give up your privacy and let us record what you say in your home, or we’ll destroy your property

30 augusti, 2017 - 19:00

Privacy: Hardware maker Sonos has a new privacy policy, and is telling users that unless they agree to it, their devices may cease to function entirely. Of course, since people bought these objects, they’re those people’s property. And since Sonos is taking an action that they know will break these devices, Sonos is effectively saying they’ll willfully destroy your property unless you comply and give up your privacy. This is a new low.

Sonos is a high-end sound system maker, famous for being the first brand to have synchronized music in different rooms with an off-the-shelf device system. This week, they announced a new privacy policy, where they say they’ll be collecting a lot of data about you, including listening in to your room and (in a roundabout way) recording it. People were justifiably quite upset. It is in response to this community reaction that Sonos does the unforgivable: Sonos states that if people don’t accept “the new privacy policy” — meaning give up their privacy in their own home completely — Sonos is going to willfully destroy those people’s property.

“The customer can choose to acknowledge the policy, or can accept that over time their product may cease to function,” the Sonos spokesperson said, specifically.

Sonos is particularly sneaky about the part where they record sound. They say in their blog post that they “don’t keep the recordings” of sound recorded in your home, with the new Voice Assistant. However, they point out that they share their collected data with a large number of parties, the services of which you have “requested or authorized” — where people tend to read “requested”, but where “authorized” is the large part. Further, they point out that they share recorded sound with Amazon under all circumstances, and Amazon is already known to keep recordings for later use by authorities or others, so the point is kind of moot. “We don’t keep the recordings, we let others do it for us” would be a more straightforward wording.

As ZDNet notes, the community’s reaction has been quite hostile to the manufacturer who threatens to destroy their property, and not without justification.

For my personal purchasing choices, behaving like this is enough to get on my blacklist of manufacturers, just like when Sony willfully infected its customers with rootkit malware in 2005, and Sony made it onto my blacklist. (It’s a high bar to get there, and still, hardware makers keep inventing new audacious ways to clear that bar.)

Syndicated Article
This article was previously published at Private Internet Access.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!

IMSI Catching: Phone surveillance measures and countermeasures go mainstream

29 augusti, 2017 - 19:00

Activism: The German newspaper Die Zeit has a long feature this week about IMSI catchers and their countermeasures, words that were long heard only in countersurveillance cultures at Black Hat and Defcon. Observing this phenomenon make the jump from the obscure to the mainstream tells us a lot about the years to come: surveillance and countersurveillance will be a cat-and-mouse game for quite some time.

Most people have heard of their IMEI, their phone’s unique identifier. It’s short for International Mobile Equipment Identity, and a lot of people learn how to read this number. Originally, it was produced by typing ×#06# on your phone, a sequence that amazingly still works, but it’s also on the phone receipt, in the menus, and in a number of friendlier places. This is the number you can insure, and this is the number you can report stolen to brick the phone.

A more secretive number is the IMSI, the Subscriber Identity, which identifies not the phone but the SIM card inside the phone. In most parts of the world, you’re expected to buy these separately from the phone, and you can replace the SIM card to change carriers but keep the same phone. In some other parts of the world, where telco carries have exercised regulatory capture and have a dysfunctional market, the SIM is typically card prebaked into the phone, and in these countries, you might never have seen it – but it’s still there, identified by the IMSI.

There are many good technical reasons to keep this number a secret. For example, any reconfiguration instructions sent to the phone from the carrier – so-called Over-the-Air provisioning — must be signed cryptographically with the IMSI of the current SIM card, in order to prevent fraudulent configuration. It’s also the number used when the phone contacts the carrier network, and therefore, anybody intercepting that handshake will see the IMSI.

This is the technology used in so-called IMSI catchers. When there is a large number of people in an area that the regime — police or other forces — want to keep tabs on, they deploy high-powered fake celltowers that the phones connect to, believing that these fake celltowers are their carrier’s. The fake towers then contact the real ones in turn, performing what we call a man-in-the-middle attack, which is just what it sounds like, sitting between the phones and the real cellphone towers.

This is a fairly sophisticated attack, one made by law enforcement in a highly dubious legal area. That’s why it’s really interesting to see mainstream media cover the topic now.

It’s particularly interesting as law enforcement won’t immediately get identities out of this attack — it will merely read which IMSI numbers were in the area at the time of the man-in-the-middle attack. Some of the time, this could conceivably be translated into people’s actual names, by means of subpoenas or similar to the carriers. A lot of the time, it won’t (think anonymous prepaid SIM cards).

While this attack can be used to track an individual’s movements once you have their IMSI — and has been used for this, notably with the American-made Stingray devices — it’s more alarming that law enforcement is increasingly using the attack to keep a catalog over which people, or at least their phones, are present at a certain type of protest.

Die Zeit’s article also covers countermeasures to the IMSI catcher attack, and mentions that while there are numerous apps that detect IMSI catchers, the better ones can only detect about 90% of those attacks.

We can expect this to escalate in the coming years.

Syndicated Article
This article was previously published at Private Internet Access.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Kategorier: Pirates, arr!