I don’t know if I’m really allowed to mention it, but it turned out that my recently-deceased brother worked for MI6 …which puts him in the same company as James Bond, though I was reliably informed he was never a field agent himself. He simply ran agents from a London-based desk… which nevertheless puts the sort of stuff I do in perspective! It was a little surprising to discover just how private he’d kept that part of his life: you think you’d know, especially about your own brother; but he was very careful to ensure we didn’t.
I mention this now because this fact has combined with a few recent and not-so-recent news stories to give me considerable concerns over security matters when it comes to personal computing.
I give you, for example, the Australian Government’s proposal to mandate compulsory filtering of all internet connections, preventing anyone from accessing material which has been “refused classification”. Whilst child pornography quite rightly warrants an “RC” assessment, the plan was also to have prevented anyone from accessing information about voluntary euthanasia, anything someone had complained was racist, or anything to do with the (perfectly legitimate) politicians of the Sex Party. Or any information that promoted any crime -and what constitutes a crime can vary more or less at the government’s pleasure, of course. So this was dangerous legislation with an in-built tendency to be the thin end of a steeply-sloping wedge. Fortunately, the Australian Government has now backed away from this proposal and opted for a much more norrowly child-porn-focussed blacklist produced by Interpol. I still have concerns as to how exactly Interpol -which counts Syria, Zimbabwe and Cuba as members- decide what to go on the blacklist, but at least it’s not subject to one government’s whims or moral panics.
However, the Australian Government is now proposing that ISPs retain data about their customer’s online activities for 2 years. The scope of what data is to be retained is (naturally!) vague: “information about the identity of the sending and receiving parties and related subscriber details, account identifying information collected by the telecommunications carrier or internet service provider to establish the account, and information such as the time and date of the communication, its duration, location and type of communication”… but that sounds pretty broad to me. The idea has yet to be turned into law and maybe never will be, but that’s now twice the Australian Government has proposed to monitor or limit what it is people do online: there’s an authoritarian habit developing there that I don’t like the look of.
Of course, it’s not just Australia. The US Congress were narrowly persuaded that the SOPA and PIPA legislation were unpopular because they seemed to infringe things like freedom of speech, so that bullet was dodged (at least for now). But there will soon be the Centre for Copyright Information: an organisation intended to point ISPs in the direction of file sharers and copyright infringers with a view to, eventually, slowing their Internet connections to a crawl. I wouldn’t mind, in principle, enforcing copyright in a graduated way… but their technology is flakey and has been used to detect a printer committing copyright infringement! As the last bit of this report has it, “Although content providers are increasingly relying on systematic monitoring of P2P networks as a basis for deterring copyright infringement, some currently used methods of identifying infringing users are not conclusive.Through extensive measurement of tens of thousands of BitTorrent swarms and analysis of hundreds of DMCA complaints, we have shown that a malicious user can implicate arbitrary network endpoints in copyright infringement, and additional false positives may arise due to buggy software or timing effects” (emphasis mine).
So we have false positives and arbitrary “endpoints” (i.e., users) being falsely implicated in copyright violation, for which they may be punished without judicial review. Mounting a defence against a false accusation of copyright violation will, it so happens, cost you $35 a pop (see paragraph 11 of the CCI’s FAQ), and if you don’t go to that trouble, the presumption will be that you acknowledge your guilt in the matter. I don’t remember when they altered the US constitution to reverse the burden of proof like that, but maybe I wasn’t paying attention.
There are plenty of other examples of this sort of thing from elsewhere around the globe, too: governments restricting what citizens are allowed to see; police agencies wanting ever-broader scope to seize and retain information about citizen communications; big business wanting to ever-more forcefully assert their intellectual property rights by monitoring what people get up to and reversing the presumption of innocence. I guess we have 9/11 and its cousins to thank, at least in part. Plus a “think of the children” mentality.
Of course, about this time, it’s usual for someone to pipe up with the old saw, “If you’ve done nothing wrong, you’ve nothing to hide”, but I think that’s baloney. My mother pulled the front room curtains of an evening for privacy, not concealment of crime; and privacy is a right that even the UN Declaration of Human Rights (Article 12) acknowledges:
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Besides, none of us are saints… but we don’t warrant burning at the stake for minor transgressions. I myself have downloaded music via bittorrent (I might add that in every case, I have then gone on to purchase the relevant boxed set), but I don’t think I should be busted as a copyright thief for what amounts to temporary sampling of a bit of music to see if I’m interested in buying it.
In any case, the presumption now is that the use of bittorrent is, per se, evidence of guilt of something! And as one who downloads and shares Linux distro ISOs via bittorrent, that’s definitely not something I’m happy about.
For these reasons and others like them, therefore, I’ve decided it’s time to unwrap the tinfoil and to take the sort of precautions I thought only JFK conspiracy fans or Diana-murdered-by-Prince-Phillip nuts would be interested in: assertion of data and communications privacy at all times. I honestly think it’s time we all stopped hoping governments and industry would be largely benign about our reasonable and respectable data habits: they are increasingly not being so. I genuinely believe data and communications privacy is a right that we now have to exert purposefully and deliberately: the time for thinking it’s all a bit geeky and unnecessary is already past.
Accordingly, I am going to write a few articles in the next week or two explaining how to assert privacy rights by means of encryption, VPN tunnelling and so on. For some, I guess it will be old-hat …but it’s certainly something I’ve just woken up to, and I don’t think I’m alone in my naivety about the intentions of government and big business.