As everyone who’s even half-awake knows by now, a bunch of people who used to work on Wikileaks have got together to work on Openleaks. From what I hear, Openleaks is going to be so much better than Wikileaks – it will have no editorial role, it will strongly protect people who submit leaks, it’s not about the people who run it, it’ll be distributed and encrypted.
But where’s the design to back up this rhetoric? Where are the security reviews from well-known authorities? They seem to be missing. Instead we have excited articles in mainstream media about how wonderful it is going to be, and how many hours the main man has spent on it.
This sounds very familiar indeed. And we all know what happened last time round.
Of course, Openleaks may be fine, but I strongly suggest that those who are working on it publish their plan and subject it to scrutiny before they put contributors at risk.
As always, I offer my services in this regard. I am sure I am not alone.
I criticise policy makers a lot. So it’s really nice when they say something sensible – or even inspirational. The summary does not do this speech justice. It’s quite short, I suggest you read it.
“We must ensure that copyright serves as a building block, not a stumbling block – we need action to promote a legal digital Single Market in Europeâ€ European Commission Vice President for the Digital Agenda Neelie Kroes said today at the prestigious Forum Dâ€™Avignon, on the subject of how digital technology represents an opportunity rather than a threat to culture. Kroes underlined the need to modernise the copyright system so that it helps rather than hinders artists within the EU’s Single Market. â€œMy goal, in promoting cultural diversity and content adapted to the digital age, is for European creativity to be even strongerâ€, Kroes said. â€œToday our fragmented copyright system is ill-adapted to the real essence of art, which has no frontiers. Instead that system has ended up giving a more prominent role to intermediaries than to artists. It irritates the public, who often cannot access what artists want to offer and leaves a vacuum which is served by illegal content, depriving artists of their well-deserved remuneration. It may suit some vested interests to avoid a debate, or to frame the debate in moralistic terms that merely demonise millions of citizens. But that is not a sustainable approach. Time alone will not solve the problems that have emerged.
Comments Off on Radical Copyright Thinking … at the European Commission!
Apparently some reporters think it’s useful to make stupid claims about Wikileaks. I won’t bother to link, but just in case you mistook them for journalism: for the record, I am a member of Wikileaks’ advisory board and I am honoured to be. I don’t think Julian Assange is crazy, I think he’s a very talented guy. Yeah, he’s a little unusual, but that just adds to the fun. It is true, however, that I don’t know anything about how Wikileaks operates in detail and it is also true that I think that’s a good idea.
If you don’t know what I’m talking about, I hear there’s a search engine that might help. Or you could do something useful with your time.
Comments Off on Wikileaks: The Facts
Apparently, ID cards will not be compulsory after all. Also…
Mr Johnson even admitted the suggestion the cards would help combat terrorism was exaggerated as he accepted the Government should never have allowed “the perception to go around that they were a panacea for terrorism”.
No, really? Anyway, the thing that amuses me is this
It will remain compulsory for foreign nationals staying the UK long term to have an ID cards but Britons will only have one now if they request it.
OK, so when I get stopped in the street, how do I prove that I am not a foreign national staying long term?
The government has quietly launched two quite fascinating initiatives. I have no idea why there wasn’t more fanfare. I was even at OpenTech, where one was announced, and I didn’t know!
Firstly, Show Us A Better Way
Ever been frustrated that you can’t find out something that ought to be easy to find? Ever been baffled by league tables or ‘performance indicators’? Do you think that better use of public information could improve health, education, justice or society at large?
The UK Government wants to hear your ideas for new products that could improve the way public information is communicated.
And 20 grand for the best ideas, too.
Secondly, The Public Sector Unlocking Service (Beta). I love that they put “Beta” in there. Tell them about crown copyright data some bureaucrat is hoarding, and they’ll read them the riot act. Awesome.
Comments Off on Getting At Public Data
It seems like a long time since I spent a very long afternoon (and evening) observing the electronic count of the London Elections. Yesterday, the Open Rights Group released its report on the count. The verdict?
there is insufficient evidence available to allow independent observers to state reliably whether the results declared in the May 2008 elections for the Mayor of London and the London Assembly are an accurate representation of votersâ€™ intentions.
There was lots of nice machinery and pretty screens to watch, but in my view three more things were needed to ensure confidence in the vote.
- A display that showed (a random selection of) ballots and the corresponding vote recorded automatically.
- No machines connected to the network that could not be observed.
- A commitment to the vote (I mean this in the cryptographic sense) after which a manual recount of randomly selected ballot boxes.
The last point is technically tricky to do properly, but I think it could be achieved. For example, take the hash of each ballot box’s count, then form a Merkle tree from those. Publish the root of the tree as the commitment, then after the manual recount, show that the hashes of the (electronic) counts for those boxes (which you would have to reveal anyway to verify the recount) are consistent with the tree.
Comments Off on ORG Report on E-counting
The Guardian has a nice article about Wikileaks today. This was triggered by bizarre behaviour on the part of Bank Julius Baer‘s lawyers, Lavely and Singer (“Attack Dogs of L.A. Law”), who asked Wikileaks to remove documents without specifying what documents or who their client was and then got an injunction to have the wikileaks.org domain deleted.
The documents are still available, of course.
One thing I should correct, though. The article says
Those behind Wikileaks include … Ben Laurie, a mathematician living in west London who is on the advisory board.
I’m not a mathematician (any more), and I’m not behind Wikileaks. I think its a good idea, and I did comment on an early design for the technical infrastructure (which, I must say, was cool), but I am otherwise uninvolved. Everyone thinks this is just a cunning ploy to distance myself from it, but really, its true.
Isn’t it amazing that politicians have so little respect for their electorate that they are quite willing to say things like this?
Telecommunications Minister Stephen Conroy says new measures are being put in place to provide greater protection to children from online pornography and violent websites.
“Labor makes no apologies to those that argue that any regulation of the internet is like going down the Chinese road,” he said.
“If people equate freedom of speech with watching child pornography, then the Rudd-Labor Government is going to disagree.”
I’m sure there’s no need to explain yet again why the Australian idea that they can filter the ‘net is doomed. But what does need some explaining, in my view, is why Conroy thinks he can get away with equating “protecting children from online pornography” and “watching child pornography”? Why have journalists become so passive that they will happily quote such nonsense without any inclination to do some actual analysis of the “news” they so mindlessly quote. It’s no wonder traditional media are in fear of the blogosphere.
Comments Off on Australian Doublespeak
The government waited nearly a month before revealing that they had lost personal data on 25 million UK citizens. Presumably they could have waited forever if they’d thought they’d get away with it.
If you agree that there ought to be a law obliging organisations to reveal such breaches, then the petition for you is right here.
Comments Off on Notification on Personal Data Breaches
I listened to Shirley Williams today speak about the identity card on the always excellent “Any Questions” program on Radio 4. She is not a fan. First of all she made it clear that she believed the LSE’s estimate of the cost, at Â£19 billion, rather than the government’s, at Â£5.6 billion. But then she got really quite outspoken
I think the ID cards are much more serious than people realise … the absolute key thing, and I can’t stress this enough, is that the level of data that the government proposes to collect under the ID bill … adds up, in my view, to a Big Brother scheme of the most terrifying kind.
Because it is so expensive our government will sell our data to commercial interests
It will be a record of where you’ve been, what you’ve done, who you’ve talked to, and I think its a terrifying scheme and I’m another person who’s prepared to say I wouldn’t cooperate with it in any way at all (lots of applause)
When asked if she would court jail in her resistance to ID cards, she responded
Of course … My view is that the identity card will undermine individual civil liberty so seriously that one is entitled to say that one won’t cooperate with it. I have not suggested I would use violence, I am suggesting I wouldn’t cooperate with it, nor will I.
Yes, yes, Shirley, but there’s no need to beat about the bush – tell us what you really think! 🙂
I wonder if Shirley supports No2ID?
Comments Off on Shirley Williams on the Identity Card
In 1869, John Stuart Mill wrote “On Liberty”. My attention was drawn to it by a young adult of my acquaintance who had been set it for homework. Its a fairly long essay, but it can really be summarised by this paragraph
But there is a sphere of action in which society, as distinguished from the individual, has, if any, only an indirect interest; comprehending all that portion of a person’s life and conduct which affects only himself, or if it also affects others, only with their free, voluntary, and undeceived consent and participation. When I say only himself, I mean directly, and in the first instance: for whatever affects himself, may affect others through himself; and the objection which may be grounded on this contingency, will receive consideration in the sequel. This, then, is the appropriate region of human liberty. It comprises, first, the inward domain of consciousness; demanding liberty of conscience, in the most comprehensive sense; liberty of thought and feeling; absolute freedom of opinion and sentiment on all subjects, practical or speculative, scientific, moral, or theological. The liberty of expressing and publishing opinions may seem to fall under a different principle, since it belongs to that part of the conduct of an individual which concerns other people; but, being almost of as much importance as the liberty of thought itself, and resting in great part on the same reasons, is practically inseparable from it. Secondly, the principle requires liberty of tastes and pursuits; of framing the plan of our life to suit our own character; of doing as we like, subject to such consequences as may follow: without impediment from our fellow-creatures, so long as what we do does not harm them, even though they should think our conduct foolish, perverse, or wrong. Thirdly, from this liberty of each individual, follows the liberty, within the same limits, of combination among individuals; freedom to unite, for any purpose not involving harm to others: the persons combining being supposed to be of full age, and not forced or deceived.
In other words
- Think what you want.
- Write what you want.
- Do what you want, so long as it does not harm others.
- Be with who you want.
These seem self-evident to me. How have we managed to move so far from these basic principles?
Apparently the government wants to know about “risks to children from exposure to potentially harmful or inappropriate material on the internet and in video games”.
As soon as people start talking about potential harm, alarm bells start ringing. This phrase, repeated ad nauseam throughout the consultation, suggests to me a willingness to accept opinion and hearsay in lieu of hard evidence. And that, in turn, suggests to me that the conclusion of the consultation is foregone: the Internet is “potentially” harmful, as are video games, we should do more to protect vulnerable children, censorship is good, regulation is good, liberty is bad, free thinking is bad. You read it here first.
The Open Rights Group are planning to submit a response – if you’d like to help form that response, your comments are welcome.
Comments Off on Consultation Considered “Potentially” Harmful?
EU Justice and Security Commissioner Franco Frattini joins the ranks of the terminally deluded
I do intend to carry out a clear exploring exercise with the private sector … on how it is possible to use technology to prevent people from using or searching dangerous words like bomb, kill, genocide or terrorism
Do you, indeed? Of course, this is going to make a huge difference: Hitler would never have killed all those Jews if we’d managed to stop him Googling for “genocide”, after all, so I can totally see your reasoning here.
I really like that he wants to stop us even using these words. When will they be struck out of dictionaries? And all the books they appear in?
Hmm, if we can’t say “genocide” does that mean that we’ll all be forced to deny the Holocaust? Isn’t that actually a crime in some EU countries?
The Open Rights Group released its report on e-counting and e-voting in the recent elections. Executive summary: it didn’t work very well.
Incidentally, ORG is looking for board members, as some of the incumbents (e.g. me) are moving over to the Advisory Board. The deadline is June 22nd.
Comments Off on I Can Haz Votez?
I recently attended a conference on “Respecting Privacy in Global Networks“. One of the talks was about road usage charging – the general idea being that instead of paying a flat fee related to your vehicle type, you pay for the roads you actually use. Of course, the obvious ways to implement this (either using a GPS to log a trail to some kind of secure device which is periodically examined to determine fees, or by collecting car details with roadside receivers) are stupendously privacy invading.
But, it occurs to me, we have the technology at our fingertips to make this system anonymous (except for defaulters) quite easily. All we need to do is fit cars with a device that can spend anonymous digital cash as they pass checkpoints. Cars that don’t fork out get their numberplate photographed. Obviously you have to back this up with legislation that forbids checking numberplates except on defaults but that seems easy enough.
Of course in London we should have this system for congestion charging, which already monitors everyone’s movements.
The Royal Academy of Engineering has published an almost sensible paper on privacy and surveillance. They get off to a good start
There is a challenge to engineers to design products and services which can be enjoyed whilst
their users’ privacy is protected. Just as security features have been incorporated into car design, privacy protecting
features should be incorporated into the design of products and services that rely on divulging personal information.
but then wander off into cuckooland
sensitive personal information stored electronically could potentially be protected from theft or misuse by using digital
rights management technology.
Obviously this is even more loony than trying to protect music with DRM. Another example
Another issue is whether people would wish others to have privacy in this arena – for example, the concern might arise
that anonymous digital cash was used by money launderers or terrorists seeking to hide their identity. Thus this
technology represents another dilemma – should anonymous payment be allowed for those who wish to protect their
privacy, or should it be strictly limited so that it is not available to criminals?
Riiight – because we have these infallible methods for figuring out who is a criminal.
Also, as usual, no mention whatever of zero-knowledge or selective disclosure proofs. But even so, better than most of the policy papers out there. Perhaps next time they might consider consulting engineers with relevant knowledge?
The government is running a consultation on its eâ€“Government framework for Information Assurance. The thing I find most disappointing about it is the complete inability to see beyond identification as a means of access control. I believe it was at PET 2005 that someone claimed that an analysis of citizens’ interactions with government in Australia showed that in over 90% of cases there was no need for the individual to be identified – all that was needed was a proof of entitilement. This can be achieved quite easily even using the kind of conventional cryptography the framework advocates, though this will still allow a citizen’s interactions to be linked with each other – which we all know is not desirable. Even better to use zero knowledge or selective disclosure proofs, as discussed ad nauseam in this blog. Yet, despite this, there is not a single mention of any access control method other than complete identification.
If you do nothing else, I encourage you to make this point in any submission you make.
I’ve been widely quoted as saying
“I would not trust my life or even my liberty to Tor”
in a New Scientist article on WikiLeaks. I said this because low-latency systems such as Tor are susceptible to traffic analysis by a strong adversary (such as, say, a government). If I were a dissident in a country with an evil government I would not rely on Tor to protect me from that government. Actually, I should rephrase that: if I were a dissident I would not rely on Tor to protect me.
This is not to say WikiLeaks expects you to rely on Tor, I was commenting in general about the security of Tor, not about the security of WikiLeaks (in the absence of a detailed design, I can’t comment on that).
I suspect WikiLeaks is going to be all over the web tomorrow, if it isn’t already.
WikiLeaks is developing an uncensorable version of WikiPedia for untraceable mass document leaking and analysis … We aim for maximum political impact; this means our interface is identical to Wikipedia and usable by non-technical people. We have received over 1.1 million documents so far.
Of course, the naysayers say it might be used for evil, and so it shouldn’t exist. The naysayers need to think about the terribly negative social impact of other tools that might be used for evil, like the pencil.
Comments Off on WikiLeaks