My latest Guardian column, Crypto wars redux: why the FBI's desire to unlock your private life must be resisted, explains why the US government's push to mandate insecure back-doors in all our devices is such a terrible idea -- the antithesis of "cyber-security."
As outgoing Attorney General Eric Holder invokes child kidnappers and terrorists, it's like a time-warp to the crypto-wars of the early 1990s, when the NSA tried to keep privacy technology out of civilian hands by classing it as a munition (no, seriously). Today, the need for the public to be able to thoroughly secure its data has never been more urgent, and the practicality of a back-door mandate has never been less plausible.
Because your phone isn’t just a tool for having the odd conversation with your friends – nor is it merely a tool for plotting crime – though it does duty in both cases. Your phone, and all the other computers in your life, they are your digital nervous system. They know everything about you. They have cameras, microphones, location sensors. You articulate your social graph to them, telling them about all the people you know and how you know them. They are privy to every conversation you have. They hold your logins and passwords for your bank and your solicitor’s website; they’re used to chat to your therapist and the STI clinic and your rabbi, priest or imam.
That device – tracker, confessor, memoir and ledger – should be designed so that it is as hard as possible to gain unauthorised access to. Because plumbing leaks at the seams, and houses leak at the doorframes, and lie-lows lose air through their valves. Making something airtight is much easier if it doesn’t have to also allow the air to all leak out under the right circumstances.
There is no such thing as a vulnerability in technology that can only be used by nice people doing the right thing in accord with the rule of law.
Crypto wars redux: why the FBI's desire to unlock your private life must be resisted
(Image: graffiti04, David Bleasdale, CC-BY)
My latest Guardian column, Privacy technology everyone can use would make us all more secure, makes the case for privacy technology as something that anyone can -- and should use, discussing the work being done by the charitable Simply Secure foundation that launches today (site is not yet up as of this writing), with the mandate to create usable interfaces to cryptographic tools, and to teach crypto developers how to make their tools accessible to non-technical people.
I think that the real reason that privacy is so user-unfriendly is that the case for privacy is intensely technical. The privacy risks presented by everyday internet use involve subtle and esoteric principles – understanding the risks of having your computer turned into a node in a botnet; or having its passwords harvested; or having your search- and browser-history logged and used against you (either to compromise you directly, or in use for attacks on your password-recovery questions); and having your metadata mined and joined up in ways that reveal your deepest secrets or result in false, incriminating, and hard-to-refute accusations being made against you, potentially costing you the ability to get credit, board an airplane, or even walk around freely.
You don’t need to be a technical expert to understand privacy risks anymore. From the Snowden revelations to the daily parade of internet security horrors around the world – like Syrian and Egyptian checkpoints where your Facebook logins are required in order to weigh your political allegiances (sometimes with fatal consequences) or celebrities having their most intimate photos splashed all over the web.
The time has come to create privacy tools for normal people – people with a normal level of technical competence. That is, all of us, no matter what our level of technical expertise, need privacy. Some privacy measures do require extraordinary technical competence; if you’re Edward Snowden, with the entire NSA bearing down on your communications, you will need to be a real expert to keep your information secure. But the kind of privacy that makes you immune to mass surveillance and attacks-of-opportunity from voyeurs, identity thieves and other bad guys is attainable by anyone.
Privacy technology everyone can use would make us all more secure [Cory Doctorow/The Guardian]
(Disclosure: I am a volunteer on Simply Secure's advisory council)
In my latest Locus column, Audible, Comixology, Amazon, and Doctorow’s First Law, I unpick the technological forces at work in the fight between Amazon and Hachette, one of the "big five" publishers, whose books have not been normally available through Amazon for months now, as the publisher and the bookseller go to war over the terms on which Amazon will sell books in the future.
The publishing world is, by and large, rooting for Hachette, but hasn't paid much attention to the ways in which Hachette made itself especially vulnerable to Amazon in this fight: by insisting that all its books be sold with Amazon's DRM, it has permanently locked all its customers into Amazon's ecosystem, and if Hachette tries to convince them to start buying ebooks elsewhere, it would mean asking their readers to abandon their libraries in the bargain (or maintain two separate, incompatible libraries with different apps, URLs, and even devices to read them).
Worse still: people in publishing who are alarmed about Hachette are still allowing their audiobooks to be sold by Audible, the Amazon division that controls 90% of the audiobook market and will only sell audiobooks in a format that can't be legally played with anything except Amazon-approved technology. Audible has already started putting the screws to its audiobook suppliers -- the publishers and studios that make most of the audiobooks it sells -- even as it has gone into business competing with them.
It's profoundly, heartbreakingly naive to expect that Amazon will be any less ruthless in exploiting the advantage it is being handed over audiobooks than it has been in its exploitation of ebooks.
Take Amazon’s subsidiary Audible, a great favorite among science fiction writers and fans. The company has absolute dominance over the audiobook market, accounting for as much as 90 percent of sales for major audio publishers. Audible has a no-exceptions requirement for DRM, even where publishers and authors object (my own audiobooks are not available through Audible as a result). Audible is also the sole audiobook supplier for iTunes, meaning that authors and publishers who sell audiobooks through iTunes are likewise bound to lock these to Amazon’s platform and put them in Amazon’s perpetual control.
As John Scalzi wrote recently:
These businesses and corporations are not your friends. They will seek to extract the maximum benefit from you that they can, and from others with whom they engage in business, consistent with their current set of business goals. This does not make them evil – it makes them business entities (they might also be evil, or might not be, but that’s a different thing). If you’re treating these businesses as friends, you’re likely to get screwed.
Anyone who believes that Audible would hesitate to use its market power to extract additional profit at the expense of its suppliers – that is, writers and publishers – is delusional. Not because Audible is evil, but because it is a for-profit corporation that is seeking to maximize its gain. The lesson of Hachette is that Amazon plays hardball when it can, and the more leverage Amazon has over its suppliers, the more it will use that leverage to its suppliers’ detriment.
Audible, Comixology, Amazon, and Doctorow’s First Law [Locus/Cory Doctorow]
(Image: DRM PNG 900 2, Listentomyvoice, CC-BY-SA)
The UK parliamentary farce over #DRIP showed us that, more than any other industry, the political machine is in dire need of disruption.
In my latest Guardian column, How the Kickstarter model could transform UK elections, I suggest that the way that minority politicians could overcome the collective action deadlock of voters being unwilling to "throw away" their ballots on the parties they support, and so holding their nose and voting for the mainstream party they hate least, or not voting at all, by taking a page out of Kickstarter's playbook:
Here's how that could work:
"Yellow Party! Well, I love what you stand for, but come on, you haven't got a snowball's chance. It's throwing away my vote."
"Oh, I'm not asking you to vote for me! Not quite, anyway. All I want you to do is go on record saying that you would vote for me, if 20% of your neighbours made the same promise. Then, on election day, we'll send you a text or and email letting you know how many people there are who've made the same promise, and you get to decide whether it's worth your while.
"The current MP, Ms Setforlife, got elected with only 8,000 votes in the last election. If I can show you that 9,000 of your neighbours feel the same way as you do, and if you act on that information – well, we could change everything."
This threshold-style action system is at the heart of Kickstarter (pledge whatever you like, but no one has to spend anything unless enough money is raised to see the project to completion) and it's utterly adaptable to elections.
In democracies all over the world, voting is in decline. A permanent political class has emerged, and what it has to offer benefits a small elite at the public's wider expense.
How the Kickstarter model could transform UK elections
In my latest Guardian column, What Canada's national public broadcaster could learn from the BBC, I look at the punishing cuts to the CBC, and how a shelved (but visionary) BBC plan to field a "creative archive" of shareable and remixable content could help the network lead the country into a networked, participatory future.
The CBC, at least, has only limited delusions about the importance of commercialising its archives, especially when that comes at the expense of access to the archives for Canadians. Canada is a young nation, and the CBC has been there with Canadians for about half of the country's short life. The contents of the CBC's archives are even more central to the identity of Canadians that the BBC's is to Britons.
If the CBC is to be cut and remade as a digital-first public service entity, then a Canadian Creative Archive could be one way for it to salvage some joy from its misery. There's nothing more "digital first" than ensuring that the most common online activities – copying, sharing, and remixing – are built into the nation's digital heritage.
What's more, the CBC's situation is by no means unique. In an era of austerity, massive wealth inequality, industrial-scale tax-evasion and totalising market orthodoxy, there's hardly a public broadcaster anywhere in the world that isn't facing brutal cuts that go to the bone and beyond.
All of these broadcasters have something in common: they produced their massive archives at public expense, for the public's benefit, and have made only limited progress in giving the public online access to those treasures.
What Canada's national public broadcaster could learn from the BBC
In my latest Guardian column, "How Amazon is holding Hachette hostage," I discuss the petard that the French publishing giant Hachette is being hoisted upon by Amazon. Hachette insisted that Amazon sell its books with "Digital Rights Management" that only Amazon is allowed to remove, and now Hachette can't afford to pull its books from Amazon, because its customers can only read their books with Amazon's technology. So now, Hachette has reduced itself to a commodity supplier to Amazon, and has frittered away all its market power. The other four major publishers are headed into the same place with Amazon, and unless they dump DRM quick, they're going to suffer the same fate.
Under US law (the 1998 Digital Millennium Copyright Act) and its global counterparts (such as the EUCD), only the company that put the DRM on a copyrighted work can remove it. Although you can learn how to remove Amazon's DRM with literally a single, three-word search, it is nevertheless illegal to do so, unless you're Amazon. So while it's technical child's play to release a Hachette app that converts your Kindle library to work with Apple's Ibooks or Google's Play Store, such a move is illegal.
It is an own-goal masterstroke. It is precisely because Hachette has been so successful in selling its ebooks through Amazon that it can't afford to walk away from the retailer. By allowing Amazon to put a lock on its products whose key only Amazon possessed, Hachette has allowed Amazon to utterly usurp its relationship with its customers. The law of DRM means that neither the writer who created a book, nor the publisher who invested in it, gets to control its digital destiny: the lion's share of copyright control goes to the ebook retailer whose sole contribution to the book was running it through a formatting script that locked it up with Amazon's DRM.
The more books Hachette sold with Amazon DRM, the more its customers would have to give up to follow it to a competing store.
How Amazon is holding Hachette hostage
(Image: Noose, Old Austin County Jail, Bellville, Texas 0130101348BW, Patrick Feller, CC-BY)
My latest Guardian column is an interview with Leila Johnston about her Hack Circus project, which includes a conference, a podcast and a print magazine, all with a nearly indefinable ethic of independence and art for its own sake.
The opposite of useful is not always useless, as such. The opposite of reportage is not always silliness, and the opposite of consumer messaging is not always fooling around. Playboy is one of the most successful media enterprises of all time, so presumably people don't want entertainment for functional reasons. Perhaps fooling around can be a very effective business model.
The events are fun, but they are reality-distorting rather than "comedy". They are funny because the clever, strange people who like Hack Circus are naturally funny and have done such wonderfully surprising things, not because they've written a routine. I don't want to do a science comedy night for sceptics and atheists – there's plenty of that around. I'm far more interested in, and identify far more strongly with, the credulous than the sceptical, and I'm consciously working against the resistance to imagination that scepticism presents.
Leila Johnston: 'Digital culture has created a new outsider'
I was on American Public Media’s Marketplace yesterday talking (MP3) about our posting of a rarer-than-rare Disney treasure, the never-before-seen original prospectus for Disneyland, scanned before it was sold to noted jerkface Glenn Beck, who has squirreled it away in his private Scrooge McDuck vault.
For months, I've been following the story that the Mozilla project was set to add closed source Digital Rights Management technology to its free/open browser Firefox, and today they've made the announcement, which I've covered in depth for The Guardian. Mozilla made the decision out of fear that the organization would haemorrhage users and become irrelevant if it couldn't support Netflix, Hulu, BBC iPlayer, Amazon Video, and other services that only work in browsers that treat their users as untrustable adversaries.
They've gone to great -- even unprecedented -- lengths to minimize the ways in which this DRM can attack Firefox users. But I think there's more that they can, and should, do. I also am skeptical of their claim that it was DRM or irrelevance, though I think they were sincere in making it. I think they hate that it's come to this and that no one there is happy about it.
I could not be more heartsick at this turn of events.
We need to turn the tide on DRM, because there is no place in post-Snowden, post-Heartbleed world for technology that tries to hide things from its owners. DRM has special protection under the law that makes it a crime to tell people if there are flaws in their DRM-locked systems -- so every DRM system is potentially a reservoir of long-lived vulnerabilities that can be exploited by identity thieves, spies, and voyeurs.
It’s clear that Mozilla isn’t happy about this turn of events, and in our conversations, people there characterised it as something they’d been driven to by the entertainment companies and the complicity of the commercial browser vendors, who have enthusiastically sold out their users’ integrity and security.
Mitchell Baker, the executive chairwoman of the Mozilla Foundation and Mozilla Corporation, told me that “this is not a happy day for the web” and “it’s not in line with the values that we’re trying to build. This does not match our value set.”
But both she and Gal were adamant that they felt that they had no choice but to add DRM if they were going to continue Mozilla’s overall mission of keeping the web free and open.
I am sceptical about this claim. I don't doubt that it’s sincerely made, but I found the case for it weak. When I pressed Gal for evidence that without Netflix Firefox users would switch away, he cited the huge volume of internet traffic generated by Netflix streams.
There's no question that Netflix video and other video streams account for an appreciable slice of the internet’s overall traffic. But video streams are also the bulkiest files to transfer. That video streams use a lot of bytes isn't a surprise.
When a charitable nonprofit like Mozilla makes a shift as substantial as this one – installing closed-source software designed to treat computer users as untrusted adversaries – you’d expect there to be a data-driven research story behind it, meticulously documenting the proposition that without DRM irrelevance is inevitable. The large number of bytes being shifted by Netflix is a poor proxy for that detailed picture.
There are other ways in which Mozilla’s DRM is better for user freedom than its commercial competitors’. While the commercial browsers’ DRM assigns unique identifiers to users that can be used to spy on viewing habits across multiple video providers and sessions, the Mozilla DRM uses different identifiers for different services.
Firefox’s adoption of closed-source DRM breaks my heart
In my latest Guardian column, 'Cybersecurity' begins with integrity, not surveillance, I try to make sense of the argument against surveillance. Is mass surveillance bad because it doesn't catch "bad guys" or because it is immoral? There's a parallel to torture -- even if you can find places where torture would work to get you some useful information, it would still be immoral. Likewise, I've come to realize that the "it doesn't work" argument isn't one that I want to support anymore, because even if mass surveillance did work, it would still be bad.
One thing that parenting has taught me is that surveillance and experimentation are hard to reconcile. My daughter is learning, and learning often consists of making mistakes constructively. There are times when she is working right at the limits of her abilities – drawing or dancing or writing or singing or building – and she catches me watching her and gets this look of mingled embarrassment and exasperation, and then she changes back to some task where she has more mastery. No one – not even a small child – likes to look foolish in front of other people.
Putting whole populations – the whole human species – under continuous, total surveillance is a profoundly immoral act, no matter whether it works or not. There no longer is a meaningful distinction between the digital world and the physical world. Your public transit rides, your love notes, your working notes and your letters home from your journeys are now part of the global mesh of electronic communications. The inability to live and love, to experiment and err, without oversight, is wrong because it's wrong, not because it doesn't catch bad guys.
Everyone from Orwell to Trotsky recognised that control over information means control over society. On the eve of the November Revolution, Trotsky ordered the Red Guard to seize control over the post and telegraph offices. I mentioned this to Jacob Appelbaum, who also works on many spy-resistant information security tools, like Tor (The Onion Router, a privacy and anonymity tool for browsing the web), and he said, "A revolutionary act today is making sure that no one can ever seize control over the network."
'Cybersecurity' begins with integrity, not surveillance