My latest Guardian column, Crypto wars redux: why the FBI’s desire to unlock your private life must be resisted, explains why the US government’s push to mandate insecure back-doors in all our devices is such a terrible idea — the antithesis of “cyber-security.”
As outgoing Attorney General Eric Holder invokes child kidnappers and terrorists, it’s like a time-warp to the crypto-wars of the early 1990s, when the NSA tried to keep privacy technology out of civilian hands by classing it as a munition (no, seriously). Today, the need for the public to be able to thoroughly secure its data has never been more urgent, and the practicality of a back-door mandate has never been less plausible.
Because your phone isn’t just a tool for having the odd conversation with your friends – nor is it merely a tool for plotting crime – though it does duty in both cases. Your phone, and all the other computers in your life, they are your digital nervous system. They know everything about you. They have cameras, microphones, location sensors. You articulate your social graph to them, telling them about all the people you know and how you know them. They are privy to every conversation you have. They hold your logins and passwords for your bank and your solicitor’s website; they’re used to chat to your therapist and the STI clinic and your rabbi, priest or imam.
That device – tracker, confessor, memoir and ledger – should be designed so that it is as hard as possible to gain unauthorised access to. Because plumbing leaks at the seams, and houses leak at the doorframes, and lie-lows lose air through their valves. Making something airtight is much easier if it doesn’t have to also allow the air to all leak out under the right circumstances.
There is no such thing as a vulnerability in technology that can only be used by nice people doing the right thing in accord with the rule of law.
(Image: graffiti04, David Bleasdale, CC-BY)
I’m heading out on tour with my new graphic novel In Real Life, adapted by Jen Wang from my story Anda’s Game. I hope you’ll come out and see us! We’ll be in NYC, Princeton, LA, San Francisco, Seattle, Austin, Minneapolis and Chicago! (I’m also touring my new nonfiction book, Information Doesn’t Want to Be Free, right after — here’s the whole schedule).
It’s a fantastic honour, in some ways even better than winning the juried Sunburst Award, because popular awards are given to books that have wide appeal to the whole voter pool. I’m incredibly grateful to the Sunburst Award Society, and also offer congrats to Guy for his well-deserved honour.
My latest Guardian column, Privacy technology everyone can use would make us all more secure, makes the case for privacy technology as something that anyone can — and should use, discussing the work being done by the charitable Simply Secure foundation that launches today (site is not yet up as of this writing), with the mandate to create usable interfaces to cryptographic tools, and to teach crypto developers how to make their tools accessible to non-technical people.
I think that the real reason that privacy is so user-unfriendly is that the case for privacy is intensely technical. The privacy risks presented by everyday internet use involve subtle and esoteric principles – understanding the risks of having your computer turned into a node in a botnet; or having its passwords harvested; or having your search- and browser-history logged and used against you (either to compromise you directly, or in use for attacks on your password-recovery questions); and having your metadata mined and joined up in ways that reveal your deepest secrets or result in false, incriminating, and hard-to-refute accusations being made against you, potentially costing you the ability to get credit, board an airplane, or even walk around freely.
You don’t need to be a technical expert to understand privacy risks anymore. From the Snowden revelations to the daily parade of internet security horrors around the world – like Syrian and Egyptian checkpoints where your Facebook logins are required in order to weigh your political allegiances (sometimes with fatal consequences) or celebrities having their most intimate photos splashed all over the web.
The time has come to create privacy tools for normal people – people with a normal level of technical competence. That is, all of us, no matter what our level of technical expertise, need privacy. Some privacy measures do require extraordinary technical competence; if you’re Edward Snowden, with the entire NSA bearing down on your communications, you will need to be a real expert to keep your information secure. But the kind of privacy that makes you immune to mass surveillance and attacks-of-opportunity from voyeurs, identity thieves and other bad guys is attainable by anyone.
Privacy technology everyone can use would make us all more secure [Cory Doctorow/The Guardian]
(Disclosure: I am a volunteer on Simply Secure’s advisory council)
In Real Life is the book-length graphic novel adapted by Jen Wang from my short story Anda’s Game, about a girl who encounters a union organizer working to sign up Chinese gold-farmers in a multiplayer game.
Tor.com has published a long excerpt from the book, showcasing Jen’s wonderful art, character development and writing!
In my latest Locus column, Audible, Comixology, Amazon, and Doctorow’s First Law, I unpick the technological forces at work in the fight between Amazon and Hachette, one of the “big five” publishers, whose books have not been normally available through Amazon for months now, as the publisher and the bookseller go to war over the terms on which Amazon will sell books in the future.
The publishing world is, by and large, rooting for Hachette, but hasn’t paid much attention to the ways in which Hachette made itself especially vulnerable to Amazon in this fight: by insisting that all its books be sold with Amazon’s DRM, it has permanently locked all its customers into Amazon’s ecosystem, and if Hachette tries to convince them to start buying ebooks elsewhere, it would mean asking their readers to abandon their libraries in the bargain (or maintain two separate, incompatible libraries with different apps, URLs, and even devices to read them).
Worse still: people in publishing who are alarmed about Hachette are still allowing their audiobooks to be sold by Audible, the Amazon division that controls 90% of the audiobook market and will only sell audiobooks in a format that can’t be legally played with anything except Amazon-approved technology. Audible has already started putting the screws to its audiobook suppliers — the publishers and studios that make most of the audiobooks it sells — even as it has gone into business competing with them.
It’s profoundly, heartbreakingly naive to expect that Amazon will be any less ruthless in exploiting the advantage it is being handed over audiobooks than it has been in its exploitation of ebooks.
Take Amazon’s subsidiary Audible, a great favorite among science fiction writers and fans. The company has absolute dominance over the audiobook market, accounting for as much as 90 percent of sales for major audio publishers. Audible has a no-exceptions requirement for DRM, even where publishers and authors object (my own audiobooks are not available through Audible as a result). Audible is also the sole audiobook supplier for iTunes, meaning that authors and publishers who sell audiobooks through iTunes are likewise bound to lock these to Amazon’s platform and put them in Amazon’s perpetual control.
As John Scalzi wrote recently:
These businesses and corporations are not your friends. They will seek to extract the maximum benefit from you that they can, and from others with whom they engage in business, consistent with their current set of business goals. This does not make them evil – it makes them business entities (they might also be evil, or might not be, but that’s a different thing). If you’re treating these businesses as friends, you’re likely to get screwed.
Anyone who believes that Audible would hesitate to use its market power to extract additional profit at the expense of its suppliers – that is, writers and publishers – is delusional. Not because Audible is evil, but because it is a for-profit corporation that is seeking to maximize its gain. The lesson of Hachette is that Amazon plays hardball when it can, and the more leverage Amazon has over its suppliers, the more it will use that leverage to its suppliers’ detriment.
Audible, Comixology, Amazon, and Doctorow’s First Law [Locus/Cory Doctorow]
(Image: DRM PNG 900 2, Listentomyvoice, CC-BY-SA)
You can hear audio from the rest of the speakers too.