…And like clockwork, after a bad thing happens, there is much noise followed by we-must-do-something-this-is-something.
This week has seen the government response to two big bad things of the last few weeks: the Sony hack and the Charlie Hebdo murders. The UK seems to have responded primarily to the latter, the US to the former, since it happened in the otherwise slow holiday period and included cancelling the planned premiere showings of The Interview (which, comedian Amy Poehler quipped at the Golden Globes on Sunday, “forced us all to pretend we wanted to see it”).
While the first response to both stories on both sides of the Atlantic surrounded defending free speech, the proposed legislative response seems to be framed to target the perceived cause. So in the US, according to ars technica and Wired, President Obama wants Congress to amend the Computer Fraud and Abuse Act (1984) to increase the penalties for hackers and expand the definition of “hacking”. In the UK, David Cameron wants to be able to read every communication. Neither would prevent future incidents like the ones that have already happened, but both would hurt many less obvious targets. The UK response especially seems to be seizing on recent events to push an agenda the government had already indicated it wanted anyway.
Taking the US’s hacking amendments first, as others have said, the CFAA is the legislation under which Aaron Swartz was prosecuted – or persecuted. Increasing penalties and broadening the definition will catch more people who, like Swartz, are committing civil infractions, but will do nothing to stop a criminal attack like Sony’s, which the FBI maintains was directly the responsibility of North Korea, despite expert disagreement. Increasingly, the most dangerous, persistent, and patient attacks are mounted remotely. Brian Krebs‘ dueling Russian spamlords do not care about US laws, nor do hackers based in North Korea or China. In their own countries, they may be heroes.
“What’s left for them to want?” an activist friend asked the day after the Charlie Hebdo murders, before Cameron had spoken. Well: everything they’ve wanted in the past and didn’t get, at least legally.
For one thing, key escrow, the subject of many battles in the late 1990s leading up to the passage of the Regulation of Investigatory Powers Act (2000). They wanted it, we told them (and told them and told them) it was a bad idea, and eventually publicly they gave up but, as we now know from the Snowden revelations, privately went ahead and broke everything they could, either technically or via standards bodies. They also don’t have the Communications Data Bill that would require communications service providers to collect and retain third-party data transiting their systems, basically to gain access to things like instant messaging, skype, and private messaging over social networks.
With respect to censorship, the UK already has a comprehensive set of technologies in place: the relatively uncontroversial Internet Watch Foundation, which responds to reports from the public of child abuse images; court-ordered blocking (to date, best known for its use to block torrent sites); and “family-friendly” filters everyone is supposed to make an active choice about. But the IWF has been reluctant to expand its mission beyond material that can be clearly ruled illegal into grey, fuzzy areas such as hate speech.
The US has been complaining about going dark for three years now, but it has to be careful: it has billion-dollar companies that depend on being able to say customers can trust them. Cameron apparently plans to ask Obama to step in and help him out here. You’d expect Obama to just laugh at him but sadly, there is something Obama just might accept as a quid pro quo: getting rid of this nasty data
protection reform (which the UK has publicly opposed anyway).
Forbes figures Cameron wants to return Britain to an agrarian society. It would be closer to correct to say that he wants to turn Britain into France before 1999, when crypto was largely outlawed. France got over it at the same time as everyone else, if only because electronic commerce is not viable without secure encryption – which is Forbes’s point.
Cory Doctorow, writing a few days ago about Cameron’s plans, makes plain the onerous regime that the plan would actually require: total control over the software Britons’ computers run; complete ability to censor what they read and where they acquire software; and rampant insecurity. As net.wars has written often, citing Susan Landau, a hole is a hole; it doesn’t care who goes through it; Sophos’ Graham Cluley: http://grahamcluley.com/2015/01/cameron-secure-messaging-crazy/”>just calls the plan “crazy”.
Elsewhere, Milena Popova has dissected the damage surveillance and censorship do to vulnerable populations.
So, in brief: when a provocative and outrageous media outlet is attacked everyone lines up to champion freedom of speech … and then the next thing many of them want to do is lock us all down real tight.
Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier
columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard – or follow on Twitter.