The Dictator’s Dilemma

Posted on by

My Observer Comment piece on the latest episode in the ongoing conflict between the state and the Internet.

Here we go again: authoritarian ruler finds that social media are making life uncomfortable for him in the run-up to elections; finds Twitter particularly annoying; instructs local authorities to shut off access for his citizens; announces that he is unbothered by international criticism of this act of censorship which, he says, will demonstrate the power of his republic.

Welcome to Turkey, our staunch ally in the fight against jihad and the Forces of Darkness. There is a certain grim familiarity in the story of Prime Minister Erdogan’s battle against social media…

Military-Industrial Complex 2.0

Posted on by

This morning’s Observer column.

As they burgeoned, the big internet companies looked with disdain on the leviathans of the military-industrial complex. Kinetic warfare seemed so yesterday to those whose corporate mantras were about “not being evil” and adhering to “the hacker’s way”. So when Snowden revealed NSA claims that the spooks had untrammelled access to their servers the companies reacted like nuns accused of running a webcam porn site. It wasn’t true, they protested, and even it if was they knew nothing about it. Of course they did comply with government requests approved by a secret court, but that was the extent of it. As the months rolled by, however, this reassuring narrative has unravelled. We discovered that the NSA and GCHQ had indeed covertly tapped the data-traffic that flows between the companies’ server farms. But since Google and co were – they claimed – unaware of this, perhaps their protestations of innocence seemed justified. More embarrassing were the revelations about the astonishing lengths to which one company (Microsoft) went to facilitate NSA access to its users’ private communications.

Last Wednesday, another piece of the jigsaw slotted into place. The NSA’s top lawyer stated unequivocally that the technology firms were fully aware of the agency’s widespread collection of data. Rajesh De, the NSA general counsel, said that all communications content and associated metadata harvested by the NSA occurred with the knowledge of the companies – both for the Prism system and the covert tapping of communications moving across the internet.

So who’s lying — the NSA or the tech companies?

Posted on by

From the outset of the furore over the Snowden revelations it’s been obvious that either the NSA or the tech companies must have been lying about whether the agency did or did not have access to the companies’ communications. This statement by the NSA’s lead counsel asserts that the companies knew all along about the agency’s data collection practices.

The senior lawyer for the National Security Agency stated unequivocally on Wednesday that US technology companies were fully aware of the surveillance agency’s widespread collection of data, contradicting months of angry denials from the firms.

Rajesh De, the NSA general counsel, said all communications content and associated metadata harvested by the NSA under a 2008 surveillance law occurred with the knowledge of the companies – both for the internet collection program known as Prism and for the so-called “upstream” collection of communications moving across the internet.

Asked during a Wednesday hearing of the US government’s institutional privacy watchdog if collection under the law, known as Section 702 or the Fisa Amendments Act, occurred with the “full knowledge and assistance of any company from which information is obtained,” De replied: “Yes.”

They can’t both be right: so who’s lying?

One-hit wonders

Posted on by

Readers who have been playing a strange game called Candy Crush Saga on their smartphones may be interested to know that — according to the New Yorker — has been downloaded more than half a billion times. More interesting still is the news that King Digital Entertainment, the Irish company that created it, earned almost $2B in sales, of which $567m was pure profit.

Last month, King Digital filed for a US IPO with a putative valuation of “up to $7.6 billion”.

The phrase “money from old rope” comes to mind. But it’s soooo old-fashioned.

On being a partly-boiled frog

Posted on by

I’m an Amazon Prime customer, because it looked like a no-brainer for a household that buys quite a lot of stuff online. But now the cost of Prime has suddenly gone up from £49/year to £79.

That’s a huge hike. To conceal it, Amazon tells me that my Prime subscription will now include a subscription to Lovefilm. Big deal! I watch very few movies and have never contemplated subscribing either to Lovefilm or Netflix. A subscription to Lovefilm is completely useless to me.

So the question is: will I stick with Prime at £79?

Answer: maybe — for now. But it’s clear that this is part of a bigger strategy: capture->lock-in->exploit. Or, as the always-perceptive Jason Calcanis puts it:

Does anyone know the actually number of @amazon prime subscribers? Can anyone with Prime imagine life without it? Would you cancel Prime over the $20 a year increase?

Note: Amazon is starting to boil us frogs. Prime goes up 25% and none of us notice. Up another $25 in two years–no one will notice. Eventually it will be $20 a month and have 100m subscribers.

Amazon says it has at least 20M prime subscribers as of Jan ’14, according to [Macquarie] (http://launch.co/story/amazon-prime-has-20m-subs-macquarie-analyst-ben-schachter-reportedly-confirme)

Snooping is a public health issue

Posted on by

This morning’s Observer column.

One of the things that baffles me is why more people are not alarmed by what Edward Snowden has been telling us about the scale and intrusiveness of internet surveillance. My hunch is that this is partly because – strangely – people can’t relate the revelations to things they personally understand.

In the past two weeks, two perceptive commentators have been trying to break through this barrier. One is Cory Doctorow, the science-fiction novelist, who had a terrific essay in the Guardian arguing that instead of increasing our security, government agencies such as the NSA, GCHQ and others are actually undermining it. The essay is worth reading in full, but one part of it stood out for me. It’s about the thriving, underworld online market in malicious software. Nowadays, if some hacker discovers a previously unknown vulnerability in widely used software, that discovery can be very valuable – and people will pay large sums for such “zero-day” exploits. But here’s the creepy bit: sometimes, the purchasers are government agencies that buy these pieces of malware to use as weapons against their enemies.

To most people, this will seem pretty abstruse. But with the imaginative skill of a good writer, Doctorow nails it: “If you discovered,” he writes, “that your government was more interested in weaponising typhus than they were in curing it, you would demand that your government treat your water supply with the gravitas and seriousness that it is due.”

Read on

LATER: Right on cue, another great blog post by Bruce Schneier, putting this stuff in an everyday context:

Imagine that you hired a private detective to eavesdrop on a subject. That detective would plant a bug in that subject’s home, office, and car. He would eavesdrop on his computer. He would listen in on that subject’s conversations, both face to face and remotely, and you would get a report on what was said in those conversations. (This is what President Obama repeatedly reassures us isn’t happening with our phone calls. But am I the only one who finds it suspicious that he always uses very specific words? “The NSA is not listening in on your phone calls.” This leaves open the possibility that the NSA is recording, transcribing, and analyzing your phone calls — and very occasionally reading them. This is far more likely to be true, and something a pedantically minded president could claim he wasn’t lying about.)

Now imagine that you asked that same private detective to put a subject under constant surveillance. You would get a different report, one that included things like where he went, what he did, who he spoke to — and for how long — who he wrote to, what he read, and what he purchased. This is all metadata, data we know the NSA is collecting. So when the president says that it’s only metadata, what you should really hear is that we’re all under constant and ubiquitous surveillance.

What’s missing from much of the discussion about the NSA’s activities is what they’re doing with all of this surveillance data. The newspapers focus on what’s being collected, not on how it’s being analyzed — with the singular exception of the Washington Post story on cell phone location collection. By their nature, cell phones are tracking devices. For a network to connect calls, it needs to know which cell the phone is located in. In an urban area, this narrows a phone’s location to a few blocks. GPS data, transmitted across the network by far too many apps, locates a phone even more precisely. Collecting this data in bulk, which is what the NSA does, effectively puts everyone under physical surveillance.

This is new. Police could always tail a suspect, but now they can tail everyone — suspect or not. And once they’re able to do that, they can perform analyses that weren’t otherwise possible. The Washington Post reported two examples. One, you can look for pairs of phones that move toward each other, turn off for an hour or so, and then turn themselves back on while moving away from each other. In other words, you can look for secret meetings. Two, you can locate specific phones of interest and then look for other phones that move geographically in synch with those phones. In other words, you can look for someone physically tailing someone else. I’m sure there are dozens of other clever analyses you can perform with a database like this. We need more researchers thinking about the possibilities. I can assure you that the world’s intelligence agencies are conducting this research.

Schneier is one of the very best commentators on this stuff. Everything he writes about it is worth reading.