On Twitter: @JamesFirth and @s_r_o_c (post feed)

Got a tip? tip@sroc.eu



Friday, 27 April 2012

Daily Mail and Labour teaming up to show their digital illiteracy on porn and child protection is simply dangerous

I've written extensively on the subject of web blocking to protect children from harmful content like pornography so I'll try and keep this short.

  1. If you turned the internet off tomorrow you wouldn't stop kids getting hold of digital porn
  2. General content filtering is impractical and imperfect. It doesn't even stop all accidental or incidental exposure and it certainly doesn't stop a motivated person or child getting to what they want with minimum technical knowledge.
  3. Content filters over-block and prevent access to clean, lawful content and this impacts legitimate businesses
  4. Even if content filters got much better, there is no one-size fits all. If you have children aged 7, 11 and 15 there is clearly content OK for a 15-year-old you wouldn't want your 7-year-old watching.  So what level of content filtering do you want enabled by default on all connections?
I'm not coming at this problem from a pro- or anti- religious line. I'm ambivalent to the benefit or harm of pornography in society. I have no political affiliations. I have no funding from any vested interests (in fact I have no funding whatsoever).

The above is the simple technical position as I, an accomplished software engineer responsible for some of the communications technology on the street today, know it to be.  And I don't see much changing soon.

If you are a parent you are responsible for:
  1. What internet-enabled devices you give your children and where you allow them to use them
  2. What level of content filtering you choose to set up. I'm not against ISPs, hardware and software companies offering a range of filtering options, but it's up to you as a parent to decide what is appropriate for your child to access.
  3. Getting clued-up yourself.  
You'd happily send your child on a road or bike safety course? You'd attend a first aid course yourself so you'd be able to help your child if needed?  You'd research a subject in order to help your child with their general education and homework, yes?
Well stop moaning that someone else should be responsible for your child's online habits.

The campaign by the Daily Mail and Labour is DANGEROUS.  It encourages the notion that it's OK for parents to abdicate responsibility for their child's online activities.  The online dangers go beyond pornography and the primary responsibility rests with us, the parents (yes I am one).

@JamesFirth

Thursday, 26 April 2012

"The internet is filling up!" - it raised a laugh but I said it to express an important concept

Last week I almost became embroiled in a Ted Stevens series of tubes moment when I told a group of internet rights and privacy advocates that the internet was filling up; and this fact had quite profound implications for the way we understood online privacy and disclosure.

The Open Rights Group executive director Jim Killock almost spilled his drink as he snorked at my suggestion, but I said it for a reason: we need to look beyond the engineering challenge of data storage to the macroscopic properties of a massively distributed stochastic system where billions of users provide input and absorb output.

The internet never forgets is a common mantra amongst both privacy and anti-censorship advocates.

It captures how information, once published online, has the tenacity to stick around for decades - perhaps forever; having obvious privacy implications but also the capacity to undermine censorship, as any attempt to block or cleanse the information from the internet often turns into a game of whack-a-mole.

But the internet never forgets was coined in an era of limited participation.  Now internet evangelists such as Vint Cerf talk about bitrot - the loss of data, or the inability to read or interpret stored data at some future point.

Bitrot comes in at least five forms I can identify:
  1. Deletion of the last copy of the data (accidental; but also deliberate, without realising the future value)
  2. Storage of the data in a format which can't be interpreted at some future point due to the unavailability of the software or expertise to interpret the data
  3. Storage on a medium which can't be read due to lack of a physical device to read the data
  4. Failure or degradation of the storage medium so the data can no longer be read
  5. Storage in a forgotten place or a location which can't be found with available search tools
Archivists worry about bitrot because we often don't realise the value of past works and historical data until some future point, when our understanding of the subject has improved sufficiently to make sense of the historical record.

But I'm surprisingly relaxed about bitrot. Bitrot is an engineers-eye view of a problem which can be solved by further engineering.

We're on the verge of producing zettabytes of data per year.  That's approaching two trillion DVDs worth of data; which, stacked end-to-end(!), would reach out into space approximately five times further than the moon.  

But this fact doesn't cause engineers to lose much sleep.  In fact it excites them.  We'll continue to find more efficient ways of storing data than DVDs.  We'll filter the noise and de-duplicate

But the fact that data, without some nurturing, risks disappearing into oblivion should be seen as an opportunity to explore some of the benefits of forgetting.

An opportunity to look beyond the data and towards how people and data interact; look at how we use and organise data, and in particular look at the social implications of a connected society now, rather than the benefit to archivists later.

A collective brain

Bitrot is not simply a threat to archivists that we should fight with brute storage. It's also a phenomenon we might embrace to weed-out garbage and let useful data sit at the front of our collective minds.

When I use the internet today it sometimes feels as though digital content is organising itself along the lines of a giant central human brain, with short and long-term memory.

Short term memory: things we can't help to be reminded of. Current events, trends, things people talk about on social networks.  Information that's easy to find on Google.  You get the idea.

Long term memory: things we have to hunt out. We have to piece together multiple parts of a jigsaw with many well-crafted web searches, or combine data unique to ourselves - data we've stored on our local systems.

I started thinking along these lines a few years ago when the world's best search engine* started to show some of the creaking flaws of its predecessors.

Anyone who remembers using Lycos, Yahoo and Excite to find content back in the 90's will perhaps also remember the wow factor when they first used Google.  Google just found stuff - the stuff you wanted - with minimal effort.

Now things are very different. I can find some stuff easily, and some just falls between the gaps.

The principle of extreme sharing (or, as some call it, toxic disinhibition) has simultaneously lead to an increase in serendipitous moments, a massive increase in noise and a loss of privacy.

Mass participation has also introduced chaos into a well-engineered electronic system.

Many people now (rightly) want to have their say and put their spin on news events.  Plus, commercial drivers lead to the creation of content, content, content; optimised to appear high up the search rankings despite having little inherent knowledge value.

Data is growing.  A good proportion of the population has at their fingertips a means to input and retrieve data from this thing we call the internet.  The internet itself grew autonomously from a series of basic regulated principles - protocols.

Now even Google can't help me find an article I read on a reasonably well established professional source just last week.  Twitter only allows tweets from the last 2 weeks to be searched - beyond which you need to rely on third-party and expensive tweet archives.

The internet is filling up!

Some feel that search technology will catch up, but I disagree.  When Google became the dominant search engine it wasn't facing the same challenge we see now.  The challenge back then was to scan all available content and maintain an algorithm which brought the most relevant results to the top.

A decade after the advent of the World Wide Web relevance was pretty much a universal constant. Now it's highly subjective.  Less than 20 years ago no national newspaper put their content online.  Now when a major news event breaks in the UK it can spawn a thousand articles - many times more if you count personal blogs and social media.

Depending what you're looking for, any one of 100,000 websites could be relevant.

Enter the personalised web.  But that doesn't solve the problem of discovery - finding something completely new to the searcher. And it doesn't solve the problem of finding something specific if that something happens to be outside your normal personalised search bubble or circle of relevance.

Personalisation is a fig leaf based around the premise that around 90% of what we're looking for can be guessed from our past behaviour and, in cases, our friends' past behaviour.  But this thinking locks us into our past and can make the thing we actually seek even harder to find.

We're facing a new set of challenges that increasingly make the old adage, that the internet never forgets, look naive.

The internet is filling up, and that not only has profound implications for the way we use and store data; it will impact all online businesses, have implications for free and open online competition when a few dominant providers act as gatekeepers, and will affect legislation attempting to tackle e.g. government transparency, privacy and regulation of online content.

The prominence of data is becoming governed not by how engineers store and organise it but how humans interact with each other in a way that simply can't be predicted, to bring certain information to prominence and let other facts linger at the back of our collective minds.

@JamesFirth

Tuesday, 24 April 2012

Three words for you Mr Hunt: Digital Economy Act

Leveson? Meh.

Jeremy Hunt's verdict on the Digital Economy Bill: "We wanted an iPod, but we got an Amstrad"

But he still voted for it, allowing Madelson's shambles to get through the wash-up.

Now he's the head of a department, DCMS, which has seen vested interests rule the roost whilst failing to sort out the mess that is the Digital Economy Act (now delayed until 2014 at the earliest).

So no, the revelations at Leveson today regarding Murdoch and News Corp don't surprise me in the slightest.

How he's managed to keep his hands clean this long, given the mess which is the UK's digital policy under his watch, I've no idea. Mr Hunt, who happens also to be my local MP, should now resign.

@JamesFirth

We need mass internet surveillance and data storage, quick as poss pls

A guest post from Billy Bytesworth

Who said what to whom, dates, times, data retention of traffic information... We must enact the government's planned mass internet surveillance in double quick time.  This might be a message alien to regular readers of this, the erstwhile stomping ground of a liberal who believes in privacy from state intrusion.

But there is a serious need for these measures.  A need greater than battling terrorism. A need greater, even, than stomping out copyright infringement. The reason we need a permanent immutable record of all internet transactions is clear from the shenanigans surrounding Messrs Murdoch, Murdoch, Hunt & Co.

Governance.

I think we all agree it's in the public interest to do all we can to ensure we have a system of governance that works in the public interest.  A reliable and stable government is after all the most important prerequisite for a civil society.  (Dear Anons, please skip over this assertion. No need to DDoS me.)

For that we need public accountability and for that we must have true freedom of information. We must ensure from now on that secretaries of state, ministers, civil servants, special political advisers, newspaper proprietors and senior police officers will have a true and accurate aide memoire of all electronic correspondence.  Especially those tricky few emails which evade one's recollection.

That governments will be better held to account if every single email sent to or from a senior figure is captured, time-stamped, stored and made available for immediate public scrutiny I am of no doubt.

The only question is whether such a system may have the unintended and unforeseen consequences of inhibiting frank and open dialogue necessary for the furtherance of informed government.

If ministers and civil servants feel that such a system is not suitable I am willing to reconsider my position.

If those in power feel it is disproportionate to put the need of this country to have an honest and reliable government behind the need for officials and elected representatives to have a full and frank exchange of views in private, I may be persuaded...

Or maybe government officials feel such an invasive system won't end malfeasance?  Maybe they feel such a system would be disproportionate?  It would be costly, highly intrusive; yet fail in its aims, being easily circumvented by officials intent on subversion using widely-available tools to mask their electronic correspondence...

Yes, I might well come round to this view.

In fact we might even extend the principle beyond government. To furnish the right to all to be granted a level of privacy and autonomy that enables frank and open dialogue necessary for the furtherance of society and of knowledge.

BB

Wednesday, 18 April 2012

Update

Whilst I'm still struggling to find a way to keep Open Digital staffed I'm making some progress on the personal front.

I need a job since there's now very little prospect of a salary from Open Digital in the near future and I've invested all my spare cash getting it going.

Lots of people have been in touch with potential job offers, please keep them coming as it's a matter of finding a tolerant employer happy for me to continue my public advocacy in my spare time if Open Digital is to survive at all.

I've also now started writing a weekly blog at Computerworld UK.

Although after 2 years SRoC was well read and, so I discovered, by some influential people; I hope moving my writing there will help get issues raised with a different audience and might help the rescue package I'm trying to cobble together for Open Digital.  Hopefully more on this later.

That's about all for now.  You can read my first post over at Computerworld:

Why the end of Consumer Focus is a blow to UK tech policy

When a government in the midst of a cuts agenda releases a report entitled Empowering and Protecting Consumers, you just know it will not be good news for under-empowered and unprotected consumers in the cut-throat utilities sector. 
I imagine the report might have started life as a memo: ‘make a case for getting rid of these meddling windbags’.
What many people, even those in the tech sector, perhaps don’t appreciate is the role Consumer Focus plays in batting for sense in UK tech policy. 
... 
Consumer Focus is not Big Government. It’s a safeguard against unavoidable monopolies in the utilities sector, including Internet Service Providers. It fights largely from behind the scenes, pushing back against many of the self-interested demands of tech lobbyists.

>> Read the full post >>



@JamesFirth

Tuesday, 10 April 2012

Thanks and goodbye - the end of 2 years of SRoC

Thanks for all who've helped and supported us over the last 2 years on SRoC and the last year at Open Digital.

Sadly I can't fund this blog or Open Digital any more so the projects are on hold - indefinitely.

Whilst some mock blogging, many of the stories on here - some I have broken way ahead of mainsteam media - take days and sometimes weeks of research and networking with tech cos, attending events and meetings in parliament, etc.

Whilst it's never over till the hard disks are wiped and the organisation is liquidised the financial reality is that I can't put any more time into SRoC or Open Digital until I can make it pay.

If anyone's interested - I earned £1.71 from running adverts on this blog for a week, a week with 5k unique hits when I published 5 original posts.  Whilst I believe a digital publishing correction is due, the money is clearly aimed at social puff over substance and one just can't survive on £1.71 a week.

I have mouths to feed and my public CV is here if anyone wants to hire me:
http://www.opendigital.org/consultants/OpenDigital_JamesFirthCV.html

Sorry it's been so brief. Whilst I'm sure there are many out there funding work towards ethical data policy I have not managed to get any of it to flow in our direction.

We all have to eat; and, sadly, as I have written many times over, policy follows the money.

Bye - for now at least,

@JamesFirth

UPDATE: 17:57 - I am just moved by the massive votes of support via email, twitter, G+ etc, and the 2 Flattr donations I didn't even ask for.  Also the multiple suggestions - some of which might see me continuing to write here or elsewhere. More relatively soon on that, hopefully.  I'm also considering what could be a decent job offer that could see some time allowed for side projects like this. It means so much to see people appreciate what I've done here and at Open Digital, even though it may not work commercially; support from so many quarters.

Sunday, 8 April 2012

Good but weak leaders driven by fear and reassured by their own arrogance are unwitting bidders for the devil

Great leaders defend their principles, weak leaders make excuses for their decisions.

The string of politicians responsible over half a century for the subversion of justice and erosion of freedom from state intrusion are on the whole good people.

Good but weak leaders who have opted to make excuses rather than defend what they know to be right.

Politicians and leaders pushing detention without trial, control orders, secret justice, Guantanamo interrogations, mass electronic surveillance, rendition... Driven by fear.

A fear that conventional justice is not sufficient to deal with the 'new' threats of today.

A fear that if they don't act, something bad will happen.

A fear that the internet fundamentally weakens the power balance which allows governments to maintain law and order.

Weak leaders, good people, are turning their backs on their own belief in society; a belief that in our individual freedom and autonomy lies our collective strength; instead becoming advocates for shallow excuses.

Advocates for safeguards that aren't quite the safeguards developed over centuries; independent judicial oversight degraded to the nod of a senior officer, presumption of innocence - but only for less-serious crimes, open justice - unless the government insists on secrecy.

Their arrogance isn't malign, but the consequences are.

An arrogance in understanding; a blind belief that the new safeguards are sufficient and state intrusion necessary in the first place.

And somewhere behind these good but weak leaders lies the devil, waiting to pounce on a civilisation where doing the wrong thing has been normalised through fear of evil.

@JamesFirth

Friday, 6 April 2012

Can freedom survive?

The fuss over the government's latest net snooping plans might have died down for a while in the UK but with a similar battle emerging in the US I get the feeling this is going to run and run.

I know of at least one event planned for soon after Easter and I wondered whether this cause is worthy of a theme tune.  To get the ball rolling I've penned some lyrics to Gloria Gaynor's 'I will survive'.

All we need now is a band to record it (hopefully under a Creative Commons license so it can be shared and remixed as needed) and maybe a video, too? (Must pan in to RIPA Part III on line 2!)

Can Freedom Survive? (CC-BY-NC James Firth)
When the net was first used by paedophiles,
Government made laws to access all our files,
And then onto the scene, came the copyright brigade,
Jobs are under threat and campaign bills must be paid... 
And now we're tracked, from outer space,
They put all our website visits in a database,
We should have known that terrorists
Would be used to set the scene,
For a level of surveillance that Orwell had foreseen. 
Go on now, go, walk out the door,
Your moves all logged and stored, till twenty eighty-four,
Try and leave your phone behind, that doesn't get you off the hook
Cameras match your features to your photos on Facebook. 
Now freedom, can it survive?
When the government knows what I write before my blog goes live,
I've got all my life to live, my data leaks just like a sieve,
Can freedom survive? Survive? Hey, hey,  
Can we trust high strength encryption not to fall apart?
With a man sat in the middle trying to subvert,
Breaking all the bonds of trust just to read a batch of spam,
What's it all for? Have you heard of TOR? 
There is another way, it's really nothing new,
You can trust most netizens to hold up good and true,
Our autonomy's our strength, in a society that's free,
We're all keeping our eyes open for the threats that you foresee. 
Go on now, go, walk out the door,
Your moves all logged and stored, till twenty eighty-four,
Try and leave your phone behind, that doesn't get you off the hook
Cameras match your features to your photos on Facebook. 
Now freedom, can it survive?
When the government knows what I write before my blog goes live,
I've got all my life to live, my data leaks just like a sieve,
Can freedom survive? Survive?

@JamesFirth

Thursday, 5 April 2012

Alleged NSA contact book leaked by Anonymous could indicate scale of private industry profits from security

Anonymous claims to have leaked an NSA contact book. The 4,000-entry list containing many private sector contacts appears to have been published some point on or before Tuesday 3rd April.

I'm in two minds whether to link to the leak; it contains personal data - including what appears to be home addresses for many of those listed.

Plus, I don't support Anonymous - many of their antics are not helpful and I'm aware that Anonymous as a concept provides a vehicle for malignant forces to co-opt from a highly-skilled cohort of sometimes-impressionable hackers.

For this second reason I don't want to cheer-lead for them but at the same time this leak looks newsworthy and indicates the US National Security Agency has tentacles into many major technology companies, perhaps indicating the scale of both the cyber-security industrial complex and the military-digital complex.

Essentially there's a huge amount of money to be made from keeping us safe and this opens up the possibility that some of those profiting have an incentive to over-hype the threat to keep the cash rolling in.

The collateral damage is our privacy and freedom.  Few rational people mind protective measures taken in our collective interest to maintain security and stability, but we need to be sure that inflated or non-existent threats are not used to justify excessive state intrusion.

Below is a list of email domains scraped form the alleged NSA leak with a count of the number of times each domain appears.

Wednesday, 4 April 2012

Confusion over warrants, surveillance powers and the intrusiveness of traffic data

Since I wrote a post explaining how the Government's draft surveillance plans had the effect of downgrading what traditionally would be classed as intrusive interception to a lesser category of access to traffic data - which has far fewer safeguards - a few people have written to me asking about the issue of warrants.

As it stands today a local authority, police force or government intelligence agency does not need a warrant to access traffic data, whereas access to the content of electronic communications - interception - requires an interception warrant, each ultimately authorised personally by the Secretary of State.

The use of interception warrants is overseen by the secretive Interception of Communications Commissioner (ICC) whereas traffic data is regulated as personal data by the Information Commissioners Office (ICO).

Confusion over warrants for access to traffic data arises perhaps because of the coalition's much-vaunted Protection of Freedoms Bill, which will require a judicial warrant for many requests for traffic data.

Tuesday, 3 April 2012

'Maintaining' 'lawful' intercept capability

20 years ago I was a member of a social network. It was called the pub and it enabled like minds to interchange small talk, gossip and express political opinions.

I was also a member of a video-on-demand service called the video shop. At short notice, I could decide which film I wanted to watch, beg my Dad to lend me the car, and within 20 minutes there was a good chance I would be back home with a film to watch.

There was electronic mail, of sorts. I'd type letters on my Commodore Amiga, print them out on my new Canon BJ10 Bubble Jet printer, stuff them in an envelope, address it, stamp it, and stick it in the post box.

My newspaper was delivered by me, the local paperboy, and the only record kept of which paper I read was a hand-written delivery diary at the family-run shop where I worked part time.

When the Government talks about 'maintaining' interception capability they conveniently forget that the capability to monitor 'endpoints' - who talks to whom - never existed for most everyday interactions until very recently, when so much of our everyday activity moved online.

Now my social network is called Facebook and the Government wants to invent the capability of seeing who I write to, who everyone writes to, despite the absence of suspicion.

Monday, 2 April 2012

Equalities and Human Rights Commission:web monitoring potentially incompatible with the right to privacy


Organisation: Equality and Human Rights Commission

Source: Press Releases

Date: 02.04.12

A commission spokesperson said:

"The Government's email and web monitoring plans would potentially be incompatible with the right to privacy of many ordinary people in the UK.

"The Commission's own research last year into information privacy concluded that there was a lack of  proper regulatory oversight and too much conflicting  legislation,  all of which fails to provide adequate protection for citizens and their private information.

"We found that the way the government and its agencies collect, use and store personal data is not respecting people s right to privacy. However, because of the complexity of the current laws,  obligations are unclear and authorities may be unaware they are breaking the law.

"These issues need properly addressing rather than introducing new proposals which further reduce people's rights to privacy."


@JamesFirth

Do not allow the government to back-door our entire communications infrastructure

Communications Capabilities Development: Mass Internet Interception and Surveillance Programme

My earlier description of CCDP explains how the government proposes to introduce warrantless mass surveillance by downgrading much of our internet activity from content to traffic data.

Despite what many readers may instinctively think, my objections to this internet monitoring plan aren't primarily rooted in generalised notions of civil liberties such as privacy.

Costly unsustainable capability-based policing must not come at the expense of consensual community-based online policing.

I think the proposal is disproportionate with questionable benefit. Serious criminals, terrorists and state actors will up their game, rendering much of this surveillance useless. Telephone and mail interception didn't stop the terrorists of the 70's, 80's and 90's.

MPs may feel compelled to act, for if they don't and something bad happens, questions will inevitably be asked why this type of surveillance wasn't installed.

And herein lies a problem as no-one will know if mass surveillance would have stopped it.

But we already have a good idea of the price of surveillance.  Greg Callus wrote an excellent piece in light of the Leveson inquiry, detailing how we're struggling even today to stop enterprising criminals selling access to our private communications.

I have three further worries. There will be a costly arms-race, I have no doubt of that.  Only the manufacturers of surveillance equipment can possibly benefit.

Plus, back-dooring our entire communications infrastructure creates a cyber security risk.  Yes, that's right, a risk.  The claim that such monitoring will help the good guys is based on a premise that only the good guys will have access to it.  (If you haven't already, do go and read Greg's piece.)

Government internet snoop plans in a small a nutshell as I can manage


Communications Capabilities Development: Mass Internet Interception and Surveillance Programme

Yesterday's announcement on the Government's new internet snoop plan (a re-hash of something Labour twice tried to introduce under the title 'Interception Modernisation Programme') comes as no surprise to me, since I broke the story last year on 10th December.

To explain what the government is trying to do you need to know 3 things:
  1. Information about electronic communications are by UK law separated into 2 categories. Traffic data and content.  Traffic data is defined in the Regulation of Investigatory Powers act as information such as who you're communicating with, for how long, etc, plus location data. The content of communications is what you're writing or saying. 
  2. Government, police and even local authorities (although a magistrate will soon have to approve for local authorities) can access 'traffic data' records from your telephone or internet service provider without a warrant. Requests are signed-off by a mid-ranking officer in the force or department making the request.
  3. Access to content is harder and requires an interception warrant ultimately approved by the Secretary of State, police Chief Constable or a few other designated senior authorisation officers.  All authorisations are overseen by the Interception of Communications Commissioner
In a nutshell, the Communications Capabilities Development Programme as described to me will have the effect of downgrading content into traffic data, thereby allowing the government, police, security services and local authorities to milk far more private information from our internet activities without need for a burdensome interception warrant.