Tag Archives: freedom of information

Iceland as a Privacy Haven?

Nesjavellir Geothermal Power Plant, Iceland. Image from wikipedia

A former NATO airbase in Iceland  looks  like nothing more than a huge warehouse from the outside.  But the barbed-wire fence surrounding it and surveillance cameras atop its gates betray  its importance.  This facility, which began operating in February 2012, is one of several data centres in Iceland. It’s run by Verne Global, a company that allows its customers to store data on servers here.

Tate Cantrell, the company’s chief technical officer, explained why Verne Global favoured this tiny Nordic nation of all places. “In Iceland, you’ve got this ideal situation: energy, excellent connectivity for data, and a constant cool climate. So Iceland was an obvious choice.”  Iceland’s abundant renewable energy from geothermal and hydroelectric plants means the costs of running these data centres are low. And the Gulf Stream current keeps the temperature in Iceland more or less stable throughout the year, avoiding the need to provide cooling for the servers and computers.

Data centres based here have another advantage, too: Iceland is in the initial stage of implementing the most progressive data-privacy laws in the world, a major selling point especially after whistleblower Edward Snowden’s revelations regarding widespread surveillance by the United States’ National Security Agency (NSA).  A recent paper published by Verne Global stated that Iceland was “uniquely positioned as a data privacy haven” because of the new regulations.

The International Modern Media Institute (IMMI), a non-profit organisation, has played an instrumental role in designing and promoting the legal framework for Iceland’s new data privacy laws….Birgitta Jónsdóttir is IMMI’s spokeswoman and now represents the Pirate Party in the Icelandic parliament.  In 2010, the IMMI, then known as the Icelandic Modern Media Initiative, proposed a resolution to change Icelandic law to ensure data privacy and freedom of speech. The proposal includes protection for whistleblowers and journalists’ sources, as well as an “ultra-modern Freedom of Information Act” based on elements from existing laws in Estonia, the United Kingdom, and Norway.  The data centres would benefit from a clause in the law that ensures the protection of intermediaries such as internet service providers and telecommunications carriers.The resolution was passed by the Icelandic parliament that same year, and is now being implemented into law, piece by piece.  “A bit more than half of what IMMI proposed has been made into law – somewhere between 50 and 70 percent,” Jonsdottir said…

Despite the new measures, Icelandic journalist Jón Bjarki Magnusson said he thinks his country still has a long way to go when it comes to media freedom.  “IMMI for me is a bit like a fairy tale, reality on the ground is different from the idea,” he told Al Jazeera at a café in downtown Reykjavik. “I like the idea but Iceland is far from being a haven for free journalism.”Earlier this year, Magnusson worked on an investigative story for DV newspaper, in which he wrongly identified an assistant to Iceland’s interior minister as being under police investigation.  Magnusson and his colleagues quickly realised their mistake and issued an apology within a few hours of publishing. But that didn’t stop the official from pressing criminal libel charges against Magnusson and a colleague of his, Johann Pall Johannsson, demanding a sentence of up to two years in prison.

Watchdog group Reporters Without Borders (RSF) has issued a statement condemning the steps against the reporters as disproportionate. The group said that freedom of information in Iceland has declined over the past two years, citing the libel case and budget cuts for public broadcasters.

Excerpt from Felix Gaedtke, Can Iceland become the ‘Switzerland of data’?, Al Jazeera, Dec. 28, 2014

NGO Sues CIA over Freedom of Information

foia

[T]he Central Intelligence Agency has a track record of holding itself apart from, and largely above, the Freedom of Information Act, consistently ignoring deadlines, refusing to work with requesters, and capriciously rejecting even routine requests for what should be clearly public information.  Additionally, we [MuckRock] are suing against the CIA’s general practice of rejecting requests for email records which do not include the time frame, subject, and to and from fields, regardless of what other information is including to help narrow the request. This practice replaces the required functional test for whether or not a request reasonably describes the records sought with a per se test that automatically rejects any request for email records based on whether or not it includes all four pieces of information, virtually ensuring that vast amounts of CIA email records go unprocessed and unreleased.

Excerpt, Michael Morisy, Why we’re suing the CIA: After 10,000 requests, MuckRock launches its first lawsuit, MuckRock Press Release, June 11, 2014

Public Sector Data Belong to the Public and the Companies that can Mine it

image from wikipedia

On May 9th, 2013 Barack Obama ordered that all data created or collected by America’s federal government must be made available free to the public, unless this would violate privacy, confidentiality or security. “Open and machine-readable”, the president said, is “the new default for government information.”

This is a big bang for big data, and will spur a frenzy of activity. Pollution numbers will affect property prices. Restaurant reviews will mention official sanitation ratings. Data from tollbooths could be used to determine prices for nearby billboards. Combining data from multiple sources will yield fresh insights. For example, correlating school data with transport information and tax returns may show that academic performance depends less on income than the amount of time parents spend with their brats.

Over the next few months federal agencies must make an inventory of their data and prioritise their release. They must also take steps not to release information that, though innocuous on its own, could be joined with other data to undermine privacy—a difficult hurdle.  Many countries have moved in the same direction. In Europe the information held by governments could be used to generate an estimated €140 billion ($180 billion) a year. Only Britain has gone as far as America in making data available, however. For example, it requires the cost of all government transactions with citizens to be made public. Not all public bodies are keen on transparency. The Royal Mail refuses to publish its database of postal addresses because it makes money licensing it to businesses. On May 15th an independent review decried such practices, arguing that public-sector data belong to the public.

Rufus Pollock of the Open Knowledge Foundation, a think-tank, says most firms will eventually use at least some public-sector information in their business.

Open data: A new goldmine, Economist,  May 18, 2013, at 73

How the United States is Persecuting the Hacktivists

hacktivism

The government is treating hackers who try to make a political point as serious threats.   [T]he state has come down on them with remarkable force. This is in large measure evidence of how poignant, and troubling, their message has been.

Hacktivists, roughly speaking, are individuals who redeploy and repurpose technology for social causes. In this sense they are different from garden-variety hackers out to enrich only themselves. People like Steve Jobs, Steve Wozniak and Bill Gates began their careers as hackers — they repurposed technology, but without any particular political agenda. In the case of Mr. Jobs and Mr. Wozniak, they built and sold “blue boxes,” devices that allowed users to defraud the phone company. Today, of course, these people are establishment heroes, and the contrast between their almost exalted state and the scorn being heaped upon hacktivists is instructive.

For some reason, it seems that the government considers hackers who are out to line their pockets less of a threat than those who are trying to make a political point. Consider the case of Andrew Auernheimer, better known as “Weev.” When Weev discovered in 2010 that AT&T had left private information about its customers vulnerable on the Internet, he and a colleague wrote a script to access it. Technically, he did not “hack” anything; he merely executed a simple version of what Google Web crawlers do every second of every day — sequentially walk through public URLs and extract the content. When he got the information (the e-mail addresses of 114,000 iPad users, including Mayor Michael Bloomberg and Rahm Emanuel, then the White House chief of staff), Weev did not try to profit from it; he notified the blog Gawker of the security hole.  For this service Weev might have asked for free dinners for life, but instead he was recently sentenced to 41 months in prison and ordered to pay a fine of more than $73,000 in damages to AT&T to cover the cost of notifying its customers of its own security failure.  When the federal judge Susan Wigenton sentenced Weev on March 18, she described him with prose that could have been lifted from the prosecutor Meletus in Plato’s “Apology.” “You consider yourself a hero of sorts,” she said, and noted that Weev’s “special skills” in computer coding called for a more draconian sentence. I was reminded of a line from an essay written in 1986 by a hacker called the Mentor: “My crime is that of outsmarting you, something that you will never forgive me for.”  When offered the chance to speak, Weev, like Socrates, did not back down: “I don’t come here today to ask for forgiveness. I’m here to tell this court, if it has any foresight at all, that it should be thinking about what it can do to make amends to me for the harm and the violence that has been inflicted upon my life.”  He then went on to heap scorn upon the law being used to put him away — the Computer Fraud and Abuse Act, the same law that prosecutors used to go after the 26-year-old Internet activist Aaron Swartz, who committed suicide in January.  The law, as interpreted by the prosecutors, makes it a felony to use a computer system for “unintended” applications, or even violate a terms-of-service agreement. That would theoretically make a felon out of anyone who lied about their age or weight on Match.com.

The case of Weev is not an isolated one. Barrett Brown, a journalist who had achieved some level of notoriety as the “the former unofficial not-spokesman for Anonymous,” the hacktivist group, now sits in federal custody in Texas. Mr. Brown came under the scrutiny of the authorities when he began poring over documents that had been released in the hack of two private security companies, HBGary Federal and Stratfor. Mr. Brown did not take part in the hacks, but he did become obsessed with the contents that emerged from them — in particular the extracted documents showed that private security contractors were being hired by the United States government to develop strategies for undermining protesters and journalists, including Glenn Greenwald, a columnist for Salon. Since the cache was enormous, Mr. Brown thought he might crowdsource the effort and copied and pasted the URL from an Anonymous chat server to a Web site called Project PM, which was under his control…..

Other hacktivists have felt the force of the United States government in recent months, and all reflect an alarming contrast between the severity of the punishment and the flimsiness of the actual charges. The case of Aaron Swartz has been well documented. Jeremy Hammond, who reportedly played a direct role in the Stratfor and HBGary hacks, has been in jail for more than a year awaiting trial. Mercedes Haefer, a journalism student at the University of Nevada, Las Vegas, faces charges for hosting an Internet Relay Chat channel where an Anonymous denial of service attack was planned. Most recently, Matthew Keys, a 26-year-old social-media editor at Reuters, who allegedly assisted hackers associated with Anonymous (who reportedly then made a prank change to a Los Angeles Times headline), was indicted on federal charges that could result in more than $750,000 in fines and prison time, inciting a new outcry against the law and its overly harsh enforcement. The list goes on.

In a world in which nearly everyone is technically a felon, we rely on the good judgment of prosecutors to decide who should be targets and how hard the law should come down on them. We have thus entered a legal reality not so different from that faced by Socrates when the Thirty Tyrants ruled Athens, and it is a dangerous one. When everyone is guilty of something, those most harshly prosecuted tend to be the ones that are challenging the established order, poking fun at the authorities, speaking truth to power — in other words, the gadflies of our society.

Excerpts, By PETER LUDLOW, Hacktivists as Gadflies, NY Times, April 13, 2013

Who is Cryptome?

Salonica.  Image from cryptome.org

Cryptome unfamiliar to the general public, is well-known in circles where intelligence tactics, government secrets and whistle-blowing are primary concerns. Since its creation in 1996, Cryptome has amassed more than 70,000 files — including lists of secret agents, high-resolution photos of nuclear power plants, and much more.

Its co-founder and webmaster, a feisty 77-year-old architect, doesn’t hesitate when asked why.  “I’m a fierce opponent of government secrets of all kinds,” says John Young. “The scale is tipped so far the other way that I’m willing to stick my neck out and say there should be none.”  Young describes several exchanges with federal agents over postings related to espionage and potential security breaches, though no charges have ever been filed. And he notes that corporate complaints of alleged copyright violations and efforts to shut Cryptome down have gone nowhere.

For Young, there’s a more persistent annoyance than these: the inevitable comparisons of Cryptome to WikiLeaks, the more famous online secret-sharing organization launched by Julian Assange and others in 2006.  Young briefly collaborated with WikiLeaks’ creators but says he was dropped from their network after questioning plans for multimillion-dollar fundraising. Cryptome operates on a minimal budget — less than $2,000 a year, according to Young, who also shuns WikiLeaks-style publicity campaigns.  “We like the scholarly approach — slow, almost boring,” says Young. He likens Cryptome to a “dusty, dimly lit library.”  That’s not quite the image that Reader’s Digest evoked in 2005, in an article titled “Let’s Shut Them Down.” Author Michael Crowley assailed Cryptome as an “invitation to terrorists,” notably because of its postings on potential security vulnerabilities.Cryptome’s admirers also don’t fully buy into Young’s minimalist self-description….

Young considers himself a freedom-of-information militant, saying he is unbothered by “the stigma of seeming to go too far.” Claims that Cryptome aids terrorists or endangers intelligence agents are “hokum,” he said. “We couldn’t possibly publish information to aid terrorists that they couldn’t get on their own,” he said, depicting his postings about security gaps as civic-minded.  “If you know a weakness, expose it, don’t hide it,” he said…

As a motto of sorts, the Cryptome home page offers a quote from psychiatrist Carl Jung: “The maintenance of secrets acts like a psychic poison which alienates the possessor from the community.”  The website says Cryptome welcomes classified and confidential documents from governments worldwide, “in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance.”  Young attributes Cryptome’s longevity and stature to its legion of contributors, most of them anonymous, who provide a steady stream of material to post.  Among the most frequently downloaded of Cryptome’s recent postings were high-resolution photos of the Fukushima Dai-ichi nuclear plant in Japan after it was badly damaged in the March 2011 tsunami/earthquake disaster.

Cryptome also was a pivotal outlet last year for amorous emails between national security expert Brett McGurk and Wall Street Journal reporter Gina Chon, which led McGurk to withdraw as the Obama administration’s nominee to be ambassador to Iraq.  Other documents on the site list names of people purported to be CIA sources, officers of Britain’s MI6 spy agency, and spies with Japan’s Public Security Investigation Agency….

Another exchange with the FBI came in November 2003, according to Young, when two agents paid him a visit to discuss recent Cryptome postings intended to expose national security gaps. The postings included maps and photos of rail tunnels and gas lines leading toward New York’s Madison Square Garden, where the Republican National Convention was to be held the next year….Another confrontation occurred in 2010, when Cryptome posted Microsoft’s confidential Global Criminal Compliance Handbook, outlining its policies for conducting online surveillance on behalf of law enforcement agencies. Contending that the posting was a copyright violation, Microsoft asked that Cryptome be shut down by its host, Network Solutions. Criticism of Microsoft followed, from advocates of online free speech, and the complaint was withdrawn within a few days….

Moreover, Young urges Cryptome’s patrons to be skeptical of anything placed on the site, given that the motives of the contributors may not be known.  “Cryptome, aspiring to be a free public library, accepts that libraries are chock full of contaminated material, hoaxes, forgeries, propaganda,” Young has written on the site. “Astute readers, seeking relief from manufactured and branded information, will pick and choose…”

Excerpts from DAVID CRARY, Older, Quieter Than WikiLeaks, Cryptome Perseveres, Associated Press, Mar. 9, 2013

The Virgin Digital Land and the Google Monopoly

Online Africa is developing even faster than the new highways of offline Africa. Undersea cables reaching Africa on the Atlantic and Indian Ocean coasts, plus innovative mobile-phone providers, have raised internet speeds and slashed prices. In some African markets you can buy a daily dose of internet on a mobile phone for about the cost of a banana (ie, less than ten American cents). This burgeoning connectivity is making Africa faster, cleverer and more transparent in almost everything that it does.

Google can take a lot of the credit. The American search-and-advertising colossus may even be the single biggest private-sector influence on Africa. It is not just that its internet-search and e-mail are transforming Africa. Take maps. Before Google, ordinary Africans struggled to find maps. Military and civilian mapping offices hoarded rolls of colonial-era relics and sold them at inflated prices. By contrast, Google encourages African developers to layer maps with ever more data. In Kenya 31,000 primary schools and 6,900 secondary schools are marked on Google maps. Satellite views even let users see if the schools have built promised new classrooms or water points. Similar initiatives let voters verify local voting figures at election time. Satellite views of traffic jams have also shamed some African cabinets into spending more on city infrastructure.

Google has also pepped up Africa’s media, enabling Africans to read each other’s newspapers. Google is improving translation software to bring more Africans who speak only local languages online. As well as English, French, Portuguese and Arabic, it offers Zulu, Afrikaans, Amharic and Swahili. Languages like Wolof, Hausa, Tswana and Somali are set to follow.

Faster downloading speeds have helped make Google’s YouTube video-viewing more popular. Young urban Africans organise YouTube parties. The company is also trying to help African governments digitise information and make it freely available to their citizens. Many rulings in the higher courts of Ghana, for instance, are going online.

Yet critics complain that Google is buying up enormous amounts of virgin digital land in Africa at virtually no cost. Within a couple of decades, without the regulatory oversight of the African Union or African governments, they say, Africa’s internet life will be almost entirely in hock to the Google giant. Even the company’s decision to go slow on seeking profits from Africa by offering cheap deals has been attacked by African would-be rivals, which say that such tactics are only extending Google’s unfair advantage.

Google says its recent effort to best a rival South African firm, Mocality, was an embarrassing aberration. Google’s top man in Africa, Joe Mucheru, brushes aside fears of a monopoly. The company’s advertising model, he says, helps African business. “The more Google grows, the more the entire ecosystem grows.” He is especially keen on Google+, a service that seeks to provide an even more useful online community than Facebook

Google in Africa: It’s a hit, Economist, May 12,2012, at 57

Protesting the Anti-Counterfeiting Trade Agreement

Lithuania’s central bank said Friday (Jan. 27, 2012) it had been hit by a cyber-attack, but had eventually overcome the assault on its website and other online services.  In a statement, the bank said that the denial-of-service attack — in which many outside computers overload the target’s IT system — from a group of countries took place early Friday morning…The bank said that the attacks were launched from computers apparently located in countries including Canada, China, Russia, Switzerland, Ukraine and the United States…No public claim of responsibility had been made for the attack so far.  It was not clear if it was linked to Lithuania’s signature Thursday of a controversial international online anti-piracy accord.  Critics of the Anti-Counterfeiting Trade Agreement (ACTA) warn that it could significantly curtail online freedom, and several governments have come under attack by groups including “hacktivist” grouping Anonymous.

Lithuanian central bank hit by cyber-attack, Agence France Presse, Jan. 28, 2012

Text of ACTA (pdf)

Negotiating History

Rapporteur

We Have Every Right to Be Furious About ACTA