Tag Archives: internet

From Subversive to Submissive: the internet

The corridor where WWW was born. CERN, ground floor of building No.1

Free-Speech advocates were aghast—and data-privacy campaigners were delighted—when the European Court of Justice (ECJ) embraced the idea of a digital “right to be forgotten” in May 2014. It ruled that search engines such as Google must not display links to “inadequate, irrelevant or no longer relevant” information about people if they request that they be removed, even if the information is correct and was published legally.

The uproar will be even louder should France’s highest administrative court, the Conseil d’État, soon decide against Google. The firm currently removes search results only for users in the European Union. But France’s data-protection authority, CNIL, says this is not enough: it wants Google to delete search links everywhere. Europe’s much-contested right to be forgotten would thus be given global reach. The court… may hand down a verdict by January.

The spread of the right to be forgotten is part of a wider trend towards the fragmentation of the internet. Courts and governments have embarked on what some call a “legal arms race” to impose a maze of national or regional rules, often conflicting, in the digital realm
The internet has always been something of a subversive undertaking. As a ubiquitous, cross-border commons, it often defies notions of state sovereignty. A country might decide to outlaw a certain kind of service—a porn site or digital currency, say—only to see it continue to operate from other, more tolerant jurisdictions.

As long as cyberspace was a sideshow, governments did not much care. But as it has penetrated every facet of life, they feel compelled to control it. The internet—and even more so cloud computing, ie, the storage of vast amounts of data and the supply of myriad services online—has become the world’s über-infrastructure. It is creating great riches: according to the Boston Consulting Group, the internet economy (e-commerce, online services and data networks, among other things) will make up 5.3% of GDP this year in G20 countries. But it also comes with costs beyond the erosion of sovereignty. These include such evils as copyright infringement, cybercrime, the invasion of privacy, hate speech, espionage—and perhaps cyberwar.

IIn response, governments are trying to impose their laws across the whole of cyberspace. The virtual and real worlds are not entirely separate. The term “cloud computing” is misleading: at its core are data centres the size of football fields which have to be based somewhere….

New laws often include clauses with extraterritorial reach. The EU’s General Data Protection Regulation will apply from 2018 to all personal information on European citizens, even if the company holding it is based abroad.

In many cases, laws seek to keep data within, or without, national borders. China has pioneered the blocking of internet addresses with its Great Firewall, but the practice has spread to the likes of Iran and Russia. Another approach is “data localisation” requirements, which mandate that certain types of digital information must be stored locally or remain in the country. A new law in Russia, for instance, requires that the personal information of Russian citizens is kept in national databases…Elsewhere, though, data-localisation polices are meant to protect citizens from snooping by foreign powers. Germany has particularly stringent data-protection laws which hamper attempts by the European Commission, the EU’s civil service, to reduce regulatory barriers to the free flow of data between member-states.

Fragmentation caused by government action would be less of a concern if other factors were not also pushing in the same direction–new technologies, such as firewalls and a separate “dark web”, which is only accessible using a special browser. Commercial interests, too, are a dividing force. Apple, Facebook, Google and other tech giants try to keep users in their own “walled gardens”. Many online firms “geo-block” their services, so that they cannot be used abroad….

Internet experts distinguish between governance “of” the internet (all of the underlying technical rules that make it tick) and regulation “on” the internet (how it is used and by whom). The former has produced a collection of “multi-stakeholder” organisations, the best-known of which are ICANN, which oversees the internet’s address system, and the Internet Engineering Task Force, which comes up with technical standards…..

Finding consensus on technical problems, where one solution often is clearly better than another, is easier than on legal and political matters. One useful concept might be “interoperability”: the internet is a network of networks that follow the same communication protocols, even if the structure of each may differ markedly.

Excerpts from Online governance: Lost in the splinternet, Economist, Nov. 5, 2016

Advertisements

The Nationalization of Internet

Seeking to cut dependence on companies such as Google, Microsoft, and LinkedIn, Putin in recent years has urged the creation of domestic versions of everything from operating systems and e-mail to microchips and payment processing. Putin’s government says Russia needs protection from U.S. sanctions, bugs, and any backdoors built into hardware or software. “It’s a matter of national security,” says Andrey Chernogorov, executive secretary of the State Duma’s commission on strategic information systems. “Not replacing foreign IT would be equivalent to dismissing the army.”

Since last year, Russia has required foreign internet companies to store Russian clients’ data on servers in the country. In January 2016 the Kremlin ordered government agencies to use programs for office applications, database management, and cloud storage from an approved list of Russian suppliers or explain why they can’t—a blow to Microsoft, IBM, and Oracle. Google last year was ordered to allow Android phone makers to offer a Russian search engine. All four U.S. companies declined to comment.

And a state-backed group called the Institute of Internet Development is holding a public contest for a messenger service to compete with text and voice apps like WhatsApp and Viber. Russia’s Security Council has criticized the use of those services by state employees over concerns that U.S. spies could monitor the encrypted communications while Russian agencies can’t,,

On Nov. 10, 2016, Russia’s communications watchdog said LinkedIn would be blocked for not following the data-storage rules….. That same day, the Communications Ministry published draft legislation that would create a state-controlled body to monitor .ru domains and associated IP addresses. The proposal would also mandate that Russian internet infrastructure be owned by local companies and that cross-border communication lines be operated only by carriers subject to Russian regulation…

The biggest effect of the Kremlin’s internet campaign can be seen in the Moscow city administration, which is testing Russian-made e-mail and calendar software MyOffice Mail on 6,000 machines at City Hall. The city aims to replace Microsoft Outlook with the homegrown alternative, from Moscow-based New Cloud Technologies, on as many as 600,000 computers in schools, hospitals, and local agencies….“Money from Russian taxpayers and state-controlled companies should be spent primarily on domestic software,” Communications Minister Nikolay Nikiforov told reporters in September. “It’s a matter of jobs, of information security, and of our strategic leadership in IT.”

Excerpts from Microsoft Isn’t Feeling Any Russian Thaw, Bloomberg, Nov. 17, 2016

Showing off American Military Hackers: DARPA Plan X

oculus

At the Pentagon Wednesday (May 21, 2014) the armed forces’ far-out research branch known as the Defense Advanced Research Projects Agency showed off its latest demos for Plan X, a long-gestating software platform designed to unify digital attack and defense tools into a single, easy-to-use interface for American military hackers. And for the last few months, that program has had a new toy: The agency is experimenting with using the Oculus Rift virtual-reality headset to give cyberwarriors a new way to visualize three-dimensional network simulations–in some cases with the goal of better targeting them for attack.

“You’re not in a two-dimensional view, so you can look around the data. You look to your left, look to your right, and see different subnets of information,” Darpa’s Plan X program manager Frank Pound told WIRED in an interview. “With the Oculus you have that immersive environment. It’s like you’re swimming in the internet…..If Plan X’s Oculus software ever reaches the eyeballs of actual soldiers–a development that Darpa says is still years away–Pound doesn’t deny that the interface would be used for actual offensive hacking as well as defense and reconnaissance. Like the rest of Plan X, he says it’s meant to be a simpler and more intuitive way for the U.S. Cyber Command and other American military hackers to visualize everything they do in their cyberwar operations. “Think of Plan X like an aircraft carrier,” says Pound. “It can carry any weapon system or capability.”

That sort of admission will no doubt set off alarm bells for critics of the American military’s increasingly aggressive posture on the Internet. The revelation in 2012 that the United States created the Iran-targeted Stuxnet malware and a year of Edward Snowden’s leaks have already demonstrated that the NSA engages in more advanced cyberattack operations than practically any country on the planet. Enabling American hackers to launch those attacks with a tool that’s literally designed for video games could be seen as encouraging a brazen attitude towards cyberwar, disconnecting it from the reality of its consequences.

But Darpa’s Pound counters that safeguards against reckless hacking will be built into Plan X, and that it may actually reduce collateral damage from military cyberattacks by allowing soldiers to better understand the networks they’re attacking.

Excerpt from ANDY GREENBERG, Darpa Turns Oculus Into a Weapon for Cyberwar, Wired, May 23, 2014

The Digital Bombs of DARPA: Plan X

Connectivity to the Masses: Satellites for Africa

o3b satellites africa

Africa’s demand for bandwidth is doubling every year, outpacing the laying of terrestrial telecom fibre links and encouraging commercial satellite operators to launch more units into orbit.   The arrival of submarine cables on Africa’s eastern shore just five years ago (see e.g. Eastern Africa Submarine Cable System (EASSy)) was largely expected to herald the end of satellite connections, which had been the region’s only link to the outside world for decades.  But the opposite is happening with Africa’s political geography – notably its many landlocked countries, such as Zambia, South Sudan and Rwanda – bringing undersea cable plans back to earth.

“If you are to provide connectivity to the masses, fibre is not the way to do it. Do you think that it would make economical sense to take fibre to every village in Kenya?” said Ibrahima Guimba-Saidou, a senior executive for Africa at Luxembourg-based satellite operator SES SA “Satellite is still around and will continue to be around because it’s the best medium to extend connectivity to the masses.”  Hundreds of millions of people on the continent still have no access to the Internet, he said….

SES, one of the world’s largest commercial satellite operators, expects to launch its Astra2G satellite in 2014 after sending three others dedicated to Africa into orbit in the last year. Nine of its 56 satellites orbiting the earth are allocated for Africa.  Europe’s biggest satellite operator Eutelsat plans to fire off its tri-band EUTELSAT 3B this month after launching another to extend sub-Saharan Africa coverage in 2013.

The demand for Internet and data services in Africa has been driven by affordable mobile broadband connections. Mobile broadband users could grow by nearly eight times to 806 million by the end of 2018, according to Informa estimates.  New services such as digital television, onboard Internet connection for passenger aircraft, and delivering education and health services electronically will also drive demand.

The private sector has several initiatives to extend the capacity from submarine cables inland using terrestrial cables, but until that bottleneck is addressed, satellite operators are innovating to plug that black hole. One operator, O3B, or Other 3 Billion, has launched four of the next-generation medium earth orbit (MEO) satellites and plans two other launches in 2014 to make an orbital constellation of 12.  At a height of 8,000 kms (5,000 miles), the MEO units allow for faster speeds than traditional stationary satellites at 36,000 kms.  O3B’s tests have delivered capacity five times better than what traditional satellites can manage, making its technology suitable for both voice and interactive applications, said Omar Trujillo, vice president for Africa and Latin America….”A lot of applications for mining, oil and gas, will continue to be done by satellite,” he said. “The main market may not be international links for Nairobi or Johannesburg but will be communication for some of these remote areas that have had very low demand before, but now have fast-growing demand.

Excerpts from Helen Nyambura-MwauraAFRICA INVESTMENT-Africa’s hunger for data sends satellites into orbit, Reuters, Apr. 17, 2014

How to Search the Deep Web: DARPA MEMEX

deep web

From the DARPA website

Today’s web searches use a centralized, one-size-fits-all approach that searches the Internet with the same set of tools for all queries. While that model has been wildly successful commercially, it does not work well for many government use cases. For example, it still remains a largely manual process that does not save sessions, requires nearly exact input with one-at-a-time entry, and doesn’t organize or aggregate results beyond a list of links. Moreover, common search practices miss information in the deep web—the parts of the web not indexed by standard commercial search engines—and ignore shared content across pages.

To help overcome these challenges, DARPA has launched the Memex program. Memex seeks to develop the next generation of search technologies and revolutionize the discovery, organization and presentation of search results. The goal is for users to be able to extend the reach of current search capabilities and quickly and thoroughly organize subsets of information based on individual interests. Memex also aims to produce search results that are more immediately useful to specific domains and tasks, and to improve the ability of military, government and commercial enterprises to find and organize mission-critical publically available information on the Internet…

Initially, DARPA intends to develop Memex to address a key Defense Department mission: fighting human trafficking. Human trafficking is a factor in many types of military, law enforcement and intelligence investigations and has a significant web presence to attract customers. The use of forums, chats, advertisements, job postings, hidden services, etc., continues to enable a growing industry of modern slavery. An index curated for the counter-trafficking domain, along with configurable interfaces for search and analysis, would enable new opportunities to uncover and defeat trafficking enterprises.

The Memex program gets its name and inspiration from a hypothetical device described in “As We May Think,” a 1945 article for The Atlantic Monthly written by Vannevar Bush, director of the U.S. Office of Scientific Research and Development (OSRD) during World War II. Envisioned as an analog computer to supplement human memory, the memex (a combination of “memory” and “index”) would store and automatically cross-reference all of the user’s books, records and other information.

Excerpt, MEMEX AIMS TO CREATE A NEW PARADIGM FOR DOMAIN-SPECIFIC SEARCH,  DARPA Website, February 09, 2014

The Damaged Credibility of Internet Security

NIST. Image from wikipedia

On Nov. 6, 2013,  the Internet Engineering Task Force (IETF), an organisation which brings together the scientists, technicians and programmers who built the internet in the first place and whose behind-the-scenes efforts keep it running, debated what to do about all this. A strong streak of West Coast libertarianism still runs through the IETF, and the tone was mostly hostile to the idea of omnipresent surveillance. Some of its members were involved in creating the parts of the internet that spooks are now exploiting. “I think we should treat this as an attack,” said Stephen Farrell, a computer scientist from Trinity College, Dublin, in his presentation to the delegates. Discussion then moved on to what should be done to thwart it….

Even America’s government is getting in on the act. The credibility of its National Institute of Standards and Technology, which sets American cryptographic standards with the help of the NSA, has been dented by Mr Snowden’s revelations. On November 1st it announced it would review the way it carries out its work, in an effort to rebuild trust. The unspoken implication was that it would try harder to stop spooks attempting to slip “unreliable” technology past its vetting procedures.Other security experts are re-examining existing products. Dr Green and his colleague Kenn White are leading a forensic audit of Truecrypt, a popular program that enciphers a user’s hard disks but which displays some odd-looking behaviour and has rather murky origins (it is open-source, but its designers are anonymous, and are thought to live in eastern Europe).

Fixing cryptography is only part of the problem. Intelligence agencies can also tap data cables, allowing them to capture unscrambled information being sent between a user and a server, regardless of whether it is later encrypted.  Mr Snowden’s leaks seem to have boosted the market for better ways of dealing with this behaviour, too. Mike Janke, a former commando who now runs Silent Circle, a firm that offers “end-to-end” encryption software (meaning all messages are transmitted pre-scrambled), counts everything from corporations worried about industrial espionage to the Dalai Lama among his customers. He says that “business is up about 400% since the summer of Snowden”. In the wake of Mr Snowden’s revelations, his firm shut down its e-mail service and is preparing a new one that will transmit all messages pre-scrambled, meaning that only the recipient, not even the company itself, will be able to decode them…

On October 30th the Washington Post reported that America’s spies have bugged private, unencrypted fibre-optic cables which carry bits and bytes between the data centres in the worldwide networks of Google and Yahoo, without the companies’ knowledge. Google, which, of course, must be able to read its customers’ e-mail in order to inflict advertisements on them, nevertheless relies on people trusting it to guard their data, observes Dr Green.  “There’s a lot of anger out there,” says Christopher Soghoian, principal technologist at the American Civil Liberties Union, a lobbying group. “I’ve seen two blog posts by Google engineers in the last three days that contained the words ‘fuck you, NSA’.”

Excerpts, Internet security: Besieged, Economist, Nov. 9, 2013 at 83

Bullies: how to sell flawed software and beat the market

computer chips

[T]he odds are almost zero that the NSA hasn’t tried to influence Intel’s chips.” In 2012 a paper from two British researchers described an apparent backdoor burned into a chip designed by an American firm called Actel and manufactured in China. The chip is widely used in military and industrial applications. Actel says the feature is innocent: a tool to help its engineers fix hardware bugs…

Now America’s tech giants stand accused not just of mishandling their customers’ data, but, in effect, of knowingly selling them flawed software. Microsoft has always denied installing backdoors. It says it has “significant concerns” about the latest leaks and will be “pressing the government for an explanation”. The damage goes well beyond individual companies’ brands. American technology executives often use their economic clout to shape global standards in ways that suit their companies. Now that will be harder. American input to international cryptographic standards, for example, will have to overcome sceptical scrutiny: are these suggestions honest, or do they have a hidden agenda? More broadly still, America has spent years battling countries such as Russia, China and Iran which want to wrest control of the internet from the mainly American engineers and companies who run it now, and give a greater role to governments. America has fought them off, claiming that its influence keeps the internet open and free. Now a balkanisation of the web seems more likely. Jason Healey of the Atlantic Council, a think-tank, says that the denizens of Washington, DC, have lost sight of the fact that the true source of American cyber-power is neither the NSA and its code-breaking prowess nor the offensive capabilities that produced the Stuxnet virus, which hit centrifuges at an Iranian nuclear plant; it is the hugely successful firms which dominate cyberspace and help disseminate American culture and values worldwide. By tarnishing the reputations of these firms, America’s national-security apparatus has scored an own goal.

NSA and Cryptography: Cracked Credibility, Economist, Sept. 14, 2013, at 65