Free Speech + Human Rights
Bruce Schneier says “Remember this: The math is good, but math has no agency. Code has agency, and the code has been subverted.” (read original)
What this means is that the theory behind something — in this case encryption using “hard” mathematics — may be very good, but the implementation can be full of “gotchas” — errors, omissions, faults — and that‘s what will get you in the long term. He was specifically commenting on Edward Snowden’s revelations about the US National Security Agency and whether they can read all encrypted messages, but it can apply to many other software endeavors.
If you’re thinking of writing some software whose function is critical, and especially if lives depend on it, you have to be extremely careful with your implementation. And Open Source is a big plus because other eyes can look at your code and spot mistakes that you, as author, are likely to overlook.
So whatever you’re working on, be very, very careful with the implementation.
For almost two months I’ve been quite aware of how the US Congress wants to impose their will on the Internet as a whole. Aw, comeon—everyone wants to impose their ideas on the Internet! Of course, China, Saudi Arabia, Iran, Syria and Burma (among others) do impose their will(s) on the Internet by filtering and other actions.
If the US were to institute laws that allow the Attorney General and/or companies to force ISPs to block (or modify the DNS for) domains they assert are in violation of copyright, it would be the beginning of a slippery slope which could well lead to blocking (censorship in effect) for other reasons. There is just not enough due process in these proposed laws. Once the mechanics are in place, it would be easy to justify using them for other purposes.
I was most impressed at the action taken by Wikipedia on January 18th (2012) to make their service unavailable (except via mobile and for certain pages). And Google did a great job by blacking out their logo, leaving their search intact, and providing links to further information, including pages to reach Congresspeople! Craigslist.org also put up a splash page, which I think sent many people in the right direction. Craig Newmark, founder (and customer support) of Craig’s List is very much involved in citizen democracy (“democracy 2.0” if you will). I put up notices on my own sites, and on my friend Amy Jussel’s ShapingYouth.org on the 18th, directing peoples’ attention to the SOPAstrike page. I was also impressed that
The key is to not require that ISPs or search engines be the enforcers of government policies, and to not wreck the DNS (and DNSSEC) system by spoofing (even legally) domain names.
I believe Wikipedia and Google turned the tide, and am hopeful that these misbegotten bills will now be abandoned or completely rewritten to make more sense!
The SOPA and PIPA bills being considered in the US Congress allow blocking of domain names by someone who simply makes a complaint. Technically they apply only to non-US-hosted web sites that are pirating digital content, but once the “machinery” is in place, they could be used to block any domain whatsoever, and without due (legal) process. And also, technically, the only person who can complain and get a domain blocked is a digital (music, text, art) rights owner, but in practice this will be almost impossible to enforce.
There is no due process and no way someone who is wrongfully blocked can get themselves quickly unblocked.
And were this legislation to pass in the US, it would signal strong support for other countries similarly blocking internationally-hosted content based on their own national laws. (Many do it already, but let’s not set an example.)
Join me in opposing these bills. Notify your US Senators and Representatives.
This site will be participating in the Strike on January 18th, 2012.
Far from solving all your problems, if you rely on government to solve your cyber-security problems, I think you’re more likely to end up with restricted access to the Internet and someone other than hackers evaluating your communications. And I mean this is a possibility not only from your own national government but due to future international “cooperation” among governments.
Here are five reasons why you have to build your own cyber-protection capabilities rather than relying on governments to solve any of your security (and cyber-attack) problems for you. And you have to be vigilant and aware of what’s going on that might put governments even more in control of your online communications, reducing the options you have available to communicate privately with others as well as to defend yourself. (continue reading…)