Internet Freedom

Here’s my liveblog on the “Internet Freedom” debate, part of the wonderful Cambridge Festival of Ideas. Excuse the errors, will tidy up later. And here’s the blurb (from here):

The internet is holding governments to account by creating a platform for leaked information as well as for protest groups to freely talk. Join us to debate whether the internet can and should be controlled. Speakers include Herbert Snorsson, founder of; David Clemente, Chatham House; and Steve Murdoch, Computer Laboratory University of Cambridge.

Questions – is the Internet a force for good? Can it be used for evil? Can it be policed? Should things be kept secret? Should our data remain private? Should countries have a say on what is available?

Jim Killock – Executive Director, Open Rights Group

Jim introduces ORG, discussing the funding (mostly from members at £5 a month) and recent campaigns (e.g. privacy, Digital Economy Act). Internet freedom should mean, for example, that responsibility lies with sender and receiver but not with an intermediary (particularly ISPs), and this is under threat. But what are the benefits? Political and cultural participation (at unprecedented level) – and therefore power, transparency & accountability (not just re governments but re journalists and corporations), contributing to a ‘better sort of politics’. ORG and others hear that the Internet is unregulated, the Wild West, full of criminals and so on from some MPs and policymakers; others see it as television in the making. But really, the Internet is like society, the roads, the pub, a marketplace, a village green – reflects the world around. ORG argues for a rights-based debate to avoid the Internet being a negative place, e.g. mass surveillance (government or corporate), or intermediaries choosing what you see (biased search, advertisers gaining information, formal and informal censors, copyright owners having power). Who then are the enemies of Internet freedom? Top of the list are copyright lobby groups – who want to see traffic, snoop on customers, prevent access. But also state security apparatus (want more access to information that flows). More benign are those with legitimate worries about society (e.g. re anorexia, pornography) who end up in a position where they want ‘the Internet to stop doing these things’. These various enemies have given up targeting the user (more or less) and focus on the middle – to stop the network working like a network, placing new controls on it. Internet freedom can survive though because it is a value for all of us and it is becoming obvious what we get from it; the need for eternal vigilance is no different. Join the Open Rights Group.

David Clemente – Researcher, International Security Programme, Chatham House

(Personal opinion, not that of Chatham House). Agrees that this is a debate about power. States and others can be uncomfortable with how cyberspace challenges accepted notions of power, e.g. an ageing Senator looking for the off switch after a cyberattack. But this is increasingly less common. Ability to innovate (e.g. write an app!) affects distribution of power – and lines between transparency and secrecy that a government might draw. Wikileaks is an example of the US responding strongly even though it might have welcomed it if it was about Iranian secrets. Post-9/11 move in US military from need to know to need to share – over 1m people had access to these cables, produces benefits but can return to sting you. Wikileaks far surpasses e.g. Pentagon Papers in terms of volume; governments can collect a lot of data (but can also use it). Governments can still apply pressure e.g. on credit card companies which as we have seen has an impact on Wikileaks. Cyberspace ‘supercharges’ blurring of power lines but not all new. Khomenei distributed his message on audio cassette in the late 70s – now it’s even quicker. Yet there are still some things we would rather governments keep secret – trade negotiations? health and tax records? certain diplomatic conversations? can be argued to be necessary. A disclosure like Wikileaks can inhibit free conversations (e.g. between US diplomats and other states); various allegations were made re Afghan war log disclosure. Some leaking can be good, promoting ‘positive transparency’ (Tunisia?) – not necessarily that it caused a revolution but every little stone helps. In sum, the Internet is still relatively young – as John Naughton said, we wouldn’t have expected Gutenberg to tell us about the impact of printing 20 years after its invention.

Dr Steven Murdoch – Security Research, University of Cambridge

The key for Internet regulation is that it is made of cables which are managed/used by people, who can be influenced by governments. Extreme examples exist e.g. North Korea isolation, China blocking, Middle East religious reasons. But in the UK, a system that was accepted by ISPs for images of child abuse is now to be used [he’s referring to the latest instalment in the Newzbin case, reported here] for blocking access on copyright infringement grounds. The trend is away from blocking at source to blocking from accessing. Many have secrets – military, government, companies – but each employ individuals who would like to disclose. Others have discussed censorship as a response but surveillance is one too. Technologies like Tor can be used and are – for various reasons – secrecy, avoiding advertising tracking, but also human rights workers, law enforcement. Although users can be protected there is a trend towards building both censorship and surveillance into the system. Do we therefore have enough, too much or too little freedom on the Internet today – and we should think about this beyond Wikileaks, e.g. phone hacking, expenses, Tunisia.

Herbert Snorasson – (via Skype…)

While it’s important to protect secrecy of things like health records, there is a need to rebalance other issues (e.g. government negotiations) in favour of access to information. We need a variety of tools for this, FOI etc good but also a ‘crowbar’ e.g. Wikileaks tried this, but no single organisation can ever provide everything we need. The workload when I [i.e. Herbert] was there was insane. The work is important and needs to be done with the goals in mind. (Stopped after a couple of minutes due to tech issues etc but will participate in questions)


Chair (missed name, sorry – BBC journalist) sums up the debate, mentions the use of productivity software (i.e. blocking social network use at work) by Syrian government, and opens it up to the floor

How serious is the threat by Government to restrict social media during disorder?
JK: sorry that people like David Lammy overreacted in this way, but ORG and others provided alternative view. The debate then shifts from censorship to surveillance which still needs to be treated seriously, money has been allocated within Home Office for interception modernisation.
DC: notes Google’s publication of information about state requests with a very high number in the US.
HS: if David Cameron would block Twitter during riots, there would be a political cost…

What would a cyber attack on the UK look like?
SM: it’s a bit of a buzzword, but in many ways cyberwarfare is already happening (although not really for speech reasons, different goals). The sky isn’t going to fall.
Chair: notes event with Foreign Office next week in London which demonstrates level of concern and response e.g. to viruses targeted at government networks.
DC: US central command (in 2008) was attacked – but much of this is the human element (e.g. opening an email, picking up a USB stick in a car park)

Apple spying on its customers – to what extent are networks being used for this sort of purpose
JK: you have the right not to be snooped on and you should need to agree, but none of this is very transparent. Many online services are ‘free’ but they are selling advertising based on your data. Facebook hardly ever deletes anything. But social life, campaigning etc is important re Facebook – is this then consent or putting up with it? Also note behavioural advertising/cookies – at a bare minimum I should be able to see this but told no such right (information is about cookie not person)
HS: there is regulation of this through the European Union but many companies are based in the US and are exempt – the EU provisions are not perfect but go some way. But note Facebook has designated its office in Dublin (for non-US/Canada) and is therefore subject to EU regulation, they have been flooded with information requests under EU law.

Chair: notes Reddit campaign for Facebook data disclosure, file ten times the size you would normally get.
Ross Anderson (from the floor): judiciary has the chance to keep up with technology; US courts are open to lawsuits from private individuals and organisations
(missed name, ex-lawyer): Facebook is dominant so use should be made of European competition law…
JK: Wikileaks affair was demonstration of government not using proper legal procedures, leaning on private companies – this is the Wild West. And regulators (e.g. Irish DPC, UK ICO) have limited remedies and are reluctant to use them. Would also need to figure out if Facebook is dominant in a market and how that relates to data protection.


Wireless networks detected?

I’ve followed (from a distance) the debate on the copyright-related provisions of the Digital Economy Bill. I find the House of Lords debate on such causes unnecessary stress, although I’m somewhat doubtful about the legislation ever finding its way onto the statute book, given the approaching general election and the length that the HL stage is taking (note that this legislation started there, so has yet to even trouble the elected house. However, I’ve been jolted into action by the frankly bizarre response of the Bill’s proposers to the initial criticism regarding the impact of the Bill on wireless/wifi networks. The Open Rights Group sets out the earlier stages of this sub-issue and the most recent developments here, and Lilian Edwards (who has been following it) has already analysed these questions very well indeed. The document referred to in this post is Factsheet B2, available here in .doc.

Now I have a bit of prior interest in this area, and it’s only fair to point it out. I wrote an overview of a bundle of legal issues, published in 2009 here. At the time, I was a little concerned (and mentioned in passing) about this issue of responsibility for the actions of others using the network. It formed part of the broader theme (which was amplified in contemporary press coverage) that wireless networks play an important social role in providing access to underserved groups and thinking about Internet use as something beyond a way in which ISPs make money. I suggested that there might be some conflict between defining the admin of a wireless network as a customer of an ISP (subscriber) or as the operator of another provider (public electronic communications network). There are advantages and disadvantages either way. The Bill, though, seems to take this doubt, refuse to answer it, and throw in some previously-unknown restrictions that I would now argue are a serious threat to the development of open networks that I did not then anticipate. This is not to suggest that I had any great insight – quite the opposite, I feel as if my crystal ball needs an upgrade. That said, on with business.

The current state of play is that the Government is not prepared to consider exemptions. The argument is a rather ignorant one that an exemption e.g. for libraries would lead to abuse of the exemption and even fake institutions taking advantage of it.

We have considered the extent to which an exemption might be provided in the legislation. We cannot give blanket exemptions for any such establishment. This would send entirely the wrong signal and could lead to “fake” organisations being set up, claiming an exemption and becoming a hub for copyright infringement. Similarly existing establishments might simply ignore the issue of copyright infringement (or treat as “too difficult”) and allow users to infringe copyright with effective immunity.

This is a little surprising, given the range of existing special provisions and exemptions in the law for libraries; the Copyright, Designs & Patents Act 1988 contains stacks of them. Presumably on the Government’s new view they should all be repealed forthwith. Great.

Furthermore, it’s also being suggested that operators of open wifi be required to put in place untested, burdensome and potentially pointless restrictions such as peer-to-peer blocking, commercial filtering software, and terms and conditions for users. Registration is also suggested – just like pay-as-you-go mobiles, the intention to have a complete record of users is clear. This is putting in place restrictions that are not currently required under UK law. Filtering software is not a legal requirement in this jurisdiction nor should it be. Effectively requiring it for cafes, universities and libraries – at the very time that we are suggesting that the future is based around Internet delivery of everything from video news to Government services – is absurd. Surely a system like this will lead to an environment where there are fewer open networks and those that remain being crippled. The presumption in the new proposals is that the best network is a closed network – indeed, one idea is that admins be sent instructions on how to secure the network. I am, as I mentioned above, already associated with the anti-closed network view, but I accept that there are complex arguments here. That said, this is something that should be considered in full, rather than as a subset of a subset of a copyright debate. If wireless networks are to be controlled, this should not be achieved through the nod and wink approach of allowing open networks but forcing those who provide them to change the essence of Internet access through the threat of liability for supposed copyright infringement. Given that the Government refuses to say what the status of the wifi admin is, it’s far too early to decide what their responsibilities are, especially when the net result of those responsibilities is a dystopian vision of the version of the Web used in primary schools. I’ll leave the final word to the document, which appears confused as to whether it is a legal proposal, a statement of fear, or a sales pitch for software:

Wireless connections are harder to secure. It is straightforward to limit use to only authorised users – via a password or by registering the PCs that can access. Access might also be limited to particular times of the day. Preventing authorised users from miss-using a connection is more difficult. One option is to route all traffic via a proxy server which does not support or allow (eg) use of file-sharing technologies. Another is to place similar restrictions on the router.
The “Get Safe Online” website ( – supported by HMG and Ofcom – lists three companies who provide filters and software which can block or filter content and who can also block the use of P2P programmes: Cybersitter, Net Nanny, and Cyberpatrol.
It also provides a link through to other sites such as which lists and evaluates a wider range of products including BSafe, Safe Eyes, ChildSafe and Cybersentinel.
These products typically cost in the region of US$40 (about £30) and allow the user to block the most popular P2P applications such as: Bit Torrent, eMule, Gnutella, Kazaa, Morpheus, and Limewire.

Open Rights Group on Google Books

This submission is primarily concerned with privacy online, consumer rights, international developments and diversity of provision. With regard to user privacy, the Settlement is light on safeguards so the Commission is advised to intervene promptly to ensure the protection of fundamental rights and enforcement of EU law. In terms of digital rights management, we call for the Commission to raise the basic ‘floor’ of consumer rights to ensure users are not unduly restricted in performing lawfully permitted activities. In respect of international development and access to knowledge, the Commission should seek to ensure that the service is made available to institutions outside of the US, particularly in developing states, and at appropriately discounted subscription rates. We also recommend that the Commission encourage competition between Google and others in providing digital books, and considers solutions such as compulsory licences.

The European Commission will hold a hearing next month on the European response to the proposed settlement in the (US) Google Book Search case. Some very provocative questions have been set out. The summary above, and the full document at this link (PDF) is the response of the UK-based Open Rights Group to the Commission’s call for comments. (Disclosure: I am an ORG supporter, and I contributed to the writing of this document).

For all the information you could ever need on the settlement, see the Public Index, a project led by James Grimmelmann at New York Law School (who has also summarised and responded to the ORG document at his blog)

Organise Reform Galvanize

The Open Rights Group (ORG) needs you. ORG is an extremely impressive British-based NGO that punches above its weight and is at an important moment in its development now, and I’m writing this post to encourage you to get involved.

In just three short years ORG has effected real policy change on a number of issues, from copyright reform to e-voting. But threats to our liberties are not subsiding, they are increasing, from unchecked snooping by advertisers and bureaucrats to the entertainment industry’s war on online freedoms. From July to December this year, we are working to double the amount of financial support we receive from individuals so ORG is ready and able to meet these threats.

Although I’ve known some of the people involved in ORG throughout my doctoral studies (and even had the pleasure of attending a reception the group hosted in its early days up in Edinburgh, September 2006 I think), I hadn’t joined – I kept an eye on things through the mailing list and occasionally joined in a campaign. (I was a member of Digital Rights Ireland though). Now, having moved to the UK, I’m delighted to be joining ORG and offering my support. I strongly recommend that you do so too, starting with one of the steps below.

  • Join and support ORG. During the ORG-GRO campaign, the intention is to increase the membership base and raise 1,500 x £5 monthly subscriptions. There’s even a league table for current members who bring their friends into the organisation. Which is an excellent idea. But if you’re reading this, whether you’re a friend or a foe, please follow the link and consider getting involved. If you do so before the end of October, the interim target of 1,000 can be hit. Your Internet needs you.
  • Director Becky Hogge is moving on and applications are sought for this position.
  • Read the September 2008 update
  • Apply to join the ORG Board, particularly if you have experience of chairing or fundraising, though all applications are welcome
  • Join the discussion list and contribute your knowledge and expertise to various campaigns.
  • See that widget in the sidebar? Add it to your blog or website now. Or there’ll be trouble.