Tag: crime and freedom

Anonymous Blogging

All the discussion I’ve seen about the unmasking of Night Jack, the award-winning blogger who told us about life in the police, seems to stand on dangerously bad assumptions.

Many, like Hopi Sen, argue on the basis that anonymous blogging is in the public interest. Some, like the always reasonable chris dillow, dispute that claim. All of them scare me.

For what it’s worth, I think that anonymous blogging is in the public interest. But that’s an awfully flimsy ground on which to build the shocking restriction on freedom which Night Jack’s victory would have produced.

The case wasn’t about whether Night Jack could blog anonymously — whether he could blog without telling anyone his identity. What was at issue was whether The Times, having found out his identity, would be allowed to tell anybody. The only possible answer to that question is yes, of course. Isn’t it enough that this country has the most oppressive libel laws in the world, without putting still more restrictions on what the press is allowed to tell us? Even the Max Moseley case based its verdict in favour of Moseley’s privacy on the basis of a breach of his confidence — that the information came from somebody who had a duty to keep it private. Night Jack originally made a similar claim, but dropped it, claiming only that it was in the public interest that we not find out who he was.

I would like to see a right to blog anonymously, but all I would expect that to encompass is to be allowed to publish without having to identify myself, not to prevent anyone who happens to know who I am from telling anybody else. I want to be permitted to have a secret, but not assisted by the power of the law in keeping it a secret — that’s my job.

The frightening assumption is that if anonymous blogging is in the public interest, anonymity should be protected with the power of the state, and if it is not, then it should be broken with the power of the state. Everything that is not compulsory is forbidden.

CCTV Warning

Don’t look at the cameras! Anyone who looks at the cameras is a terrorist! If you see anyone looking at the cameras, call the police!

http://www.met.police.uk/campaigns/counter_terrorism/index.htm

The cameras are for your protection: that’s all you need to know. And anything you don’t need to know, you’re not allowed to know. Only terrorists care whether they’re on camera or not.

This is a public service announcement from Anomaly UK.

Seriously, I find this much more disturbing than the presence of the CCTV in the first place.

Parliament Bound by Contract?

If I really cared about whether our democratic government was truly representative, I think I would be outraged by this story about the government locking in payments to suppliers for ID card contracts against a possible cancellation by the next government.

Ultimately, the next government could, I presume, pass a law saying that payments promised for ID card work were cancelled, and even that payments previously made could be reclaimed. Traditionally, parliamentary sovereignty meant that was possible.

Would that be a good thing? While I suspect that the contracts in question are being written as a kind of “poison pill” to sabotage Tory policy, it is legitimate that a business could seek up-front payments or guarantees to cover the setup costs of the work they are undertaking to do. A company that was faced with the loss of payment for work it had already done because an election had changed the government’s policy would have a very legitimate cause of complaint.

The opposition could mitigate the injustice by giving good notice – now – of what they intended. That is made more difficult by the claim of “commercial confidentiality” made regarding the terms of the contract.

My line on this is that when a government signs a significant contract with a business, then it is not a matter of commerce, it is a matter of politics. It is, if not nationalisation, then at least something which is of the same kind as a nationalisation, but of different degree.

Therefore the ongoing dealings between the government and the supplier are a matter of politics not of commerce. If nullifying the contract is good politics but bad commerce, then it is what should happen. If the supplier doesn’t like it, they shouldn’t have got involved in politics. Furthermore, hiding the details of the contract on grounds of “commercial confidentiality” makes a mockery of democracy even by my loose standards.

I would also add that this sort of thing: Public Private Partnership and use of contractors in general, is a prime example, probably the best example on this side of the pond, of what Giles Bowkett was talking about. It’s the kind of policy which looks, if not exactly libertarian, at least sort of halfway libertarian. It was supported, at least at the beginning, by the likes of the ASI and the IEA. And because it’s a compromise, and because the nature of the political landscape means inevitably that what it was a compromise with was corporate interests – in this case the corporate interests of the consultancies that get paid for work like the ID card project – then as a result it’s the sort of policy where half-way is much worse than nowhere.

If we were back in the 1970s when the only way to do this sort of system was to hire thousands of civil servants to develop it, we would be better off. Outsourcing gives us none of the benefits of the private sector, but a whole lot of extra cost in corruption and obscuring of the truth.

Finally, I suspect that the Tories, even if they had the balls, could not void the contracts as I have described. The suppliers would be straight off to the EU to cry foul. The brief alliance of Thatcherites and Eurocrats in the 1980s that gave us the single market have stripped the voters and their representatives in parliament of the power to do that.

Email Security

Apparently as of March the government will be requiring ISP’s  to keep email traffic for a year for use by police and security services.

Yes, it’s another of those cases where we have to work out whether we’re more appalled by the government’s viciousness or by its stupidity.

Here’s a little primer in email for novices and government ministers:

The Internet, the Web, and email are three different things.  The internet is a network that can carry data.  The Web is a lot of servers which provide hypertext and media over the internet in response to requests.  Email is an addressing system and message format by which messages can be sent between users over the internet.

ISPs provide internet service.  Sometimes they also provide web or email services over the internet as an add-on, and sometimes they don’t.

It is quite possible to send and receive email messages without one’s ISP even being aware of the fact.  Indeed, most people do.  If you have a large site, you probably run your own email servers.  You emails go over your ISP’s internet service, but do not use your ISP’s email service, even if it has one.

Conversely, if you use webmail, your email does not reach your network in the form of messages – only web pages.  Your messages originate or terminate with your webmail provider, who may well not even be in this country.

Only if you use the old-fashioned POP3+SMTP setup, or  your ISP’s  webmail service, will your ISP see your email as email.  In some cases it might be possible for them, by searching your entire network traffic, to identify and extract  email from your network flow.  That involves a whole lot of processing that they would otherwise not need to do.

If you use an offshore webmail provider, they can’t even do that, because the traffic between you and the webmail provider is encrypted.

I don’t actually know whether Google, Yahoo and Microsoft, the biggest webmail providers, have mail servers in this country.  I suspect not.

Note that if you use email encryption, as I recently recommended, you are still leaving a trail of who you sent mail to and when.

Attempts to get email out around inspection (without using webmail) are handicapped by measures taken to prevent spam.  It is quite possible to send mail in the same way a large site does – your mail software uses DNS to locate the recipients’ mail servers, and then sends them the mail directly.  However, many ISPs for residential users filter out direct email of this sort, and many recipients spam filters refuse it if it has come from a residential ISP network.  This compromise of the end-to-end principle came in some years ago, and did little harm at the time, but as governments become more nosy, the requirement to pass all emails to your ISP’s SMTP server is more of a problem.  It just goes to show how compromising important principles usually has a cost in the long run.

I don’t know how well-provided the world is these days with anonymous remailers – they were all the rage fifteen years ago.  It might be possible to use TOR to get email out of the local ISP network securely – I will be investigating both these avenues over the next few days.

None of this is because I have anything to hide in my email traffic.  As I explained previously, the problem is that if in a year or ten years I do, it will be too late.  These channels are awkward to set up, and they have to be done ahead of time.

GPG key is linked to from the sidebar.  Ideally you should get me to confirm the fingerprint in person.  I carry it around with me, so if you meet me it’s easy to do.

Remote Searching

There’s been fuss the last couple of days about police powers to hack into suspects’ computers.  Apparently under RIPA they do not need any kind of warrant, just approval from a chief constable.

As some bloggers have pointed out, the power doesn’t imply the ability.  If your system is secure against hackers, it’s secure against the police.  Provided you don’t do anything reckless, like run an open wireless network, or run Windows, you should be safe.

Having said that, it is worth noting that the police have resources that private hackers do not.  In particular, they may get cooperation from ISP staff, or other service providers.  Even if that theoretically requires further authorization, if they are given, for example, a password, informally and without authorization, they would then be legally allowed to use that password to access your system.  In practice, they are unlikely to have to account for how they managed to get the password.  When I worked in telecoms, the authorities were given traffic data (billing itemizations) on informal request on a regular basis.

I’m not actually sure what the law is.  I’ve been looking at the text of the 2000 Regulation of Investigatory Powers Act, but it’s hard to puzzle out.  So I’m relying on press reports.

If you want to keep the police out of your PC, follow normal IT security (use WPA2 or IPsec on wireless, don’t use Windows, don’t run code of unknown origin), and also assume that any passwords you use on external systems are known to attackers, so use different passwords for logging into your box, for remote access, and for wireless.  Don’t expose these passwords over unencrypted email.  Set good passwords on routers.

There’s another reason for making a fuss about this.  Even if your system is safe, most people’s won’t be.  That means that over time, it will become accepted that police have access to everyone’s computers.  Eventually, the “loophole” that some people actually have secure systems will be “exposed” as compromising the ability of the police to protect us (or to protect THE CHILDREN), and secure systems will be simply banned.  This is despite the fact that there is already law allowing the police to demand encryption keys etc. with a warrant.

That sounds far-fetched, but is there any reason why one would assume that a mobile phone was something too dangerous to allow an anonymous person to own?  No –  only that, for business reasons, it happened to be impossible to anonymously own one until the technology for pay-as-you-go was released, and everyone got used to the idea that phones could be traced.   When people are used to the idea that computers can be searched by the police on a whim, they will not mind making it illegal to prevent it.

And just because you have nothing illegal, doesn’t mean it doesn’t matter.  Once someone hacks into your computer, they are likely to damage things by accident.  That’s always been recognised by the law, which (rightly) considers it a crime even if no damage is done, because of the cost of going over the system and making sure everything is OK.  If police plant a backdoor on your system for their own use, it may be found and exploited by criminals. (This was one of the major issues with the Sony CD rootkits a year or two back.)  Civil damages are also assessed on the same basis.  As well as that, information which is gathered may be misused.   A police officer was convicted of using private information for blackmail purposes just recently.

I may come back to this issue tomorrow if I can figure out what RIPA actually says.

Bob Quick

Assistant Commissioner Bob Quick ordered the arrest of Damian Green in November.

After that, it emerged that his wife was running a luxury car firm from their home, which may have been offering services it wasn’t licensed for.

I’m not directly concerned with the car business, and the Damian Green case has been well covered already. What is interesting here is the pattern: Person makes enemies, enemies dig up dirt. How many people have some irregularity in their personal or business life that they will certainly get away with for ever, provided they don’t attract the attention of someone powerful and hostile?

The product of this situation is that those with power to dig into everyday irregularities end up with arbitrary power. You keep them sweet if you know what’s good for you. You don’t criticize them publicly, you don’t cross them in their personal capacity. The only people who can stand up to them are those that are prepared to “clear the decks” of their private lives for the sake of activism. Admirable as such people are, their very determination makes them seem extreme, weird, or unreliable.

This situation is very unhealthy for public life, as I’ve said here before. The solution is to look around for rules which people routinely break, generally get away with, and don’t do much harm. And get rid of them. Keeping a low profile should not give someone a large advantage in everyday life.

The real stupidity of Andy Burnham

Andy Burnham has been given such a bashing over his idiotic comments a week ago about how the internet should be censored that I felt no need to chime in with a “me too”.   Particular derision greeted his claim that he was not against free speech. But the misunderstanding about what the internet is worth elaborating.

He said he wants internet-service providers (ISPs) to offer parents “child-safe” web services.   The only feasible way to do that is to have a whitelist-based filter that allows “safe” sites to be viewed.  That’s quite doable – I do it myself for my children, using squidGuard.  It’s very much better done at the home end than the ISP, because that way my 9-year-old can ask for a site that he’s heard about, and I can add it to the whitelist, but the filtering can be done “in the cloud” if you can’t be bothered to learn how to use a computer.  Nonetheless, the filter means that essentially, the boys do not have internet access – only this ersatz “pages from ceefax” version, and with the 9-year-old now 10, the time is approaching that it will have to be turned off for him. 

The internet is dynamic.  It changes year by year, very significantly.  That is what has made it what it is.  It is able to do this only because of the fact that, on the internet, anything goes.  That’s not an incidental feature of the network, it’s what made it what it is.  Anything goes in terms of technology (the end-to-end principle), and in terms of content (creating a web page without getting it approved beforehand by the BBFC).

You can make a copy of many of the most useful features of the internet at a given point in time, without that freedom.  But what you have is frozen, dead.  As the internet moves on, it can’t keep up.  It’s like creating a command economy: when you start you have prices, traces of the market that used to exist.  You can plan your economy based on those prices (with whatever adjustments you think will improve things).   But where the market would have changed, you can’t see those changes.  Over time, your dead market prices will become less and less appropriate to reality.

If anything-goes makes the internet unsuitable for children (and a reasonable person might well consider that it does), the only possible course of action is to stop children from using the internet.  Let them revive Prestel or Compuserve for them – that would be more useful than the “child-safe” internet Burnham somehow envisages.

Violence and Class

I’m returning once again to the difficult question of whether Britain is more violent, more unpleasant than it used to be.

In the yes corner is Theodore Dalrymple, writing about public drunkenness.

On the no side, older acquaintances who talk of much more casual violence in the past than there is now, and just as much drunkenness.

I think the key to understanding what has changed is the change in class structure. Taking the 50s or 60s as a comparison, there was still a clear distinction between the professional class (“middle class” we would say, but that seems to mean something completely different in America, so I’ll avoid the term), and the larger working class. Over the last half century, the two have merged into one (with arguably a non-working underclass forming or growing underneath, but that’s another question altogether. Also the upper class has always been a law unto itself). That is not to say that professionals have ceased to be wealthier than manual workers, but they no longer have separate cultures.

That would explain the discrepancy – the previously staid professional class has lost its inhibitions, while the working class has the habits of the old working class but the aspirations of the professional class. They all mix without distinction, but those that remember the old middle class are now exposed, by the new mixing, to the activities of the working class that decades ago they would have never heard about, or at least ignored. Add to that the increased purchasing power of today’s revellers, and there’s no need to posit any fundamental change in attitudes.

I’m not sure I’ve got the right explanation (I wasn’t there), but it is important. A lot is riding, policy-wise, on whether we are facing a major increase in violence and drunkenness, or whether it is all just business as usual, blown out of proportion by the press and the nanny state.

Even if I’m right, it doesn’t mean there’s nothing to worry about. It means there used to be a powerful section of the population which believed it was above punch-ups in clubs and drinking to unconsciousness on the street, and now there isn’t. If something useful could be done, then something ought to be done. I have no useful suggestions, however – the bansturbation approach towards special offers in supermarkets, opening hours, drinks on trains etc. is as useless as it is offensive to liberty, and it’s not possible for a democratic state to clamp down on behaviour most people think of as normal.

There’s no route back to the past, of course. Dividing people back into professional and non-professional classes with different mores would cut off the economy from too many potential skilled resources, quite apart from the question of justice and equality of opportunity.

If there’s any dynamic that could drive up standards, it’s age. People do tend to grow out of destructive behaviour. If the authority of older people could somehow be increased, that might create some restraint on the young.

It will be interesting over the next few years to see how things change in a recession. The long boom may be partly to blame for irrational exuberance in the streets.

See also this earlier post where I suggested a less developed version of this idea

Using encryption

Dan Goodin at The Register has a very timely article recommending that everyone encrypt their email.

If you think that at any point in the next ten years you might want to send or receive an email message that can’t be read by your ISP, your government, the US government, or a lawyer, then the time to start using PGP-compatible encryption is now.

The reasons for this are:

  • If you suddenly start using encryption just when you need it, the fact will be obvious to whoever you are trying to hide things from.
  • Setting up encryption is a fiddly business, you should get it done when you have time, not when you need it.
  • You are helping everyone – the more people are set up to use encryption, the more useful and normal it becomes for everyone else.

I came to the conclusion a few days ago, dusted off all my old keys, found that they’d all expired (fortunately, since I’d forgotten passphrases), and created some new ones. I posted a key for sending to this blog, and if you have my personal email address, there is a key for that on the MIT keyserver.

So, if you’re using Windows, read the Register article; if you’re on Linux, install gnupg and enigmail (I’m on Debian and the packaged Thunderbird comes automatically with Enigmail to integrate with gnupg – just turn it on), even if you use webmail, there is now a firefox extension FireGPG to make it easy to send and receive encrypted messages.

So invest a couple of hours now in being ready.