Latest Articles


22.10.2014
Nicole Gnesotto

There's no such thing as political globalization

How to explain the international explosion of tribal, mafia-style, dictatorial and terrorist violence? Nicole Gnesotto says it's down to the lack of "strategic globalization" on the political field, in sharp contrast to economic globalization's triumph. [ more ]

22.10.2014
Fréderic Neyrat

Critique of geo-constructivism

20.10.2014
Geert Lovink, César Rendueles

We do not prefer Facebook

15.10.2014
Eurozine Review

This revolutionary moment

New Issues


20.10.2014

Esprit | 10/2014

15.10.2014

Transit | 45 (2014)

Maidan - Die unerwartete Revolution [Maidan - The unexpected revolution]

Eurozine Review


15.10.2014
Eurozine Review

This revolutionary moment

"Index" looks into the future of journalism; "Transit" keeps alive the memory of the Maidan; in "Syn og Segn", climate optimist Kristin Halvorsen calls for a global price tag on pollution; "Kulturos barai" talks to urban ecologist Warren Karlenzig; "Rigas Laiks" congratulates Reykjavik's first anarchist mayor; "Merkur" discusses photography and the definition of artistic value; "La Revue nouvelle" braces itself for more European political deadlock; "Kritiikki" profiles Russian émigré author Sergei Dovlatov; and "Nova Istra" remembers the Croatian émigré poet Viktor Vida.

17.09.2014
Eurozine Review

Independence in an age of interdependence

03.09.2014
Eurozine Review

Was Crimea a preliminary exercise?

06.08.2014
Eurozine Review

What are you doing here?

23.07.2014
Eurozine Review

The world's echo system



http://www.eurozine.com/articles/2011-05-02-newsitem-en.html
http://mitpress.mit.edu/0262025248
http://www.eurozine.com/about/who-we-are/contact.html
http://www.eurozine.com/articles/2009-12-02-newsitem-en.html

My Eurozine


If you want to be kept up to date, you can subscribe to Eurozine's rss-newsfeed or our Newsletter.

Articles
Share |


Age of insecurity

Cooperation between the communications industry and governments creates unprecedented opportunities for surveillance. Lets not repeat the mistakes of the past and allow companies to assume that users are uninterested in what happens to their data, urge Gus Hosein and Eric King of Privacy International.

Privacy advocates are often labelled luddites. Don't like a new service created by the coolest and latest billionaire geek-genius-led company? It's because you are a luddite. Don't like the government's latest technology for a new infrastructure of surveillance? Luddite. It's as though we are afraid of technology. It's because we understand these technologies better than most, that many of us became advocates in the first place. We need to know more about technology than the techno-fans. We need to know more than ministers promoting technological solutions to social problems (not hard to do); we need to know as much about security as the security services; we need to know more about communications techniques than the media, and we need to know more about networking than social-networking gurus. This knowledge can be a terrible thing, because everywhere we look we see vulnerabilities. The sad truth is that the entire edifice of modern communications is built upon fragile foundations.

It didn't have to be this way. Privacy advocates lost the argument by allowing governments and industry to define the needs of citizens and users. We would call on companies to strengthen the technical protections in their systems and they would claim that users don't care about security or are uninterested, citing 18-year-olds who want to publicise their private lives or housewives who don't want to be bothered with complex technology. We are now facing tangible and hitherto inconceivable threats to our liberty because the entire edifice of modern communications and information technologies is built upon consumer stereotypes.

It is our collective fault now that there is a rapidly growing number of data breaches and data losses. The systems that were built to contain and protect our information are fundamentally flawed. The flow of personal data is becoming the default, and the dams erected by law are temporary annoyances for an industry interested in profiting, governments interested in monitoring and malicious parties whose motivation can be obscure. If the US State Department can't be bothered to adequately secure its own network of inter-embassy communications, what chance is there that Facebook and Google will take better care of your personal messaging and commonly used search terms?

The irony is that the only debate we privacy advocates ever seriously won was over the right of individuals to use encryption technologies to secure their communications. We fought this battle in the 1990s, on the cusp of the information revolution, looking forward to the day when we would all have desktop computers, and everyone would use encryption technologies to secure their communications. Governments were keen to maintain their restrictions on the general public's ability to encrypt communications so that law enforcement agencies retained unfettered access to content. We fought these restrictions and, even to our surprise, by the end of the decade we eventually won. By this time, however, governments had successfully stemmed the tide: cryptography and other privacy-enhancing technologies had come to be seen as obscure and inconvenient. Everyone is now theoretically capable of encrypting their communications – but no one does. Furthermore, restrictions on encryption remain in countries such as China, India and across the Middle East.

This is indicative of how the entire infrastructure of the modern economy and social life is built on insecurity. Privacy is becoming a popular subject, and a growing concern for the average citizen and consumer of mainstream technology. Yet users' interest is poorly serviced.

This is why there is a frequent narrative that 'privacy is dead'. Regardless of modern concerns, faulty decisions have been made at key moments in the development of modern computing. Microsoft was the first culprit to emphasise ease of use over security in the 1990s, leading to a decade of annoying trojans and viruses developed by teenagers. In response, a software industry of anti-virus checkers and firewalls arose to plug in the holes so that users were informed and protected from attack. We had the chance to learn from this and make our next technological steps more informed and considered. Instead, Smartphone operating system developers like Apple and Google are now making similar mistakes by not keeping their users informed of what kind of information is leaving their devices and what applications are doing with their data. This is a repetition of Facebook's approach when they created features that broadly shared users' information, only later adding some features to inform users and to let them have some authority to control information flows when using third-party applications. Once your information is collected by devices and applications, as we have seen from Microsoft in the 1990s, and now Apple, Google and Facebook, it is rarely secure. In fact, your data is often readily available to any party who can query, buy, subpoena or simply steal it.

The expansion of 'cloud' services like Google Documents or Dropbox makes matters even worse. Instead of residing on your computers, your most confidential information is not only removed from your control, it is removed from the country and stored on foreign servers under the jurisdiction of foreign laws and law enforcement agencies. Almost universally, this information is not secured. Documents, emails and calendar information are stored in unencrypted form, and readily accessible by local law enforcement authorities.

Amongst the few positive developments, Google recently deployed disk encryption capabilities in its mobile operating system, Android, though it still has to be turned on by the user. Even when these companies do build in the capabilities for privacy, they rarely, if ever, come as standard. Security is the exception rather than the rule. After the Russian authorities began clamping down on Russian non-governmental organisations for breach of copyright (as a pretence for searching computers), Microsoft then kindly offered free versions of its operating systems to NGOs. Unfortunately, the version of Windows they offered does not include the use of disk encryption, as that is only available in the 'premium' editions.

At the core of this problem is companies' perception of their typical user. The typical user in whose image applications, programs and social networks are designed is an American teenager, perfectly content to transmit and publish every detail of their personal life to an unlimited audience. It is not the advocate, the dissident, the researcher, the professional – the people who need varying degrees of data security in order to protect their livelihoods, and sometimes their lives. Facebook, Apple, Microsoft and Google all require their users to jump through hoops in order to protect their information, and the majority of these users lack the time or awareness to do so.

In turn, companies' systems are being probed, and vulnerabilities are being exploited. Last year, a gang in New Hampshire used 'publicly available' social network updates from area residents to target addresses when they knew the homeowners were out or away, stealing over US$ 100 000 worth of property in a week. A survey of hackers and security experts last year found that more than half of them were testing the limits of cloud services' security. Meanwhile, last year a Google employee was fired after it was discovered that he was monitoring the communications of teenage girls. Far more widespread, insidious and difficult to combat than such isolated incidents of criminality are the routine surveillance practices conducted by governments. These are not techniques reserved for dictatorships. For instance, the spying capabilities embedded by Nokia Siemens in their technology for Iran's telecommunications system, intended for the use of the Iranian authorities, were mandated by the Clinton administration under federal law applying to all US telecommunications firms, and then supported by European policy-makers and standards bodies under the more acceptable guise (or pretence) of protecting their own citizens from crime.

Some countries, like Sweden, openly acknowledge that every piece of information that enters or leaves their borders is subject to government surveillance. Whether you're a journalist sworn to protect the names and addresses of your sources, a lawyer building a case against a corrupt highprofile politician, or a human rights advocate, all are pinning their hopes for security on a fantasy: the belief that the people who build your operating systems and applications have any way (or, indeed, any intention) of protecting you against governments who have the law on their side.

Another part of the fantasy is that governments are in control. Disturbingly, in fact, they don't even appear to have complete mastery of their spying capabilities; for ten months during 2004-2005, the Greek government's own surveillance technology was turned against it when an unknown adversary monitored the voice calls of dozens of government officials and cabinet members, including the prime minister. Between 1996 and 2006, Telecom Italia had a similar breach where more than 6000 individuals' communications were illegally monitored, for the purpose of perpetrating blackmail and bribery. As communications security expert Susan Landau noted in her testimony to the US Congress in February this year, in that period 'no large business or political deal was ever truly private'.

Surveillance is getting easier. In the Hollywood version of governmental power, the seizure of digital evidence by the security services involves a dawn raid by armed officials, who carry off piles of hard drives, laptops and computer towers from seemingly innocuous suburban houses. This image is out of date and unrepresentative. In the 21st century, law enforcement access is just a few clicks of the mouse away. Why enter your home and read your letters when they can get into your webmail account and read every message you've ever sent or received? In the US, a member of staff at one of the major mobile providers recently let slip at an intelligence industry conference that the company receives eight million requests a year from domestic law enforcement agencies for specific data on geolocation; that's a publicly traded company, one that advertises its services on billboards and TV channels across the country, not some shadowy private intelligence outfit operating under the radar.

There are companies in the business of surveillance that develop the databases, cameras, biometric scanners, DNA test kits, drones and a myriad other technologies that are being deployed around the world. Companies are also profiting from selling and buying personal information. Consider Thorpe Glenn, an Ipswich-based company that celebrates its ability to analyse the information of 50m mobile subscribers in less than a fortnight. Thorpe Glenn's press releases boast about 'maintaining the world's largest social network', with a full 700m more profiles than even Facebook can lay claim to. This practice is rapidly becoming an industry.

Chris Soghoian, a researcher in the US, has found that companies frequently get paid for each instance they respond to government requests. Google, for example, has received US$25 for responding to a request for data from the US Marshal Service. Yahoo!'s 'Cost Reimbursement Policy' offers US$20 dollars for the first basic subscriber record and then a discounted US$10 per ID thereafter, though email content is US$30-$40 per user. They could, technically, develop a business model just on handing over information to law enforcement agencies. Jokes aside, what incentive do these providers have to make communications infrastructure more secure? There are, however, some signs of change. Over the past year some companies have announced security and privacy advances in their products andservices. Certainly the uprisings across the Arab world helped, as companies did not want to be seen on the wrong side of history and face the same kind of admonishment as Nokia Siemens after the Iranian elections in 2009. Google vacillated for years before turning on encryption on its network layer, but it is swiftly becoming common practice. It is to be hoped that we will see a similar paradigm shift now that Facebook has enabled users to turn on HTTPS to help protect data as it passes through the internet (although predictably enough it has yet to employ HTTPS by default, making it less easy for people to use it). The global struggles against abusive governments have also focused international attention on the enormous capacities of those governments to spy on their citizens, and the enormous human cost of this kind of all-pervasive surveillance. Once the behemoths of the internet take positive steps, smaller companies will hopefully follow.

Yet so long as the key technology developers keep on assuming that their users are uninterested, and so long as they seek to profit by selling our habits and interests, we will all remain vulnerable. It is now time for a mature policy debate on privacy and security. Not one that sees the benefit of the state as paramount, nor one that presumes that if a service is free then the user's information can be exploited. Business models should fail with each security and privacy blunder, just as laws should be called into question with every new breach and abuse. The rise of mobile devices and cloud services is a replay of the 1990s all over again, where the policy and business world is grappling with technological change and telecommunications growth. If left to their own devices, governments will build more vulnerabilities and back doors while industry will acquiesce and build for 'sharing' and 'organising the world's information'. If we can hold on to this moment in history just a bit longer, and keep these companies thinking about the global community of diverse users, and not merely those who are 18 years old, while reminding them that backdoors aren't always used for noble purposes, then we may have a fighting chance. Perhaps we can even chalk up a real win this time.


 



Published 2011-07-05


Original in English
First published in Index on Censorship 2/2011

Contributed by Index on Censorship
© Gus Hosein, Eric King / Index on Censorship
© Eurozine
 

Support Eurozine     click for more

If you appreciate Eurozine's work and would like to support our contribution to the establishment of a European public sphere, see information about making a donation.

Focal points     click for more

Russia in global dialogue

http://www.eurozine.com/comp/focalpoints/eurocrisis.html
In the two decades after the end of the Cold War, intellectual interaction between Russia and Europe has intensified. It has not, however, prompted a common conversation. The focal point "Russia in global dialogue" seeks to fuel debate on democracy, society and the legacy of empire. [more]

Ukraine in focus

http://www.eurozine.com/comp/focalpoints/publicsphere.html
Ten years after the Orange Revolution, Ukraine is in the throes of yet another major struggle. Eurozine provides commentary on events as they unfold and further articles from the archive providing background to the situation in today's Ukraine. [more]

The ends of democracy

http://www.eurozine.com/comp/focalpoints/democracy.html
At a time when the global pull of democracy has never been stronger, the crisis of democracy has become acute. Eurozine has collected articles that make the problems of democracy so tangible that one starts to wonder if it has a future at all, as well as those that return to the very basis of the principle of democracy. [more]

The EU: Broken or just broke?

http://www.eurozine.com/comp/focalpoints/eurocrisis.html
Brought on by the global economic recession, the eurocrisis has been exacerbated by serious faults built into the monetary union. Contributors discuss whether the EU is not only broke, but also broken -- and if so, whether Europe's leaders are up to the task of fixing it. [more]

Time to Talk     click for more

Time to Talk, a network of European Houses of Debate, has partnered up with Eurozine to launch an online platform. Here you can watch video highlights from all TTT events, anytime, anywhere.
Dessislava Gavrilova, Jo Glanville et al.
The role of literature houses in protecting the space for free expression

http://www.eurozine.com/timetotalk/european-literature-houses-meeting-2014/
This summer, Time to Talk partner Free Word, London hosted a debate on the role that literature houses play in preserving freedom of expression both in Europe and globally. Should everyone get a place on the podium? Also those representing the political extremes? [more]

Eurozine BLOG

On the Eurozine BLOG, editors and Eurozine contributors comment on current affairs and events. What's behind the headlines in the world of European intellectual journals?
Simon Garnett
Britain flouts the European Court of Justice

http://www.eurozine.com/blog/
The UK has passed legislation on data retention that flouts European concerns about privacy. The move demonstrates extraordinary arrogance not only towards the Court of Justice of the European Union but towards the principle of parliamentary deliberation in Britain, writes Simon Garnett. [more]

Vacancies at Eurozine     click for more

There are currently no positions available.

Editor's choice     click for more

William E Scheuerman
Civil disobedience for an age of total surveillance
The case of Edward Snowden

http://www.eurozine.com/articles/2014-04-18-scheuerman-en.html
Earlier civil disobedients hinted at our increasingly global condition. Snowden takes it as a given. But, writes William E. Scheuerman, in lieu of an independent global legal system in which Snowden could defend his legal claims, the Obama administration should treat him with clemency. [more]

Literature     click for more

Olga Tokarczuk
A finger pointing at the moon

http://www.eurozine.com/articles/2014-01-16-tokarczuk-en.html
Our language is our literary destiny, writes Olga Tokarczuk. And "minority" languages provide a special kind of sanctuary too, inaccessible to the rest of the world. But, there again, language is at its most powerful when it reaches beyond itself and starts to create an alternative world. [more]

Piotr Kiezun, Jaroslaw Kuisz
Literary perspectives special: Witold Gombrowicz

http://www.eurozine.com/articles/2013-08-16-kuisz-en.html
The recent publication of the private diary of Witold Gombrowicz provides unparalleled insight into the life of one of Poland's great twentieth-century novelists and dramatists. But this is not literature. Instead: here he is, completely naked. [more]

Literary perspectives
The re-transnationalization of literary criticism

http://www.eurozine.com/comp/literaryperspectives.html
Eurozine's series of essays aims to provide an overview of diverse literary landscapes in Europe. Covered so far: Croatia, Sweden, Austria, Estonia, Ukraine, Northern Ireland, Slovenia, the Netherlands and Hungary. [more]

Debate series     click for more

Europe talks to Europe

http://www.eurozine.com/comp/europetalkstoeurope.html
Nationalism in Belgium might be different from nationalism in Ukraine, but if we want to understand the current European crisis and how to overcome it we need to take both into account. The debate series "Europe talks to Europe" is an attempt to turn European intellectual debate into a two-way street. [more]

Conferences     click for more

Eurozine emerged from an informal network dating back to 1983. Since then, European cultural magazines have met annually in European cities to exchange ideas and experiences. Around 100 journals from almost every European country are now regularly involved in these meetings.
Law and Border. House Search in Fortress Europe
The 26th European Meeting of Cultural Journals
Conversano, 3-6 October 2014

http://www.eurozine.com/comp/conversano2014.html
Taking place in southern Italy, not far from Lampedusa, this year's Eurozine conference will address both EU refugee and immigration policies and intellectual partnerships across the Mediterranean. Confirmed speakers include Italian investigative journalist Fabrizio Gatti and Moroccan feminist and Nobel Peace Prize nominee Rita El Khayat. [more]

Multimedia     click for more

http://www.eurozine.com/comp/multimedia.html
Multimedia section including videos of past Eurozine conferences in Vilnius (2009) and Sibiu (2007). [more]


powered by publick.net