Mar 31, 2014
Sir Tim Berners-Lee has recently stated that he believes that now is the time for internet citizens to have their own bill of rights, or a Magna Carta, covering what they should expect as freedoms when using the internet.
It’s a neat idea, but one that is full of issues.
Let’s start with the main thrust of Sir Tim’s thoughts. He is against any government body, such as the NSA, snooping on a person’s internet usage. As an individual not doing anything that bad on the internet, the first reaction is to agree. The second reaction should be to look further at why the NSA, GCHQ, and others are looking at mass activity on the internet. Is it for fun, or so that they can catch a person downloading a pirated copy of “The Hunger Games”? Hardly — they are more interested in pattern matching and hacking to gain access to those involved in more nefarious activities, mainly associated with terrorism. Yes, at times, these government security groups seem to have over-extended their reach, but I’m not quite sure how their snooping could have impacted me.
Then there are the various divisions of police forces: these may be after the pirate; the drug dealer; the fraudster. Many at the lower end of these issues (the occasional pirate, the “bit of weed” smoker) may feel that this is a waste of time or that the activities going on here are more intrusive to their daily lives. But look at Operation Ore led by UK police forces. This broke a world-wide pedophile ring, identifying 7,250 suspects in the UK alone and leading to 1,451 convictions. It could not have worked without “snooping”.
But let’s say that in a burst of good feeling, we could get the government bodies to sign up to a charter. Would this give the average user the freedom on the internet they seek, and the peace of mind while they are doing it?
Of course not. Without any government interference, the black hats would be free to do whatever they wanted. There would be an increased flood of spear phishing far greater than we are having to deal with now; more attacks against firewalls; more ransomware hitting more and more people. Without the capability to at least carry out forensic pattern-matching against these ever-more-mature attacks, the internet moves more towards the Wild West: everything is up for grabs, and the Sheriff has been run out of town. As a side question — as the anti-malware and anti-spam vendors are dependent on snooping on patterns on the internet, should they be shut down as well?
I believe that we have to accept that the internet genie is well out of the bottle. The original academic view of it being a definitive force for good has been watered down. A lot of good (depending on your point of view) has come through the internet — for example, the use of social networking in the various uprisings around the world has ensured that citizens can generally get their point of view of what is happening past the government censors. Crowdsourcing has led to new financial models, for example, around how micro-businesses can get funding. People are generally more aware of the rest of the world and what is going on around them.
We can counter this with the way that the global village has led to the growth in the number of village idiots. There is far more garbage available to people out there, and it is possible to find at least one nominally “scholarly” paper out there to support pretty much any view that a person wants to have. It has also allowed anyone who wants to be bad to be bad — either in a really “bad” bad way (for example, with the poorly-worded and improperly-spelled “you need to reset your bank password to make sure nasty people do not access your account”-phishing messages) or merely a nasty bad way (e.g. “We have just encrypted all your files and all files attached to storage on your computer. Pay us with BitCoins to get them unencrypted”).
We need to be able to have targeted law enforcement that can identify bad activities on the internet and deal with them. Yes, it does come down to one man’s terrorist is another man’s freedom fighter. Yes, there are problems in drawing a line between “this is bad” and “this is not really bad” — but again, what different people see as being really bad is a movable feast. Policing the internet will never be easy, and the forces doing so will continue to get it wrong as well as getting some of it right.
The biggest problem is that to ensure that a full forensic investigation of a situation can be carried out where the various vectors underlying the data are not fully understood, you need to drink the ocean. This means that a whole host of innocent data has to be pulled in to find the little grains of bad stuff that are in there as well — it’s like mining for gold.
Many years ago, there was a man in the UK who wrote little ditties about various areas, including history. One was on the Magna Carta (a copy of the lyrics can be read here). It finishes off with the eternal words that I think, with slight modification, should be chiseled onto all access points to the internet:
“And it’s through that there Magna Charter,
As were made by the Barons of old,
That in England today we can do what we like,
So long as we do what we’re told.”