Scroll and Quill pen

The Internet and a Magna Carta

Scroll and Quill penSir Tim Berners-Lee has recently stated that he believes that now is the time for internet citizens to have their own bill of rights, or a Magna Carta, covering what they should expect as freedoms when using the internet.

It’s a neat idea, but one that is full of issues.

Let’s start with the main thrust of Sir Tim’s thoughts.  He is against any government body, such as the NSA, snooping on a person’s internet usage.  As an individual not doing anything that bad on the internet, the first reaction is to agree.  The second reaction should be to look further at why the NSA, GCHQ, and others are looking at mass activity on the internet.  Is it for fun, or so that they can catch a person downloading a pirated copy of “The Hunger Games”?  Hardly — they are more interested in pattern matching and hacking to gain access to those involved in more nefarious activities, mainly associated with terrorism.  Yes, at times, these government security groups seem to have over-extended their reach, but I’m not quite sure how their snooping could have impacted me.

Then there are the various divisions of police forces: these may be after the pirate; the drug dealer; the fraudster.  Many at the lower end of these issues (the occasional pirate, the “bit of weed” smoker) may feel that this is a waste of time or that the activities going on here are more intrusive to their daily lives.  But look at Operation Ore led by UK police forces.  This broke a world-wide pedophile ring, identifying 7,250 suspects in the UK alone and leading to 1,451 convictions.  It could not have worked without “snooping”.

But let’s say that in a burst of good feeling, we could get the government bodies to sign up to a charter.  Would this give the average user the freedom on the internet they seek, and the peace of mind while they are doing it?

Of course not.  Without any government interference, the black hats would be free to do whatever they wanted.  There would be an increased flood of spear phishing far greater than we are having to deal with now; more attacks against firewalls; more ransomware hitting more and more people.  Without the capability to at least carry out forensic pattern-matching against these ever-more-mature attacks, the internet moves more towards the Wild West: everything is up for grabs, and the Sheriff has been run out of town. As a side question — as the anti-malware and anti-spam vendors are dependent on snooping on patterns on the internet, should they be shut down as well?

I believe that we have to accept that the internet genie is well out of the bottle.  The original academic view of it being a definitive force for good has been watered down.  A lot of good (depending on your point of view) has come through the internet — for example, the use of social networking in the various uprisings around the world has ensured that citizens can generally get their point of view of what is happening past the government censors.  Crowdsourcing has led to new financial models, for example, around how micro-businesses can get funding.  People are generally more aware of the rest of the world and what is going on around them.

We can counter this with the way that the global village has led to the growth in the number of village idiots.  There is far more garbage available to people out there, and it is possible to find at least one nominally “scholarly” paper out there to support pretty much any view that a person wants to have.  It has also allowed anyone who wants to be bad to be bad — either in a really “bad” bad way (for example, with the poorly-worded and improperly-spelled “you need to reset your bank password to make sure nasty people do not access your account”-phishing messages) or merely a nasty bad way (e.g. “We have just encrypted all your files and all files attached to storage on your computer.  Pay us with BitCoins to get them unencrypted”).

We need to be able to have targeted law enforcement that can identify bad activities on the internet and deal with them.  Yes, it does come down to one man’s terrorist is another man’s freedom fighter.  Yes, there are problems in drawing a line between “this is bad” and “this is not really bad” — but again, what different people see as being really bad is a movable feast.  Policing the internet will never be easy, and the forces doing so will continue to get it wrong as well as getting some of it right.

The biggest problem is that to ensure that a full forensic investigation of a situation can be carried out where the various vectors underlying the data are not fully understood, you need to drink the ocean.  This means that a whole host of innocent data has to be pulled in to find the little grains of bad stuff that are in there as well — it’s like mining for gold.

Many years ago, there was a man in the UK who wrote little ditties about various areas, including history.  One was on the Magna Carta (a copy of the lyrics can be read here).  It finishes off with the eternal words that I think, with slight modification, should be chiseled onto all access points to the internet:

“And it’s through that there Magna Charter,

As were made by the Barons of old,

That in England today we can do what we like,

So long as we do what we’re told.”

About the author
Clive Longbottom
  • Jim Mortleman

    Some valid points, but I don’t wholly agree – and I think you’re being a bit curmudgeonly about TBL’s proposed charter.

    First, I think we need to draw a distinction between law enforcement and security agencies pattern-matching on large *publicly accessible* data sets (by and large acceptable, not to mention unstoppable) and pattern-matching on large data sets acquired by tapping into businesses’ and individuals’ private communications en masse (absolutely not acceptable in my view – and potentially a very slippery slope).

    The fact is any savvy terrorist/paedo/nefarious hacker [delete as appropriate] will – particularly in the wake of the Snowden revelations – use increasingly advanced encryption and anonymisation techniques, details of which they can readily find online in idiot-proof how-to guides. So, slurping up all the communications of the rest of us willy-nilly in the hope they might nail the odd terrorist or nonce ring is going to be increasingly less effective at catching the baddies anyway.

    So should the use of things like anonymisation and strong encryption technologies be banned, or actively compromised by the security agencies? No. These systems have many extremely important and legitimate uses, such as giving a voice to those silenced by oppressive regimes in countries less tolerant than our own, and ensuring our confidential business and personal data and communications aren’t compromised by those with nefarious intent. And if there’s a back door into a system, it can be used by both good and bad actors.

    Yes, the Internet should be policed, but that’s very different from saying we should let them “drink the ocean” by condoning the blanket mass analysis of private mass communications, or the wilful subversion of Internet encryption protocols, because we implicitly trust these methods will only be used benevolently to catch really bad guys.

    In that respect, I believe TBL’s call for Internet users to stand up and say “these are the rights we expect” is wholly worthy. While we might not be able to prevent the black-hat/white-hat hackers’ game of cat and mouse that has always gone on, I think it’s perfectly reasonable for ordinary people to make a stand on the standards that we expect our governments and their agencies to uphold when it comes to our privacy and Internet freedoms.

    And if they fail to uphold those standards – and get caught out – then they should be accountable to us, not the other way round.

    • Where do you draw the line? Remember that the original Magna Carta was written by the Barons for the Barons, and hey still didn’t care a hoot for those beneath them. Indeed, any extra freedoms for the masses would have been somewhat frowned upon. So – let’s draw up an Internet Charter. You, me and a few billion others say that we don’t want our private stuff being looked at, no matter what. Unfortunately, we are the chaff: the higher ups will say that out of those billions, there are the bad ones – the nonces, the terrorists, whatever. As we all know, we are incapable of looking after ourselves, so the political masters will help us along the way by making decisions for us – it is in our best interests for everything to be looked at. Reality bites – and whether we like it or not, that will be the case. As the piece says, let’s assume that we can brush that unfortunate reality under the carpet. “Friendly” nations (a difficult enough concept to define) all agree not to poke their noses in where they shouldn’t. Will the “less friendly” nations all go “Oh, how sweet” and join in? I not only doubt it; I would wager my Scotch Whisky collection on it not happening. It’s fine standing on top of an Ivory Tower as long as the air isn’t too rarefied: with the case of the internet and mass surveillance, the problem is that the top of that Tower is more likely to be a vacuum.

      • Jim Mortleman

        I grant you the Magna Carta was probably not the best analogy for TBL to make, but he was trying to hit the headlines, bless, and it sounds more news-worthy than ‘Internet freedom charter” or somesuch…

        While I appreciate your cynical analysis of the attitudes and likely actions of the power brokers who are seeking to monitor the Net and all that traverses her, I refuse to resign myself to the inevitability of this apparently dystopian now/future, or to the apparent futility of a response such as an Internet freedom charter that may seem – just like the more common (and, granted, more amusing) two fingers up – purely gestural.

        Whether words, gags, gestures, charters, petitions, lobbing of eggs or whatever, I say it all adds to the drip-drip-drip of dissatifaction with the seemingly inevitable direction of travel that you express with such panache, one which – while I’m certainly not saying WON’T turn out the way you predict – equally doesn’t HAVE to.

        Just as the technologies for oppression and mass surveillance are ‘out of the bottle’, so are the technologies for anonymity, privacy and grassroots organisation (q.v. cryptoparties – https://en.wikipedia.org/wiki/CryptoParty). Yes, some of these things are fringe today, but with support and publicity for stuff like TBL’s pronouncements on Internet freedom there is more potential for them to worm their way into the mainstream.

        As to your point about “less friendly” nations, of course they won’t sign up to any such charter. Nor am I expecting the difficult-to-pin-down “friendly” ones to embrace such a thing with open arms, either.

        As you may have guessed, this is quite a hobby-horse of mine. And I do have form* 😉 – https://soundcloud.com/jimjar/jim-jarmo-internet-inactivism. (*but not, obviously, Phorm).

        • At an academic level, I totally agree. I would prefer an open and free internet, but at a realistic level, it will never be any more free than the telephone system ever has been, the postal system, or even people meeting within the hearing of others has ever been. Sure – just lying down and letting all the snooping parties roll over you is not the way to do it; however, no matter what the few do (and with the best will in the world, even if 10% of the connected world complained, giving an impressive 200m+ dissenting voices), it is nothing but a flea-bite on the hide of any government, and less than that on the concrete skin of a commercially-oriented black-hat organisation. By the way, for a hacktivist organisation to decide who to attack and how to carry out that attack, do they not need to carry out some pretty invasive activities? Are they, in your eyes, the whitehats (freedom fighters) against the blackhat governments (the terrorists)? If a fundamentalist religious group became a hacktivist organisation and attacked a site that was close to your heart as being against their beliefs, would you be the liberal with the “I disagree with everything you stand for, but I will fight to the death to defend your right to say it”? In which case, don’t you have to fight to the death to allow governments to carry out granular surveillance even down to the “Jim Mortleman said this” level? It’s a can of worms, or a Pandora’s box (take your analogical pick). At the bottom of the box, you’d be lucky to find a piece of paper with “Hope” written on it, though.

          • Jim Mortleman

            >> “At an academic level, I totally agree. I would prefer an open and free internet, but at a realistic level, it will never be any more free than the telephone system ever has been, the postal system, or even people meeting within the hearing of others has ever been.”

            Well, maybe slightly more free if the contents of what we send one another over the Internet is securely encrypted by default and we don’t allow Governments to put deliberate mechanisms into our devices that enable them – as well as any other snoopers – to get in by a back door.

            Yes, the communications metadata is still analysable, and as I said in my first comment that kind of analysis of publicly accessible datasets is inevitable and unstoppable – and if pattern-matching that data using high-performance computing helps to catch real evil-doers then that’s fine by me.

            Likewise, there will always be zero-day threats and the cat-and-mouse game of keeping up to date and as secure as possible. As is the individual targeting of specific people, whether by law enforcement chasing evildoers or commercially motivated criminals or ruthless political/business operators trying to dig dirt on a rival.

            But the kind of blanket, mass, state surveillance of Prism should be roundly rejected, and simultaneously it would be a good thing to promote the use of privacy-enhancing technologies.

            >> “Sure – just lying down and letting all the snooping parties roll over you is not the way to do it.”

            Well, precisely – which is my point.

            >> “…however, no matter what the few do (and with the best will in the world, even if 10% of the connected world complained, giving an impressive 200m+ dissenting voices), it is nothing but a flea-bite on the hide of any government, and less than that on the concrete skin of a commercially-oriented black-hat organisation.”

            I don’t believe you need anything like 10% of people to speak out about these issues to affect meaningful changes to government or corporate policies. You just need to convince enough people with to take notice, voice their opinion and send a clear message to the powers that be. This has become much more do-able since the explosion of social media.

            Most people aren’t and never will be interested in these issues, but it is those that are who make the difference. The road to social and political progress has always been thus – q.v. slavery, votes for women, equal rights for homosexuals, etc.

            >> “By the way, for a hacktivist organisation to decide who to attack and how to carry out that attack, do they not need to carry out some pretty invasive activities? Are they, in your eyes, the whitehats (freedom fighters) against the blackhat governments (the terrorists)?”

            I’m suspicious of all forms of extremism and have little truck with those who seek to polarise the debate on either side. In my opinion the cause of Internet freedom is best served by rational, pragmatic attempts to raise public awareness and put pressure on both corporations and governments to change practices and policies using legal means of campaigning. My stance is in line with that of Lessig not LulzSec. My own campaigning efforts are limited to letter-writing, blogging, petition-sharing and the odd satirical ditty.

            If a fundamentalist religious group became a hacktivist organisation and attacked a site that was close to your heart as being against their beliefs, would you be the liberal with the “I disagree with everything you stand for, but I will fight to the death to defend your right to say it”?

            I’m not defending hacktivism. Yes, I am a supporter of free speech, which inevitably means allowing people to express points of view I may find abhorrent. Those who choose to use illegal tactics to further their campaigns may in some instances be doing so because they make the call that their campaign will be better served in this way, but in most instances I’d say defacing or taking down websites for political purposes is ultimately counterproductive from a campaigning point of view. The more extreme forms of hacktivism often serve only to give ammunition to those promoting further curbs on Internet freedom.

            >> “It’s a can of worms, or a Pandora’s box (take your analogical pick). At the bottom of the box, you’d be lucky to find a piece of paper with “Hope” written on it, though.”

            But no harm in trying, eh? 😉