Personal Opinion

The Power of Crowd – Part Three: the Consequences of Change

Photo: Alex Holyoake

As I outlined in the earlier articles I believe we are at a crucial inflection point for the internet. While it has become integral and beneficial to many people, the way it is currently being used strays from the principles of the open web, in terms of equality of access, freedom of speech and transparency. The worldwide web has left a small group of companies holding most of the financial clout, while users are regularly exposed to invasions of privacy or censorship. At an even more basic level, the infrastructure is not in place for a large part of the global population to access the internet. The problem is that we have gone beyond the point of no return in our reliance on the internet to go about our daily lives. It will only become more pervasive in the future, but if we stick to the current model we will only perpetuate the existing problems. Therefore, we must to consider more radical reform to create a fairer, safer and more open internet, in line with the original principles behind the open web.

However, such change will also have far reaching consequences for our daily lives. It could affect how nation states interact with one another. It could alter how companies do business and require people to make more of a financial contribution to receive online services. I would contend that if we can get these changes right they will benefit everyone. We can improve privacy for individuals, protect free speech and foster fairer economic opportunities for everyone. I am not just saying this as a biased technologist. Hopefully everyone can agree the internet has had a positive impact on communities around the world. It has supported the rise of the global middle class, even if that it has left us with a lop-sided “shared” economy. What gives me hope is that there are new technologies emerging such as the decentralized web and crypto-currencies, which create the possibility of very different ways for societies to interact and trade. Philosophically this will be a heated debate, especially if it means suggesting an alternative economic model to the tried and tested ones. However, if we accept the world is filled with significant social and economic imbalances, and that the current version of the internet is helping to exacerbate them, then surely we should air the alternatives? And if a new generation of internet technologies could offer innovation, which might have a positive effect on social mobility, then shouldn’t we consider these options and the consequent effects for economic models?

There are many different ideas floating around, some have been around for a long time, some are newer. They might seem abstract in a discussion about the future of the internet, but now is surely the time for bold, if not radical departures from traditional ways of doing things. For example, if the future internet gives individuals greater control over their data, what will that mean for those online businesses who have relied on access to our personal information? If we no longer want to surrender our sensitive data in return for free services, then how should companies trade with us? If companies are allowed to continue to make significant profits from online commerce, should we consider more radical forms of taxation to improve access to the internet for the wider population? Will traditional currency still be needed in the future or would it be more efficient to turn to crypto-currencies entirely? Should we apply the model of open source software more broadly to give more universal, affordable access to products and services? Or should we do away with net neutrality and tier access so that everyone receives a form of internet service, which is commensurate with what they are prepared to paid for?

No matter what your response is to these questions, there are diverse economic and social models emerging, which turn away from many of the accepted principles of free trade economics. Below is a small sample of the theories up for discussion. Would one of these models be more appropriate than what we have today, or should we be even more radical?

Circular economy
This concept has its origins in developing a more sustainable approach to the use and disposal of resources. Rather than a linear view of production as “make, use, dispose” it reflects the cyclical model of nature where nothing is wasted. It is a stretch to suggest it can be applied wholesale to reforming the internet, but some form of circular economy could be more inclusive. Perhaps concepts such as recycling could challenge how we view ownership, with the internet enabling new models of shared or rented usage. For example, we could encourage less car ownership by enabling travellers to receive crypto-rewards for using alternative or shared forms of transport; or we could create a scheme to help less connected communities receive travel allowances from car users, taken as a crypto-tax when they use their vehicles.

Tech-Led Trustless Systems
Johann Gevers has put forward a theory that next generation technologies are encouraging the decentralization of the core pillars of society. This has the potential to enable communities to operate and govern themselves in a different way. He describes it as trustless technology, which means technology exists that removes doubt about the validity of a transaction or a user’s identity. We can guarantee an individual’s identity, be confident about privacy and be sure there won’t be cases of fraud or security breaches because the decentralised model overcomes the issues of the past. Technology of trust is decentralizing:

  • The way we talk to one another, thanks to tools such as encryption which enable more private conversations.
  • The legal system, as it offers individuals greater choice in how decisions are adjudicated.
  • Production, because 3D Printing means there is less of a need for mass production.
  • Finance through the arrival of crypto-currencies.

The biggest challenge for these trustless systems is the large number of people around the world who remain undocumented. If this approach worked it could dramatically change how we structure societies – perhaps moving away from larger sprawling urban environments to smaller communities inter-connected via the internet with like-minded communities sharing economic opportunity.

Digital Distributism
I have mentioned this before but it is a theory put forward by Douglas Rushkoff, which suggests internet culture is giving birth to companies like Etsy and peer-to-peer communities, supported by crypto-currencies. These communities are seen as less global and do not follow the model of organizations like Google and Facebook attempting to rule the world. Rather than be solely driven by profit these smaller societies seek to support everyone within the group, sharing wealth rather than taking it out for individual gain. It harks back to a time before free market economics when societies were more self-sustaining and using barter systems to trade goods and services. It does rely on individuals sacrificing personal gain to support the group and inherently if one community is in a resource rich location, then it will start with an advantage over others.

While these theories might sound like the product of a Silicon Valley brainstorm facilitated by a student of Ayn Rand, they are symbolic of the very exciting debates that are happening today. You only have to look at the emergence of events such as Sonar D+ to realise that some are already well on the path to exploring what a world powered by a different sort of internet might be like. This debate should be much broader, including representatives of every political and social persuasion, because consensus is going to be critical if we are to find the right solutions.

The Power of the Crowd – Part Two: the Tricky Questions

Photo: Emily Morter

What follows is by no means a comprehensive list of tricky questions, but if we are seeking to build a new framework for the internet, we must debate the ones where there are no black and white answers. Though some may be unhappy with the conclusions, reaching consensus is essential. When it comes to something as pervasive as the internet we will have to find a way to reflect the diverse opinions of every section of society and accept that perhaps there will be some uncomfortable compromises.

Here goes with the initial list of questions and I would ask those of you reading this post to add others to build the list out.

Question one: what sort of internet do we actually want?
This is the most obvious, but also the most fundamental question. Since the arrival of the worldwide web many of us (particularly in developed economies) have become accustomed to convenient online services and “free” apps. Yet the same benefits are not available to everyone. Only 3 billion people are online today and access is heavily skewed in favour of people in developed economies. What about the rest? The speed and quality of access varies dramatically, even in the developed world. According to the Office of National Statistics, 11% of UK households have no internet access. Surely we should have resolved universal access to the Internet by now as a basic right in line with the United Nations’ decree?

Question two: how do we police the internet?
The pace of technological change will always leave regulators scrambling to keep up with its impact on the internet and how it affects us as citizens and consumers. Today, though, we appear to be living in a wild west scenario where nation states are using the internet legally to monitor their citizens and conduct cyber-attacks in what could be at best described diplomatically as economic and political espionage. Freedom House has said internet freedom has declined for the sixth consecutive year and two-thirds of internet users live in countries where the authorities use censorship to limit access. And democratic countries are just as guilty of intrusion as supposedly more authoritarian regimes. The Governments of the “free world” have enacted new laws that legalise the mass surveillance that many have been conducting for at least 10 years. If we are to hold nation states to account for their oversight of the internet, then surely we all need to live by the same code of conduct? There has been talk of non-proliferation treaties in the same style as the nuclear disarmament treaty to encourage governments to moderate their behaviour.

However, if the United States officially says it is building an offensive cyber-security capability, then it goes without saying other countries will see that as a green light to follow suit.

Photo: Luca Bravo


Question three: who should be in charge?
We all live in countries with borders. We have passports that say we are British, American, Chinese or South African. And yet the internet has moved rapidly to break down geographic barriers. This has been a good thing in one sense, because it has enabled the sharing of information, such as scientific research for the betterment of everyone. Equally, though, it has allowed hackers to conduct criminal activities from jurisdictions beyond the reach of the law enforcement officials in individual countries. There are also those, who no longer see themselves as represented by their nation state and are using the internet to build new communities. Indeed the dark web and crypto-currencies are creating the potential for individuals to live by alternate social, economic and legal structures. This is of course an extreme alternative, how far do we allow the internet to encroach on traditional national boundaries? And how far do we allow national political agendas to determine the freedoms offered by the internet? What do we do if internet communities no longer want to adhere to the rules of one nation state?

Question four: how do we fix the foundations underpinning the internet?
There are billions of people around the world who are not connected to the internet. Without a physical connection the conversation about the future of the internet is a non-starter. More importantly there are many people around the world, in both developed and emerging economies, who continue to struggle to receive the minimum standards of education to enable them to read and write. Without these basic human rights the internet is pointless for them. Furthermore, there are many individuals without proper documentation. If these people do not exist then how can they participate in the opportunities of access to the internet? Given that cyber threats are so prevalent, if we cannot trust the identities of the people who are using the internet it will create barriers.

Question five: who owns the internet and all the content in it?
The principle of the open web, as outlined in the Declaration of Independence of Cyberspace, was that people on the internet were outside the control of governments. The Cluetrain Manifesto told companies that they could join their conversations, but that they didn’t have any right to control the conversation. Sadly today’s worldwide web is anything but a reflection of this aspiration. It is big business and that means those with a vested interest will resist change with all their might. Today Google and Facebook receive 65% of all advertising revenue through digital channels. And yet all that revenue is reliant on us surrendering personal information in exchange for services. This is not a fair exchange when you look at the profits the internet mega-brands generate from our data. Should we not have more of a say in how our data is used? Should we not have greater ownership of our data? Or should we accept that intellectual property, copyright and ownership are out-dated concepts? Clearly we cannot expect vendors to invest in technology and products without some form of recompense, but we need to agree that the current economic model is not distributing wealth evenly.

The Power of the Crowd Series – Part One: The Problem


Prologue
This is the first in a series of articles offering a perspective on the internet today and its impact on society, economies and geo-politics. It is my belief that the internet is broken, but rather than engage in a proper debate about how we fix it the policy makers and regulators are simply trying to band-aid the existing infrastructures. Therefore it is up to us, the users of the internet, to take back control, because we recognise the power the open web can offer everyone on this planet. At a time when discord and disunity seem to be more common place we need to champion the opportunities, accessibility and collaboration it was originally designed to offer.

Therefore in the spirit of the Cluetrain Manifesto and the Declaration of Independence of Cyberspace we should be looking to create a new set of guiding principles. We need to frame the debate about the future of the internet, before its fate is decided for us by politicians and business people, who do not share our vision. We first need to have a discussion about the problem child that is today’s worldwide web, air the challenges and difficult decisions we need to take, because we all must accept that compromises need to be made. The internet today is not the same as it was 20 plus years ago. It will be important to hear arguments from all sides, before we attempt to achieve consensus.

Ultimately it is my belief that we need some form of new social contract about the purpose and role the internet plays in our lives. We all see its potential, its ability to be a force for positive change, but we have all seen its dark side. This discussion is an overly ambitious attempt to seek shared values about what we should expect from the internet in terms of our freedom, privacy, accessibility and opportunity….today I’m asking the power of the crowd to join in the debate and help to find solutions.

The Power of The Crowd: The Problem
When Thomas Friedman wrote “The World is Flat” in 2000 it was hailed as one of the most influential assessments of the impending impact of the Internet. Although we were just about to experience the burst of the dot com bubble there was huge optimism about its potential to level the playing fields for everyone around the world in terms accessibility to information and creating opportunities to collaborate. However, Friedman also highlighted the many in-built inequalities in the existing social, economic and political structures that could potentially have an adverse effect. While he suggested that flattening the world would create new opportunities for those who had previously had little or no chance of social mobility it would also create unpleasant consequences for established economies, such as fierce competition for jobs and downward pressure on incomes.

It could be said that he painted a less than rosy picture in which everyone could really only look forward to uncertainty and instability:

“…today’s workers need to approach the workplace much like athletes preparing for the Olympics, with one difference. “They have to prepare like someone who is training for the Olympics but doesn’t know what sport they are going to enter…”
Thomas Friedman, The World is Flat, 2000

Wind the clock forward to 2016 and we are witnessing both the positives and negatives of “The Flat World.” Economies in the developing world have grown rapidly, the global middle class has expanded, leading to greater social mobility, life expectancy and better standards of living, but equally increasing the demands on resources and the environment. Economies in the developed world have slowed down, productivity has continually declined and incomes have not grown in line with inflation. Of course if I was looking at this purely from a technology and entrepreneurial perspective I could argue it has created huge wealth, especially thanks to the first and second generation of internet companies, ranging from Amazon to Uber. Living standards have not declined in developed economies and we have very much benefited from access to the cheaper goods and workforce coming from the developing nations.

Even so, the suggestion that technology, and more precisely the Internet, has broken down barriers, redefined social norms for the better and created a more equal, fairer society would be an overstatement of the facts. In reality a small handful of technology companies (with a few minor exceptions) are the ones who have all the power and control of the infrastructure we use – you just need to look at the world’s rich list for proof that certain individuals and companies have done very nicely! As citizens and consumers we are dependent on them to give us access to services and communications tools, which originally were designed to be accessible to everyone.

Indeed we would do well to remember the words of the Cluetrain Manifesto and the Declaration of Independence of Cyberspace, because it would seem we are a million miles away from their virtuous intentions.

“We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear.”
John Perry Barlow, February 8, 1996


The Cluetrain Manifesto: 95 Theses

1. Markets are conversations.
2. Markets consist of human beings, not demographic sectors.
3. Conversations among human beings sound human. They are conducted in a human voice.
38. Human communities are based on discourse — on human speech about human concerns.
39. The community of discourse is the market.
40. Companies that do not belong to a community of discourse will die.
72. We like this new marketplace much better. In fact, we are creating it.
73. You’re invited, but it’s our world. Take your shoes off at the door. If you want to barter with us, get down off that camel!
78. You want us to pay? We want you to pay attention.
89. We have real power and we know it. If you don’t quite see the light, some other outfit will come along that’s more attentive, more interesting, more fun to play with.
The Cluetrain Manifesto, 2000

Today I believe the very thing that was supposed to break down physical and virtual barriers has failed. Nearly 50% of the global population is without effective access to the internet, never mind possessing the skills and education to exploit its potential. Indeed economically the gap between the world’s richest and everyone else has continued to get worse. Some commentators argue that traditional command and control organisations are dead, because the Millennials and all subsequent generations will refuse to work in the same formal, traditional structures. Sure, in the rarefied atmosphere of Silicon Valley and other tech hubs around the world that approach may be true, but it is not generally the case. If anything it has taken away opportunities for many in established industries as disruptive technologies based on the internet have turned business models upside down.

Politically everyone pointed to the Arab Spring as a sign of “hope” that instant, unfettered communication could lead to significant political and economic change. We saw Obama become the first President to exploit social media to engage audiences and everyone said that was a good thing for democracy. Likewise some would argue Trump has used the same mechanism to give voice to those people who have been forgotten in the great tech rush. Others question whether we’re now in a situation where (allegedly) student hackers in Macedonia can create a news agenda to decide a Presidential election in return for a lucrative income from digital ad revenue.

Furthermore, the threat of cyber-attack, enabled by the internet, has encouraged governments around the world to adopt far more aggressive stances around national security. Cyber-spying is the latest fashion where any Government with enough money can employ professional hackers to steal industrial secrets or bring down the national grid of a nation state they are not getting along with. And of course if your Government doesn’t like what you’re doing they’ve probably just passed a law to allow them to spy on you without requiring much in the way of legal oversight.

So, if this has left you feeling thoroughly despondent…good. We should all be pretty disappointed with how the internet has turned out and the effect it has had or not had on all our lives. Frankly it is time, now that the internet is more than 20 years old, that we sat down and had a proper conversation about where we want it to go next. It cannot carry on as it is, but we face difficult questions with no easy answers.

Of course we could just stick our heads in the collective sand, but I’m pretty certain that will only make things worse…

Theories on Incentives, Scaling & An Evolved Economy Pt 2

In the previous post of this series, I described ways in which human monetary systems have typically tended to scale and how it compares to the history of the Internet. Both systems are functioning with models which have incentives to centralise at scale which introduce vulnerabilities as dependence on the central points grow. Next, I want to extend this exploration to the exchange and ownership of property on the Internet and scaling intellectual property systems. Reviewing contrasts and similarities in physical property and intellectual property can help to shed light on the challenges we face in managing those systems as they grow – online and off. (Disclaimer: Some references in this post assume having read the content from the first part.)

Properties of Property: Personal, Private and Public

Having explored historical implementations of economies and their breakdown points at scale, we will find similarities to systems dealing with ownership of property. While cultures around the world have different perspectives on property, there are three basic categories in which to categorise ownership: personal, private and public.

Personal property are belongings actively used by an individual such as a toothbrush, a homemade apple pie or a wrist watch. Public or common property are objects or land openly used or consumed by any member within a community such as a common walking path or a common garden maintained by some or all of it’s members. Finally, private property is ownership usually in the form of real estate but can be seen more broadly as relatively unused property owned by a person or group as well as any property requiring significant external security (usually provided by state-based registration/titles). Examples of private property are banks, rental apartments and summer sailing boats. The lines between these categories can blur at times but I will not address those cases for the purpose of simplicity.

Abundance within Meatspace Economies

The distinction between private and public ownership models and their respective abilities to scale are important aspects in economies to explore. For example, a community where food and the labor to sustain the growth of food is abundant (perhaps out of love for gardening), the food itself is not very useful as an exchange of value as it is produced without distinct demand market forces. If one of these gardeners offers four apples to a blacksmith in exchange for a specific gardening tool, by normal market standards the trade doesn’t make sense since the produce is in abundance already and further will rot if not consumed. However, it would make sense for the blacksmith to view the gardener’s labor as an important value to the community and to support them by simply giving them the tool and continuing to eat the produce at their leisure. The two versions of this exchange may sound equivalent but the incentives and transactions have quite different characteristics as the system grows.

Scaling Public Gardens

The preferred type of trade in the above scenario of abundance, also referred to as a gift economy, can be related to the concept of tracking Rai stone ownership (which we explored in the previous post) in that it can sustain itself as the scale stays small but beyond that, a garden maintainer might realise the relationships with those consuming the produce have become less beneficial and thus are no longer able to depend on the precedent of established community connections to depend on gifts from others. At a larger scale, it makes sense for these producers to prefer working privately because the abundance is reduced when growing for more individuals while putting a price on the produce helps to guarantee their labor has a similar or greater rate of return and isn’t likely to be taken advantage of. This price can come in the form of credits (by tracking the number of fruits and vegetables individuals receive) or as a relative price to a more fluid value of exchange such as currencies. However, even when a privately exhibits improvements in ability to scale compared to commonly managed garden, it is not void of the further vulnerabilities brought on by economies of scale. Reducing the cost of input for a growing output is a natural tendency for business which at a certain threshold leads into a rather self destructive cycle of incentives towards more centralised control.

Properties of Intangible Property

Now that we’ve established a perspective on basic concepts in meatspace property, we can map them fairly accurately to intellectual property for a better understanding of the technology industry’s challenge to scale labor that goes behind open source development and public content. Intellectual property (IP) can also be categorised between personal, private and public. Personal IP are any ideas or data that we would keep to ourselves so only ourselves (and perhaps a very few others) could have access such as health records and personal thoughts. Public IP in contrast are ideas and information that are shared free and openly for anyone to access and use like weather reports, certain online academic journals and content within the public domain. Finally, intellectual property considered private would be data controlled for restricted use such as restricted software code or online publishing which require payment to view contents. To further sub categorise private intellectual property one can consider both those protected by avoiding physical reproduction such as DRM (Digital Rights Management) and those protected by legal security such as copyright and even free software licenses. While licenses like GPL and MIT promote open standards, the fact that there’s a restriction of use introduces aspects of private, owner controlled controlled IP. Not to say this is a wrong method, (I heavily stand by MaidSafe’s decision to release code as GPLv3) but in the context of these definitions and for the next part in this series, I think it’s important to keep this in mind.

Scaling Public Idea Gardens

So, with these distinctions there’s obviously a vast amount of private IP out there of all shapes and sizes as our society reacts to the globalisation of ideas. Patents and copyright systems have been put to use for several hundreds of years mostly aiming to resolve the labor that goes into creations with inherent lack of scarcity like blueprints to inventions and writings and generally give an economic advantage to the creator. Unfortunately, this sort of solution essentially puts a price on access to a piece of intellectual property and privatises ownership similar to the “once localised and looking to scale” community gardens but even more drastic. The physical limit for the abundance of intellectual property to be overcome is comparatively miniscule and shrinking further thanks to improving storage capabilities of computers. So like the some members of a community may be inclined to tend a community garden, others might selfishly enjoy creating intellectual property such as inventors and designers but as soon as their labor is easily taken for granted, the economical balance is disrupted. We should be able to support production of intellectual property at a small scale but the globalisation of communications and knowledge over the past several centuries has made that not practical.

Code and Content as Assets

Many activists involved in resisting DRM, copyright and patents often evangelise that private IP conflicts with long-term progress and inhibits essential freedoms. Finding economical answers to better serve production of intellectual property so more people are incentivised to choose sharing ideas publicly rather than keep them privately protected is certainly a difficult task and most likely will not be resolved via a single solution. Most mainstream research journals see the IP they publish as assets to protect in order to sustain their business and thus make the access artificially scarce by marking it with a price. Many VCs who fund software development similarly see the code produced by developers as a significant asset which protects against competition implementations. In some cases, there can be agreements between corporate competitors to build public solutions for standardising purposes but this is not a reliable solution and has potential to lead to bad implementations of those standards that many others must begin to rely upon. To integrate intellectual property into our economy properly, we must work to evolve the economic system itself rather than force ideas to take on characteristics which make them artificially scarce.

In the final post of this series, I will overview solutions which have pushed the boundaries of how we deal with money and intellectual property and more specifically, what SAFE brings into the mix. Scaling is the main factor in the breakdown that we see in many systems from currency and property to the Internet itself so focusing our sights on this problem is essential. While MaidSafe is working on a single solution to address these issues via an evolved Internet, the previous experimentation and future supplementary projects from other parties will be necessary to grow a real foundation for a global economy and digital society.

Glocalization of Internet Freedom

For the first week of March several hundred internet freedom activists from all around the world gathered for the Internet Freedom Festival in the Las Naves collaborative space in Valencia, Spain for a wide variety of sessions addressing tools, policies and perspectives within privacy and security on the Internet. Trainers, developers, journalists, technologists and those simply curious to learn from 76 countries traded perspectives and skills while forming bonds to continue collaboration post-festival and strengthen support for each others work. Previously named the “Circumvention Tech Festival”, the event organizers placed a strong emphasis on creating a safe space for open collaboration without compromising privacy and identity for those attending at the risk of local oppressive governments learning of certain individual’s attendance. A strict no photography rule was set in place in addition to the Chatham House rule (not referring to identities in referencing quotes or points individuals made) for note taking and general future discussion of the topics presented. Attention was also put on meeting other attendees through prioritizing sessions with discussion and collaborative activities. Session topics ranged from threat modeling through holistic risk analysis to community networks and the process of flashing routers to build a mesh. The entire festival offered a beating pulse of local perspectives on digital privacy and security while simultaneously highlighting the need for global collaboration in regards to building tools, advocating policy and strengthening communications within this community and beyond.

The concept of “glocalization” which permeated throughout the event was perfectly introduced to me in the first session that I attended at the festival; Glocalization for Noobs: How to Design Tools for a Global Audience where panelists discussed and advocated for integrating the process of translation more tightly into software development. They discussed the translation of software going beyond localizing text and taking into consideration the entire user experience from perspectives of various regions. While many products are marketed towards specific areas, most software is used globally, or at the least have potential for wider adoption and would benefit from the review of testers in various locales. Importance on focusing attention on region specific points of view continued throughout the event where a handful of meetups dedicated time to discussing the state of Internet security and surveillance in Latin America, Africa and the Middle East. Sessions also incorporated this focus recognizing and addressing the particular hurdles of regions. The session Network disconnections: Effects on Civil and Trade Rights included a short presentation on the regular disruptions in internet access people in Pakistan face and subsequent research followed by a general discussion about the broader topic of region-wide disruptions usually due to political pressure and what policy and economic arguments can be made in opposition. Other sessions focused on the general sense of considering global communities and allowing respective perspectives to be shared together. Privacy Across Cultures was dedicated to a discussion on what the impact of privacy and its absence has meant in various cultures beyond freedom of expression and focusing on more long term effects.

Beyond the diverse cultural representation at the event, there was also a wide array of representatives from tools, new and old. In one workshop session titled Deploy an emergency Libre-Mesh network with local services, we formed in small groups and flashed routers with libre-mesh to form a p2p network. It was one of the fastest and most simple efforts of flashing a router to build a mesh network that I’ve ever experienced – it took about 30 minutes total for all 7 groups (with a range of familiarity of flashing routers) to connect with each other. If mesh networks are something of interest to you or your community, I highly recommend checking out libre-mesh. Additionally, one of the evening’s featured a tool showcase of 15 technologies ranging from a service called Stingwatch for detecting and reporting locations of Stingrays (fake cellphone towers used by authorities for tracking individuals) to the more well known Freedombox (security and privacy focused software for personal servers). Unfortunately, I was not privy to this portion of the event beforehand and not aware of the status of the MVP launch, else I would have loved to participate and demo the SAFE network to the crowd. Alas, I was able to do so in a more intimate setting for a session of it’s own. Having attended the festival with the intention of presenting a more general session on improving communications on network topologies and ownership infrastructures (based on previous explorations of the topic), I was able to join several dozen others who created “self-organized” sessions which were added in the schedule as the week progressed. This session was much less interactive other than various questions from participants but because we have software to show now, I was able to finish the presentation with a successful demo of the SAFE Launcher and example app to a crowd for the first time!

Overall, the Internet Freedom Festival was a huge success from a personal perspective by highlighting a variety of topics from technology to communications and diversity. To achieve true internet freedom worldwide, we must consider localized efforts and understand that needs vary from region to region by listening rather than assuming. Digital security training has expanded throughout the world and understanding the array of obstacles that regions face will help us build better software. I feel confident that the SAFE network will be a strong example of building a diverse, global community (as we see it happening already) but also appreciate the strong reminder that this will happen much more efficiently if we put effort towards diversifying our perspective. While the MaidSafe core team has a regionally diverse team itself, community-based development and translation efforts will continue be essential if we want to make SAFE a truly global network. I really look forward to attending Internet Freedom Festival again next year with a proper SAFE network up and running while expanding my understanding even more to make the network accessible to more people (and hopefully capture a few other team members to attend as well).

Scrap The Snoopers Charter And Connect The Dots

This month, the UK Government produced it’s latest piece of legislation designed to provide intelligence agencies with unfettered access to all our data and communications. The Investigatory Powers Bill (IPB), affectionately known as the Snoopers Charter by privacy advocates, is the latest play in the long running debate about whether governments, should not only be legally empowered to bulk collect and surveil our data, but actually force companies to weaken the encryption they use to protect their user’s data, thereby enabling the Government to read it.

While privacy advocates will attack the legislation and rather predictably the government will defend it, the strange thing about the IPB legislation in general is that it will not and cannot deliver the government’s primary objective, which is in the words of the Home Secretary Theresa May, to ensure that  “…intelligence agencies have the powers they need to keep us safe in the face of an evolving threat”.

ID-100241219

Mass surveillance doesn’t work

There is absolutely no evidence that supports the argument that the mass surveilling of data stops attacks, or catches terrorists and there is plenty of evidence to the contrary. For example, despite the individuals involved in the terrible attacks in Paris being known to security services, and the fact that France has already implemented their own mass surveillance legislation, the atrocities still took place. Similarly, those that took part in the Charlie Hebdo attack, and the men responsible for the shocking murder of Fusilier Lee Rigby in Woolwich, were all known to security services.

If we can’t monitor those flagged up to be potential terrorists, how do we expect to effectively monitor the many millions of regular Internet users?

Drinking from a fire hose

The reason that mass surveillance doesn’t work is that it is not the correct tool to prevent terrorism, and in fact, some experts believe it takes valuable time and resources away from more effective tactics. Well respected cryptographer Bruce Schneier suggests that data mining (sifting through large amounts of data looking for patterns) is effective when seeking well defined behaviour that occurs reasonably regularly, such as credit card fraud. However, they are less effective with very rare behaviour as the mining algorithms are either tuned to provide so much data that they overwhelm the system (some have likened this to drinking from a fire hose), or are tuned to produce less data and miss an actual attack.

Bruce Schneier illustrates this point in his book, Data and Goliath:

“Think about the full-body scanners at airports. Those alert all the time when scanning people. But a TSA officer can easily check for a false alarm with a simple pat-down. This doesn’t work for a more general data-based terrorism-detection system. Each alert requires a lengthy investigation to determine whether it’s real or not. That takes time and money, and prevents intelligence officers from doing other productive work. Or, more pithily, when you’re watching everything, you’re not seeing anything.”

Safer by removing protections?

Delving into the IPB more closely, specifically section 189 entitled “Maintenance of technical capability”, would enable the secretary of state to issue orders to companies “relating to the removal of electronic protection applied … to any communications or data”. Basically, the Government could demand end-to-end encryption be disabled, or replaced with a weaker form of encryption by the provider, enabling user data to be read. 

End-to-end encryption enables both the sender and receiver to encrypt and decrypt messages without the message content being available to an untrusted third party, such as the Internet Service Provider, or application provider. When we consider that one of the UK’s largest ISPs, Talk Talk, was just hacked, we can start to appreciate just how nonsensical this proposed solution is as end-to-end encryption would have ensured that none of the stolen information was readable. Should this law come into force, the law abiding citizens and companies of the UK would adhere to the IPB, becoming less secure in the process, while the terrorists and criminals illegally enjoy all the protections that well implemented encryption technology offers.

This doesn’t sound like legislation that will “…keep us safe in the face of an evolving threat”. In fact, with the removal of end-to-end encryption, the government is prioritising their ability to read our information over the security of our data, which in itself is curious, for as we know, mass surveillance doesn’t make us safer either.

ID-10055197

Connect the dots…

So, if the answer to making us safer isn’t weakening encryption and hyper surveillance, what is it?

Simply, a return to traditional investigative work, using the tried and tested connect the dots approach suggested by experts. Specifically, following up reports of suspicious activity and plots, using sources and investigating other seemingly unrelated crimes, mixed with targeted surveillance. Many of the privacy advocates that have spoken out about this bill have not expressed a demand for privacy above all else. Rather, if we are going to use practices that clearly undermine our human rights there should be a clear benefit for doing so. As it stands, the proposed legislation and solution is not a sufficiently good reason. 

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

1.1 Billion Reasons Companies Should Encrypt Our Data

As the media pick through the details of the latest large, embarrassing and costly data theft, the current victim, TalkTalk, a UK public telecommunications company, are set for a difficult few months. With revenue of almost £1.8 billion, the company have had an as yet unknown number of their 4 million UK customer details stolen by a perpetrator that ranges anywhere from a 15 year old boy to Islamist militants, if recent reports are to be believed.   

While the post mortem that follows will likely establish the details, the company has already admitted that some of the stolen information was not encrypted. While this was clearly lax for a company that that has been targeted by hackers 3 times in the last year, it seems that under the UK’s Data Protection Act theyare not legally required to encrypt data. The specific wording of the act suggests that firms need only take ‘…appropriate technical and organisational measures…’.

Senior director of security at Echoworx Greg Aligiannis advised “The most concerning revelation from today’s news is the blasé approach to encrypting customer data. Security of sensitive information must be considered a priority by everyone, especially when the life histories of potentially millions of customers are at risk.”

ID-100304695TalkTalk are not alone, research by security specialists Kaspersky Labs suggest that 35% of companies worldwide don’t use encryption to protect data. Surprising given the harsh penalties for breaches. IBM estimates that the average data breach costs $3.8 million, with an average cost of between $145 and $154 per record, not to mention the untold damage to the reputation of the companies affected. When we consider that there were an estimated 1.1 billion records exposed during 2014, we can start to realise the extent of the problem.

With such significant repercussions for being hacked, one must question why encryption technology is not used more widely.

In almost all cases cost will be a factor. Encryption is not cheap. Procedures need to be implemented and maintained by specialist skilled staff and then rolled out through often very large organisations. Asset management, access controls, security incident management, compliance…etc…will all drive the cost, as will new hardware, such as encryption servers. Complexity is another issue that raises many questions: how will the encryption keys be managed? do we let our employees bring and use their own devices into the work place? is the chosen encryption solution compatible with other systems? and what about mobile device management? 

With the number of breaches rising every year and no legal obligation for companies to encrypt our data it would seem that we as individuals need better solutions. For storing data on cloud providers, for example, client-side encryption has existed for sometime that enables users to encrypt their data before it leaves their computer, meaning that companies like Dropbox or Google can’t read your data, although they can delete it. Similarly, the self-encryption component within the SAFE Network also encrypts all network data prior to it leaving the users machine and does so automatically as they upload a file.  Providing encryption that is easy to use and user friendly is surely the key to its wider use. 

However, as good as tools like this are for the storage of our files, we are unfortunately still reliant on companies to look after our personal information and bank account details as things stand. Legislation needs to be tightened up that pushes companies to be much more accountable and responsible with our data. It should demand that not only is our data encrypted, that sufficient policies and procedures are put in place to maximise its effectiveness, as without these, even the strongest encryption can be rendered useless. Providing a high level of data security is simply the cost of doing business, not a nice to have feature.

Events like the TalkTalk hack should also remind us how nonsensical recent Government suggestions that we should ban or attempt to weaken encryption are. It is one of the best lines of defence against adversaries and with its use in all types of commerce, underpins the global economy. 

Image courtesy of David Castillo Dominici at FreeDigitalPhotos.net