Lessons for technologists from historical resistance

This piece Cory shares works on a couple of levels. 1st is the simple history of how tech workers interfered with the Nazis, a theme that reminds me in all the best ways of the history and historical fiction I have read around WWII code making and breaking efforts. Perhaps more importantly, here, Cory shares a plea for modern tech workers to consider what they can do to help protect those at most risk in ways similar to our historical antecedents, translated forward to today.
Read More …

Petition Asks White House to De-criminalize DDoS Attacks As Social Protest

I thought from the headline this might be a more wide ranging consideration of free speech and legal theory. According to Adam Popescu at ReadWrite it is actually about a very specific petition to the White House catalyzed by Anonymous to de-criminalize DDoS attacks. I am not sure I agree with this in practice as appealing as it is in spirit. I keeping coming back to what several activists who have been imprisoned point out, that there is no digital entity correspondingly at risk of imprisonment and personifying the issues being protested as such.

Adam does include some quotes from folks in the world of hacktivism, including Asher Wolf who rates the petitions chances at nil and Dan Kaminsky:

Security expert Dan Kaminsky says that while he wouldn’t sign the petition, he thinks the attempt is far from silly or naive. Kaminsky indicated that while the petition may be misguided, the idea of creating legitimate forms of online protest in the heavily guarded online world are needed.

“People are going to figure out how protest works in a system that has gotten very good at suppressing protest,” Kaminsky said. “I see where they’re coming from… I understand the desire.”

I think that is about right, if not this form than another will be found that works, legally as well as practically, and much more likely sooner rather than later.

DDoS Attacks As Social Protest, ReadWrite

A Few Final SOPA/PIPA Links for Consideration

As you may well imagine, the sites from which I usual cull my blog fodder have either been out of action or focusing exclusively on the pleas against SOPA and PIPA during this day of protest (as have I.)

In lieu of my usual curation of stories, even a minimal link dump, here are a few more posts worth reading about SOPA and PIPA.

PJ at Groklaw has a pretty good summary of the day’s events, as the sunset sets (at least here on the East Coast.)

Kevin Marks offered via Techdirt a translation of some of the latest frothy blatherings from current MPAA chief and former Senator Dodd. I honestly see visions of him dictating this, neck veins bulging and flecks of spittle flying from his lips. I am a bit galled that he has the temerity to call an “abuse of power” the actions of site and network service operators defending themselves from the very existential threat he has been championing through incredibly deep pocketed lobbying.

That’s not the end of it, either. Also on Techdirt, Mike Masnick relays how the MPAA is now trying to downplay the web wide blackout, claiming no large sites participated. Google? Wikipedia? Yeah, those are inconsequential. Even among technology enthusiasts and early adopters, clearly no one has ever heard of them.

And finally, Lauren Weinstein wonders what happens when the banners come down and the lights go back on at all the the protesting sites. Joe Brockmeier at ReadWriteWeb poses similar questions about how we sustain vigilance against bad ideas advanced by those whose bank balances outstrip any sense they might have of the greater public good. Alexis Madrigal at The Atlantic touches on many of the same questions, drawing parallels to other movements and how to encourage focus, break out of the technology centric echo chamber and sustain momentum.

All are worthy thoughts to bear in mind as we tally our victories and lick our wounds, returning from whence we respectively came. Tha may be the usual state of apathy about issues that are admittedly not the easiest to understand. Or it may be the near constant apprehension I know I am not alone in feeling over what lunatic scheme Hollywood will try next rather than engaging in a meaningful dialogue about real means of protecting and bostering cultural creation without damage the very public whoser heritage it is.

Hopefully a few people, at least, were informed enough by today’s events to perhaps to be lead through greater awareness to that latter group, being more mindful than before of what is at stake when seemingly obscure legislation like SOPA and PIPA is next proposed.

Human Readable Explanation of the Problems with SOPA/PIPA

Mitchell Baker, head lizard wrangler for Mozilla, has a very clear post for those still struggling to understand the problems with the proposed SOPA and PIPA legislation. As maker of the Firefox browser and a very active organization in shaping many new developments on the web, Mozilla has a huge stake in the outcome.

I like Mitchell’s analogy of a store. While not perfect as the costs of altering virtual directories and digital maps is different than their physical counterparts, the overall absurdity of trying to legislate around a blatant pirate site is no less absurd.

The solution under the proposed bills is to make it as difficult as possible to find or interact with the store. Maps showing the location of the store must be changed to hide it(1). The road to the store must be blocked off so that it’s difficult to physically get to there(2). Directory services must unlist the store’s phone number and address(3). Credit card companies(4) would have to cease providing services to the store. Local newspapers would no longer be allowed to place ads for the video store(5). And to make sure it all happens, any person or organization who doesn’t do this is subject to penalties(6). Even publishing a newsletter that tells people where the store is would be prohibited by this legislation(7).

Her conclusion is also compelling to me, that SOPA and PIPA are ill timed as the world of online content is heavily in flux. The implication is that many of the solutions we might consider would be bad fits, not just DNS blocking and the other measures in these bills. She admits room as well for those that prefer to make user of existing, traditional business models where an author prefers to limit access and use a per-per-view model.

PIPA/SOPA and Why You Should Care, Lizard Wrangling

Big Content Won’t Scare Me off the Net

Or why this site is not blacked out.

(Updated to add links for further reading at the end of the post. I realize as my thoughts are shared beyond my usual readership that this entry doesn’t adequately explain the issues and what is at risk, relying very heavily on my writing and podcasts to make clear what is at stake and my broader views on copyright.)

Blacking out web sites in protest of proposed legislation that would adversely impact the values embodied in online conversation and activity is one of the more venerable traditions in a space defined by a metaphorical clock that ticks at breakneck speed.

In the past, these efforts have seemed to me to be a bit tenuous at best. I say so not to doubt the sincerity or commitment of those participating but of the visibility of these virtual actions to the general prublic and responsible policy makers.

Not so this time around. I don’t think it is the sheer volume of participation, though I don’t have any hard data to back up my sense of that. I think that access to the net is now much more a part of an expanding fraction ordinary people’s daily reality than in protests past. There are still not inconsiderable challenges we have left to realizing true universal access but all the same I feel this campaign is a signal moment beyond just the issues it is directly addressing. The audience size seems to have passed a tipping point, not the head count of those speaking out. Perhaps this is as a result of the recent round of social innovations, maybe it is just the logical outcome of growth curves going back to the original commercialization of the net in the nineties.

The reason my site is still live has nothing to do with skepticism of other destinations going dark. Hopefully I’ve made clear how I feel the highest profile sites speaking out will affect more people than any other issue thus far. I am especially eager to get a sense of how broadly the self imposed embargo of Wikipedia reaches. A site that is more used by more people seems hard to imagine, even the most popular news or media outlet. And yet, try to think back to Wikipedia’s presence in the public consciousness ten or even just five years ago in comparison.

The core provocation invited by the web wide blackout is to imagine an online space where laws like SOPA and PROTECT IP are on the books. In such a world, the expanded and unchecked private rights of action will the your most notorious YouTube takedown spat to date look like a mild disagreement over an obscure point of netiquette in the most civil of networked fora. Easy to imagine existing voices quelled, as many are doing to themselves in protest; far harder to envision what voices might never be heard, what innovations never developed.

The most effective participation I’ve seen so far, at least for me, are the protests where the authors have clearly internalized the issues and put forward the same call to action, to contact your elected representatives to voice your concerns. Uniformity breeds complacency where as unqiue expression better begs thoughtful contemplation and hopefully active engagement.

In that context, in my speculative imagining of post-SOPA, post-PIPA world, I would still be here. Day in and day out I already try to parse and share the implications of the slug fest between the increasingly monopolistic entertainment industry and the innovators of all sizes from the technology sector. I don’t necessarily accept that piracy is the huge existential problem that the Hollywood establishment makes out. Taking that as a point of departure, there are just far too many questions around how legislation like the already on the books DMCA and the proposed ones we are currently protesting are appropriate responses.

Beyond my loud mouthed persistence in publicly teasing apart these questions, my own imp of the perverse would drive me to tempt the exercise of these new private rights of action on steriods, powers that lack appropriate cheks-and-balances when the proven potential for abuse is so great.

Let them try to shut me up, if the stakes are free expression then being subject of impact litigation is well worth the cost.

To learn more about the Stop Online Piracy Act (SOPA), the PROTECT IP Act (PIPA) and why so many sites and people are protesting them, the page for taking action at American Censorship has plenty of additional resources, scroll towards the bottom for a video, some selected articles and a timeline of events around these pieces of legislation.

New Copyfighting Rap from Dan Bull

TorrentFreak, among others, pointed to a new video by copyfighting rapper, Dan Bull.

Dan organized participation by his fans via Twitter and Facebook to make the video for this latest protest song. I think high degree of participation very well demonstrates that the average person, at least the average rap listening person, gets how dangerous SOPA is to the open Internet.

Do click through and check out the enigmax’s post as it includes an exclusive quote to TF about the video, beginning with:

“As an internet geek, a musician, and a non-evil person, SOPA is abhorrent on several fronts,” Dan told TorrentFreak. “It threatens the future of the internet, which is something far more valuable both commercially and socially than the entertainment industry ever has been, or ever will be.”

I am still holding out for a greatest activist hits album from Dan, that we speculated about in the interview I conducted with him earlier this year.

File-Sharing Darling Dan Bull Publishes Anti-SOPA Rap, TorrentFreak

Video About the EU Hackathon

I shared this already on my social networks but thought I’d take a moment to highlight it here as I’ve mentioned in my recent travel updates my trip to Brussels last week. This is a seven and a half minute video about the EU Hackathon, event on which I worked as a speaker and organizer. Thanks to the hard work of my fellow organizers and the awesome efforts of the participants, the event far exceeded everyone’s expectations.

The crew responsible for this video did a great job capturing the purpose, outcomes and experience of being involved with this first group of hackers to anchor a hackathon in the halls of the EU Parliament. They produced a couple of accompanying videos focusing on the start and end of the hackathon, both of which were the portions that took place within the Parliament building in Brussels.

As Caroline de Cock explains in the video, the hackathon was organized around two goals, internet quality and government transparency. I helped organize the work on the former, working to select the participants and staying up as much as I possibly could through the 24 hours of hacking and attendant activities to offer my expertise on the source code of the network measurement experiments hosted by Measurement Lab. (Yes, that is the project I’ve mentioned as being a large focus of my current day job.)

We are already talking about next year. Stay tuned, there may be related activities between now and then working on these same two fronts, sponsored and organized by those of us behind the EU Hackathon.

Post-Revolution Egypt Arrests Activist Blogger

I was fortunate to see Alaa Abd El Fattah speak both at PDF over the Summer and just last week at the Silicon Valley Human Rights conference. Every time I have heard him give a talk, I am impressed by his courage, conviction and the way he brings home the personal scale of much of what has happened as part of the Arab Spring. Alaa constantly serves as a reminder that technology alone is not enough, whether that is blogging or social networks; what matters is by whom and how these tools are used.

Even as Alaa spoke at SVHR, he was facing charges back home in Egypt for speaking out against the use of military courts and trials when the time has clearly come to restore the civil and criminal justice systems. Curt Hopkins at ReadWriteWeb has a bit more background both on the current charges and Alaa’s past activism. Upon returning to Egypt after SVHR, Alaa was imprisoned on these charges.

The organizers of SVHR, Access Now, have organized a campaign in support of Alaa, seeking his freedom. Please consider participating.

New Online Activism Tool

I saw MailCongress via Hacker News. It’s promise is simple, to weld an online interface to the form of correspondence to which most Congress critters respond best, snail mail. There is precious little information on the site though, beyond a video showing a very easy to use interface that even alleviates chore of knowing your representatives and where to mail them. The most concerning lack is that the privacy policy and terms of service links go to placeholder pages.

At first I thought this was brilliant but on reflection, I am not so sure. One of the reasons I’ve heard that postal mail trumps email is the postmark. It is a reasonable heuristic with which staffers can filter the correspondence from real constituents vs. anything from anywhere else. I cannot imagine MailCongress being able to preserve the postmark, not at one dollar a letter.

Beyond that, I think hacks and workarounds like this are delaying better considered solutions. We need to develop a good enough means of verifying constituency that lets citizens choose their own preferred means of communication. We have so many great ways to communicate with each other, why should we be so crippled when exercising one of the most basic elements of participating in an open democracy?

Easy Attack Tool Demonstrates What We Already Knew

We all know that if you don’t see the lock indicator and the colored favicon in our browsers, than our connections to the web sites we surf are not secure. Intellectually we get that means any information we exchange, like passwords and personal data, can potentially be eavesdropped. I suspect many of us lack a visceral intuition for what this really means.  What may be even less clear is that some of the mechanical guts of web sites we take for granted may be more vulnerable to being taken over by an attacker because of this same default of unencrypted communication.

Eric Butler has made a splash with his present at Toorcon 21 over the weekend of Firesheep, a proof of concept attack tool in the form of a browser add on.Most of what Firesheep does is not new, it primarily demonstrated the lack of security inherent in the way most of us use the web in a graphically compelling manner.  It not only captures unencrypted data it allows its user to hijack a login with a mere double click.

Take a look at his blog post for screen shots.  I am not sure, ethically, it is a good idea to install the open source add on and try it yourself.  Knowing how easy this exploit is to use should drive the point home strongly enough.  Even if Butler’s work gets taken down, as may be likely as the storm it unleashes winds its way around the web, bear in mind that criminal attackers aren’t relying on security researchers to show them how to effect these hijacks.  The point here isn’t that Butler is make an attack possible, but showing us in no uncertain terms what some real attacker somewhere is undoubtedly already doing.  Butler’s presentation was aimed at the site operators who should know better, who should be requiring SSL encryption or deploying other equally effective means to prevent session hijacking.

If you Firesheep concerns you, as it should, enough to finally take some active steps to protect yourself, you can install the HTTPS Everywhere add on about which I blogged some time ago. HTTPS Everywhere forces your connections to use SSL encryption everywhere possible. It is a collaboration between EFF and the Tor Project, two organizations very much dedicated to protecting our right to privacy online.  Using SSL for all communications with the sites Firesheep targets and encrypting the cookies they so promiscuously share should reduce, if not eliminate, the risk of session hijacking.

If anyone knows of equivalent add ons for other browsers, feel free to recommend them in the comments.

Firesheep, {codebutler} via Hacker News