Occupy Wall Street and the global “Occupy” protest movement have brought the issue of search and seizure of data on cellphones to the forefront in the United States and around the democratic world. Police have been seizing and searching the phones of protesters with the legal justification that they believe that phones contain evidence of crimes and and that the phone owner is planning to destroy the evidence. As Rebecca Rosen reports at the Atlantic, within the United States there isn't a clear policy on the issue and it varies state by state. The Supreme Court has recently denied a hearing on the issue, so Americans will have to wait for a clear answer on the issue. Meanwhile, there is the EFF's Cell Phone Guide for Occupy Wall Street (and Everyone Else).
Technologists and hackers are bringing their software coding and engineering skills to Occupy protests around the country. Last Friday entrepreneur Matt Ewing organized a San Francisco “hackathon” called “Occupy the Web, hacking for the 99 percent,” aimed at helping to address protesters’ technology needs. TechPresident has a list of some of the projects they worked on, including an online media hub and a text-messaging network. The Wall Street Journal reports on a New York hackathon for Occupy Wall Street. Mashable has more reports on the hackathons here and here. Meanwhile, GOOD magazine reports that Tumblr, a fast-growing mixed-media microblogging platform, is emerging as the platform of choice for Occupy Wall Street protesters.
For a broader argument about the connection between the Occupy movement, Internet freedom, and media reform, see this essay by Mera Szendro Bok. Earlier this month, the Columbia Journalism Review documented a day in the life of Occupy Wall Street's media team. Also see IJNet's Five tools from Occupy Wall Street that journalists should know about.
Surveillance: The Chaos Computer Club, a group of activist hackers in Europe, released a report about “lawful interception” software allegedly used by the German police. While the German Government is permitted to conduct some forms of “source wiretapping” to combat the increased use of encrypted communication, this software, which can be installed on a person's computer surreptitiously through a harmless-looking e-mail, would seem to far overstep that mandate. Such “trojan” software allows for information to be uploaded and software commands executed surreptitiously. The CCC found that a computer's camera and microphone could be then used for surveillance purposes. Even more alarmingly, they found that anyone with knowledge of the program could infiltrate and alter an infected computer. A ZDNet piece reported that F-Secure found that the program would also act as a keylogger that targets certain applications including Firefox, Skype, MSN Messenger, ICQ and others. F-Secure could not confirm that the trojan had originated with the government.
The EFF reports on the revival Canadian legislative proposals C-50, c-51, and c-52 that would broadly empower the law enforcement: forcing ISP's to hand over user data without a warrant, providing ISP's immunity in the case of violating custom privacy, and barring the ISP from informing users if they furnish your data to the government. The proposal had already been defeated by being stricken from a larger bill, but the Canadian Justice department remains committed to getting the proposals passed. A petition against the proposals can be found here.
Censorship: After the outpouring of comments on micro blogging sites like Weibo following the tragic crash of two high speed trains in July, the Chinese government continues to evaluate how micro blogging can be controlled and kept in line with censorship policies. The Wall Street Journal reports that the government is conflicted by the fact that Weibo has proven a useful tool for government officials to quickly communicate with the public, but has also proven difficult to control.
Meanwhile the United States Trade Representative has announced that, under WTO rules, it is seeking detailed information on China's Internet restrictions. The U.S. government is concerned about “the trade impact of Chinese policies that may block U.S. companies’ websites in China, creating commercial barriers that especially hurt America’s small business.”
On October 10th, UK Prime Minister David Cameron announced a plan under which the four largest Internet service providers will block access to adult themed content. There is still no definition of what the blocked content is, or any lists of sites that have been blocked. The program is on an “opt-in” basis only – although what that means precisely remains unclear as well. Violet Blue at ZDNet offers a scathing critique of the system.
A French court has ruled that French ISPs must block the website Copwatch Nord Paris I-D-F. Copwatch Nord Paris I-D-F was known for posting images and videos of the French police allegedly using violence against ethnic minorities, harassing protesters and detaining suspects, and additionally for a database of police officers that included personal information about the officers. While the court only initially ordered the database to be blocked, that was not deemed possible for technical reasons and as a result the whole site was ordered to be blocked immediately as of last Friday. Internet users in France confirm to the Netizen Report that it is presently blocked. However, the free speech group Quadrature du Net points out that the order has actually provided free marketing for the website and its cause (in a classic case of the “Streisand effect“). Numerous “mirror” websites have been set up, and people with technical know-how can also circumvent the blockage with circumvention tools.
Sovereigns of Cyberspace: Facebook may have a new thorn in its side: Max Schrems. Schrems, a law student and now Internet activist after founding Europe versus Facebook, has started a movement questioning how Facebook handles user data and private data of non-users. Schrems has filed 22 complaints to the Irish Data Protection Commissioner (IDPC), with one of the most alarming being complaint #2. His complaint alleges that Facebook is collecting names, email addresses, telephone numbers, addresses and work information of non-Facebook users. The IDPC is investigating five complaints, including the complaint #2, the Irish Times has a list of the rest here. As a result of these complaints, the IDPC is conducting an audit of Facebook's operations in Europe.
The Christian Science Monitor reports that Verizon is now logging private data such as phone location, browsing history, app usage, and device information. Similar changes are in store for the company's wired internet customers as well. Verizon claims that the data will be shared in a non personally identifiable fashion, but as we have seen by the AOL search data release in 2006, it is possible to determine quite a lot about someone from ‘non identifiable’ data. The addition of location data would make identifying someone much easier. Verizon has posted information about the changes and is offering an op-out for customers.
Google has teamed up with the charity Citizens Advice Bureau in the UK to promote its Good to Know Campaign on Internet security and privacy. The campaign consists of print adds, adds on public transportation and a Google based website. The website covers four areas: online safety, your data on the web, your data on Google, and how to manage your data on Google. The website aims to make the information accessible and understandable to the public at large with the inclusion of video guides and How To's on managing your data.
At the web 2.0 summit, Chris Poole argues that the internet giants Google and Facebook get the idea of Identity wrong. He claims that their real ID policies fail to understand that “identity is prismatic” and that its important to understand that the context of who is sharing information is as important as the information being shared and as such Google and facebook are limiting people choices where as Twitter offers a more flexible approach. A video of his talk can be found on Youtube.
Internet Governance: Verisign, the U.S.-based company which handles all .com and .net registrations, submitted a proposal to ICANN seeking authority to suspend any domain name deemed “non legitimate” at government request for any reason without court order or due process, or appeals procedures of any kind. After two days of uproar from free speech advocates as well as domain name registrars, Verisign withdrew the proposal. In an analysis of the incident, the Internet Governance Project's Milton Mueller summed up what happened as follows: “Too many techies still don't understand the concept of due process, and opportunistic law enforcement agencies, who tend to view due process constraints as an inconvenience, are very happy to take advantage of that.”
As Kieren McCarthy of dotNext reports, the International Telecommunications Union met in Geneva this week and spent a long time debating how the ITU's “Dedicated Group on international Internet-related public policy issues” should actually go about discussing and deciding Internet policy. Representatives of some countries insisted that Internet policy discussions should only involve governments, while other governments called for the inclusion of other stakeholders, like companies, technical experts, and “civil society.” Eventually, the decision was made to open the policy consultation to non-governmental entities. However the actual decision-making process will be kept closed.
Copyright: Viacom and Youtube were back in court on the 18th. Viacom is appealing the June 2010 decision that Youtube was not liable for uploaded material that infringes on a copyright under protection from the Digitial Millineium Copyright Act, as long as they remove the content after receiving notification of infringing material. Viacom is seeking $1 billion in damages in from Youtube, with their chief council claiming that Youtube was built on piracy. Youtube is reiterating the argument that they made to the lower court: it is impossible for them to determine what is infringing content without the input of the copyright holder. If the appeals court rules in favor of Viacom, the burden of identifying material in copyright violation would be shifted to the content host.
Security Alert: Wired reports in “Get Hacked, Don't Tell: Drone Base Didn't Report Virus” that the Creech Air Force Base detected a virus in the computers of the drone cockpits. The base did not report the presence of the keystroke logging virus to the Air Forces' cyber security teams. The 24th Air Force, the cyber security unit, did not learn about the virus until the story broke online. Graham Cluley, blogging for Sophos, believes that the virus is in all likelihood not a targeted attack, but rather a garden-variety keystroke logger. This is chilling reminder of how vulnerable the military is to cyber attack.
Publications: Symantec published a report that a newly discovered virus, Duqu, appears to be written by the same people, or people with access to the source code of Stuxnet, the virus believed responsible for sabotaging Iran's uranium enrichment infrastructure in 2009 and 2010. Unlike Stuxnet, Symantec suspects that Duqu is designed with surveillance in mind and may even be used in preparation for another attack. It is still unclear who is responsible for the virus, but what is known is that the virus has evolved over time, is designed to remove itself after 36 days, does not self replicate, and that it uses a stolen Symantec security certificate. Symantec believes that its use is targeted and that there may be more undetected variants on the web. The full report can be found here.
Casting a Wider Net: Lessons Learned in Delivering BBC Content on the Censored Internet by the Canada Centre for Global Security Studies and Citizen Lab at Munk School of Global Affairs, University of Toronto is “a detailed report that tracks and analyzes the difficulties of broadcasting the news into jurisdictions that censor the Internet, including Iran and China.” It concludes that censorship techniques evolve rapidly and that news organizations must develop creative partnerships with a range of organizations and experts in order to get their news to audiences in places where Internet censorship is pervasive.
Following the Money: A Better Way Forward on the Protect IP Act by Yale University's David Robinson, “suggests that to avoid significant First Amendment problems and chilling effects, the PROTECT IP Act should be stripped of Internet blocking provisions, and passed as a surgically focused law that will dry up revenue sources for “rogue” web sites.”
Events (repeating events listed in the last edition that have not yet taken place):
Social Movements/ Digital Revolutions will be hosted by Open Media Boston, Massachusetts Global Action, the Organizers’ Collaborative and TecsChange in Cambridge, Massachusetts at MIT and Lesley University from October 21st to 23rd. The conference bills itself as a Digital Media Conference & Grassroots Use of Technology Conference. They will host 12 workshops covering the three themes: Privacy and Public Action, Digital Media & Democracy, and Building Movements. A full list of workshops can be found here.
Silicon Valley Human Rights Conference,”A conference examining and exploring how the high-tech industry can better plan for and manage the human rights implications of their technologies.” October 25-26, San Francisco.
First Bloggers’ World Meeting, October 27-29, Foz do Iguaçu, Paraná, Brazil.
The Public Voice: Privacy is Freedom, October 31st, Mexico City, in conjunction with the 33rd International Conference of Data Protection and Privacy Commissioners. More information here.
Mozilla Drumbeat Festival: Media, Freedom, and the Web. November 4-6 in London.
EU Hack4Transparency Hackathon, November 8-9: Bringing together “talented European developers to facilitate the co-creation of tools…focused on enabling transparency and accountability in the information society.” (Application deadline: Oct. 17)
The Internet Engineering Task Force (“a loosely self-organized group of people who contribute to the engineering and evolution of Internet technologies”) meets November 13-18 in Taipei, Taiwan. The IETF is open to participation by anybody of any nation or affiliation who is capable of understanding what these engineers are talking about, and of contributing constructively to the development of Internet standards and technologies. Even if you are unable to travel, much of the work is conducted through mailing lists.
This report was compiled and drafted with substantial help from Ted Eby and Haritha Dasari.
EDITOR'S REQUEST: If you are attending any of the above meetings and would like to help cover them for GVA, please contact me.