Ronald J. Deibert is the director of The Citizen Lab at the University of Toronto’s Munk School of Global Affairs and the author of an important new book, Black Code: Inside the Battle for Cyberspace, an in-depth look at the growing insecurity of the Internet. Specifically, Deibert’s book is a meticulous examination of the “malicious threats that are growing from the inside out” and which “threaten to destroy the fragile ecosystem we have come to take for granted.” (p. 14) It is also a remarkably timely book in light of the recent revelations about NSA surveillance and how it is being facilitated with the assistance of various tech and telecom giants.
The clear and colloquial tone that Deibert employs in the text helps make arcane Internet security issues interesting and accessible. Indeed, some chapters of the book almost feel like they were pulled from the pages of techno-thriller, complete with villainous characters, unexpected plot twists, and shocking conclusions. “Cyber crime has become one of the world’s largest growth businesses,” Deibert notes (p. 144) and his chapters focus on many prominent recent examples, including cyber-crime syndicates like Koobface, government cyber-spying schemes like GhostNet, state-sanctioned sabotage like Stuxnet, and the vexing issue of zero-day exploit sales.
Deibert is uniquely qualified to narrate this tale not just because he is a gifted story-teller but also because he has had a front row seat in the unfolding play that we might refer to as “How Cyberspace Grew Less Secure.” Continue reading →
There was an important article about online age verification in The New York Times yesterday entitled, “Verifying Ages Online Is a Daunting Task, Even for Experts.” It’s definitely worth a read since it reiterates the simple truth that online age verification is enormously complicated and hugely contentious (especially legally). It’s also worth reading since this issue might be getting hot again as Facebook considers allowing kids under 13 on its site.
Just five years ago, age verification was a red-hot tech policy issue. The rise of MySpace and social networking in general had sent many state AGs, other lawmakers, and some child safety groups into full-blown moral panic mode. Some wanted to ban social networks in schools and libraries (recall that a 2006 House measure proposing just that actually received 410 votes, although the measure died in the Senate), but mandatory online age verification for social networking sites was also receiving a lot of support. This generated much academic and press inquiry into the sensibility and practicality of mandatory age verification as an online safety strategy. Personally, I was spending almost all my time covering the issue between late 2006 and mid-2007. The title of one of my papers on the topic reflected the frustration many shared about the issue: “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions.”
Simply put, too many people were looking for an easy, silver-bullet solution to complicated problems regarding how kids get online and how to keep them safe once they get there. For a time, age verification became that silver bullet for those who felt that “we must do something” politically to address online safety concerns. Alas, mandatory age verification was no silver bullet. As I summarized in this 2009 white paper, “Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer,” all previous research and task force reports looking into this issue have concluded that a diverse toolbox and a “layered approach” must be brought to bear on these problems. There are no simple fixes. Specifically, here’s what each of the major online child safety task forces that have been convened since 2000 had to say about the wisdom of mandatory age verification: Continue reading →
Harvard Berkman Center professor Jonathan Zittrain has published another pessimistic, Steve-Jobs-is-Taking-Us-Straight-To-Cyber-Hell editorial building on the gloomy thesis he set forth in his 2008 book, The Future of the Internet and How to Stop It. His latest piece appears in the Financial Times and it’s entitled, “A Fight over Freedom at Apple’s Core. Concerning the recent Apple iPad announcement, Zittrain warns: “Mr Jobs ushered in the personal computer era and now he is trying to usher it out.”
I’m not going to go into yet another lengthy dissertation about what it so misguided about his thesis that cyberspace is becoming more “regulable” and that digital “generativity” is dying because of the rise of devices like the iPhone & iPad, or sites like Facebook. Instead, I will just point you to the many things I’ve written before explaining just how far off the mark Prof. Zittrain is on this point. [See the complete list down below + video of our debate.]
But let me just say this… Ignoring that fact that he is an iPhone user himself — which makes no sense considering that he thinks of Apple as the font of all cyber-evil — he can’t muster any substantive empirical evidence proving that the Net and digital devices are being more “closed, sterile, and tethered,” as he repeatedly claims in his book and editorials. And that’s not surprising because the reality is that the digital world is more open and generative than ever, and even if there are some “closed” devices and systems out there, they are actually quite innovative and not perfectly closed as Zittrain suggests. The spectrum of “open vs. closed” systems and devices is incredible diverse and nothing is
perfectly “open” or “closed.” We can have the best of both worlds: many open systems with some partial “walled gardens” here and there (or hybrid systems combining both). Regardless, we are witnessing greater digital “generativity” and innovation with each passing year. Until Zittrain can prove the opposite, his thesis must be considered a failure.
Finally, I want to associate myself with this excellent critique of the Zittrain thesis by Prof. Ed Felten, who points out that Zittrain’s argument doesn’t even work for the iPad, which I would agree is a fairly “closed appliance” in the Zittrainian scheme of the things:
Continue reading →
Seems like everywhere I turn someone is gushing about their new Droid phone, including my TLF colleagues Berin Szoka, Braden Cox, and Ryan Radia, who all had great fun rubbing their new toys in my nose over the past couple of days. And why not, it’s a very cool little device. It makes my HTC Touch seems positively archaic in some ways, and it’s only a year old. Apparently, 100,000 people already picked up a Droid in just its first weekend on the market.
But here’s the first thing that pops in my mind every time I see someone showing off their new Droid: How can a device like this even exist when America’s leading cyberlaw experts have been telling us that the whole digital world is increasingly going to hell because of “closed” devices, proprietary code, and managed networks? I’m speaking, of course, about the lamentations of Harvard professors Lawrence Lessig, Jonathan Zittrain, and their many disciples. As faithful readers will recall, I have relentlessly hammered this crew for their unwarranted cyber-Chicken Little-ism and hyper techno-pessimism. (See my many battles with Zittrain [1, 2, 3, 4, 5, 6 + video] and my 2-part debate with Lessig earlier this year).
“Left to itself,” Lessig warned in Code, “cyberspace will become a perfect tool of control.” He went on to forecast a dystopian future in which nefarious corporate schemers would quash our digital liberties unless benevolent public philosopher kings stepped in to save our poor souls. Code was the Old Testament of cyber-collectivism. The New Testament arrived last year with Zittrain’s
The Future of the Internet and How to Stop It. In it, we hear the grim prediction that “sterile and tethered” digital technologies and networks will triumph over the more “open and generative” devices and systems of the past. The iPhone and TiVo are cast as villains in Zittrain’s drama since they apparently represent the latest manifestations of Lessig’s “perfect control” paranoia.
Apple’s “Angel of Death”
How completely out-of-control has this thinking gotten? Well, here’s David Weinberger — another Harvard Berkman Center worrywart — talking about that supposed satanic font of all evil, the Apple AppStore: Continue reading →
Last night here on the TLF, Bret Swanson raised a number of objections with this FCC-commissioned report about international broadband comparisons, which was conducted by some folks at Harvard University’s Berkman Center. Meanwhile, over at the Digital Society blog, George Ou also offers a hard-nosed look at the Berkman broadband report and concludes “The underlying data cited by Berkman study is simply too flawed to be of any use.” I recommend everyone check out both essays. It will be interesting to hear how the Berkman folks respond. Some of these international broadband comparisons are really fishy. [Here’s a podcast we did on that issue two years ago.]
One quick point… Like Bret, I also found it shocking that–even though the report reads like an ode to forced access regulation–the Berkman folks didn’t spend much time discussing the result of America’s previous open-access regime. “The gaping, jaw-dropping irony of the report,” Bret argues, “was its failure even to mention the chief outcome of America’s previous open-access regime: the telecom/tech crash of 2000-02. We tried this before. And it didn’t work!” Indeed, America’s regulatory experiment with forced access regulation involved a lot of well intentioned laws and regulation, and too many acronyms to count–CLECs, TELRIC, UNE-P, etc– but it did not result in serious, facilities-based competition. Instead it offered us the fiction of competition through network-sharing, or what Peter Huber once referred to as building “networks out of paper.” The results were disastrous for investment during that period since regulatory uncertainly led to a lot of stunted innovation.
In sum, sharing is not competing. You can socialize and commoditize old pipes for awhile and get decent results in the short-term, but you’ll sacrifice long-run investment and innovation if you do. [For more background, see my recent essay on “The Fiction of Forced Access ‘Competition’ Revisited” and this old Cato piece on “UNE-P and the Future of Telecom “Competition” as well as Jeff Eisenach’s PFF white paper, “Broadband Policy: Does the U.S. Have It Right After All?”]
by Adam Thierer & Berin Szoka — (Ver. 1.0 — Summer 2009)
We are attempting to articulate the core principles of cyber-libertarianism to provide the public and policymakers with a better understanding of this alternative vision for ordering the affairs of cyberspace. We invite comments and suggestions regarding how we should refine and build-out this outline. We hope this outline serves as the foundation of a book we eventually want to pen defending what we regard as “Real Internet Freedom.” [Note: Here’s a printer-friendly version, which we also have embedded down below as a Scribd document.]
I. What is Cyber-Libertarianism?
Cyber-libertarianism refers to the belief that individuals—acting in whatever capacity they choose (as citizens, consumers, companies, or collectives)—should be at liberty to pursue their own tastes and interests online.
Generally speaking, the cyber-libertarian’s motto is “Live & Let Live” and “Hands Off the Internet!” The cyber-libertarian aims to minimize the scope of state coercion in solving social and economic problems and looks instead to voluntary solutions and mutual consent-based arrangements.
Cyber-libertarians believe true “Internet freedom” is freedom
from state action; not freedom for the State to reorder our affairs to supposedly make certain people or groups better off or to improve some amorphous “public interest”—an all-to convenient facade behind which unaccountable elites can impose their will on the rest of us.
Continue reading →
What Unites Advocates of Speech Controls & Privacy Regulation? [pdf]
by Adam Thierer & Berin Szoka
The Progress & Freedom Foundation,
Progress on Point No. 16.19
Anyone who has spent time following debates about speech and privacy regulation comes to recognize the striking parallels between these two policy arenas. In this paper we will highlight the common rhetoric, proposals, and tactics that unite these regulatory movements. Moreover, we will argue that, at root, what often animates calls for regulation of both speech and privacy are two remarkably elitist beliefs:
- People are too ignorant (or simply too busy) to be trusted to make wise decisions for themselves (or their children); and/or,
- All or most people share essentially the same values or concerns and, therefore, “community standards” should trump household (or individual) standards.
While our use of the term “elitism” may unduly offend some understandably sensitive to populist demagoguery, our aim here is not to launch a broadside against elitism as
Time magazine culture critic William H. Henry once defined it: “The willingness to assert unyieldingly that one idea, contribution or attainment is better than another.”[1] Rather, our aim here is to critique that elitism which rises to the level of political condescension and legal sanction. We attack not so much the beliefs of some leaders, activists, or intellectuals that they have a better idea of what it in the public’s best interest than the public itself does, but rather the imposition of those beliefs through coercive, top-down mandates.
That sort of elitism—elitism enforced by law—is often the objective of speech and privacy regulatory advocates. Our goal is to identify the common themes that unite these regulatory movements, explain why such political elitism is unwarranted, and make it clear how it threatens individual liberty as well as the future of free and open Internet. As an alternative to this elitist vision, we advocate an empowerment agenda: fostering an environment in which users have the tools and information they need to make decisions for themselves and their families. Continue reading →
In an earlier post, I mentioned an important new online child safety task force report that has just been released from the “Point Smart. Click Safe.” Blue Ribbon Working Group. It’s a great report and I encourage you to read the whole thing. It was my great pleasure to serve on this task force, and as we started finalizing our conclusions and recommendations, I started thinking about how much of what we were finding and recommending was consistent with what past online safety task forces had also concluded.
By way of background, over the past decade, five major online safety task forces or blue ribbon commissions have been convened to study online safety issues. Two of these task forces were convened in the United States and issued reports in 2000 (“COPA Commission”) and 2002 (“Thornburgh Commission“). Another was commissioned by the British government in 2007 and issued in a major report in March 2008 (“Byron Review“). Finally, two additional online safety task forces were formed in the U.S. in 2008 and concluded their work, respectively, in January (“Internet Safety Technical Task Force“) and July (“Point Smart. Click Safe.“) of 2009. [And yet another task force — the Online Safety Technology Working Group — was recently formed and has now gotten underway.]
In a new PFF white paper, ”
Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer,” I walk through a chronological summary of each of these past task forces [click on covers of each report below to read them in their entirety] and highlight some of the similar themes and recommendations from them.
Continue reading →
In episode #44 of “Tech Policy Weekly,” Berin Szoka and Adam Thierer engage in a debate with Internet security expert Chris Soghoian, who is a student fellow at the Berkman Center for Internet & Society at Harvard University. He is also a Ph.D. candidate at Indiana University’s School of Informatics.
Chris is an up-and-coming star in the field of cyberlaw and technology policy as he has quickly made a name for himself in debates over privacy policy, data security, and government surveillance. He straddles the line between academic and activist, and the role he often plays in many tech policy debates is somewhat akin to what Ralph Nader has done in many other fields through the years. Except, in this case, instead of “Unsafe at Any Speed” it’s more like “Unsafe at Any Setting,” since Chris is often raising a stink about what he regards as unjust or unreasonable privacy or security settings that various online websites or service providers use.
On the show, Chris talks about two of his recent crusades to get certain online providers to change their default settings to improve user security or privacy: (1) His effort this week to get major email providers—and Google in particular—to change their default security settings on their email offerings; and (2) his earlier crusade to create permanent opt-out cookies to stop behavioral advertising by advertising networks.
There are several ways to listen to today’s TLF Podcast. You can press play on the player below to listen right now, or download the MP3 file. You can also subscribe to the podcast by clicking on the button for your preferred service. (And do us a favor, Digg this podcast!)
[display_podcast]
Continue reading →
Today, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) announced the members of the new Online Safety and Technology Working Group (OSTWG). I am honored to be among those chosen to participate in this new task force and I look forward to continuing the work started last year with the Harvard Berkman Center’s Internet Safety Technical Task Force (ISTTF), which I also served on. I was very proud of the work done by the ISTTF and the impressive final report that Prof. John Palfrey crafted to reflect our findings. I am eager to investigate these issues further and take a look at the latest research and technologies that can help us better understand how to protect our kids online while also protecting the free speech and privacy rights of Netizens.
The new NTIA working group, which was established under the “Protecting Children in the 21st Century Act,” will report to the Assistant Secretary of Commerce for Communications and Information on industry-implemented online child safety tools and efforts. Within a year of convening its first meeting, the group will submit a report of its findings and make recommendations on how to increase online safety measures.
Below the fold I have listed the complete roster of OSTWG task force members. I very much looking forward to working with this outstanding group. And I’m happy to report that my TLF blogging colleague Braden Cox will be joining me on this task force!
Continue reading →
Ronald J. Deibert is the director of The Citizen Lab at the University of Toronto’s Munk School of Global Affairs and the author of an important new book, Black Code: Inside the Battle for Cyberspace, an in-depth look at the growing insecurity of the Internet. Specifically, Deibert’s book is a meticulous examination of the “malicious threats that are growing from the inside out” and which “threaten to destroy the fragile ecosystem we have come to take for granted.” (p. 14) It is also a remarkably timely book in light of the recent revelations about NSA surveillance and how it is being facilitated with the assistance of various tech and telecom giants.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.