Friday, 11 December 2015
Thursday, 10 December 2015
"Funke, Schularick, and Trebesch recently did some work asking whether the rise of right-wing extremism in the 1930s was paralleled in other times, and found that the answer is yes: “politics takes a hard right turn following financial crises.”
Interestingly, this isn’t true for all kinds of crises. Financial crises, they suggest, are different, in part because
financial crises may be perceived as endogenous, ‘inexcusable’ problems resulting from policy failures, moral hazard and favouritism.
I would put it a bit differently: financial crises call into question whether respectable people know what they’re doing, in a way that other kinds of economic shocks often don’t.
The point for Europe is that the doctrinaire policies followed since 2010, and the unwillingness to rethink dogma in the light of experience, aren’t just economically destructive. They undermine the legitimacy of the whole European system, and may in the end lead to political catastrophe." 'via Blog this'
Thursday, 19 November 2015
"And part of establishing deterrence will be making sure that whoever attacks us knows we are able to hit back.
We need to destroy the idea that there is impunity in cyberspace.
We need those who would harm us to know that we will defend ourselves robustly. And that we have the means to do so.
This is the fifth element of the plan.
Thanks to the investment that we have made during the last Parliament, just as our adversaries can use a range of actions against us, from the virtual to the physical, so we are making sure that we can employ a full spectrum of actions in response.
We reserve the right to respond to a cyber attack in any way that we choose.
And we are ensuring that we have at our disposal the tools and capabilities we need to respond as we need to protect this nation, in cyberspace just as in the physical realm.
We are building our own offensive cyber capability – a dedicated ability to counter-attack in cyberspace.
We have built this capability through investing in a National Offensive Cyber Programme.
The Programme is a partnership between the Ministry of Defence and GCHQ, harnessing the skills and talents of both organisations to deliver the tools, techniques and tradecraft required for the UK to establish a world class capability." 'via Blog this'
Monday, 16 November 2015
GABRIELLE GUILLEMIN: I would be curious to hear from Chris Marsden who is Professor at Sussex University of what he thinks of the debate in United Kingdom when the investigative powers bill was published recently.
Much greater minds have contributed to my contribution this morning. I spoke to Jon Crowcroft who is a professor at Cambridge, and many other academics who are deeply involved in trying to explain to Parliamentarians about what is involved. Two people you should read. First and I almost take this draft bill as kind of the final insult, kind of postmortem insult, to Casper Bowden who has been one of the heroes of this debate. He died in July of this year. He wrote about the compatibility of mass surveillance with the European Convention on the Human Rights and he has been advising the European Parliament on this for 15 years. The second is my coauthor on our book where we talk about default encryption. His name is Ian Brown and he is a professor at Oxford. And if you have read anything by Ian and Casper, you will be much more educated than with what advice I have given today."
Friday, 11 September 2015
For the first story, the British obtained the ciphertext of the telegram from the Mexican commercial telegraph office. The British knew that the German Embassy in Washington would relay the message by commercial telegraph, so the Mexican telegraph office would have the ciphertext. "Mr. H", a British agent in Mexico, bribed an employee of the commercial telegraph company for a copy of the message. (Sir Thomas Hohler, then British ambassador in Mexico, claimed to have been "Mr. H", or at least involved with the interception, in his autobiography.) This ciphertext could be shown to the Americans without embarrassment. Moreover, the retransmission was enciphered using cipher 13040, so by mid-February the British not only had the complete text, but also the ability to release the telegram without revealing the extent to which the latest German codes had been broken—at worst, the Germans might have realized that the 13040 code had been compromised, but weighed against the possibility of United States entry into the war that was a risk worth taking.
Finally, since copies of the 13040 ciphertext would also have been deposited in the records of the American commercial telegraph, the British had the ability to prove the authenticity of the message to the United States government.
As a cover story, the British could publicly claim that their agents had stolen the telegram's deciphered text in Mexico. Privately, the British needed to give the Americans the 13040 cipher so that the United States government could verify the authenticity of the message independently with their own commercial telegraphic records, however the Americans agreed to back the official cover story. The German Foreign Office refused to consider a possible code break, and instead sent von Eckardt on a witch-hunt for a traitor in the embassy in Mexico." 'via Blog this'
Friday, 10 July 2015
Obituary: Caspar Bowden, a fearless privacy pioneer
The world’s privacy advocates are reeling over the loss of one of their most influential and feared campaigners, Caspar Bowden, who has died of cancer. His fierce and combative evangelism for online privacy over two decades and surgical analysis of complex surveillance legislation raised the standard of commentary that influenced advocacy groups at home and abroad.
I had the honour and the pleasure of becoming a close friend and co-conspirator of Caspar. It wasn’t always easy – he held high expectations of his colleagues, who could often experience his wrath whenever they dared to negotiate with “the bastards” (whoever they happened to be at the time). The archaic American expression “ornery” could well have been invented for Caspar Bowden, as his opponents well knew.
In conferences and meetings where officials and ministers appeared there was frequently what became known as the “popcorn moment”, when Caspar would stand up and, from the back of the hall, clear his throat and launch into a devastating critique that would utterly destroy the credibility of his opponents. Within two years, ministerial staffers were routinely calling me to find out whether Caspar would be in the audience. No better tribute could ever be awarded to any campaigner.
Caspar joined the mainstream privacy world in 1997 during the Scrambling for Safety encryption event that I organised at the London School of Economics, and soon after he co-founded the Foundation for Information Policy Research (FIPR), which became the most astute think-tank in Britain in the field of surveillance.
At the time Caspar chaired Scientists for Labour, an organisation which at the time believed that the Labour Party (which had been elected to government only 18 days earlier) would actually respect scientific advice. The reams of dangerous and intrusive legislation the Labour government subsequently passed caused him to ditch this fantasy. In the years since Caspar appeared to abandon all faith in parties, taking pride in comparisons with TV character Mr MacKay in the comedy series Porridge, who famously said: “I have a job to do and, whatever else I am, I’m firm but fair. I want you to know that I treat you all with equal contempt”.
In 2002 Caspar joined Microsoft’s operation in Europe as chief privacy strategist, but the arrangement was a bad fit. Caspar continued to be outspoken, eventually parting company with Microsoft after he criticised the lack of privacy measures in its software and the firm’s cosiness with US government spooks. Years before Snowden’s revelations about US and UK mass surveillance in 2013, Bowden had already become deeply worried about the relationship between companies and security agencies – with his arguments about the safety of cloud data proven true by the subsequent leaks.
Gus Hosein, executive director of Privacy International and an an old friend and colleague said:
I’m not new to this issue, but whenever I struggle to get my head around the implications of a new policy or technology, I always looked to Caspar. I sought his guidance to navigate it, but I feared what he would say if I came out with something stupid. The future is uncertain enough, but without him it is even more daunting.
Caspar was very accurately described by another close friend and colleague Ian Brown, professor of Information Security and Privacy at Oxford University:
Caspar was a truly unique individual, one of the most passionate, methodical, relentless advocates of any cause I have met. I learnt so much from him as we worked together on and off for nearly 20 years on privacy issues. His forensic analysis of UK surveillance laws, and later European and US legislation, was essential reading for anyone who wanted to understand the implications of some extremely obscure language – including legislators themselves.
Brown believes UK internet users are still benefiting from Caspar’s successful campaign to remove “Big Browser” surveillance powers from the Regulation of Investigatory Powers Act 2000, and to ensure the burden of proof was not put onto individuals who might have actually forgotten passwords later demanded by police. His important reports for the European Parliament will also be key in the long-term decisions made by the EU to protect the privacy of its 500m citizens.
Anyone who knew Caspar understood that he was dogged in his later years by a deep cynicism about progress in privacy. Deeply mistrustful of governments, corporations and even the law, he eschewed mobile phones and came to place his faith almost solely on mathematical solutions, for example by heavily promoting the concept of differential privacy, which attempts to prevent a loss of privacy in situations where details can be inferred from other data.
Perhaps Caspar’s greatest legacy is that, in an age of increasing compromise, he showed us the importance of dogged, non-negotiable persistence. As George Bernard Shaw observed, all progress depends on the unreasonable man. In that respect, Caspar was a beacon of progress.
Thursday, 18 June 2015
These commercial pressures, have changed in the past few years, as large internet companies start relying heavily on serving end-users (search, webmail, social networking). Sadly, these companies have adopted both a business model — ad-based monetization — and a technical architecture — cloud computing — that makes meaningful privacy protection very difficult. In turn the “success” of those architectures has lead to an extreme ease of developing using this model, and an increasing difficulty in providing end-user solutions with appropriate privacy protections — let alone usable ones.
The rise of services has pushed a number of key privacy technologies into not being commercially supported and a key feature, and in effect at best a “common” — with the governance and funding problems this entails. We have recently learned about the systemic under funding of key privacy technologies such as OpenSSL and GPG. Technologies like Tor are mostly funded for their national firewall traversal features, seeing development on anonymity features suffer.
Unlike other commons (health, parks, quality assurance in medicines), the state has not stepped in to either help with governance or with funding — all the opposite. For example, standardization efforts have systematically promoted “surveillance by design” instead of best of breed privacy protection; funding for surveillance technology is enormous compared to funding for privacy technologies, and somehow ironically, a number of calls for funding of privacy technologies are in the context of making surveillance more “privacy friendly” — leading to largely non-nonsensical outcomes." 'via Blog this'
Sunday, 26 April 2015
The documents warn that a lack of action could lead to a "point of no return", where economies are irreversibly tied to a handful of large companies. Examples include the likes of Amazon, Etsy, Trip Advisor, Facebook, and Google.
They are mentioned as having undue power over their sectors of the market and can exclude any company or products they feel like, without evidence, by claiming they breach terms and conditions.
Apparently this could potentially put the whole European economy at risk due to market exploitation.
To tackle this the documents propose that a new "supervision framework" should be put together and do things like ban unfair business practices and prevent internet companies from using their platforms to provide preferential treatment to their own services." 'via Blog this'
Tuesday, 14 April 2015
One such player is the Applied Research Laboratory of Pennsylvania State University. As a Pentagon-designated university-affiliated research center, Penn State's ARL "maintains a special long-term strategic relationship with DoD," the lab brags in an online presentation. That relationship accounts for nearly half the university's research budget—and it includes work on Annapolis's RADIANT GEMSTONE, the only public mention of this highly secretive program:
How excited is the Navy about this new mission? Imagine being the only kid on the block with a shiny new red wagon. The service's admiral in charge of cryptology says the Navy is anxiously crafting "an ordered, sustainable maritime means of realizing military power in cyberspace."
Still: What does that mean? When you can spy on anyone, anywhere, anytime—not just heads of state, but anyone on a cell or a WiFi connection—what do you actually do? More to the point: Who was the Annapolis spying on last year?
We know roughly where it traveled through the "European and Central Command areas of responsibility"—near Iran, Israel, perhaps even Yemen.
We know that its crew briefed those NSA and CIA officials. We know that Parks, his mission accomplished, recently stepped aside and handed command of Annapolis to a "tactical analysis" expert from Submarine Development Squadron 12." 'via Blog this'
Rogers's proposal is no less stupid than the proposal made by UK Prime Minister David Cameron, but it's even scarier in that Rogers runs a highly technical criminal organization with state backing and a history of attacking the security of American computing infrastructure by deliberately introducing vulnerabilities into computers used by American citizens, businesses, and government.
There's no way to stop Americans -- particularly those engaged in criminal activity and at risk from law enforcement -- from running crypto without locking all computers, Ipad-style, so that they only run software from a government-approved "app-store."
The world teems with high quality, free, open crypto tools. Simply banning their integration into US products will do precisely nothing to stop criminals from getting their code from outside non-US vendors or projects. Only by attacking the fundamental nature of computing itself can the NSA hope to limit its adversaries' use of crypto.
I predicted this in 2012, and I'm sad to see it coming true.
The risk of this happening is why I've gone back to EFF to kill DRM in all its forms." 'via Blog this'
Sunday, 12 April 2015
"“Many people still don’t realize that sites that appear to be free are actually paid for by the information you provide through your searches and behavior online,” Vestager said.
While the EU has been investigating allegations that Google Inc. abuses its role as the biggest search engine, it avoided looking at control of personal data in a 2008 merger review of Google’s bid for online advertising platform DoubleClick. EU regulators didn't identify data-usage concerns in last year’s review of Facebook Inc.’s takeover of messaging service WhatsApp." 'via Blog this'
Thursday, 2 April 2015
Political economy is a venerable discipline. While it has, of late, been dominated by “positive political economists” focused on the pathologies of governance, there is a venerable tradition of political economists studying the “ideal role of the state in the economic and social organization of a country” (as Piketty puts it). Lawyers are particularly well-suited to the task of studying political economy, because we are the ones drafting, interpreting, and applying the rules governing the interface between state actors and firms.
Integrating the long-divided fields of politics and economics, a renewal of modern political economy could unravel “wicked problems” neither states nor markets alone can address.
But it’s actually more urgent than that, because the very terms “state” and “market” seem antiquated. For example, Medicare may be publicly funded, but it’s ultimately run by a panoply of private contractors. Banks may make tremendous profits from financial “markets,” but the main reason they have deposits and counterparties to deal with is governmental guarantees that take the sting out of credit risk—and, in turn, reward many of those administering such guarantees with lucrative jobs once they leave government.
So a purely economic approach to “markets” here, or a purely political approach to “states,” misses the critical interaction between the two. A political economic approach is vital—and that’s what has made social theory ranging from Smith and Mill, to Tocqueville and Durkheim, to Weber and Habermas, of such enduring interest. In law, we still read Robert Lee Hale and the legal realists for exactly the same reason. My concluding chapter tries to revive this political economic perspective, suggesting reforms beyond the purely legal concerns of the penultimate chapter." 'via Blog this'
Tuesday, 24 March 2015
Ian Brown & Christopher T. Marsden: Regulating Code: Good governance and better regulation in the information Age. - Free Online Library
Friday, 6 February 2015
Article 8 is the right to privacy, article 10 the right to freedom of expression.
The agency is now compliant, the tribunal said." 'via Blog this'
Article 8 is the right to privacy, article 10 the right to freedom of expression.
The agency is now compliant, the tribunal said." 'via Blog this'
Tuesday, 3 February 2015
Whilst conducting its own investigation, the ICO has worked with other European Data Protection Authorities, as part of the Article 29 working party." 'via Blog this'
This would be achieved after TTIP was ratified, through the creation of a new body called the Regulatory Council, which would play a key role in how future regulations were made. Effectively, it would provide early access to all new regulations proposed by the US and EU, allowing corporations to voice their objections to any measures that they felt would impede transatlantic trade.
This regulatory ratchet would push standards downwards and reduce costs for business, but only gradually, and after TTIP had come into force -- at which point, nothing could be done about it.
Since then, things have been quiet on the regulatory front, not least because corporate sovereignty in the form of investor-state dispute settlement emerged as the most contentious issue -- in Europe, at least -- which has rather eclipsed earlier concerns about this supranational regulatory body.
But now, in a single week, we have had two important leaks in this area, both confirming those initial ideas sketched out in 2013 are still very much how TAFTA/TTIP aims to bring about the desired regulatory harmonization.
Corporate Europe Observatory obtained a very recent draft copy of the EU's proposals for the chapter covering regulatory co-operation (pdf), which describes a new transatlantic organization, now called the Regulatory Cooperation Body." 'via Blog this'