Last month the Pirate Party Australia, along with hundreds of other organisations and individuals, made a submission to the Joint Parliamentary Committee’s Inquiry into potential reforms of National Security Legislation. I co-authored the Pirate Party Australia submission and wrote around half of it.
When the submissions were published there was one in particular which caught my attention. That being this submission by Andrew Brunatti and Neveen Abdalla of Brunel University in London. Mr. Brunatti is a doctoral candidate at the Brunel Centre for Intelligence and Security Srudies, while Mr. Abdalla is a masters candidate.
The Brunel submission was interesting because, in addition to offering support to the proposals in the Inquiry’s discussion paper, they proposed Australia introduce a system they termed a National Digital Identity Regime (NDIR). Essentially this amounted to a national ID program for all online activity by everyone in Australia and possibly elsewhere, by assigning a number or code to every Internet user.
Their proposal was based on a number of assumptions regarding the situation in Australia, incorrect information regarding existing regulations and falsified or obscured data. My concern with their proposal stemmed from the possibility of the government or law enforcement in Australia attempting to adopt their proposal, in spite of the significant flaws in both the NDIR proposal and the research backing it.
I decided to email Mr. Brunatti and copied the email to his PhD supervisors at Brunel with my concerns and criticism. Mr. Brunatti’s response was brief and answered none of my questions, concerns or criticisms. Nor did he defend himself or his co-author (I was unable to find an email address for Mr. Abdalla). As a consequence, I am standing by and stating publicly in regards to Mr. Brunatti, Mr. Abdalla and the Brunel Centre for Intelligence and Security the following criticism:
The lack of proper research and selective presentation of just those facts which support the implementation of your National Digital Identity Regime is, at best, both incompetent and disingenuous. Your evidence, such as it is, appears to utilise deliberate fallacies and obfuscation of opposing data; in order to promote an authoritarian scheme designed to eviscerate basic civil liberties.
Below I am including copies of the full correspondence with Mr. Brunatti, including links to the original email files. My emails are digitally signed with my GPG key using PGP/MIME for additional verification. Mr. Brunatti’s sole email is base64 encoded and needs to be viewed in an email client to be read.
My emails include thorough details of my criticisms and specific flaws in the Brunel submission. This includes, but is not limited to: the assumption that so-called “burner phones” are available in Australia as they are in the United States or United Kingdom (prepaid SIMs in Australia must be linked to a driver’s license or Medicare number); their addressing privacy risks with not implementing their NDIR, but do not address the privacy risks with doing so; completely ignoring previous failed attempt to implement national identity schemes in Australia (e.g. the Australia Card and the Access Card); their failure to address issues of identity theft using the NDIR and numerous unanswered questions regarding their motives for making their submission.
My initial email (original email here):
From: Ben McGinnes
Subject: Brunel submission to Australia’s National Security Inquiry
Date: Date: Sat, 25 Aug 2012 19:24:07 +1000
To: Andrew Brunatti
CC: Philip Davies, Kristian Gustafson (Staff)Hello,
I’ve been reading your submission to Australia’s Joint
Parliamentary Committee on Intelligence and Security’s Inquiry into
potential reforms of National Security Legislation. I should state
that I would have also sent this to your co-author, Neveen Abdalla,
but I have been unable to find an email address for him.Your submission is interesting and I have a few issues with it that I
wanted to raise. I will start with the factual errors and ommissions,
and then move on to other matters.1) On page 6 you cite Operation PENDENNIS as a “significant terrorist
plot” in spite of the fact that the Benbrika cell was almost
completely useless, had not selected a target beyond some initial
ideas and had no means by which to carry out an attack. There was a
significant amount of law enforcement resources deployed in catching
and charging them, though.2) On page 6 you refer to people being able to “pay cash for a
no-check ‘pay-as-you-go’ mobile phone” which are commonly referred to
as burner phones. These exist in the United States and may exist in
the UK, but do not exist in Australia. To activate a pre-paid SIM in
Australia requires a valid Medicare number or driver’s license number.3) On page 10 you cite risks to citizens’ privacy as a result of not
implementing a National Digital Identity Regime, but you fail to
mention any of the risks caused by such a scheme (see points 4 to 8).4) On pages 10 to 14 you describe your proposed National Digital
Identity system, drawing parallels to existing systems (e.g. Medicare
numbers and Tax File Numbers) by assigning a number to every person in
Australia. You ignore the fact that both the Medicare and Tax systems
are limited to a very limited subset of individual interaction with
government departments and some businesses, whereas this would apply
to everything done online. You also completely fail to mention
previous similar proposals, such as the Australia Card proposed in
1985 and the Access Card proposed in 2007. Both the Australia Card
and the Access Card were rejected by Australians.5) You have failed to address any issues pertaining to the value of
anonymity and/or pseudonymity in a democratic society. Both anonymity
and pseudonymity, while possessing some potential for abuse, also
provide essential safeguards to privacy and the democratic process by
enabling whistleblowing or protecting the identity who may be afraid
to comment publicly under their so-called “real” identity (e.g. rape
victims, domestic violence victims, stalking victims, etc.) as the
result of a geuine fear of some form of reprisal. Nor does it address
the fact that there is currently no requirement in Australia for
people to always identify themselves by the name that appears on their
birth certificate, citizenship papers or passport.6) Your National Digital Identity Regime requires mandatory
identification of all individuals to law enforcement, which is not
something that is currently required.7) Your National Digital Identity Regime appears designed to be
utilised with all online services and communication, yet it contains
no detail as to how the system would be designed to prevent identity
theft if just one such online service were compromised by criminals.8) Your National Digital Identity Regime does not address the problems
stemming from other unlawful or unauthorised access to it. In
particular abuse of power by law enforcement personnel, including
corrupt members of law enforcement. Nor have you addressed the risk
to lives by corrupt personnel accessing National Digital Identity
systems (ref. the murder of Terence and Christine Hodson following the
leaking of their Victoria Police LEAP records to criminals during
Melbourne’s gangland war).The lack of proper research and selective presentation of just those
facts which support the implementation of your National Digital
Identity Regime is, at best, both incompetent and disingenuous. Your
evidence, such as it is, appears to utilise deliberate fallacies and
obfuscation of opposing data; in order to promote an authoritarian
scheme designed to eviscerate basic civil liberties.You appear to be trading off the reputation of Brunel University in an
attempt to foist a scheme which would reduce the privacy of a everyone
in a society in which you do not live and would not be directly
affected by the adverse repercussions of.Your submission and proposed National Digital Identity Regime raises
more questions than it appears to answer:* Why did Brunel University decide to make a submission to a national
security inquiry when no one involved in the submission is
Australian or lives in Australia?* Is the National Digital Identity Regime being recommended to
Australia because Australia lacks the treaty obligations that
European Union member states have protecting human rights (e.g. the
European Convention on Human Rights)?* Do you hope that a National Digital Identity Regime being applied in
Australia would serve as a basis to implement a similar system in
other countries, such as the UK and EU member states?* Would you actually want to live in a country with a mandatory
National Digital Identity Regime or are you only interested
inflicting this on others?* How do you respond to criticisms of your submission as being a
paternalistic attitude towards a former colony?The National Digital Identity Regime would facilitate a significant
level of surveillance of everyone in Australia, especially in
conjunction with the decryption on demand (C15a) and data retention
(C15c) proposals of the original inquiry discussion paper. This
proposal would be a severe blow to human and civil rights in
Australia, which are already lacking the kind of constitutional and
legislative safeguards available to many other countries around the
world and all other western liberal democracies.As you’ve probably guessed by now, not only do I oppose a large number
of the proposals in the discussion paper (see below for more detail),
I also oppose your National Digital Identity Regime. I find it
particularly offensive that you seek to advance this scheme in a
country where you won’t have to deal with the consequences yourself.
We’re not exported convicts anymore, you can’t simply use Australia as
a laboratory for testing your authoritarian theories.Note: I co-authored the Pirate Party Australia submission to the
PJCIS inquiry (submission no. 134) and wrote a submission for the
Access Card Inquiry in 2007 (submission no. 16).Those submissions are available here:
http://www.aph.gov.au/binaries/senate/committee/fapa_ctte/completed_inquiries/2004-07/access_card/submissions/sub16.pdf
http://www.aph.gov.au/Parliamentary_Business/Committees/House_of_Representatives_Committees?url=pjcis/nsl2012/subs/sub134.pdf
Regards,
Ben–
Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes
Systems Administrator, Writer, Trainer, ICT Consultant
Encrypted email preferred – primary OpenPGP/GPG key: 0x73590E5Dhttp://pgp.mit.edu:11371/pks/lookup?op=get&search=0x321E4E2373590E5D
OpenPGP/GPG key transition: http://www.adversary.org/keyswitch.txt.asc
You might think that an email like that would produce a somewhat concerned response in a serious academic, but all I received was this (original email here):
From: Andrew Brunatti
Subject: RE: Brunel submission to Australia’s National Security Inquiry
Date: Sun, 26 Aug 2012 19:37:00 +0100
To: Ben McGinnes
CC: Philip Davies, Kristian Gustafson (Staff)Dear Mr. McGinnes,
Thanks very much for your email commenting on our submission to the PJCIS. You raise some points that my co-author and I find very valuable and we look forward to integrating your critiques into any future work.
I’ve read your own submission with interest and have found it most engaging. I’m glad to see other informed and engaged voices weighing in on the lawful access debate, which I think we would both agree is one of fundamental importance.
I look forward, as I’m sure you do, to the Committee’s deliberations and final report, and hope that a balance can be struck which addresses both privacy and security concerns.
Best regards,
Andrew
_______________
Andrew Brunatti
PhD Candidate (Politics & History)
Brunel Centre for Intelligence and Security Studies (BCISS)
Brunel University, Uxbridge
UB8 3PH, UKAcademic Email: [email protected]
“Most ambassadors do not worry that the wrong people will read their cables, but that the right people won’t.” (Peter W Galbraith)
Thus far, that is the entirety of the correspondence I have received from Andrew Brunatti or anyone else at Brunel University.
I didn’t really feel that that was a sufficient response, so I replied (original email here):
From: Ben McGinnes
Subject: Re: Brunel submission to Australia’s National Security Inquiry
Date: Mon, 27 Aug 2012 20:27:23 +1000
To: Andrew Brunatti
CC: Philip Davies, Kristian Gustafson (Staff)On 27/08/12 4:37 AM, Andrew Brunatti wrote:
> Dear Mr. McGinnes,
>
> Thanks very much for your email commenting on our submission to the
> PJCIS. You raise some points that my co-author and I find very
> valuable and we look forward to integrating your critiques into any
> future work.That’s good, but you have failed to answer any of my questions or
address any of the inaccuracies in your own submission.In addition to the flaws in your submission and proposed National
Digital Identity Regime, I am still waiting for a response to this
criticism:“The lack of proper research and selective presentation of just
those facts which support the implementation of your National
Digital Identity Regime is, at best, both incompetent and
disingenuous. Your evidence, such as it is, appears to utilise
deliberate fallacies and obfuscation of opposing data; in order to
promote an authoritarian scheme designed to eviscerate basic civil
liberties.”I am also waiting for answers to these questions:
* Why did Brunel University decide to make a submission to a national
security inquiry when no one involved in the submission is
Australian or lives in Australia?* Is the National Digital Identity Regime being recommended to
Australia because Australia lacks the treaty obligations that
European Union member states have protecting human rights (e.g. the
European Convention on Human Rights)?* Do you hope that a National Digital Identity Regime being applied in
Australia would serve as a basis to implement a similar system in
other countries, such as the UK and EU member states?* Would you actually want to live in a country with a mandatory
National Digital Identity Regime or are you only interested
inflicting this on others?* How do you respond to criticisms of your submission as being a
paternalistic attitude towards a former colony?To which I wish to add the following question:
* Is the National Digital Identity Regime proposal and your submission
part of an effort drum up business for the BCISS Consultancy
service?> I’ve read your own submission with interest and have found it most
> engaging. I’m glad to see other informed and engaged voices
> weighing in on the lawful access debate, which I think we would both
> agree is one of fundamental importance.It’s certainly important, but you and I clearly hold opposing points
of view regarding appropriate use of such power.> I look forward, as I’m sure you do, to the Committee’s deliberations
> and final report, and hope that a balance can be struck which
> addresses both privacy and security concerns.I’m certainly interested in the outcome of the report, but seeing the
shift in my country over the last decade or so I hold grave doubts
regarding what balance there will be. Especially with the lack of
constitutionally or legislatively protected rights in Australia.You should be able to understand that, all you have to do is imagine
what would happen to your life if your government directed the powers
available to it under RIPA at you. There’s a reason I cited it along
with the USA PATRIOT Act in the PPAU submission.Regards,
Ben–
Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes
Systems Administrator, Writer, Trainer, ICT Consultant
Encrypted email preferred – primary OpenPGP/GPG key: 0x73590E5Dhttp://pgp.mit.edu:11371/pks/lookup?op=get&search=0x321E4E2373590E5D
OpenPGP/GPG key transition: http://www.adversary.org/keyswitch.txt.asc
More than three weeks after sending that email, which was ample time to at least deny my accusations regarding Mr. Brunatti’s and Mr. Abdalla’s academic credibility, I still didn’t see any kind of response or defense. This prompted me to send another email stating my intention to publish and giving them some additional time to reply. They have elected not to do defend themselves or respond.
My fair warning email (original email here):
From: Ben McGinnes
Subject: Re: Brunel submission to Australia’s National Security Inquiry
Date: Sun, 23 Sep 2012 06:42:13 +1000
To: Andrew Brunatti
CC: Philip Davies, Kristian Gustafson (Staff)Hello,
It’s been a while since I sent this and, to my surprise, you
have thus far chosen not to respond to my criticism or questions.
Indeed, you have mounted no defence regarding my accusations
falsifying data to support your proposal, deliberate obfuscation of
data and generally poor academic practices.Given what you have proposed for adoption in my country, I believe it
is appropriate to publicise your failure to address these valid
criticisms.This email is fair warning that I intend to publish this
correspondence no earlier than Wednesday the 26th of September (AEST).
With the time difference that gives you two business days to discuss
this with any relevant Brunel staff (not to mention the three and a
half weeks prior to this email.Any response addressing my concerns or queries received before that
time will be published. If a response is provided which leads to a
reasonable discussion I may postpone publication.By the way, all of my email has been digitally signed with my GPG key,
which makes it possible to externally verify the messages I sent to
confirm that they were not modified or doctored prior to publication.
I also run my own mail server and can extract the logs showing
successful delivery to your server, as well as the connection from
your server with your one brief response. So simply letting this
slide and later claiming the email is fake won’t work. You can
double-check with your maths or computer science colleagues how
difficult it is to successfully forge a 3072-bit RSA signature.Regards,
Ben[included forward of my email from 27/8/2012]
Everywhere we go, everywhere we turn we are being watched, tracked, surveilled. It’s impossible to walk to the shops without being caught on someone’s cameras. Everyone carries with them a portable tracking device with GPS and a microphone, we’ve been enticed into spying on ourselves for a shiny toy and apparent convenience.
There was a time when this wasn’t the case, when CCTV cameras were rare and not placed every few feet along a shopping strip. There was a time when a person could walk down the street without some nameless entity being able to press a button and see where they were with accuracy down to a few metres.
This is not George Orwell’s 1984, this is far more insidious and it’s getting worse every day. The business of surveillance is worth billions in the currency of your choice. The agenda of surveillance of everyone all the time is vigourously promoted by both corporate capitalists and the state.
The corporate world wishes to protect their monetary fiefdoms. One of the largest examples of which being the self-proclaimed intellectual property lobby. They have successfully managed to gain state support for the notion that a civil dispute, such as copyright infringement (e.g. downloading a digital copy of a song or video), is a crime. Thus enabling their subornment of the apparatus of law enforcement for their private financial benefit.
The state, on the other hand, has been in the business of watching the people, both its own and those of other states, for far longer. For the state the purpose is control and the maintaining of power of those running the state. They tell the people they want to control that it is to protect those people from the Bad People; terrorists, organised criminals and pædophiles. It’s always the same bogeymen and it plays on the politics of fear. The state tells people that there are lots of Bad People out there, but the state can protect them just as long as the people do what they’re told and live their lives the way the state dictates.
If you aren’t doing something wrong then you don’t have anything to fear.1
One of the most common, usually pro-state, arguments is that you have nothing to hide then there is nothing to fear from the prying eyes of state based surveillance. This argument is flawed in very fundamental ways, as has been repeatedly proven, both in writing and practice. Daniel Solove, professor of law at George Washington University, demonstrated this in both his book, Nothing to Hide: The False Tradeoff Between Privacy and Security, and his related article in The Chronicle of Higher Education.2
It doesn’t even take corrupt practices by those with the power to pry into the lives of regular people to demonstrate the flaws in the “nothing to hide” argument. Especially when this is extended to corporate surveillance. It is also very easy for those engaging in surveillance to blur the line between what they view as legitimate surveillance and what may not be or definitely is not in any way legitimate.
The revelations last year of the practices of News International staff in the pursuit of private information to sell newspapers is a prime example of the how easy it is for those with the ability to pry into the lives and business of others to go too far in the pursuit of their goals.
As long as we do what we’re told, we have nothing to fear.3
A more accurate argument is that if we obey then we have nothing to fear, but even then there is no guarantee that we will not be caught by the excesses of either corporate or state surveillance. It is, in fact, the fear of repercussions from not obeying the dictates of the state or corporate entities which ensures obedience.
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.4
Franklin’s maxim is as true now as it ever was, both in regular life and in the extension of it which we call the online world.
As you read this now the Australian government is well on the way towards slashing the online freedom of the populace under the guise of protecting that very same population. Last month the Cybercrime Legislation Amendment Bill 2011 passed in the Senate, receiving Royal Assent this month. The Bill widens the scope of other legislation, such as the Telecommunications Act 1997 and the Telecommunications (Interception and Access) Act 1979, to require data be retained on private activities prior to the obtaining of a warrant. Changes to the Mutual Assistance in Criminal Matters Act 1987 enable this to be done on behalf of foreign law enforcement and intelligence agencies, including in countries and investigations where the death penalty may apply. Other changes to these acts and the Criminal Code Act 1995 have been made in order to comply with the European Convention on Cybercrime.
It is worth mentioning that the other states which have signed and ratified the Convention on Cybercrime have either or both of legislative or constitutional guarantees of certain freedoms in order to protect their citizens. Constitutionally guaranteed rights, such as those in Germany and Sweden, or treaties with equal power to the Convention on Cybercrime such as the Convention on Human Rights. Australians, on the other hand, have no such protections. Australia does not have constitutionally protected rights like those afforded in the United States of America, with the exception of there being no provision of a state sanctioned religion. Australia has not signed the Convention on Human Rights. Australia has signed and ratified the International Covenant on Civil and Political Rights, but with enough exceptions to effectively neuter it. This places Australians in a very dangerous position where we must adhere not just to the dictates of our own government, but also those of foreign powers.
Two days prior to the passing of the Cybercrime Legislation Amendment Bill 2011 was the final date for submissions to the Joint Parliamentary Committee on Intelligence and Security’s Inquiry into potential reforms of National Security Legislation.5 The reforms proposed in the discussion paper for that inquiry are a push for a massive increase in unfettered power being placed in the hands of law enforcement and intelligence agencies. This includes, but is certainly not limited to, the ability to provide their members with immunity when committing crimes, the ability to demand the decryption of data regardless of relevance to an investigation or the rights of the data owner to defend themselves from prosecution and a massive data retention scheme aimed at the surveillance of everyone, everywhere, all the time.
All government, in its essence, is a conspiracy against the superior man: its one permanent object is to oppress him and cripple him. If it be aristocratic in organization, then it seeks to protect the man who is superior only in law against the man who is superior in fact; if it be democratic, then it seeks to protect the man who is inferior in every way against both. One of its primary functions is to regiment men by force, to make them as much alike as possible and as dependent upon one another as possible, to search out and combat originality among them. All it can see in an original idea is potential change, and hence an invasion of its prerogatives. The most dangerous man to any government is the man who is able to think things out for himself, without regard to the prevailing superstitions and taboos. Almost inevitably he comes to the conclusion that the government he lives under is dishonest, insane and intolerable, and so, if he is romantic, he tries to change it. And even if he is not romantic personally he is very apt to spread discontent among those who are.6
It is clear from the legislation and treaties being adopted within and between states around the globe that governments view the flow of information and ideas between people as a threat to to state control and order. Thus they seek to employ both legislative and technological measures to limit and monitor that flow of information.
Technology does, however, provide the means of resisting these attempts at control at total surveillance. There are a number of existing projects and protocols designed to protect the security and privacy of individuals, primarily through the use of encryption. The Tor Project enables Internet users to hide web and other traffic from scrutiny, Transport Layer Security (TLS) provides encrypted connections between networked computer systems, the GNU Privacy Guard (GPG) provides encrypted email and file encryption, Off-the-Record Messaging (OTR) provides encrypted instant messaging, the Secure Real-time Transport Protocol (SRTP) with ZRTP provides encrypted voice communication and Bitcoin provides secure and decentralised currency exchange in an anonymous or pseudonymous manner.
This technology has traditionally been the domain of those who understand the technology intimately, people often labelled as geeks or nerds. The reality of the world we live in now means that these often obscure programs are becoming a necessity for everyone. Most people use some of this technology already, connecting to a secure website like a bank being the most common example. The fact is that regardless of whether you are an activist, a journalist, a lawyer, a doctor or just an ordinary citizen who does not want to share every single activity you do and communication you have online with the surveillance state; using this technology is an integral part of the survival skills of the digital age.
So how do people who are not geeks or nerds or computer science students learn these essential skills? A very good question. There isn’t a TAFE or adult education course providing instruction in this technology and the usual answer was to go online and search for the programs, read about them and then start using them. That is still an option, but it is no longer the only option.
Following the passing of the Cybercrime Legislation Amendment Bill 2011, online activist Asher Wolf promoted the idea of the CryptoParty. A CryptoParty is a gathering of people wishing to learn about these privacy protecting technologies, bringing them together with people who know the technology and who are able to teach it.
If you believe it is time to learn how to protect yourself from the encroaching surveillance of either the state or corporate enterprise, then come to a CryptoParty to learn how to do so.
The first CryptoParties have already begun and Melbourne’s CryptoParty will be on Saturday the 22nd of September, from 5:00pm until late at the Electron Workshop in North Melbourne. Other CryptoParties are being organised on the cryptoparty.org website.
1. “Surveillance,” last modified September 13, 2012, https://en.wikipedia.org/wiki/Surveillance#Support.
2. Daniel J. Solove, “Why Privacy Matters Even if You Have ‘Nothing to Hide’,” The Chronicle of Higher Education, May 15, 2011, accessed September 16, 2012, https://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/.
3. “Surveillance,” last modified September 13, 2012, https://en.wikipedia.org/wiki/Surveillance#Opposition.
4. Benjamin Franklin and William Temple Franklin, Memoirs of the Life and Writings of Benjamin Franklin, (London: Henry Colburn, 1818), 270.
http://books.google.com/books?id=W2MFAAAAQAAJ&pg=PA270&lpg=PA270t#PPA270,M1.5. “Inquiry into potential reforms of National Security Legislation,” Joint Parliamentary Committee on Intelligence and Security, Parliament of Australia, accessed September 16, 2012, http://www.aph.gov.au/Parliamentary_Business/Committees/House_of_Representatives_Committees?url=pjcis/nsl2012/index.htm.
6. Henry Louis Mencken, The Smart Set, December, 1919.
“H. L. Mencken,” last modified September 9, 2012, https://en.wikiquote.org/wiki/H._L._Mencken.
This article was first published at isocracy.org.
I strongly encourage signing the petition to the Australian Senate from Pirate Party Australia regarding the Joint Parliamentary Committee on Intelligence and Security’s Inquiry into potential reforms of National Security Legislation. Sign this if you can’t make a submission to the inquiry, although I strongly urge all Australians to do so, or if you are reading this outside of Australia.
If the petition below does not load properly on your screen, please visit the petition page directly.
Last week the complete unredacted diplomatic cables obtained by WikiLeaks last year were revealed to the world following a series of events involving WikiLeaks, the Guardian and possibly others. There has been much finger pointing regarding who is to ultimately blame for this, which is essentially pointless. The deed is done and the information is out. A couple of days later WikiLeaks, under the direction of Julian Assange, elected to update their Cablegate site with the unredacted data and provide a full mirror archive [torrent] and PostgreSQL database copy [torrent].
Already there are interesting revelations being brought to international attention by the latest data releases. There are also very valid concerns regarding the safety of intelligence sources, victims of crime and political dissidents who are identified in the cables. Amongst these have been the revelation that one or more cables identify current Australian intelligence officers, as reported in The Age and The Sydney Morning Herald.
Last Friday a statement [PDF] was made by Robert McClelland, the Australian Attorney-General, regarding this fact and confirming that the Australian Security Intelligence Organisation (ASIO), along with other agencies, were reviewing the material. Mr. McLelland reiterated that Section 92 of the Australian Security Intelligence Organisation Act 1979 (ASIO Act) makes it a crime to “publish or cause to be published in a newspaper or other publication, or by radio broadcast or television, or otherwise make public, any matter stating, or from which it could reasonably be inferred, that a person having a particular name or otherwise identified, or a person residing at a particular address, is an officer (not including the Director-General), employee or agent of the Organisation or is in any way connected with such an officer, employee or agent or, subject to subsection (1B), is a former officer (not including a former Director-General), employee or agent of the Organisation or is in any way connected with such a former officer, employee or agent.” That second part is obviously aimed at protecting the families of ASIO employees, while subsection 1B deals with exceptions where former officers have consented to their previous employment being made public.
This has led to speculation that Julian Assange could face prosecution under Section 92 of the ASIO Act. There may be the possibility of additional charges relating to officers of other Australian agencies, such as the Office of National Assessments (ONA) or the Australian Secret Intelligence Service (ASIS). In adition to the cable referred to by The Age and The Sydney Morning Herald there is at least one cable which lists the names of a number of senior ONA analysts and there may be more buried amongst the quarter of a million cables.
One of the problems facing any Australian prosecution in this matter will be whether or not charges can be laid based on the sequence of events. The initial revelations of the complete data came from a GPG encrypted file which had been available online via BitTorrent for several months and which was decrypted using a passphrase published by the Guardian. Each on its own could not reveal the information, they had to be used together to obtain the data. If charges were to be laid related to that, who would be charged? Julian Assange for creating the encrypted file? Another WikiLeaks staffer for putting it on BitTorrent? David Leigh and Luke Harding at the Guardian for publishing the decryption passphrase in WikiLeaks: Inside Jullian Assange’s War on Secrecy? John Young at Cryptome for providing the decrypted CSV file? Raymond Hill at Cablegate Search for using that data in his online database? Others?
That’s just dealing with the initial release of the data. The next question is whether or not Julian Assange or others involved with WikiLeaks can be charged for effectively republishing the data after it has already been decrypted by others? No doubt this is something which Australian Commonwealth prosecuters will consider following the reviews of the diplomatic cables being conducted by ASIO and others.
On Sunday the Attorney-General followed the national security theme with a statement [PDF] announcing a new national security awareness campaign promoting the National Security Hotline (NSH). The NSH was introduced in 2002 by the Howard Government and the initial advertising campaign in 2003 featured much derided fridge magnets for every household.
What is unclear about the latest NSH advertising campaign is whether it was already planned, whether or not it is in response to or accelerated due to the release of the unredacted cables or whether it is part of a push to turn public opinion against WikiLeaks. When the cables were being dribbled out with effort taken to redact information that could identify people at risk of violence or retaliation it was difficult for many people to take the government’s objection too seriously. The complete release last week changes that scenario completely and the publication has been condemned by the traditional media organisations, which had previously worked with WikiLeaks to redact and publish the cables. It is possible that the Attorney-General’s department views an elevation of national security in the public consciousness will make it easier for people to draw the conclusion that the cable publication and, by extension, WikiLeaks is to be condemned.
Regardless of one’s opinions of Julian Assange and WikiLeaks, either for or against, the fact is that the facility to provide a platform for the global release of sensitive material has been a major change for both national and international politics. It has shifted the concentration of power in ways which governments are not used to. They are beginning to learn a similar lesson to that of the media: that the people formerly known as the audience are able to actively engage to a greater extent than previously possible. Not only are people able to do this, but they actually do it.
As I type this there are people around the globe pouring through the released cables looking for interesting information. Some of the results are published by traditional media outlets, some are blogged about and some are included in the running commentary on Twitter or other social media networks. Most people refer to the latter as crowd-sourcing, but governments and intelligence agencies refer to it as open source intelligence. It is another example of ordinary citizens being able to level a playing field which has previously been restricted to governments, intelligence agencies, law enforcement and corporations with the budgets necessary to obtain and mine vast amounts of data. This shift is, unsurprisingly, of real concern to those organisations which have traditionally maintained a monopoly on information.
As a consequence, moves by governments around the world to attempt to limit or discourage this power shift are to be expected. Where that coincides with existing national security legislation, such as that protecting intelligence officers here in Australia, a link is able to be drawn between the power shift and a subtext of potential sedition. It’s not quite accusing anyone engaged in any aspect of the shift in power and sharing (versus control) of information of treason, but it is a manner of presenting opposition to people doing so as in the interests of national security. It is a subtle and dangerous approach to the changing nature of politics and intelligence, which could backfire. Yet it is one which will be pursued by any government seeking to maintain a concentration of power; that being, all of them.
It also won’t work, not completely, that genie is well and truly out of the bottle. The governments, intelligence agencies, law enforcement and corporations already know this; their game is now to limit anything which they see as potentially damaging. The extent of their success or failure in this will only become apparent over time; not just in relation to the various releases from WikiLeaks, but also information which will be released by other sources and organisations in the future.
There are new players in the Great Game of international politics, players who were previously viewed almost entirely as pawns. It will be very interesting to see how it plays out as the power and the rules shift.
I have started experimenting with BitCoin, which is a relatively new form of digital currency. It’s an interesting idea and design which cuts out all the usual middlemen in online payments through a peer-to-peer network, though the price of that is being unable to obtain a refund of a transaction (e.g. a chargeback).
It does, however, provide a method of performing transactions which are simultaneously transparent and anonymous. Users create BitCoin addresses, which are a hash of relevant data (and appear like this: 19E4GYgVJrpSZ4kDnNB7NxdEFed8U13Aq5). A user can create as many such addresses as they wish, even to the extent of creating a new address for each transaction. So even though an address and associated transactions can be viewed by anyone it is still very difficult to determine the parties involved, if not impossible.
So what’s the point? Well, aside from the currency being unable to be manipulated by the normal state based actors (e.g. the Reserve Bank of Australia or the US Federal Reserve), there are a small, but growing number of people and sites accepting BitCoin payments. There is also currency trading between BitCoin and state currencies, as well as sites like CoinCard which enables purchasing BitCoins through PayPal or converting BitCoins to PayPal funds.
This means that it provides a very real method of exchanging money with no real state based scrutiny. This would certainly appeal to people who may wish to disguise what a certain transaction actually involved or who the parties involved were. While many people may assume that only certain illegal transactions (e.g. drugs and arms trafficking) would benefit from this, there are actually plenty of others. One obvious example of often legal, but potentially embarassing, transactions is the sex industry. Really, though, any transaction in which one or both of the parties involved wants a degree of privacy can benefit from BitCoin.
Some governments might raise the spectre of tax evasion via BitCoin, but that is easily countered. When converting BitCoin currency to one’s local currency and bank account, it becomes income which would be declared like any other and the tax paid on that income. Even without converting the BitCoin currency to the local currency of a recipient it would still be possible using the BitCoin currency markets to calculate the tax owed on any given transaction. Other alternative currencies, like Barter Card, have already found methods of addressing tax related issues and they are not insurmountable.
Given the level of distrust with a number of currencies, particularly following the global financial crisis, BitCoin has the potential to gain more than just a handful of computer geek users. Especially since the software is simple to use and available for Windows, Mac and Linux. The source code is also available to guarantee transparency of the entire system.
I have, of course, installed it and obtained a tiny amount of BitCoin currency using the BitCoin Faucet to see just how easy it is to use. The answer is that it is very easy to use. The example BitCoin address I included in this post (19E4GYgVJrpSZ4kDnNB7NxdEFed8U13Aq5) is an active one I generated using the software. It did not take very long to generate and could be used by anyone to send BitCoin donations or payments to me, not that I really expect that to happen. That, however, is all it takes: providing an address hash to another party to send a payment through.
As with any other online payment method, BitCoin can be configured to accept payments via a web server. Alternatively the free MyBitCoin service can be used to accept online payments through BitCoin on a commerce site quickly and easily. The advantage there is not having to worry about maintaining one’s own BitCoin payment code to integrate with an existing shopping card. The disadvantage is that the BitCoin wallet is stored on the MyBitCoin servers instead of one’s own system, although this disadvantage can be minimised by automatically forwarding payments to a local BitCoin address.
All things considered, I think this particular implementation of a virtual currency has great potential, depending on the degree to which it is adopted.
By now most people will have heard or read about the civil unrest in Egypt and the Egyptian government’s response of shutting down communications networks, including all Internet connectivity. This is, of course, one of the most complete forms of electronic censorship available to a totalitarian state.
Already there are people attempting to solve the technical aspects of routing around this kind of denial of service attack. In particular the OpenMesh project that has been reported on TechCrunch.
Personally I think that any solution in this area will have to involve a return to a real peer-to-peer networking model, rather than the client-server networking model that is so prevalent these days. I suspect that wireless networks will be the transmission path of choice for most such networks, at least as far as maintaining communications within a region affected by a government orchestrated black-out.
I am clearly not the only one who thinks this and fortunately a great deal of work has already been done on this by wireless community groups, like Wireless.org.au. The biggest implementation of such a network, of course, is the One Laptop Per Child program’s wireless mesh network.
The tricky part is getting connectivity out of such a censored region without having to rely on telecommunications carriers or government controlled networks. The level of difficulty in resolving this aspect will almost certainly depend on the physical distance between the censored region and the nearest location able to provide Internet connectivity. Some more obvious and long used methods would have to include satellite and radio transmissions, but a tolerance for data or packet loss would be beneficial.
I do not know whether a wireless mesh network or even some other solution could be deployed in Egypt before the current crisis is resolved, but I do think that making sure the information to rapidly deploy one in the future is essential for defending human rights.
Five people have been arrested in England for their roles in the distributed denial of service (DDoS) attacks performed by the group calling itself Anonymous, claiming to be defending WikiLeaks and retaliating over the arrest of Julian Assange.
Initially this group formed to protest the activities of the Church of Scientology, both online and offline. They opposed the authoritarian protocols and abuses of Scientology. Seeing some success there, they have moved on to opposing what they view as tyrannical censorship in other realms. In 2009 the target of their ire was the Australian Federal Government over the proposal to introduce mandatory Internet censorship in Australia.
So where is the problem? The problem lies in the hypocrisy of their tactics. A DDoS is nothing if not a tool of censorship, it prevents the free flow of information. The simple fact is that Anonymous are pathetically trying to enforce their own authority on everyone else and are doing so by using the same tactics as those they profess to oppose.
When Anonymous launched a DDoS against Australian Government servers in September of 2009, they did not prevent the Parliament from continuing to work on legislation and policy, including continued work on the censorship proposal. They did, however, risk associating their childish tactics with the work of others seeking to oppose that censorship in a more reasonable and open manner. They also prevented some people seeking information about the censorship proposal in order to rebut it. I know this because I was one of the campaigners whose research efforts were hampered by those attacks. Fortunately enough anti-censorship campaigners, particularly from the EFA, condemned the attacks quickly enough that Senator Conroy was unable to use the attacks as ammunition against the campaign against censorship. Still, there was a risk that that could have happened.
Now Anonymous have turned their attention to acting in the name of WikiLeaks and launching similar attacks against any organisation which has opposed, harmed or withdrawn support (usually of a commercial nature) from WikiLeaks or Julian Assange. They have even gone so far as to say that “Julian Assange deifies everything we hold dear.” In their eyes Assange can never, under any circumstances do or be wrong and that this is their holy crusade. Now what could possibly go wrong there?
Unsurprisingly their targets in this crusade have chosen to fight back. When commercial juggernauts like Mastercard and Visa are attacked they will retaliate with the full force of the law and indeed they have. This is not something which Anonymous have seen before and as they have not really lived up to their name, their attacks being launched by an application run on the PCs of participants, rather than using remotely controlled botnets, they have been caught. Anonymous are not nearly as clever and as powerful as they have deluded themselves into believing and now their members are beginning to pay the price for this. They have been behaving like children throwing a tantrum in an adult world and now they are going to be spanked.
Meanwhile those of us who promote and work for civil liberties around the globe in a way which does not impinge upon the freedom of our opponents will continue as we have always done. We will not miss the distractions of brats like Anonymous. Except, of course, that they’re not just going to go away after a handful of arrests. No doubt the arrests will scare some of them off, but others will want to fight back more. They will view these arrests as tyrannical oppression, rather than seeing it as an obvious consequence of attempting their own censorship regime.
Now, I suppose, it is my turn to find out whether Anonymous are willing to accept criticism online or whether I will find my own server crippled by retaliation for writing this. Well, I believe we should all be free to express our opinions so I hope that will be reciprocated and that any criticism comes in the form of comments rather than a denial of service attack.
