The War On Encryption, and Fighting Trade Agreements
12th June, 2015 —
This week’s Ind.ie roundup focuses on de-mystifying two areas relevant to our privacy and freedoms: encryption and trade deals. They can both sound like dull and difficult topics, so I’m going to do my best to make them clearer, with the help of many, much-smarter, people…
Encryption is a way to make data more secure, and unable to be intercepted by anyone unauthorised to view it. For example, encryption allows us to send messages to each other that can’t be read by anyone besides the intended recipient.
Accordingly to the Electronic Frontier Foundation’s (EFF) Surveillance Self-Defense guide, there are three key concepts in encryption:
Private and public keys
Common types of encryption include a private key, which is kept secret on your computer and lets you read messages that are intended only for you. A private key also lets you place unforgeable digital signatures on messages you send to other people. A public key is a file that you can publish or give to others that allows people to communicate with you in secret, and check signatures from you. Private and public keys come in matched pairs.
Web browsers can make encrypted connections to sites using HTTPS. The common symbol of HTTPS is the lock icon inside, or alongside, the URL bar in the web browser. When the browser connects to a site, they examine certificates to check the domain names’ public keys. Certificates are a way to help you understand if you have the right public key for a person or website, and if you can communicate securely with them.
Using HTTPS means information sent between the you and the site is encrypted, ensuring that no third party can intercept the communications. This means that a third-party intercepting an e-commerce order can’t steal credit card details, which is why encrypted connections have been the norm for online shopping and banking for more than a decade.
A “key fingerprint” is a string of characters like “342e 2309 bd20 0912 ff10 6c63 2192 1928” that should allow you to uniquely and securely check that someone on the Internet is using the right private key. If you check that someone’s key fingerprint is correct, that gives you a higher degree of certainty that it’s really them. But it's not perfect, because if the keys are copied or stolen, someone else would be able to use the same fingerprint.
Why is encryption so important?
Edward Snowden has emphasised on numerous occasions that encryption is the only way we can keep our data safe. Not just from government surveillance, but also from other people looking to intercept our data:
“What last year's revelations showed us was irrefutable evidence that unencrypted communications on the internet are no longer safe. Any communications should be encrypted by default.”
Bearing this in mind about encryption, now hear this: testifying before Congress, Michael Steinbach, assistant director in the FBI’s Counterterrorism Division said:
“So that’s the challenge: working with those companies to build technological solutions to prevent encryption above all else.”
The most common reason provided by those in favour of government mass surveillance is that it can help prevent terrorism. But, as we mentioned last week, there is little evidence to support these claims, and even inside the US’s National Security Agency (NSA), officials criticise “collect-it-all surveillance.”
Trevor Timm addresses the shortsightedness and, frankly, stupidity of Steinbach’s comment in his Guardian article, ‘If the FBI has a backdoor to Facebook or Apple encryption, we are less safe.’ Trevor argues that encryption helps ordinary people protect their information and themselves from snoopers, criminals, and foreign governments. He also points out the hypocrisy of Obama criticising the Chinese government for trying to build backdoors into encryption under the guise of anti-terrorism not three months ago, when his government is trying to do the exact same thing.
The Information Technology Industry Council, and the Software and Information Industry Association, representing tech corporations including Apple, Google Facebook, IBM and Microsoft, have sent a “strongly worded letter” to Barack Obama urging him not to weaken increasingly sophisticated encryption systems designed to protect consumers’ privacy:
“We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool.”
As we mentioned last week, government anti-encryption stances are not just a problem in the US, but in the UK too. Tech companies starting to leave the UK as “firms which develop solutions that depend upon secure communications will find it impossible to do business.”
Based on the House of Representatives’ voting to rein in mass surveillance, security experts believe it’s unlikely that Congress will take legislative action against encryption anytime soon.
Despite the anti-encryption arguments, the White House has this week published a memo requiring all federal websites and web services to provide service only through a secure HTTPS connection, citing a need to “keep pace with privacy and security practices used by commercial organisations, and with current and upcoming internet standards.”
Google have already recommended that all web pages are served over HTTPS, and this week Apple have followed suit, encouraging developers on its platform to exclusively use HTTPS. This shows that the White House is correct in suggesting secure connections are becoming the norm, but also emphasises how ludicrous it is that any government would consider opposing encryption.
Responsibility for our technology
Have people already given up on their privacy? Natasha Lomas says not, and suggests that the online privacy lie is unraveling:
“A new report into U.S. consumers’ attitude to the collection of personal data has highlighted the disconnect between commercial claims that web users are happy to trade privacy in exchange for ‘benefits’ like discounts. On the contrary, it asserts that a large majority of web users are not at all happy, but rather feel powerless to stop their data being harvested and used by marketers.”
Citing a recent report entitled, “The Tradeoff Fallacy: How marketers are misrepresenting American consumers and opening them up to exploitation,” Natasha discusses how the Americans surveyed feel as though attempts to manage what companies can learn about them are futile. People believe they’ve already lost control, or are just plain unaware of how their purchase and usage data is sold on and shared with third parties without their permission or knowledge. Still, Natasha points out that people are becoming less fooled by data mining masquerading as “free” services.
Cory Doctorow also covered the report on Boing Boing, speculating that the core problem with these free services is that the privacy options are all opt-out, meaning people are forced to share their data by default. He suggests that maybe services designed to deliberately obfuscate and spoof people’s data are a potential solution.
The Tradeoff Fallacy ends with suggestions for improving transparency and corporate openness that are oriented around developing clear definitions of transparency, and systematically calling out companies on bad behaviour. Given what we know about government and corporate co-operation when it comes to mass surveillance, and based on the trade agreements giving greater powers to corporations, it sounds a little too hopeful. I’m reminded of the talk by Frank Pasquale that Jo and I attended yesterday, where he pointed out that transparency isn’t valuable if what is made transparent is far too complex to be intelligible.
Last week we shared Quinn Norton’s fantastic article about how journalists benefit from the culture of tracking and analysing on the web. This week, Jemima Kiss has examined a different angle of tension between journalism and tech; looking at recent news initiatives from Apple, Facebook and Google, talking about how publishers need to have a better understanding, and a say, in how these new platforms for news are developed.
“Technology isn’t neutral, but created by teams with their own goals and prejudices and that technology changes our behaviour, which is true of Facebook, Apple and Google. And so publishers need to be part of that process.”
Jemima points out a major flaw in this new relationship: the publishers stand to benefit from this technology it also has a responsibility to scrutinise:
“Regulators are only beginning to grapple with the legal and regulatory challenge and governments still aren’t tech literate. So in an age of unprecedented power, who will hold technological power to account if not the press? And that’s harder to do when you’re helping build the power.”
Trade Agreements are deals between countries with the stated goal to “reduce barriers to trade” between the countries who have signed the agreement. The standard line on these agreements is that they will create jobs and increase economic growth. Unfortunately, this is usually false publicity. Here I’m going to look at a few trade agreements currently being negotiated, and why they are harmful.
The TPP (Trans-Pacific Partnership) is being negotiated between the United States, Australia, Brunei, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, and Vietnam. The CETA (Comprehensive Economic and Trade Agreement) is being negotiated between Canada and the European Union. The TTIP (Trans-Atlantic Trade & Investment Partnership) is being negotiated between the European Union and United States. Whilst the details of these trade agreements are different, there are many similarities:
The general threats of these trade agreements
Corporations will be given rights to sue a government if it passes laws that harm corporate profit. The Investor-state dispute settlement (ISDS) in TTIP refers to the ability of investors to use special international tribunals, held in secret, to sue governments for actions that the companies claim have harmed their investments. This settlement can also affect laws which were enacted in the interest of the common good, such as laws for the protection of consumers or the environment. It effectively places the power of the corporations above the power of the governments.
ISDS has been opposed by some political parties but “dirty last-minute deals” often lead to mention of ISDS being dropped from reports, and replaced by vague legal speak like “provide effective legal protection based on the principle of democratic legitimacy, efficiently and in a cost-effective manner.” More on this equivocation later…
“Regulatory cooperation” would mean that representatives of big corporations are invited to participate in expert groups to influence new laws, even before these laws are discussed in the elected parliaments. Corporations aren’t democratically elected by citizens, and have no reason to represent the rights of individuals, so regulatory cooperation undermines democracy.
“TTIP represents a corporate power-grab of a scale and depth never imagined”
Corporate lobby groups also want to use the trade agreements to reduce every included country’s standards and regulations to the same standard as the country with the lowest levels of standards. This would enable corporations to cut their costs, as they’d no longer be held back by so much regulation. With TTIP, the EU and its member states are falling under pressure to allow risky technologies such as fracking or GM technology which are more widely accepted in the US.
Lowering standards also threatens food standards, and consumer protection for cosmetics and medical products. In reality, we need higher rather than lower standards of protection, whether they apply to the use of pesticides, factory farming, or clean sources of energy. Regulatory cooperation and ISDS would make increasing regulation more difficult or impossible. There’s a reason these regulations already exist—they are hard-won laws that protect our health and environment.
Employee rights and jobs are also under threat. In the US, only a few basic rights for employees are recognised. In agriculture and in the electrical industry, massive job losses could occur because of the tougher competition from other countries.
These trade agreements would also favour corporations in issues of privatisation. Once public utilities, hospitals, or waste collection have been privatised, deals such CETA and TTIP would make it impossible for them to be returned to the public sector.
Why are these trade agreements so dangerous?
If those reasons don’t have your blood boiling enough, it gets worse:
These trade agreements are irreversible. The provisions put in place are considered valid for at least 20 years (in which time there could be 4 or 5 different governments in a country.)
Trade negotiations are conducted in secret, and documents about the progress made are almost never shared with the public:
“Due to the secrecy, it often takes years for the public to find out what exactly the governments are planning to agree.”
Even our public representatives know little, if anything, about their progress. They receive the results in the form of long agreements (the CETA agreement, for example, has about 1,500 pages). They only receive these results after the conclusion of the negotiations, and are therefore able only to either accept or reject the whole agreement without being able to ask for amendments.
The threat of trade agreements on our digital rights
The EDRi (European Digital Rights network) have written a booklet that explains how TTIP threatens our digital rights, and includes recommendations that could benefit citizens if included in the trade agreements:
Ensure real transparency and accountability
“Otherwise, the result is lack of accountability and public scrutiny and a democratic deficit.”
Protect the right to regulate and a guarantee of respect for rule of law
“If Regulatory cooperation is adopted, strong and enforceable safeguards [should] be put in place so that the right to regulate is not undermined.”
Exclude settlements on data and privacy protection, intellectual property, net neutrality, mass surveillance, and encryption
The EDRi argues that none of these issues should be included in TTIP. Not because they are not important, but because it isn’t the appropriate forum to discuss them.
Exclude of any form of ISDS
“No form of ISDS should be accepted.” Simple.
Include a binding and enforceable Human Rights clause
“All trade-related agreements need a binding, available, enforceable and suspensive Human Rights clause.” This ensures that citizens remain protected.
So what can we do?
When it comes to TTIP, it’s not yet decided who gets the final say, but it’s likely that all EU member states, in addition to the EU Commission, would have to ratify a mixed agreement. So we need to use what power we have to convince our representatives to stand against these trade agreements. The Stop TTIP campaign has a lot of suggestions on how you can make a difference:
- Tell your friends on social networks and via email
- Collect signatures in your workplace and local area.
- Tweet your MEPs.
- Help inform people by blogging and sharing the 10 reasons you should be worried about TTIP.
- Help translate the Stop TTIP campaign materials.
- Donate to the Stop TTIP campaign.
- Sign the petition at Stop TTIP.
These trade agreements won’t just have an impact on our generations, but on generations yet to be born. We need to fight them before it’s too late.