The D.C. Council gave tentative approval Tuesday for nearly $33 million in tax breaks for LivingSocial to keep the growing company in the District after members deemed it essential to city efforts to brand itself as a hub for start-up and technology companies. In a unanimous vote, the deal will save the five-year-old company about $32.5 million in taxes over a five-year period beginning in 2015. In exchange, the company will agree to mentor D.C. students interested in careers in science and technology, hire city youths to internships and offer support to businesses affected by ongoing street construction projects. …
Mayor Vincent C. Gray (D) proposed the incentives in April after LivingSocial co-founder and Chief Executive Tim O’Shaughnessy expressed concern about the company’s growing operating costs in the District. O’Shaughnessy, 30, is the son-in-law of Washington Post Co. Chairman Donald E. Graham.
In case you’re doing the math, that’s $50 per D.C. resident.
That’s the proposition I am defending in a week-long online debate at The Economist versus Symantec CTO Greg Day. Please check out our opening statements, and by all means feel free to vote for my side.
By the way, didn’t it just come out inThe Washington Post that the United States helped attack Iran with Flame, Stuxnet and related programs? If they did this to us, wouldn’t we consider it an act of war? Didn’t we just take a major step toward militarizing the internet? Doesn’t it seem plausible to you that the cyber-assault is not yet over and thus we face immediate questions looking forward? Won’t somebody fairly soon try to do it to us? Won’t it encourage substitution into more dangerous biological weapons?
Those are good questions. Let’s take them in turn.
If they did it to us, would we consider it an act of war? I tend to agree with Franz-Stefan Gady’s perspective that Stuxnet should not be considered an act of war. One of the most overlooked aspects of the great reporting done by the NYT and WaPo uncovering the details of Stuxnet is that the U.S. did not “hack in” to Iran’s nuclear facilities from thousands of miles away. Instead it had to rely on Israel’s extensive intelligence apparatus to not only understand the target, but to deliver the worm as well. That is, humans had to physically infiltrate Iran’s operations to engage in the spying and then the sabotage.
Espionage is not an act of war under international law. Nations expect and tolerate espionage as an inevitable political practice. Spies are sometimes prosecuted criminally when caught, sometimes traded for other spies, and often simply expelled from the country. Sabotage I’m less certain about, but I think it inhabits a similar space as espionage: frowned up, prosecuted criminally, but not an act of war per se. (I’ve been trying to find the answer to that question in vein, so if any international law experts would like to send me the answer, I’d appreciate it.)
So what do we have with Flame? It’s essentially spying, albeit in a frighteningly efficient manner. But, it’s not act of war. Stuxnet is similarly not an act of war if we assume sabotage is not. There’s little difference between Stuxnet and a spy infiltrating Natanz and throwing a wrench into the works. Stuxnet is just the wrench. Now, it’s key to point out what makes Stuxnet political sabotage and not terrorism, and that is that there were no deaths, much less civilian deaths.
Did we take a big step in militarizing the Internet? Won’t somebody fairly soon try to do it to us? Well, it’s already happening and it’s been happening for years. U.S. government networks are very often the subject of espionage—and maybe even sabotage—by foreign states. If something feels new about Stuxnet, it’s that for the first time we have definitive attribution to a state. As a result, the U.S. loses moral high ground when it comes to cybersecurity, and if someone doing it to the U.S. gets caught, they will be able to say, “You started it.” But they’re already doing it. Not that it’s necessarily a good thing, but the militarization of cyberspace is not just inevitable, it’s been well underway for some time.
Finally, Tyler asks, Won’t it encourage substitution into more dangerous biological weapons? The answer to that, I think, is a definitive no. “Cyber weapons” are completely different from biological weapons and even chemical or conventional, and certainly nuclear. For one thing, they are nowhere nearas dangerous. No one has ever died from a cyber attack. Again, short of already being in a shooting war, these capabilities won’t be employed beyond espionage and surgical sabotage like Stuxnet.
That raises the question, however, if we’re in a shooting war with a Lybia or a Syria, say, will they resort to cyber? Perhaps, but as Thomas Rid has pointed out, the more destructive a “cyber weapon” the more difficult and costly it is to employ. Massively so. This is why it’s probably only the U.S. at this point who has the capability to pull off an operation as difficult as Stuxnet, and then only with the assistance of Israel’s existing traditional intelligence operation. Neither al Qaeda, nor Anonymous, nor even Iran will be able to carry out an operation on the same level as Stuxnet any time soon.
So, Tyler, you can sleep well. For now at least. ;o) Yes, we should have a national discussion about what sorts of weapons we want our government employing, and what sort of authorization and oversight should be required, but we should not panic or think we’re a few keystrokes away from Armageddon. The more important question to me is, why does one keeps $2.85 million in bitcoin?
“Democracy is like a puppy. It looks all sweet and fluffy when you’re looking at it in the shop window, but one day it will crap all over your carpet and widdle in your favorite slippers before proving disappointingly simplistic in conversation, increasingly attention-seeking and expensive, and then eventually, it will die.”—Andy Zaltzman
Bitcoin is anonymous, but transparent, so you can see the balances associated with individual addresses in the system. Jon Matonis points us to the top ten balances, which are pretty astounding. He writes:
But why leave your wealth in a distributed proof-of-work system instead of a traditional bank? In a broad sense, bitcoin wealth offers protection from unpredictable political risk such as sovereign confiscation, excessive taxation, and capital controls at the border. In addition to preservation of value when compared to national fiat currencies, bitcoin wealth eliminates bank solvency risk and the risk of exogenous shocks to the uber-leveraged financial pyramid. Remember, a pyramid was not a monument but a tomb.
I’m not sure I buy this completely. Bitcoin at this point is not risk free, to say the least, and I can think of much better hedges against the collapse of fiat currencies. It would be fascinating to discover who these folks are.
“Very happy to announce that as of this morning, Heather and I are legally married (at least in DC). 20 years to the day after our first date.”—Dick Cheney’s daughter, Mary • Revealing that she got married to her longtime partner, Heather Poe, on Friday. The couple, which has two children, lives in Northern Virginia, but got married in Washington DC, one of the areas where gay marriage is legal. Congrats guys!
From the cry-me-a-river department, the NYT has an update on 115 Cubans who had been imprisoned in Cuba and to whom Spain gave asylum after it negotiated their freedom. Bottom line, they’re not happy:
Some of the Cubans have held protests in downtown Madrid, as well as in other cities like Málaga, to demand that their government support payments be extended, and critics and opponents of the government have accused it of abandoning the former dissidents.
Which gives credence to my theory that Cubans are Republicans by accident and are, at heart, social democrats.
The UN's 'Internet takeover' and the politics of Kumbaya
When it comes to the UN exerting greater control over Internet governance, all of us who follow Internet policy in the U.S. seem to be on the same page: keep the Internet free of UN control. Many folks have remarked how rare this moment of agreement among all sides—right, left, and center—can be. And Congress seized that moment yesterday, unanimously approving a bi-partisan resolution calling on the Secretary of State to “to promote a global Internet free from government control[.]”
However, below the surface of this “Kumbaya moment,” astute observers will have noticed quite a bit of eye-rolling. Adam Thierer and I wrote a piece for The Atlantic pointing out the obvious fact that when a unanimous Congress votes “to promote a global Internet free from government control,” they are being hypocrites. That’s a pretty uncontroversial statement, as far as I can tell, but of course no one likes a skunk at the garden party.
Today a key committee in the US Congress approved a resolution opposing United Nations “control over the Internet.” While some in the Internet community have dismissed the bipartisan effort as mere political grandstanding, recent actions by some UN Member States show that lawmakers have good reason to be worried.
For the record, I fully support, commend, and endorse the Congressional resolution and the idea that the UN and all governments should keep their paws off the Internet. I certainly don’t dismiss the effort. That said, because I am capable of critical thought, I can simultaneously entertain the idea that politicians in Congress are also engaging in grandstanding and will likely forget their august resolution next time they vote on cybersecurity, copyright, privacy, net neutrality, or child safety bills.
So what is the recent action that DelBianco says should have lawmakers worried?
Last month, UN voting member Ethiopia made it a crime — punishable by 15 years in prison — to make calls over the Internet. The Ethiopian government cited national security concerns, but also made it clear that it wants to protect the revenues of the state-owned telecom monopoly.
And this gets to the next point of contention. Milton Mueller has been getting some heat because he is pointing out the also obvious fact that the UN is not about to take over the Internet, and that the issues around WCIT are much more subtle than the headlines would lead you to believe. The fact that Ethiopia is enforcing such a terrible law is evidence itself that state governments are the real threat to the Internet, and that they don’t need permission from the UN to regulate the Internet.
And even if they did need it, they have it. As ITU Secretary-General Houman Touré pointed out in his speech yesterday, “Such restrictions are permitted by article 34 of the ITU’s Constitution, which provides that Member States reserve the right to cut off, in accordance with their national law, any private telecommunications which may appear dangerous to the security of the State, or contrary to its laws, to public order or to decency.”
But all this does not mean that folks like Milton, Adam, Eli Dourado, and I are not in complete agreement with DelBianco, FCC Commissioner Robert McDowell, Gigi Sohn, and the rest who are sounding the alarm about WCIT. It’s just that we want to be more specific about what the exact threats are, and we don’t want to overstate the case because we fear that could eventually backfire.
The real threat is not that the UN will take over the Internet per se, but that autocratic states like Russia, China and Iran will use the process to further legitimize their existing programs of censorship, as well as the idea of interconnection charges.
In a happy accident of history, the Internet was designed by academics and engineers, not governments and telcos. Now they want to say, “Thanks for setting it up, we’ll take it from here.” They can’t take control overnight at a single conference—and maybe never given the Internet’s decentralized architecture—but they can start setting the stage for more and more government regulation, perhaps even resulting splinternets (an issue beyond the scope of this post). That’s the subtle threat WCIT and subsequent conferences pose.
The question then is, why update the ITRs at all? All evidence suggests that the only reason to revisit the ITRs is to bring the Internet under their umbrella. The main thing to be negotiated at WCIT, it seems, is how much regulation of the Internet the ITRs will legitimize, not whether to do so at all. I know it will be hard for our diplomats to acknowledge other states’ concerns about security, piracy, fairness, etc., and at the same time be firm that WCIT is not the place to deal with those issues, but that’s what they should do.
Yours truly writing with Adam Thierer in The Atlantic about the bipartisan congressional resolution that passed today against UN regulation of the Internet:
From the tone of the hearing, and the language of the House resolution, we are being asked to believe that “the position of the United States Government has been and is to advocate for the flow of information free from government control.”
If only it were true. The reality is that Congress increasingly has its paws all over the Internet. Lawmakers and regulators are busier than ever trying to expand the horizons of cyber-control across the board: copyright mandates, cybersecurity rules, privacy regulations, speech controls, and much more.
Perhaps the lesson here is that Congress is commendable only when it is being hypocritical.
A little torn on this. Granted, we tend to be reflexively anti-Microsoft at times, but this probably is the most-aggressive attempt to take on Apple we’ve seen yet, and it’s worth taking seriously. They took Apple’s biggest iPad weakness — the lack of physical keyboard — and banked the entire device on it. It’s a smart approach, but you know, it’s one that seems like it’d be simple for a Kickstarter to copy completely. It’ll be interesting to see how this affects third-party vendors, too. Either way, this seems like an attempt to take out the netbook — if they price it right, at least.
And that’s just it: they didn’t announce a price. Unless they take a loss, I don’t see it matching the iPad’s $499, in which case it is not competing with the iPad. So with what is it competing? Perhaps the lesson Microsoft did learn from Apple is that if your market is going to get disrupted, it might as well be you who does it. So I think this might be competing against themselves (and their partners). A PC for the post-PC world.
WCITLeaks is cited in the WSJ this morning. Gordon Crovitz:
The process is secret, so it was hard to know what authoritarian governments were plotting or how the U.S. was responding. This column last month detailed some of the proposals, but other commentators doubted that any changes would be material.
Disclosure came when two academics decided to use the openness of the Web to help save the Web. George Mason University researchers Jerry Brito and Eli Dourado earlier this month created a site called WCITLeaks.org. They invited anyone with access to the documents describing the U.N. proposals to post them, so as “to foster greater transparency.” These documents are not classified but had not been made public.
The WCITLeaks site hit pay dirt this past Friday. Someone leaked the 212-page planning document being used by governments to prepare for the December conference. Mr. Dourado summarized: “These proposals show that many ITU member states want to use international agreements to regulate the Internet by crowding out bottom-up institutions, imposing charges for international communication, and controlling the content that consumers can access online.”
One [DHS] official used a technique known as “spear fishing” to gain access to his colleague’s computer. With spear fishing, a hacker targets a computer user with an email containing an infected attachment.
In the demonstration, the official sent an email pretending to be his colleague’s boss. The email included an attachment that appeared to be a copy of the Lieberman-Collins cybersecurity bill, but actually included malicious code. The hacker was then able to download confidential documents from the infected computer and even activate and view video from the computer’s webcam.
I’d like to know what part of the Liberman-Collins bill would prevent spear fishing attacks.
Bloomberg BNA: ‘WCITLeaks’ Website Attempts To Bring Transparency to WCIT Proposals (sadly behind a paywall)
A couple of pointers: If you want to understand what the WCIT is really all about, the one piece you have to read is this post by Milton Mueller. It’s the best explanation of what’s at stake. And if you want to understand the International Telecommunication Union’s lack of transparency, check out this article by Patrick Ryan and Jacob Glick.
Meeting for the past two days, Hu Jintao of China and Vladimir Putin of Russia, among others, had this to say:
The heads of state stressed the importance of cooperation among member states in safeguarding international information security and pointed out the need to prevent information and communication technologies from being used to undermine world peace, stability and security and to continue to promote the formulation of an “International Code of Conduct for Information Security” under the framework of the United Nations.
Funny, China, Russia, and other SCO countries introduced just such a code as a UN resolution last year. Among other things, it would commit signatories to curb “the dissemination of information that incites terrorism, secessionism or extremism or that undermines other countries’ political, economic and social stability, as well as their spiritual and cultural environment.” Don’t get confused, though, they don’t mean censorship at all.
These developments don’t surprise Jerry Brito, a researcher at the libertarian Mercatus Center at George Mason University. For most uses, he said, dollars (or other countries’ official currencies) are simply more convenient, so it’s hard for Bitcoin to gain traction. But he argued that Bitcoin’s relative anonymity and the lack of intermediaries gives it a crucial advantage for “illicit stuff: drugs, gambling, pornography, getting money out of countries where there are restrictions on moving funds. That’s where it’ll establish itself first.”
It’s only my personal view, but I think the age of the President or the Prime Minister is dead. People everywhere have lost faith in politics, and rightly so. Something different needs to happen. I think we were all initially swept along with the Obama win, but he’s proven to be simply a set of teeth, and useless in every other regard. Time and time again we see the same scenario whereby political figures only see the public as electorate, and once anyone is elected they appear to hate the people.
They weren’t intended to be books actually. They were essays. When I became known they were heavily distributed around England, which was embarrassing because they were just juvenile teenage rubbish. The James Dean essay was called James Dead is Not Dean, but was published as James Dean is Not Dead, which had me rather exasperated. Oh, well.
Earlier this week I interviewed Andrew Keen about his new book, Digital Vertigo, and pressed him on his support for a ‘right to be forgotten.’ I noted that such a right would conflict with free speech rights, and he begged to differ.
"My own data, which I have published on the web, I should have a right, if I choose, for that data to go away," he said. "That doesn’t impact in any way on your right to speak."
This is a view of the EU’s proposal that I’ve heard from several folks, and I wanted to take a moment to explain why it’s mistaken. If the proposed EU right only covered information held by you that you wanted to unpublish—from Facebook, Tumblr, a self-hosted blog, etc.—then we wouldn’t need a right. Those services give you that ability right now, and if they didn’t, I don’t think folks would patronize them.
No, the right that Vivianne Redding has outlined is not a right to erase information held by oneself, but a right to erase data held about oneself. For example, in researching this post, I searched for an essay by Joris van Hoboken, an info law PhD candidate in Amsterdam, that made a great case against the right to be forgotten. As it turns out, the blog post I was looking for had been removed. His whole site is down, perhaps for technical reasons, but perhaps because he has changed his mind and is now embarrassed by his previous views and wants them erased from the internet. Luckily, I had saved the essay in Evernote and you can see it here.
Now, van Hoboken might have the power under copyright law to make me take down the essay, but he has no right to keep me from writing about the fact that he wrote such a (potentially embarrassing) essay and even summarizing or excerpting it. That is the right that the EU would like to confer on citizens, and my right to speak is the one it wants to curtail.
The proposal does state that a “controller shall carry out the erasure without delay, except to the extent that the retention of the personal data is necessary for exercising the right of freedom of expression[.]” The problem with this exemption is that it creates an opportunity for the government to decide what kind of speech qualifies as legitimate expression, and which one does not. I would like to see those opportunities limited.
In his book, Keen is critical of the twittering masses who disobeyed the British High Court’s superinjunction on speaking about Ryan Gigg’s extramarital affair. Keen might think that such superinjunctions are legitimate and appropriate, and that the state should sometimes determine what content is and is not appropriate for free expression. But that’s different from pretending that a right to privacy does not conflict with a right to free speech.
[T]he cultural differences in attitudes to privacy and free speech in the EU and the US. In the EU, and particularly in Germany, privacy is taken very seriously, and the rights that people have over data are considered crucial. In the US, privacy very much takes second place to free speech – anything that can even slightly infringe on free speech is likely to face short shrift. The right to be forgotten has been very actively opposed in the US on those grounds—Jeffrey Rosen in the Stanford Law Review calling it the ‘biggest threat to free speech on the internet in the coming decade’.
Who is right? Neither, really. The right is not what its more active opponents in the US think it is—but neither has it been written tightly enough and carefully enough to provide the kind of practical, realisable right to delete personal data that the EU would like to see.
Yes, our cultural lenses do make us see free speech in different ways. And yes, maybe we in the U.S. are a bit sensitive about our speech rights. But the way the proposal is written now, we have good reason to be. It would not be too difficult to use such a ‘right’ for censorship.
I don’t think you have to be Sherlock Holmes to figure out what is going on here. You’ve had three leaks of intelligence that paint the president as a strong leader. I don’t think it’s an accident that you have three stories within about 45 days that paint the Obama administration as being effective in the war on terror at our national security detriment.
What’s amazing to me about this is that the outrage is over the leaks (and their political consequences), not the fact that the president (and his predecessor) unilaterally ordered a cyberattack on another country. Dennis Kucinich seems to be the only one pointing this out.
This is a delicate issue since the Pentagon’s own cyber strategy holds that “computer sabotage coming from another country can constitute an act of war.” At what point does executive control over covert activities cross the line? Is it good enough to brief just a few friendlies in Congress (and then swear them to secrecy)? Those are the question we should be debating.
While I think he misses some of the wonder in the emergent order that are Internet memes, and I can’t believe he didn’t mention 4chan, this dispatch from ROFLcon is definitely worth a read, especially for the Tumblr set.
As you may have heard, the UN is trying to take over the internet. Well, that’s not really true, but member states of the UN’s International Telecommunications Union (ITU) are definitely going to negotiate an agreement related to the Internet at the World Conference on International Communications (WCIT - pronounced ‘wicket’) this December in Dubai. U.S. officials have warned that some member states, including Russia and China, have put forth proposals to regulate the Internet. Vint Cerf has warned that “Such proposals raise the prospect of policies that enable government controls but greatly diminish the ‘permissionless innovation’ that underlies extraordinary Internet-based economic growth to say nothing of trampling human rights.”
So what are these proposals? Well, we don’t know exactly. To see them, you have to have access to the ITU’s password protected website. This lack of transparency brings to mind secret negotiations like the one that gave us ACTA, and several civil society groups have written to the ITU demanding access to the documents.
The proposals are not classified and it’s not illegal to share them. In fact, they often are shared. At a recent panel discussion that I attended, the State Department’s Richard Beaird said, “Access to the proposals, of course, as I have done and others have done, is if you ask me, I will give you those proposals. I don’t want to have a flood of requests coming in from the room or those int he television audience.”
At the time, I tweeted: “If someone will pass them to me, I volunteer to host a site with gov WCIT proposals.” It seemed weird to me that someone wasn’t collecting and publishing the documents, like how opencrs.com does with Congressional Research Service reports. I promptly forgot about the idea, but was reminded yesterday when Milton Mueller wrote this post urging the U.S. to make documents available. He wrote:
Today, IGP has learned that the U.S. government is in possession of a document that brings together descriptions of all the WCIT proposals emerging from the ITU’s Council Working Group. The document, known as TD 64, compiles all the proposals on the table into a single document without attributing them to any specific government. No law or treaty stops the US government from making this document available to the public. We urge the U.S. government to release TD 64 of the ITU Council Working Group immediately.
Of course, while it’s not illegal, publishing these documents is probably not considered polite in the rarefied diplomatic circles of the ITU. So, I thought we’d give folks with access to the documents a helping hand.
Yesterday Eli Dourado and I spent a couple of hours putting together a website at WCITLeaks.org. The idea is simple: If you have a WCIT or ITU related document you’d like to share, submit it anonymously and we will publish it. That’s it. We hope you find it useful and that you’ll spread the word.
The Wall Street Journal reported on Monday that the social media giant is testing features that would allow young children to access the site. The children’s accounts may be linked to their parents, so that the parents can control whom their children friend and which applications they use.
Privacy advocates are having a cow. What do you think? Should kids under 13 have legal access to Facebook?
Now Rey has the cultural implications of digital dualism down cold. What are the policy implications? The first is the inability to see the very real similarities between all things “cyber” and everything else. Most petty crimes are never solved, so why should we be surprised that cybercrimes go mostly unpunished? Is there a very big difference between someone stealing your bike from the local DC bikeshare because they had figured out a vulnerability that not even the lock manufacturer suspected and a zero-day exploit? And when it comes down to who should have organizational responsibility for law enforcement or military aspects of cyber conflict, the myth of cyberspace as a corporeal thing that we enter into via digital, disembodied avatars has immense consequences.
Preet Bharara, U.S. attorney for the Southern District of New York, in the NYT:
The alarm bells sound regularly: cybergeddon; the next Pearl Harbor; one of the greatest existential threats facing the United States. With increasing frequency, these are the grave terms officials invoke about the menace of cybercrime — and they’re not understating the threat.
Also from the NYT, check out this archive of the 100+ stories they ran on “the Y2K Problem.”
One thing Mr. Bharara is right about, though, is the need for breach disclosure laws.
Tim Lee in response to my post on the EFF’s attack on Apple:
[Consumers are] being deprived of the freedom to purchase legal jailbreaking tools. In 1998, Congress passed the Digital Millennium Copyright Act, which makes it a felony to distribute products “primarily designed” for circumventing copy-protection schemes like the one on the iPhone. Breaking the law “willfully and for purposes of commercial advantage” can get you a half-million dollar fine and five years in prison. …
When Apple decided to lock down the iPhone, it was effectively invoking the force of criminal law against jailbreaking. That seems like a restriction on users’ freedom to me even if, like me and Jerry, you view freedom in terms of negative rights.
I agree with Tim that the DMCA’s anti-circumvention provision is a misguided encroachment on personal liberty. But it’s Congress, not Apple, that is to blame. As far as I know, Apple didn’t lobby for the law, and iIt’s not their fault that locking down a phone can create criminal liabilities. But even if Apple willfully avails itself of the law, the solution is not to force Apple to be open through regulation, but instead to repeal the anti-circumvention law. Two wrongs don’t make a right. Apple isn’t depriving anyone of liberty; the government is.
Here’s one place I think Apple could stand to be more open. Why do they insist on baking all these sharing features into the OS? Why not use contracts like Windows 8?
It would be better for consumers because they would get to pick what social networks to add to their phones. It would be better for social networks, which wouldn’t have to hope and pray that they got built into the OS or by developers into apps (i.e. how I pine for send-to-Buffer and send-to-Tumblr buttons in Reeder). And it would be better for Apple, which wouldn’t be caught without the latest network (Pinterest, anyone?), or worse: stuck with a sharing platform that’s going south baked into its OS.
The unusually tight collaboration with Israel was driven by two imperatives. Israel’s Unit 8200, a part of its military, had technical expertise that rivaled the N.S.A.’s, and the Israelis had deep intelligence about operations at Natanz that would be vital to making the cyberattack a success.
Without the extensive knowledge the Israelis had acquired about Natanz, and without their ability to get the worm into Natanz, the project would likely not have been possible. That is, the cybermagic depended on an elaborate, expensive and dangerous old-school spying operation. Again, cyberweapons like Stuxnet are not within reach of groups like Al Qaeda or Anonymous. Not even Iran today.