April 4th, 1984
Chapter 1: It was a bright cold day in April, and the clocks were striking thirteen… On each landing, opposite the lift-shaft, the poster with the enormous face gazed from the wall. It was one of those pictures which are so contrived that the eyes follow you about when you move. BIG BROTHER IS WATCHING YOU, the caption beneath it ran.
The Ministry of Truth — Minitrue, in Newspeak — was startlingly different from any other object in sight. It was an enormous pyramidal structure of glittering white concrete, soaring up, terrace after terrace, 300 metres into the air. From where Winston stood it was just possible to read, picked out on its white face in elegant lettering, the three slogans of the Party:
WAR IS PEACE
FREEDOM IS SLAVERY
IGNORANCE IS STRENGTH
… He dipped the pen into the ink and then faltered for just a second. A tremor had gone through his bowels. To mark the paper was the decisive act. In small clumsy letters he wrote:
April 4th, 1984.
He sat back. A sense of complete helplessness had descended upon him… — 1984 by George Orwell
As one British blogger commented, Orwell was only off by 25 years and 2 days.
Tomorrow morning, the European Union directive goes into force which will require all internet activity, emails, visits to websites and internet phone calls to be collected and retained by the government. This is the first step in the centralized database at the heart of the Intercept Modernisation Programme [covered here and here]. As the Daily Telegraph reports today, Simon Davies, director of Privacy International, said: "I don't think people are aware of the implications of this move. “It means that everything we do online or on the phone will be known to the authorities. They are using this to produce probably the world's most comprehensive surveillance system.”
They’ll be able to build a pretty detailed picture of ordinary citizens, who they’re associated with, even their politics, religious preferences and shopping habits, said Shami Chakrabarti from the civil rights group, Liberty.
The European Union Data Retention Directive, however, wasn’t comprehensive enough and the government is now looking into adding other forms of communications not covered by the directive, such as social networking sites, like Facebook and Myspace. As ITProPortal.com reports:
This gigantic database - probably the largest in the world - would have to track one trillion emails, 20 million broadband connections and 60 billion SMS per year. It will certainly raise some eyebrows through comparisons with the East German's Stasi equally titanic databases at a time where one in 10 adults in the country were informers.
For any American citizen who doesn’t think anything like that could ever happen in the United States, they’ve been listening to too much newspeak. The Cybersecurity Act of 2009 introduced in the Senate could dwarf the European Intercept Modernisation Programme. It will give the President control over the internet.
As Eweek.com reports, the Cybersecurity Act of 2009 would allow the president to declare a cybersecurity emergency and shut down or limit Internet traffic in the name of national security. It would grant the government unprecedented authority over private-sector Internet services, applications and software. In establishing a government clearinghouse of potential vulnerability data, it would give the president the power to access and demand from private networks all data without regard to any provision of law, regulation, rule or policy restricting such access, writes Roy Mark.
According to Greg Nojeim, general counsel for the Center for Democracy and Technology: “The president would decide not only what is critical infrastructure but also what is an emergency.” The bill would also impose mandates for adherence of private networks and systems to government-decided standards, including standardized security software, testing, licensing and certification of cyber-security professionals.
This would also weaken the security of the system by being all one standard and making it easier for the bad guys, he said. Cyber-criminals are smart, decentralized, inventive and nimble, and government mammoths aren’t.
These concerns were echoed by Jennifer Granick, civil liberties director at the Electronic Frontier Foundation. “You've basically established a path for the bad guys to skip down,” she said. The legislation is also contrary to the Constitution, she said, and protection from searches without cause. “Once information is accessed, it can be used for whatever purpose, no matter the original reason for accessing something.”
You can read the bill as drafted here. A few passages from the 51-page legislation:
John Brennan, the Assistant to the President for Homeland Security and Counterterrorist wrote on March 2, 2009, that "our nation’s security and economic prosperity depend on the security, stability, and integrity of communications and information infrastructure that are largely privately-owned and globally-operated."
SEC. 5. STATE AND REGIONAL CYBERSECURITY ENHANCEMENT PROGRAM.
(a) CREATION AND SUPPORT OF CYBERSECURITY CENTERS.—The Secretary of Commerce shall provide assistance for the creation and support of Regional Cybersecurity Centers for the promotion and implementation of cybersecurity standards…The purpose of the Centers is to enhance the cybersecurity of small and medium sized businesses in United States through— (1) the transfer of cybersecurity standards, processes, technology, and techniques developed at the National Institute of Standards and Technology to Centers and, through them, to small- and medium-sized companies throughout the United States…
ACTIVITIES.—The Centers shall— (1) disseminate cybersecurity technologies, standard, and processes based on research by the Institute for the purpose of demonstrations and technology transfer; (2) actively transfer and disseminate cybersecurity strategies, best practices, standards, and technologies to protect against and mitigate the risk of cyber attacks to a wide range of companies and enterprises, particularly small- and medium-sized businesses…
COMPLIANCE ENFORCEMENT.—The Director shall—(1) enforce compliance with the standards developed by the Institute under this section by software manufacturers, distributors, and vendors; and (2) shall require each Federal agency, and each operator of an information system or network designated by the President as a critical infrastructure information system or network, periodically to demonstrate compliance with the standards established under this section.
(e) FCC NATIONAL BROADBAND PLAN.—In developing the national broadband plan pursuant to section 6001(k) of the American Recovery and Reinvestment Act of 2009, the Federal Communications Commission shall report on the most effective and efficient means to ensure the cybersecurity of commercial broadband networks, including consideration of consumer education and outreach programs.
SEC. 7. LICENSING AND CERTIFICATION OF CYBERSECURITY PROFESSIONALS.
(a) IN GENERAL.—Within 1 year after the date of enactment of this Act, the Secretary of Commerce shall develop or coordinate and integrate a national licensing, certification, and periodic recertification program for cybersecurity professionals. (b) MANDATORY LICENSING.—Beginning 3 years after the date of enactment of this Act, it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President’s designee, as a critical infrastructure information system or network, who is not licensed and certified under the program…
SEC. 9. SECURE DOMAIN NAME ADDRESSING SYSTEM.
(a) IN GENERAL.—Within 3 years after the date of enactment of this Act, the Assistant Secretary of Commerce for Communications and Information shall develop a strategy to implement a secure domain name addressing system. The Assistant Secretary shall publish notice of the system requirements in the Federal Register together with an implementation schedule for Federal agencies and information systems or networks designated by the President, or the President’s designee, as critical infrastructure information systems or networks.
(b) COMPLIANCE REQUIRED.—The President shall ensure that each Federal agency and each such system or network implements the secure domain name addressing system in accordance with the schedule published by the Assistant Secretary.
The bill specifically grants the President extended control over the internet, quoting him making a telling comparison:
(1) within 1 year after the date of enactment of this Act, shall develop and implement a comprehensive national cybersecurity strategy, which shall include— (A) a long-term vision of the nation’s cybersecurity future; and(B) a plan that encompasses all aspects of national security, including the participation of the private sector, including critical infrastructure operators and managers; (2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal government or United States critical infrastructure information system or network; (3) shall designate an agency to be responsible for coordinating the response and restoration of any Federal government or United States critical infrastructure information system or network affected by a cybersecurity emergency declaration…
President Obama said in a speech at Purdue University on July 16, 2008, that "every American depends—directly or indirectly—on our system of information networks. They are increasingly the backbone of our economy and our infrastructure; our national security and our personal well-being. But it’s no secret that terrorists could use our computer networks to deal us a crippling blow. We know that cyber-espionage and common crime is already on the rise. And yet while countries like China have been quick to recognize this change, for the last eight years we have been dragging our feet." Moreover, President Obama stated that "we need to build the capacity to identify, isolate, and respond to any cyber-attack."
We are to be more like China’s example. ABS-CBN News reports today on additional regulations over the internet imposed by the Chinese government to further censor and restrict “what is already one of the world’s most repressive internet environments.” As reporter Dave Dizon writes:
The detailed regulations from the State Administration of Radio, Film, and TV include a ban on videos that show "depictions of torture" and "distortions of Chinese culture or history," government code used to mean interpretations that depart from the Communist Party line. Videos that "hurt the feelings of the public" or "disparage" security forces or leaders are also prohibited…
"These new restrictions represent a new low for China's Communist Party leaders, who already wield the world's most complex system for repressing internet freedom," said Jennifer Windsor, Freedom House executive director. "These restrictions will harm millions of Chinese citizens who depend on the internet as a key source for holding a secretive and often repressive government to account.”
China is ranked Not Free in Freedom on the Net, Freedom House's new assessment of internet and mobile phone freedom in 15 countries. China ties with Cuba for the country with the most curbs on users' rights, including prosecutions for online activities, surveillance and extra-legal harassment of bloggers. The study also identifies China as a leader in "outsourcing censorship," the practice of requiring private actors such as service providers and blog hosting companies to censor and monitor users. This trend is born out in the new regulations which require service providers to "improve their program content administration" by hiring "well-qualified service personnel to review and filter content." Chinese authorities and private providers already employ hundreds of thousands of people to monitor, censor, and manipulate online content.
Since 2007, the Chinese government has required all domestic video-sharing websites to be state-owned, except for several prominent pre-existing sites…Authorities also have been known to block international websites like YouTube and Facebook around sensitive events such as the Beijing Olympics, the protests in Tibet and the Communist Party Congress.
We are to be more like China’s example. An Empirical Analysis of Internet Filtering in China was recently completed by Harvard Law School. Between May through November 2002, they tracked 19,032 websites continually inaccessible from China that contained information on news, health, commerce and entertainment, as well as sites from Taiwan. More than 50,000 sites were inaccessible on at least one occasion, about 25% of the websites they examined. This investigative report documented the filtering systems and identify the government’s substantive censoring policies. As it said in the introduction:
The government of the People's Republic of China has a longstanding set of policies restricting the information to which citizens are exposed, and that which they may themselves publicly say… the government might encourage Internet access through cybercafes rather than in private spaces so that customers' surfing can be physically monitored by others in the cafe. As a technical matter, anecdotal reports have described a shifting set of barriers to surfing the web from Chinese points of access — sites that are reported unavailable or domain names that are unknown to the system or that lead to unexpected destinations, individual pages that are blocked, and the use of search keywords that results in temporary limits to further searches…
The methods of China’s censorship, described in the Harvard investigation, have unsettling links to the provisions in the new legislation in Congress and Google’s new role in the government:
The primary and most longstanding means of blocking is at the router level, and on the basis of IP address… Aside from allowing more refined content filtering, such newer forms of blocking appear to be linked to disabling Internet access for an arbitrary amount of time for a user who requested a page with forbidden content — enabling a penalty for attempting access to sensitive material beyond simply denying the very material requested. Other nascent but growing forms of filtering appear to be targeted to limit the information that can be gleaned from search engines — enabling the automated blocking of search results that may not (yet) have been filtered through human placement on a "forbidden" list.
The assortment of filtering technologies and surveillance used by the Chinese government was also described by Reporters Without Borders in an October 2007 investigative report. The Congressional-Executive Commission on China's latest report, issued last October, described how the Chinese government uses vague laws to censor the internet and punish journalists, writers and others who write or post commentary seen as disruptive to the solidarity, or harmful to the honor or interests of the nation. Human Rights Watch issued an in-depth 149-page report on China's internet censorship and surveillance, known as the Great Firewall, here. In February, Chinese officials denied censoring news and told the United Nations Human Rights Council in Geneva that they citizens are free to express their opinions in the press without fear of retribution.
In their summary, the Harvard Law authors itemized the specific types of content they found blocked. For example:
Dissident/democracy sites. Blocked sites includes sites about democracy and human rights generally and sites specific toChina...
Health. Blocked sites included sites about health generally and about health in China specifically.. results for "hunger china," "famine china," "AIDS china," "sex china," "disease china"…
Education. Blocked sites included a number of well-known institutions of higher education…
News. The BBC News was consistently unreachable, while CNN, Time Magazine, PBS, the Miami Herald, and the Philadelphia Inquirer were also often unavailable…certain new filtering technologies allow blocking only of the particular sections and articles that are particularly controversial in China.
Government sites. Blocked sites included a variety of sites operated by governments in Asia and beyond. As discussed below, government sites of Taiwan and Tibet were targeted specifically. ..
Religion. Blocked sites included… a total of 1,763 sites in Yahoo's categories and subcategories pertaining to religion.
America has been dragging its feet.
It was a bright cold day in April and the clocks were striking thirteen.