IPC on TwitterMy Tweets
The (unofficial) blog of the BCLA Information Policy Committee
Media Democracy Days 2013 was this past weekend in Vancouver and I was glad to be able to attend. In the IPC we’d talked a couple of months ago about trying to get together a screening of the film Terms & Conditions May Apply, and were happily pre-empted from that by the Media Democracy Project showing the movie at the Cinematheque on Friday night. Thanks
Before showing the movie though, Elizabeth Denham talked to the audience about her role as Information and Privacy Commissioner for the province of BC. It was a good talk, which highlighted some of the important reasons citizens should be concerned about their lack of privacy and how their rights are being protected.
Her main themes were transparency and accountability and how those principles are necessary for a democratic government to function. “Sunlight is the best disinfectant” was one of the phrases she used. This led into a discussion of how every scandal one can think of in government has an Access to Information angle to it. It’s the perception of secrecy by those people in power that messes everything up, because an informed citizenry knows you shouldn’t just rely on the goodwill of the folks making up whatever government is in power at any given time.
One of the things she discussed was how new democracies are so much better at enshrining laws about transparency and privacy regulation than older, more established democracies. When a country makes a constitution now, privacy rights are clearly seen as fundamental and get strong wording to protect them (in theory – she didn’t provide any specific examples).
The biggest concern Denham had for the future was the complacency of our citizens on privacy and transparency issues. keep these issues of privacy in the front of people’s minds. Even though no Canadian Snowden has dropped a bunch of CSEC powerpoint presentations in our laps there should still be a deep concern about the systematic collection of our personal data. Denham encouraged the audience to advocate and politicize this issue, and really, that’s something that librarians have every opportunity to do.
There is a real divide out there between people who have the technical knowledge to deal with privacy invasions and the people without that knowledge. We are out there working with people and their information habits every day. We need to be using the goodwill we create to try to correct the imbalance between what corporations and governments know about us and what we know about them. Denham talked about how important it was to pull back the curtain enshrouding these secret decisions.
Terms & Conditions May Apply is a movie about the things we agree to when we click through End User Licensing Agreements and how much information we are giving away to be used against us later. There were interviews with people from the EFF and the ACLU as well as with people held on pre-crime charges and the British guy who was banned from entering the US because he tweeted about how he was ready to go destroy America.
The movie was completed before Snowden and his big revelations about the NSA, but there was an added-on postscript mentioning it and how much that plays into the rest of the film.
It was a good documentary. If you’ve been immersing yourself in these types of issues there wasn’t a lot of really new stuff, but there was an ambush interview of Mark Zuckerberg, which was done well and used effectively. The weirdest part was that they had Orson Scott Card talking for a few sentences. Thankfully, it wasn’t about his thoughts on homosexuality, but it was a little weird.
This week we learned that Glenn Greenwald was not exaggerating when he said that there was more in Edward Snowden’s leaked info than we had seen thus far. It turns out the NSA (and the GCHQ, its UK equivalent) has been using many methods to attack ubiquitous encryption on the internet:
Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.
Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.
This is different from saying that the NSA had cracked everyone’s encryption, but it appears that they’ve been undermining everyone’s privacy and security with the complicity of major technology companies.
This is a big fucking deal.
Part of the reason is because putting in secret vulnerabilities means that dedicated non-governmental agents can find those vulnerabilities and exploit them.
There are ways to protect your security online, but seriously, if the NSA really wanted something about you (and I’m assuming here that most of this blog’s readers are Canadians, thus foreigners to the NSA and fair game for spying on their information conveniently passing through US data-centres) they can get it. From Bruce Schneier:
This kind of thing is done by its TAO – Tailored Access Operations – group. TAO has a menu of exploits it can serve up against your computer – whether you’re running Windows, Mac OS, Linux, iOS, or something else – and a variety of tricks to get them on to your computer. Your anti-virus software won’t detect them, and you’d have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.
In Wired Kim Zetter lays out a bit of the history of this program, called Bullrun:
The ten-year Bullrun program began after the U.S. government failed in its pla to place a backdoor, the so-called Clipper chip, into encryption that would have allowed it to eavesdrop on communications at will. Without the Clipper chip, the government launched a systematic plan using trickery and other methods to circumvent encryption and achieved an unspecified breakthrough in 2010. In the wake of this, according to one document, “vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
Some of the methods involved the deployment of custom-built, supercomputers to break codes in addition to collaborating with technology companies at home and abroad to include backdoors in their products. The Snowden documents don’t identify the companies that participated.
Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on. If the back door is discovered, it’s explained away as a mistake.
We don’t have a secure internet. Major corporations have joined up with security agencies to make it that way.
One thing we can and probably should be doing as information professionals is calling for our libraries and other institutions to be using more Free and Open Source Software. These independent, community-based technologies allow us to see inside the code and make it much more difficult for nefarious shadowy agents (governmental or non-) to add in holes specifically to spy on us and our members we’re providing services to.
I work in a public library in a community that isn’t on the cutting edge of technology. For many of our members I’m the public tech support person, and people ask me about using things like online banking and whether it’s safe to do. It’s important for anyone in this kind of position to know about the tradeoffs being made by technology titans, and how we’re selling our members to companies that, even though the language of the internet is cute (“like” “friend” even “google”), those companies don’t have our members’ best interests at heart.
Schneier suggests techniques like using Tor, and encrypting communications with public-domain encryption that’s cross compatible (this makes it less likely to have been NSA compromised). These won’t keep everything you do secret from a determined, well-funded attacker, but it does make you more expensive to target.
Most members of my library probably don’t need to be paranoid about encryption. They’re looking up recipes and sending messages to their kids and reading romance novels or whatever. But our individual uses of the internet shouldn’t really matter. As Byron Holland says in his post NSA Internet surveillance where’s the outrage?:
It’s not that governments should not have the power to monitor citizens under certain circumstances and with the appropriate oversight – it’s an unfortunate necessity to maintain law and order. But we’re not talking about surveillance with appropriate oversight. We’re talking about an opaque and deliberate system to gather and monitor the activities and communications of potentially everyone who is online.
Why should a government feel it is above judicial oversight to monitor its citizens’ activities, just because they’re online?
Because apparently, we’re fine with it. At the very least, we’re complacent with it.
As information professionals we need to be aware of, and ensure our communities have the chance to be learn about the consequences of these surveillance and broken security technologies. That is our way to help fight complacency.
This is not a formal report by any means, but a bit of a recap of some IPC-related activities at this year’s BCLA conference. Feel free to add information in the comments or on Twitter about info-policy related activities you participated in as well.
We start achronologically with the BCLA Annual General Meeting on Saturday morning. The IPC had two resolutions on the table: one condemning the muzzling of government employees meant to provide a “[f]ramework for activism to support employees of Library and Archives Canada, employees of other government libraries, and government scientists” and one commending the life and work of Aaron Swartz. Both resolutions passed but there was a significant moment when our chair was asked what exactly the point of the Aaron Swartz resolution was, what would happen because of it? Our chair responded that this was something to do to show people in the future that yes librarians care about this kind of stuff, we don’t just remain silent, and it was also a decent human thing to do.
— erinzee (@zeeerin) May 11, 2013
Outside the AGM, IPC partnered up with Steve Anderson from OpenMedia.ca to talk about netroots advocacy and the kinds of things librarians can do to get involved. Steve took us through the activities his organization has been involved in, which involved a healthy amount of meme-ification. Canadians do care about a neutral internet even if they don’t think about it, and Myron pushed the attendees to educate ourselves so we can talk about these issues with our members who would be affected by online spying bills, predatory pricing and undemocratic international agreements (read: everyone). And Barbara Jo May made sure we were optimistic in our abilities to make change in our world.
— Maryann Kempthorne (@maryakem) May 11, 2013
On Friday night the Hot Topics panel got heated near the end which was probably to be expected with a librarian, an information ethics specialist plus two panel members were current/former board members of Access Copyright. The discussion began with Rowland Lorimer explaining to the audience that “a book is just a license in physical form.” Kevin Williams from Talonbooks talked about the challenges of copyright and digital sales in a changing marketplace and Tara Robertson talked about the ridiculous workflows imposed on her job of making accessible versions of textbooks for Langara’s students. I feel that the panel didn’t quite get into the back and forth the way I’d hoped. I think Micheal Vonn’s views on privacy and whether it is possible to be an ethical stealer of information would have been worthwhile to learn about. It was interesting to see people with a stake in the Access Copyright regime defend their York lawsuit and deny that the supreme court had actually ruled on fair dealing, but that occupied only the very end of the presentation (before Tara suggested continuing the discussion over beer).
— Franklin Sayre (@fsayre) May 11, 2013
Outside of Info Policy specific events, Phil Hall‘s Friday session entitled “Are We Irrelevant Yet?” had a good test for what makes us relevant. Librarianship is about an X and a Y added together. The X is “information transfer/empowering people to use information” or whatever your preferred definition is (mine is “facilitating knowledge creation”) and Y is “anything else.” I appreciated that as a way of deciding what we should be doing in our libraries and in our librarianly lives, really. It gives us a way to say that yes, advocating for laws that help us empower people is part of being a librarian, saying yes LAC employees speaking at conferences and sharing the knowledge of their specific Y contexts is hugely important (and shouldn’t be smothered by terrible codes of conduct). Maybe this is a bit of a stretch, but it was a way for me to look at this information policy stuff we go on about and how to explain its connection to day-to-day work in a library serving the public (which I’m lucky enough to do).
Of course, meeting up with librarian colleagues and talking about the shit (cool, bad or otherwise) going down in the world today was a big part of what these conferences are about. I come out of the conference excited to be doing more work with IPC this year and hope you do too.