Tell the UK Government: No Backdoors in Crypto

The UK government seems to be pressing ahead with its idiotic plans to backdoor crypto. There is a (secret) consultation on the subject that closes tomorrow - write to investigatorypowers@homeoffice.gsi.gov.uk.  Here's what I've just sent:

I am writing in connection with UK government proposals to force tech companies and Internet providers to create government backdoors to encrypted communications.

Speaking as a journalist who has been writing about every aspect of computer technology for 35 years, and about the Internet for 20 years (https://en.wikipedia.org/wiki/Glyn_Moody), I cannot emphasise too strongly that this would be a very unwise and dangerous move.

There is no such thing as a safe backdoor that is only available to the authorities.  If a weakness is created in a program or service, it can be found be third parties.  That is hard, but not impossible, especially for well-funded state actors.

Even more likely is that details of backdoors will be leaked.  The recent experience of the WannaCry ransomware attack, which is based on an NSA exploit that was leaked earlier, show how devastating this kind of subversion can be.

There is another powerful reason not to force companies operating in the UK to weaken their security.  First, US companies may simply water down protections for UK users, while protecting those in the rest of the world.  Obviously that would leave UK users particularly vulnerable to attack, and make them prime targets.

Secondly, if British companies are forced to provide backdoors in their products, then no government or company elsewhere in the world will use UK software, since there will always be a risk that it contains intentional security flaws.  This is the surest way to sabotage the UK software industry, and to ensure that computer startups are located anywhere but in the UK.

As well as being harmful, moves to weaken the security of encrypted products are also unnecessary.  As recent events have confirmed, terrorists rarely use encryption, and when they do, they make mistakes that allow the security services to access communications.  Indeed, there are many ways to obtain access and information even when encryption is used, as a recent paper explained (https://www.schneier.com/blog/archives/2017/03/new_paper_on_en.html).

To summarise, the many and mighty harms caused by weakening encryption vastly outweigh any illusory benefits.  The UK government would be ill-advised to take this route.

The Copyright Industry's So-Called "Value Gap" Is Actually an Innovation Gap

The is a crucial year for the Internet in Europe, because 2017 will see key decisions made about the shape of copyright law in the EU. That matters, because copyright is in many ways the antithesis of the Net, based as it is on enforcing a monopoly on digital content, whereas the Net derives its power from sharing as widely as possible. The stronger copyright becomes, the more the Internet is constrained and thus impoverished.

There are three key areas in the proposed revision to the EU's Copyright Directive where the Internet and its users are under threat from attempts to strengthen copyright. First, there is the panorama exception, which allows people to take pictures in the street without needing to worry about whether buildings or public objects are subject to copyright. Despite this being little more than common sense – imagine having to check the legal status of everything in view before taking a photo – copyright maximalists are fighting to stop a panorama exception being added to EU law.

The second point of contention concerns the link tax, also known as the snippets or Google tax. The last of these explains the motivation: publishers want Google to pay for linking to their articles using snippets of text. Despite the obvious folly of charging for the ability to send traffic to your site, the copyright world's sense of entitlement is such that two countries have already introduced a link tax, with uniformly disastrous results.

When Spain brought in a law that required search engines to pay publishers for the use of snippets, Google decided to close down its Google News service in the country, which led to online publishers losing 10% to 15% of their traffic.

Similarly, in Germany, which also introduced a link tax, publishers ending up giving Google a free licence to their material, so great was the law's negative impact on their business when Google stopped linking to their publications.

The snippet tax is so manifestly stupid that it is unlikely to appear in the final version of the revised Copyright Directive. But the third area of concern stands a much better chance because of the clever way that the publishing world is dressing it up as being about a so-called "value gap." It's a very vague concept – see this new video that explores what it is - but it boils down to publishers being resentful because digital newcomers came up with innovative business models based around legal access to online music, and they didn't.

An interesting speech on the topic by the International Federation of the Phonographic Industry's CEO in 2016 laments the fact that the "value" of the global music industry has recently declined 36% over 15 years. That's not really surprising: during this period the recording industry did everything in its power to throttle or stall new ways of providing access to music on the Internet.

What the so-called "value gap" is really about here is the long-standing innovation gap among recording companies, and their refusal to adapt to a changing world. Imagine if they had embraced the P2P music sharing service Napster in 2000 instead of suing it into the ground. Imagine if they had set up sharing and streaming servers themselves a decade and a half ago; imagine how much money they would have made from subscriptions and advertising, and how much their value would have grown, not fallen.

If this evident innovation gap only harmed the copyright companies themselves, it would not be a problem, so much as just deserts. But they are now lobbying to get the laws around the world changed in important ways purely in order to prop up their old business models in an attempt to compensate for this failure to embrace the Internet. In the EU, they are using the fallacious "value gap" concept to call for mandatory upload filters for all major sharing sites – effectively large-scale surveillance and censorship.

Given that one of the most important consequences of the Copyright Directive could be the curtailing of basic human rights in the EU, it is disappointing that a seminar run by the Alliance of Liberals and Democrats for Europe (ALDE) group in the European Parliament – supposedly made up of liberals in favour of such democratic freedoms – skews the debate so completely in favour of the copyright industry. Judging by the programme, there is not a single representative of the public speaking at the event – which is pointedly entitled "Copyright reform: Sharing of the value in the digital environment" - pretty much guaranteeing a biased and unhelpful discussion.

That failure by ALDE even to acknowledge that EU citizens have anything useful to contribute, or any right to speak here, does not bode well for the ultimate outcome of the Copyright Directive negotiations later this year. ALDE needs to start caring about and listening to the millions of citizens who voted for its MEPs. At the moment it seems to have uncritically swallowed the backward-looking copyright industry's framing of the problem as a non-existent "value gap", when the deeper problem is its continuing innovation gap. As a result, this year could see key aspects of the Internet's operation, to say nothing of privacy and freedom of speech, gravely damaged because of yet another expansion of copyright's reach and power.

Please Write to Your MEPs About Next Week's Critical - and Final - CETA Vote

Next Wednesday, the European Parliament will have its final vote on the Comprehensive Economic and Trade Agreement, or CETA. If you were hoping to influence your UK MP on this, it's too late: last week, the government sneaked through a vote on CETA without anyone noticing.  It passed, of course, but given the absence of real democracy - or an opposition party - in the UK, that's no surprise.

But there is still a chance to stop it in the European Parliament by writing to your MEP, and asking them to vote against ratification next week.  You can contact your MEP using the wonderful free service WriteToThem.  Here's what I've sent to mine:

I am writing to you to ask you to vote against CETA ratification next week, because it has minimal benefits, and a great many risks that have not been estimated, but are likely to be large.

Despite vague claims to the contrary, CETA offers almost no benefits for the EU.  According to the joint study commissioned by the EU and Canada  (http://trade.ec.europa.eu/doclib/docs/2008/october/tradoc_141032.pdf): "The annual real income gain by the year 2014, compared to the baseline scenario, would be approximately €11.6 billion for the EU (representing 0.08% of EU GDP)".

The study's title is "Assessing the costs and benefits of a closer EU-Canada economic partnership", but it offers no formal estimate of the costs associated with CETA.  This is an extraordinary deficiency: even the smallest business would carefully weigh up the costs and the benefits before agreeing a deal.  And yet the European Parliament is being asked to ratify CETA without being told the true costs.

These are likely to be high in many areas.  For example, the "new" Investment Court System (ICS) will open up the EU to being sued by thousands of US companies that have subsidiaries in Canada.  For most member states, this will be the first time that US companies are able to use investor-state dispute settlement (ISDS) tribunals to claim millions – or even billions – of euros over laws and regulations which they claim harms their investments.  ISDS claims alone could wipe out the tiny €11.6 billion GDP gain that CETA is predicted to produce according to the official study.

Despite the fact that ICS is supposed to address the avowed problems with the current ISDS system, it actually fails to do this because it still gives companies a means to put pressure on governments to rescind laws, even if it cannot force them to do so.  Faced with potentially huge fines – one ISDS award was for $50 billion (http://www.shearman.com/en/services/practices/international-arbitration/yukos-arbitral-award) – governments are very likely to choose to withdraw regulations rather than pay out such vast sums.

It is also worth bearing in mind that a 2014 EU consultation on ISDS drew an unprecedented 145,000 negative responses calling for the system to be dropped from trade agreements (http://trade.ec.europa.eu/doclib/press/index.cfm?id=1234&title=Report-presented-today-Consultation-on-investment-protection-in-EU-US-trade-talks).  Making a few cosmetic changes and re-branding ISDS as ICS rides roughshod over the public's views on this important matter.  Moreover, there is no reason to include ISDS/ICS at all.  Canada's legal system is one of the fairest in the world, and so providing companies with additional privileges not available to governments or the public is simply unjustified.

There are further, more subtle problems with CETA.  For example, the regulatory chapter stipulates that parties have to ensure "that licensing and qualification procedures are as simple as possible and do not unduly complicate or delay the supply of a service or the pursuit of any other economic activity" (Article 12.3).  It is easy to foresee companies challenging requirements for public input, environmental assessments and archaeological studies as not being "as simple as possible".  Rather than face costly legal challenges, local authorities are likely to drop these important aspects of regulatory approval, resulting in a general lowering of standards as "economic activity" is placed above all other considerations.

More generally, CETA does not protect the environment as is sometimes claimed.  CETA’s environmental provisions cannot be enforced through trade sanctions or financial penalties if they are violated.  Something that cannot be enforced may possess symbolic – or marketing – value, but is of little practical use when it comes to protecting the environment.  This is another way in which CETA's true costs are being masked by exaggerated claims about its benefits.

Taken together with the fact that even the official econometric study was able to find only vanishingly small economic benefits, these many hidden problems and their unquantified costs underline why CETA is a bad deal for the environment, a bad deal for the public and a bad deal for the EU.  Even if its supporters claim otherwise, without any justification, I urge you and your colleagues in the European Parliament to vote against its ratification.

Please Write to MEPs on the ENVI Committee About CETA *Today*

There's an important vote by MEPs on the ENVI committee tomorrow about CETA, the trade deal between the EU and Canada. Background on why CETA is so bad for the environment is available, as is a list of all MEPs on the ENVI committee.  If one of them is your MEP, please write to them *today* - the vote is tomorrow.  Here's what I've just sent to mine:

I am writing to you in connection with the ENVI vote on CETA tomorrow.  I would like to urge you to support the draft opinion of the ENVI committee, given by rapporteur, Bart Staes.

As a journalist, I have been writing about CETA since 2012 (https://www.techdirt.com/articles/20120709/07420719630/actas-back-european-commission-trying-to-sneak-worst-parts-using-canada-eu-trade-agreement-as-trojan-horse.shtml), and have followed its long and complicated history closely.  I noted in 2015 that CETA has already harmed the EU's environmental policies (http://arstechnica.co.uk/tech-policy/2015/05/eu-dropped-plans-for-safer-pesticides-because-of-ttip-and-pressure-from-us/):

"One of Canada's key negotiating aims was to promote the use of its tar sands in Europe. In 2012, the EU's Fuel Quality Directive (FQD) proposed that tar sands should be given a 20 percent higher carbon value than conventional oil. This reflected the greater pollution caused by its production and was designed to steer companies away from using this particular form of fuel in the EU. However, a few weeks after CETA was concluded, the final version of the FQD had been watered down and lacked the earlier requirement that companies needed to account for the higher emissions from tar sands, effectively neutering it—exactly as Canada had demanded."

Environmental policies will be under attack thanks to the little-known requirement in CETA that parties have to ensure "that licensing and qualification procedures are as simple as possible and do not unduly complicate or delay the supply of a service or the pursuit of any other economic activity."  It is easy to foresee company lawyers arguing that environmental requirements go beyond "as simple as possible", and that they "complicate or delay" the supply of a service.

However, the greatest threat to the EU's environment comes from the investor-state dispute settlement mechanism, now re-branded as the Investment Court System.  Despite the change of name, and some minor tweaking of the process, the problem remains the same: foreign investors are given unique powers, not available to domestic investors, that place them above national and European law.

That's problematic enough in itself, but even more troubling is the fact that the area where ISDS/ICS has been used most is against environmental legislation.  Also worth remembering is that CETA allows non-Canadian companies that have operations in Canada to take advantage of this supranational right: that will enable thousands of US companies that have subsidiaries in Canada to sue the EU.

Finally, it's worth noting that the EU's official economic modelling of CETA finds tiny benefits: €11.6 billion, representing 0.08 percent of EU GDP (http://trade.ec.europa.eu/doclib/docs/2008/october/tradoc_141032.pdf.)  That gain could easily be swamped by a flood of ISDS/ICS suits demanding "compensation" for stringent environmental regulations.

Because of these threats, and the vanishingly small benefit that CETA is expected to bring, I urge you to support the ENVI rapporteur's draft opinion, and to encourage your colleagues to do the same.

Spare Slots for Regular Freelance Work Soon Available

I may soon have spare slots in my freelance writing schedule for regular work, or for larger, longer-term projects. Here are the main areas that I've been covering, some for more than two decades. Any commissioning editors interested in talking about them or related subjects, please contact me at glyn.moody@gmail.com (PGP available).

Digital Rights, Surveillance, Encryption, Privacy, Freedom of Speech

During the last two years, I have written hundreds of articles about these crucial areas, for Ars Technica UK and Techdirt. Given the challenges facing society this year, they are likely to be an important area for 2017.

China

Another major focus for me this year will be China. I follow the world of Chinese IT closely, and have written numerous articles on the topic for Techdirt and Ars Technica. Since I can read sources in the original, I am able to spot trends early and to report faithfully on what are arguably some of the most important developments happening in the digital world today.

Free Software/Open Source

I started covering this topic in 1995, wrote the first mainstream article on Linux, for Wired in 1997 and the first (and still only) detailed history of the subject, Rebel Code, in 2001, where I interviewed the top 50 hackers at length. I have also written about the open source coders and companies that have risen to prominence in the last decade and a half, principally in my Open Enterprise column for Computerworld UK, which ran from 2008 to 2015.

Open Access, Open Data, Open Science, Open Government, Open Everything

As the ideas underlying openness, sharing and online collaboration have spread, so has my coverage of them. I recently wrote one of  the most detailed histories of Open Access, for Ars Technica.

Copyright, Patents, Trademarks, Trade Secrets

The greatest threat to openness is its converse: intellectual monopolies. This fact has led me to write many articles about copyright, patents and trade secrets. These have been mainly for Techdirt, where I have published over 1,400 posts, and also include an in-depth feature on the future of copyright for Ars Technica.

Trade Agreements - TTIP, CETA, TISA, TPP

Another major focus of my writing has been so-called "trade agreements" like TTIP, CETA, TPP and TISA. "So-called", because they go far beyond traditional discussions of tariffs, and have major implications for many areas normally subject to democratic decision making. In addition to 51 TTIP Updates that I originally wrote for Computerworld UK, I have covered this area extensively for Techdirt and Ars Technica UK, including a major feature on TTIP for the latter.

Europe

As a glance at some of my 244,000 (sic) posts to Twitter, identi.ca, Diaspora, and Google+ will indicate, I read news sources in a number of languages (Italian, German, French, Spanish, Russian, Portuguese, Dutch, Greek, Swedish in descending order of capability.) This means I can offer a fully European perspective on any of the topics above - something that may be of interest to publications wishing to provide global coverage that goes beyond purely anglophone reporting. The 30,000 or so followers that I have across these social networks also means that I can push out links to my articles, something that I do as a matter of course to boost their impact and readership.

Please Write to Your MPs Asking Them To Support Fossil Fuel Divestment

It's is now clear that the incoming Trump government will be the most environment-hostile, and fossil fuel-friendly US administration in history.  As this perceptive post points out, this is no incidental feature, it is the defining feature of Trump and his plans:

Trump has surrounded himself with more oil industry and oil industry connected people than any president in history (even George W. Bush). You can’t understand what’s going on with Trump unless you understand the oil industry… and you can’t understand the oil industry without understanding climate change.

That's the bad news.  The good news is that we can fight this in a way that neither Trump nor the fossil fuel industry can block.  Given that it is unlikely that any progress in tackling climate change will be made on the political front, with the US blocking thwarting everything it can, we must turn to economics using divestment from fossil fuels as our main approach.

This is already happening on a massive scale, even if most people are unaware of that fact:

The value of investment funds committed to selling off fossil fuel assets has jumped to $5.2tn, doubling in just over a year.

The new total, published on Monday, was welcomed by the UN secretary general, Ban Ki-moon, who said: “It’s clear the transition to a clean energy future is inevitable, beneficial and well underway, and that investors have a key role to play.”

We must do everything in our power to accelerate that move away from fossil fuels.  Once the business world gets the message that investing in fossil fuels is not just a bad idea, but potentially disastrous, the shift to renewable energy will happen rapidly, regardless of what Trump does.

Here in the UK, there's an opportunity to encourage a key group of decision makers to tell their pension fund to divest from fossil fuels: MPs.  In fact, there's an entire campaign to encourage them. If you are a UK citizen, I would like to urge you to contact your MP asking them to support this campaign.

You can either do this using the link above, or directly using the indispensable WriteToThem site.  Here's what I've just sent my MP: 

I am writing to ask you to support a call for the MPs' pension fund to divest from fossil fuels (details here: http://gofossilfree.org/uk/divest-parliament/). There are two main reasons for this.

The first is that it is clear that climate change is the greatest threat we face – not just because of its direct effects on the environment, but also because of the knock-on effects – for example in creating millions of climate refugees, or threatening the world's food supplies.

Confronted by an incoming US administration that is the most environmentally-hostile ever, it is clear we cannot expect the US to lead here – indeed, it seems likely actively to obstruct efforts to address climate change through international agreements.

Divestment from fossil fuels is the most effective way to counter that threat, since it is something we can all do, both as individuals and as groups. The net effect is to divert investment away from the technologies that are exacerbating the problem of global warming, towards those that help solve it, creating new jobs in the process.

Fossil fuel divestment is already taking place on a massive scale: a report published last week now puts the figure at $5 trillion (https://www.theguardian.com/environment/2016/dec/12/fossil-fuel-divestment-funds-double-5tn-in-a-year). If the MPs' own pension fund divested, this would both strengthen that movement and set a good example for others to follow.

The other reason why I would urge you to support divestment is that the "carbon bubble" is likely to burst soon, and will take with it any pensions that still have large-scale investments in fossil fuels. No less a person than Mark Carney warned of this last year (https://www.ft.com/content/622de3da-66e6-11e5-97d0-1456a776a4f5), so this is by no means some fringe idea, but mainstream and increasingly accepted.

I hope you agree that for the sake of this and future generations, we must move as rapidly as possible to embrace renewable energy, and that an effective way of accelerating that shift is to divest from fossil fuels.

Thank you for your help in this important matter.