With more of our lives increasingly taking place online, the issue of privacy, especially in regards to our personal data, has never been more important. Without even knowing it we broadcast a wide range of information about our locations, habits, interests, and beliefs just by carrying a smartphone in our pocket or using the web. This data isn’t lying fallow in digital fields though; it’s being collected, collated, and used to build detailed profiles so that companies such as Facebook, Google, and even our own governments can know more about us than ever before.
This isn’t a good thing.
Bruce Schneier has been a specialist in the data security industry for many years, and in Data and Goliath he expertly outlines the way in which we are being monitored and analysed by a variety of interested parties. Unlike some other books that cover this subject, Schneier is careful not to invoke histrionics or sensationalism in order to sell his story, instead he calmly explains how tracking works and why it is used so widely.
From its origins in the cold-war, he charts the way that government agencies regularly spied on their enemies (not to mention each other), and how this eventually transformed into the digital surveillance culture that Edward Snowden so spectacularly revealed in 2013. Schneier actually handled some of the famous Snowden documents while working with the Guardian newspaper, and even interviewed the whistleblower after he sought asylum in Russia.
Data and Goliath is a fascinating exploration of this post-Snowden world we live in. It shows how the back-doors that technology companies were forced to implement for the NSA, have actually become weapons for other agencies and hackers to use. We’re taken through the murky world of international espionage, and shown how we have all become collateral damage in this digital arms race. Schneier also explains that even when we try to protect ourselves by leaving Facebook or Gmail, the fact that our friends and relatives still use them means we’re caught up in this global informational dragnet.
I’ll admit, at times the book leaves you with a profound sense of hopelessness, as fighting against powers so strong appears an exercise in futility. But all is not lost. In the final third of the story, Schneier outlines his manifesto for how governments, corporations, and individuals can change they way they act, thus restoring some kind of trust to the online world. Sadly this is also one of the slowest part of the book, as the governmental and corporate sections really feel more like a utopian call to arms than an actual solution. Data has become so valuable that the prospect of them surrendering it for the greater good seems a distant and unrealistic possibility.
“…at times the book leaves you with a profound sense of hopelessness, as fighting against powers so strong appears an exercise in futility.”
Tips on how individuals can at least obfuscate the data we generate is useful. Schneier advocates software such as the Tor browser, HTTPS Everywhere, plus other helpful tools. He also has some ingenious ideas about throwing in random behaviour to mess with the algorithms that predict our patterns.
In the end you’re still left with the knowledge that big brother really is watching, and won’t be stopping anytime soon. But at least if you’re aware of the facts it could help you make better decision about how much you, at least willingly, share. It might not be a happy read in a lot of ways, but it is an important one.
On January 11th 2013 programmer and internet freedom activist Aaron Swartz was found dead in his New York apartment having taken his own life. He was 26 years old. The tragic news shocked the technology community and resulted in emotional outpourings of sorrow and anger from many of his friends and colleagues. Perhaps the most profound appeared on Twitter from Sir Tim Berners-Lee who wrote ‘Aaron dead. World wanderers, we have lost a wise elder. Hackers for right, we are one down. Parents all, we have lost a child. Let us weep.’
Aaron was known to suffer from depression and his suicide appears to be a terrible consequence of this illness, but there are many – including his family – who feel that the blame for his sad demise lies with another entity, that of the US Attorney’s office. At the time of his death Aaron was facing charges for multiple felonies related to his downloading of academic papers from JSTOR, a digital repository of journals and articles, via a laptop hidden in a cupboard on the Massachusetts Institute of Technology (MIT) campus. Swartz’s supporters feel that the case against him was unnecessarily harsh, and was possibly linked to his public position of campaigner for copyright reforms and internet freedom. Whatever the motivations behind the case the result was that a twenty six year old man with no previous convictions and an outstanding reputation in the academic community was facing many years in prison and fines of up to a million dollars. Something that seemed so overwhelming that it might have actually led to him hanging himself as a way of escape.
In an official statement released in the aftermath of Swartz’s loss the family stated ‘Aaron’s death is not simply a personal tragedy. It is the product of a criminal justice system rife with intimidation and prosecutorial overreach. Decisions made by officials in the Massachusetts U.S. Attorney’s office and at MIT contributed to his death. The US Attorney’s office pursued an exceptionally harsh array of charges, carrying potentially over 30 years in prison, to punish an alleged crime that had no victims. Meanwhile, unlike JSTOR, MIT refused to stand up for Aaron and its own community’s most cherished principles.’
Swartz had been a passionate innovator in the field of sharing information online. He was a central part of the team that wrote the RSS code that now enables news feeds, blogs, and podcasts to be delivered automatically. He was a pivotal figure in the writing of the Creative Commons license which allows creators to distribute and have others redistribute their works freely while still maintaining an agreed level of ownership, he also worked on the Internet Archive whose goal it is to offer ‘universal access to knowledge’ for everyone, and was a co-founder of user generated news site Reddit.
He came to public prominence as an outspoken opponent to potentially restrictive legislation, such as the Stop Online Piracy Act (SOPA), which sought to impose strict copyright controls on the internet. Swartz said of the act ‘This bill would be a huge, potentially permanent, loss. If we lost the ability to communicate with each other over the internet it would be a change to the bill of rights, the freedoms guaranteed in our constitution. The freedoms our country had been built on would be suddenly deleted.’ Along with other activists Swartz formed the advocacy group Demand Progress which petitioned congress and raised public awareness of the potential dangers they saw with SOPA. Eventually, with the help of significant companies such as Google and Wikipedia, the act was defeated but Swartz and his collaborators had made some powerful enemies.
The JSTOR incident wasn’t the first time that Swartz had come into contact with the US Government’s justice department. In 2008 the PACER (Public Access to Court Electronic Records) database, which held all the United States Federal Court documents and charged eight cents per page to access them, was trialled as a free service in a small number of libraries across the US. Carl Malamud, head of the non profit group Public.resource.org urged activists to download as many of the records as possible in an attempt to circumvent the fee-based system and instead make the records (which were not under copyright) publically available for free. Swartz responded to the appeal and wrote a small Perl script which he loaded onto a computer in one of the libraries. This managed to obtain nearly twenty percent of the total records available (approx twenty million pages) before the government shut the trial down. Aaron subsequently found himself under investigation by the FBI, but after a couple of months the case against him was dropped mainly due to the fact that he hadn’t actually broken any laws.
JSTOR though, was more complicated. Swartz was a research fellow at Harvard, which gave him a JSTOR account, and as an academic he was also allowed onto the MIT campus as a visitor, with entitled access to the JSTOR servers. His decision to write a similar program to the one he used on PACER, and to hide a laptop on campus which downloaded a considerable amount of data, was obviously a misjudged one, but the response that followed was extraordinary. Swartz was arrested and eventually charged with numerous felonies, which if convicted would have had drastic implications on his future. The basis for the seriousness of the charges stems from current US laws which are, as is often the case around the world at the moment, struggling to pace with changes in technology. Under current legislation you can be charged with a felony if you are deemed to have broken the terms and services agreement of any website or online service that you use. Obviously this leaves open a certain amount of interpretation, otherwise anyone who ever used a false name on their Facebook account would be spending a few years in jail, but this is precisely why Swartz’s friends and supporters feel there was a great injustice acted out by the prosecutors.
JSTOR decided not to press charges against Swartz, although they did comment that his behaviour had been a ‘significant misuse’ of their service. It’s notable that a couple of days before Swartz’s suicide JSTOR actually made their records available to anyone if they signed up for a free account. The US Attorney’s Office did pursue Swartz, with lead prosecutor Carmen Ortiz famously stating that ‘Stealing is stealing’, but in a statement released after Swartz’s death Ortiz maintained that ‘At no time did this office ever seek – or ever tell Mr. Swartz’s attorneys that it intended to seek – maximum penalties under the law.’ Instead she asserted that the penalty should have been ‘a sentence that we would recommend to the judge of six months in a low security setting’.
Aaron Swartz’s death, and the circumstances surrounding it, have now triggered investigations at MIT, online petitions to have Ortiz removed from office, and moves by two members of Congress for the current legislation to be changed – under the working title of ‘Aaron’s Law’. For a young man who spent the majority of his life fighting for freedom of expression and information online it seems that even in his passing he could leave a significant impact for future generations. Swartz’s long time colleague Lawrence Lessig, himself a professor at Harvard Law school, said of Aaron;
‘This was one of those few technologists who looked up from his computer screen long enough to recognise how what he was doing could affect issues that he thought was important.’
The tragic nature of his death is a timely reminder that freedom in its many forms can be a costly and hard fought battleground, the outcome of which is always uncertain. Swartz seemed to see this long before the events of JSTOR, and warned us of how we must fight apathy and acceptance in the days ahead.
‘It will happen again.’ Swartz confided in a speech after the SOPA campaign was over. ‘Sure, it will have yet another name, and maybe another excuse, and it will do its damage in a different way. But make no mistake: the enemies of the freedom to connect have not disappeared. The fire in those politicians’ eyes hasn’t been put out. There are a lot of people, a lot of powerful people, who want to clamp down on the internet. And to be honest, there aren’t a whole lot who have a vested interest in protecting it from all of that. Even some of the biggest companies, some of the biggest internet companies, to put it frankly, would benefit from a world in which their little competitors could get censored.
…We won this fight because everyone made themselves the hero of their own story. Everyone took it as their job to save this crucial freedom… If we forget that, if we let Hollywood rewrite the story so that it was just big company Google who stopped the bill, if we let them persuade us that we didn’t actually make a difference, and we start seeing it as someone else’s responsibility to do this work, and it’s our job to just go home and pop some popcorn and curl up on the couch to watch Transformers — well then, next time, they might just win. Let’s not let that happen.’
This article originally appeared in a shorter form on the PC Advisor website and in the print magazine as part of a monthly section I write entitled News Viewpoint. To see that version please click here, or purchase a copy of the fine magazine from your local newsagent.
Over the past two years around ninety people – some as young as sixteen years old – have been arrested in the US, UK, and mainland Europe for online criminal activities relating to the hacktivist group Anonymous. The charges they face range from disabling commercial websites, stealing sensitive information such as credit card details, to attacking government security sites. In March 2012 one of the leaders of the spin-off group called Lulzsec was arrested and has subsequently become an informant for the FBI in exchange for leniency, which has led to more arrests. It marks a significant moment in the fight against these new breed of activists, but the story behind them isn’t a simple case of young, technologically skilled kids with malicious intent. Some of them have a cause.
Ever since the dawn of computers there have been hackers. In fact many of the advances in technology and the internet have come from people who wanted to take something apart to understand how it worked, or use technology in ways that its creators never intended. Google, Apple, Microsoft, and Facebook all were birthed in environments such as these, with Steve Jobs and Steve Wozniak famous for selling little blue boxes that hacked the US telephone system and allowed their customers to make long distance calls for free.
There are also those who use these skills to make people’s life a misery, steal information, or generally wreak havoc. These are the reason we have firewalls, virus scanners and emails from Nigerian princes who want to give you a million pounds if you’ll just hand over your bank details. Somewhere between these extremes is another class of hacker, whose motives are considered noble by some and criminal by others. They are the Hacktivists, a modern equivalent of the political protesters, who instead of picketing embassies or wielding banners outside corporate headquarters conduct their campaigns over the internet with arguably more profound results.
The origins of the term Hacktivist comes from, depending which reports you believe, a hacker collective amusingly named The Cult of the Dead Cow. The name joined the words Hacker and Activist together in 1996 to describe people who had a political agenda for their digital infiltrations. Of course the name didn’t create the movements involved – there were recorded politically motivated hacks as early as 1989 – but it did give a distinction from those who attacked websites for personal gain. The causes that the early Hacktivists pursued included nuclear disarmament, a mass attack on the Indonesian government to highlight the conditions in East Timor, a series of hacks championing those murdered in the Acteal Massacre in Mexico by a paramilitary death squad, plus the Guy Fawkes day attack on the UK Government in 1994 protesting about the proposed Criminal Justice Bill, which disabled the official website for a full week.
The common weapon of the hacktivist is a Distributed Denial of Service (DDoS) attack, which essentially bombards the target servers with thousands of page requests (similar to masses of people sitting on the site and continually pressing refresh) which overloads and crashes the site. The idea is likened to a virtual sit-in and seen as disruptive rather than destructive because the target sites aren’t damaged, no information is stolen, but the volume of requests causes them to shut down, thus preventing anyone from gaining access.
If there’s one group that has become more famous than any other then it has to be Anonymous, who first announced themselves to the world in 2008 via a Youtube video which declared war on the church of Scientology (http://www.youtube.com/watch?v=JCbKv9yiLiQ). The motivation behind this sudden conflict related to an internal promotional video for the Church, starring Tom Cruise, which had been leaked onto the internet. The content was embarrassing for the organisation and their notoriously aggressive legal team immediately began issuing take-down orders to any site that hosted the video with threats of legal action if they didn’t comply. This struck at the very heart of issues that hackers at Anonymous held sacred – free speech and non-censorship. Their video response threatened to destroy Scientology ‘for the good of your followers, for the good of mankind’, marking the beginning of a sustained campaign of DDoS attacks, phone pranks, and eventually culminating with a call to arms for followers to take to the streets and picket Scientology offices around the world. This seemed a potentially embarrassing move for a secretive and disparate collective of hackers. So It came as a massive surprise then when the day arrived and over 10,000 people assembled in several major cities across the globe, many wearing the adopted mark of Anonymous – a Guy Fawkes mask similar to the one that appeared in the movie V for Vendetta. Hacktivism had left the murky realms of basements and bedrooms and come out onto the streets.
Anthropologist Gabriella Coleman recently stated in the excellent documentary ‘We are Legion – the Story of the Hacktivists’ (http://www.youtube.com/watch?v=JWP2WwLGbWc) that ‘Prior to Anonymous, critics of the Church still had to be very, very careful because of the aggressive lawsuits that were launched against academics, journalists, and other critics. I would say that era is over, and Anonymous more than any other sort of intervention is responsible for that change’.
2010 saw the political whistleblower site Wikileaks release confidential communication records between the US state department and various representatives overseas. The move was highly controversial and caused widespread condemnation from the US government. In response pressure was put on Amazon, PayPal, Visa and Mastercard to remove services from Wikileaks – effectively hiding the site, freezing assets, and preventing supporters from financially donating to the organisation. Anonymous saw this as an attempt to censor the truth, and for federal and corporate bodies to crush those that would question them. The hackers quickly launched an offensive and armed their various activists with a program called the Low Orbit Ion Cannon, which made it incredibly easy to execute DDoS attacks without the need for technical or coding ability. In no time at all the sites of Paypal, Visa, and Mastercard were shut down, causing the companies losses which Paypal recently claimed to be in the region of £3.5 million. After continued attacks PayPal released the funds that it had held back from Wikileaks, although it did not reactivate the account.
These levels of aggression, as well as their public nature, saw the FBI, Interpol and other law enforcement agencies double their efforts to hunt down members of the group. It also marked the appearance of another Hacktivist called the Jester, a self proclaimed ex-US military operative who had previously targeted anti-American sites such as those linked to the Taliban. Angered by what he/she regarded as Wikileaks ‘attempting to endanger the lives of our troops’ The Jester launched a series of Denial of Service attacks on the Wikileaks site and also crossed swords with Anonymous.
It was surprising then that in the midst of these turbulent days the movement had what many believe was its finest hour. After Wikileaks released the communiques the site was promptly blocked by the Tunisian government. Further investigation of events in the North African country revealed alleged incidences of censorship, Facebook hacking to alter anti-government statements and also track the identities of those speaking out against the leadership. Anonymous members, working with fellow hacktivist group Telecomix, took out several official sites, and provided Tunisians with tools to avoid detection while online. The Tunisian president Ben Ali also had his servers hacked by activists and the information sent to Wikileaks for them to display on their site. Finally the dictatorship toppled under the weight of online attack, social media broadcasts of the conditions, and powerful civil protest from the Tunisian people.
One Anonymous member who calls herself ‘Homocarnula’ said of the Tunisian uprising ‘There’s a video where they are thanking us for being involved, holding up a mask saying we were the only ones that stood by their side. For me it was awesome to hear that and feel the connection.’
This first chapter in the Arab Springs uprising gave courage to those in Egypt who were also fighting to remove their ensconced dictatorship. In retaliation the government forces tried to eliminate internet access for the whole nation so that the people would be prevented from using social media to organise themselves and bring attention of their plight to the world. Again Anonymous and Telecomix worked hard to ensure that the footage of protesters clashing with aggressive government forces in the streets reached audiences outside the country. They also created various dial-up web access points, taught Egyptians how to validate SSL keys and certificates to circumvent the imposed restrictions, and launched their own DDoS attacks on government websites. Google also showed their hacker roots when they added support to the Egyptians by creating the Speak2Tweet service which enabled them to call certain numbers and leave their stories, which were subsequently posted on Twitter. When President Mubarak eventually ceded power, those that had fought with the Egyptian people in the digital realms knew that although their role wasn’t pivotal in the overthrow, it was certainly significant.
Sadly these methods may be required again, as reports coming out of Syria at the end of November 2012, show that the failing government has adopted the same tactics of restricted internet access. Google and Twitter have already reactivated the Speak2Tweet service, only time will tell whether the hacktivists rejoin the fight.
One of the most impressive things about the exploits of Anonymous is that they were, and remain today, a leaderless collection of hackers and activists who come together in response to perceived injustices, then work for a time until the operation is over. They have no meet-ups, membership programs, or stated agenda. This is how they remain Anonymous. There is a bulletin-board style site at Anonnews.org where ideas for causes are posted, but that’s about as centralised as things become. This is the organisation’s strength, but it can also be a problem, as it means hackers can do things under the banner of Anonymous that might not seem quite as justifiable as the Arab Springs and Wikileaks campaigns. In 2008 a famous incident occurred were members who thought that Anonymous had grown too serious and lost it’s sense of fun decided to hack epilepsy forums and post animated giffs that flashed black and white and could induce seizures in sufferers visiting the site. There have also been factions within the group who have decided to follow a more destructive path.
In 2011 a splinter group of Anonymous called Lulzsec appeared and went on what they termed ‘50 Days of Lulz’ where they hacked a wide range of sites just for laughs. Targets included Sony (from whom they stole thousands of customer account details), several game companies, and porn site Pron.com from whom they stole account details which they subsequently made public. They also attacked the sites of government agencies such as the CIA, US Senate, NHS, and the Serious Organised Crime Agency, seemingly in a display of their technical abilities and to highlight the shortcomings in their target’s security. When the fifty days were over the group announced to the world that they had completed their objectives and would now disband. The attacks ceased, and as quickly as they had appeared, the destructive force of Lulzsec vanished. At least until Hector Xavier Monsegur was finally caught by the FBI and revealed as the notorious hacker ‘Sabu’, a leader in the organisation. His evidence led to the arrests of five other members of the group, which was rumoured to only have seven in total.
With Lulzsec now seemingly all but gone, and Anonymous being hunted down by the authorities, you might think that this sudden escalation in coordinated attacks would begin to decline. But Anonymous isn’t such an easy enemy to dispel, and the worldwide nature of their followers and activists means that for every one the police detain there could be a hundred others to take their place. The nature of protest is changing and a growing dissatisfaction with corporate control, coupled with our continued transition to an online existence means they will be a force to be reckoned with for some time to come. As they once said of themselves ‘We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.’
A version of this post originally appeared as part of a new series of features called News Viewpoint that I write for the PC Advisor website and also appears in the March 2013 issue of the print magazine – yes, I know that’s in the future, but the way magazines work is a mysterious form of sorcery. To see the original click HERE or pop out to your local newsagent and purchase the rather splendid magazine itself.