WELCOME to Connected Rights, your teapot in the orbit of digital rights news and analysis.
IT’S RARE TO SEE THE EXCESSIVELY POWERFUL complaining about their power, but that’s what we saw last week when Cloudflare threw the neo-Nazi Daily Stormer website to the wolves: http://for.tn/2vlJUV3
What’s Cloudflare? The most important internet infrastructure company you’ve never heard of. Not only does the company provide a content distribution network that speeds up the delivery of videos and other high-bandwidth online stuff, but it uses that network to protect websites from denial-of-service attacks. When a company signs up for this protection, Cloudflare routes all attempts to access that site through its sturdy network, so people can’t attack the site by overloading its servers with access requests.
A tenth of all website requests, globally, go through Cloudflare’s systems. So when the firm finally buckled to public pressure and stopped serving The Daily Stormer – immediately leading to the site being knocked over by anti-fascist attackers – Cloudflare CEO Matthew Prince didn’t celebrate.
“Let me be clear: this was an arbitrary decision. It was different than what I’d talked with our senior team about yesterday. I woke up this morning in a bad mood and decided to kick them off the internet,” he told his staff: http://bit.ly/2w0lfqY. “It was a decision I could make because I’m the CEO of a major internet infrastructure company. Having made that decision we now need to talk about why it is so dangerous… No one should have that power.”
As Prince explained in a blog post (http://bit.ly/2wiUBvO), The Daily Stormer forced his hand by claiming Cloudflare’s reluctance to “kick them off the internet” suggested sympathy with the site’s white-supremacist views.
“In a not-so-distant future, if we’re not there already, it may be that if you’re going to put content on the internet you’ll need to use a company with a giant network like Cloudflare, Google, Microsoft, Facebook, Amazon, or Alibaba… Without a clear framework as a guide for content regulation, a small number of companies will largely determine what can and cannot be online,” he wrote.
Where’s that framework going to come from? According to another interview with Prince (http://bit.ly/2uMw8zy), it needs to be devised by “the entire tech industry, with policymakers, with legislators, with content creators [and] content consumers”.
The issue is, those policymakers and legislators can’t just come from the US. They have to come from around the world, representing different legal codes and societal norms that will often be in direct conflict with one another. That’s not to say Prince’s idea is a bad one; it’s just a fiendishly complicated one, which is why it hasn’t already happened.
In the meantime, those private companies are the judges, juries and executioners for online content. And that’s not a tenable situation either.
Thank you so much to those of you who are supporting me through my Patreon page! Your support doesn’t just help me produce this weekly newsletter – it will also help me develop further Connected Rights resources.
CHINA HAS LAUNCHED AN “INTERNET COURT” in Hangzhou, a notable hub for Chinese e-commerce businesses. The court is specifically for dealing with internet-related cases, such as online trade or copyright disputes: http://bit.ly/2vlLRRv
There is some precedent in Canada’s online Civil Resolution Tribunal (http://bit.ly/2w0Lm18), which also allows people to access the court over the internet. But China’s court is specifically for dealing with internet-related issues, and I think it’s a pretty good idea.
As long as the same laws are applied equally whether in the online or offline context, there’s a lot to be said for a court that deals day-in-day-out with tech issues – not only because the relevant expertise would be there, but because the internet supports an explosion of activity, which means an explosion of disputes.
In Europe, disputes over the “right to be forgotten” and illegal online content are mostly resolved by tech giants such as Google and Facebook. These companies shouldn’t be adjudicating the balance of free expression and privacy, but they are, because the justice system simply doesn’t have the capacity to deal with it. It seems inevitable, if online law enforcement is to be brought back into the public sector, that this capacity will need to be created somehow.
THE UPCOMING VERSION OF APPLE’S iOS mobile operating system will make it easier for people to disable Touch ID as a login mechanism for their iPhones and iPads. The idea, according to some, is to make it harder for border agents and other authorities to force people to unlock their devices with their fingerprints: http://for.tn/2vbIY6u
Would this make a difference in reality? Probably not so much. Customs agents can still coerce travellers into unlocking their devices, by threatening to confiscate them for inspection. As the classic XKCD cartoon (https://xkcd.com/538/) makes clear, all the clever security in the world is no match for someone who can force you to do what they want anyway.
I suspect that, if someone wanted to take this issue to a consumer rights watchdog in Germany or Norway, for example, they may find a sympathetic ear. No-one should be forced into agreeing to a new contract – particularly when doing so would mean agreeing to send Sonos “functional data” such as email addresses and login information, which counts as personal data. For new customers, the choice may be easier. For people who’ve already sunk €200 or more into a Sonos speaker, that’s just not playing fair.
If you’d like me to write articles for you about digital rights issues, speak at your event or provide advice for your business, drop me an email at firstname.lastname@example.org.
GOOD NEWS IN THE DREAMHOST CASE that I reported on last week (http://bit.ly/2wxGtQn) – the US Justice Department has dropped its demand for the 1.3 million IP addresses that could identify visitors to the anti-Trump site DisruptJ20.org. The DOJ claims it had no idea it was asking for so much data on potential dissidents (uh-huh): http://for.tn/2xbDFVS
THE MUSIC YOU LISTEN TO COULD SPY ON YOU, according to this not-at-all-paranoid report: http://bit.ly/2vZT9fD. Basically, if you had a certain piece of software on your microphone-equipped device (phone, smart TV etc), it could pick up “high-pitched sonar signals hidden within popular songs” and use variations in the reception of the signals to determine people’s movements in the room.
It’s not something I’d worry about for the foreseeable future, especially as there are plenty of other ways to monitor people’s movements without going to the effort of sneaking special noises into hit pop songs.