WELCOME to Connected Rights, your tin can on the string of digital rights news and analysis.
THE US NATIONAL SECURITY COUNCIL’S “NATIONALISED 5G” PROPOSAL got a brutal kicking from just about everyone when it was leaked to the media. The trial balloon – if that’s what it was – did after all talk about having the government building an “inherently secure” national 5G mobile broadband network within a mere three years, including the time it would take to establish a US manufacturing base to design and produce every aspect of the infrastructural equipment.
The proposal is, to be charitable, preposterous. But if any of it actually does see the light of day, it seems likely to be the elements that threaten privacy, online anonymity and the internet as we know it.
Here’s Axios’s scoop: http://bit.ly/2GrTj42. The leaked document is here: http://bit.ly/2DRnGU8. I ranted about it on Twitter in this thread: http://bit.ly/2ElgwUZ. And, after consulting some proper telecoms experts, I wrote up the practical implications for Fortune here: http://for.tn/2DPpjS8.
Even though the scheme is not remotely viable and the White House has been keen to stress that “these are the very earliest stages of the discussion period”, the parts about a secure network are somewhat terrifying, and the White House maintains that the only thing it’s sure of is that it wants there to be a secure network. So there’s a chance that we may see this bit pop up again.
What’s a secure network? One that keeps out the Chinese, apparently, in terms of both cybersecurity and trade. “Since we are afforded the benefit of two large oceans for our physical defense, why not build the equivalent situation in the information domain,” the proposal posits without a question mark at the end.
This network would use newly-developed 5G “network security standards” that would “fundamentally alter the cyber threat landscape”. And it would be militarised, with “active defense” built in. And then there’s this: “As we learned in the wars in Iraq and Afghanistan the first step in asserting control over chaos is to take away anonymity. A network that identifies the adversary and responds to attack is fundamental requirement of the information age.”
If your eyes aren’t already wide enough by now, savour the part about artificial intelligence. You see, China is on track to win the “AI arms race” because “complete elimination of privacy standards combined with a strong firewall has enabled China to transform its ‘great firewall’ into a ‘great ocean’ of data.” So… America should do the same? I keep re-reading that part (on page 11 of the memo) in a vain attempt to not come to this conclusion.
Everyone has said this is a stupid proposal, largely for logic-based reasons such as its practical impossibility, and the fact that it’s an insanely expensive nationalisation scheme while the US is, as congressman Greg Walden accurately noted, “not Venezuela”. The “secure network” impetus remains, though, so we have to wonder which parts of the proposal will be binned and which might live on.
GIVEN THAT THIS IS ALL ABOUT CHINA, where nervousness about American components is leading the state-sponsored telecoms equipment industry to build its own alternatives, it’s somewhat ironic that we now find out about Intel warning Chinese companies before US intelligence when the Spectre and Meltdown flaws came to light: http://on.wsj.com/2Gmt5Ad
That means Chinese intelligence may plausibly have gotten a head-start on their American counterparts, when it comes to exploiting those flaws for the exfiltration of other people’s secrets.
IT’S OFFICIAL (AGAIN, AND NOT FOR THE LAST TIME): UK MASS SURVEILLANCE IS ESSENTIALLY ILLEGAL. The Court of Appeal ruled yesterday that the Data Retention and Investigatory Powers Act (DRIPA), clashed with EU law because it doesn’t target the collection of everyone’s phone and web-browsing records, nor does it provide enough safeguards regarding the access to all that data: http://bit.ly/2GrEOxk
DRIPA, of course, was only a temporary measure ahead of the current Investigatory Powers Act, aka the Snooper’s Charter. According to campaigners at Liberty (http://bit.ly/2rQpBTr), the ruling does nonetheless spell doom for the parts of the new law, which will fail the same fundamental rights tests.
However, that specific issue is being dealt with in a different case, and the judges said on Tuesday that “it is appropriate for this issue to be addressed in those proceedings”. So the stake in the heart of British mass surveillance needs another whack or two. And then there’s Brexit…
MEANWHILE IN GERMANY, MASS SURVEILLANCE IS AGAIN the subject of a complaint. This time it’s Reporters Without Borders, which has joined a bunch of other activists in filing a constitutional complaint against the Bundesnachrichtendienst (BND). Award-winning journalists are fronting the suit, which claims violation of both privacy and freedom of the press.
Reporters Without Borders has also complained to the European Court of Human Rights about the BND’s mass surveillance (http://bit.ly/2nuIoOK), saying it makes it impossible to protect sources. The argument this time is that the BND’s ability to spy on journalists abroad, and to share the resulting information with foreign agencies, threatens the freedoms of journalists in Germany because international editorial collaborations are a thing.
I JUST DID A SPOT OF MODERATION WORK AT A GDPR preparation event run by Wire, the secure messaging firm. A few interesting points came out of the presentations and panel:
A valuable perspective from GDPR daddy Jan Albrecht: “The GDPR is already becoming the gold standard… in the global market… because the big players and big companies in the digital market are deciding, OK we see this is a standard we just can’t walk around, so we’re implementing it.” Lots of confidence in the lack of loopholes there.
Philip Fabinger, global privacy counsel for the location mapping firm HERE, said the company has 40 people from across the organisation working on GDPR implementation. He’s also very nervous about the upcoming ePrivacy Regulation, and what consent requirements will look like for companies making self-driving cars and running drone deliveries.
If you’d like me to write articles for you about digital rights issues, speak at your event or provide privacy advice for your business, drop me an email at firstname.lastname@example.org.
FITNESS-TRACKING COMPANY STRAVA has found itself in hot water for publishing a global “heatmap” that accidentally betrayed the locations of – and activities around – sensitive facilities such as those used in warzones by aid workers and the US military: http://wapo.st/2DPbUJI
Here’s Strava’s blog post from Monday, saying the company is taking this all very seriously and is “committed to working with military and government officials to address potentially sensitive data” emanating from users’ Fitbits and other fitness trackers: http://bit.ly/2Eq8hqS
“Our engineering and user-experience teams are simplifying our privacy and safety features to ensure you know how to control your own data,” CEO James Quarles added. Wouldn’t it be nice if it didn’t take a military scandal to prompt such action?
FAKE NEWS? THAT’S SO LAST YEAR. Now there’s a thing called fake porn, where people use apps to transplant celebrities’ faces onto adult actresses in videos. This is both a horrible thing to do, and a terrifyingly predictable development: http://bit.ly/2F8Usfy