Friday, 10 July 2015

Obituary: Caspar Bowden, a fearless privacy pioneer

Simon Davies, London School of Economics and Political Science

The world’s privacy advocates are reeling over the loss of one of their most influential and feared campaigners, Caspar Bowden, who has died of cancer. His fierce and combative evangelism for online privacy over two decades and surgical analysis of complex surveillance legislation raised the standard of commentary that influenced advocacy groups at home and abroad.

I had the honour and the pleasure of becoming a close friend and co-conspirator of Caspar. It wasn’t always easy – he held high expectations of his colleagues, who could often experience his wrath whenever they dared to negotiate with “the bastards” (whoever they happened to be at the time). The archaic American expression “ornery” could well have been invented for Caspar Bowden, as his opponents well knew.

In conferences and meetings where officials and ministers appeared there was frequently what became known as the “popcorn moment”, when Caspar would stand up and, from the back of the hall, clear his throat and launch into a devastating critique that would utterly destroy the credibility of his opponents. Within two years, ministerial staffers were routinely calling me to find out whether Caspar would be in the audience. No better tribute could ever be awarded to any campaigner.

Caspar Bowden, mid ‘popcorn moment’. Rama, CC BY-SA

Caspar joined the mainstream privacy world in 1997 during the Scrambling for Safety encryption event that I organised at the London School of Economics, and soon after he co-founded the Foundation for Information Policy Research (FIPR), which became the most astute think-tank in Britain in the field of surveillance.

At the time Caspar chaired Scientists for Labour, an organisation which at the time believed that the Labour Party (which had been elected to government only 18 days earlier) would actually respect scientific advice. The reams of dangerous and intrusive legislation the Labour government subsequently passed caused him to ditch this fantasy. In the years since Caspar appeared to abandon all faith in parties, taking pride in comparisons with TV character Mr MacKay in the comedy series Porridge, who famously said: “I have a job to do and, whatever else I am, I’m firm but fair. I want you to know that I treat you all with equal contempt”.

In 2002 Caspar joined Microsoft’s operation in Europe as chief privacy strategist, but the arrangement was a bad fit. Caspar continued to be outspoken, eventually parting company with Microsoft after he criticised the lack of privacy measures in its software and the firm’s cosiness with US government spooks. Years before Snowden’s revelations about US and UK mass surveillance in 2013, Bowden had already become deeply worried about the relationship between companies and security agencies – with his arguments about the safety of cloud data proven true by the subsequent leaks.

Gus Hosein, executive director of Privacy International and an an old friend and colleague said:

I’m not new to this issue, but whenever I struggle to get my head around the implications of a new policy or technology, I always looked to Caspar. I sought his guidance to navigate it, but I feared what he would say if I came out with something stupid. The future is uncertain enough, but without him it is even more daunting.

Caspar was very accurately described by another close friend and colleague Ian Brown, professor of Information Security and Privacy at Oxford University:

Caspar was a truly unique individual, one of the most passionate, methodical, relentless advocates of any cause I have met. I learnt so much from him as we worked together on and off for nearly 20 years on privacy issues. His forensic analysis of UK surveillance laws, and later European and US legislation, was essential reading for anyone who wanted to understand the implications of some extremely obscure language – including legislators themselves.

Brown believes UK internet users are still benefiting from Caspar’s successful campaign to remove “Big Browser” surveillance powers from the Regulation of Investigatory Powers Act 2000, and to ensure the burden of proof was not put onto individuals who might have actually forgotten passwords later demanded by police. His important reports for the European Parliament will also be key in the long-term decisions made by the EU to protect the privacy of its 500m citizens.

Anyone who knew Caspar understood that he was dogged in his later years by a deep cynicism about progress in privacy. Deeply mistrustful of governments, corporations and even the law, he eschewed mobile phones and came to place his faith almost solely on mathematical solutions, for example by heavily promoting the concept of differential privacy, which attempts to prevent a loss of privacy in situations where details can be inferred from other data.

Perhaps Caspar’s greatest legacy is that, in an age of increasing compromise, he showed us the importance of dogged, non-negotiable persistence. As George Bernard Shaw observed, all progress depends on the unreasonable man. In that respect, Caspar was a beacon of progress.

The Conversation

Simon Davies is Associate Director at London School of Economics and Political Science.

This article was originally published on The Conversation. Read the original article.

Thursday, 18 June 2015

Some thoughts on Usability of Privacy Technologies - George Danezis

Some thoughts on Usability of Privacy Technologies (Outline of Talk) | Conspicuous Chatter: "one may assume that the key customers of this software — large enterprises and governments — simply never asked for such features, and in fact probably considered such a feature to conflict with other requirements (such as the need to recover mail of employees, backup, …).

 These commercial pressures, have changed in the past few years, as large internet companies start relying heavily on serving end-users (search, webmail, social networking). Sadly, these companies have adopted both a business model — ad-based monetization — and a technical architecture — cloud computing — that makes meaningful privacy protection very difficult. In turn the “success” of those architectures has lead to an extreme ease of developing using this model, and an increasing difficulty in providing end-user solutions with appropriate privacy protections — let alone usable ones.

 The rise of services has pushed a number of key privacy technologies into not being commercially supported and a key feature, and in effect at best a “common” — with the governance and funding problems this entails. We have recently learned about the systemic under funding of key privacy technologies such as OpenSSL and GPG. Technologies like Tor are mostly funded for their national firewall traversal features, seeing development on anonymity features suffer.

Unlike other commons (health, parks, quality assurance in medicines), the state has not stepped in to either help with governance or with funding — all the opposite. For example, standardization efforts have systematically promoted “surveillance by design” instead of best of breed privacy protection; funding for surveillance technology is enormous compared to funding for privacy technologies, and somehow ironically, a number of calls for funding of privacy technologies are in the context of making surveillance more “privacy friendly” — leading to largely non-nonsensical outcomes." 'via Blog this'

Sunday, 26 April 2015

EU Wants a New Regulator to Make Sure Internet Firms are Behaving Themselves

The EU Wants a New Regulator to Make Sure Internet Firms are Behaving Themselves | Gizmodo UK: "They warn that some digital businesses are "transforming into super-nodes that can be of systemic importance” and “only a very limited part of the economy will not depend on them in the near future.”

 The documents warn that a lack of action could lead to a "point of no return", where economies are irreversibly tied to a handful of large companies.  Examples include the likes of Amazon, Etsy, Trip Advisor, Facebook, and Google.

They are mentioned as having undue power over their sectors of the market and can exclude any company or products they feel like, without evidence, by claiming they breach terms and conditions.

Apparently this could potentially put the whole European economy at risk due to market exploitation.

To tackle this the documents propose that a new "supervision framework" should be put together and do things like ban unfair business practices and prevent internet companies from using their platforms to provide preferential treatment to their own services." 'via Blog this'

Tuesday, 14 April 2015

Spying on the U.S. Submarine That Spies For the NSA and CIA

Spying on the U.S. Submarine That Spies For the NSA and CIA: "Annapolis's parent unit, Submarine Development Squadron 12, brokers all of this special equipment for the Navy's submarines, setting up relations with the CIA and NSA, as well as the National Reconnaissance Office, which operates the spy satellites and stealthy communications links. And there are a set of silent partners in industry and academia who also ply their trade in this secret submarine world.

 One such player is the Applied Research Laboratory of Pennsylvania State University. As a Pentagon-designated university-affiliated research center, Penn State's ARL "maintains a special long-term strategic relationship with DoD," the lab brags in an online presentation. That relationship accounts for nearly half the university's research budget—and it includes work on Annapolis's RADIANT GEMSTONE, the only public mention of this highly secretive program:

 How excited is the Navy about this new mission? Imagine being the only kid on the block with a shiny new red wagon. The service's admiral in charge of cryptology says the Navy is anxiously crafting "an ordered, sustainable maritime means of realizing military power in cyberspace."

 Still: What does that mean? When you can spy on anyone, anywhere, anytime—not just heads of state, but anyone on a cell or a WiFi connection—what do you actually do? More to the point: Who was the Annapolis spying on last year?

We know roughly where it traveled through the "European and Central Command areas of responsibility"—near Iran, Israel, perhaps even Yemen.

We know that its crew briefed those NSA and CIA officials. We know that Parks, his mission accomplished, recently stepped aside and handed command of Annapolis to a "tactical analysis" expert from Submarine Development Squadron 12." 'via Blog this'

NSA declares war on general purpose computers - Boing Boing

NSA declares war on general purpose computers - Boing Boing: "NSA director Michael S Rogers says his agency wants "front doors" to all cryptography used in the USA, so that no one can have secrets it can't spy on -- but what he really means is that he wants to be in charge of which software can run on any general purpose computer.

 Rogers's proposal is no less stupid than the proposal made by UK Prime Minister David Cameron, but it's even scarier in that Rogers runs a highly technical criminal organization with state backing and a history of attacking the security of American computing infrastructure by deliberately introducing vulnerabilities into computers used by American citizens, businesses, and government.

There's no way to stop Americans -- particularly those engaged in criminal activity and at risk from law enforcement -- from running crypto without locking all computers, Ipad-style, so that they only run software from a government-approved "app-store."

The world teems with high quality, free, open crypto tools. Simply banning their integration into US products will do precisely nothing to stop criminals from getting their code from outside non-US vendors or projects. Only by attacking the fundamental nature of computing itself can the NSA hope to limit its adversaries' use of crypto.

I predicted this in 2012, and I'm sad to see it coming true.

The risk of this happening is why I've gone back to EFF to kill DRM in all its forms." 'via Blog this'

Sunday, 12 April 2015

EU Deal Probes May Weigh Value of Personal Data: Vestager

EU Deal Probes May Weigh Value of Personal Data: Vestager - Bloomberg Business:

"“Many people still don’t realize that sites that appear to be free are actually paid for by the information you provide through your searches and behavior online,” Vestager said.

While the EU has been investigating allegations that Google Inc. abuses its role as the biggest search engine, it avoided looking at control of personal data in a 2008 merger review of Google’s bid for online advertising platform DoubleClick. EU regulators didn't identify data-usage concerns in last year’s review of Facebook Inc.’s takeover of messaging service WhatsApp." 'via Blog this'

Thursday, 2 April 2015

Pasquale: Interview on the Black Box Society

Balkinization: Interview on the Black Box Society: "The Black Box Society’s central subject--agnotology, the suppression or destruction of knowledge--is a particularly difficult topic to interpret methodically. But I’ve tried to highlight some very important disputes, show their broader relevance, and explain what laws would need to change for us to really understand the value of what data brokers, search engines, financiers, or homeland security contractors are doing. I justify those policy proposals with reference to emerging work in more normatively oriented branches of political economy and social science...

Political economy is a venerable discipline. While it has, of late, been dominated by “positive political economists” focused on the pathologies of governance, there is a venerable tradition of political economists studying the “ideal role of the state in the economic and social organization of a country” (as Piketty puts it). Lawyers are particularly well-suited to the task of studying political economy, because we are the ones drafting, interpreting, and applying the rules governing the interface between state actors and firms.

Integrating the long-divided fields of politics and economics, a renewal of modern political economy could unravel “wicked problems” neither states nor markets alone can address.

But it’s actually more urgent than that, because the very terms “state” and “market” seem antiquated. For example, Medicare may be publicly funded, but it’s ultimately run by a panoply of private contractors. Banks may make tremendous profits from financial “markets,” but the main reason they have deposits and counterparties to deal with is governmental guarantees that take the sting out of credit risk—and, in turn, reward many of those administering such guarantees with lucrative jobs once they leave government.

 So a purely economic approach to “markets” here, or a purely political approach to “states,” misses the critical interaction between the two. A political economic approach is vital—and that’s what has made social theory ranging from Smith and Mill, to Tocqueville and Durkheim, to Weber and Habermas, of such enduring interest. In law, we still read Robert Lee Hale and the legal realists for exactly the same reason. My concluding chapter tries to revive this political economic perspective, suggesting reforms beyond the purely legal concerns of the penultimate chapter." 'via Blog this'