Tag: crime and freedom

Remember 42 days?

Really excellent point at Heresy Corner last month. After all that fuss, for weeks and weeks, about whether the counter-terrorism bill of last year would include the provision for detaining terrorist suspects for 42 days, the subject is now so forgotten that when the minister concerned talks about it, it is not newsworthy.

This is the best demonstration of my recent claim about the limits of voter influence. Because we all knew all along what Heresy Corner proves, that the argument was never about a concrete legal proposal at all. The question was a symbolic one. What was at stake was entirely feeling or impression — did the government need to show it still wanted to do more for security, or was the whole fluid inspections, photography restrictions, CCTV thing going too far? Should we trust the security services or the civil-liberties lawyers? Would the new powers affect “ordinary people” or just outsiders, and if so was that a bad thing or a good thing?

The technical questions about arrest, and evidence-gathering capabilities before and after charge, PACE, legal discovery and so on were far too complex to be part of the debate, even with the enormous coverage the issue got. The questions of what it meant for the authority of Gordon Brown, the status of members of his cabinet, the future positions to be taken by the Conservatives, and the momentum of political sentiment in the public were much more tractable. The end result was the government lost. That was what it was all about, and the details of criminal procedure being no more relevant now than they were then, there is nothing more to be said.

Hierarchy of security needs

Mencius Moldbug’s latest has a real gem where he talks about the political needs of a society as a hierarchy of needs parallel to Maslow’s psychological hierarchy of needs.

there are four levels of sovereign security. These are peace, order, law, and freedom. Once you have each one, you can work on the next. But it makes no sense to speak of order without peace, law without order, or freedom without law.

His claim is an essential tool for understand how I can whinge about ID cards and yet make allowances for brutal policing in China or Iran.To analyse the reasons behind the hierarchy, the first need is peace, and the second order. Order is valuable, but if an enemy is present, the inhabitants must use violence against the enemy. If inhabitants are using violence, you do not have order. Therefore, peace must come before order.If you have peace, you can then impose order, and stop inhabitants using violence within the realm. We also desire law, meaning that by following some published laws, I can be assured I will not be the subject of violence from or approved by the state. But if violence is not controlled between inhabitants, then safety from the state is of little value. The state has to first reduce violence between inhabitants to a low level before we can get benefit from the state following law.Once we have law, there is then value in freedom. Freedom means that the state will not restrain me from doing things I want to do, to the greatest extent practical. I cannot have any freedom if I do not know what the state will and will not punish, so law is a prerequisite to freedom.Therefore, the hierarchy is : peace, order, law, freedom.I want to live under a good government, and a good government is one which will provide freedom. But I cannot have freedom unless there is law, there cannot be law unless there is order, and there cannot be order unless there is peace.We have order where I live, and mostly we have law. I would like more freedom than we actually have, and I think it is entirely practical to allow more freedom without compromising the more basic social needs of order and law.In China, there is order and they are working on law. There is much less freedom than in Britain even under New Labour, but allowing freedom to political rivals is almost sure to wipe out law and severely reduce order. We can see that order has broken down in part of China just recently.The hierarchy of needs also explains some of my differences with Mencius. We could do with a little more order and law around here, but we have enough to support freedom. Mencius gives the impression that in his area, at least, order has broken down. Now, I don’t live in the leafy, peaceful suburb where my mother went to school, my grandfather used to play bowls, and I used to play in the park when I visited, and where the Shine My Nine gang now kills those who encroach on its women. But then, I live in Luton, which isn’t exactly cut off from the problems of the rest of Britain. And yet in my view we have at least the necessary minimum of order. I would like more, but I don’t think we have to abandon law and freedom to get it.(Is it not possible to have order without the state, some will ask? I think not, though that’s another discussion).

Anonymous Blogging

All the discussion I’ve seen about the unmasking of Night Jack, the award-winning blogger who told us about life in the police, seems to stand on dangerously bad assumptions.

Many, like Hopi Sen, argue on the basis that anonymous blogging is in the public interest. Some, like the always reasonable chris dillow, dispute that claim. All of them scare me.

For what it’s worth, I think that anonymous blogging is in the public interest. But that’s an awfully flimsy ground on which to build the shocking restriction on freedom which Night Jack’s victory would have produced.

The case wasn’t about whether Night Jack could blog anonymously — whether he could blog without telling anyone his identity. What was at issue was whether The Times, having found out his identity, would be allowed to tell anybody. The only possible answer to that question is yes, of course. Isn’t it enough that this country has the most oppressive libel laws in the world, without putting still more restrictions on what the press is allowed to tell us? Even the Max Moseley case based its verdict in favour of Moseley’s privacy on the basis of a breach of his confidence — that the information came from somebody who had a duty to keep it private. Night Jack originally made a similar claim, but dropped it, claiming only that it was in the public interest that we not find out who he was.

I would like to see a right to blog anonymously, but all I would expect that to encompass is to be allowed to publish without having to identify myself, not to prevent anyone who happens to know who I am from telling anybody else. I want to be permitted to have a secret, but not assisted by the power of the law in keeping it a secret — that’s my job.

The frightening assumption is that if anonymous blogging is in the public interest, anonymity should be protected with the power of the state, and if it is not, then it should be broken with the power of the state. Everything that is not compulsory is forbidden.

CCTV Warning

Don’t look at the cameras! Anyone who looks at the cameras is a terrorist! If you see anyone looking at the cameras, call the police!

http://www.met.police.uk/campaigns/counter_terrorism/index.htm

The cameras are for your protection: that’s all you need to know. And anything you don’t need to know, you’re not allowed to know. Only terrorists care whether they’re on camera or not.

This is a public service announcement from Anomaly UK.

Seriously, I find this much more disturbing than the presence of the CCTV in the first place.

Parliament Bound by Contract?

If I really cared about whether our democratic government was truly representative, I think I would be outraged by this story about the government locking in payments to suppliers for ID card contracts against a possible cancellation by the next government.

Ultimately, the next government could, I presume, pass a law saying that payments promised for ID card work were cancelled, and even that payments previously made could be reclaimed. Traditionally, parliamentary sovereignty meant that was possible.

Would that be a good thing? While I suspect that the contracts in question are being written as a kind of “poison pill” to sabotage Tory policy, it is legitimate that a business could seek up-front payments or guarantees to cover the setup costs of the work they are undertaking to do. A company that was faced with the loss of payment for work it had already done because an election had changed the government’s policy would have a very legitimate cause of complaint.

The opposition could mitigate the injustice by giving good notice – now – of what they intended. That is made more difficult by the claim of “commercial confidentiality” made regarding the terms of the contract.

My line on this is that when a government signs a significant contract with a business, then it is not a matter of commerce, it is a matter of politics. It is, if not nationalisation, then at least something which is of the same kind as a nationalisation, but of different degree.

Therefore the ongoing dealings between the government and the supplier are a matter of politics not of commerce. If nullifying the contract is good politics but bad commerce, then it is what should happen. If the supplier doesn’t like it, they shouldn’t have got involved in politics. Furthermore, hiding the details of the contract on grounds of “commercial confidentiality” makes a mockery of democracy even by my loose standards.

I would also add that this sort of thing: Public Private Partnership and use of contractors in general, is a prime example, probably the best example on this side of the pond, of what Giles Bowkett was talking about. It’s the kind of policy which looks, if not exactly libertarian, at least sort of halfway libertarian. It was supported, at least at the beginning, by the likes of the ASI and the IEA. And because it’s a compromise, and because the nature of the political landscape means inevitably that what it was a compromise with was corporate interests – in this case the corporate interests of the consultancies that get paid for work like the ID card project – then as a result it’s the sort of policy where half-way is much worse than nowhere.

If we were back in the 1970s when the only way to do this sort of system was to hire thousands of civil servants to develop it, we would be better off. Outsourcing gives us none of the benefits of the private sector, but a whole lot of extra cost in corruption and obscuring of the truth.

Finally, I suspect that the Tories, even if they had the balls, could not void the contracts as I have described. The suppliers would be straight off to the EU to cry foul. The brief alliance of Thatcherites and Eurocrats in the 1980s that gave us the single market have stripped the voters and their representatives in parliament of the power to do that.

Email Security

Apparently as of March the government will be requiring ISP’s  to keep email traffic for a year for use by police and security services.

Yes, it’s another of those cases where we have to work out whether we’re more appalled by the government’s viciousness or by its stupidity.

Here’s a little primer in email for novices and government ministers:

The Internet, the Web, and email are three different things.  The internet is a network that can carry data.  The Web is a lot of servers which provide hypertext and media over the internet in response to requests.  Email is an addressing system and message format by which messages can be sent between users over the internet.

ISPs provide internet service.  Sometimes they also provide web or email services over the internet as an add-on, and sometimes they don’t.

It is quite possible to send and receive email messages without one’s ISP even being aware of the fact.  Indeed, most people do.  If you have a large site, you probably run your own email servers.  You emails go over your ISP’s internet service, but do not use your ISP’s email service, even if it has one.

Conversely, if you use webmail, your email does not reach your network in the form of messages – only web pages.  Your messages originate or terminate with your webmail provider, who may well not even be in this country.

Only if you use the old-fashioned POP3+SMTP setup, or  your ISP’s  webmail service, will your ISP see your email as email.  In some cases it might be possible for them, by searching your entire network traffic, to identify and extract  email from your network flow.  That involves a whole lot of processing that they would otherwise not need to do.

If you use an offshore webmail provider, they can’t even do that, because the traffic between you and the webmail provider is encrypted.

I don’t actually know whether Google, Yahoo and Microsoft, the biggest webmail providers, have mail servers in this country.  I suspect not.

Note that if you use email encryption, as I recently recommended, you are still leaving a trail of who you sent mail to and when.

Attempts to get email out around inspection (without using webmail) are handicapped by measures taken to prevent spam.  It is quite possible to send mail in the same way a large site does – your mail software uses DNS to locate the recipients’ mail servers, and then sends them the mail directly.  However, many ISPs for residential users filter out direct email of this sort, and many recipients spam filters refuse it if it has come from a residential ISP network.  This compromise of the end-to-end principle came in some years ago, and did little harm at the time, but as governments become more nosy, the requirement to pass all emails to your ISP’s SMTP server is more of a problem.  It just goes to show how compromising important principles usually has a cost in the long run.

I don’t know how well-provided the world is these days with anonymous remailers – they were all the rage fifteen years ago.  It might be possible to use TOR to get email out of the local ISP network securely – I will be investigating both these avenues over the next few days.

None of this is because I have anything to hide in my email traffic.  As I explained previously, the problem is that if in a year or ten years I do, it will be too late.  These channels are awkward to set up, and they have to be done ahead of time.

GPG key is linked to from the sidebar.  Ideally you should get me to confirm the fingerprint in person.  I carry it around with me, so if you meet me it’s easy to do.

Remote Searching

There’s been fuss the last couple of days about police powers to hack into suspects’ computers.  Apparently under RIPA they do not need any kind of warrant, just approval from a chief constable.

As some bloggers have pointed out, the power doesn’t imply the ability.  If your system is secure against hackers, it’s secure against the police.  Provided you don’t do anything reckless, like run an open wireless network, or run Windows, you should be safe.

Having said that, it is worth noting that the police have resources that private hackers do not.  In particular, they may get cooperation from ISP staff, or other service providers.  Even if that theoretically requires further authorization, if they are given, for example, a password, informally and without authorization, they would then be legally allowed to use that password to access your system.  In practice, they are unlikely to have to account for how they managed to get the password.  When I worked in telecoms, the authorities were given traffic data (billing itemizations) on informal request on a regular basis.

I’m not actually sure what the law is.  I’ve been looking at the text of the 2000 Regulation of Investigatory Powers Act, but it’s hard to puzzle out.  So I’m relying on press reports.

If you want to keep the police out of your PC, follow normal IT security (use WPA2 or IPsec on wireless, don’t use Windows, don’t run code of unknown origin), and also assume that any passwords you use on external systems are known to attackers, so use different passwords for logging into your box, for remote access, and for wireless.  Don’t expose these passwords over unencrypted email.  Set good passwords on routers.

There’s another reason for making a fuss about this.  Even if your system is safe, most people’s won’t be.  That means that over time, it will become accepted that police have access to everyone’s computers.  Eventually, the “loophole” that some people actually have secure systems will be “exposed” as compromising the ability of the police to protect us (or to protect THE CHILDREN), and secure systems will be simply banned.  This is despite the fact that there is already law allowing the police to demand encryption keys etc. with a warrant.

That sounds far-fetched, but is there any reason why one would assume that a mobile phone was something too dangerous to allow an anonymous person to own?  No –  only that, for business reasons, it happened to be impossible to anonymously own one until the technology for pay-as-you-go was released, and everyone got used to the idea that phones could be traced.   When people are used to the idea that computers can be searched by the police on a whim, they will not mind making it illegal to prevent it.

And just because you have nothing illegal, doesn’t mean it doesn’t matter.  Once someone hacks into your computer, they are likely to damage things by accident.  That’s always been recognised by the law, which (rightly) considers it a crime even if no damage is done, because of the cost of going over the system and making sure everything is OK.  If police plant a backdoor on your system for their own use, it may be found and exploited by criminals. (This was one of the major issues with the Sony CD rootkits a year or two back.)  Civil damages are also assessed on the same basis.  As well as that, information which is gathered may be misused.   A police officer was convicted of using private information for blackmail purposes just recently.

I may come back to this issue tomorrow if I can figure out what RIPA actually says.

Bob Quick

Assistant Commissioner Bob Quick ordered the arrest of Damian Green in November.

After that, it emerged that his wife was running a luxury car firm from their home, which may have been offering services it wasn’t licensed for.

I’m not directly concerned with the car business, and the Damian Green case has been well covered already. What is interesting here is the pattern: Person makes enemies, enemies dig up dirt. How many people have some irregularity in their personal or business life that they will certainly get away with for ever, provided they don’t attract the attention of someone powerful and hostile?

The product of this situation is that those with power to dig into everyday irregularities end up with arbitrary power. You keep them sweet if you know what’s good for you. You don’t criticize them publicly, you don’t cross them in their personal capacity. The only people who can stand up to them are those that are prepared to “clear the decks” of their private lives for the sake of activism. Admirable as such people are, their very determination makes them seem extreme, weird, or unreliable.

This situation is very unhealthy for public life, as I’ve said here before. The solution is to look around for rules which people routinely break, generally get away with, and don’t do much harm. And get rid of them. Keeping a low profile should not give someone a large advantage in everyday life.

The real stupidity of Andy Burnham

Andy Burnham has been given such a bashing over his idiotic comments a week ago about how the internet should be censored that I felt no need to chime in with a “me too”.   Particular derision greeted his claim that he was not against free speech. But the misunderstanding about what the internet is worth elaborating.

He said he wants internet-service providers (ISPs) to offer parents “child-safe” web services.   The only feasible way to do that is to have a whitelist-based filter that allows “safe” sites to be viewed.  That’s quite doable – I do it myself for my children, using squidGuard.  It’s very much better done at the home end than the ISP, because that way my 9-year-old can ask for a site that he’s heard about, and I can add it to the whitelist, but the filtering can be done “in the cloud” if you can’t be bothered to learn how to use a computer.  Nonetheless, the filter means that essentially, the boys do not have internet access – only this ersatz “pages from ceefax” version, and with the 9-year-old now 10, the time is approaching that it will have to be turned off for him. 

The internet is dynamic.  It changes year by year, very significantly.  That is what has made it what it is.  It is able to do this only because of the fact that, on the internet, anything goes.  That’s not an incidental feature of the network, it’s what made it what it is.  Anything goes in terms of technology (the end-to-end principle), and in terms of content (creating a web page without getting it approved beforehand by the BBFC).

You can make a copy of many of the most useful features of the internet at a given point in time, without that freedom.  But what you have is frozen, dead.  As the internet moves on, it can’t keep up.  It’s like creating a command economy: when you start you have prices, traces of the market that used to exist.  You can plan your economy based on those prices (with whatever adjustments you think will improve things).   But where the market would have changed, you can’t see those changes.  Over time, your dead market prices will become less and less appropriate to reality.

If anything-goes makes the internet unsuitable for children (and a reasonable person might well consider that it does), the only possible course of action is to stop children from using the internet.  Let them revive Prestel or Compuserve for them – that would be more useful than the “child-safe” internet Burnham somehow envisages.