Reposting from Riseup the call to action against Data Retention.
Having worked closely with clients where privacy of user data is a major concern, it is absolutely worth considering the points raised here. Even within standard web applications, there is a huge amount of data that is stored which can be used to track a given individual. Obviously, IP addresses are a primary concern with web applications but other aspects of social networking sites can reveal data as well. How many times have courios people dug interesting information out of published MS Word documents or PDF files? I suspect that we will continue to see this activity, but we will see it in a more pronounced way with media files- EXIF data can be stored in JPG photos and many video standards support meta data. Each of these can play a role in identifying an individual or a pattern of behaviour. On the one hand, some of these aspects can be addressed through education of people- but I think it isn't sufficient- the argument in the call to action is that we have to design our code- programs, applications, social networks- from the ground up to provide security of users data.
Though things like OpenID and GPG have popularised some concepts of security for users, the reality is that they are not widely deployed and they are not integrated well into the applications that users want. It has been fascinating to see that while WordPress was able to create tremendous buzz about OpenID, it still does not have a viable server, which means that users have to either install some moderately complicated software, or use a third party service. Note- third party service which means that user actions are completely observable. Of course there are services which provide OpenID services to individuals who use their services, but this just confounds the problem- not only are you using their email/photo/music service, but then you are letting the service provider watch every site that you use the OpenID service on. Of course, I'm not saying anything new here, just pointing out that we have a long, long way to go to making usable, secure systems.
October 11th: Global Day of Action against Data Retention
---------------------------------------------------------Today, October 11th, marks a global day of action against Data Retention [1]. We wish to show our solidarity and support those who are being forced by the by the E.U. Directive 2006/24/EC to participate in pre-emptive surveillance of communications infrastructure. ISPs in Europe are being forced by this Directive to be involuntary agents of the police, to store your communications data. We wish to voice our dissent of this attack on privacy and demonstrate our strong support and solidarity for those who fight against this apalling turn of events.
The communication networks of the coming decades are being built now, and we have an important decision to make: will the infrastructure of the future be one that supports freedom or one that is designed to facilitate surveillance and control?
Currently, our communication systems are being redesigned in order to build a spectacularly efficient machine for maintaining total social control. This work is being done by the democratic governments of the world, and the UN, in the name of law enforcement. These governments have a problem: the internet and new communication technologies are undermining their capacity for lawful surveillance. Their solution to this problem has been to attempt total surveillance of all communication and to require that every internet server becomes a data gathering arm of the government.
The new technologies of packet switching, digitization, and encryption are fundamentally different from the communication technologies of the past. Where once it was expensive and difficult to gather surveillance data on a particular person, now one can gather detailed data on millions of people with the push of a button. At the same time, these new communication systems can also be designed to make surveillance almost impossible. Unfortunately, there is no middle ground: either we build systems that are secure or we build systems that are deeply flawed, easily abused, and lend themselves to social control.
The old compact with the democratic states is over: there is no longer an option of limited state surveillance. We must choose between greatly diminished state surveillance or the capacity of total state surveillance. This is simply the nature of the new communication technology.
We demand:
* Freedom of Expression: Everyone must be able to communicate anonymously and privately. Our computers must not become outsourced extensions of the state police. We must not be required to gather and archive the communication data of our users. We must not be required to allow back-door access to the government to listen in on anyone’s communication.
* Freedom of Association: Everyone must be able to associate freely without the government tracking and monitoring the network of whom we associate with. We must be allowed to use communication tools that do not reveal the sender and recipient. The government must not be allowed, legally or technically, to build a map of how our social movements are organized.Much of the new surveillance we can fight with the voluntary adoption of better protocols. Other aspects of the new surveillance we must fight through political organizing, in the courts, in the streets, and by active disobedience to the law.
The stakes in this struggle are too high. We must work now to keep open the ability of social movements to communicate privately and freely. If we do not, we have surrendered our ability to resist governments, corporations, and injustice for many years to come.
For more information about the global day of action, see Freedom Not Fear [1].
[1] http://freedom-not-fear.eu
Post new comment