History repeats in cycles. Hax reminds us of an episode told by Nils Funcke of the Swedish Constitutional Committee, from a time when politicians invented new ways to circumvent fundamental liberties during World War II, and in particular, invent new ways to circumvent the Freedom of the Press.
Swedish politicians were very concerned during WW2 that some newspapers were printing stories that were critical of Nazi Germany, or possibly worse, appreciative of the Soviet Union. They were well aware that they were constitutionally unable to ban the printing of newspapers, so they banned the distribution of those particular newspapers instead (in Swedish: transportförbud).
The ban didn’t work particularly well; while trains, buses and other public transports were banned from distributing these newspapers, volunteers created an amateur distribution network that superseded the commercially-available channels.
The interesting tidbit here is how politicians of the time understood that information is only as accessible as its transportation, which relates directly and immediately to today’s calls for censoring the Internet. While politicians may not constitutionally ban somebody from putting inconvenient information on their own server, they are attacking the Internet Service Providers and requiring them to censor the network.
There is a direct connection between the right to publish information and the right to freely distribute information. One is useless without the other.
So let’s hope history continues to repeat in cycles. The thing that happened after the war was that the next generation of politicians looked back in horror on how the Freedom of the Press had been circumvented, and added constitutional protection not only to the printing of newspapers, but also to their distribution. No public transport institution had the right to deny transportation of newspapers on the basis of their content, regardless of whether the newspapers were obviously illegal. Let’s take that again: the laws were amended so that every information carrier would be required to carry any and all information, and particularly obviously illegal information. In return, they were not liable for the content of what they carried.
This has a direct bearing on today’s attacks on the messenger immunity, mere conduit principle and common carrier principle, primarily mounted by the copyright industry.
These principles, the requirement for an information transporter to be content-agnostic, need to be made technology neutral and updated to reflect today’s information flows. We need to make that happen.
[…] This post was mentioned on Twitter by Falkvinge, lillebrorsan. lillebrorsan said: Falkvinge: Attacks on Information Freedom via its Transport http://bit.ly/e7bqAk […]
There is actually a direct analogue to what you’re describing. In the recent version of Android and in the forthcoming version of iOS, there’s the capability of turning your phone into a hotspot. There will also be APIs available so that phones can “talk” directly to each other without the use of a backbone network. Now imagine a very creative file sharing protocol that connects between hotspots and as you walk out from your car at the subway, you’ll check your phone to see if any new information has arrived. That’s cool. The people themselves become the network and no one can control it 🙂
I do think that they have datalagringsdirektivet to control that…
Regardless, good idea. Almost as a dead drop, only mobile and anonymous. Someone should do something…
I don’t think you can control that as there is no carrier involved when you have p2p conections between hotspots. If the device (phone) can be modified (read: open platform) then you can always update the firmware on your phone not to include data logging. The only way to enforce it is to make it illegal for private persons to do that but that would be very hard to justify, as such an enforcement would not help solving hard crimes – note that it is ok to log regular use of the device; it’s only p2p. On a subway it would be impossible to use the standard logging to prove which individual transmitted what. Yes, I’ll investigate whether this can be anchieved in practice. Need to get an Android phone first 🙂
I was thinking of having infiltrators ride the subway and then correlate file ids or file fingerprints with mobile position history from the datalagringsdirektiv. Or I could just seed the city with parasitic devices and upload the information somewhere.
I think peoples lack of fear for datalagring is a sign of lack of creativity. If I had that information you would all be fucked.
Mobile position history won’t be that accurate. The only thing you’ll find is that a group of people were present at a certain site where file sharing took place. It is still impossible to know which individual transmitted to whom and what. As you say you could eavesdrop all transmissions, but the only information you could get is the MAC address of the devices. It’s no problem of randomizing MAC addresses everytime you connect to a new hotspot. This doesn’t mean I don’t fear the data retention directive, but I think the system outlined above should be fool proof on this specific issue.
It is true though that infiltrators could perform DOS attacks and block sharing between devices. I don’t think that’s gonna happen though as I can see many use cases of legal near field p2p communications.
No, you could get a file inventory from each device and then build a fingerprint based on that. Then when you intercept the same fingerprint in another location you could correlate the data and get to specific device and person based on the mobile positioning data.
We simply must make sure the inventory of shared files mutate over time. And put all new data on blacklist until there are verified multiple copies circulating. And not share unless there is a critical mass of nodes nearby. And preferably build a trust network, however that could be done anonymously…
There are more ways to identify individuals. I can think of several actually. Problem is, someone will think of one way more than I…
Well, my idea won’t allow a second device to query the full list of things on the primary/first device. I was imagining a system with twitter-like tags. For example,
I’m interested in: #music, #riots
I’m proxying: #bla, #boo
Therefore, there will be no way of getting a complete list of contents on a device, so you won’t have anything to compare with. You could just randomly pick something and transmit it and the receiver will accept/deny (automatically in the background based on tags) However, it just makes identification harder, not impossible I assume. But again, how can you correlate the data for sure? Let’s assume you carry a second (anonymous SIM) phone with you with the purpose of adding “noise” to the system. The court has to prove that the specific individual did this/that, which only is possible if you get hold of the actual phones physically. Now data retention is one thing, but having Gestapo walking around and consfiscate phones at random is very unlikely (I hope).
They could easily prove your primary and second telephone travel together and that the second one lives at your house. And if you have a scheme where you turn one off and the other on, they could correlate who has been off line while the anonymous one was on line. If your gonna use a second phone anyway I would think you would be better of just hiding it somewhere as a parasitic device and hope nobody triangulates and steals it. You wouldn’t necessarily need to connect it to anything just have it file share. And if you know it is trusted you may discharge the accumulated data on it without revealing yourself. Unless someone has taken it over that is…
So, basically we need to make a best effort and simply hope nobody uses the data retention data effectively… Because avoiding an attacker with acces to that data is not really feasible if you intend to live as a modern citizen in possession of a mobile phone and who uses some sort of electronic communication…
Well, just have a wifi only device then. Problem solved! Note that I said an anonymous SIM, so yes you can log all the data you want but you can never prove which physical device was used! (Remember a randomized MAC address everytime you connect) For an anonymous SIM you can prove correletion between devices but you still cannot prove who sent what to whom if you only do that with a relative large group of people (you can make the file sharing app be active onlyif there are a large number of hotspots available). The purpose of the second device was not to prevent correlation but to produce “noise” so any infiltrator, no matter what is being recorded, would be meaningless in court if the goal is to point the finger at someone. Nevermind, a wifi only device will do the trick. You can then only prove illegal activity by confiscating the devices which is highly improbable if you succeed making it a large scale social activity. So again, the only way to “control” this would be the Gestapo, and if governments try to do that the Pirate Party will get 90% of the votes. Again, problem solved.
Ok, let me set a scenario.
You have a wifi only device that p2p’s. You also have a mobile phone. If there is _any_ way to identify your p2p box, you are fucked. Even the fact that the number of nodes sometimes increase when you are around will give you away. If I fake a dozen of the hotspots at strategic locations, and have the cellular positioning data, then I can identify you. And when you are identified we can Gestapo just you, nobody will protest, it isn’t happening to them…
Only option is for you to not have a cellular phone. Simple as that. An anonymous sim wont do, unless you start the habit of turning it of at mayor intersections before approaching any site that may help in identifying you. Your home, workplace, friends, car, routes travelled between those sites, anywhere with a surveillance camera…
Yea, paranoia ftw!
First, cell phone triangulation is not that accurate. You can never distinguish an individual amongst a group of individuals. But yes, you could setup a fake place with a number of hot spot nodes, but in that case you’re basically in a deserted place with no people around. Let’s say the app is only activated when the cell phone is in the subway (where there usually are a lot of people). The app can check the 3G cell towers and make sure it is only activated when you’re underground. Basically, making sure that the fake scenario you’re describing is a meaningless attack. In the subway you won’t be able to distinguish precisely which 3G phone sent what over the wifi network (as we’re using hotspots only). The number of phones are so densely packed, so it is impossible to use triangulation methods accurately. You will never be able to tell who transmitted what to whom. That’s my key point. The court has to know this information in order to convict a person. Yes, you can, by eavesdropping, identifying that “illegal activity” is present, but you’ll never be able to pinpoint which individual it is. Again, the MAC address is randomized, so even if you confiscate the phone you cannot tell that it was precisely this phone who participated in the process.
In the individual situation this is true. Over time data retention wins.
My point is that we know you were on that subway cart, over time we then collect that information. We now have a list of all the persons present when there is activity. We can now correlate and fairly accurately pinpoint the individuals involved. If we combine this with infiltrators requesting specific files at different points in time and space, we could actually fairly accurately say that someone is providing certain file. If we then Gestapo that specific person on a day we know the file is present… How many of these before no one dares continue?
As I said, good concept, let’s do it, and hope no one uses the data retention data effectively 🙂 Your hashtag idea is excellent. This is actually rather doable.
So, you grab the person when the file is present, but how do you prove the file was illegally obtained? I have tons of legally acquired music on my phone. How would distinguish that from some MP3 that you obtained by file sharing? You can also apply a small random noise filter to ensure the obtained data file is unique (but that doesn’t affect the audio quality), so it cannot be identified with an equivalent MP3 on some others phone. For the court to prove that the file has been illegally obtained you would have issue a court order and search all the belongings at a persons house. Not sure if that would help either. Having that said, I’m of course against data retention laws, but I’m just trying to find creative ways to work around whatever laws the government/industry is trying to enforce.
God one, of course we could randomly flip the topmost bitts of every mp3 we share. Or have filters that randomize some other parts of the file that does not affect the quality. I don’t know how much it will help as judges probably wont understand the difference. My concern is that if an infiltrator manages to download a specific file from a group of persons, and can show that the file is on you, and that you regularly participate in a network, then it would be difficult for you to successfully deny your participation.
I think you would be better of with an anonymous proxy than with this, here the anonymous part is a bit difficult considering. Still it a really fun idea. We should start a project. I can program an application except for the network part which I’m a bit unsure of. I’m not good at network topology, or how to set up an ad hock network or whatever is required. I could help out with the android application part, ui and so on.
In reply to the sentence about infiltrators: That might be true, but I think there’s reasonable doubt here. The only way to find out is to make massive arrests because it still would be difficult to check the facts without confiscating all phones in the group. I doubt our laws would change so this would be allowed.
Another idea I had was to embed information (using encryption, so called steganography) inside pictures and use social networking sites as “information storage clusters” and use dummy user accounts. Then you post root pointers through Twitter. The client however makes this entirely transparent, so you could just make it look as uTorrent. The idea here is that governments are unlikely to shut down an otherwise legal service (at least in the western world). Even if ISPs have IP logs (which is what the data retention law is about) it still isn’t enough to prove transmission of data between two indivduals in this scheme. This is basically the same as having a shared email account as an information proxy, but the idea here is to make the stored data less obvious. It would require the sites themselves to have additional logging to be able to precisely track this. However, it is just a matter of time that they would extend the data retention law to include hosts as well (beyond ISPs).
Regarding the Android app, I checked the latest APIs to access hotspots and as far as I know they are still unpublished, making it vulnerable to future upgrades.
Well, in a civilian process there is no such thing as reasonable doubt. It doesn’t appear to be all that popular in criminal processes either nowadays. Al luck will have it, there are no provisions to have data retrieved from de data retention register for civilian processes, jet.
The steganograpy thing could be done. You’d have a bit of a practical issue in creating the fake accounts and generating all the unhidden data. It wouldn’t be very efficient either. Your bitrates would be hideous, as you would be downloading very much uninteresting data in relation to the interesting data. The good thing would be that it would be very difficult for infiltrators to collect ip addresses without collaboration from the sites. I wouldn’t rule out collaboration from the sites thought, as these would be very annoyed at any such practise.
Another way of doing it is going the other way. Instead of trying to make things more anonymous we could try to create trust networks were we only communicate with those we can trust. If such a system were spread enough nobody would be willing to lower his trust-rating any more than they would his credit-rating. Also, sharing with those you trust only would possibly be within the narrow confines of the law. With modern technology, you will almost always find that almost everyone is a friend of a friend. So the tick would be to find a path where all the stepping stones are legal transactions. Should be doable. If I ever get around to implementing my plans for a decentralized facebook replacement, I will definitely implement functionality for path finding between individuals. This could be used for may things, trust networks, key signing, ripple monetary system…
Apparently Android doesn’t support connecting to an ad hoc network without being rooted. To bad really.
Another example is US laws forbidding the distribution of obscene materials, or even condoms, using the public postal service. See Eric Schlosser’s “Reefer Madness” (Swedish translation “Pengar som gräs”), unfortunately, I don’t remember the details well enough to summarize here.
A WiFi p2p application for Android already exists. See “frostwire”.
And no, the data retention directive Can’t impact this as the exchanges take part entirely on the local level without involving the provider in the least.
If you think data retention does not impact everything in you life you lack imagination. As I said above. They know were you are. Do you really not see how that could be used?
The problem here is correlation. “They” can use the 3G cell network positiong and an infiltrator can eavesdrop the p2p transmissions over wifi and then correlate. Mumfi. and I had great length of discussions on how to come up with a solution that could handle this as well. FrostWire is not a Twitter-like tag-based solution as I proposed. Finally, Android (without being rooted) currently doesn’t handle ad-hoc networks, so how can this possibly work without going through a wifi hub?
[…] Attacks on Information Freedom via its Transport […]