thinking is dangerous — it leads to ideas
thinking is dangerous — it leads to ideas
President of the Board of the Polish Free and Open Source Software Foundation. Human rights in digital era hacktivist, Free Software advocate, privacy and anonimity evangelist; expert volunteer to the Panoptykon Foundation; co-organizer of SocHack social hackathons; charter member of the Warsaw Hackerspace; and Telecomix co-operator; biker, sailor.
Yet again we are implored to "think of the children" by more than 250 000 supporters of a bill proposed in Poland that would put a 2-year prison penalty on...
...whoever publicly promotes or condones undertaking sexual activities by minors of less than 15 years of age, or supplies them with materials facilitating such activities.
Yes, you are reading this right. Two years in jail for giving a teen child a condom just in case, or informing them where kids come from. I won't even mention the filth called "sex-ed classes"! Yes, this also pertains to parents. What should a parent say when a child comes and asks how did their little sister get inside mummy? "Go ask the good reverend", I guess.
Of course there's a question of how the "pro-family" organisations that promote this enlightened idea reconcile their "pro-familiness" with the fact that such a law would have a great potential for breaking families apart, but I'll leave that one for the Dear Reader to ponder. Also, while I find hate speech laws to be a bit problematic, as long as we have them on the books, how about somebody look into how these people identify paedophilia with not being heteronormative, eh?
I'll leave dealing with the cranial rectal syndrome that makes people propose banning the best weapon we have against paedophiles (education) because they are afraid of paedophiles to those better suited for the task. Something else interests me in this situation.
For years I have taken part in many meetings concerning proposed Internet censorship measures. Each and every time "the paedophile argument" was one of the big guns in the proposers' arsenal. One of the organisations that used to propose such measures (and use such arguments), today went through the looking-glass:
We are convinced that the changes proposed will not amount to effective tools against paedophilia. The project aims to ban educating children and youth about human sexuality, which equips them with knowledge required to notice threats, maintain own integrity and look for help
It is hard to fathom that in the 21st Century it is still possible to propose criminal penalties for supplying children with knowledge about their development and the nature of sexual relations, and to lump custodians, teachers and educators providing such education with paedophiles
While I do find it a bit surprising, today I have to agree wholeheartedly with the President of Fundacja Dzieci Niczyje.
During the weeks since Mozilla's DRM-embracing decision to include EME there were quite a few voices defending Mozilla's decision. Most of the serious defence basically boils down to: we had to; without EME/DRM support Mozilla would be the browser that can't play video, and users would turn to other browsers which would jeopardize our work for freedom and open Internet in other areas.
As I have written before users already have little reason to stay with Firefox, and the strongest selling point for many of users still on Firefox has for a longest time been: that's the freedom preserving browser. With EME/DRM in Firefox, this reason is moot.
What's tragic is that even with EME/DRM inside, which already cost Firefox some users from the freedom crowd (and inspired at least one fork, of course), Firefox is bound to also lose in the less freedom-centred crowd.
Think about it for just a short while. The whole basic idea of DRM is flawed beyond repair — software that has to make some content available to a user (to be viewed, for example), and simultaneously make the same content not available to the same user (so that it's not possible to copy it).
This scheme has serious problems working even in closed-source, black-box software (sometimes even fails hilariously). How is it supposed to work in an open-source browser?
Let's ponder a scenario, shall we?
...and has DRM solution suppliers (like Adobe) write DRM plugins for Firefox. That's where we're at today.
...so that it's only available to the browser itself (to display to the user), but not the extensions — otherwise get ready for an extension that grabs the decoded media stream and saves it to disk (completely side-stepping any DRM) in 3... 2... 1...
Say, how about a fork that removes this very protection of the decoded media stream, but leaves in-place the rest of the EME/DRM infrastructure? Somebody is bound to do it. At this point DRM/EME is completely side-stepped in this Firefox fork.
One of the defenders of Mozilla's EME/DRM decision, Ben Moskovitz, remarks:
enabling users to do more is a feature.
Being able to save the media stream to disk sounds to me like enabling users to do more. Let us guess, then, which Firefox version will now become more and more popular, eh?
Is there anything Mozilla can do to plug this hole? Not as long as the code is open and free-as-in-freedom! Ah, well, Hollywood won't have any of that hippie bullshit, so they push DRM providers to remove support for Firefox (and its forks).
Mozilla lands with EME infrastructure and no DRM providers willing to write a plugin using it (as it would jeopardize their relationship with Hollywood), freesofties have already long moved to some more freedom-preserving browser, and regular users move to any browser that has DRM plugins for its EME infrastructure. You know, the closed-source ones.
After all, why would they stay on "a browser that can't"?
Another day, another conference on Internet governance, this time close enough to go there on my own dime. Besides, Berlin is always a treat.
As was to be expected of a conference organised in ministerial halls, for the most part when it wasn't objectionable, it was mind-boggingly dull. And yes, WiFi was as good as it gets on such events.
I have a strong policy of going to conferences mainly for the hallway/coffee chit-chat and making new acquaintances, and it was a winner this time around too.
Starting off with a welcoming address by the powers that be, including Neelie Kroes, who deemed the conference so important, she made a video appearance (how about we agree on a rule that when you're a politician wanting to have a point in a conference agenda, you can either come in person, or... pass entirely; no pre-recorded videos, please!), the conference gave no hope for anything of significance to happen within the confines of the programme.
Thankfully, you can always count on activists to bring the gravitas along. And while having Edward Snowden in the panel (or as a keynote speaker) would be the right thing to do, several Edwards Snowdens in the audience were the next best thing.
The first panel focused on lessons learned from NETmundial, and made a good first impression with no chair available for the only female panelist. Were there any civil society participants to the panel? Of course not. Questions from the floor about that fact (asked by the undersigned) and about the glaring gender disproportion in the panel (asked by Mrs. O'Loughlin of Council of Europe) were waved-off as "off-topic".
Representative of the organisers also remarked on how hard it was to find women for the panel. They tried, they just couldn't find any on the right positions.
Let's ponder about this for just a moment, even though I don't even know where to start.
I could say, for instance, that equality (gender, and otherwise) was a big issue on NETmundial, as evidenced in the opening address by Nnenna Nwakanma. I could refer you, Dear Reader, to the concepts like glass ceiling, and note how this is no excuse for not including women in the panel on equal standing. I could, as I have in my question, note the irony of a panel about lessons from NETmundial (y'know, the multistakeholder conference on Internet governance) comprising almost entirely of men, and with no representative of the third sector.
Or I could point out, that including civil society in the panel might have made it easier for the organisers to find female panelists, as while the glass ceiling is indubitably also sadly present in civil society, it doesn't seem to be as prevalent as in government and business sectors.
However, there is always hope. The "When the public sphere became private" workshop proved to be both inspiring and interesting, and the exchange of ideas relevant and much deeper than I would have expected.
It did help that the topic sounded eerily familiar, but the discussion went far and wide, touching on a number of related issues.
There was an important distinction that had to be made, as became apparent in the course of the discussion, between two meanings of the word "private", in the context of communication infrastructures.
First meaning being "pertaining to or supportive of privacy". Here, private communication medium would mean a communication medium that ensures the privacy of the communication between communicating parties.
The second one is, of course, "privately-owned", with private communication medium meaning a medium owned by a private entity.
Obviously, similar distinction has to be made for the word "public" in the same context.
With this in mind it's easy to see how crucial misunderstandings can arise when using these terms without making clear which of the particular meanings we have in mind. Specifically, privately-owned infrastructure can be (and often is) hostile towards privacy of the communicating parties.
When the whole infrastructure is privately-owned, privacy is not the only problem. Public sphere is crucial to democratic processes, but today it is more and more being replaced by privately-owned and controlled fora. Public discourse should not, however, be contingent on rules made unilaterally by private entities. Or, as one of the workshop panelists neatly put it:
Public agora cannot underlie a business model based on surveillance
As always, the first step is admitting that we do have a problem, and I take it we are getting ready for such an admission. Finally. But what's really interesting is the next step — what should we do about it? There is, unfortunately, no clear answer, but several ideas have been floated.
One of these is open standards, or making the operators of such privately-owned fora to at least supply APIs allowing full interoperability between different providers (think Facebook interoperating with Google+). Another (crazy, I give you that!) idea — floated by a friend of mine some time ago — is to have source code of all software available at least for inspection, just like ingredients listing on packaged food.
Yet another would be mandating privacy impact assessment on all lawmaking activities, and on infrastructural decisions made (for instance) on governmental levels.
Finally, there was this gem:
Governments need to pass human rights as technical requirements
That's something that really got my attention, as for some time now I am pondering that we — the technical community, geeks, free-softies, etc. — should start making software with the assumption that if some abuse is possible, it is inevitable. And start designing our software for privacy just as we design it for security. I'll elaborate on that in a separate post.
All of these need further thought and consideration; some might turn out workable, some might turn out impossible, and some combination of them might be the right way to proceed.
But the right questions are apparently finally being asked. Not holding my breath, but maybe next time we're even able to find some less locked-down solution instead of a Twitter wall to bring in the remote participation...
It's official — I have been confirmed as a member of the Digital Affairs Council to the Minister of Administration and Digital Affairs. I was recommended by Internet Society Poland and Polish Linux Users Group.
the Council is "minister's advisory and consultative body" (as described in art.17 of the informatisation law). That means that on one hand it doesn't really get to make direct decisions; on the other, however, Council's recommendations will carry certain weight (at least, that's the theory).
According to the law, the Council will propose and opine projects of statements (among others, by the Council of Ministers), documents, development strategies, program projects and reports in the areas of informatisation, communications, information society development and rules regarding the functioning of public registers, rules and state of introducing ICT systems in public administration, and even Polish ICT terminology. And...
The Council can initiate activities related to informatisation, ICT market development, and development of information society.
The Council today has 20 members, representing administration, NGOs, technical organisations and business. What recommendations will the Council produce and which direction will it lean? How will the practicalities of its operation look like? Hard to say today. But the possibilities seem quite interesting.
I have had the pleasure of meeting several members of the Council on different occasions; not all of them, unfortunately. The ones I know paint an interesting picture.
Hence we have openness and privacy activists on one hand, copyright maximalists and representatives of big IT companies on the other. What will come of this — we'll see.
The problem of anonymity — and a connected issue of representativeness — in public consultations (and wider: generally in public debate) seem to be a Gordian knot. On one hand, anonymity is indicated as necessary for a truly independent discourse; on the other, in invites behaviour that is far from desirable.
We tried to tackle this issue (both in the panels and during the workshops) at the Nowe perspektywy dialogu ("New perspectives of dialogue") conference, held within the framework of the W Dialogu ("In Dialogue") project — in which the FOSS Foundation cooperates with the Institute of Sociology at the University of Warsaw.
Anonymity in a discussion has some advantages:
Obviously, there are also important drawbacks:
Would it be possible to have the anonymous cookie and eat it too, though?
First of all, it is worth reminding that there are several shades shades of anonymity, depending on:
Additionally, statements in a discussion can be:
The first of these makes it impossible to follow a conversation (no way to be sure if we're answering the same person, or some other participant). The second one allows for a better structuring of a given discussion, and to more easily follow the exchange of ideas. Last one doesn't really differ from pseudonymity (apart from the fact that the identifier is chosen by the system, instead of the participants themselves), hence it makes it possible for participants to build identities of sorts within a given platform.
Anonymity is a certain tool that can help us achieve certain goals, if we use it with care. How?
Polish Data Protection Supervisor, dr Wiewiórowski, made a simple yet powerful distinction: anonymity makes sense and is very useful in general, high-level consultation processes. As soon as we start consulting particular documents and discuss specifics, commas and numbers, transparency and accountability are much more important — as this is where particular interests really come into play, and we need ways to follow these very closely in a democratic society.
This was further supplemented by a thesis that a fully anonymous public consultation process needs to be evaluated with regard to subject matter by the consultation organisers, and its result should be treated as a guideline rather than a definite decision. If a given process is to be completely binding, it needs to be completely transparent.
Hence on one axis we have a whole spectrum of anonymity of public consultation processes, on the other — a spectrum of how general or particular a given process is and how binding it should be. We also know that there is a strong correlation between the two axes: the more detailed and binding a given consultation process is, the more transparency and accountability is needed, hence less anonymity for its participants.
This correlation, I would say, is extremely powerful in organizing the discussion around anonymity in public consultations. It also means that it is impossible to make a decision about anonymity in a given consultation process without deciding first what kind of a process it is supposed to be. This is also crucial to all attempts at creating tools aiming to support such processes.
It's worth noting we already have examples of quasi-consultation processes from both ends of the spectrum:
Another interesting example is the Chatham House Rule:
When a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed.
Hence, during a meeting governed by the Rule participants are not anonymous to each other (which solves the problem of representativeness, helps structure the discussion better, etc), but after the meeting all participants can expect full anonymity with regard to who said what (which in turn helps make the discussion more open, honest and not tied-in with particular interests of participants' affiliations).