Skip to main content

Songs on the Security of Networks
a blog by Michał "rysiek" Woźniak

Because ACTA is passé

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Yesterday I had the pleasure of attending an Open debate on ACTA, held at the University of Silesia in Katowice. Among many distinguished guests (including the Polish Ombudsman, representatives of NGOs and ZAiKS) a member of the Polish parliament, Mr Andrzej Gałażewski earned a special mention – and an award for the best quotes of the day, hands down.

I think all the participants were surprised with Mr Gałażewski’s defence of ACTA signing decision, taking the form of a claim that no negative signals about the treaty surfaced before the decision was made. After a quick reply to this misconception by Robert Partyka of the Polish Linux User Group, Mr Gałażewski commented:

Outside arguments that reach us impact our decisions only when they are suitably intellectually packaged

Apparently, substantial arguments submitted by NGOs against ACTA were not “suitably intellectually packaged”. As we all know, what had impact on the decision were the protests. We also know the slogans used during those protests – so we have some examples of what, in fact, is a “suitably intellectually packaged” argument. And thanks to a member of the Polish parliament, no less!

That, however, is not all! When talking about the future of ACTA, Mr Gałażewski remarked that at this point "this agreement is passé", and asked directly how is he planning to vote when (if?) the ratification vote comes to the Polish parliament, he replied:

We are not going to commit political suicide

Well, at least it’s all in the clear now! I mean, how the politicians make their decisions. That substantial, on-topic arguments are not the best way to influence such decisions (they are not “suitably intellectually packaged”), was public knowledge for a long time. That many politicians are political opportunists is also not that surprising.

It is, though, great to know that, besides opportunism, there are some additional criteria – even if it’s just fashion.

Privacy of correspondence, EU-style

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

When, in Poland, new Internet filtering and censorship ideas came about, one of the arguments used against such schemes was that it violates the principle of secrecy of correspondence, guaranteed by the 12th Article of the Universal Declaration of Human Rights and 49th Article of the Polish Constitution.

While it was usually quite hard to convince the proponents of net censorship that this is precisely that – censorship and a violation of this important freedom – nobody questioned that in the regular, physical variety such actions are completely unacceptable, unheard of in a Free Country, and remind of the times rightfully gone by.

This, however, might change soon – European Union decided it’s more important to defend “intellectual property” than human rights and freedoms. According to new EU regulation being drafted, customs will gain powers to open small packages coming from outside the EU (but addressed to EU citizens) and destroy their contents once materials infringing IP rights have been found.

That was definitely not what I meant when I wrote that the same basic principles should be upheld in the Internet as in the AFK

Polish PM on ACTA: I was wrong

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

First, I must say I was totally flabbergasted by today’s statement by Polish Prime Minister Donald Tusk, concerning the change of heart the Government had in the topic of ACTA. And I am not the only one. Nothing suggested that during the last weeks.

However, the more surprising, the more welcome it is.

From what I gather what has been said, and maybe more importantly HOW it has been said, is a clear indication that Poland will not, in fact, ratify ACTA and is clearly opposed to it on the EU-level. This is extremely important and a clear success in anti-ACTA fight.

The PM could send ACTA to ratification in Poland now in order to throw it out quickly here; but he already said a week ago they are “halting” the ratification process in Poland, so he’s in a tight spot with that and in some sense he cannot do that at this time, politically. I can understand and respect that, providing that other concrete actions (sending ACTA to CJEU?) will follow during the next few days.

No info on the retraction of the Polish signature. This is interesting, but I cannot comment on that, I am not a lawyer. Maybe the Government decided it’s more important to focus on Europarliament rejection of the treaty? This could make sense.

All in all, we (the NGOs) are very pleasantly surprised with that move and we are definitely supportive of it. However, that’s just a start of two long processes:

  • throwing ACTA out in EU;
  • global debate on (much needed) intellectual property rights reform.

Both of those themes were present in what Tusk said and it is a very positive and welcome sign of goodwill, and possibly a good start to rebuilding trust, lost on this fateful day of January the 19th.

Anonymous vs Corponymous

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Watching the situation with ACTA in Poland unfold during the last few weeks (and taking active part in it all, through my affiliations) got me thinking about Anonymous. Obviously, they played a huge part in what was happening, both positive and negative.

Positive – because they did help raise public awereness of ACTA (although saying there were no protests before Anons got involved just isn’t true). Negative – because through their “attacks” (which I would say were something between hacktivism and vandalism) on Polish Government websites they gave a perfect excuse for the Prime Minister to sign ACTA anyway, citing “not succombing to blackmail” as the reason. This played well with part of the public, and unfortunately helped push anti-ACTA activists towards the “pirates, terrorists” corner.

At this point I already started thinking about Anons as purely hedonistic bratty pricks, getting on the Anti ACTA bandwagon in an attempt to get a lame excuse for them having fun with vandalizing stuff on the Internet.

But then something increadibly curious happened. With the help from Anons from outside and from within Poland we were able to ask Anons to halt their attacks. And they did.

Ethical force of nature

Finally, it dawned on me – Anonymous may be hedonistic, impulsive, with small regard to effects of their actions, but they are still, for the most part, ethical in their own special way.

The closest description to how their actions feel from the outside is “a force of nature”, the unstoppable-antilope-herd-stampede kind, like the one that crushed Mufasa in “Lion King”.

However, even en-masse or in a herd, even with all the anonimity the Internet avails them, and even though they are (or at least, feel) virtually unpunishable for their actions (which could mean drifting towards the immoral), it is still extremely rare to actually see purely evil actions on their part! Or, using the “Lion King” analogy further, it doesn’t seem easy for the hyenas to start an Anonymous stampede against a cute little kitty.

Au contraire! Usually, it’s the hyenas that get stampeded because they already hurt some cute little kitty. Like the Police abusing their power.

Of course the actions undertaken by Anons may lead to both good and bad, but still – they are not usually undertaken with pure evil in mind. Attempts to rush Anons against some personal enemy usually end in the “not your personal army” category, sometimes even backfiring at the attemptee.

Without a doubt the single most important reason for Anons to do something is “Teh Lulz”, and how spectacular or notable it might become. But it seems there is an unwritten and unspoken rule that it can’t be pure evil (however defined).

The Corponymous

This is not how corporate people work. What they do is “serious business”, and it seems that the higher one ranks in a corporation, the more the term “evil” fits in their job description.

However, there are many similarities between those two groups of people. Like the Anonymous, corporate people are also virtually anonymous, almost completely anonimized by the behemoth they work for. Like the Anonymous, actions of a single corporate employee are almost completely irrelevant – it’s the herd, the sheer mass of the whole behemoth thrown in a single direction that makes a change. Anonymous are more-or-less indemnified for their actions by technology, corporate employees are indemnified by law. It’s extremely hard to change the direction of Anonymous stampede – and it’s close to impossible to change the direction of a corporate entity. Anonymous flock behind symbols, the Corponymous execute their actions under the aegis of corporate logos.

So, with all the similarities, how come the Corponymous do not exhibit the same level of morality in their day-to-day work the Anonymous seem to do in their actions?

Chaos vs Structure

There are some crucial differences that might help explain this, at least in some part.

First of all, while people can apparently join and leave both groups whenever they like, it’s much harder in the case of the Corponymous. This is a job. This is a serious commitment, and walking away from it would have huge repercussions. That’s not the case with Anonymous, where everybody can join-in and drop-out as they please, without any hassle. As soon as an Anon doesn’t like what he or she is doing, he or she stops.

Secondly, corporations are very hierarchical entities – something Anonymous (by design) is very definitely not.

This has many consequences, not the least of which is (apparent or factual) indemnification for actions done in the name of the whole. Anons are hard to track, but are not indemnified, and they are well aware of that. The Corponymous however can, on a court hearing, always say they were ordered to.

This is maybe the crucial point. Within the Anonymous, the responsibility for actions of every single person in the herd lies squarely with that particular person. The Corponymous, however, perceive that the responsibility for their actions is blurry. And thus, maybe even more importantly, they can rationalize any action they undertake, however atrocious, as not being their fault.

A New Hope

That speaks volumes about the human race in general. And it speaks well!

Even completely anonymous and seemingly untraceable (thus not threatened by any punishment), even when claiming to act completely hedonistically, sometimes even acting against the law, people tend to act according to some ethos, at least in groups, as long as they are not granted the leisure of off-loading the responsibility for their actions on somebody else.

That seems counter-intuitive, as most of us would feel that the inevitability of punishment is what keeps people from doing evil. Turns out that for a lot of people, even in such a shady group as Anonymous, the sheer fact of being the responsible party, is enough of a moral incentive.

The bad part is that a lot of the society building blocks today are strongly hierarchical, and thus allow responsibility off-loading. Major religions also tend to create conditions for it, either with a distant deity that “has a plan”; with vague and ambiguous, obsolete rules; or with instructions to unconditionally follow the judgement of a select few individuals.

There’s a reason why some of the most heinous acts in human history had been done under the banner of a government or a religion.

The great part, however, is that we all seem to have a built-in moral compass, and we do actually use it, even when there is nothing that can make us. And that is something I am very grateful Anonymous shows.

To have a cookie and dowload it too

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Hipocrisy of the media corporations and other entities engaged in the War on Fun is indeed fascinating.

On one hand they hold firmly that copyright infringement (as downloading and making files available on the Internet without proper license should be called) is “theft” or “piracy”, as if those files were a physical thing one can deprive somebody of. So, they talk about files on the Internet as if they still were physical media, with all the (handy) consequences.

However, on the other hand the physical media are more and more often encumbered with so called “protection mechanisms”, because of which I – a paying customer – am unable to access the content I paid for, as soon as I go to, say, the United States. There is even a hard push against the second-hand market for physical media – yes, the media business is trying to kill the first-sale doctrine, something we all take for granted for decades.

That hipocrisy can be spectacular at times. For example, in case of selling content via iTunes. Long story short, a band has an agreement which stipulates that from sales (e.g. of a physical medium with their content) they get much less than from licensing. The argument here is that to “sell”, the physical media must be first produced, which creates additional costs.

Obviously, those costs are not present in “digital sales”, e.g. via iTunes – but that doesn’t prevent Warner Music Group from claiming these are (a’la physical) “sales”, not “licensing” (which of course means they can pay artists much less). I am curious what would WMG do if the consumers that bought those files via iTunes decided to go with such “physical” interpretation and would want to re-sell their files as per the first-sale doctrine?

The rule of thumb that Big Media seems to follow is that if something is on Teh Intertubes, they try to use convenient for them “physical media” interpretation; however, when talking about real physical media, they choose to ignore some rules regarding those. It’s nice to be able to choose what rules one abides and when, isn’t it?..

By the way, maybe it’s time to start playing the same game, and also start calling the copyright term law extentions – “grand theft”? In fact, it would be much more justified in this case – while the Big Media do not lose access to files that are made available on the Internet, the society indeed does lose access to culture – recently to music and songs in the EU, for another 20 years.

About ACTA at Polish PM Chancellery

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Today at the Chancellery of the Polish Prime Minister a meeting between Polish NGOs, businesses and government officials (Ministry of Culture and National Heritage; Ministry of Economy; Ministry of Justice) has been held, under the aegis of the newly established Ministry of Administration and Digitalization (unfortunately, Minister Michał Boni was not present). Main topic was ACTA – it was obviously nicely aligned with the anti-SOPA and anti-PIPA blackout that was in fact still going on at 11AM CET when the meeting started.

It was tense, it turned out that in just a week, on Jan 26, ACTA will be signed by the European Union; after that the treaty has to be ratified, first by the European Parliament, then by member states. In Poland, the decision about the upcoming ACTA signing has been made on Nov 25, 2011 in a so-called “circulatory mode”, i.e. not on an actuall government meeting. Documents have been sent to all the Ministries, and when none voiced comments nor concerns (which would prompt a meeting), it was deemed accepted.

Interesting part is that the request for just such a mode of acceptance went out on the last day of the previous cabinet, and it was signed in the first days of the new cabinet. The M inistry of Culture of course holds that it was a coincidence and was caused by pure date collision, waiting for the Polish translation of the treaty, etc.

Such a mode of making this decision – non-transparent, behind closed doors, without any way of faciliating a discussion on the merits – is in stark contrast with what the Polish Prime Minister Donald Tusk promised during one of the high-profile meetings with “the Internauts” in May 2011, namely that no further steps will be undertaken as long as a full and open discussion about the treaty is conducted.

Not the least surprised with such revelations on the advanced status of ACTA adoption was the representative of our host, the Ministry of Administration and Digitalization. We might hear much more interesting facts on the matter during the enxt few days – the ministry promised to publish information pertaining to the negotiations, expert opinions on the legality of ACTA and how, if at all, would it change local laws, and other materials.

Representative of the Ministry of Culture, which faciliated ACTA negotiation/acceptance process in the name of the Polish Government, was only able to report the history of the acceptance process and sketch the next needed steps. All questions, doubts and arguments against ACTA were met with standard phrases (“The priority for this Government is the effective enforcement of IP laws”), and when asked about the official stance of the Ministry on ACTA he basically quoted, word-by-word, the official position of the European Commission (argued against many times through the last few months). For example, we never received an answer to the simple question if the Ministry is able to name a single Polish company that will benefit from ACTA.

Hence, we await the promised materials and some merits-based arguments and answers to our questions.

Signing of ACTA by EU next week is not the end of the line! It’s actually a beginning of the adoption process. It still needs to be ratified by the European Parliament, and then individually by member states.

The Europarliament ratification is extremely important here, as it’s an “all or nothing” vote. ACTA either passes and is ratified, or is rejected in full. This is where we need to focus our actions.

Ratification by member states only concerns parts of the treaty (albeit parts important for free speech on the Internet); if ACTA sails through the Europarliament, member states will only be able to cripple ACTA, not reject it entirely. There is much work ahead of us!

Europarliament ratification vote date is still unknown.

Update

Igor Ostrowski, a Minister in the Ministry of Administration and Digitization and our host today at the meeting, tweeted afterwards:

Minister Boni will ask the Prime Minister to hold the signing of ACTA until questions that arised on the meeting are cleared

More information

You can find a more thorough description of the meeting and a fuller analysis (albeit in Polish) on websites of Piotr “VaGla” Waglowski and Panoptykon Foundation.

Contact

If you have any questions, please contact me! I might not be very responsive during the next week, but I will check my inboxes at least once a day. You can also send an e-mail to stop-acta@brama.elka.pw.edu.pl

Free as in United

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Free as in Freedom is not enough anymore. Free Culture is not enough anymore. Accessibility is not enough anymore. Open Education and Open Access, Open Data, Open Government and Transparency are not enough anymore. They are all not, by themselves, enough – even to achieve their own goals. If we are all to succeed, we have to move beyond our particular pet peeves and projects and become Free as in United.

You might have already heard or seen Cory Doctorow’s “The Coming War on General Computation” 28C3 talk. If not, please do. And when you do, you will perhaps come to the same realisation as I did – that each of our vibrant and fascinating freedom- and access-loving communities alone is weak and vulnerable to being marginalized. How? Through attacks on freedoms our particular community is not concerned with.

Free Culture enthusiasts, defending the Public Domain, convincing artists to publish on one of the great Creative Commons licenses – how will you access such “freely-available” content if it’s locked down? Not locked down by the copyright law, a lock-in which you have been fighting against, but by technical means, i.e. it’s only available in some format inaccessible to you as long as you don’t buy expensive, proprietary software. Even when such proprietary software is free of charge, what if suddenly the vendor decides otherwise and cuts your access unless you pay up?

Accessibility advocates, what will you be accessing if all content is paywalled, and available through proprietary, vendor-locked software?

Free Software and Open Source developers and users, what of your great platforms and access to code, if you are not able to use them to enjoy and participate, even if only as spectators, in the locked-down culture? What of it all, if you cannot enjoy it because it’s not accessible?

Open Data and Transparency activists, how will you be able to build truly Open Government without full control over tools such Government uses? How can you access the data if it’s encoded in yet another proprietary, closed data format, not supported by software available to you?

And how, finally, can we be open in education and academia, if we are not using free and open tools to tackle free and open content that we can share with our pupils and peers in a way that’s accessible to all interested parties?

We are all connected, our goals are intertwined, and we desperately need each other in order to achieve them. Why are we still doing all this separately?


I call upon you all – Free/Libre/Open-Source Software, Free Culture, Accessibility, Open Education and Open Access, Open Data, Open Government, Transparency along with all other freedom loving communities, unite! Let’s try to understand each other, let’s try to support each other. Let’s try to promote ideas of our respective projects, together.


When advocating accessibility, advocate open formats, free software and free culture licenses. When discussing software freedom, remember about the needs of the handicapped, and keep in mind that you need open content for software to be really useful. When opening the data or the government, please open it all the way, right down to open formats so that it is being usable with free software. When educating, educate using free and open tools, and free content. Finally, when fighting for the Public Domain and getting cultural works published on Creative Commons licenses, remember to propose file formats that enable even more people to enjoy them in an unrestricted manner.

I am not advocating centralisation, mind you! In fact, that would be counter-productive – we still need to be a diverse, de-centralised and diffused global community of independent initiatives. But we need to communicate a bit better, co-operate a bit better, and be aware of all other agents of this fantastic Gift Culture revolution. And act upon it when possible.

Terms of Using the Service

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Another pearl sent my way by Sirmacik – a footer on one of the websites:

“I prohibit copying and/or publicizing any content, including images and the source code of this website, looking into any files with these extensions is strictly forbidden: .html/.php/.css/.js”

I’m not sure whether it’s more funny or sad. It is, however, a part of a bigger and definitely serious problem – all kinds of Terms of Service or End User License Agreements that users don’t even know they are agreeing to, or what exactly those “agreements” contain.

So, with a reference to the great “End Vendor License Agreement”, I propose a similar response to all the Terms of Service out there – Terms of Using the Service (TOUTS), as follows:

By displaying your content to me and/or saving the following Terms of Using the Service you hereby agree to the following Terms:

  1. you will not track my browsing habbits outside of your domain;
  2. when tracking my browsing within your domain you will do that only after my express consent;
  3. you will not use any of data generated by me without my express written consent;
  4. at no time will you hinder my ability to access my data;
  5. you will fully comply with any and all my requests to delete my data, including copies, backups, cache and similar.

Or a shorter version, with a link to full TOUTS:

By displaying your content to me and/or saving the following Terms of Using the Service you hereby agree to the Terms available at: http://rys.io/static/touts-en.txt

Now we only need to place that in our User-Agent String, so that it’s visible in the server logs (hence the need to keep TOUTS short). And we can claim, that:

  • TOUTS have been written on the disk, which is considered acknowledging them and agreeing to them;
  • at any time the server could have just stopped serving us should it consider TOUTS to be unacceptable – but didn’t, hence we can once again assume that TOUTS have been agreed upon.

The idea is to get the “service providers” to acknowledge all the problems with TOS, and get them to finally agree that TOS are not binding.

So – spread the word, put TOUTS in your User-Agent String. Suggestions, additions, translations are very welcome. You can contact me in a plethora of ways, or you can use this Diaspora thread.

Corporate lack of patriotism

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Portugal is outraged (not to be confused with the Indignants movement) that Jeronimo Martins company – one of the biggest in this country – has apparently decided to dodge tax increases (that are supposed to help Portugal get out of economical problems) by moving to the Netherlands.

Protest groups are being created on social media, people are vowing never to buy anything in company-help shop networks. Company is being called “unpatriotic”.

Well wait a second. A company being a multinational financial creation with the single aim – providing financial gains to the owners – is called “unpatriotic”? Is it only me, or is this just very, very strange?

Of course that’s just on of the consequences of corporate personhood; if they are “persons”, we can use categories with regard to them, that we do use with regard to real, breathing persons. Right?

Well, not quite. See, corporations are “people” only insofar as it’s actually beneficial for them (and only them). E.g. when they can call upon right to privacy; or when they are treated as a “person” acting “on behalf” of the owners and the Board, which means that the Board and the owners are basically off the hook with regard to any criminal activity of the corporation; or when it is suddenly decided that a donation to a political campaign is a form of “freedom of speech”, which is indeed a very desireable thing for corporations (them being thus able to practically “buy elections”).

On the other hand, however, there is completely nothing that would make them act ethical. Everything that corporations do (with very, very few exceptions) is always due to a cost-benefit analysis, and nothing more. If by chance they act ethically, it’s because the cost-benefit analysis was in favour in this particular case – for example, due to taking PR and public image into account. If we really have a look at corporations as if they were real people, we’ll notice they usually show symptoms of antisocial disorder, or in other words – they act like psychopaths or sociopaths.

For Jeronimo Martins the Netherlands move is just a huge pile of cash on the “benefit” side, due to lower taxes. And it probably even already counted the projected losses due to boycott in Portugal on the “cost” side, and those turned out much smaller than the gains. Patriotism has nothing to do with this all, patriotism is a social norm that works with real people. Not corporations.

And even for this reason alone we should end this dangerous legal fiction that “corporations are people” (that, among other conditions, helped us get in the financial crisis we are all currently struggling with). They are clearly not.

Or… we could get them the full “personhood” thing, with all the rights, but also with all the duties and matching penalties. Dissolving of the corporation for repeated heavy offences and disregard for law as a “corporate death penalty”; freezing all the assets for a given time as a “corporate jail sentence”. Treating the Board and the owners as accessories to committing a crime if a crime is being committed by a corporation.

Terroristcopters

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Oh 28C3 and Telecomix, why u so inspiring!

On the Congress in Berlin there were a lot of quadcopters, hexacopters and other flying and – what is more important here – hovering drones. Mighty cool stuff, mighty cool people. This sparked an interesting discussion with a fellow Telecomix agent pwntus, which basically led us to a simple statement of fact:
Quadcopters and similar, hovering-capable drones will be soon banned, probably as weapons, probably under “anti-terrorism” laws.

Why, you ask? That’s why!

Suddenly, everybody with a few dollars is able to directly oversee (pun intended!) Police actions: film them, stream them, document them real-time and with almost no way of the Police actually knowing they are being filmed.

Certainly, this will not play well with the Police, as already for years they fight (and, unfortunately, so far win) with citizens’ rights to videotape and record their actions. Something that should be obvious in a democratic society – citizens being able to supervise how their rights are being defended by the Force – is slowly becoming tagged as a “terrorist” activity. On the other hand, the police has no problems with spying on citizens, but that’s just one of many signs of hypocrisy therein.

Now, back to *copters. They will get banned, and will get banned as “terrorist devices”. You will hear arguments that, for example, they are able to help “terrorists” plant explosives or create havoc and are very hard to take down once airborne.

The funny part is: we had flying drones in the form of RC planes and copters for years upon years and nobody thought about banning them. Moreover, these would be much better-suited for the supposed “terrorists”, as they are bigger and more powerful – able to carry a bigger amount of explosives, on a longer distance, faster and therefore harder to intercept.

I am willing to bet, however, that these will not be even touched by the ban that I and pwntus envision.

Because what those devices are unable to do is hover near-silently and almost undetected and videotape, register and stream audio and video for prolonged periods of time. Which is near-useless of “them terrorists”, but extremely helpful for activists documenting Police actions.

Hence, the only real reason – make no mistake about it – for upcoming banning of *copters is that they are the perfect tool the populace can use to document Police brutality and other missteps of the law enforcement. The “bad terrorist device” argument will be only a smoke screen, albeit a very effective and trumpeted one.

And as soon you hear about plans to ban *copters and drones, you know you are closer than ever to a police state. And that it’s about time you do something about it.


Update:
Seems it already begins.