Digital Democracy

Digital Democracy

One of the motions proposed but not debated at the CLPD AGM was called “Digital Democracy & the need for greater voter participation”. It’s quite long at over 550 words and I planned to speak against it, by saying something like,

This motion, despite its length, says only two things: that we’ve read Corbyn/Barbrook’s Digital Democracy Manifesto and that we approve of a digital identity card as part of a system of access to e-voting in public elections.

I have read the manifesto and believe it is flawed, most importantly in it postpones the consideration of what human rights looks like in an age of the ultimate surveillance machine until after the election of a Labour Government, when it proposes a consultation. It proposes a People’s Charter of Digital Liberties but makes no mention of the work other campaigners for digital liberty have done in defining new Human Rights needs in a connected world and old Rights that need defending. These campaigning bodies include Liberty, the Open Rights Group, the Electronic Frontier Foundation and Labour’s members on the European Parliament’s LIBE committee.

But we can’t talk about e-voting without talking about Estonia, the poster child of e-voting, and its failed audits, and its proof that e-voting does not increase turnout, and its alleged failure to meet European data protection standards.

We can’t talk about e-voting without talking about the Surveillance State and its private corporate arm. It’s bad enough that the datenkraken can use our phones to spy on us, but I suppose the fact that the US government has access via them to all they know perhaps should reassure us that there is no risk to making a short cut to British Intelligence of our internet usage records, they already have it.

We can’t talk about e-voting without talking about the digital divide.

We can’t talk about e-voting without looking at whether the ERS removed votes from the 2015 Labour Leadership elections, a fact if true showing the vulnerability of the “transparency of the result” to insider attack.

We can’t talk about e-voting without talking about Russia’s interference in the US, British elections and the Brexit referendum through their advanced hacking capability.

We can’t talk about e-voting without noting that Verify, the current Government identity portal has been criticised as a failure by the Public Accounts Committee and now looks likely to be privatised.

We can’t talk about e-voting without looking at the fundamental criticisms of such systems, that they are hard to build, and it may be impossible to resolve the conflict between having a transparent result and a secret ballot; this is before we address the issues of coercion,  impersonation and 2nd party verification i.e. how to implement polling/counting agents in a proprietary software system.

In the US, engineers and electoral administrators are developing the systems to make this easier, requiring physical receipts of the cast vote, which are then electronically counted with statistical control samples manually counted.

This motion is technically premature at best and otherwise dangerous populist nonsense.

Please remit or oppose.

ooOOOoo

Interestingly, DARPA have announced an e-voting proof of concept, I am pointed at it by Bruce Schneier. …

A giant juke box

A giant juke box

This (European) Commission and Parliament must be the worst ever. Previous Parliaments have stopped ACTA & TTIP, previous Commissions have sanctioned Microsoft and Intel but it seems that this regime is going to commit two huge mistakes in regulating the new techno-economy.

The European Council has made the proposed Copyright Directive even worse! The link tax and the upload filters are still in place but the protections for authors and researchers have been weakened. The duties on social media sites with respect to licensing material are onerous to the extent of impossibility but then the law was always designed to transfer money from the datenkraken to legacy publishing businesses and turn the internet into a commercial jukebox. It’s so poor that despite,

As the entertainment industry representatives have said repeatedly during this fight, they are after nothing less than a fundamental reshaping of the Internet, where our ability to use networks for employment, family, civics, politics, education, collaboration, romance, and all the other purposes we put them to are subordinated to the use of the Internet as a glorified jukebox and video-on-demand service — where killing every EU competitor to U.S. Big Tech is an acceptable price to pay if it means transferring a few points to Big Content’s balance sheet. corydoctorow @eff

even the music companies now no longer want this law as it is.

The other piece of legislation is the Public Sector Information (PSI) Directive in which the Government’s have weaked the principle that public money buys public domain. For more see Glyn Moody on Tech Dirt, EU’s New ‘Open By Default’ Rules For Data Generated By Public Funding Subverted At The Last Minute.

Julia Reda, the Euro Pirate Party MEP writes on how to stop the Copyright Directive and points that the final votes in the Parliament will take place in the run-up to the Parliamentary elections. Not sure if the UK is taking part in them, or if there will be a selection for the candidates in the Labour Party, there wasn’t in 2012, they forgot, but I shall be writing to the Labour MEPs asking them to vote to support freedom of speech and a free internet.

You might want to too! …

Reinforcing Monopoly

Hereby are two stories about how software acts as a barrier to entry to a market and reinforces the monopoly power of its provider.

The first is shown by the fact that industrial content are getting cold feet over the EU copyright directive as the service providers have switched to supporting Article 13 since they already have the so-called “upload filters”. Only the big boys will be able to remain in the game of hosting user authored content. As predicted, the new regulations will inhibit both startups and SMEs.

The second story is closer to home. The UK have decided to mandate age verification functionality for porn sites. Who do you think is going to build that? Alec Muffet and the Open Rights Group have been tracking this and even if you think it’s a good idea, they way it’s being done is disastrous. The BBFC is the regulator and this is a massive piece of scope creep, it looks like they will licence a third party to act as the software provider and again the favourites to win this business is an interested party. Alec’s latest blog post is on Medium and is critical of the regulator’s stance and IT Security expertise and he previously wrote about the competitive dynamics and opportunities created by the new laws. Muffet is also concerned about the profiling use of such a database of porn users. It’s almost back to the days of the Roman Empire where monopolies were licensed. …

Mass Action or Court Action

I have today posted a limited review of Orgcon17 which happened last year. One of the most provocative presentations was this one, “Is the law the best way to stop mass surveillance?” While it documents the heroic struggle by a small group of fiercely motivated lawyers, it’s incredibly slow at the time, the court cases considered in 2017 related to 2015 laws and by the time the rulings came through the law in question had been replaced, but while pursuing legal action, mass action is hard, although crowdjustice.com and other petition sites allow the building of an on-line communities.

The presentation made me think about the numerous, trade union legal actions on collective bargaining issues, most notably their pursuit and criminalisation of Uber. In these cases, the use of the law is a sign of weakness, albeit of both sides, but demos and voting aren’t enough to change politicians minds on issues they consider peripheral. …

At Orgcon 17

I am just back from orgcon17, and here are my notes; this was a two day conference, with many sessions on issues of concern to digital liberty campaigners on regulation of the use personal data. It took place over two days, consisting of lectures & panels and workshops. On the first day, at Friends House, where we had the use of the amazing central meeting room it looked at the coming legislation on investigatory powers, the use of the law to make political advances (it’s slow & uncertain), an interview with Caroline Criada Perez, the campaigner who got the first woman on British bank notes and a women’s statue in Parliament Sq.. It looked at e-voting systems in Taiwan where the government used a consensus building software product to engage the population in traffic management solutions design. Jamie Bartlett spoke about privacy vs. security. There was a session on Digital Liberty & regulation in Nigeria. There was also a session on the privacy vulnerability to the coming “age verification for porn users” regulations. Much of these lectures are available on the ORG’s Video channel.

The second day consisted mainly of workshops focused on campaigning. There was a workshop that reviewed the technical architecture of the investigatory powers bill (as they then were i.e. the architecture and legislative stage). There was a workshop in using the Freedom of Information Laws to enhance campaigning, and also about the likely campaigning tools to be offered by the coming General Data Protection Regulation (GDPR) i.e. enhanced subject access requests, the right to be forgotten, of remediation and to object and stop processing.

There were sessions on building local Open Rights Group groups, how to perform IT security effectively for campaigners and a review of the ORG’s Blocked tool.

I chaired a session on building a Charter of Digital Rights, with Richard Barbrook and Mara Leverkuhn. Richard announced his initiative to put some more detail behind the Jeremy Corbyn’s Digital Manifesto which they created to support his 2016 Leadership Campaign. I documented/advertised this session on my blog http://davelevy.info/digital-liberties/

ooOOOoo

The relevance of this conference to CISSP certification is in the Regulation & Compliance domain. One of the critical to IT organisations is failing to keep up with laws and regulations. The ORG focuses on the law as it relates to privacy, censorship & intellectual property. Businesses need to keep these laws in mind when designing their risk taxonomy and control catalogue.

This was written in Oct 2018, nearly 12 months after the event; I did it to claim CISSP CPD Credits. I have as normal, for me, in these circumstances backdated the article to the time of occurrence. …

No safe space

No safe space

I made a storify after the election, and its terrorist disruption about the, mainly Tory response in blaming the internet. I don’t make the point that the Northern Ireland “troubles” were pre-internet but I do talk about the Tories, and May’s instinctive response is to censor and silence dissidents. I also point to Amnesty International’s critical report on the UK’s surveillance laws. I transferred this to the blog, as at the original date of publication, once Storify announced they were abandoning their service.

 …

Policy

I wrote a piece on my essay blog, now here trying to resurrect my thoughts on the #digitalliberty agenda just before the election. The thoughts were formed and committed to writing in 2014 and I said in the article that I thought they’d stood the test of time.

On second thoughts I think it’s weak on

  1. the right to privacy being a right to use encryption
  2. a failure to recognise that access to records created for fighting serious crime may have unacceptably low thresholds of access i.e. no-one is checking that the use is about serious crime
  3. justice must be public and require human judgement; algorithms can’t be judges (although it does cover that!)

Third thoughts would be that the Digital Economy Act 2016 widens the definition of criminal file sharing beyond reasonable and proportionate. …

Manifesto bingo, digital liberty and the internet

Manifesto bingo, digital liberty and the internet

I have had a look  at the manifestos and see what they have to say on the internet and Digital Liberty. I have been very influenced by the EDRi voting exchange and summarise the issues of Digital Liberty as e-citizenship, equality before the law, privacy and copyright reform, to which for this election we must add internet governance and industrial & innovation policy. I have created a table summarising the positions of the Tories, Labour, LibDems and Greens. Possibly I should have analysed the SNP manifesto since much of this is Westmister reserved powers. I was hoping to write something easy and quick to read. I don’t think I have succeeded. My super summary is in the figure immediately below, and here is the table I built to help me write this article. (I lost the excel file, so this will have to do!)  My main source was the ORG pages but I have been reading the Labour Manifesto also. I feel that the opposition parties have suffered from the surprise; they probably expected more time to develop their promises. All three opposition parties 2015 manifestos covered these issues in more depth.  …