Earlier this year, Professor
Peter Swire joined a panel of experts on global privacy and Internet freedom during the State of the Net conference to discuss the
two edges of the global Internet freedom sword. The panelists explored how Internet technologies could be used to promote freedom while resisting government pressure to help with oppression. Furthermore, the panelists examined whether some larger governance body will be needed to provide a framework for global Internet business.
Professor Swire is an internationally recognized expert in the fields of privacy, computer security, and the law of cyberspace. His presentation with the panel focused on global encryption, digital wiretaps, and openness of the Internet. Below are key excerpts from his talk:
Most of us are in favor of stopping criminals, and keeping national security safe, and stopping piracy. And then we also want openness and so there is some need to go into the details to figure out how to do those things. I’m going to lean to the side of openness and not bring out my law enforcement background so much today, and try to explain why, in three areas.
On Global Encryption:
India has a law right now that says if you have EC [encryption control] with more than a 40-bit key (that’s a very weak key), it’s against the law. So most modern communications protocol, most modern shopping on the internet, violates the law in India. They are very worried about the Mumbai bombings, so they’ve been pushing back on global companies here.
I think even more worrisome in some ways is what’s happening in China. China has a policy called the “Indigenous Innovation Policy”. This is a big deal in international trade. So, if you want to do business in China (and what country doesn’t at some level), you are supposed to play along with this policy, which for encryption means that if you build hardware, you’re supposed to use their homegrown EC approach, and not the globally tested standards. It means if you sell or make software there, you’re supposed to use homegrown Chinese encryption, and so it’s a huge protectionist effort to build a Chinese encryption industry using their algorithms that we’ve never been able to test and that might have backdoors to the Chinese government.
So this policy is a huge deal in trade, and it has a very strong crypto problem, and I think more people should be paying attention to it.
On the Golden Age of Surveillance:
The second topic is the area that’s called CALEA, which is one of those acronyms that nobody can remember what it means. It is digital wiretaps.
Back in the 1990s, [as copper phone wire was being replaced by fiber-optic phone wire] the FBI went to congress, and congress passed a law, that said for the switch telephone network, they have to build it pre-cleared by the FBI and wiretap ready. Which is a big deal for AT&T; it costs a lot of money; big compliance and all that. And a guy named Jerry Berman and some of the people who are now at CDT … created a little compromise. The compromise was that we’d leave the IP network out of that. So if you’re doing the IP network, which we call the internet, you don’t have to pre-clear it with the FBI, and you don’t have to build it wiretap-ready. And that little exception grew into the internet after 1994 that we have today.
In testimony last year the general counsel for the FBI said we need to update this. That we are “going dark”; and in her vision, the idea is that we are facing unprecedented problems for the internet.
Instead we really should see this, for the FBI, the NSA etc., as a golden age of surveillance, and I’ll give you three reasons why. First reason is, in history of human race we rarely carried a tracking device until now. So almost all of you have a phone, which today creates “pings” that can be tracked all over the place, and there’s record we don’t know and how much detail that are kept by wireless carriers. So now we have location of people available to the cops. Another thing we have really good information about the confederates, co-conspirators and friends of people. Every text, every email, and every phone call you make (and you make a lot of them). And the third thing is, if it’s not enough knowing where all those people are, and everybody they contact, we also have all the other databases that we’ve ever had. So if you compare the FBI 25 years ago to the FBI today, they have all this great stuff they never had before in granular detail and if they had to make a choice, the laws today, and the capabilities/laws of 25 years ago, they would chose the package they have today. They’re not going dark. They have unprecedented stuff to do their job. So there are problems that face law enforcement, national security, but when you hear “going dark” think instead “golden age of surveillance”.
On Openness of the Internet:
The third point, and I‘ll make it briefly, goes back to the openness of the internet. There was emphasis about this multi-stakeholder process. Let me try to make it concrete. There’s discussion about having the UN, or UN-like organizations, getting way deeper into running the internet. So let me just think about how this works for the human rights areas. A few years ago, the chair country for the human rights part of the UN, as I understand it, was run by Muammar Gaddafi’s Libya. What a great way to do human rights in the world. So do we want that to be the model for the internet? So the point is that’s there is this very complicated, favor swapping, “who has the votes” ways the UN does stuff. And every country is its own sovereignty. But when we’re talking about the internet, to have the biggest internet censors with the most incentive pushing and pushing and pushing at the UN to build the internet their way, that’s not a very promising path. And so when you hear multi-stakeholders “who have too many syllables and it’s sort of vague and why should we care”, just think about Libya running human rights, and say you’re against that; and say we do want this other thing, which is more bottom-up, which is more transparency, which is more consensus, which is more tech-based. And that open, tech-based consensus with global standards is the way to go, and not Libya running the human rights organization.
