Last week at the United Nations, President Obama stressed the importance of a free and open Internet:
We will promote new tools of communication so people are empowered to connect with one another and, in repressive societies, to do so with security. We will support a free and open Internet, so individuals have the information to make up their own minds. And it is time to embrace and effectively monitor norms that advance the rights of civil society and guarantee its expansion within and across borders.
It appears that "in repressive societies" was an important qualifier when it comes to the question of who does or doesn't deserve access to secure communications tools. He apparently supports helping Chinese dissidents and Iranian activists communicate with one another in a secure manner that evades government surveillance. But if his administration gets its way, Americans may lose the ability to evade surveillance in their own country. According to today's New York Times, the Obama administration plans to propose legislation requiring all digital communications services to enable interception of user communications. We haven't seen any draft text, but based on what the article says, it appears that services based on end-to-end encryption - and which are thus designed to be un-tappable - would effectively become illegal in the United States. This is particularly ironic given that the United States government helps to fund anonymity tools like Tor.
Civil liberties groups, human rights activists, and other supporters of free speech have been quick to voice their concerns. Here are a few choice excerpts:
Seth Schoen at the EFF:
...In the past ten years, even as the U.S. government has sought (or simply taken) vastly expanded surveillance powers, it never attempted to ban the development and use of secure encryption.
Now the government is again proposing to do so, following in the footsteps of regimes like the United Arab Emirates that have recently said some privacy tools are too secure and must be kept out of civilian hands.
Glen Greenwald puts it bluntly: "the U.S. Government is taking exactly the position of the UAE and the Saudis: no communications are permitted to be beyond the surveillance reach of U.S. authorities."
Cato's Julian Sanchez points out that requiring service providers to "design their systems for breach" is "massively stupid from a security perspective":
.. while the Communications Assistance for Law Enforcement Act (CALEA) already requires phone and broadband providers to build in interception capacity at their network hubs, this proposed requirement—at least going on the basis of the press description, since there’s no legislative text yet—is both broader and more drastic. It appears that it would apply to the whole panoply of online firms offering secure communication services, not just big carriers, imposing a greater relative burden. More importantly, it’s not just mandating that already-centralized systems install a government backdoor. Rather, if I understand it correctly, the proposal would insist on a centralized(and therefore less secure) architecture for secure communications, as opposed to an end-to-end model where encryption is handled client-side. In effect, the government is insisting on the right to make a macro-design choice between competing network models for thousands of companies.
In other words, the whole industry - at least all parts of the industry interested in legally serving American customers and users - would have to bake surveillance capability into their architecture. This in turn will make it even easier for all kinds of regimes to track online conversations, and provides precedent for all governments to ban encryption themselves - effectively killing the President's dream that "people in repressive societies" could connect with one another "with security."
Greenwald and others point out that the New York Times report is even more alarming when read alongside today's Washington Post report that the Obama administration wants to require U.S. banks to report all transfers being made in and out of the country, no matter how small. Greenwald writes:
Leave aside the fact that endlessly increasing government surviellance is not only ineffective in detecting Terrorist plots and other crimes, but isactually counterproductive, as it swamps the Government with more data than it can possibly process and manage. What these Obama proposals illustrates is just how far we've descended in the security/liberty debate, where only the former consideration has value, while the latter has none. Whereas it was once axiomatic that the Government should not spy on citizens who have done nothing wrong, that belief is now relegated to the civil libertarian fringes. Concerns about privacy were once the predominant consensus of mainstream American political thought.
But wait, there's more. There's also the Combating Online Infringement and Counterfeits Act (COICA), introduced in the Senate last week. Here is law professor Wendy Seltzer's analysis:
This Bill would give the Attorney General the power to blacklist domain names of sites “offering or providing access to” unauthorized copyrighted works “in complete or substantially complete form, by any means, including by means of download, transmission, or otherwise, including the provision of a link or aggregated links to other sites or Internet resources for obtaining such copies for accessing such performance or displays”; as well as those offering items with counterfeit trademarks. The AG could obtain court orders, through “in rem” proceedings against the domains, enjoining the domain name registrars or registries from resolving the names. Moreover, in the case of domains without a U.S. registrar or registry, other service providers, financial transaction providers, and even advertising servers could be caught in the injunctive net.
While the Bill makes a nod to transparency by requiring publication of all affected domain names, including those the Department of Justice “determines are dedicated to infringing activities but for which the Attorney General has not filed an action under this section,” it then turns that information site into a invitation to self-censorship, giving legal immunity to all who choose to block even those names whose uses’ alleged illegality has not been tested in court. (Someone who is listed must petition, under procedures to be determined by the AG, to have names removed from the list.)
Finally, the statute’s warped view — that allegations of infringement can only be good — is evident in the public inputs it anticipates. The public and intellectual property holders shall be invited to provide information about “Internet sites that are dedicated to infringing activities,” but there is no provision for the public to complain of erroneous blockage or lawful sites mistakenly or maliciously included in the blacklist.
Hollywood likes the Bill. Unfortunately, there’s plenty of reason to believe that allegations of infringement will be misused here in the United States. Even those who oppose infringement of copyright and trademark (myself included) should oppose this censorious attempt to stop it.
Internet governance expert Milton Mueller calls it the Great Firewall of America. The EFF says the bill "runs roughshod over freedom of speech on the Internet" is "designed to undermine basic Internet infrastructure," and "sends the world the message that the United States approves of unilateral Internet censorship."
A Senate staffer told me today that it's meant to be a "jobs bill" - to defend American industry against job losses caused by intellectual property violations.
The free and open Internet is threatened by authoritarian governments, it goes without saying. But we have an even bigger problem when the elected leaders of democracies, in pursuing various aspects of "the national interest" - national security, law enforcement, child protection, intellectual property protection, et cetera - repeatedly turn to solutions that are inimical to the survival of a free and open global Internet.
How do we break this vicious cycle? Until we do, we shouldn't be surprised when beleaguered dissidents in repressive regimes don't trust us. Expect to see a lot more critiques like "The Internet Freedom fallacy" by Global Voices Advocacy director and exiled Tunisian activist Sami Ben Gharbia.