Tuesday, January 24, 2006

Supervision without the promised security

This article has been published in Swedish newspaper Ny Teknik, and in the English collaborative inter-disciplinary web-mag Somewhere Else.

The harsh legal stronghold besieging our digital commons, that leading European politicians are currently arguing for, is not only putting the personal integrity of citizens at risk – it is also symptomatic for how allegedly democratic measures can in effect be jeopardizing democracy. What is worse, it is a strategy which cannot keep what it promises, thus amounting to hypocrisy, argues Jonas Andersson, PhD student in Media and Communications, Goldsmiths College, London.
The main problem with the come-lately abrasive policy of these European politicians is not integrity per se, the problem is that the propositions will fail to do what the lawmakers think they will do; the supervision relies on a false hope of security.

The Swedish social democrats was the only Swedish party whose MEPs supported the now infamous data retention directive that the EU Commission and Ministerial Council tried to smuggle through towards the end of last year. 2005 in general comprised a toughened policy across European Ministries of Justice, regarding monitoring of citizens and an artificial limiting of innovation (with anti-file-sharing laws passed, proposals for software patents, and bans on inventions aiming to circumvent copy protection).
The Swedish are, together with Great Britain, the primary supporters within the EU for imposing governmental supervision of both telephony and Internet traffic. The proposition is to force service providers to collect traffic logs in order to, as it is called, make these logs available in investigations of severe criminal offences. The Swedish Minister of Justice, Thomas Bodström, also wants to give the police and national intelligence the rights of secret bugging, secret domestic search warrants, and secret monitoring of suspects’ homes and workplaces. Main reason given: to prevent terrorism and organised crime.
My argument in this issue is: the anti-terrorism concern is merely a cover.
Just as with related technological systems, like Digital Rights Management (DRM) and legally enforced ‘safekeeping’ of decryption master keys (so-called key escrow), obligatory data retention only works in an ideal world – or to be more precise, dystopia – where no exceptions to the rule can be allowed. For these technologies to be effective, they must be utilized in ways that are irrefutably totalitarian; just as with laws, rules and norms, it is in their nature to be as absolute and conclusive as possible, not allowing for exceptions. It only takes one glitch in the system to render it in practice ineffective against enemies that know what they are doing, like avid hackers and crackers, as well as terrorists and serious criminals.
Suppose now, that the data retention directive became actual law. Suppose that I was a terrorist. Why would I communicate my fiendish plans to my collaborators in plaintext, via usual email, or via mainstream European telephone networks, when there are foreign, unregulated service providers for all sorts of telecom- and Internet services? When there is voice over IP, and more or less private intranets and communities everywhere? When there are virtually limitless methods of cryptography, steganography and onion routing? When I just as well could use regular (still secret) snail mail?

That these current proposals would entail real hindrances for professional terrorists and criminals is thus patently absurd, given that we all still would like to live in a free society. Freedom requires certain sacrifices – the fact that everyone should be allowed anonymity is one of them.
No, the motive for the tightened legislation is something rather different: it is to render more difficult for the large masses of moderately competent citizens that in the current political-economical climate are made suspect; wanglers, free-riders, abusers of the system. Tax evaders, spammers, file-sharers.
Earlier in December, it also emerged that the Bush administration has used the intelligence service National Security Agency in order to spy on their own citizens. Seen in relation to, for example, current Swedish measures, the American strategy is more understandable: it operates in a political climate where the political leaders themselves (at least ostensibly) base their decisions on quasi-religious concepts and unadulterated nationalism, in a country which itself has been subject to de facto terrorist attacks.
But in Sweden? I can see three motives: Either the politicians in Bodström’s bunch startlingly naïve if they believe these technocratic directives would in practice do anything at all to stifle international terrorism. Or, they might simply be interested in appearing dogged allies in the top-level political game, alongside the British-American policy makers that together with the copyright industries are really calling the shots. Or, they might be deliberately cunning – since they under the pretence of ‘being tough on terror’ actually are tougher on democracy, public sense of justice and the liberty of their own citizens.
My belief is that their true motives actually consist of a mix of all the above. Too bad, because what we risk because of the short-sightedness of these politicians is an over-attentive superintendence without the promised heightened security.