Freedom of Information or Criminals?

In this post I would like to tell the stories of two young gentlemen, Aaran Swartz and Bradley Manning.

Many of you will know these names. Aaron is unfortunately all over the web this week due to his recent suicide, and here in Boston there is a lot of soul searching going on.

Aaron Swarz

Aaron Swartz

Aaron started young, at the age of 14 he was part of a working group that developed the RSS system. He was co-owner of Reddit, having been owner of Infogami, a company that merged to form the Reddit that we know today. He was most importantly an online activist, fighting for open access and against the Stop Online Piracy Act.

His activism got him into trouble with the police however. In the first instance he was investigated for publishing documents managed by the Administrative Office of the US Courts. These were public documents but the administrative office charged per page for individuals to see them. Aaron did not believe that this was fair so decided to take the chosen course of action. After an investigation he was not charged however, so no case was ever brought.

His second brush with the law went rather differently however. In 2011 he was arrested and charged (amongst other things) with fraud and unlawfully taking information from a computer. He had allegedly walked into the MIT library, attached his laptop to the system and downloaded 4 million academic articles.

His complaint was that the database holding the articles (JSTOR) were unfairly paying royalties to article publishers and not authors, and in doing so and charging for their service they were restricting public access. JSTOR did not push for charges and made no complaint, but Massachusetts Attorneys did, stating that “stealing is stealing, whether you use a computer command or a crowbar, and whether you take documents, data or dollars”.

The charges carried a possible prison term of 35 years and a 1 million dollar fine.

After Aaron’s death his family criticized both MIT for not behaving responsibly when the activity was discovered and the US attorneys for disproportionately pursuing criminal charges. Some people argue that the problem lies in the law however, because it does not differentiate between taking things for profit and for other reasons. In effect stealing money from the bank is the same as stealing articles, even if the aim of stealing the articles is not to make money from the crime.

The BBC has a collection of messages from many of the best known architects of the cyber world and they really demonstrate the great esteem that the entire community held for Aaron. We do not know and will never know why he chose to take his own life, nor if the possible 35 years in prison played on his mind and pushed him into it, but as I stated at the beginning there is a lot of soul searching here about how the entire event was handled.

To Bradley Manning. Bradley is another young man who got on the wrong side of the authorities. He is a soldier who worked in intelligence, not high ranking but with access to a certain amount of low level classified data. He was arrested in Iraq in 2010 on suspicion of passing data to Wikileaks and is currently in a military prison awaiting trial.

Bradley Manning

Bradley Manning

Before his arrest Bradley was possibly not in the best frame of mind. Life in Iraq is not easy, he was taunted for his presumed homosexuality and self acknowledged gender difficulties and had outbursts of anger and self reclusion. He was not transferred though, nor his access to classified information revoked.

At some point Manning allegedly forwarded what were later to be known as the Iraq War Logs and Afghan War logs to Wikileaks, a crime that prosecutors say he admitted to in online chats.

He was charged with Aiding the enemy, a crime that carries the death penalty, although prosecutors have stated that they would only ask for life in prison without parole. An offer was made for a guilty plea in return for 16 years in prison but Manning maintained his not guilty stance.

Once again Manning’s presumed crime was not committed for profit but in order to give the public information that he believed they had a right to. The most known of all of the materials is the killing of the 2 Reuters journalists by a US helicopter crew, a sickening thing to watch.

Manning was very unhappy about the type of war he saw and felt that the general public needed to see what he had seen, and referring to the helicopter killing video said something in one of his chats that I believe expresses his motivation; “well what would you have done if you had seen it?”

Rolling out Fibre Optic Broadband

This week the China Daily newspaper is carrying a story that has been picked up by many international news agencies. The paper states that the Ministry of Industry and Information Technology is ordering all newly built residences to install fiber optic connections in any city or county “where a public fiber optic telecom network is available.”

An ambitious project, particularly when put alongside the government’s hopes that 40 million families will be connected by fibre optic technology by 2015. These kinds of goals and regulations may seem impossible to those of us that live in the old world, but I would not be too sceptical about their interests and possibilities in China.

Here in the US we are a long long way from even getting broadband to large swathes of the country. The National Broadband map is a great source of information about how well connected we are, the maps are interactive and offer loads of information. Broadband coverage in general gets thinner on the ground as you move West, with much of the rural West and mid West still showing very little access. If you look at the map of fibre optic to home availability though you will see that we are talking about a very small number of providers and although it represents 17% of services it is extremely localized, with the vast majority of the country having no service.

Are you connected?

Internet cables

3.7% of the population have no high speed service at all, and although this seems like a small percentage, in a country the size of the USA it represents (by my calculation) about 13 million people.

Some analysts here are asking if the China intervention might be another Sputnik moment. The launch of the Sputnik pushed the US into the space race, fuelling investment and technological breakthrough. The question is whether the same will happen here.

If you are interested in how the world is connected, this article in the Global Finance magazine offers a table that shows the percentages of internet users divided into different countries. Some show a recent explosion is use, Albania going from 1% to 50% in 10 years, some are at above 90%, and some show little growth and remain in the 20’s or 30’s.

Given the importance for business the upgrading of existing infrastructure is of political interest. Both the US and UK governments have made broadband speed and distribution improvement a named priority. The UK government is putting in 530 million Pounds to roll out high speed internet to rural areas and in the US government has a similar plan, once more fueled by recent bad press about the quality of services offered across the country.

The Indian government is also pushing broadband extension. In a recent report increase in GDP is directly linked to broadband access, with failures on the parts of telecom companies blamed for losses in earnings and growth. India is expected to be the largest internet base on the planet by 2015, moving to above 300 million users and overtaking the US. With an extremely technology savvy society and better and wider infrastructure this must represent a great opportunity to the country.

So politics plays an important role in creating infrastructure. In an article last year on the innovation Excellence blog I wrote about how the FIFA World Cup had lead to the introduction of fibre optic technology to Africa (with a few hiccups) so large international events also play a part in creating infrastructure and generating opportunities.

So how good are the providers where you are?

Kill the Password

This week I would like to draw readers’ attention to an article that appeared in Wired at the end of last year. Written by Mat Honan and entitled Kill the Password: Why a String of Characters Can’t Protect Us Anymore, it makes for really interesting and alarming reading.

The author starts by explaining that he lost all of his digital life last year as his accounts were hacked, an event that lead him into investigating online security and how it is breached.

What he discovered is not for the faint hearted. The linking together of different accounts using an email as username means that any seriously interested party with a little time on their hands and very little money can relatively easily get into a single account, and from there into the others.

His conclusion is that the culture of using passwords for security is outdated, a thing of the past and that anyone who tells you otherwise is either deluded or trying to convince you of something that is not true.

The worst password choices

Worst passwords of 2012

The availability of information is a problem because of the personal question access to resetting your password. Mother’s maiden name, place born etc. are easy things to find out about anybody through ancestry sites or other documents. Once you have somebody’s email address, you try to reset the password using the personal questions through the provider’s website. The answers might be on Facebook, or on their blog, or maybe intuitive, but they are out there.

Then to the customer services rep that you speak to by phone. They are people and can be misled. The article contains a transcription of a conversation between a hacker and one of these people. As the user needs to be able to reset the password they are offered a series of questions that get easier and easier to guess. Names of best friends is possible using Facebook or other social network publications, but if not try favourite food or others, but the example given is name of one of the files in the account. Try Google, Amazon, Personal, one will be right.

So the problem is that the system needs to be flexible and easy enough to use, so we must be able to easily change our passwords, but this makes security impossible.

How can this problem be addressed? Here the trade off is privacy. If the company knows you, through your search histories, places you have been, where you work and what you like to do they might better be able to tell if the password reset-er is you, but you lose any privacy you think you might have.

Voice recognition can be tricked using recordings, biometrics and fingerprints too. Once a system uses these things that cannot be changed or reset the problem is magnified. If I have a fingerprint lifted from a screen I can use it to get anywhere and new fingers are hard to come by these days, so what do you use next?

The article poses these problems from the point of view of somebody who has been hacked, but the author also looks at who these hackers are and even meets a couple. It is big business in certain circles, particularly in the Russian speaking world where organized crime has a large stake and makes a lot of money through stealing identities and all that follows. In other circles they are just “kids” having some fun wreaking havoc.

There are a few simple strategies outlined in this (not short) article that are worth following but none are foolproof, and that is a lesson we could all learn from. Just a word of warning, it contains some harsh language.

On a lighter note happy new year to everyone, and my mum’s maiden name was Windsor (no relation to either Barbara or Elizabeth).