Category: politics

Icelandic porn filter is overkill

<Originally a Webwereld column – in Dutch>

In the middle of election season in Iceland a debate is raging about the need to protect young children from violent pornographic imagery that can be found on the Internet. Although it is unclear what the scale of this problem is, there is concern about the methods used by some in the porn industry to market their wares. There is an idea that some firms use the old tobacco industry method of ‘get them while they’re young’.

As I was in Iceland recently I was fortunate enough to be asked my opinions on these matters by government officials. The entire debate is being conducted during election season, so the local media are on top of every word uttered by anyone from either government or the local digital civil liberties organisations. What causes most of the (international) attention is the specific plan to put a national filter on all Icelandic internet connections. This would be a first for a western democracy (although such filters have been tried in various Asian countries from Iran to China). Proposing a method that could very well be called censorship is incongruous in a modern and progressive society such as Iceland (the only country to have convicted its bankers over their part in the current global financial crisis).

Within a few hours of setting foot on Iceland I was asked by Smari McCarthy of the Icelandic Modern Media Initiative to sign their letter of protest (by now published) against the filtering proposal.

During an informal dinner a few days later with officials it became clear that no decision on a filter, or any other policy, had been made. The government was looking into the problem and discussing possible solutions. The emotive nature of the debate causes the problems and solutions to get mixed up. I therefore attempted to structure the discussion over dinner:

Goals:

1. minimizing the harm caused by violent/degrading imagery to young children in Iceland;

2. fighting the industry that makes money out of degrading humans.

As stated I think it is vital to see these as separate goals that may require completely separate policies. The first is clearly an Icelandic state issue, the second may require a multi-national approach, altough there could be things Iceland can do to ‘not be part of the problem by funding this stuff’.

Methods:

1. The problem with a national filter on certain forms of internet traffic is that these filters work very poorly. This is because of the rapid speed of technological innovation on the supply side and the high creativity in circumventing the filter on the demand side. Once a filter-circumvention method has been found by one person, this knowledge will spread rapidly until it is everywhere. There are even special websites made by-and-for kids on how to circumvent filters and blocking software installed by parents/teachers/governments (their motto: ‘it is not a crime to be smarter than your parents’).

So the Icelandic government would open up a two-front technological info-war against both the porn industry (the very people who invented things like video-streaming over the internet) and its own citizens, some of whom may have a legitimate (if hard to understand) desire to watch certain content. Aside from the fact that forbidding things that are not perceived by their consumers to be harmful, this also makes the forbidden fruit more interesting for young people developing their independence and testing the limits of society.

But let us assume that some day in the future a filter is developed through a technical miracle (these sometimes do occur). Now you have built a working turnkey censorship infrastructure. The key question then is – who is actually in control of this infrastructure? Can you trust all possible future Icelandic governments or civil servants with the power to selectively turn off sources of information to all of Iceland?

In light of all the anti-terrorism laws being deployed against journalists, environmental and peace activists, and even citizens who fail to seperate all their rubbish appropriately, this is not a theoretical problem.

2. Now for the porn industry and options for taking it down (assuming for the sake of discussion that this could be a legitimate objective for a government). In my view the best and most practical thing that Iceland can do is to be very minimalist and selective in enforcing US-style copyright. Cutting off the money supply is a very concrete and easy thing that much of the Internet is already doing to the porn industry. Instead of frustrating this process, as many governments seem to be doing, the Icelandic government should welcome it. Thus making sure that those who want such online content can get it without sending money to these organisations. People make porn to make money. Take away their business model, and the business will go away as well.

I do, however, remain puzzled by one question: how precisely does the porn industry make money from kids? Do children have credit cards? I would find it hard to believe that these companies are doing things in the hope of a new customer 9 years from now. The tobacco analogy only goes so far: cigarettes are usually bought in cash, online porn with credit card or paypal. The lack of statistics about the problem (how many kids have been affected: 5, 500, 5000? And how do we come by these numbers?) is also a problem.

Forbidden fruits vs managing the problem

Like drugs, porn and gambling will never be completely removed from society as long as certain people want them. But the problems they cause can be managed and minimised. Attempts at banning things are usually not the most effective way to reduce harm. Even the banning of ‘child porn’ (a complete misnomer as it is actually imagery of child abuse) has not clearly led to fewer children being harmed by the production of it. Production and distribution has gone so deeply underground that nobody really knows what is going on anymore. The fact that researching/discussing these issues is a now a legal minefield does not help the situation.

Meanwhile these laws have provided a very nice way to destroy almost any individual simply by hacking their PC/laptop/phone (usually fairly trivial), putting some forbidden material on it and reporting them to the police. Even if they are not convicted and sent to prison, their career and social standing will probably be destroyed beyond repair. Proving one’s innocence in such a case is nearly impossible.

The strangest point is that despite the heavy crackdown on images of child abuse, western police forces rarely take down known servers on their own soil. The idea that making imagery of child abuse (aka ‘child porn’) invisible by technical means somehow results in the reduction of harm to children is widespead. Despite the actual harm being done during the production phase of the material rather than during the distribution phase.

Because the subject invokes such strong emotions many politicians (and their staff) will often make a strange logical leap. It goes like this:

1. this problem is terrible, we must do something;

2. this (a filter, ban, deploying the army) is something;

3. we must do this.

In the process of formulating soundbites for the evening news, the fact that something may be completely ineffective in solving the problem and also has major negative effects on society is forgotten. We see these kind of mental illogical-leaps all the time in areas like ‘the War on Terror’, ‘the War on Drugs’ and ‘Cyber-security’, where the solutions clearly fail and, in fact, cause massive new problems that are often worse than the original issue.

Much of the above casts serious doubt on the true goals and priorities of the government. Are we busy hiding stuff we would rather not see, or are we working on protecting children?

I have strongly suggest that the Icelandic government considers the above and uses any budget, allocated for filters, for improving sex-education in schools and support for addictions in the heathcare system. This may not yield immediate results but will most certainly do more good than implementing technical solutions that either do not work or make Iceland into an informational dictatorship.

Update: Despite a change of power the debate over this continues in Iceland. Strangly still with a complete lack of statistical info on the scale of the problem.


Get a famous fingerprint

Schaeubleattrappe_250The German Chaos Computer Club, the oldest and largest hacker group of Europe, made available to the public the fingerprint of the German Minister Schäuble for the Interior. They wanted to show how easy it is to obtain someone’s identity when identity is based on fingerprints.

The German government is preparing to build a national database containing the fingerprints of all its citizens for the purposes of fraud-prevention and national security. Minister Schäuble is very angry about the release of his fingerprints and has stated he will take legal measures against the CCC. Dutch hacker Rop Gongrijp pointed out that the Minister’s anger was curious since it was the minister after all who wanted to collect the fingerprints of over 82 million Germans and the CCC only collected one.

The CCC has been demonstrating for several years how easy it is to ‘steal’ someone’s fingerprint and use is to fool all kinds of security measures such as payment systems, physical access controls and computer security systems. As with the doomed RFID cards these demonstrations need to be very ‘in your face’ before media and governments take notice. Worldwide there are over 200 million devices in use of the 20 different types that were fooled by the CCC experts. As with the 100 million RFID cards they are all essentially worthless as serious methods for securing transactions or granting access.

It is curious how we as citizens are constantly required to trust governments to handle our most private data when these governments often are not that trustworthy themselves and also not very technically competent in guarding our information. Passports are easy to fake, RFID cards are easy to copy, fingerprint readers can be fooled. Before we base our entire lives on these technologies we’d better make sure they actually provide a minimum level of security. For now I’m sticking to encrypted mail and strong passwords.

German TV broadcast an item about the possibility of stealing a fingerprint and using it to go shopping at someone else’s expense at a large German supermarket chain.

Since the TV piece did not include the entire method for making your own fingerprints I include it here. As with the RFID cards, these vulnerabilities have been known for several years, it’s just that some companies and governments are a bit slow in picking up on them. If you want to go shopping as Minister Schäuble, just click on the picture at the top and follow the procedure from the movie.

Updateiconkl A friend and IT security expert pointed out that since anyone can now pretend to be Minister Schäuble, that pretty much makes his fingerprint useless as evidence in  court. Maybe we should all publish our fingerprints (and retina scans and DNA profiles) to gain plausible deniability on future accusations of anything …