Two different stories linked by one scary trend

Track and Truth: Manning and the 'Other' Surveillance System

The tumble of revelations and developments involving the Internet has produced a pastiche of truths that, when examined closely, show links between what might usually be considered separate news stories.

This week we encounter a stunning ruling by the judge in the Bradley Manning case while, in a totally different setting, the people who come as close to governance of the World Wide Web as we get can’t decide on a major Internet issue that significantly affects your freedom.

On Thursday, the Manning case’s presiding judge Colonel Denise Lind — who is also determining the verdict — announced that she is going to consider the government’s contention that Manning was “aiding the enemy” when he blew his whistle. The defense had moved that she drop that charge. Yesterday, my colleague John Grant wrote incisively on the social and political impact of this ruling. I want to say a bit about the view of the Internet that drives Colonel Lind’s decision.

Meanwhile, the W3C (short of World Wide Web Consortium), which is is as close as we come to a world “authority” on web browser standards, continues to grapple with a major issue popularly called “Do Not Track”. It’s an attempt by the Consortium to agree on “standards” (the do-and-don’t rules for web development) for tracking: the way that somebody you don’t know, have never heard of and have certainly given no permission to is recording your every move on the Web and doing whatever the heck it wants with that information.

The Elusive Don't Track Option and Judge Denise Lind (sketch by Clark Stoeckley, Bradley Manning Support Network)The Elusive Don't Track Option and Judge Denise Lind (sketch by Clark Stoeckley, Bradley Manning Support Network)

The two developments are linked by a profoundly perverted notion of the Internet and a destructive vision of what it should become. They highlight, taken in tandem, a truly frightening development.

Succintly put, if you have an Internet that acts as it’s supposed to, everybody is going to have access to whatever is published. Effectively, anything you publish on the Internet could, given the right circumstances, “aid” an enemy and you’ll never know it. That’s the character of the Internet — it’s open. On the other hand, it’s also supposed to protect your privacy: what you decide to publish is open, who and what you are isn’t…until they started tracking.

The Manning issue is better known and merits a caveat: Judge Lind has not determined that Manning is guilty of “aiding the enemy”. She might, at which point we at This Can’t Be Happening will surely have a few things to say about her verdict, but the issue here is that she would even consider this ridiculous charge.

The law prohibits any military person from providing assistance of any kind to an enemy during a conflict. It’s a horrible law full of contradictins and suppositions, starting with “what constitutes an enemy” when there is no declared war happening? But the prosecution’s charge surpasses the law in foolishness.

Effectively, the charge prohibits any member of the military from posting anything considered “dangerous” by the government on the Internet knowing that “enemies” could read it. That he released the information isn’t really contested; Manning has pleaded guilty to that charge (although the court has yet to accept that plea). The point of contention is whether he could reasonably assume that these “enemies” could read it.

Leaving aside the question of what is “dangerous”, given that we have a government that could slap that label on just about anything we do at any time, there’s really no contention possible here. Enemies can read anything on the Internet; it’s the Internet.

His own statements and actions demonstrate that Private Manning probably didn’t give the enemy much thought; he was thinking about people in his country and the information they had or didn’t have on which to base their opinions of these war efforts. But it wouldn’t take much thought to realize that the information could be read by “enemies” because it could be read by everyone in the world.

That, of course, is the very purpose of the Internet. It exists to break down walls of ignorance and hidden information. It moves across national boundaries and pays no attention to the battles of interest and policy that divide governments. Its role is to allow people who are ruled by those governments, often oppressively, to share information. It’s the human family’s reunification center and the world’s tool for sharing information of all kinds in an unfettered way.

That it is based technologically on those premises is the reason why governments’ increasingly frequent attempts to suppress and control it are as ludicrous as a KeyStone Cops chase scene and the outcome of those attempts are often obscenely repressive. There is simply no way of productively or even selectively censoring the Internet without destroying a democracy and that’s what Judge Lind’s decision is leaning towards.

The only way to not be guilty of such a charge is to never post anything the government might consider “dangerous” or to install “targeted” censorship (prohibiting the publication of certains facts, words or information). That’s the kind of censorship the Chinese government continues to try to do with little effect and lots of denunciation. The average person using the Internet in China is, in fact, limited in their information choices but the bloggers and activists this mis-guided effort is designed to shut down find lots of ways to get around the repressive measures.

Those of us who work on the Internet and know how it works at its core know that this kind of censorship is quite simply impossible and any attempt to make it happen would severely damage communications for the average person while allowing the knowledgeable to work around it. On-line censorship isn’t bad because it’s completely successful but because it discriminates in its censorship against those who aren’t adept at using the Internet. It’s divisive and harmful to the natural progression of use people have — from writing some emails to doing your own blog to becoming an on-line advocate of some issue or movement.

Regardless of her final decision, Judge Lind’s consideration of this charge represents one more step toward attempts by our government to do what China’s is attempting — which is to turn the internet into a kind of in-house, fire-walled-off corporate-style “intra-net.” That, we don’t need.

The debate around “Do Not Track” has been going on since 2009 and it’s a doozy. Most people don’t know about it but, if they did, there might well be an outcry. I’m about to do my part.

The Internet, particularly the World Wide Web, is a tracked environment. This means that, unless you set things so your progress remains private, you will be followed. Someone is recording the websites you visit, what you do on them and the choices you make on those websites — like downloading a file or buying something. In and of itself, as the Electronic Frontier Foundation points out, this can be useful. If you visit a site and that site retrieves and retains information about you, it can make return visits and use of the site quicker and more efficient and even enhance response to security threats and fraud.

You probably interact with this tracking all the time without knowing. Say you’re shopping for something and you notice that, magically, much of your information is filled in when you go to check out. The site remembers you because it has installed a small piece of software, called a “cookie”, on your computer with that information or some identifier that allows the site to search your info on its database. If you want that convenience, it’s there.

But so is the threat because that type of tracking (called “simple” or “party to party” tracking) has a companion protocol called “third party tracking” and that ugly piece of surveillance works like this. You go to a website with a graphic (maybe a photo or ad…you’ve seen them). That graphic is actually on some other website — not the one you’re visiting — and can be loaded with code that installs another cookie on your computer which transmits information about where you’re going and what you’re doing to whoever installed it. This is one of the Internet’s most common forms of surveillance and one few people really know about.

Your entire web session is recorded in detail by a company (or organization) you might not know exists. What’s more, that company can do whatever it wants with that data and never report what it did to anyone, especially you.

Your computer has these types of cookies in its hard drive unless you’re one of the few people savvy about the threat and capable of disarming it — which you can do through a browser setting. But that “how do I turn it off” issue is secondary. The most important question is: “Who the hell gave these jerks the right to invade your computer with a device that reports on your every action?”

The answer is “nobody”; the addendum is “but it doesn’t matter”. There are no rules governing tracking on the Internet.

Last week, the problem was put on display as the W3C “standards committee” continued to limp to a definitive standard, 18 months behind schedule.

The W3C (short for World Wide Web Consortium) is as close as we come to a world “authority” on web browser standards. With nearly 400 members, the Consortium (founded by Sir Tim Berners-Lee, generally considered the “first developer” of the World Wide Web) meets and develops “standards” for browsers. In short, what are browsers maximally allowed to do and what do they minimally have to do?

All of this is pretty much regulated. That’s why browsers, try as they might to be “unique”, do pretty much the same thing. If they didn’t, we couldn’t have a World Wide Web.

In 2009, at the urging of privacy advocates, the Consortium took on the issue of tracking and promised strong standards to regulate it. The problem is that W3C members are heavily weighted toward companies and many of those companies don’t want a lot of regulation on tracking. So they’ve slowed the process down, through amendments and tactics worthy of the U.S. Congress, and we still don’t have standards. A browser can still literally do whatever it wants in tracking you and that, up to now, hasn’t changed. Many experts believe it won’t.

Even those who trust that standards will be set acknowledge that industry reps have watered things down considerably. In fact, the latest standards proposal includes several pretty horrible points:

* The entire program must be opt-in: you have to decide that you don’t want tracking and then push buttons to make that happen. Browsers that enable Do Not Track by default will be penalized. In other words, you can be fined if you produce a browser that respects privacy as a default.

* The current default settings stay the same, giving advertisers and trackers complete freedom to collect and use any information they like in any way they want and never telling you that they’re doing it or how.

* First party (or party to party) tracking is completely permitted. You can’t turn it off: an actual retrenchment from current standards.

* Finally, even the opt-in capability means nothing because there are so many exceptions in the rules that companies can use and exploit. So even if you explicitly turn the Do Not Track option on, your information will be tracked and shared. That’s like pulling all the teeth out of a watchdog’s mouth.

So the people at the Mozilla Foundation, who produce the Firefox browser (the web’s best and most open browser), screamed in frustration and developed their own, more stringent, standards. They built an add-on, called “Collusion”, that tracks who is tracking you. We’ve yet to see how that will play out — the add-on is still in experimental stage.

But even if Firefox’s Collusion helps us, one problem remains: people are forced to make a product decision in order to protect constitutionally-supported privacy. There’s always a way to turn these things off but most people don’t know it and most don’t know they’re being tracked. Is the right to privacy a commodity? Can violations of privacy hide behind a “buyer beware” warning?

What’s more, shouldn’t there be some governance over what companies can do with that data?

What’s correct? It seems simple. When you visit a website that installs tracking cookies, you get a message explaining that this is happening and what it means. Then you get to choose whether you want that or not and you cannot see the site without making that choice. That’s not going to happen but it should because that’s the right to privacy that we all have and on which the Internet is built.

Both tracking and the Manning decision are, in their own way, a radical challenge to what the Internet is and should continue to be. They are fundamentally linked. If you have the right to get any information you want and post any information you think should be posted, you have the right to do so privately without governments and companies knowing who you are and how to get to you. If we lose the latter right, we will find ourselves coldly restricted in exercising the former right because the truth is always a threat to those who seek to control it.

These days, those in power fit that category perfectly.