Author: Alfredo Lopez

As the people of this country, and much of the world, observe the year-end holidays, we can look back on 2013 as the year when any illusion of genuine democracy was dashed by the remarkable revelations about the police-state surveillance that watches us. Last week, we saw a deeply disturbing stroke added to that incrementally developing picture.

In the ever-expanding and groan-provoking saga of the NSA’s attack on our privacy, it was revealed that the agency paid a major Internet security firm to insert a flawed encryption formula into the company’s software. The news, sparked by leaks from Edward Snowden and first reported by Reuters, raises serious questions about the security of popular encryption programs and indicates that the U.S. government was consciously involved in massive and very destructive fraud.

The Accomplice: RSA's logo

The revelations indicate that the NSA paid $10 million to RSA, one of the most prominent encrytion software companies in the world, to include the NSA’s own encryption formula in a very popular and heavily used encryption product called “Bsafe”. While Bsafe offers several encryption options, the default option (the one you use if you don’t specifically choose any) is the NSA’s own code.

The massive attack on encryption by the NSA has been reported before but this recent revelations about payments made demonstrate an intentionality to defraud and a complete disregard for the law, honesty and people’s rights. RSA offered a partial and fairly weak statement of defense. The NSA has yet to comment.

The web designers will tell you: when it comes to websites, good design can’t mask bad ideas.

I’ve been thinking about that for the last six weeks as I’ve confronted, with waning trust morphing into enraged frustration, the remarkably complicated corridors of The Patient Protection and Affordable Care Act (popularly known as “Obamacare”). The problems in the roll-out of this ersatz reform are generally known and, depending on who’s talking, have led to irritated calls for fixes or have been cited as proof that anything the government does that is socially responsible is a communist-inspired train wreck.

After nearly 20 years of Internet work, I know that all major web-based projects launch with problems, some of them crippling, and I know they can all be fixed. There is nothing extraordinary about Obamacare’s website problems except the shrill reaction they’ve provoked. This is to be expected. The “looks good, sounds good but can’t do anything right” tag that underlies the controversy is one of racism’s trustiest refrains and this is a President who has been battered by those kinds of comments.

In my case, Obamacare really hurts!
 

But dwelling on the technical side of the web-site break-down is a mistake because it draws attention from the more important problem unmasked by the roll-out and the complexity of these websites: Obamacare isn’t a health-care program, it’s a corporate bail-out. It’s not about avoiding or treating people’s health problems, it’s about avoiding and treating the collapse of the insurance industry.

The websites have run into problems because they are a kind of “Amazon” for health care and they weren’t ready to do that. Soon they will be ready and the technological problems will disappear but the most important social problem — a health care system that has nothing to do with caring for people’s health — will remain.

My own experience, a frightening and painful process, demonstrates this truth. I am 64 years old, a member of the demographic group that most needs Obamacare, and I am not being allowed into the program. Let me tell you the story, starting with a bit of background.

This past Friday, Internet activist Jeremy Hammond stood in a federal courtroom and told Judge Loretta A. Preska why he released a trove of emails and other information uncovering the possibly illegal and certainly immoral collaboration of a major surveillance corporation called Stratfor with our government.

He also stressed what followers of his case already knew: that his activities were encouraged, organized and facilitated by an FBI informant turned operative. In short, his partner in these “violations of United States law” was the government of the United States.

He acknowledged that the Judge could sentence him to 10 years in jail but he never apologized for his actions or questioned their validity as political activism. And, in a statement remarkable for his courage and political principle (after 20 months in jail on this case), he established himself as one of the heroes of the struggle over for freedom and justice.

In a world in which people often seek to defend themselves in court by questioning whether they did what they are accused of, Hammond defended himself by saying that he did what they said he did and more — and that he was right to do it.

Jeremy Hammond; principles and courage
 

“The acts of civil disobedience and direct action that I am being sentenced for today are in line with the principles of community and equality that have guided my life,” he told the court. “I hacked into dozens of high profile corporations and government institutions, understanding very clearly that what I was doing was against the law, and that my actions could land me back in federal prison. But I felt that I had an obligation to use my skills to expose and confront injustice–and to bring the truth to light.”

The technology of MUSCULAR, a program jointly carried on by the NSA and its British counterpart, isn’t hard to explain. Essentially, technologists at the spy agency have figured out a way to intercept data being exchanged among servers that store everything you do on Google and Yahoo.

Recently, Richard Stallman published an article in Wired about Free and Open Source Software and its alternative, “Proprietary Software”. As he has for 30 years now, he vigorously called for the use and defense of FOSS and warned about the nefarious nature of Proprietary.

As if the worthy Stallman needed an illustration to dramatize his point, the Adobe Corporation last week announced that hackers had stolen from its servers the password and credit card information, of almost three million of its users as well as a huge amount of code from some of its programs — probably ColdFusion and Adobe Acrobat. That theft is potentially the most serious breach of user information in recent history and, because of the popularity of Acrobat, could prove devastating to computer users world-wide. Such theft is, in the end, only possible with Proprietary Software.

Right and wrong: Richard Stallman and Acrobat's logo
 

Since the spectacular theft is being reported (or under-reported) in ways that miss some important issues, analysis is called for, starting with the pertinent definitions.

Last week, Verizon, the telephone giant, went to court to accuse the Federal Communications Commission of “overstepping its authority” and reverse the authority’s over-step. It’s a legal wrangle that, bottled and distributed, would be a safe substitute for sleeping pills.

Lurking behind the nearly unintelligible and ridiculously referential courtroom arguments, however, is a clear picture of the difference between the corporate vision of the Internet’s future and the way the rest of us want it. At this point, corporations are pouring resources into imposing their vision of the Internet and, if they do, there won’t be an Internet as we know it.

This is the debate around net neutrality, one of those terms everyone’s heard but most of us don’t really completely understand.

In a nutshell, the battle is over the use of “broadband”, the faster Internet service that is the norm in many places in this country and soon will be nationwide. With broadband you can access just about anything that anyone can post on the Internet in close to real-time and its potential for ever-increasing speed makes it the track on which the train of technological innovation travels. Enter the corporations.

A Pro-Neutrality Demo: The Slogan Says It All
 

Major telecommunications companies (like Verizon and Comcast) say they should be able to charge you more money for being able to access certain kinds of content through their broadband connections and are pushing for the right to “scale” their systems with different prices for different levels of access. It’s sort of like cable television: you rent the cable hook-up (and pay for it monthly) and the company gives you access to certain channels. If you want to watch the latest movies or sports or other “interest specific” channels, you pay an additional monthly fee for a “package” that includes those channels.

The Internet currently operates differently. You pay for your hook-up and access anything you want. True enough, some websites charge you for content but it’s the website that’s doing that. You may not be able to access the content of a website but you can get to it. That is “net neutrality”; it means everyone has the same level of access on the Internet. It’s “neutral”.

That, in fact, is the very purpose of the Internet and so Internet activists have always been fierce in defending it. Part of the problem is that, technologically, if a company has the power to block certain content (like movies), it has the power to block any content (like your website) and that’s a power Internet activists don’t want us to give up.

You’re probably not familiar with Barrett Brown.

As news coverage of surveillance, internet intrusion and the government’s intense battle against privacy and privileged communications seeps into the public consciousness, Julian Assange, Chelsea (formerly Bradley) Manning and Edward Snowden are almost household terms. But Brown’s case and the implications that flow from it are seldom reported and, as a result, not well known.

That is itself a crime. The Texas-based journalist is sitting in jail awaiting trial on three different indictments and facing a sentence of over a century if convicted in a case that is so outrageous and frightening that it rivals the cases and plights of those better-known information distributors.

Barrett Brown: The Link was the "Crime"

Brown is being charged, essentially, with doing something everyone (including myself right now) does on the Internet: he posted a link.

The Brown case raises all kinds of issues around freedom of expression and information but, perhaps most importantly, it uncovers a deeper and more dangerous aspect of the Obama Administration’s information policy. Brown’s case illustrates that, in addition to targeting the use of the Internet for spreading information, it is targeting the very act of information distribution. That includes the work that journalists routinely do but it also includes the information sharing you and I do on the Internet almost as a reflex.

It also reveals a world the government definitely doesn’t want you to know about: the murky, possibly sometimes illegal, world of inter-connection between the government and a network of secretive information and cyber-security companies. That was the world Brown broke into and that, in the end, is probably his “crime”.

The revelations this week by whistle-blower Edward Snowden (through documents provided to the Guardian, the New York Times and Propublica) prove that the NSA, working with its British counterpart The Government Communications Headquarters(or GCHQ), has conducted an intentional and largely sucessful campaign to destroy all privacy on the Internet.

These are the most damning indictments of the federal government’s spying, demonstrating that its efforts are not only unconstitutional and destructive but criminal and fraudulent.

According to the Propublica article, refering to the NSA: “The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.”

The three publications’ reportage outlines a huge, expensive and multi-faceted program designed to break all “encryption” in on-line communications (the Guardian’s package of most coverage is superb). The information gleaned is then stored and, using search and analysis methods previously reported on, it’s sorted and some of it read.

NSA Headquarters: Fort Meade, Md

Two of the most egregious and frightening aspects of the policies demand particular attention and explanation because they directly attack protections most Internet users take for granted.

With a conscious attempt to defeat Secure Socket Layers and encryption protocols, the government has attacked the very foundations of Internet communications. We have come to trust the privacy and security of the Internet when those features are offered, in part because they’re offered. Now we find that they don’t exist.

What it all means is that the forms you use for credit card purchases, bank information, membership applications, website email — the forms you use all the time believing your information is protected — may well be carrying code that will allow the NSA to get your information. What’s more, the encryption programs many Internet users employ to keep their communications, including email, private may carry “back door” code that will allow anyone with the proper program to decrypt and read them.

The government programs not only attack the functionality of privacy but completely destroy any rational confidence people can have in the privacy of their day to day communications. They also smash confidence in the government and the corporations that offer these protections because the certainty of privacy has been offered with the apparent full knowledge by these companies that there is no such certainty.

While certainly not over-shadowing the Obama Administration’s military threats against Syria, the cyber attack that brought the mighty New York Times to its knees last week is a major development and should get us all thinking.

The attack, a Dedicated Denial of Service attack, took the Times’ website off-line for a day and was one of a series of attacks on major information institutions by a hacker group called The Syrian Electronic Army. The SEA appears to be a network of hackers (some of them outside Syria) who are loyal to Syrian President Bashar al-Assad and apparently ready to attack anyone who’s not. Because this was, after all, the website of one of the world’s most powerful and prominent newspapers, the sudden exposure of its vulnerability was daunting.

The SEA logo — Hackers of the Moment!

The vulnerability of websites was further demonstrated by the five day attack two weeks ago on the website of Sahara Reporters, a site featuring news on Africa that is always provoking the ire of repressive governments and corrupt politicians. This attack was particularly nasty and protracted. It took technologist Ross Glover of May First/People Link, of which Sahara Reporters is a member, nearly five days to combat and then finally control the attack so that the website could return to normal functioning.

There were nearly ten major cyber attacks in August against very prominent targets and such coincidence begs for a lesson. It’s not hard to find. The Internet is vulnerable to attack. Our corporations and governments concentrate on defending against attacks on financial and military targets on-line, conducting surveillance on the human race and launching their own cyber-attacks against “enemies” abroad. All the while they do literally nothing to protect against threats on information and organizing centers, some of the resources people need the most. With all the money put into on-line surveillance, there’s been very little put into developing ways to block DDOS attacks or secure the real Internet. Put simply, you and your communications are not a priority.

Most of these attacks appear to be the work of the SEA which, while insisting it’s not a government project, makes no bones about its allegiance to the Assad regime. The SEA’s strategy, as it were, is to disrupt news websites and social media that carry criticism of the regime, to “spread the truth” they say. But its targets, like the Times, indicate that a website’s prominence and authority are also important criteria. There are lots of publications that are much more critical of Assad than the Times. And the character of their attacks — providing almost no informative content — mean they’re more interested in disrupting information than spreading it.

All is abuzz and atwitter (literally) with news of the firing Friday by America On Line’s boss Tim Armstrong of half of the staff of its local news project, Patch. The firing comes on the heels of Armstrong’s humiliating dismissal of one of AOL’s top executives during an August 9 phone call to 1000 Patch staffers.

All this AOL news in one painful week! It certainly says a lot about how Internet corporate execs’ view their workers, but the more important story is how they view the Internet. How could a major technology company like AOL so deeply misread the culture and the irreversible changes that have taken place in news coverage and how reflective is that of the corporate Internet? Important as it is, that issue has gone largely unreported.

The “incident”, on the other hand, has been reported ad nauseum. It happened two Fridays ago (August 9). Armstrong was running a major meeting for staff members working on “Patch”, AOL’s four year old “localized news” web system. About 1000 people were on the call. In the first few minutes of the call, Amstrong suddenly said “Abel, put that camera down right now! Abel, you’re fired. Out!” He was speaking to Abel Lenz, the creative director at Patch and other AOL news websites. (You can listen to this on a leaked audio from Jim Romensko.)

The Photo That Sparked a Firing — Armstrong at the Fateful Meeting

Lenz’s sin? He shot a photo of Armstrong at the meeting–something he would routinely do for distribution to Patch sites. Armstrong, in a subsequent quasi-apology letter, said he had over-reacted but that he had warned Lenz about photos and videos in the past and Lenz just kept on shooting so he fired him…in front of 1000 people.

Last Friday, Armstrong acted more politely but much more painfully. AOL separated Patch staffers into two rooms: one for employees who would be retained and the other for those being fired. Remote staff were given a dial-in number to their appropriate room. Armstrong then addressed each, firing about 350 in one room and telling those in the other room that their jobs (and local news sites) were safe for now but things had to improve or there may be more down-sizing. In fact, sources at AOL are sure that at least 150 more people will soon lose their jobs.

There’s much speculation about why Armstrong would hold one meeting to threaten cuts and then another a week later to specify the cuts. But, as important as that is for those who lost their jobs, and probably for the bunch who have momentarily kept them, there is a more important question for the rest of us: Why in the world would a collossus like AOL go against the tide in news coverage that we are all witnessing — the rise of blogs and participatory journalism — by investing a reported $60 million in a service that started failing the moment it went live?