Law in the Internet Society

View   r14  >  r13  ...
NikolaosVolanisFirstPaper 14 - 03 Feb 2010 - Main.NikolaosVolanis
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"
Changed:
<
<
ready for review
>
>
ready for 2nd review
 
Line: 17 to 17
  A. State law enforcement interests mandate specific technological solutions which allow for increased traceability of the behavior of individuals over electronic communications networks.

Changed:
<
<
B. In order to achieve this purpose, the state has to engage either in regulation of technology directly (regulation by legislation) or indirectly by incentivising the providers of communications hardware and software to adopt a preferable techological solution.
>
>
B. In order to achieve this purpose, the state engages either in regulation of technology directly (regulation by legislation) or indirectly either by incentivising the providers of communications hardware and software to adopt a preferable technological solution or by influencing the adoption of certain industry standards
  C. Being for-profit entities, these intermediaries are primarily concerned with minimizing losses, by avoiding governmental contempt which could lead to administrative penalties or other sanctions.

Line: 33 to 33
 Our recent discussion regarding encryption technology not only demonstrates that the state can have an interest in regulating electronic communications code (as this allows for better enforcement and traceability), but also that such control can be exercised through commercial technologies, when the latter are favored by regulation.

A. + B. In the U.S., both the Arms Export Control Act (and the Traffic in Arms Regulations) as well as the Communications Assistance for Law Enforcement Act (CALEA, enacted in 1994) dealt with the critical issue of cryptography and the danger that this technology may pose to national defense and law enforcement respectively.

Changed:
<
<
In the wake of widespread migration to digital telephony and data networks such as the net, CALEA’s purpose was to enhance the ability of law enforcement and intelligence agencies to conduct electronic surveillance by requiring that telecommunications operators and manufacturers of telecommunications equipment take necessary steps to ensure that their equipment and services support built-in surveillance capabilities, so as to allow state monitoring of communications traffic in real-time. Around the same time (1993), the U.S government developed and promoted an encryption device to be adopted by telecommunications operators for voice transmission, the “Clipper Chip”. The core of that concept was based on the ability of the Government to override the encryption technology at will (“established authority”), since the cryptographic key of every device bearing the chip would be put in governmental escrow. Although this initiative met considerable protest (see here for example), the U.S. government continued to press for key escrow by offering incentives to manufacturers (e.g. by allowing more relaxed export controls if key escrow was part of the software exported - for a more detailed account, see here (pp.15-17) - or by using the government's power as a major consumer of cryptographic products to rig the market). Still, with the release and swift propagation of independent free software such as PGP and Nautilus (open source software which provided strong encryption without key escrow requirements), it became impossible for the U.S. government to effectively advance its preferred encryption technology. After all, due to consitutional concerns, the adoption of such technology was voluntary. However, the solution did not come from large commercial entities, but from small grassroots initiatives.
>
>
In the wake of widespread migration to digital telephony and data networks such as the net, CALEA’s purpose was to enhance the ability of law enforcement and intelligence agencies to conduct electronic surveillance by requiring that telecommunications operators and manufacturers of telecommunications equipment take necessary steps to ensure that their equipment and services support built-in surveillance capabilities, so as to allow state monitoring of communications traffic in real-time. Around the same time (1993), the U.S government developed and promoted an encryption device to be adopted by telecommunications operators for voice transmission, the “Clipper Chip”. The core of that concept was based on the ability of the Government to override the encryption technology at will (“established authority”), since the cryptographic key of every device bearing the chip would be put in governmental escrow. Although this initiative met considerable protest (see here for example), the U.S. government continued to press for key escrow by offering incentives to manufacturers (e.g. by allowing more relaxed export controls if key escrow was part of the software exported - for a more detailed account, see here (pp.15-17) - or by using the government's power as a major consumer of cryptographic products to rig the market). However, one of the reasons which led the U.S. Government to gradually abandon its preferred encryption technology was the release and swift propagation of independent, free, and considerably better software such as PGP and Nautilus (open source software which provided strong encryption without key escrow requirements). After all, due to consitutional concerns, the adoption of such technology was voluntary. This response to governmental plans did not originate from large commercial entities, but from small grassroots initiatives.
 
Changed:
<
<
C. + D. Indeed, by enabling both confidentiality and identification, encryption technology can be perceived as both “liberating” and “oppressive” technology, depending on the actual parameters that define its use. The aforementioned examples demonstrate that as software or hardware development becomes a commercial activity, it is produced by a smaller number of for-profit entities, which, in turn can be incentivized or disincentivized by the state in adopting specific technological solutions or complying with governmental regulations. Although, for example, the IT-savvy community has argued that such an artificial attempt to control the flow of information and to restrain it within the U.S. would be futile, still, companies in the business of producing encryption technology prefered to comply with government regulations, in fear of invoking government contempt (or worse). Likewise, a company called Network Associates (the successor of the PGP software), originally a strong opponent of encryption regulation, started to offer products that adopted key recovery mechanisms for corporations. With regard to the hardware industry, Cisco provides us with another example of a company submitting to governmental incentives through regulation: In 1998, it announced a router that would enable encryption (thus providing encryption at the OSI network layer, not the application layer, as it is the case with software such as PGP), but which would contain a switch which would allow the government to override such encryption (p.71) so as to monitor internet traffic.
>
>
However, the aforementioned observations should be viewed with a grain of sand: the limited scope of the present article fails to demonstrate the magnitude of intricacies involved not only with respect to the interests of various actors engaged in the hardware manufacture or software production for telecommunication equipment, but also with respect to the attempts to regulate the industry, either directly or through the establishment of standard setting organizations (SSOs). The stakes and interests of each party differ, depending on this party's position in the industry (hardware manufacturer, software provider, network operator, various law enforcement agencies, different states and jurisdicitons, state-influenced SSOs, privacy-sensitive NGOs, etc.), and its size and influence either on the rest of the sector-specific industry (e.g. telecoms hardware), the general telecommunications market, or even the public at large; This dynamic and ever-changing "universe" of technological challenges and power relationships between different actors creates an environment in which attempts to predict the outcome of the osmosis between politics, law and technology are often nothing more than wishful thinking. However, much of the debate centers on the degree of control asserted over the routers of a telecommunications network, as network operators want to maintain control of their network, and law enforcement parties want real time monitoring of the information passing through the routers. In this context, the questions remains how encryption technologies disrupt or promote the aforementioned goals.

C. + D. Indeed, by enabling both confidentiality and identification, encryption technology can be perceived as both “liberating” and “oppressive” technology, depending on the actual parameters that define its use. The aforementioned examples demonstrate that as software or hardware development becomes a commercial activity, it is produced by a smaller number of for-profit entities, which, in turn can be incentivized or disincentivized by the state in adopting specific technological solutions or complying with governmental regulations. Although, for example, the IT-savvy community has argued that such an artificial attempt to control the flow of information and to restrain it within the U.S. would be futile, still, companies in the business of producing encryption technology preferred to comply with government regulations, in fear of invoking government contempt (or worse). Likewise, a company called Network Associates (the successor of the PGP software), originally a strong opponent of encryption regulation, started to offer products that adopted key recovery mechanisms for corporations. With regard to the hardware industry, Cisco provides us with another example of a company submitting to governmental incentives through regulation: In 1998, it announced a router that would enable encryption (thus providing encryption at the OSI network layer, not the application layer, as it is the case with software such as PGP), but which would contain a switch which would allow the government to override such encryption (p.71) so as to monitor internet traffic.

 The aforementioned cases indicate that the state may influence the supply of hardware and software by commercial entities, by effectively asserting indirect control over the commercial entities themselves. A final and more recent example may be that of Google and its political/business interaction with the Chinese government: Google adopts the technology mandated by brute political force; Chinese governmental concerns about information over the net are fully addressed (since they are embedded in computer code) and Google can access and profit from the Chinese market. It takes a couple of golden handshakes and historical or current politically sensitive issues like “Tiananmen Protests” or “Tibetan independence” are seamlessly purged from the Google search results. A similar story took place with Yahoo! in 2002, whereas Microsoft's Bing it the most recent example search engine that respectfully bowed down before Party propaganda.
Changed:
<
<
E. In this context, communications software and hardware acquires a meaning that surpasses the field of engineering. It becomes a form of control and thus a focus of political contest and choice (p. 28). And in such political contest, free software (“free as in free speech”) acquires its full potential. In contrast to the top-down ("cathedral") model of organisational structure and production, where directives are set by the top and followed incontestably, the process behind free software production resembles more a "great babbling bazaar of different agendas and approaches", where authority follows and derives from responsibility and participation: the more an individual contributes to a project and takes responsibility for the pieces of software, the more decision authority that individual is granted by the community. This Aristotelian context of participation (in which the latter is perceived as a manifestation and reward of the highest virtue, underlines both the open source software production process and participatory democracy).
>
>
Again, it should be stated that the aforementioned examples risk to create a false and simplified image about the tensions and stakes involved in the telecommunications industry, by emphasizing primarily on the relationship between the state and the major telecom or Internet private players: in this particular context, the ultimate question of remains unaddressed, touching upon the Platonic debate on control, government and morality: if the government manages to assert total control over the established networks and standards, quis custodiet ipsos custodes? Is "national security" or "battle against terrorism" a new form of "noble lie"? And what will be the role of encryption in the communications infrastructure? Will it still be possible to push it at the "edge" of the -still- dum network, which would allow us to encrypt all content we transmit over it, or will such control over the network eventually lead to it gaining more "intelligent" capabilities, thus filtering out all encrypted material (or at least, all material which is encrypted by not authorized to be encrypted)? At the time being, it seems that we are benefiting from the inertia created by the complexity of the system, which allows for a certain degree of privacy and anonymity.

E. Still, regardless of how complex these relationships are, I hope that the foregoing discussion has demonstrated that communications software and hardware acquires a meaning that surpasses the field of engineering. It becomes a form of control and thus a focus of political contest and choice (p. 28). And in such political contest, free software (“free as in free speech”) acquires its full potential. In contrast to the top-down ("cathedral") model of organizational structure and production, where directives are set by the top and followed incontestably, the process behind free software production resembles more a "great babbling bazaar of different agendas and approaches", where authority follows and derives from responsibility and participation: the more an individual contributes to a project and takes responsibility for the pieces of software, the more decision authority that individual is granted by the community. This Aristotelian context of participation (in which the latter is perceived as a manifestation and reward of the highest virtue, underlines both the open source software production process and participatory democracy).

 

# * Set ALLOWTOPICVIEW = TWikiAdminGroup, NikolaosVolanis


Revision 14r14 - 03 Feb 2010 - 06:04:44 - NikolaosVolanis
Revision 13r13 - 31 Jan 2010 - 00:27:04 - NikolaosVolanis
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM