Profile cover photo
Profile photo
Rick Falkvinge
Traveling Speaker on Information Policy
Traveling Speaker on Information Policy


Post has attachment
Security researcher revealing "secure" advertising claim by DigiExam as Utterly False threatened with copyright monopoly lawsuit over disclosure. New article.

So it's happened again - a security researcher showing a marketing claim to be atrociously false has been threatened with a copyright monopoly lawsuit to take down the posted proof. The company DigiExam claims that their examination software is "cheat proof", which it can't be by definition when it's running on somebody's own computer: these are DRM fantasies. Security researcher Hannes Aspåker developed a proof of concept to show the claim is false and posted it, and was promptly hit with a threat of copyright monopoly infringement lawsuit from DigiExam to take down the proof: DigiExam is deliberately creating chilling effects on free speech in order to protect its false marketing.

[evidence of takedown threat in article, complete with deconstruction to show how utterly baseless it is from every conceivable angle]

The Internet doesn't take kindly to baseless takedown threats in order to save one's own face - in particular not copyright monopoly threats against security disclosures. This shit should be criminal. This action from DigiExam was far more harmful than the security bulletin in the first place, and they deserve to know what the Internet thinks of their shit. This kind of behavior, to throw around force and legal threats to deliberately create chilling effects against researchers who reveal your marketing claims as bullshit, is one of the least acceptable things conceivable to free speech.
Add a comment...

Post has attachment
Five years of Cookie Law: Politicians' good intentions and incompetence created a security and privacy nightmare. New column on Privacy News.

Five years with the “cookie law”, taking effect in 2011, shows how politicians’ good intentions – when coupled with incompetence – can create a security and privacy nightmare. It was supposed to give users choice, privacy, and security. Its effect, over and above causing developer facedesks and headaches, has been the exact opposite.

In 2009, the European Parliament adopted an amended Directive on Privacy and Electronic Communications. The major new thing in the amendment was something called “consent for cookies” – requiring all users to agree to cookies being stored onto their computer from all websites.

Requiring this in the website interface, as opposed to in the browser options, has created a privacy and security nightmare that will take decades to undo. This is what happens when good intentions meets technical incompetence.

The only net effect of the cookie law is that every user has been conditioned to click “Yes, I agree” on any popup that appears when they go to a new website.

As these cookie consent dialogs take vastly different shapes, the average user won’t be able to tell a “Allow cookies? Yes/no” dialog from a “Install malware? Yes/no” one. And hence, political incompetence has created a privacy nightmare for the masses.
Add a comment...

Post has attachment
For the first time, an ISP reveals why Police demand internet subscriber identities: ordinary file sharing is the most investigated "crime". New article on Privacy News.

While the Police complain about shortage of resources, it turns out the most investigated “crime” on the net is ordinary people sharing music and movies with each other. This is in stark constrast to the everyday area person’s perception of justice, where the distribution monopoly laws command considerably less respect than even speed limits. According to the ISP, the Police are provably spending expensive resources on pointless petty trifles.

“We want to publish these statistics in order to show the Police are violating people’s privacy and spending resources on pointless trifles”, says Jon Karlung, CEO of Bahnhof.

It’s particularly noteworthy that the Police has by far the most requests for ordinary file sharing to this ISP, despite this ISP never releasing such data for ordinary file sharing – you would assume the Police capable of learning. One would then speculate about the frequency with less-conscious ISPs, assuming it to be higher.

So the Police are prioritizing investigations against commercial distribution monopoly violations over pretty much all other crime, and are sending requests per fax. You cannot get a more descriptive picture of the legal digital divide.
Add a comment...

Post has attachment
The DAO raises $100 million: How the old world really can’t comprehend the new world. New column.

The crowdfunding to the investment company “The DAO”, which has exceeded one hundred million US dollars and counting, has the old world in confusion. “How can something leaderless run a company, or be trusted with an investment?”, we hear. This shows the real depth of the digital divide.

Star Citizen, the previous record holder for crowdfunding, is understandable to Wall Street. It is a high-end entertainment product with an experienced game designer, with some of the most successful products ever, at the helm. The CEO has recruited some of the best people in the industry. This is grokable for the old world.

And then there’s TheDAO. No leader, no incorporation, no nothing. Just a shitload of money (technical term) coming from everywhere.

“Who’s making the decisions?”

“Where’s the business plan?”

“What’s the investment idea?”

*What the old world fails to see is that there is leadership, there is a business plan, and there’s a clear investment idea. It’s right in front of them. They just fail to recognize it as such:

The source code.*
Add a comment...

Post has attachment
It's the 1800s all over again: Free enterprise never really existed before now. New column on Privacy News.

In the years 1791 to about 1850, laws were passed that abolished trade guilds as the permission-givers to run a business. But as we speak of “permissionless innovation” today, and see how these “permissionless” businesses often violate old regulations, we realize that the permission requirement to run a business never went away: the government just seized the permission issuance for itself.

The examples of organizations that have run permissionlessly and run afoul of something are legio – from known brands like Uber and The Pirate Bay to many, many small startups that never got as known. The common factor is that they built something without asking permission, provided a useful and popular service to a lot of people, and were labeled criminals for it.

What we can observe today is that we are still just as required to obtain permission to run a business as we were in the trade guild era. The effect of the “free enterprise” laws passed from 1791 onward was primarily that we had to ask the government’s permission for everything instead of the trade guild’s.

So we’ve finally arrived at an era of free enterprise, that governments claimed we had established in 1850 through the Western world. But today, it’s not free enterprise because we aren’t asking trade guilds for permission (as opposed to governments); today, it’s free enterprise because we’re not asking permission at all anymore. The difference is stark. Also, the governments are all up in arms about it.

Obviously, you’re not going to get the government’s permission to protect the Internet against the government.

For the first time, we really do have free enterprise, and it turns out to be vital for liberty.
Add a comment...

Post has attachment
Finally: Germany to abolish open wi-fi liability for users' behavior. Important and happy news.

Germany’s ruling coalition has decided to abolish the liability for users’ copyright infringements and other behavior when operating an open wi-fi access point. This weird and anachronistic liability has seriously hampered the organic net growth in Germany, and was recently challenged at the European level. The revised law is expected to take effect as early as this fall.

Germany has long been an exception to sane laws regarding open wifi, as access point operators have been legally liable for everything their users do through an open access point. In effect, this has prevented the silver-bullet open wireless defense for people sharing culture and knowledge from their homes, but it has also prevented a large growth of random, organic connectivity (which, coincidentally, is something the legacy industries don’t want to happen).

The liability law was recently challenged by German Pirate Party activist Tobias McFadden, who – in a limited scenario – challenged the liability and took it to the European Court of Justice. He had been operating a commercial establishment, providing open and free wi-fi for his customers, and argued that this gave him messenger immunity under the EU e-commerce directive. Very surprisingly for the copyright industry, and embarrassingly for Germany, the advisor to the European Court of Justice agreed with the pirate activist’s interpretation of the law.

This appears to have set off a frantic activity to remove this embarrassment to Germany, and just today, it was reported that the ruling coalition has agreed to take out the anachronistic operator liability – the Störerhaftung – for good.
Add a comment...

Post has attachment
Our children aren't inheriting the liberties of our parents: the importance of "Analog equivalent rights". New column on Privacy News.

The civil liberties of our parents are not being passed down to our children. Somehow, liberties are being interpreted to only apply to analog technology, despite this limitation being nowhere in the books. This is a disastrous erosion of the fundamental liberties our ancestors fought, bled, and died to give us.

This week, there was news of a new law passed in the US House of Representatives – the lower legislative chamber in the United States – passing a bill to require a search warrant for the government to search and seize people’s e-mail. In other words, the government would need a search warrant to obtain people’s private correspondence if it happened to be transmitted electronically, which practically all correspondence is today.

This law is bizarre. It should never have passed, because it shouldn’t be any kind of necessary. When you look at the original law giving privacy protection to people’s private correspondence, can you find any passage that says “do note that this law only applies to private correspondence when it’s sent on paper”? Of course you don’t. It was assumed, since it was the only way to correspond at the time the law was written, and besides, the focus of that law was where it was supposed to be: on protecting the privacy of correspondence, not on protecting a piece of paper as such.

What twisted interpretation of the law decided that the laws detailing our civil liberties only apply in the old world’s analog environments? Who decided that the paper, and not the correspondence, was the protected part?
Add a comment...

Post has attachment
Subway photographer connects random photos to people’s social media profiles. Game changer! New column on Privacy News.

Егор Цветков (Egor Tsvetkov), a photographer in Russia, has taken photos of random people on the subway and connected them to social media portraits and complete profiles using face matching technology. This is a game changer.

It used to be that technology was good enough to say whether two photos appeared to be of the same person. We’ve now reached an inflection point where one input photo can (mostly) be used to find the matching person among tens of millions of people, and where the processing power used is low enough for that service to be free.

You cannot hold back the mere existence of technology. In less than five years, there will be CCTV cameras which list all the people being currently in-frame with their name and social media portrait. Shortly thereafter, law enforcement will use this for automated warrant spotting, RoboCop style – or will at least very much want to.

With the technology available as a free service, scaling up the processing power is just a matter of Moore’s Law and throwing money at it. Who’s going to provide the neural network and the photo databases? There’s obviously giants like Facebook and Google, but this would also a new potential monetization for any service where a lot of people have sent photos – like Tinder. Real-time photo matching for surveillance and convenience use.
Add a comment...

Post has attachment
So GCHQ is already spying on behalf of the copyright industry. Why isn't there an outcry over this change of mission? New column on Privacy News.

In what’s almost a joke story, the BBC reports that the GCHQ tracked down what looked like a leak of a Harry Potter book somewhere on the Internet and alerted the publisher to it. It turned out to be a fake version. Still, media turns the entire story into a joke and a laughing opportunity, with the GCHQ spokesperson commenting thus: “We don’t comment on our defence against the dark arts.”

This is not a joke. Not at all.

We know since earlier that the copyright industry has been extremely, extremely, hostile to privacy. Throughout Europe, that industry were adamant for the need for the hated Data Retention Directive, which was later nuked from orbit by the European Supreme Court, citing fundamental human privacy rights. The copyright industry knows that its obsolete distribution model cannot survive in the face of sustained civil liberties – specifically, the right to communicate anonymously in private – so the industry is doing all it can to erode and dismantle that fundamental civil right.

And now it turns out, in the “laughingstock” section of mass media, that there has been a change of mission of the anti-terror surveillance agencies to also spy invasively on behalf of the copyright industry, to prevent ordinary people from sharing interesting things outside of the intended distribution monopoly. Why isn’t there a public outcry and outrage over the shock and repulsiveness of this mission creep?
Add a comment...

Post has attachment
Would you like this hypothetical telecom regulator to head up ICANN? New and important column on Privacy News.

Let’s imagine a hypothetical telecom regulator getting picked as a new head of ICANN, and the consequences it might have. ICANN is the organization regulating much of the Internet’s crucial infrastructure, and there has been a continuous power struggle between the Internet’s values of transparency and openness against the dinosaur Telecom values of walled gardens and surveillance.

Imagine a telecoms regulator heading up the Telecoms Regulation Authority in a small country that’s so small and insignificant most people on the global net-political scene just disregard it. Therefore, this particular regulator is able to claim whatever resumé he likes, as nobody would check the claims with the actual Internet community in that small country, and would be able to apply for – say – a job heading up the most important job there is defending the Internet’s values, that is, head of ICANN.

[...long description of actual events, with links...]

In summary, imagine this particular regulator in the small country having been completely at odds with the entire Internet community of that country and Internet’s values for the entirety of their career as a telecom regulator. Imagine they are so against transparency when it works against them, they would rather disappear documents and reports; imagine they are so carefree about due process, they are using their authority power to fine ISPs that don’t use mass surveillance against their own customers before the court case challenging their right to do just this is even decided.

There’s just one catch to this scenario. The person in question isn’t hypothetical.
Add a comment...
Wait while more posts are being loaded