US gives Iran more net freedom – but what about Syria?

By Tsering

Flickr Creative Commons | Turkletom

By Jillian C York | The Guardian | June 16, 2010

Iranian web users recently received some good news: following the media frenzy over last year’s elections, the US has chosen to relax export controls related to technology, giving users access to previously unavailable communications tools. The changes will affect not only Iran, but Sudan and Cuba as well, countries where free internet use has long been stifled by US restrictions.

In March the treasury department’s office of foreign assets control (OFAC) announced the amendments to current controls to “ensure that individuals in these countries can exercise their universal right to free speech and information to the greatest extent possible”. The amendments will allow those netizens to download software related to communications, such as instant messaging and chat clients, and tools related to social networking, and also permit the export of the same types of software to Iran and Sudan.

This news comes at a time when dialogue surrounding freedom of expression online is at a fever pitch in the United States. Secretary of state Hillary Clinton, in her celebrated January speech on internet freedom, stated that American companies need to take a principled stand against censorship, and that it should be part of the country’s “national brand”. In that vein, the amendments to the current export controls are a welcome gesture, both to American companies and to the netizens who benefit from their products.

Iran, of course, is an obvious target for these amendments, with nearly 30 million internet users and significant media attention in recent months. But what about Syria? Although there are no OFAC restrictions placed on Syria, the US department of commerce’s 2004 Syrian Accountability and Lebanese Sovereignty Restoration Act prohibits the export of most goods containing more than 10% US-manufactured component parts to the country. The act also includes a provision on items deemed imports, including technology or source code controlled on the Commerce Control List, though licences are available for software providers through the bureau of industry and security.

Syrian netizens have long been aware of the effects of export controls on their lives. They are prevented from downloading popular software such as Java and Adobe Acrobat, and browsers such as Google’s Chrome. Microsoft products are available, but in pirated form, or smuggled in illegally. What is surprising to many, however, is when a new ban suddenly emerges; each year, a number of software providers seemingly crack down on Syrian users, often blocking access to entire websites for fear of non-compliance with the act.

For example, in early 2009, Syrian visitors to the professional networking site LinkedIn were surprised to be met with a blockpage. Though the full-on block was quickly removed, to this day users are barred from accessing the site’s proprietary software. Similarly, in January 2010, open-source code repository SourceForge began blocking the IP addresses of users in Iran, Sudan, Cuba, North Korea and Syria, much to the dismay of open-source enthusiasts. Though in the end, SourceForge removed the blanket block – placing responsibility on project managers to choose their level of restriction – the fact remains that a large swath of open-source projects are still off limits to users from restricted countries.

But in Syria, just as in Iran, the internet serves as an important communications and organising tool for dissidents and average users alike. And when you consider the fact that the Syrian government filters the internet internally as well (blocking sites such as Facebook and Blogspot, among many others), you realise that users are left with very little wiggle room.

If Hillary Clinton is serious about promoting internet freedom to all, she would be wise to consider the effects of the Syrian accountability act on the average Syrian netizen and what that means for the United States’ “brand” of internet freedom.

Privacy in Peril: Lawyers, Nations Clamor for Google Wi-Fi Data

By Tsering

Flickr Creative Commons | Sébastien Bertrand

By David Kravets | Wired Magazine | June 11, 2010

A hard drive with perhaps several hundred gigabytes of internet surfers’ private data resides under lock and key in a Portland, Oregon, federal courthouse.

Regulators and private lawyers across Europe and the United States are demanding, and in some cases obtaining, access to data that Google sniffed for the past three years from unsecured Wi-Fi hot spots across the globe.

The requests are coming in some of the eight proposed class actions targeting Google that have cropped up across the United States, as well as from various governments investigating whether Google violated their laws.

The demands for data raise a paradox of sorts: How many eyeballs, in the name of privacy, will eventually see the data that likely includes snippets of e-mail, web surfing, documents and other private data?

“It will be relevant evidence in our lawsuit. We will ask for production of that data. Lawyers representing plaintiffs in the case will review the data,” said Patrick Keyes, a top lawyer in one of the proposed class actions lodged in the District of Columbia. “This would be in the context of presenting the legal interests of those who have had their data intercepted, and would typically be produced under a protective order.”

Google has already said it would forward to German, French and Spanish authorities the portion of the data intercepted in those countries.

No government agency in the United States has yet demanded a copy of the intercepted data, but several are investigating Google.

Missouri Attorney General Chris Koster said he wanted to “scrutinize this situation” while Connecticut Attorney General Richard Blumenthal has demanded “detailed records on any information taken from networks” from his state.

Federal Trade Commission Chairman Jon Leibowitz told Congress, “We’re going to take a very, very close look at this.”

Rep. Joe Barton (R-Texas) said Friday that Google’s actions “warrants a hearing, at minimum.”

Ironically, it appears that protecting privacy and administering justice might just involve violating privacy.

“That’s true. All of this raises a lot of First Amendment questions,” said Jeffrey Chester, director of the Center for Digital Democracy. “It is problematic. Some of these lawyers see a quick buck without thinking of the consequences.”

U.S. District Judge Michael Mosman in Oregon has locked away the data (.pdf) as that class action proceeds. ISec Partners, a San Francisco security consulting firm, has made encrypted copies of the drives at Google’s request and destroyed the originals.

“The encryption keys for these drives are possessed by only myself and one other person. and the hard drives are securely stored in a safe controlled by Google’s physical security team,” (.pdf) Alexander Stamos, one of iSec’s founding partners, told the Oregon judge in a court filing before the data was forwarded to the Portland courthouse.

But Aaron Zigler, a lawyer in the Illinois class action, said, “I don’t want to see the actual data that has been intercepted.”

Class members of the lawsuits can be determined without actually reading the contents of the payload data packets, he said. “There is enough data to figure out who everyone is: date, time and location, and unique MAC addresses of the Wi-Fi network they intercepted,” he said.

Pablo Chavez, director of public policy for Google, said in a letter to Congress released Friday that Google is “aware of only two instances when any Google engineer even viewed the payload data.”

“The first instance involved the individual engineer who designed the software,”  (.pdf) he wrote. “The second instance was when we became aware that payload data may have been collected from unencrypted Wi-Fi networks, and a single security engineer tested the data to verify that this was the case.”

Google has repeatedly said it is working with the relevant government investigators, and is demanding that all the litigation be consolidated in California, where it’s headquartered.

The Mountain View internet giant maintains the collection of data while taking photos for its Street View program was inadvertent –- the result of a programming error with code written for an early experimental project that wound up in the Street View code (.pdf), an explanation some of the lawyers suing Google have disputed.

Google said it didn’t realize it was sniffing packets of data on unsecured Wi-Fi networks in dozens of countries for the last three years, until German privacy authorities questioned what data Google’s Street View cameras were collecting. Street View is part of Google Maps and Google Earth, and provides panoramic pictures of streets and their surroundings across the globe.

And Google said no U.S. wiretapping laws were breached because the Wi-Fi signals were “readily accessible to the general public” (.pdf).

At least insofar as the proposed class actions were concerned, Jennifer Granick, a civil liberties attorney with the Electronic Frontier Foundation, suggested having a judge or a so-called “special master” sift through the data to determine whose data Google obtained. That should only happen if Google is found to have done something unlawful, she said.

“This raises my eyebrows,” she said. “I don’t think we need to know what any of this data is yet, because there’s nothing to suggest Google did this intentionally.”

Google Calls for U.S., Europe to Crack Down on China Web Censorship

By Tsering

Flickr Creative Commons | Tim Yang

By Clint Boulton | eWeek.com | June 10, 2010

Google Chief Legal Officer David Drummond wants the U.S. and European governments to nudge China to cease its censorship of the Internet because it restricts free trade. The Internet sector is vital to Google’s hopes for international expansion. China boasts more than 400 million Web users and Baidu is the leading search engine in mainland China. Censorship in the form of the Great Firewall of China has been a long-standing complaint about China from Google, Yahoo, Microsoft and other companies looking to extend their tendrils in Asia.

Google wants the U.S. and European governments to nudge China to cease its censorship of the Internet, the search engine’s lead lawyer told the Associated Press in Brussels.

David Drummond, chief legal officer and senior vice president of corporate development at Google, June 9 said that China’s censorship restricts free trade for the Web, where Google is hungry to expand in China.

Western governments should defend the free trade for the Internet with the same kind of rules that they use to complain of China’s sale of products below cost, Drummond added.

Censorship in the form of the Great Firewall of China has been a long-standing complaint about China from Google, Yahoo, Microsoft and other companies looking to extend their tendrils in Asia while enjoying the same fair trade rules they enjoy in the U.S.

The sticky issue reared its head again in January when Google said it discovered a cyber attack originating from China in which users Gmail accounts were accessed.

Threatening to cease doing business in China entirely, Google in March shuttled its Chinese search operations to the region of Hong Kong, which doesn’t follow the same censorship restrictions as mainland China.

Shortly after this move, Google co-founder Sergey Brin told The Guardian he hoped the U.S. would make China’s Web censorship a “high priority.”

While the U.S. publicly supported Google’s position, little has happened on this front.

In country, U.S. President Barack Obama and his administration are dealing with issues such as the Deepwater Horizon oil rig disaster, in which thousands of barrels of crude oil are blotting the Gulf of Mexico each day.

Drummond called the hack attack the “final straw” and reinforced the company’s stance that China’s censorship restricts free trade.

“Censorship, in addition to being a human rights problem, is a trade barrier,” said Drummond, according to the AP. “If you look at what China does — the censorship, of course, is for political purposes but it is also used as a way of keeping multinational companies disadvantaged in the market.”

“It should be obvious that the Internet sector is very important to the west and so we should be working on seeing that that kind of trade is protected.”

Holding sway in China is crucial to Google’s hopes for international expansion. China boasts more than 400 million Web users and Baidu is the leading search engine in mainland China. Being marginalized at Google.hk won’t do anything to help Google challenge the incumbent there.

The U.S. could make a case versus China with the World Trade Organization, though Drummond wouldn’t go so far as to suggest that.

He did say he received some support in the U.S., French and German governments and with the European Union executive for pressing Google’s case against Chinese Web censorship.