“Cyberspace” must die. Here’s why

We’re halfway through the second decade of the 21st century and people are still talking about “cyberspace”. This has to stop. The term has become not only outmoded, but downright dangerous.

Burning Chrome, the short story in which William Gibson introduced the term "cyberspace"

Burning Chrome, the short story in which William Gibson introduced the term “cyberspace”

“Cyberspace” suggests a place other than the real world. Perhaps that’s how things once felt, when online life was still sparkly and anarchic back in the 1980s, but that’s not where we are now. Everything’s going online. When Eric Schmidt said last month that “the internet will disappear”, he was right – the online and offline worlds will merge to such a degree that the connecting infrastructure will no longer be apparent and the split will be meaningless.

But still we constantly hear media and politicians and policy-makers refer to this other realm. Last month the U.K. government talked about keeping businesses “safe in cyberspace”. U.S. president Barack Obama talks about “threats in cyberspace” and “securing cyberspace”. Israel’s National Cyber Bureau “works to promote the national interest in cyberspace”. China has a Cyberspace Affairs Administration that promotes “a peaceful, safe and open and co-operative cyberspace” (i.e. a more heavily censored existence).

The online layer

It’s as if everyone’s talking about a new continent that recently rose up from the sea – uncharted territory or “Neuland”, in the much-mocked phrasing of German chancellor Angela Merkel. In reality, what they’re referring to is an online layer that augments the offline world, thanks to the physical infrastructure that is the internet.

The problem with “cyberspace” is that the word suggests a place where different rules apply, and as such it can be misleading. We all need protection from theft and fraud, whether it takes place online or offline. If we’re tracked and spied upon in the online layer, the effect is similar (though more surreptitious) to being stalked around town and in the living room. Online harassment can be as painful as being menaced in the street. We cannot allow the impact of rights violations to be downplayed because they take place online, and we create such a risk by referring to the online world as another, less immediate place.

The need to abandon the false digital dualism embodied in the term “cyberspace” (hat tip to Nathan Jurgenson and PJ Rey) becomes more urgent as everyday items become connected to the internet. To appreciate how anachronistic the word has become, consider whether your fitness tracker or smart thermostat exists in cyberspace or the real world. When leaked NSA documents talked about strong decryption capabilities as the “price of admission for the U.S. to maintain unrestricted access to and use of cyberspace,” that wasn’t about mastering Neuland. It was about being able to access and exploit the entire connected world, smart homes and all.

[pullquote person=”” attribution=”” id=”913012″]The problem with “cyberspace” is that the word suggests a place where different rules apply, and as such it can be misleading.[/pullquote]

Of course, the online layer is a deeply complex and occasionally paradoxical concept that requires much philosophical digestion and even more political adjustment. For one thing, it’s a layer that spans discrete jurisdictions while lacking inherent borders, creating a conundrum that’s exemplified in Europe’s “right to be forgotten”. Whether it’s a good idea or not, Europe has the right to tell Google to remove certain links from its results within its territory, but it doesn’t have the right to make Google remove those links outside the EU.

At the same time, the technical reality of the online layer makes it difficult or perhaps impossible for Google to meaningfully enforce its right in Europe without applying it globally, because the layer’s borderless nature makes circumvention far too easy. Is there an easy answer to this? Not without some kind of New World Order. But reality is complex — we’ll probably need carefully drafted international treaties to manage this issue — and the reductiveness of a concept like “cyberspace” won’t help us get where we need to go.

Give and take

“Cyberspace” denotes a place but, if anything, it’s about the elimination of spatial concerns as we socialize, collaborate and work together across the world. As such, it’s an awkwardly-named property of the online layer — related to the shared “internet commons” idea — rather than a good descriptor for the layer itself. It’s only one property among many; the online layer still remains tied to the framework of the nation state, with all its political and legal implications, and so it must for now. Citizens of a particular country can’t live under one set of laws and norms offline, and another online.

Minecraft Reality augmented reality app

Minecraft Reality augmented reality app

The information ethicist Luciano Floridi refers to the “onlife experience” as the state in which we are increasingly living. There’s a lot of value in that concept, though we’re not really there yet. The online and offline layers are inextricably bound, but there’s still a lot of friction that will have to be resolved.

Governments and others whose nature and ideas are rooted in offline structures may want the online layer to conform to those, but its technical properties require the fundamental rethinking of many offline social and legal concepts. What does “theft” mean in the online sense, where the original copy of the “stolen” data remains in place? How do social norms around not listening in on or butting into private conversations in a public space apply on Twitter?

At the same time, the connected world is something that’s being shaped by us, and the technical nature of its online layer will ultimately be tempered by our choices and needs. For example, the corporate spying that funds the current free-services model may have to be reined in to respect our inherent right to privacy, even though our understanding of privacy will inevitably adapt to exploit the potential of pervasive connectivity. There will be a lot of give and take.

We have a long way to go before the online and offline layers coexist in “onlife” harmony, and at that point we may as well just call it “life.” But that’s the end state we’re aiming for, and if we’re going to build it with conceptual clarity, then we need to abandon the idea of “cyberspace” and the baggage it’s accumulated since William Gibson coined it (with little semantic intent) over three decades ago.

It’s all the real world now.

Report: US to grant foreigners limited NSA data deletion rights

The U.S. administration is set to make a few changes to the country’s mass surveillance practises, according to a New York Times report late Monday.

The piece, which appears to be based on official leaks ahead of a Tuesday announcement, suggested foreigners will get for the first time get limited rights regarding how their personal data is treated after it’s been scooped up by agencies such as the NSA. Whereas the data of Americans would be deleted after incidental collection, foreigners’ data would be deleted after five years.

This is a small step – it’s arguably better than nothing, and most countries’ surveillance operations don’t grant privacy rights to foreigners. However, that doesn’t make the NSA’s practices OK, particularly as they and their “Five Eyes” partners have unrivalled access to foreigners’ data.

Data collection still violates the right to privacy, and the discrimination between Americans and non-Americans still falls foul of the basic human rights tenet that maintains all people should enjoy equal protection under the law, as stated in Article 26 of the International Convention on Civil and Political Rights (ICCPR). As it happens, the U.S. ratified the ICCPR with one “reservation” being that discrimination is allowed when it is “rationally related to a legitimate governmental objective.” The U.S. Constitution also grants equality under the law, but its application to foreigners outside U.S. borders is a complex matter.

Then again, human rights are inalienable and countries don’t grant them – they recognize them, or not. Even if the U.S. is about to grant foreigners some legal rights regarding the deletion of their recorded/stolen personal data, the 95 percent of the world’s population living outside those borders still has good reason to complain about their treatment by the NSA.

The White House’s changes would also formalize a process about the monitoring of international leaders, that was drawn up after the embarrassing revelation — from the Snowden documents – that the NSA was spying on German Chancellor Angela Merkel. The NYT piece was fuzzy on this: It seems some leaders are off the spy list and some aren’t.

The gag orders associated with national security letters – the orders that force communications providers to hand over customer data – will also “presumptively” end after three years, the article stated, although “mid-level” intelligence agents will be able to plead for continued secrecy.

This article was updated at 4am PT to note that most countries’ surveillance operations don’t grant privacy rights to foreigners.

UK’s Cameron wants Obama to take his side in new crypto war

British Prime Minister David Cameron is reportedly set to ask President Barack Obama to apply pressure to U.S. tech firms that offer fully encrypted communications, to compel them to break the encryption to aid investigations.

Cameron said a few days ago that, if re-elected in May, he will “not allow modern forms of communication to be exempt from the ability, in extremis, with a warrant… to be exempt from being listened to.”

After people drew the logical conclusion that this meant banning communications that use strong, end-to-end encryption, Cameron’s office gave off-the-record briefings claiming he was misunderstood and would not ban encryption or encryption-using internet companies from plying their trade in the U.K., but that he was rather talking about using existing powers and getting communications providers to comply with existing laws.

Nice try. “Getting providers to comply” is in line with what British intelligence chiefs have been calling for – the backdooring of services such as [company]Facebook[/company]’s WhatsApp and devices such as [company]Apple[/company]’s iPhone, to which the companies themselves cannot currently hold the keys. If the companies are forced to do this, it still effectively amounts to banning proper strong encryption, because it would force the companies to abandon or break such technology. (And even if this happens, tools such as PGP that have no underlying company to serve with a warrant will still let people communicate in secret.)

But anyway, this much has been pointed out before — see the earlier crypto wars — and no doubt will again. So Cameron is in Washington on what was meant to be an electioneering “pose with Obama” trip, before its nature was altered by last week’s Paris attacks. According to reports in the Guardian and Wall Street Journal, Cameron wants Obama to “more publicly criticize” Facebook and the like for rendering court orders pointless.

The U.S. Department of Justice also wants backdoors, and it’s trying to use an 18th-century federal law called the All Writs Act to compel Apple to aid criminal investigations involving encrypted iPhones. At the same time, though, Obama is under pressure from the other side. Companies such as Facebook are furious that Edward Snowden’s revelations of NSA surveillance have damaged the image of U.S. tech firms in the eyes of the world and weakened internet security in general – hence the fact that WhatsApp now offers end-to-end encryption to users of its Android app.

According to the WSJ, in addition to urging Obama to pick sides, Cameron also wants companies such as Facebook to “proactively monitor their users to spot budding national security threats.”

The U.K. is already demanding that these companies store and offer up records of users’ communications metadata – a mass surveillance program covering who contacted whom and when, as opposed to the contents of communications that Cameron now wants for targeted investigations. This became part of British law (albeit only until the end of 2016) thanks to the “emergency” Data Retention and Investigatory Powers Act (DRIPA) that was rushed through in July 2014.

The Counter-Terrorism and Security Bill, which is currently going through the legislative process in Parliament, would also compel online communication service providers such as Facebook to keep data showing who used which IP address and at which point in time, so that the U.K. authorities can more accurately identify people who break the law online.

China slams cyberattacks after Sony job leads US to ask for help

The United States has asked China for help in blocking cyberattacks emanating from North Korea, officials told CNN and the New York Times in the wake of the attack on Sony Pictures that the U.S. administration has now pinned on North Korea. And now China has responded, albeit obliquely.

On Monday, the Chinese foreign ministry said the country “opposes any country or individual using other countries’ domestic facilities to conduct cyberattacks on third-party nations,” according to a Reuters report. Chinese Foreign Minister Wang Yi told U.S. Secretary of State John Kerry that “China opposes all forms of cyberattacks and cyber terrorism.” However, China said there was still no proof that North Korea had perpetrated the attack.

North Korea isn’t exactly a highly-connected nation — only a few high-level officials are allowed to access the global internet – but what access it does have mostly flows through Chinese networks. There have been reports that the attack on Sony Pictures emanated partly from China (though such attacks can be routed through proxy servers pretty much anywhere.)

North Korea itself released a statement over the weekend, denying involvement in the hack and saying “the U.S. should not pull up others for no reason.”

The colorfully-phrased statement included this:

It is a common sense that the method of cyber warfare is almost similar worldwide. Different sorts of hacking programs and codes are used in cyberspace. If somebody used U.S.-made hacking programs and codes and applied their instruction or encoding method, perhaps, the “wise” FBI, too, could not but admit that it would be hard to decisively assert that the attack was done by the U.S….

After all, the grounds cited by the FBI in its announcement were all based on obscure sci-tech data and false story and, accordingly, the announcement itself is another fabrication. This is the DPRK’s stand on the U.S. gangster-like behavior against it.

China, of course, has spent much of 2014 engaged in a war of words with the U.S. over hacking. It began in May, when the U.S. charged several Chinese officials over the alleged hacking of U.S. firms for economic espionage reasons, and since then China’s authorities have been generally making life hard for U.S. firms trying to do business there. China, which has enthusiastically pointed to Edward Snowden’s revelations about U.S. cyber-naughtiness, said in October that the country was “resolutely opposed” to hacking.

Act of vandalism, not war

The Sony Pictures hack saw the theft of reams of the company’s strategic and commercial information, as well as employees’ personal information and several unreleased films.

Although the motives of the “Guardians of Peace” hackers were initially unclear, speculation that the attack was related to the imminent release of a Seth Rogen comedy called The Interview crystallized over the last few weeks. After theaters were threatened with some kind of physical attack if they screened the movie, which features a plot to assassinate North Korean dictator Kim Jong-un, Sony cancelled its release.

Following criticism by U.S. President Barack Obama for pulling The Interview, Sony is now insisting that it will release it somehow. The file-sharing platform BitTorrent has offered its BitTorrent Bundles facility for the release, though Sony has yet to respond.

Obama described the attack as a “very costly, very expensive” act of cyber-vandalism rather than an act of war, but he said he is considering putting North Korea back on the U.S.’s list of sponsors of terrorism, as part of the official response.

Experts skeptical

However, despite the U.S. administration and the FBI finally having gone on the record in blaming North Korea, many in the security community remain deeply skeptical. Marc Rogers, principal security researcher at Cloudflare, wrote over the weekend that the evidence for that attribution – at least, the evidence that has been shown to the public — was weak.

The FBI said that there were great similarities in the attack code and methods between the Sony job and earlier attacks attributed to North Korea, but Rogers pointed out that the evidence for North Korea having been behind those earlier attacks was “flimsy and speculative at best.” He pointed out that many components of the malware were publicly available and easy to use, and noted that almost all the IP addresses used in the Sony attack were proxies that were again open to the public.

A message allegedly posted by the Guardians of Peace over the weekend accused the FBI of being idiots in concluding that North Korea was the culprit.

Meanwhile, south of the Korean DMZ there is concern over the safety of several nuclear power plants. Unidentified hackers have warned the Korea Hydro and Nuclear Power Co. that the reactors should be shut down or people should “stay away from them. The hackers stole equipment designs and manuals and posted them online. While the energy company has played down the threat to the plants’ safety, it is conducting drills to test defences against a cyberattack.

This article was updated at 2.55am PT to include North Korea’s statement and again at 3.10am PT to note China’s comments on the evidence.

With a line of JavaScript, Obama now the first Coder In Chief

It’s not enough to preach teaching kids how to code — today U.S. President Barack Obama took his turn at the keyboard to do a few exercises and learn how to write a line of JavaScript, too.

US President Barack Obama works with a middle-school student on December 8, 2014.

US President Barack Obama works with a middle-school student on December 8, 2014.

Obama became the first U.S. president to write a computer program as part of a White House-sponsored “Hour of Code” event. This is the second year Code.Org has organized a campaign to teach kids (and government leaders) worldwide the fundamentals of programming. Across the Atlantic, U.K. Prime Minister David Cameron also spent an hour of code learning with young students in Britain.

U.S. President Barack Obama, right, talks to middle-school students who are participating in an "Hour of Code" event in honor of Computer Science Education Week.

U.S. President Barack Obama, right, talks to middle-school students who are participating in an “Hour of Code” event in honor of Computer Science Education Week.

Surveillance-limiting USA Freedom Act fails to clear Senate

The flawed bill fell two votes short of what was needed, creating an odd situation where the bulk collection of communications records and other metadata can continue for now, but some of the underpinning legislation becomes likely to expire in mid-2015.

Why Obama can’t care about climate change

President Obama’s State of the Union was unsurprisingly thin on support for cleantech and alternative energy, instead opting to focus on U.S. oil production, his ‘all of the above energy’ strategy, and the prospects of natural gas exploration.
Environmentalists and really anyone concerned about climate change were dismayed. Sierra Club Executive Director said, “Last night’s speech clearly showed that the administration has not yet reconciled the discrepancy between its energy and climate policy.”
Bill McKibben, founder of 350.org, an organization devoted to ending climate change, has been more critical of Obama. “The problem is that this all-of-the-above energy policy is, in practice, an all-of-the-below policy. It’s a policy that promotes digging up every form of hydrocarbon we can find on this planet. If one were serious about dealing with climate change, one would not have an all-of-the-above policy.”
So why is Obama so hesitant to really tackle climate change head on? The National Journal points out that Obama “went small on energy and climate change” to avoid conflict. While that’s true at an inside the beltway level, I’d make another argument.
Americans don’t think climate change is a priority.
Poll after poll shows that Americans are unconcerned about climate change, marginally more concerned about rising temperatures and primarily concerned about the economy. Typically when asked whether addressing climate change is a priority for the U.S., climate change polls in the high 20s. Not blockbuster numbers when economic issues like unemployment, social security and terrorism poll in the 70s.
The annual Pew Research Center survey conducted the week prior to the State of the Union confirmed this problem. Of 20 possible priorities, dealing with global warming came 19 out of 20. Dealing with global trade issues came last. Strengthening the nation’s economy came first.
Which would explain why Obama mostly addressed the promise of natural gas, which will slow carbon emissions but do nothing to help address climate. Natural gas is viewed as an economic and job driver. Obama also emphasized the growing reality that the U.S. is becoming an oil and gas leader and is heading toward energy independence on the back of increasing fossil fuel production. He trumpeted the fact that the U.S. is now producing more oil at home than it imports.
Obama is facing some of the worst polling figures of his career, with a 43 percent approval rating, down 9 points from a year ago. This is a major concern for Democrats as they head toward midterm elections. (I was interested to see how one of the first things Obama did during the State of the Union was recognize the work of the first lady. She continues to poll incredibly well, with favorability ratings close to a whopping 70 percent. Americans love her. Almost makes me wonder if she could run office.)
So where does all this leave us? In the abstract Americans believe that climate change is occurring and are beginning to make causal connections between extreme weather and human behavior. But they just don’t rate climate change as a priority.
This is a vexing problem because environmentalists can only ask politicians to expend so much political capital advocating policies that could make getting re-elected more difficult. Initiatives like the Yale Project on Climate Change Communication are actively trying to address the question of how to address Americans’ awareness and thinking surrounding climate change and I applaud their efforts.
But I’d love to see this become an even bigger issue for the renewable energy sector, with perhaps the formation of a larger lobbying organization whose primary function is public education surrounding climate change. This organization would need to be well financed by the private sector as an acknowledgement that the overall renewable energy sector would greatly benefit from an educated public. Whether you’re Nest, SolarCity, Tesla, or Silver Spring Networks, it’s in your interest to have a public that wants to address climate change.
Because with a public more concerned about climate change, you might get a president whose a bit less gung ho on carbon emitting natural gas and bit more willing to use the State of the Union to endorse the promise of clean energy.