“Cyberspace” must die. Here’s why

We’re halfway through the second decade of the 21st century and people are still talking about “cyberspace”. This has to stop. The term has become not only outmoded, but downright dangerous.

Burning Chrome, the short story in which William Gibson introduced the term "cyberspace"

Burning Chrome, the short story in which William Gibson introduced the term “cyberspace”

“Cyberspace” suggests a place other than the real world. Perhaps that’s how things once felt, when online life was still sparkly and anarchic back in the 1980s, but that’s not where we are now. Everything’s going online. When Eric Schmidt said last month that “the internet will disappear”, he was right – the online and offline worlds will merge to such a degree that the connecting infrastructure will no longer be apparent and the split will be meaningless.

But still we constantly hear media and politicians and policy-makers refer to this other realm. Last month the U.K. government talked about keeping businesses “safe in cyberspace”. U.S. president Barack Obama talks about “threats in cyberspace” and “securing cyberspace”. Israel’s National Cyber Bureau “works to promote the national interest in cyberspace”. China has a Cyberspace Affairs Administration that promotes “a peaceful, safe and open and co-operative cyberspace” (i.e. a more heavily censored existence).

The online layer

It’s as if everyone’s talking about a new continent that recently rose up from the sea – uncharted territory or “Neuland”, in the much-mocked phrasing of German chancellor Angela Merkel. In reality, what they’re referring to is an online layer that augments the offline world, thanks to the physical infrastructure that is the internet.

The problem with “cyberspace” is that the word suggests a place where different rules apply, and as such it can be misleading. We all need protection from theft and fraud, whether it takes place online or offline. If we’re tracked and spied upon in the online layer, the effect is similar (though more surreptitious) to being stalked around town and in the living room. Online harassment can be as painful as being menaced in the street. We cannot allow the impact of rights violations to be downplayed because they take place online, and we create such a risk by referring to the online world as another, less immediate place.

The need to abandon the false digital dualism embodied in the term “cyberspace” (hat tip to Nathan Jurgenson and PJ Rey) becomes more urgent as everyday items become connected to the internet. To appreciate how anachronistic the word has become, consider whether your fitness tracker or smart thermostat exists in cyberspace or the real world. When leaked NSA documents talked about strong decryption capabilities as the “price of admission for the U.S. to maintain unrestricted access to and use of cyberspace,” that wasn’t about mastering Neuland. It was about being able to access and exploit the entire connected world, smart homes and all.

[pullquote person=”” attribution=”” id=”913012″]The problem with “cyberspace” is that the word suggests a place where different rules apply, and as such it can be misleading.[/pullquote]

Of course, the online layer is a deeply complex and occasionally paradoxical concept that requires much philosophical digestion and even more political adjustment. For one thing, it’s a layer that spans discrete jurisdictions while lacking inherent borders, creating a conundrum that’s exemplified in Europe’s “right to be forgotten”. Whether it’s a good idea or not, Europe has the right to tell Google to remove certain links from its results within its territory, but it doesn’t have the right to make Google remove those links outside the EU.

At the same time, the technical reality of the online layer makes it difficult or perhaps impossible for Google to meaningfully enforce its right in Europe without applying it globally, because the layer’s borderless nature makes circumvention far too easy. Is there an easy answer to this? Not without some kind of New World Order. But reality is complex — we’ll probably need carefully drafted international treaties to manage this issue — and the reductiveness of a concept like “cyberspace” won’t help us get where we need to go.

Give and take

“Cyberspace” denotes a place but, if anything, it’s about the elimination of spatial concerns as we socialize, collaborate and work together across the world. As such, it’s an awkwardly-named property of the online layer — related to the shared “internet commons” idea — rather than a good descriptor for the layer itself. It’s only one property among many; the online layer still remains tied to the framework of the nation state, with all its political and legal implications, and so it must for now. Citizens of a particular country can’t live under one set of laws and norms offline, and another online.

Minecraft Reality augmented reality app

Minecraft Reality augmented reality app

The information ethicist Luciano Floridi refers to the “onlife experience” as the state in which we are increasingly living. There’s a lot of value in that concept, though we’re not really there yet. The online and offline layers are inextricably bound, but there’s still a lot of friction that will have to be resolved.

Governments and others whose nature and ideas are rooted in offline structures may want the online layer to conform to those, but its technical properties require the fundamental rethinking of many offline social and legal concepts. What does “theft” mean in the online sense, where the original copy of the “stolen” data remains in place? How do social norms around not listening in on or butting into private conversations in a public space apply on Twitter?

At the same time, the connected world is something that’s being shaped by us, and the technical nature of its online layer will ultimately be tempered by our choices and needs. For example, the corporate spying that funds the current free-services model may have to be reined in to respect our inherent right to privacy, even though our understanding of privacy will inevitably adapt to exploit the potential of pervasive connectivity. There will be a lot of give and take.

We have a long way to go before the online and offline layers coexist in “onlife” harmony, and at that point we may as well just call it “life.” But that’s the end state we’re aiming for, and if we’re going to build it with conceptual clarity, then we need to abandon the idea of “cyberspace” and the baggage it’s accumulated since William Gibson coined it (with little semantic intent) over three decades ago.

It’s all the real world now.

UK’s Cameron wants Obama to take his side in new crypto war

British Prime Minister David Cameron is reportedly set to ask President Barack Obama to apply pressure to U.S. tech firms that offer fully encrypted communications, to compel them to break the encryption to aid investigations.

Cameron said a few days ago that, if re-elected in May, he will “not allow modern forms of communication to be exempt from the ability, in extremis, with a warrant… to be exempt from being listened to.”

After people drew the logical conclusion that this meant banning communications that use strong, end-to-end encryption, Cameron’s office gave off-the-record briefings claiming he was misunderstood and would not ban encryption or encryption-using internet companies from plying their trade in the U.K., but that he was rather talking about using existing powers and getting communications providers to comply with existing laws.

Nice try. “Getting providers to comply” is in line with what British intelligence chiefs have been calling for – the backdooring of services such as [company]Facebook[/company]’s WhatsApp and devices such as [company]Apple[/company]’s iPhone, to which the companies themselves cannot currently hold the keys. If the companies are forced to do this, it still effectively amounts to banning proper strong encryption, because it would force the companies to abandon or break such technology. (And even if this happens, tools such as PGP that have no underlying company to serve with a warrant will still let people communicate in secret.)

But anyway, this much has been pointed out before — see the earlier crypto wars — and no doubt will again. So Cameron is in Washington on what was meant to be an electioneering “pose with Obama” trip, before its nature was altered by last week’s Paris attacks. According to reports in the Guardian and Wall Street Journal, Cameron wants Obama to “more publicly criticize” Facebook and the like for rendering court orders pointless.

The U.S. Department of Justice also wants backdoors, and it’s trying to use an 18th-century federal law called the All Writs Act to compel Apple to aid criminal investigations involving encrypted iPhones. At the same time, though, Obama is under pressure from the other side. Companies such as Facebook are furious that Edward Snowden’s revelations of NSA surveillance have damaged the image of U.S. tech firms in the eyes of the world and weakened internet security in general – hence the fact that WhatsApp now offers end-to-end encryption to users of its Android app.

According to the WSJ, in addition to urging Obama to pick sides, Cameron also wants companies such as Facebook to “proactively monitor their users to spot budding national security threats.”

The U.K. is already demanding that these companies store and offer up records of users’ communications metadata – a mass surveillance program covering who contacted whom and when, as opposed to the contents of communications that Cameron now wants for targeted investigations. This became part of British law (albeit only until the end of 2016) thanks to the “emergency” Data Retention and Investigatory Powers Act (DRIPA) that was rushed through in July 2014.

The Counter-Terrorism and Security Bill, which is currently going through the legislative process in Parliament, would also compel online communication service providers such as Facebook to keep data showing who used which IP address and at which point in time, so that the U.K. authorities can more accurately identify people who break the law online.

UK’s Cameron won’t “allow” strong encryption of communications

The British prime minister David Cameron has suggested that if his Conservative Party wins the upcoming general election, it will not allow encrypted communications that cannot be read by the security services.

On Sunday, Cameron told ITV News: “I think we cannot allow modern forms of communication to be exempt from the ability, in extremis, with a warrant signed by the home secretary, to be exempt from being listened to. That is my very clear view and if I am prime minister after the next election I will make sure we legislate accordingly.” He repeated the sentiment again on Monday (video embedded below.)

The Tory leader has already said that he wants to bring back the Communications Data Bill, a.k.a. the “Snooper’s Charter,” if his party wins the upcoming general election in May. This is not news as such; the only reason the bill is on ice is that the Conservatives’ current coalition partners, the Liberal Democrats, refuse to allow it to be tabled. (The Lib Dems did, however, allow the “emergency” passage of the DRIP Act, which brought in the main planks of the Snooper’s Charter – mandatory data retention for various kinds of internet communications – on a temporary basis.)

However, the Tories’ rhetoric has predictably ramped up in the wake of the Paris killings. The idea of banning secure communications is a recent development (though it follows on from the frustration of U.K. intelligence chiefs) and is utterly flawed. Even armed with a warrant from the Home Secretary, security services would be stymied by a basic WhatsApp text chat, an email exchange properly encrypted using PGP, or an [company]Apple[/company] iMessage or FaceTime conversation – all of which use end-to-end encryption.

These, we must assume, would be the services that Cameron would not “allow” if voted back in. However, it is hard to see the British government succeeding in stopping the use of such tools. Even if (a big “if”) the government got some kind of concession from the big commercial players (key escrow?), systems such as PGP don’t even have a centralized company behind the curtains. And then there’s the issue of anonymity — monitoring the communications of someone using the anonymized browsing tool Tor, for example, is difficult to say the least. Would online anonymity also be banned?

It’s just not a sensible idea, but that doesn’t always stop the introduction of new laws. Labour leader Ed Miliband, the head of the opposition, has said he would resist the immediate reintroduction of the Snooper’s Charter and would give a “cautious and considered” response to security chiefs asking for more powers. That doesn’t mean he won’t cave in — Labour has a bad record on this stuff, and the current government took power in 2010 promising to “reverse the substantial erosion of civil liberties under the Labour government and roll back state intrusion.” But, particularly after Snowden, this is clearly going to be a live issue on the campaign trail.

https://www.youtube.com/watch?v=u_kqM0gn63M

Charlie Hebdo murders are no excuse for killing online freedom

There’s been a predictable split in the reactions to Wednesday’s slaughter of the staff of French satirical newspaper Charlie Hebdo, along with others including police who were trying to protect them. On the one hand, hundreds of thousands of people have rallied in France and across Europe in defiance against those behind this attack on free speech…

… while others have taken a decidedly different tack, using the outrage as a justification for the rolling-back of online civil liberties. This approach was taken by Dan Hodges in the Telegraph, and by the Sun in an editorial arguing that “intelligence is our best defense… yet liberals still fret over the perceived assault on civil liberties of spooks analyzing emails.”

Here’s what Hodges (a well-known admirer of Tony Blair, the British prime minister who was no friend of civil liberties) wrote:

We hear a lot about freedom, and threats to our freedom. We heard about it, for example, when the government asked the Guardian to stop publishing the Snowden files because of the risk to national security. We heard about it last year, when David Cameron announced he was bringing back plans to allow the security agencies to monitor, and retain data on, our electronic communications – the so-called ‘snooper’s charter’. We heard about it in the wake of the Lee Rigby killing, where we [were] told the state would use the murder as an excuse for a further erosion of our liberties.

But those are not real assaults on our freedom. Switch on your TV. You will see and hear what an assault on freedom really looks like…

If one way of stopping obscenities like today is providing the security services a bit more access to our e-mails, we must give it to them. If it means internet providers handing over their records, the records must be handed over. If it means newspapers showing restraint the next time an Edward Snowden knocks on their door, then restraint will have to be shown. Because look who came knocking at the door today.

Hodges must be given credit for at least calling himself a “coward” in that piece, saving time for the rest of us.

I’m not going to go into the rights and wrongs of Charlie Hebdo’s content, much of which I personally found grossly offensive. That, after all, is the publication’s aim – to make points offensively (to a multitude of targets, it should be noted) and to meet calls for restraint with more proud offense. Freedom of expression is an essential civil liberty, not only in France, but across much of the democratic world. It was set out in the Declaration of the Rights of Man and of the Citizen, which emerged from the French Revolution in 1789, and it is today enshrined on an international level in the International Convention on Civil and Political Rights (ICCPR) .

The ICCPR’s signatories, including France, the U.K. and most of the world, have also pledged to ensure that “no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence.” Yes, this is a right that needs to be balanced against others, most notably the right to security, but arguably no calculation of that balance can justifiably permit mass surveillance.

To quote last year’s report on online mass surveillance by Ben Emmerson, the U.N.’s special rapporteur on the protection and promotion of human rights while countering terrorism:

International human rights law require States to provide an articulable and evidence-based justification for any interference with the right to privacy, whether on an individual or mass scale. It is a central axiom of proportionality that the greater the interference with protected human rights, the more compelling the justification must be if it is to meet the requirements of the Covenant. The hard truth is that the use of mass surveillance technology effectively does away with the right to privacy of communications on the Internet altogether. By permitting bulk access to all digital communications traffic, this technology eradicates the possibility of any individualized proportionality analysis.

Apart from the fact that mass surveillance hasn’t been shown to work – France’s extensive surveillance regime, expanded just weeks ago, clearly failed in this case – it is no way to protect freedom of expression. It is a tool for chilling free speech, of dissuading people from speaking their minds, and the same British government that wants to introduce the “snooper’s charter” is also working to stop its citizens from seeing extremist material online, by getting ISPs to filter out such content. It is cracking down on free expression on social media, leading the police there to tweet things like this:

It forced the Guardian‘s editors to destroy computers holding copies of the Snowden cache with angle grinders, for whatever that was worth. And the Sun, so keen on Blair’s Regulation of Investigatory Powers Act (RIPA) this week, recently made an official complaint about the police using the mass surveillance law to spy on its journalists and their sources in a case that was embarrassing the government.

After a cartoon featuring Mohammed led to the firebombing of Charlie Hebdo’s offices in 2011, editor Stéphane “Charb” Charbonnier famously said: “It perhaps sounds a bit pompous, but I’d rather die standing than live on my knees.”

On Wednesday, Charb died for liberty. To suggest that the correct response is the curtailment of liberty — to effectively argue that terrorism should be met with fearful capitulation — is more offensive than anything he ever published.

UK to stop its citizens seeing extremist material online

The move comes more than a year after the British government said it would force ISPs to filter out extremist and terrorist material. It seems the ISPs caved in after lengthy negotiations, though details remain fuzzy.

Stop crowing, London: it’s time to step it up

The British government’s constant adulation of the London startup scene reached its culmination this week with the news of a huge new redevelopment project. But the reality is that many of Britain’s smartest innovators are locked inside government and the rest look increasingly like poseurs.